SUMMARY:

• An experienced IT professional with 8 years of experience in Software Testing including 5 years of experience in Information Security
• Good knowledge and understanding of Software Development Lifecycle (SDLC) and Software Testing Lifecycle (STLC) for different development methodologies.
• Involved in SDLC to ensure security controls are in place
• Experience in implementing security in every phase of SDLC
• Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Unvalidated redirects.
• Hands on experience finding SQLi, Cross Site Scripting
• Good knowledge on IBM Appscanto enhance the web application security.
• Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP proxy, NMap, Nessus, IBM AppScan enterprise, Kali Linux, Metasploit
• Have good working experience on various tools for Vulnerability assessment like DirBuster, Burp Suite, NMap, Nessus, Kali Linux, SQL MAP
• Reporting the identified issues in the industry standard framework.
• Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Experience in Penetration Testing with different application on different domains
• Good understanding and experience for testing vulnerabilities based on OWASP Top 10
• Proficient in Manual Testing (Functional) and Automation Testing using Selenium WebDriver and Java
• Well versed with Object Oriented concepts
• Good knowledge of frameworks like Data Driven, Junit.

TECHNICAL SKILLS:

Tools: NMap,, Kali Linux, Live HTTP Header, Tamper Data, SOAP UI, Wappalyzer, Selenium IDE, Selenium Web Driver

Vulnerability Scanners: IBM AppScan, Nessus, Acunetix, BurpSuite, DirBuster, SQL MAP, HP Web Inspect

Exploitation Tools: Meta Sploit, SQL MAP

Programming Languages: Java, Php

Scripting Languages: HTML, CSS, XML, JavaScript

Operating Systems: Windows, Kali Linux

Database: MySQL, MS SQL, Oracle

PROFESSIONAL EXPERIENCE:

Confidential, Austin, TX

Application Security Tester

Responsibilities:

• Black box penetration testing on internet and intranet facing applications.
• Responsible for Vulnerability Assessment and Penetration Testing.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.
• Security assessment on web application to identify vulnerabilities in different categories like Authentication, Authorizing and Input data validation.
• Vulnerability assessment for applications used in the organization using Burp Suite, HP Web Inspect.
• Preparation of risk registry for the various projects and coordination with the development team to ensure the reported vulnerabilities is taken care of.
• Security Testing of API’s using SOAP UI
• Experience in using Kali Linux to do web application assessment with tools like Dirbuster, Nikto, and NMap.
• Execute and craft different payloads to attack the system to execute XSS and different attacks
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations
• Provided and validated the controls on logging like Authentication logging, profile modification logging, logging details, log retention duration, log location, synchronizing time source, HTTP logging.
• Providing details of the issues identified and the remediation plan to the stake holders.
• Verified the existing controls for least privilege, separation of duties and job rotation.
• Collaborating on cross - team and cross product technical issues with a variety of resources including development to document software defects and customer suggestions.
• Participate in documentation and product review process for new product introductions.
• Contributing to the knowledge base by authoring and editing articles to share current information with team members.
• Good knowledge in programming and scripting in .net, Java.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% closure.

Confidential, CA

Cyber Security Analyst

Responsibilities:

• Performing Security code review for various client applications
• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities
• Access control check to identify the privilege escalation issues on various roles and ensuring the closure by overall framework implementation.
• Identified issues like SQL injection, XSS, CSRF etc using Burp Suite.
• Involved in Vulnerability Assessment & Penetration Testing
• Penetration testing of various applications to identify issues in various categories likes Configuration Management, Session Management, Sensitive data handling.
• Performing WAPT engagements for application based on OWASP Top 10
• Performing VAPT engagements for Internal and External Infrastructure Security testing, social engineering
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports. Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
• Assisting in preparation of plans to review software components through source code review or application security review
• Assist developers in remediating issues with Security Assessments with respect to OSWASP standards
• Providing the report and explaining the issues to the development team.
• Providing recommendations for the detected vulnerabilities to remediation of the security issues and implementation of security policies.
• Perform secure code review.

Confidential, San Jose, CA

Security Engineer

Responsibility:

• Perform threat modelling of the applications to identify the threats.
• Identify issues in the web applications in various categories like Cryptography, Exception Management.
• Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
• In the team, main focus of work was to audit the application prior moving to production.
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests.
• Providing remediation to the developers based on the issues identified.
• Revalidate the issues to ensure the closure of the vulnerabilities.
• Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defense in depth.
• Using various add on in Mozilla to assess the application like Wappalyzer, Flag fox, Live HTTP Header, Tamper data.

Confidential

Security Engineer

Responsibilities:

• Performing Security code review for various client applications
• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities
• Access control check to identify the privilege escalation issues on various roles and ensuring the closure by overall framework implementation.
• Identified issues like SQL injection, XSS, CSRF etc using Burp Suite.
• Involved in Vulnerability Assessment & Penetration Testing
• Penetration testing of various applications to identify issues in various categories likes Configuration Management, Session Management, Sensitive data handling.
• Performing WAPT engagements for application based on OWASP Top 10
• Performing VAPT engagements for Internal and External Infrastructure Security testing, social engineering
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports. Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
• Assisting in preparation of plans to review software components through source code review or application security review
• Assist developers in remediating issues with Security Assessments with respect to OSWASP standards
• Providing the report and explaining the issues to the development team.
• Providing recommendations for the detected vulnerabilities to remediation of the security issues and implementation of security policies.
• Perform secure code review.