Objective

• To further develop my career as Penetration Tester.

Work Experience

Confidential

Web Application Penetration Tester

• Performs white box security assessments to identify the client’s strengths and weaknesses in their web applications.
• Generates security reports on findings on the identification of vulnerabilities and offers remediation procedures to the client.
• Educate clients on best practice methodologies to harden their systems and minimize future attacks.

Technologies Used – MetaSploit, BackTrack Operating System, Burp Suite, Splunk, Nessus, FoundStone, ASP .NET, Perl, Python, C/C++, assembly, bash, PHP, HTML

Confidential

Test Automation Engineer

• Participates in Scrum planning and estimation.
• Helps define acceptance criteria.
• Develops test strategy for each Sprint.
• Creates and updates test data and scripts (automated, manual, SQL).
• Execute Automated Tests

Technologies used - Agile Scrum Master, SQL, Java, PHP, Perl, Python, Ruby, shell scripting, cucumber, Sybase, LoadRunner, JMeter, LoadUI

Confidential

Embedded Developer

• Created efficient assembly code in a timely manner for quick customer deployment.
• Developed support scripts in Python to help automate tasks for the development team.
• Participated in weekly code reviews, regression testing and alpha build testing.

Technologies used - Assembly, Python, shell scripting

Confidential

Vulnerability Analyst

• Supplied IAD Customers with Cross Domain Solution (CDS) support in terms of product evaluation, collaboration on solutions, and general advice.
• Performed penetration tests on over 15 CDSs with findings resulting in the product needing further infrastructure analysis before the Unified Cross Domain Management Office (UCDMO) would accept it on its baseline of deploy-able CDSs.
• Served one year as a lead tester, aiding junior analyst in their work as well as representing our team's findings to the UCDMO board and when applicable, debriefing officials of findings.
• Performed white box testing on unit and system level of CDSs and worked with the vendors on the meaning of our findings while providing solutions to these vulnerabilities.
• Worked with vendors with critical findings to properly address adequate fixes in following releases.
• Gained extensive experience with the underlying of Linux systems, SE Linux specifically, as well as Apache Web Servers.
• Quickly and rapidly learned the intricacies of detecting, protecting and exploiting OWASP Top Ten Vulnerabilities using tools MetaSploit, BackTrack, BurpSuite, Nessus, Ida Pro, WireShark, as well as other in-house exploitation tools.
• Gained extensive familiarity and experience with unique civilian and military hardware.
• Traveled OCONUS to a hostile territory providing technological support for NSA analyst.

Technologies used – BackTrack Operation System, MetaSploit, Burp Suite, Ida Pro, WireShark, C, Python, Assembly, PHP, Perl, XML, VM Ware, Apache Tomcat, WebSphere, LoadRunner

Confidential

Software Engineer

• Added and improved existing functionality to software in a Java and C++ environment.
• Researched interoperability issues for our product line for non-Windows platforms.
• Developed new and further SQL scripts to interact with front end graphical reports.
• Created and ran regression test plans with Quality Assurance team.

Technologies used – Java, C#, .Net, C++, MS SQL Server, MS Studio, JBuilder

Confidential

Web Developer

• Was responsible for writing the grammar for teachers and students to be able to generate web surveys in a LAMP environment.
• Implemented security measures to keep private and sensitive information safe.
• Designed an automated backup mechanism for databases and surveys.
• Redesigned their CAPTCHA system to better guard against automated entries.
• Compiled and deployed alpha and beta builds on a weekly basis

Technologies used – PHP, JavaScript, XML, XSLT, HTML, CSS, MySQL

Confidential

Software Engineer Intern

• Created a centralized online repository indexing all in-house programs, utilities, and plant floor machine information.
• Streamlined production code to be less error prone, give meaningful error messages, and perform in a safe state.
• Developed applications to send alerts to IT via email and pager if a monitored machine entered an unsafe state.
• Performed back ups, created and deployed images on plant floor machines using Acronis and Norton .

Technologies used – ASP, C#, VB, .NET, MS SQL, assembly, Crystal Reports

Confidential

DBA/Developer

• Created an automated booking website to request musicians to perform at a venue.
• Implemented a multi-tiered security system to handle sensitive customer information.
• Deployed multiple user levels in accordance to the security system
• Created automated itinerary reminders for all registered customers and performers to be delivered on defined intervals to remind them of logistical details or billing and setup summary, respectively.

Technologies used – PHP, HTML, JavaScript, CSS, MySQL, Crystal Reports

Confidential

Computer Consultant

• Served as a computer administrator and technological subject matter expert for the School of Education's faculty and graduate students, managing user security policies while providing technological assistance.
• Managed and applied security policies using Active Directory to over 200 users.
• Researched and implemented security measures to ensure the Personal Identifiable Information of our users were securely stored.
• Held brown bag lunches to help teach faculty and students how to properly use new software to aid in their research.

Technologies used – Windows Server 2003, Active Directory, Microsoft Office