SUMMARY

• Overall 12+ years of experience in IT profession within Information Security Engineer, Web development and various other domains such as Web Application management, vulnerability assessment, Network Assessment, penetration testing and report generation.
• Working knowledge of OWASP Top 10 and SANS Top 25 software guidelines, Federal Financial Institutions Examination Council's (FFIEC) regulations, including Payment Card Industry (PCI - DSS), Sarbanes-Oxley Section 404 (SOX), The Penetration Testing Execution Standard methodologies and Open Source Security Testing Methodology Manual (OSSTMM)
• Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE)
• In-depth knowledge of SAST and DAST for web applications and mobile applications.
• Threat modeling of the Project by involving before development and improving the security at the initial phase.
• Conducted security assessments for external and internal web applications including N-tier apps, single page web application (SPA), API and web services ( SOA )
• Experience in using various debuggers, fuzzers, scanners, analyzers, exploit frameworks and proxies to examine, identify vulnerabilities and known exploits in web application, mobile and networks.
• Extensive experience in detecting OWASP top 10 and SANS Top 25 including SQL injection, XML injection, XSS, Cross-Site Request Forgery (CSRF), weak cryptography, Buffer Overflow fuzzing as well as other techniques to obtain command prompts on the servers, PDF exploits, HTTP response splitting attacks, web services vulnerabilities, Cookie Tampering, Data tempering, business logic flaws and authentication flaws etc.
• Performed security assessments through the usage of wide variety of penetration tools including open source and commercial tools.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and GSEC prioritizing them based on the criticality.
• Validate and support vulnerability findings by identifying and dealing with false positives.
• Contributed as a peer to information security vulnerability management policies, procedures, and standards as needed.
• Familiarity with the use of and/or analysis of reports from various industry standard
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Experience with Internet/Intranet Networking Protocols and Services.
• Worked as a key member in streamlining security processes, design and implement efficient security solutions achieving security efficiency.
• Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
• Good understanding of evading techniques for Web Application Firewall, IDS and IPS
• Conducted presentations to the upper management, project technical lead and information security lead.
• Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.
• Participate in meetings with the developers, QA and the management team.

TECHNICAL SKILLS

Software & Tools: Acunetix, Appdetactive, BeEF, Burp Suite, Cain and Abel, Canvas, Core Impact, DirBuster, Dradis, Etthercap, HP Fortify,HPE Archsight, Hydra, IBM Appscan, IronWAS, John the Ripper, Kali Linux, Lophtcrack, Maltego, Metasploit, Mutational, Nessus, NETCAT, Netsparker, Fuzzers, Nexpose, Nikto, NMAP/Zenmap, OpenVAS,OWASP ZAP, Qradar, Qualysguard,Retina, RFuzz, Secure Shell, SET Snort (SSH), SOAPUI, Splunk, SQLMap, Superscan, TCPDump, True Crypt, w3af, Wapiti, WATOBO, WebScarabNG, Wireshark

Programming Languages: Ruby and Rail, ASP, Java/J2EE/Spring/FTL, VB, .NET, C/C#/C++, Python, Bash, JavaScript, XML, HTML, CSS, JSON

Platforms: Linux, Windows XP, Windows 2003, 2008, Windows 7, Windows 10, MAC OS

Web Servers: Apache Tomcat, Nginx, Jboss and JRun, IIS, Websphere

Protocols: Dynamic Host Configuration Protocol DSN Data Source Name HTTP Hypertext Transfer Protocol ICMP Internet Control Message Protocol IP Internet Protocol POP3 Post Office Protocol version 3 SSL Secure Sockets Layer TCP Transmission Control Protocol UPD User Datagram Protocol Address Resolution Protocol, Domain Name Service, File Transfer Protocol, Internet Message Access Protocol, ICMP Router-Discovery Protocol, Internet Relay Chat Protocol, Simple Mail Transfer Protocol, Secure Shell, TCP/IP Terminal Emulation Protocol

PROFESSIONAL EXPERIENCE

Application Security Engineer

Confidential

Responsibilities:

• Familiar with various approaches to Grey & Black box security testing.
• Finding effective ways of manipulating the vulnerable domains of the systems.
• Maintaining high level of security of the information that is crucial for the business growth of the organization.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Utilized common security tools dynamic and static analysis to evaluate the security of target systems and applications.
• Experience in finding - SQL injection, XML injection, techniques to obtain command prompts on the servers, PDF exploits, HTTP response splitting attacks, LFI, RFI, CSRF and web services vulnerabilities using various tools (commercial and open source).
• Exploited the logic flow of web application and recommend mitigation to the findings.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Brute force assessment to insure strong passwords requirement.
• Good Experience in exploiting the recognized vulnerabilities in web applications.
• Performed, reviewed and analyzed security vulnerability data to identify applicability and false positives
• Used CVSS Scores to create reports demonstrating the severity of the existing vulnerabilities and was helpful to prioritize the course of implementation depending on the severity of the vulnerabilities.
• Participated in the development of IT risk assessments for enterprise applications.
• Remediation planning and implementation
• Proficient in analyzing different security threats to organizations by identifying the indicators.
• Analyzing the enterprise's information security environment and recommending security measures to safeguard applications and information assets using threat modeling, OWASP, CWE.
• Provide consultative support with implementation of remediation steps, standards, and best practices.

Security Consultant

Confidential

Responsibilities:

• Review of projects during the SDLC and make actionable recommendations to the project team, understand the technology and bring solutions based on them.
• Performed Web Application Vulnerability Assessment & Threat Modeling, Gap Analysis, secure code review on the applications.
• Performed penetration testing with Kali Linux.
• Performed port scanning of small and large networks.
• Performed wireless vulnerability assessments, including access point detection and WEP cracking
• Responsible for vulnerability scanning with unknown tool for web applications to identify security threats and vulnerabilities.
• Have real time experience in SQL Injection protection, Script Injection, XSS Protection and major hacking protection techniques.
• Vulnerability Assessment includes analysis of bugs in various applications spread across N-tier on various domains by using both manual and Automation tools.
• Manual validating vulnerability findings by identifying false positives.
• Develop and manage vulnerability assessments including development of risk mitigation strategies.
• Performed network Vulnerability Assessments using various network tools.
• Involved in the meetings with the developers regarding the awareness to minimize security risks.
• Created written reports, detailing assessment findings and recommendations.
• Provide both strategic analysis and near real-time auditing, analyzing, investigating, reporting, remediation, coordinating, and tracking of security-related activities for customer

Web Consultant

Confidential

Responsibilities:

• Utilized HTML5, CSS3, and JavaScript to develop user interface for Web Applications.
• Converting designs into responsive, cross browser compatible Web Applications.
• Extensive knowledge of technical terminology, developments, and Interactive Media trends.
• Performed manual testing on different modules of the application.
• Uncommon design talents that enrich static web designs and user experiences into Interactive Media presentations for client involvement.
• Increased user satisfaction by 20% based on customer feedback/surveys.
• Testing for Mobile and Cross Browser Compatibility.
• Used JavaScript Libraries, jQuery and jQuery UI to add functionality to web applications.
• Responsible for ensuring website cross-browser compatibility (IE, Firefox, Chrome,Opera & Safari ), link integrity and overall quality.
• Design, code, test, and implement web and other applications using current standard.
• Perform security assessments and vulnerability scans.
• Analyze data and prepare reports that document vulnerabilities from network based attacks and recommends actions to prevent, repair, or mitigate these vulnerabilities
• Mitigate security vulnerabilities and provide recommendation for client.
• Provide analysis and mitigation support during an active attack.

Web Consultant

Confidential

Responsibilities:

• Designed, constructed, and implemented HTML and JavaScript web applications and website projects using a variety of styles, templates, and custom CSS files, as well as, customized and edited graphics within Adobe Photoshop to meet the project’s needs.
• Managing all aspects of marketing and advertising.
• Conducted search engine optimization (SEO) and search engine marketing (SEM) efforts for clients and employer, including traffic analysis and reporting.
• Responsible for all web site project management and development .
• Created and implemented social media marketing strategy.
• Designed and developed the email marketing campaigns.
• Consistently adhered and adapted to client changes and requests in timely manner
• Trained the management on how to use the content management system to add content and implement new features.
• Managed the backend of the web application to resolve any issues.

Web Consultant and Administrator

Confidential

Responsibilities:

• Design Websites for Small and Medium-Sized Businesses in a Timely and Organized Manner
• Provide a variety of services: website design, development, maintenance, internet marketing and SEO, host and domain management, troubleshooting, and creating visual and written content
• Support and train individuals, small businesses and organizations remotely and in-person to help meet their web and business goals.
• Provided short- and long-term Web strategy for clients
• Update web portal periodically.
• HTML / CSS / Javascript front-end development.
• Assess customer needs, provide assistance and information on product features
• Conducted search engine optimization (SEO) and search engine marketing (SEM) efforts for clients and employer, including traffic analysis and reporting
• Managing search engine campaigns and developing search engine strategies.
• Provided detailed analysis of website traffic from various marketing sources.