SUMMARY

• Experience in Vulnerability Assessment & Penetration Testing (VAPT) and Policy Compliance Assessment.
• Expertise in manual exploitation and mitigating security findings not limited to but including OWASP Top 10 and SANS 25. Expertise in Mobile application security assessment for Android and IOS platforms Expertise in Black Box and White Box penetration tests.
• Threat Modelling, Security Architecture, Vulnerability Detection and Remediation.
• Experience in Network and Infrastructure Security Testing Performed vulnerability scans using HP WebInspect, IBM App Scan, Qualys Guard, Retina, Nessus, Burp Suite, and Metasploit auxiliary modules. Utilized dynamic and static analysis techniques to assess internal and third party applications for Security vulnerabilities. Performed Industry standard vulnerability severity and risk ranking using CWE, CVSS.
• Performed static code analysis using Fortify, IBM AppScan Source & Checkmarx. Reverse engineered third party applications and developed proof of concept exploits. Assist developers in remediation efforts. Static, Dynamic & Forensics analysis for Mobile based applications.
• Threat modelling the new features and design controls to ensure web & mobile applications are secure. Provide security proficiency in authentication, authorization, audit, secure storage, encryption, input validation, and secure databases communication.
• Review application architecture and make recommendations to improve the enterprise security posture. Integrate assessments with the SDLC and project management cycles. Experienced in implementing security automation and familiarity working with global security community. Empowered delivery team resources by promoting application security awareness and standards through training, hacker - thons, mentoring and vulnerability demos.
• Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation. Experience with small to medium team management, Effort Estimation etc. Experienced at mentoring and communicating goals and other corporate initiatives and driving to results

TECHNICAL SKILLS

Operating Systems: Linux and Windows

Programming Languages: . Net(C#), Java,PHP

Security Architecture/Threat Modeling: Microsoft Threat Modeling Tool(TMT), Poirot

Source Code Analysis Tools: HP Fortify, IBM App Scan Source, Veracode, Checkmarx

Dynamic analysis tools: IBM App Scan, HP WebInspect, Retina, Acunetix, Netsparker

Network Security testing Tools: Nmap, Metasploit, Nessus, Qualys Guard, SSLDigger, SSLSmart, SSLScan, Snort, Wireshark, Kalilinux

Proxy Tools: Burp Suite, ZAP Proxy, Paros

WebServices API testing: Soap UI, Postman

PROFESSIONAL EXPERIENCE

Technical Specialist

Confidential

Responsibilities:

• Performing Black/Grey/White box testing of the REST APIs using open source tools and App Spider tools.
• Performing Risk assessments based upon the design discussions.
• Collaborating with development team to remediate the vulnerabilities identified.
• Performing Privacy Risk assessments for the HSDP programs.
• Performing manual penetration testing to exploit and mitigate security threats such as XSS, CSRF, SQL Injection, Buffer Overflows and DOS Attacks etc.,
• Designing robust & secure application architecture.
• Getting involved in agile development model and involve in all the phases.
• Leading the security assessment team and assessing the team wherever needed.
• Preparing the threat model, Test Plan, RMM and Test Execution Reports.
• Getting involved in the CAB calls and incident Management to assist in Production issues.
• Training the Dev/business team in Security Testing.

Confidential

Senior Security Specialist

Responsibilities:

• Performing Black/Grey/White box testing.
• Performing Static source code analysis using HP Fortify, Veracode, IBM AppScan Source.
• Collaborating with development team to remediate the vulnerabilities identified in web or mobile based applications.
• Performing Dynamic vulnerability assessments using HP WebInspect, IBM App Scan and Acunetix.
• Performing Network Penetration testing using Qualys Guard, Nessus etc.
• Performing manual penetration testing to exploit and mitigate security threats such as XSS, CSRF, SQL Injection, Buffer Overflows and DOS Attacks etc.,
• Designing robust & secure application architecture.
• Performing Mobile Application Security Assessment including Android & iOS platforms.
• Performing port/SSL version scans using Nmap and SSLScan respectively.
• Communicating identified vulnerability findings with clients/customers and remediating appropriate mitigations.
• Assessing and risk classification of identified vulnerabilities based on the security impact, likelihood and business risks.
• Preparation of Test Setup, Security Test Area Coverage definition, Test Plan and Test Cases for new features/implementation.
• Evaluate how the application protects data in use, in transit, and at rest.

Confidential

Responsibilities:

• Performing Black/Grey/White box testing.
• Performing Static source code analysis using HP Fortify.
• Collaborating with development team to remediate the vulnerabilities identified in web or mobile based applications.
• Performing Dynamic vulnerability assessments using HP WebInspect, IBM App Scan and Acunetix.
• Performing Network Penetration testing using Qualys Guard, Nessus etc.
• Performing manual penetration testing to exploit and mitigate security threats such as XSS, CSRF, SQL Injection, Buffer Overflows and DOS Attacks etc.,
• Designing robust & secure application architecture.
• Performing Mobile Application Security Assessment including Android & iOS platforms.
• Performing port/SSL version scans using Nmap and SSLScan respectively.
• Communicating identified vulnerability findings with clients/customers and remediating appropriate mitigations.
• Assessing and risk classification of identified vulnerabilities based on the security impact, likelihood and business risks.
• Preparation of Test Setup, Security Test Area Coverage definition, Test Plan and Test Cases for new features/implementation.
• Evaluate how the application protects data in use, in transit, and at rest

Confidential

Responsibilities:

• Performed Policy Compliance scanning and Vulnerability scanning using Qualys Policy Compliance Module
• Scanning 5 million + hosts for compliance
• Mapping the network, identifying the devices and classifying them based on the type of hosts.
• Identifying and mapping the policies exported from Symantec CCS into Qualys PC
• Provided suggestions for process optimization to run scans in a small scan window
• Mentoring and guiding new team members
• Generated compliance reports
• Performed Code Review and Web Application Penetration testing.
• Performed Code Review using HP Fortify tool
• VAPT performed using IBM Appscan, Netsparker
• Filtering out false positive from tool generated reports and prepared an interim executive summary report based on the identified vulnerabilities

Confidential

Responsibilities:

• Performed manual exploitation and mitigating security issues as per OWASP Top 10 and SANS 25 policies.
• Performed Dynamic vulnerability assessments using HP WebInspect, IBM App Scan, Netsparker.
• Perform Code Review and Web Application Penetration testing.
• Performed Code Review using HP Fortify tool
• Perform DAST and SAST testing in all towers of the project
• Filtering out false positive from tool generated reports and prepared an interim executive summary report based on the identified vulnerabilities
• Performed manual penetration testing to exploit and mitigate security threats such as XSS, CSRF, SQL Injection, Buffer Overflows and DOS Attacks etc.
• Performed manual static code analysis during code development.
• Performed port/SSL version scans using Nmap,Nessus and SSLScan respectively.
• Communicated identified vulnerability findings with clients/customers and remediating appropriate mitigations.