SUMMARY

• Over 7 years of experience in IT industry specialized in Information Security.
• Experience in implementing security in every phase of SDLC. Have hands - on experience in application security, vulnerability assessments and OWASP along with different security testing tools.
• A Certified Ethical Hacker.
• Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internets facing point of sale web applications and Web services.
• Capable of identifying flaws like Injection, XSS, Insecure direct object, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Unvalidated redirects.
• Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, Sqlmap, OWASP ZAP Proxy and HP Fortify.
• As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modeling, Security awareness sessions.
• Reporting the identified issues in the industry standard framework.
• Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
• Experience in software Licensing audit.
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
• Good knowledge in programming and scripting in asp, Java.
• Ability to work in large and small teams as well as independently.

TECHNICAL SKILLS:

• Paros Proxy
• Wappalyzer
• Live HTTP Header
• Tamper data
• Flagfox
• BurpSuite
• WebScarab
• SOAPUI
• DirBuster
• YASCA
• HPWeb Inspect
• Sqlmap
• Nikto
• Metasploit
• Kali Linux.

PROFESSIONAL EXPERIENCE

Confidential, Columbia, MD

Security Consultant

Responsibilities:

• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Good Knowledge on BCP(Business Continuity Planning).
• Good knowledge on DR(Disaster Recovery).
• Security testing of APIs using SOAP UI.
• Experience in using Kali Linux to do web application assessment with tools like Dirbuster, Nikto, and Nmap.
• User ID reconciliation on quarterly basis.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
• Threat modeling of the Project by involving before development and improving the security at the initial phase.
• STRIDE assessment of the applications during the design phase, identifying the threats possible and providing security requirements. the development team on the most common vulnerabilities and common code review issues and explaining the remediation’s.
• Good knowledge in programming and scripting in .net, Java.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Ensuring SDLC to be a Secure SDLC.

Environment: Java, MySQL, Asp, MSSql.

Confidential

Security Consultant

Responsibilities:

• Automated Scan of different projects on weekly basis using Acunetix to ensure the changes does not reflect any new vulnerability.
• Static Code analysis using HP Fortify to identify the vulnerabilities in the applications.
• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities and SANS 25.
• Access control check to identify the privilege escalation issues on various roles and ensuring the closure by overall framework implementation.
• Burp suite to identify issues like sql injection, XSS, CSRF etc.
• Penetration testing of various applications to identify issues in various categories likes Configuration Management, Session Management, Sensitive data handling.
• Provide the report and explain the issues to the development team
• Provide remediation steps to the team and follow up
• Retest the fixed issues and ensure the closure
• Perform secure code review of the code base.
• Train the development team on explaining the security vulnerabilities in the form of security awareness sessions by explaining the security requirements prior to development.

Environment: Java, .Net, Oracle DBA.

Confidential

Security Consultant

Responsibilities:

• Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests.
• Perform threat modelling of the applications to identify the threats.
• Identify issues in the web applications in various categories like Cryptography, Exception Management.
• Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defense in depth.
• Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, Tamper data.
• Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
• Providing remediation to the developers based on the issues identified.
• Revalidate the issues to ensure the closure of the vulnerabilities.

Environment: Java Script, Python, MySQL.