SUMMARY

• An IT professional wif 7+ years of experience in Information Security.
• Experience in implementing security in every phase of SDLC. Have hands - on experience in application security, vulnerability assessments and OWASP along wif different security testing tools.
• Strong experience in Enterprise Security Domain. In-depth noledge of LDAP and Identity & Access management products.
• Strong noledge of network planning and information security technologies, wif teh ability to apply them to teh strategic benefit of teh organization.
• Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
• Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.
• Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify.
• As a Security Consultant involved in enhancing teh security stature of teh project by initiatives like Threat Modeling, Security awareness sessions.
• Reporting teh identified issues in teh industry standard framework.
• Simulate how an attacker would exploit teh vulnerabilities identified during teh dynamic analysis phase.
• Experience in software Licensing audit.
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Excellent team player, enthusiastic initiator, and ability to learn teh fundamental concepts TEMPeffectively and efficiently.
• Good noledge in programming and scripting in asp, Java.
• Ability to work in large and small teams as well as independently.
• Strong organizational, time-management, interpersonal and communication skills.
• Good exposure to interact wif teh development, clients and teh end user community on requirements, troubleshooting, complaints and suggestions.

TECHNICAL SKILLS

• SQL Injection
• OWASP Top 10
• Penetration\Vulnerability Testing
• WAN’s and LAN’s
• Network Administration
• Team building / Leadership
• Web Application Security
• Disaster Recovery

PROFESSIONAL EXPERIENCE

Confidential, AUSTIN, TX

INFORMATION SECURITY ANALYST/ PENETRATION TESTER

Responsibilities:

• Performed security research, analysis and design for all client computing systems and teh network infrastructure.
• Security assessment of online applications to identify teh vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Vulnerability Assessment of various web applications used in teh organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
• Performed cross platform audits of Active Directory (AD) objects and user permissions.
• Coordinate wif dev team to ensure closure of reported vulnerabilities by explaining teh ease of exploitation and teh impact of teh issue.
• Security testing of APIs using SOAP UI.
• Experience in using Kali Linux to do web application assessment wif tools like Dirbuster, Nikto, and Nmap.
• Good noledge on IBM AppScan to enhance teh web application security.
• User ID reconciliation on quarterly basis.
• Update wif teh new hackings and latest vulnerabilities to ensure no such loopholes are present in teh existing system.
• Developed organizational units in Active Directory (AD) and managed user security wif group policies.
• Threat modeling of teh Project by involving before development and improving teh security at teh initial phase.
• STRIDE assessment of teh applications during teh design phase, identifying teh threats possible and providing security requirements.
• Training teh development team on teh most common vulnerabilities and common code review issues and explaining teh remediation’s.
• Good noledge in programming and scripting in .net, Java.
• Follow up and ensure teh closure of teh raised vulnerabilities by revalidating and ensuring 100% Closure.

Confidential, OKLAHOMA CITY, OK

NETWORK SECURITY ANALYST

Responsibilities:

• Identified cyber-threats by reading, interpreting and analyzing network traffic in real-time.
• Configured and monitored intrusion detection systems.
• Monitored global NIDS, Firewall and log correlation tools for potential threats.
• Initiated escalation procedure to counteract potential threats and vulnerabilities.
• Provided Incident remediation and prevention documentation.
• Maintained and managed Domain Name Service (DNS) for Active Directory (AD) enterprise.
• Documented and conformed to processes related to security monitoring.
• Provided performance metrics as necessary.
• Provided third level halp desk support for problems relating to Active Directory.
• Provided customer service that exceeds our customer’s expectations.
• Implemented and managed Splunk infrastructure.
• Processed Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS).
• Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Low-Level Packet Analysis.
• Tune Global NIDS, Firewalls, and Log Correlation Triggers.
• Incident Response Handling.

Confidential, CRYSTAL CITY, VA

INFORMATION SECURITY ANALYST

Responsibilities:

• Perform pen tests on different application a week.
• Automated Scan of 5 different projects on weekly basis using Acunetix to ensure teh changes does not reflect any new vulnerability.
• Static Code analysis using HP Fortify to identify teh vulnerabilities in teh applications.
• Manual penetration testing of teh applications and APIs to identify teh OWASP Top 10 vulnerabilities.
• Access control check to identify teh privilege escalation issues on various roles and ensuring teh closure by overall framework implementation.
• Burp suite to identify issues like SQL injection, XSS, CSRF etc.
• Penetration testing of various applications to identify issues in various categories likes Configuration Management, Session Management, Sensitive data handling.
• Provide teh report and explain teh issues to teh development team.
• Provide remediation steps to teh team and follow up.
• Retest teh fixed issues and ensure teh closure.
• Perform secure code review of teh code base.
• Train teh development team on explaining teh security vulnerabilities in teh form of security awareness sessions by explaining teh security requirements prior to development.

Confidential

INFORMATION SECURITY ANALYST

Responsibilities:

• Black box pen testing on internet and intranet facing applications.
• In teh team, main focus of work was to audit teh application prior moving to production.
• Explanation of teh security requirements to teh design team in initial stages of SDLC to minimize teh efforts to rework on issues identified during penetration tests.
• Perform threat modelling of teh applications to identify teh threats.
• Identify issues in teh web applications in various categories like Cryptography, Exception Management.
• Responsible for creating and maintaining teh new LDAP OU, Groups and attributes.
• Verify if teh application TEMPhas implemented teh basic security mechanisms like Job rotation, Privilege escalations and Lease Privilege.
• Responsible for Configuring LDAP and JDBC connection pools.
• Using various add on in Mozilla to assess teh application like Wappalyzer, Flag fox, Live HTTP Header, Tamper data.
• Risk assessment on teh application by identifying teh issues and prioritizing teh issues based on risk level.
• Providing remediation to teh developers based on teh issues identified.
• Revalidate teh issues to ensure teh closure of teh vulnerabilities.

Confidential

INFORMATION SECURITY EXECUTIVE

Responsibilities:

• Provided senior-level executives wif weekly project summaries, cost analysis and product evaluations.
• Authored a tool for teh analysis of files on Apache Web Server for teh presence of any malicious code, supporting both *Nix and Windows environment (Python).
• Provided enterprise wide technical direction to business units pertaining to system optimization, upgrades, vendor and equipment selection.
• Define and improve teh process of Security Testing.
• Created and revised new policies and procedures for employees, resulting in a more efficient and responsive team.
• Implemented SMS, enabling unattended software distribution, remote troubleshooting of support calls and accurate hardware and software inventories that streamlined day to day operations and increased proactive user support.
• Designed and utilized Citrix/Metaframe solutions to enable users from around teh globe to utilize corporate applications.
• Help developers to implement SSDLC (Secure Software Development Life Cycle) Process.