We provide IT Staff Augmentation Services!

Information Security Analyst/ Penetration Tester Resume

2.00/5 (Submit Your Rating)

SUMMARY

  • An IT professional wif 7+ years of experience in Information Security.
  • Experience in implementing security in every phase of SDLC. Have hands - on experience in application security, vulnerability assessments and OWASP along wif different security testing tools.
  • Strong experience in Enterprise Security Domain. In-depth noledge of LDAP and Identity & Access management products.
  • Strong noledge of network planning and information security technologies, wif teh ability to apply them to teh strategic benefit of teh organization.
  • Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
  • Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.
  • Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify.
  • As a Security Consultant involved in enhancing teh security stature of teh project by initiatives like Threat Modeling, Security awareness sessions.
  • Reporting teh identified issues in teh industry standard framework.
  • Simulate how an attacker would exploit teh vulnerabilities identified during teh dynamic analysis phase.
  • Experience in software Licensing audit.
  • Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
  • Excellent team player, enthusiastic initiator, and ability to learn teh fundamental concepts TEMPeffectively and efficiently.
  • Good noledge in programming and scripting in asp, Java.
  • Ability to work in large and small teams as well as independently.
  • Strong organizational, time-management, interpersonal and communication skills.
  • Good exposure to interact wif teh development, clients and teh end user community on requirements, troubleshooting, complaints and suggestions.

TECHNICAL SKILLS

  • SQL Injection
  • OWASP Top 10
  • Penetration\Vulnerability Testing
  • WAN’s and LAN’s
  • Network Administration
  • Team building / Leadership
  • Web Application Security
  • Disaster Recovery

PROFESSIONAL EXPERIENCE

Confidential, AUSTIN, TX

INFORMATION SECURITY ANALYST/ PENETRATION TESTER

Responsibilities:

  • Performed security research, analysis and design for all client computing systems and teh network infrastructure.
  • Security assessment of online applications to identify teh vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
  • Vulnerability Assessment of various web applications used in teh organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
  • Performed cross platform audits of Active Directory (AD) objects and user permissions.
  • Coordinate wif dev team to ensure closure of reported vulnerabilities by explaining teh ease of exploitation and teh impact of teh issue.
  • Security testing of APIs using SOAP UI.
  • Experience in using Kali Linux to do web application assessment wif tools like Dirbuster, Nikto, and Nmap.
  • Good noledge on IBM AppScan to enhance teh web application security.
  • User ID reconciliation on quarterly basis.
  • Update wif teh new hackings and latest vulnerabilities to ensure no such loopholes are present in teh existing system.
  • Developed organizational units in Active Directory (AD) and managed user security wif group policies.
  • Threat modeling of teh Project by involving before development and improving teh security at teh initial phase.
  • STRIDE assessment of teh applications during teh design phase, identifying teh threats possible and providing security requirements.
  • Training teh development team on teh most common vulnerabilities and common code review issues and explaining teh remediation’s.
  • Good noledge in programming and scripting in .net, Java.
  • Follow up and ensure teh closure of teh raised vulnerabilities by revalidating and ensuring 100% Closure.

Confidential, OKLAHOMA CITY, OK

NETWORK SECURITY ANALYST

Responsibilities:

  • Identified cyber-threats by reading, interpreting and analyzing network traffic in real-time.
  • Configured and monitored intrusion detection systems.
  • Monitored global NIDS, Firewall and log correlation tools for potential threats.
  • Initiated escalation procedure to counteract potential threats and vulnerabilities.
  • Provided Incident remediation and prevention documentation.
  • Maintained and managed Domain Name Service (DNS) for Active Directory (AD) enterprise.
  • Documented and conformed to processes related to security monitoring.
  • Provided performance metrics as necessary.
  • Provided third level halp desk support for problems relating to Active Directory.
  • Provided customer service that exceeds our customer’s expectations.
  • Implemented and managed Splunk infrastructure.
  • Processed Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS).
  • Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
  • Low-Level Packet Analysis.
  • Tune Global NIDS, Firewalls, and Log Correlation Triggers.
  • Incident Response Handling.

Confidential, CRYSTAL CITY, VA

INFORMATION SECURITY ANALYST

Responsibilities:

  • Perform pen tests on different application a week.
  • Automated Scan of 5 different projects on weekly basis using Acunetix to ensure teh changes does not reflect any new vulnerability.
  • Static Code analysis using HP Fortify to identify teh vulnerabilities in teh applications.
  • Manual penetration testing of teh applications and APIs to identify teh OWASP Top 10 vulnerabilities.
  • Access control check to identify teh privilege escalation issues on various roles and ensuring teh closure by overall framework implementation.
  • Burp suite to identify issues like SQL injection, XSS, CSRF etc.
  • Penetration testing of various applications to identify issues in various categories likes Configuration Management, Session Management, Sensitive data handling.
  • Provide teh report and explain teh issues to teh development team.
  • Provide remediation steps to teh team and follow up.
  • Retest teh fixed issues and ensure teh closure.
  • Perform secure code review of teh code base.
  • Train teh development team on explaining teh security vulnerabilities in teh form of security awareness sessions by explaining teh security requirements prior to development.

Confidential

INFORMATION SECURITY ANALYST

Responsibilities:

  • Black box pen testing on internet and intranet facing applications.
  • In teh team, main focus of work was to audit teh application prior moving to production.
  • Explanation of teh security requirements to teh design team in initial stages of SDLC to minimize teh efforts to rework on issues identified during penetration tests.
  • Perform threat modelling of teh applications to identify teh threats.
  • Identify issues in teh web applications in various categories like Cryptography, Exception Management.
  • Responsible for creating and maintaining teh new LDAP OU, Groups and attributes.
  • Verify if teh application TEMPhas implemented teh basic security mechanisms like Job rotation, Privilege escalations and Lease Privilege.
  • Responsible for Configuring LDAP and JDBC connection pools.
  • Using various add on in Mozilla to assess teh application like Wappalyzer, Flag fox, Live HTTP Header, Tamper data.
  • Risk assessment on teh application by identifying teh issues and prioritizing teh issues based on risk level.
  • Providing remediation to teh developers based on teh issues identified.
  • Revalidate teh issues to ensure teh closure of teh vulnerabilities.

Confidential

INFORMATION SECURITY EXECUTIVE

Responsibilities:

  • Provided senior-level executives wif weekly project summaries, cost analysis and product evaluations.
  • Authored a tool for teh analysis of files on Apache Web Server for teh presence of any malicious code, supporting both *Nix and Windows environment (Python).
  • Provided enterprise wide technical direction to business units pertaining to system optimization, upgrades, vendor and equipment selection.
  • Define and improve teh process of Security Testing.
  • Created and revised new policies and procedures for employees, resulting in a more efficient and responsive team.
  • Implemented SMS, enabling unattended software distribution, remote troubleshooting of support calls and accurate hardware and software inventories that streamlined day to day operations and increased proactive user support.
  • Designed and utilized Citrix/Metaframe solutions to enable users from around teh globe to utilize corporate applications.
  • Help developers to implement SSDLC (Secure Software Development Life Cycle) Process.

We'd love your feedback!