PROFESSIONAL SUMMARY:

• An IT professional with 6 years of IT experience in different domains of Information Security
• Domains: Application Security, Risk Management, Compliance & Audit, Fortify Implementation.
• Experience working in Agile, Waterfall Methodology
• Vulnerability Assessment and penetration testing of 100+ applications including client server applications, think clients and APIs.
• Expertise in HP Fortify tool in implementing and configuring SCA and SSC in developers Machine.
• Triaging the code.
• Troubleshooting the issues during implementation.
• Handled security of application in various different domains like retail, Finance and Cloud Involved in Secure Software Development Life cycle (SDLC) to ensure security controls are in place.
• Experience in providing requirements in the SDLC requirement phase.
• Penetration testing based on OWASP Top 10 and SANS 25.
• Static assessment of various applications by Static code analyzers like HP Fortify.
• PCI,HIPPA Audit
• Dynamic assessment of applications by HP web inspect and verify false positives.
• Expertise in implementation of Automation Tests and Manual Tests.
• A good team player, Inquisitive, good in basic concepts and an excellent team player.
• Ability to work in large and small teams as well as independently.
• Vulnerability Assessment of various web applications used in the organization using Burp Suite, Web scarab, HP Fortify, Nikto, Skipfish, SSLScan, DirBuster, Flagfox, Wappalyzer, Live HTTP Header, and Tamper Data, Kali Linux.
• Coordinate with application team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Good knowledge in programming and scripting in Java.

TECHNICAL SKILLS:

Languages: JAVA,Python

Databases: MySQL, MSSQL, Oracle

OS: OS - X El Capitan, Windows (.NET/2003/7/Vista/XP/2000/98).

Proxies: BurpSuite Pro, VEGA.

Tools: HP Fortify, NMap, Nessus, SSLScan, NIKTO, Skipfish, DirBuster, Flagfox, Wappalyzer, LiveHttpHeader, Tamper data, MetaSploit, Restfulclient. Kali Linux.

Standards & Frameworks: ISO 27001, COBIT, ITIL, ISO 20000, NIST

Regulations: OWASP, PCI-DSS.

Environment s: Dev, UAT and PROD

Static scanners: HP Fortify.

Dynamic Scanners: HP Web inspect, Accunetix

PROFESSIONAL EXPERIENCE:

Confidential, Columbia, MD

Position Security Engineer

RESPONSIBILITIES:

• Key issues plaguing the information security world, incident management process, and penetration testing
• Various types of penetration testing, security audit, vulnerability assessment, and penetration testing roadmap
• Various types of footprinting, footprinting tools, and countermeasures
• Working of viruses, virus analysis, computer worms, malware analysis procedure, and countermeasures.
• Social Engineering techniques, identify theft, and social engineering countermeasures.
• Different types of web application attacks, web application hacking methodology, and countermeasures.
• Mobile platform attack vector, android vulnerabilities, mobile security guidelines, and tools.
• Perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems.
• Mobile platform attack vector, android vulnerabilities, mobile security guidelines, and tools.
• Different types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools.
• Firewall, IDS and honeypot evasion techniques, evasion tools, and countermeasures.
• HIPPA Audit.

Environment: -: Java Script, Python, MySQL, Kali Linux

Confidential, Coppell,TX

Position HP Fortify SME

RESPONSIBILITIES:

• Information gathering of existing setup and conducting gap analysis
• As per Analysis find assets and resources required for setup of HP Fortify Cloud and Security Center
• Work with Internal Infra\Procurement team to raise request for the tools
• Work with account team for analyzing Secure SDLC implementation.
• Environment setup of Fortify Cloud and security center with other integration tools and development tools
• Monitor, Upgrade rule packs every month and upgrade tool license (renew) every year.
• Work with HP Support team for setting the environment and troubleshooting with and without help of HP team
• Service customer requests for creating accounts, setting up access and permissions, build plans and other day-to-day tasks
• Talking with vendors and their support team for getting quotation and supports.
• White box test done by using Fortify, Engage with Penetration Testers validate false positives, Perform secure code review of the code base.

Environment: Java,C,C++,Windows,Linux.

Confidential, San Antonio, TX

Position Cyber Security & Penetration Tester

RESPONSIBILITES:

• Performed security research, analysis and design for all client computing systems and the network infrastructure.
• Created Test Plans for Grey Box testing, white box testing .
• Designing security principles like Job rotation, Least privilege, Defense in depth
• Ensuring confidentiality, Integrity and availability of the system is maintained.
• Schedule the pen test for the whole year, also make sure that all the applications are covered in the schedule and completed in the time frame.
• Responsible to assess the controls to identify gaps and to design and analyze segregation of duties, least privilege for that application.
• Performed the gap analysis to identify scenarios like privilege escalation.
• Verified the existing controls for least privilege, separation of duties and job rotation.
• Ensure the issues identified are reported as per the reporting standards.
• Provide the report and explain the issues to the development team.
• Security testing of APIs.
• Provide remediation steps to the team and follow up.
• Retest the fixed issues and ensure the closure.
• Validate the false positives and report the issues.
• Involve actively in the release management process to ensure all the changes of the application had gone to security assessment
• Metasploit to exploit the systems through Kali Linux OS.
• Burp suite, NESSUS, DEFECT DOJO, JIRA, Kali Linux tools on daily basis to complete the assessments
• Initiated Reconciliation of exceptions and minimizing the count of Exceptions in the project

Environment: Java Script, Python, MySQL, Kali Linux

Confidential, Columbus, OH.

Position Java Developer/ Penetration tester

RESPONSIBILITES

• Front-end web development using HTML, CSS, JavaScript & JSF.
• Work in a Java environment using advanced UI web development techniques.
• Create lead generation applications that make multiple API calls (via AJAX) for form validation.
• Exposed various capabilities such as Web Services using SOAP and WSDL
• Used RAD 7 IDE for development and debugging the application
• Used HibernateORM framework as persistence engine, configured O/R mapping and wrote hibernate queries.
• Perform pen tests on various applications on weekly basis
• Categorize the assessment in various categories like Input & Data Validation, Authentication, Authorization, Session Management, Exception Management, Cryptography, Auditing & Logging
• Preparation of security testing checklist to the company based on the latest attacks
• Ensure all the controls are covered in the checklist
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Updating of the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market
• Information gathering of the application using websites like Shodan, Reverse DNS, and Hackertarget.com
• Using various Firefox add-ons like Flag fox, Wappalyzer, Live HTTP Header, Tamper data to perform the pen test
• Network scanning using tools like NMap and Nessus
• Initiative to stream line the access control mechanism of various applications.

Environment: Java, MySQL, Asp, MSSQl.

Confidential

Position Apprentice Security Engineer

RESPONSIBILITES

• Black box pen testing on internet and intranet facing applications.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS and unvalidated redirects etc.
• Performed extensive grey box and black box testing.
• Preparation of risk register for the various projects in the client by performing risk assessment using NIST framework and quantitative approach
• Using DREAD methodology during the report writing to provide risk ratings.
• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities and SANS 25.
• Training the development team on the secure coding practices.
• Providing details of the issues identified and the remediation plan to the stake holders.
• Gray Box testing of the applications.
• Verified the existing controls for least privilege, separation of duties and job rotation.
• Involved in a major merger activity of the company and provided insights in separation of different client data and securing PII.
• Identification of different vulnerabilities of applications by using proxies like Burp suite to validate the server side validations.
• Execute and craft different payloads to attack he system to execute XSS and different attacks.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations

Environment: Java, .Net, Oracle DBA.