SUMMARY:

• Accomplished IT Security professional with 6 years of work experience assisting organizations successfully complete enterprise - wide security projects.
• Proven track record of streamlining security processes, design and implement efficient security solutions, lead and assist multi-disciplined, multi-national teams in achieving security efficiency.
• Experienced in performing risk assessments, penetration testing, and performing network and application vulnerability assessments.
• Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, and Metasploit.
• Interpreted least privilege for applications and segregation of duties.
• Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
• Experienced SME on PCI Standards PCI DSS, HIPAA and SOX compliance and regulatory requirements.
• Broad noledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect, Nikto, DirBuster, Flagfox, Wappalyzer, Live HTTP Header.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Capable of identifying flaws like Injection, XSS, Insecure direct object, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Unvalidated redirects.
• An excellent team player, Inquisitive, good in basic concepts.
• Ability to work in large and small teams as well as independently.
• Thorough understanding of Change, incident and Problem Management procedures applied for implementing the day to day activities
• Develop Python Scripting to consolidate and display customized disk information on RHEL, AIX Systems which saves 80% time and Human efforts.
• Knowledge on Configuring and administration of IPTABLES
• TCP /IP Configuration like assigning IP addresses, configuring network interfaces, Assigning static routes, Hostnames

TECHNICAL SKILLS:

Tools: IBM AppScan Standard Edition, HP Web Inspect, Acunetix, Burp proxy, Paros proxy, Wire shark, Qualys, OWASP, Web Scarab, map, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify, DIR-Buster, Acunetix Web Scanner, SQL Injection Tools, Havij, CSRFTester AND Kali Linux, Fortify, veracoad, Webgoat SSL implementation, RSA implementation, PKI (Public key infrastructure)Encryption algorithms, .NET Framework, Ruby, Perl, PHP, Python Scripting, CSS

Web Technologies: HTML, JavaScript

Platforms: Windows 98/2000/XP/Vista/Windows 7, Windows Server 2000/2003

Database: My SQL 5.0

Packages: MSOffice

Network Tools: NMap, Wire Shark, Nessus

PROFESSIONAL EXPERIENCE:

Confidential, GA

Information Security analyst

Responsibilities:

• Implemented Application Security Program which included an in depth SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) process integrated into Organization.
• Deployed free and Open Source software vulnerability assessment process by establishing governance and process of centralized repositories which the developers leveraged for their Applications.
• Provided Source code analysis for both internal and External Phasing Application on a weekly basis using Tools such as HP Fortify.
• Performed End to End Security Testing flow in the organization.
• Worked on Vulnerability Assessment using Free tools and Manually Tested the Applications.
• Performed Pen Testing on the wide variety of Application.
• Used different scripts to perform Network Analysis.
• Performed Code reviews and help the client resolve the issues on a daily basis.
• Performed Secure code analysis and Tested Applications.
• Full Blown Vulnerability Assessment using Nessus Scan.
• Performed various scans in such as Basic and advanced Scans and check for vulnerabilities and then map them with NIST control Families.
• Reporting the identified issues in the industry standard framework.
• Perform Patch Management.

Confidential, Atlanta, GA

Security Analyst

Responsibilities:

• Understanding the business requirements across line of business, Architecture landscape, Existing security controls, to propose applicable security assessments
• To support and participate in Governance and showcase the road map for improvement.
• Provide on Standards and guidelines to the Cyber security and Development teams.
• To come up with a pen testing lab where you can demonstrate and practice zero-day exploits.
• To design and highlight the threats during the design phase of software development
• To come up with Vulnerability management program for Mobiles/Application/Infrastructure.
• To streamline the process in accordance with various software process models
• Perform Application Security assessments with multiple open source and commercial tools.
• To Integrate Static analysis (code reviews) in accordance with OWASP into SDLC
• Mobile Application Security assessments on Native, Web & hybrid android applications
• Vulnerability Management and Patch Management.
• Penetration testing of Infrastructure components, servers and mobile devices.
• Analyzing incident / event logs and providing recommendations.
• Analyzing and customizing firewall rule sets.
• Vulnerability Research & Discovery.
• Vulnerability management and Patch management.
• Compilation of Final Report.
• Perform pen tests on different application a week
• Automated Scan of 5 different projects on weekly basis using IBM AppScan to ensure the changes does not reflect any new vulnerability.
• Static Code analysis using HP Fortify to identify the vulnerabilities in the applications.
• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities and SANS 25.
• Access control check to identify the privilege escalation issues on various roles and ensuring Performing Vulnerability Assessment using Nessus.
• Work with the Development team to provide fix recommendations for Vulnerabilities identified.

Confidential, Seattle, WA

Security Engineer

Responsibilities:

• Conducted security assessment of PKI Enabled Applications.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests.
• Conducted application penetration testing of 90+ business applications
• Performed the gap analysis to identify scenarios like privilege escalation.
• Verified the existing controls for least privilege, separation of duties and job rotation.
• Ensure the issues identified are reported as per the reporting standards.
• Security testing of APIs using SOAP UI
• Conducted detailed risk assessments by analyzing documents, statistics, reports
• Acquainted with various approaches to Grey & Black box security testing
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes & challenges.
• Real-time Analysis and defence.
• Vulnerability assessment (VA), Security policy, and network and security audit.
• Configuration and management of Cisco IDS, Checkpoint firewall, Snort.
• Good noledge of network and security technologies such as Firewalls, TCP/IP, LAN/WAN, IDS/IPS, Routing and Switching.
• Monitor, Analyse and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.

Confidential, MD

Security Engineer

Responsibilities:

• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities and SANS 25. the development team on the secure coding practices.
• Black box pen testing on internet and intranet facing applications.
• OWASP Top 10 Issues identifications like SQLi, CSRF, and XSS.
• Preparation of risk registry for the various projects in the client.
• Providing details of the issues identified and the remediation plan to the stake holders.
• Grey Box testing of the applications.
• Verified the existing controls for least privilege, separation of duties and job rotation.
• Involved in a major merger activity of the company and provided insights in separation of different client data and securing PII.
• Identification of different vulnerabilities of applications by using proxies like Burp suite to validate the server-side validations.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations.
• Execute and craft different payloads to attack he system to execute XSS and different attacks.
• SQLmap to dump the database data to the local folder.
• Verify if the application TEMPhas implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defense in depth.
• Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, Tamper data.