SUMMARY:

• Multifaceted technical career with four - year track record of managing information securityTechnically sophisticated IT professional and web application security analyst with solid history of crafting solutions to protect mission-critical applications and corresponding databases within the financial and hospitality industries.
• Broad knowledge and success; proactively monitoring and providing mitigation to various information security threats.
• Proficient in implementing, testing, and managing advanced software security techniques in accordance with technical reference architecture.
• Skilled trainer and project leader; able to facilitate the development of engineering designs for new software solutions to help address security gaps and vulnerabilities.

TECHNICAL SKILLS:

Security Tools: Web Inspect, IBM App Scan, Burp Suite, SQL Injection Tool, Kali Linux, Hack Me

Web Technologies: JavaScript, HTML

Languages: C, Java, SQL, PL/SQL, Python

Database: Oracle, MySQL

Network Tools: Nmap, Wireshark

Operating Systems: Unix, Linux, Windows

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Security Analyst

Responsibilities:

• Played a key role in identifying security anomalies in the system architecture and design, and addressing data security and privacy concerns through intensive review of Architecture Design Documents (ADD) and Solution overview Documents (SODs).
• Increased website traffic and online production through identification and assessment of new marketing opportunities.
• Developed substantial knowledge of application level vulnerabilities like Cross site scripting(XSS), SQL Injection, Cross sire Request forgery(CSRF), authentication bypass, cryptographic attacks, and authentication flaws.
• Commended for efficient work in performing onsite and remote security consulting encompassing penetration testing, application testing, web application security assessment, onsite internet security assessment, and IDS/IPS hardware deployment.
• Recognized for outstanding work in developing new mechanisms to identify and resolve security issues, gaps, and challenges.
• Identified Issues on session Management, input validations, output encoding, logging, Exceptions, cookie attributes, Encryption.
• Conducted application security testing of 20+ business applications
• Involved in secure design and solution for newly proposed applications, incorporating right security at the requirement elicitation and designing phase of SDLC.
• Implemented application security program(DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PROD and QA Environments.
• Monthly automated scans of the online applications in production using Web Inspect followed by report presentation.
• Supporting in preparation of plans to review software components through source code review or application security review.
• Performing onsite and remote security consulting including penetration testing, application testing, web application security assessment.
• Update with new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
• Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool.
• Initiate and develop new mechanisms to address unidentified security threats and challenges

Confidential

Application Security Engineer

Responsibilities:

• Monitor, analyze and respond to security incidents in the infrastructure.
• Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
• Worked as an information security consultant, involved in recommending security solutions of new applications incorporating secured SDLC, OWASP top 10 based vulnerability assessment of various internet facing point of sale web appkications.
• Identified varioussecurity issues(XSS, CSRF, session fixation, information leakage) across various platforms.
• Worked on web based applications, networks and other types of computer system on a regular basis and performed White box, Grey box and Black box testing on various methodologies in security.
• Implementation of security into SDLC via application risk assessment, requirement gathering, design review and application vulnerability assessment.
• Peformed manual and automatic vulnerability assessment using Burp suite and SQL map.
• Review of projects during SDLC and make recommendations to the project Team, and proposed solutions based on them.
• Execute and craft different payloads to attack the system to execute XSS and different attacks.
• Perform validation on design features like authentication, authorization and accountability.

Confidential, Vancouver, BC

Application Security Engineer

Responsibilities:

• Monthly automated scans of online applications in production using Web Inspect followed by Report presentation.
• Implement security solutions according to security policy and practices established by the client.
• Executed daily vulnerable assessments, threat assessment, reporting activities inorder to safeguard information and ensure that the systems are highly protected.
• Controls on session management like serverside sessions, session termination, session ID randomness, expiration, unique tokens, session fixation prevention.
• Performed penetration testing for external facing web applications, covering DMZ architecture, threat modeling and secure coding practices were assessed.
• Experience in vulnerability assessment and penetration testing usiong various tools like Burp Suite, IBM App scan,Web Inspect and Nmap
• Perform proactive research to identify and understand new threats, vulnerabilities and exploits.
• Documenting the vulnerabilities identified and reporting it to the application development team. Ensuring timely delivery of issues reported.
• Providing fixes and filtering flase findings for the vulnerabilities reported in the scan reports.
• Monitoring firewalls and Intrusiion detection systems.

Confidential, New Orleans, LA

Oracle Applications DBA

Responsibilities:

• Handled multi tier architecture: Desktop tier, application tier( Webserver, Forms server, concurrent processing server) and Database tier.
• Cloning or Oracle applications 11i and R12 for testing and development purposes using RMAN Backup.
• Gathering table, schema and database level statistics to increase the performance and scheduling concurrent requests for gather AUTO and NORMAL to ALL schemas.
• Created and managed physical standby databases using Dataguard for PROD Environment.
• Applying latest release of the application patches from Oracle on production and test instances to resolve application issues.
• Generating tkprof Report with Explain plan for analysis.
• Applying Migration patches and language specific patches.