PROFILE SUMMARY:

• Over 7.5 years of experience in IT industry as an Information Security Engineer that includes vulnerability assessment of web applications, network penetration testing (internal and external) and process audit (IAM projects), and in Security and Risk Management.
• Expertise in handling various security appliances, compliance audits, consulting services (Application Security, Penetration Test, Vulnerability Assessment).
• Proficient with manual and automated scanner approaches.
• Provided comprehensive report on vulnerabilities and action plan to mitigate the identified vulnerabilities and VAPT process.
• Vulnerability Assessment Tools: Nessus, Qualys, Acunetix and Netsparker.
• Web Vulnerability Tools: Burp Suite, IBM App Scan, and Web Inspect.
• Penetration Testing Tools: Nmap and Wireshark
• Ability to coordinate and work in a team environment as well as independently to achieve objectives and reach deadlines.
• Willing to learn new technology & ready to take up any challenges in any domain.
• Excellent analytical, problem solving skills.
• Active involvement in defect review meetings/calls and weekly status with QA/Development teams/Clients.
• Excellent Knowledge in preparation of Audit reports.
• Experience in performing Root Cause Analysis (RCA) on the customer reported issues (SARM projects).
• Active participation in the GTS transformation and contribution to the ongoing Client First Transformation in IAM Optimized Services.
• Established the Geo - aligned and Account-aligned connections to operate within the Optimized Services operating model.
• Imbibed metrics, measurements and data-enabled analytics in our daily work.
• Ensure team practice timely, complete and accurate issue & risk management in my areas of work.

PROFESSIONAL EXPERIENCE:

Confidential

Tools: Burp Suite, Zap, D B Visualizer, Nmap

Responsibilities:

• Tested all the application functionality based on the OWASP standards and a threat profile prepared specifically for the application.
• Proposed remediation strategies for remediating system vulnerabilities.
• Developed Security Assessment Plan, Security Assessment Report, Security Assessment Questionnaire, Rules of Engagement, Kick off Brief, and Exit Brief templates.
• Performed application security and penetration testing.
• Researched and analyzed known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities.
• Executed Web Application Vulnerability Assessments for various Web Applications to check out for the various vulnerabilities in the existing application and also ensured to communicate the correct mitigation for the existing vulnerabilities to the development team for implementation post which communicating the changes or output to the client.
• Provided with Threat profiling of the application to the Client.
• Conducted both manual and automated scanners to test the application based on client requirement(s).
• Prepare combined reports of level of risks, their trend and frequency to the client.
• Preparing detailed documentary to the development team which consists of vulnerability lists, their causes and mitigation or suggestions to over each of them.
• ESXI Server API integration security assessment.
• VMware VSphere server penetration testing.

Confidential

Tools: Burp Suite, NetSparker, Acunetix, IBM AppScan, Wire shark.

Responsibilities:

• Executed Web Application Vulnerability Assessments for various Web Applications to check out for the various vulnerabilities in the existing application and also ensured to communicate the correct mitigation for the existing vulnerabilities to the development team for implementation post which communicating the changes or output to the client.
• Provided with Threat profiling of the application to the Client.
• Tested all the application functionality based on the OWASP standards and a threat profile prepared specifically for the application.
• Provided comprehensive report on vulnerabilities and action plan to mitigate the identified vulnerabilities.
• Involved in the complete execution of the project, starting from threat profiling to delivery of the project.
• Informed security vulnerabilities identified and recommendations proposed to fix the same: SQL Injection, Cross-site scripting, HTML Injection, Parameter manipulation, information disclosure, directory traversal, banner grabbing, default username/passwords etc.
• Have good knowledge of implementing all the tools used for carrying out Web Application Vulnerability Assessment.
• Conducted both manual and automated scanners to test the application based on client requirement(s).
• Prepare combined reports of level of risks, their trend and frequency to the client.
• Preparing detailed documentary to the development team which consists of vulnerability lists, their causes and mitigation or suggestions to over each of them.
• Good understanding for PCIDSS methods.

Confidential

Tools: Nmap, Burp Suite, Nessus, Wire shark, Qualys, Backtrack

Responsibilities:

• Executed Network Penetration tests on Client’s external network to check out for the various vulnerabilities in the existing network and also ensured to communicate the correct mitigation for the existing vulnerabilities to the client.
• Scanned and analyzed port scan results
• Manually verified the vulnerabilities related to the ports of the system.
• Provided comprehensive report on findings and action items to fix the identified vulnerabilities
• Network Penetration Testing across various networks to check out for various vulnerabilities in the existing network.
• Informed security vulnerabilities identified and recommendations proposed to fix the same: FTP related vulnerabilities, information disclosure, banner grabbing, default username/passwords etc.
• Have good knowledge of implementing all the tools used for carrying out Network Penetration tests.

Confidential

Security Delivery Specialist

Environment: UNIX, Linux, Intel, Lotus Notes and Domain, Security Applications, s, Active Directory and Audits - SOX, PWC, and BCR’s

Responsibilities:

• Managing 2 pools of 3 different accounts supporting ID administration.
• Tracking the Noncompliance issues and remediating the violations.
• Maintaining the Work instruction documents for the pools.
• Tracking individual’s productivity and thereby ensuring efficiency.
• Providing Root Cause Analysis for the issues raised.
• Maintaining CIRAT and Audit trackers.
• Tracking the change tickets and ensuring that there are no failed changes.
• Providing L2 technical support for IBM Canada / Argentina / US in UNIX, Linux, Windows - Servers, Lotus Notes (LN)* and Domino Administration.
• Shared ID Management / Mapping Groups / New Drives / User Id Modification / URT Label Format.
• SA&D’s checklist and procedure.
• Enabling / Disabling the s for TR Employees.
• Unlock ID / Password reset / Accounts Disable (Reasons: LOA, Termination, QEV/CBN)
• Work on SUDO Groups, Group Administration, Non-Loggable/Non-Expiring IDs, Renaming AIX Ids, Transferring IDs, Admin tool Requests, Creating/Deleting Local IDs on Profit Machines.
• Mass deletion on a Single System, modify UID/GID, changing User ID Attributes (Home Dir, Shell, etc),
• Creating a group on a host, generating Reports.
• Creating Multiwin userids on "IBMUS ID requests" db (Review Overdue), Resetting standalone servers userid passwords on Legacy and Access Services DBs, perform change requests.
• Creation / Resetting of user accounts/groups in Active Directory.
• Execute Batch requests.
• TSRM Problem tickets - Incident tickets.
• Report Generation of the invalid IDs for LN and Domino Administrator.
• Troubleshooting of the technical aspects of the ID in LN.
• Create and Modify ID, Archive database/NSD Storage db/Password db (as required) in LN.
• Update System Delete database (based on Separation Notifies).
• Modify IBMC NAB (as required).
• Create Suspension/Deny groups in Admin Group manager.
• Document and track Severity 1 and 2 issues and resolutions.
• Process all separated contractors and regular employee’s request - Transfer of IDs from contractor to regular and Shared ID transfer.
• Successively fulfill the request with in the SLA period.
• Process the task of Audit request for the account at monthly and quarterly review.
• Modification and tracking of mail files of the Users and Generic IDs at the Domino Servers.
• Samba Server configuration with Samba Clients.
• Monitoring User ID Security and permissions.
• Monitoring of Wintel Server like Daily heath checkup report physically or internally.
• Effective interaction with the client and resolving user access issues through email and telephone communication.
• Monthly Audits are performed with respect to Management and Compliance for the team.
• Expert in Process Documentation preparation and analysis.
• High Level Process and Procedures to be discussed with developers.
• Conducting work load audits to make sure no misses.
• Ensure timely communication on all issues both within Pool management and outside (Sending geo, account team & Customers).
• Requests to be dispatched every two hours.
• Control Reworks & Misroutes-% of Duplicate Work Orders
• Own the end to end management of all incoming work requests (incident, change, SR's)
• Reviews availability of resources when resource in the right team is available.
• Fulfilling Service Requests
• Using Lean Work Order Application
• Accessing Service Work Order Application
• Reviewing Work Order Details
• Updating Plan, Schedule and Completion Details
• Assigning and Managing Tasks
• Updating Parameters

Confidential

Process Executive

Responsibilities:

• Providing L2 technical support for ING applications like ING Databases, Unix, applications, Outlook, web tools supported by ING and Active Directory.
• Creation/resetting of user accounts/groups in Active Directory.
• Updating the SMTP email address in AD.
• Troubleshooting the Mailbox of client.
• Granting and Revoke file Share permissions.
• Tracing the log file and handling the client report on a daily basis / Tracking and Mapping the errors in Log file.
• Effective in interacting with the client and resolving user access issues through email and telephone communication.
• Experience in Active Directory, Windows 2003/2007, Sybase, IM and
• Various client specific application supports / Web applications through Share Point.
• Back up and restoring of the data.
• Effective in new Process Executives.
• Handling Knowledge Transition () over the Phone.
• Responsible for the adherence to TURN AROUND TIME for all the transactions.
• Responsible for the adherence to fulfill the request with in the SLA period.
• Escalation of production issues to L3 engineers.
• Monitoring production system services.
• Co-ordination /Interaction with Application/DBA/Testing team/Management.
• Realizing and identifying the BEST PRACTISE and sharing the same with the team.

Applications Knowledge:

• Active Directory
• Share Point
• Power Image
• Omni Stations
• Sponsor Connect
• Business Object
• Sybase
• Outlook