PROFESSIONAL SUMMARY:

• Around 8 years of experience in IT professional within Information Security.
• Involved in Software development Life cycle (SDLC) to ensure security controls are in place.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Experience on vulnerability assessment and penetration testing using various tools like Burp suite, DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, Accunetix
• Experience with Security Risk Management with TCP - based networking.
• Led Application Security Analysis for some of the major Clients using HP Fortify & IBM AppScan.
• Static Code Analysis during development phase.
• A Certified Ethical Hacker.
• A Pen tester with experience of penetration testing on various applications in different domains.
• Penetration testing based on OWASP Top 10.
• A good team player, Inquisitive, good in basic concepts and an excellent team player.
• Performed the gap analysis to identify scenarios like privilege escalation.
• Performed software Licensing audit.
• Interpreted least privilege for applications and segregation of duties.
• SOX Compliance Audit experience on controls like User access management, Change Management, Incident Management.

TECHNICAL SKILLS:

Tools: Burp-Suit, DIR-Buster, IBM AppScan, SQL Map, Acunetix Web Scanner, SQL Injection Tools, Havij, CSRFTester AND Kali Linux.

Language: C, C++, Basic, UML, ASP.NET

Web Technologies: HTML, JavaScript

Platforms: Windows 98/2000/XP/Vista/Windows 7, Windows Server 2000/2003,Linux

Web Server: Apache, IIS 6.0/7.0

Database: My SQL 5.0, MS Access, MS SQL 2000

Packages: MS - Office, Visual Studio 2005/08/10, E-Draw Max 5.6

Network Tools: NMap, Wire Shark, Nessus

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Security Analyst

Responsibilities:

• Conducted application penetration testing of 50+ business applications.
• Manage and perform IBM AppScan and Acunetix scans before all production releases and analyze vulnerabilities and report to all stakeholders.
• Worked on various business development activities like drafting response to RFP’s and preparing SOW’s documents.
• Acquainted with various approaches to Grey & Black box security testing
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF,authentication bypass, cryptographic attacks, authentication flaws etc.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster, Qualysguard, Nessus, SQLmapfor web application penetration tests and infrastructure testing.
• Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
• Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).
• Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• The experience has enabled me to find and address security issues effectively, implement new technologies and efficiently resolve security problems. With having strong Network Communications, Systems & Application Security (software) background looking forward for implementing, creating, managing and maintaining information security frameworks for large scale challenging environments.

Confidential, New York City, NY

Security Analyst

Responsibilities

• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Security testing of APIs using SOAP UI.
• Experience in using Kali Linux to do web application assessment with tools like DirBuster, Nessus, and NMap.
• Performed static analysis with HP Fortify and dynamic analysis with NowSecure Labs.
• User ID reconciliation on quarterly basis.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
• Threat modeling of the Project by involving before development and improving the security at the initial phase.
• STRIDE assessment of the applications during the design phase, identifying the threats possible and providing security requirements.
• Training the development team on the most common vulnerabilities and common code review issues and explaining the remediations.
• Good knowledge in programming and scripting in .net, Java.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Ensuring SDLC to be a Secure SDLC.

Confidential

Penetration Tester

Responsibilities:

• Conducted application penetration testing of 10+ business applications
• Generated and presented reports on Security Vulnerabilities to both internal and external customers.
• Manage and perform IBM AppScan and Acunetix scans before all production releases and analyze vulnerabilities and report to all stakeholders.
• Performing the manual code review to remove the False Positives and also identify the False Negatives.
• Prepared comprehensive security report detailing identifications, risk description and recommendations with the code snippets for the Vulnerabilities.
• Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
• Providing preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.

Confidential

Penetration Tester

Responsibilities:

• Conducted application penetration testing of 90+ business applications
• Conducted Compliance Audits
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests.
• Monitor, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
• Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool.
• Initiate and develop new mechanisms to addresses unidentified security holes & challenges.
• Real-time Analysis and defense.
• Write security test cases from project requirements and help QA teams to in corporate security testing in Scrum Backlog.
• Vulnerability assessment (VA), Security policy, and network and security audit.
• Ensuring compliance with legal and regulatory requirements