EXECUTIVE PROFILE:

• Experienced Information Security Consultant with experience in leading the Web Application Security and Vulnerability Management projects.
• Used penetration tools and methodologies such as OWASP Top 10, HP WebInspect, IBM AppScan, Fortify, Cenzic, Acunetix, Burp Suite, Firefox Add - ons XSS Me, SQL InjectMe, soapUI and others, to determine the security of web application developed in different platforms like Microsoft .NET, Java, J2EE, AJAX, PHP, Web 2.0, MOSS and many others.
• Other Infrastructure & platforms such as Amazon Web Services (AWS), Cloud Trail, Amazon Identity Management, Virtual Private Cloud (VPC), Docker, Chef, Jenkins, Rally, Jenkins and GIT.
• Hands on experience with Fortinet products such as next generation firewall, data center firewall, cloud security, internal network firewall, web application firewall, unified threat management and advance threat protection, managing encryption policies and cryptographic keys.
• Possess an in-depth understanding of emerging technologies and their commercial applications. Over twelve years of planning, directing and implementation that provides innovative Information Technology, Networking and customer service solutions.
• Recipient of High Performance, presented to top Indiana state employees.
• Over 8 years of experience with implementation of Identity and Access Management (IDAM) Sailpoint, Okta and such.
• Experience with implementation, customization & working maintenance of Sailpoint IQ in an enterprise environment.
• General technical exposure to databases, QA, directories and both Windows and Linux platforms.

DISTINCTIVE SKILLS:

• Amazon Web Services (AWS), Cloud Trail, Amazon Identity Management, AD/LDAP based Identity & Access Management, Virtual Private Cloud (VPC) using products such as OpenIAM, Sailpoint, Oracle Identity, IBM Tivoli Access Management, and others
• Docker, Chef, Jenkins, Rally and GIT.
• Microsoft Azure infrastructure security design with multi region architecture for Microsoft Dynamics CRM solution for GDPR data protection solution globally across 30 countries.
• Fortinet products such as next generation firewall, data center firewall, cloud security, internal network firewall, web application firewall, unified threat management and advance threat protection.
• Encryption in Transit and at rest using Vormetric & Safenet.
• DB monitoring tools such as GreenSQL, Guardium, JackDB, Imperva.
• Confidential rev 4 controls, with the under laying baseline using FISMA FedRAMP compliance standards.
• Multi-site Technology LAN, WAN, B2B, VPN, Cyber security with 2 and 3 factor verification.
• Strategic, Operational & Architectural planning, HIS, LIS, PeopleSoft, MQ middleware, Phillip, and several others.
• Quality and Performance Improvement, Including QA testing & TQM.
• Turnaround and Crisis Management, Decision Making and Problem Solving
• Regulatory & Legal Compliance - i.e. Sarbanes-Oxley, HIPAA, PCI, ISO 27002, GLBA, CobIT 4.0, Basel II (European standards) and may more.
• Project Management, Feasibility study and Process Reengineering
• Perform black box, white box, load, performance, stress, regression testing.
• Develop Threat model for various Applications using STRIDE/DREAD models, Impact Analysis and recommending mitigation plans.

TECHNICAL SKILLS:

• Secure Cloud architecture for AWS and Azure, migration strategy, High Availability, Disaster Recovery, Security Compliance few to list here are - Confidential Rev4, HIPAA, PCI DSS, ISO 27001 and more.
• All Microsoft Windows and Novell operating systems and networking products including server, web, desktop and Mobile technology
• Most UNIX and Linux operating systems and networking tools
• Most networking equipments, a few to list here are CISCO, Linksys, DLink, Juniper
• Most databases its implementations and operational/maintenance, a few to list here are Oracle, SQL Server, PostgreSQL
• Proficient in IT security, IDS, IPS, HIDS, Vulnerability/Risk Assessment, manual source code review, security audit, and many others.
• Hands on experience in conducting Web Application Security scan, Network Penetration Testing and Ethical Hacking using commercial and non-commercial applications and methodologies such as OWASP Top 10, OWASP Zed Attack Proxy (ZAP), HP WebInspect, IBM AppScan, Fortify, Cenzic, Acunetix, Burp Suite, Firefox Add-ons XSS Me, SQL InjectMe, soapUI and others. Using these tools to determine the security of a given web application developed in Microsoft .NET, Java, J2EE, AJAX, PHP, Web 2.0, MOSS and many others.

CAREER PROGRESSION:

Confidential

Lead Information Security Consultant

Responsibilities:

• Building high profile cybersecurity consulting teams for accelerated risk remediation & audit findings.
• Remediating risk by advanced architecture design in the cloud environment.
• Securing assets by creating defense in depth implementation industry standard comprehensive security guideline and framework.
• Supporting Secure Software Development Life Cycle (SSDLC) in an agile environment.
• Recommend remediation steps for variety of web & mobile applications.
• Provide temporary stop gap mitigation, followed by a more robust permanent secure solution.
• Securing variety of different controls in varying different compliance and legislative regions supporting PCI/DSS, GDPR, and OSFI.

Confidential

Security Architect

Responsibilities:

• Help align enterprise security program with Confidential cybersecurity framework. Build security requirements for the Dev, QA & Ops team creating detailed story requirements, testing and acceptance criteria in Jira.
• Design a secure architecture for the new digital platform in the cloud, recommending implementing of Confidential based security controls. Help evaluate infrastructure tools and products for migration from physical datacenter to cloud. Providing guidelines for internal application and architecture teams for secure implementations and cloud services.
• Building these security guidelines for the immediate Lift-&-Shift approach without much re-architecture and eventually long term effort to re-design the infrastructure in the cloud with some major technologically changes to take advantage of the cloud efficiencies and hence reducing the overall operating cost.

Confidential

Security Architect

Responsibilities:

• Working with the infrastructure team in building Disaster Recovery (DR) from ground up in the AWS cloud environment.
• With DR Lift & Shift being the focus of this project in an environment that is already PCI DSS compliant on-Prem, additionally in process of acquiring Confidential Rev4 and ISO 27001 compliance.
• Designing new DR infrastructure architecture and design taking into consideration controls and requirements of all of these.
• Reviewed through cloud shared responsibility model and over 300 controls from Confidential alone, while guiding engineering team through the secure implementation in the cloud.
• With existing on-Prem infrastructure and lift & shift in scope, helping work through some of the components that may not be able to simply lift & shift, i.e. - Firewall Rules -> Security Groups, Load Balancers ELB's and so on. Architecting & Designing all the way through core components, applications integration with the existing SOA architecture.

Confidential

Platform Security & Risk Assurance

Responsibilities:

• Help design and build secure architecture design for the Amazon Web Services (AWS) & Microsoft Azure. Design VPC based secure boundary protection architecture design following Confidential rev 4 controls with the under laying baseline using FISMA FedRAMP compliance standards. Implementing Non-functional security requirements on the platform build on Java and some .Net framework with Oracle, SQL, MySQL Database and ESB architecture, such as authentication, authorization, credential protection, non-repudiation, input validation (Xss, buffer Overflow, injections, etc…), data protection via encryption (in-transit & at rest), data sanitization (scrubbing, tokenization, etc…), logging & monitoring for security monitoring and file protection.
• While helping build up the security practice for wireless, network, infrastructure, external business partner connectivity, SaaS's, monitoring. Building scanning policy for vulnerability & compliance management using tools such as Nessus, Nmap and other industry standard tools. Vormetric encryption architecture, deign with implementation of DSMs
• Using the agile methodology, I am the scrum master leading the Software Security Group, which includes hands on software platform and framework architecture review, static code analysis, Dynamic code analysis, remediation effort (as needed). Security non-functional requirement implementation throughout the software platform. Performing Security Assessment and Permit to Deploy (PTD) in the production environment.
• Design, Architect and implement Identity and Access Management Solution using OKTA Software as a Service (SaaS) model for external users
• Perform Security Testing and Evaluation (ST&E): security Non Functional Requirements (NFR) gathering, performance analysis of security products on the software platform, compliance testing and validation, information assurance, risk based & accreditation.
• Ramping up with additional budget and approval process actively involved with HR for staffing needs to the team through job fairs and individual interviews.

Confidential

Security Architect

Responsibilities:

• With multiple parallel projects with varying different technologies and implementation, some in house other housed in the cloud.
• With reviewing security, compliance and legal documentations including procurement, MSA, NDA, SLA, compliance, processes and procedure.
• Develop security architecture documents and artifacts, guiding Security assessment and audit groups, making sure all the applicable patterns and processes have been followed Confidential Rev4, including but not limited to Authentication, Authorization, Credential protection (storage, encryption of keys and certs), analysis covering industry standard POC of Vormetric cryptographic & hashing standards, Input Validation, Data Sanitization, Logging & Monitoring, File Access Management and provide mitigations and controls where required.
• Experience with implementation, customization & working maintenance of Sailpoint IQ in an enterprise environment.

Confidential

Application Security Engineer

Responsibilities:

• Performing application security testing for several in-house as well as vendor developed/hosted internet/intranet/extranet applications, using industry standard tools for automated and manual testing. Performing Security Assessment and assisting ISSO in providing Authority to Operate (ATO) / Deploy in the production environment.
• Report writing for the findings for an executive level as well as detailed reports for the developers to understand and fix the vulnerability found in the application. At times assisting the infrastructure/developer, as the case may be, in mitigating the vulnerability. Security Controls Assessment on Sailpoint implementation for a project on a relevant client based engagement project.
• Experience with implementation, customization & working maintenance of Sailpoint IQ in an enterprise environment.

Confidential

Director - Application Security & Risk Assurance

Responsibilities:

• Protecting the virtual perimeter or the company, doing OS Vulnerability assessment, metrics and measurements.
• Leading the Application security testing for Confidential, using industry standard applications and tools for static, Binary & Dynamic, code analysis. Assisting developers & infrastructure owners in fixing the vulnerabilities before it gets to the production.
• Writing process, procedures and developers & web admins on secure coding practices on various different platforms and technology, few to name here; IIS, Apache, TOMCAT, Java, JBoss, J2EE, .NET, etc…
• Fulfilling regulatory & compliance audit check for PCI DSS, SOX, Basel II, and SAS 70 audit vendor review.
• Developing user awareness and presentations all across the company on a regular basis.
• Architected Sailpoint implementation solution, implemented solution with Oracle Identity Federation.

Confidential

Integration & Security Consultant

Responsibilities:

• Working as an integration and Security Consultant; leading the application requirements writing, application security and code review for web applications, including non-functional requirements for 3 main areas, i.e. Infrastructure, Application and Information. Hands on experience with IDS, IPS, HIDS, Vulnerability/Risk Assessment, manual source code review, security audit, Web Application Security scan, Network Penetration Testing and Ethical Hacking and many others.
• Focusing more on application testing; no matter what platform the application is developed in, i.e. - IIS, Apache, TOMCAT, Java, JBoss, J2EE, .NET, etc… our primary focus is to address risk to the information at the storage level (i.e. - database (Oracle, SQL Server, PostgreSQL, etc…)), information in motion (i.e. - message) and delivery points (i.e. I/O mechanism). Implement this as a part of SDLC (milestones) in all our new developments.
• Conduct User Acceptance Testing (UAT) for functional requirement; for non-functional testing, manually review the code to find vulnerabilities. Perform control/data flow analysis by stepping through logical conditions in the code, examining functions to determine branch conditions including loops, switch statements, if statements, and more. Trying to identify which block will execute. Trace data from the points of input to the points of output and matching the code and type of interfaces used (i.e. public, user, file, pipe, etc).