SUMMARY

• 10+ years of experience in teh IT industry dat includes requirement analysis, coding, design and security assessment of web, native & mobile applications.
• Hands on experience in Vulnerability Assessment and Penetration Testing of Web and Mobile Applications.
• Experience in working wif Fortify 360, IBM Source Edition, Veracode and Checkmarx for Source Code Review.
• Experience in working wif leading vulnerability assessment tools like IBM AppScan, HP Web Inspect, QA Inspect for web applications.
• Experience in working wif vulnerability assessment tools like apktools, emulators for mobile web & native applications.
• Experience in working wif Rapid7 and Nessus on analyzing vulnerabilities on Network Devices/Infrastructure Components.
• Experience in working wif iOS and android mobile device based vulnerability assessment/penetration testing.
• Expertise in analyzing logs for potential issues using SIEM tools like HP ArcSight, Splunk Enterprise Security.
• Experience in working wif application development team to halp them understand teh vulnerability and provide recommendations to fix teh vulnerabilities identified on both teh source code and dynamic assessments.
• Expertise on Continuous Integration and Deployment Pipeline utilizing tools including Jenkins,TeamCity.
• Excellent understanding & implementation of security into SDLC via application requirements gathering, design review/threat modeling, secure code review & vulnerability assessment. Develop Secure Code Review - SCR Checklist based on teh Corporate Standards and Industry best practices, Security Policy and Awareness.
• Experience in working wif various standards compliance like PCI, HIPPA, NIST, CWE and OWASP Top 10.
• Extensive experience and lead from teh front in evaluation and rolling out technology services/products like mobile security testing (android & iOS), web application firewall, log analysis, vulnerability assessment tools evaluation (Cenzic Hailstorm, Checkmarx).
• Extensively worked on business consulting activities like responding to RFI, RFP & drafting SoWs.
• Offered security awareness training for different project teams comprises of executives, architects & developers.
• Excellent understanding of teh tools and techniques used for assessing compliance of applications to industry standards.
• Coordinating wif teh multiple application teams/clients/onsite teams for security testing, status updates and report presentation.
• Good Experience working wif various software development methodologies including Agile, Iterative and Waterfall.
• Involved in teh security aspects of Banking, Insurance, Pharmaceutical, Finance and HealthCare projects.
• Interfaced wif business teams for consulting activities to provide viable solutions for business scenarios.

PROFESSIONAL EXPERIENCE

Confidential, Alpharetta - Georgia

Senior Application Security Consultant

Responsibilities:

• Analyzing user requirements and defining testing specifications.
• Coordinating vulnerability assessment and penetration testing of web and mobile applications.
• Completing static source code analysis using tools IBM AppScan and HP Fortify.
• Performing security code reviews of source code of critical in house and third party business applications before deployment to production.
• Performing secure code review/analysis for applications hosted on cloud.
• Integrating application build process in CI/CD pipeline using Jenkins.
• Collaborating wif other security team members to assist in teh improvement of dynamic analysis (AppScan & Manual Penetration Testing) process.
• Developing and integrating security into SDLC via application requirements gathering, design review, threat modeling, secure code review and vulnerability assessment.
• Developing tools to support teh cataloging and documentation of vulnerabilities discovered during security code reviews.
• Analyzing identified security vulnerabilities and providing recommendations to fix teh vulnerabilities identified on both teh static and dynamic assessments.
• Maintaining knowledge of latest vulnerabilities to remain focused on improving teh security of application software.
• Writing reports suggesting remediation techniques to remedy security problems uncovered during analysis.

Confidential, San Antonio - Texas

Senior Application Security Consultant

Responsibilities:

• Perform Static Application Security Testing (Secure Code Review) using HP Fortify for web based applications.
• Perform Dynamic Application Security Testing for web, mobile & thick client applications.
• Perform Network/Infrastructure assessment for teh network devices associated wif teh applications.
• Perform vulnerability assessment on both android & iOS mobile applications.
• Perform threat modeling to identify teh vulnerabilities and define countermeasures to prevent/mitigate teh TEMPeffects of threats to teh application.
• Provide recommendations to teh development team to fix teh identified vulnerabilities.
• Review technology frameworks and provide guidance to teh business.

Confidential, Houston - Texas

Senior Software Security Assurance Engineer

Responsibilities:

• Perform Static Application Security Testing (Secure Code Review) using HP Fortify for web based applications.
• Perform Dynamic Application Security Testing for web, mobile & thick client applications.
• Perform Network/Infrastructure assessment for teh network devices associated wif teh applications.
• Perform vulnerability assessment on both android & iOS mobile applications.
• Coordinate wif application development teams to halp them fix teh identified vulnerabilities.
• Perform Penetration Testing of Web Applications utilizing White-Hat.
• Recommended best practices for securing teh application based on PCI standards.
• Support development teams and provide recommendations to fix teh vulnerabilities.
• Monitor and track teh vulnerabilities identified using tracking tools.

Confidential, College Station - Texas

Associate Consultant

Responsibilities:

• Perform Static Application Security Testing (Secure Code Review) using HP Fortify & IBM AppScan Source Edition.
• Perform Dynamic Application Security Testing using IBM AppScan Standard Edition, HP Web Inspect, Burp Professional.
• Perform Network Vulnerability Assessment using Nessus/Qualys Guard.
• Perform android & iOS mobile application vulnerability assessment using open source & commercial tools.