PROFILE SUMMARY:

• Over 6.8 years of experience in IT industry as an Information Security Consultant that includes vulnerability assessment of web applications, network penetration testing (external) and process audit, and in Security and Risk Management.
• Expertise in handling various security appliances, compliance audits, consulting services (Application Security, Penetration Test, Vulnerability Assessment).
• Proficient with manual and automated scanner approaches.
• Audited many business Web - Applications in the areas of Security domains.
• Provided comprehensive report on vulnerabilities and action plan to mitigate the identified vulnerabilities and VAPT process.
• Vulnerability Assessment Tools: Nessus, Qualys, Acunetix and Netsparker.
• Web Vulnerability Tools: Burp Suite, IBM App Scan, and Web Inspect.
• Penetration Testing Tools: Nmap, Backtrack, and Wireshark
• Ability to coordinate and work in a team environment as well as independently to achieve objectives and reach deadlines.
• Willing to learn new technology & ready to take up any challenges in any domain.
• Excellent analytical, problem solving skills.
• Active involvement in defect review meetings/calls and weekly status with QA/Development teams/Clients.
• Excellent Knowledge in preparation of Audit reports.
• Experience in performing Root Cause Analysis (RCA) on the customer reported issues.
• Active participation in the GTS transformation and contribution to the ongoing Client First Transformation in IAM Optimized Services.
• Established the Geo-aligned and Account-aligned connections to operate within the Optimized Services operating model.
• Imbibed metrics, measurements and data-enabled analytics in our daily work.
• Ensure team practice timely, complete and accurate issue & risk management in my areas of work.
• Ask for (and give) help in a timely manner without fear of failure or rebuke.

PROFESSIONAL EXPERIENCE

Web Application Security Assessment

Confidential

Responsibilities:

• Executed Web Application Vulnerability Assessments for various Web Applications to check out for the various vulnerabilities in the existing application and also ensured to communicate the correct mitigation for the existing vulnerabilities to the Client.
• Provided with Threat profiling of the application to the Client.
• Tested all the application functionality based on the OWASP standards and a threat profile prepared specifically for the application.
• Provided comprehensive report on vulnerabilities and action plan to mitigate the identified vulnerabilities.
• Involved in the complete execution of the project, starting from threat profiling to delivery of the project.
• Informed security vulnerabilities identified and recommendations proposed to fix the same: SQL Injection, Cross-site scripting, HTML Injection, Parameter manipulation, information disclosure, directory traversal, banner grabbing, default username/passwords etc.
• Have good knowledge of implementing all the tools used for carrying out Web Application Vulnerability Assessment.

Network level security assessment

Confidential

Responsibilities:

• Executed Network Penetration tests on Client’s external network to check out for the various vulnerabilities in the existing network and also ensured to communicate the correct mitigation for the existing vulnerabilities to the client.
• Scanned and analyzed port scan results
• Manually verified the vulnerabilities related to the ports of the system.
• Provided comprehensive report on findings and action items to fix the identified vulnerabilities
• Network Penetration Testing across various networks to check out for various vulnerabilities in the existing network.
• Informed security vulnerabilities identified and recommendations proposed to fix the same: FTP related vulnerabilities, information disclosure, banner grabbing, default username/passwords etc.
• Have good knowledge of implementing all the tools used for carrying out Network Penetration tests.

Confidential

Security Delivery Specialist

Responsibilities:

• Managing 2 pools of 3 different accounts supporting ID administration.
• Tracking the Noncompliance issues and remediating the violations.
• Maintaining the Work instruction documents for the pools.
• Tracking individual’s productivity and thereby ensuring efficiency.
• Providing Root Cause Analysis for the issues raised.
• Maintaining CIRAT and Audit trackers.
• Tracking the change tickets and ensuring that there are no failed changes.
• Providing L2 technical support for IBM Canada / Argentina / US in UNIX, Linux, Windows - Servers, Lotus Notes (LN)* and Domino Administration.
• Shared ID Management / Mapping Groups / New Drives / User Id Modification / URT Label Format.
• SA&D’s checklist and procedure.
• Enabling / Disabling the Certificates for TR Employees.
• Unlock ID / Password reset / Accounts Disable (Reasons: LOA, Termination, QEV/CBN)
• Work on SUDO Groups, Group Administration, Non-Loggable/Non-Expiring IDs, Renaming AIX Ids, Transferring IDs, Admin tool Requests, Creating/Deleting Local IDs on Profit Machines.
• Mass deletion on a Single System, modify UID/GID, changing User ID Attributes (Home Dir, Shell, etc),
• Creating a group on a host, generating Reports.
• Creating Multiwin userids on "IBMUS ID requests" db (Review Overdue), Resetting standalone servers userid passwords on Legacy and Access Services DBs, perform change requests.
• Creation / Resetting of user accounts/groups in Active Directory.
• Execute Batch requests.
• TSRM Problem tickets - Incident tickets.
• Report Generation of the invalid IDs for LN and Domino Administrator.
• Troubleshooting of the technical aspects of the ID in LN.
• Create and Modify ID, Archive database/NSD Storage db/Password db (as required) in LN.
• Update System Delete database (based on Separation Notifies).
• Modify IBMC NAB (as required).
• Create Suspension/Deny groups in Admin Group manager.
• Document and track Severity 1 and 2 issues and resolutions.
• Process all separated contractors and regular employee’s request - Transfer of IDs from contractor to regular and Shared ID transfer.
• Successively fulfill the request with in the SLA period.
• Process the task of Audit request for the account at monthly and quarterly review.
• Modification and tracking of mail files of the Users and Generic IDs at the Domino Servers.
• Samba Server configuration with Samba Clients.
• Monitoring User ID Security and permissions.
• Monitoring of Wintel Server like Daily heath checkup report physically or internally.

Confidential

Assigning and Managing

Responsibilities:

• Providing L2 technical support for ING applications like ING Databases, Unix, applications, Outlook, web tools supported by ING and Active Directory.
• Creation/resetting of user accounts/groups in Active Directory.
• Updating the SMTP email address in AD.
• Troubleshooting the Mailbox of client.
• Granting and Revoke file Share permissions.
• Tracing the log file and handling the client report on a daily basis / Tracking and Mapping the errors in Log file.
• Effective in interacting with the client and resolving user access issues through email and telephone communication.
• Experience in Active Directory, Windows 2003/2007, Sybase, IM and
• Various client specific application supports / Web applications through Share Point.
• Back up and restoring of the data.
• Effective in training new Process Executives.
• Handling Knowledge Transition (training) over the Phone.
• Responsible for the adherence to TURN AROUND TIME for all the transactions.
• Responsible for the adherence to fulfill the request with in the SLA period.
• Escalation of production issues to L3 engineers.
• Monitoring production system services.
• Co-ordination /Interaction with Application/DBA/Testing team/Management.
• Realizing and identifying the BEST PRACTISE and sharing the same with the team.