- Experience in testing using various tools like Burp Suite, Owasp Zap, NMap, Nessus, HP Fortify, IBM Appscan enterprise, Web Inspect, Kali Linux and Metasploit.
- Broad knowledge of hardware, software and networking technologies to provide a powerful combinations of analysis, implementation and support.
- Diverse Knowledge in Windows, Linux, Unix Operating System configuration, Utilities and programming.
- Expertise in understanding in application level vulnerabilities like XSS, SQL injection, CSRF, authentication bypass, cryptographic attacks and authentication flaws.
- Involved in Web Application vulnerability Assessment and Threat modelling, Gap Analysis and secure code review on the applications.
- Vulnerability Assessment includes analysis of bugs in various applications spread across on various domains by using both manual and automation tools.
- Diverse knowledge in identifying all the types of vulnerabilities in the applications based on OWASP Top10 and SANS 25 and their methodologies.
- Having good experience in live network traffic and capture packets using Wireshark.
- Experienced in object - oriented programming; developing, testing and debugging code; designing interfaces; and administering systems and networks
- Analyze the results of penetration tests, design reviews, source code reviews and other security tests. Decide on what to remediate and what to risk accept based on security requirements.
- Experienced with full software development life-cycle, object oriented programming and Waterfall, Agile methodologies.
- Experience on Virtual Private Network (VPN) for operating Network and data center.
- US permanent Resident Green Card holder.
Operating Systems: Unix, Linux, Windows and Mac
Languages: C,C++, Java, SQL
Database: MYSQL, Oracle11g
Methodologies: Agile, Waterfall
Software Tools: Nmap, Nessus, Accunetix, Kali Linux, Webgoat, IBM Appscan, Hp Webinspect, Microsoft office tools, Social engineering toolkit, OWASP ZAP, Qualys SSL, Burp suite, Metasploit, Wireshark
Web server: Apache, IIS 6.0/7.0, Apache Tomcat
Info Security Engineer
- Prepared comprehensive Security report detailing Identifications, risk description and recommendations with code snippets for the vulnerabilities.
- Worked with the ADAST team and helped to organize and remodel the confluence by coordinating with team.
- Experienced in performing automated scans with IBM appscan and Webinspect and produce the quality report to the management.
- Executed as Information Security Engineer, involved in OWASP Top 10 based vulnerability Assessment of Various internet facing point of scale web applications and Cloud application’s.
- Performed Manual and automatic Dynamic penetration testing for web applications using Burp suite and Metasploit.
- Experienced in providing application security consulting SME support to developers
- Expert in working with the software development partners to identify and mitigate the security Vulnerabilities in the application identified through ADAST testing.
- Having a broad knowledge in understanding of security technologies and products.
- Experienced in Performing the security analysis of the system such as(application, operating systems and database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, source code and database vulnerability scanners.
- Having real time experience in performing test for Cloud applications and solving the issues.
- Experienced in DDos, SQL injection protection, XSS protection, Script injection and major hacking protection techniques.
- Have actively participated in all the meetings to improve the security culture and education and also gave a few presentation about Vulnerability threats and how to prevent them.
- Skilled in analysis of Systems and Application security (software) background looking forward for implementing, creating managing and maintaining information security frameworks for large scale challenging environments.
- Experienced in performing the risk assessment for company compliance by using the industry standards related to application and network security.
Web Application Security/Penetration Tester
- Experienced with performing IBM Appscan and Burp-Suite scans before all production release and report to the management.
- Training the development team on the most common vulnerabilities and common code reviews Issues and explaining the remediation.
- Assisting customer in understanding risk and threat level associated with vulnerability so that customer may not accept risk with respect to business criticality.
- Experienced in managing application security vulnerabilities as a developer, a system administrator, or an application system engineer.
- Conducted analysis using Kali Linux environment and effectively neutralized DOS, DDOS, XSS and SQL Injection Attacks.
- Reviewed source code and developed security filters within Appscan for critical applications.
- Conducted penetration testing for all the web applications and websites developed by the company using Nmap, Nessus, Accunetix, Zap and Kali Linux.
- Update with the new hackings and latest vulnerability to ensure no such loopholes are present in the existing system.
- Reduced application vulnerability by 95% in the beginning of the year of service and maintained a steady decrease in the management.
- Performed network and infrastructure vulnerability assessment using automated tools such as Qualys Guard and Nmap.
- Produced quality reports, detailing findings and remediation details.
- Proficient in application level vulnerabilities like Owasp top 10 and Sans 25 and their methodologies.
- Having a good knowledge of network and security technologies such as Firewalls, TCP/IP, IDS/IPS, Routing and switching
- I have evaluated the requirements using various Scanning Tools both on-site and remote locations.
- Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by IBM AppScan, Burp Suite, and HP Web Inspect and eliminated false positives.
- Built a Management Evaluation Environment utilized to address the business requirements and risks involved to mitigate or decrease the intensity of threat exploitation .
Confidential, Atlanta, GA
- Created and implemented a risk management plan. Identified project related risks and triggers; establish risk thresholds and contingency plans using the project plan, refine estimate to create baseline resource plan.
- Involved in Implementing and validating the security principles of minimum attack surface area, least privilege, secure defaults, avoiding security by obscurity, keep security simple, Fixing security issues correctly.
- Performed routine tests in web application penetration testing and exploiting the recognized vulnerabilities using OWASP ZAP, Burp suite, Metasploit, Httrack, Whois, Fiddler.
- Help developers with setting their security scans and remediating Issues with Security Assessment to improve productivity
- To address and integrate Security in SDLC by techniques like Threat modelling, Risk management and Testing etc.
- Capable of Identifying flaws like security Misconfiguration, Insecure direct object reference, Sensitive data exposure, Functional level access control.
- Extensive interaction with Onsite coordinator in understanding the business Issues, requirements doing exhaustive analysis and providing end-to-end solutions.
- Built a Management Evaluation Environment utilized to address the business requirements and risks involved to mitigate or decrease the intensity of threat exploitation.
- Conducting web Application vulnerability Assessment and Threat modeling, Gap Analysis, secure code review on the applications w.r.t guidelines provided by cisco.
- Write security test cases from project requirements and help QA teams to in corporate Security testing in Scrum backlog.
Application Security Analyst
- Responsible for the Analysis and development of the Integration, testing, operations and maintenance of systems security.
- Performed Security research, analysis and design for all client computing systems and the network infrastructure.
- Explanation of the security requirements to the design team in initial stage of SDLC to minimize the efforts to rework on the Issue identified during penetration tests.
- Manual and Dynamic penetration testing of web applications using Burp suite, Owasp Zap and Nessus.
- Identified Issues on sessions management, Input validations, Output encoding, Logging, Exceptions, cookie attributes, Encryption, Privilege escalations.
- Regularly performed research to Identify potential vulnerabilities in and threats to existing technologies and provided timely clear, technically accurate notifications to management of the risk potential and options for remediation.
- Worked through the entire lifecycle of the projects including Design, Development, and Deployment, Testing and Implementation and support.
- Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
- Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.
- Strong analytical, problem solving and communication skills.
- Gathered user requirements followed by analysis and design.
- Designed the HTML based web pages for displaying the reports.
Application Security Analyst Intern
- Analyze business and system requirements, manage development of specifications to create and execute detailed test plans and verify bug issues.
- Adept at System integration testing, user acceptance testing, overall functionality, object and regression testing.
- Made enhancements and resolved defects in order to meet business requirements.
- Recommended best practices for securing the Applications.
- Vulnerability assessment using Nessus and other monitoring tools.
- Designed built and maintained efficient, reusable and reliable Java code.
- Scan networks and other resources to validate compliance and security issues using numerous tools.