Information Security Analyst/ Penetration Tester Resume
2.00/5 (Submit Your Rating)
SUMMARY
- An IT professional wif 7+ years of experience in Information Security.
- Experience in implementing security in every phase of SDLC. Have hands - on experience in application security, vulnerability assessments and OWASP along wif different security testing tools.
- Strong experience in Enterprise Security Domain. In-depth noledge of LDAP and Identity & Access management products.
- Strong noledge of network planning and information security technologies, wif teh ability to apply them to teh strategic benefit of teh organization.
- Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
- Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.
- Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify.
- As a Security Consultant involved in enhancing teh security stature of teh project by initiatives like Threat Modeling, Security awareness sessions.
- Reporting teh identified issues in teh industry standard framework.
- Simulate how an attacker would exploit teh vulnerabilities identified during teh dynamic analysis phase.
- Experience in software Licensing audit.
- Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
- Excellent team player, enthusiastic initiator, and ability to learn teh fundamental concepts TEMPeffectively and efficiently.
- Good noledge in programming and scripting in asp, Java.
- Ability to work in large and small teams as well as independently.
- Strong organizational, time-management, interpersonal and communication skills.
- Good exposure to interact wif teh development, clients and teh end user community on requirements, troubleshooting, complaints and suggestions.
TECHNICAL SKILLS
- SQL Injection
- OWASP Top 10
- Penetration\Vulnerability Testing
- WAN’s and LAN’s
- Network Administration
- Team building / Leadership
- Web Application Security
- Disaster Recovery
PROFESSIONAL EXPERIENCE
Confidential, AUSTIN, TX
INFORMATION SECURITY ANALYST/ PENETRATION TESTER
Responsibilities:
- Performed security research, analysis and design for all client computing systems and teh network infrastructure.
- Security assessment of online applications to identify teh vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
- Vulnerability Assessment of various web applications used in teh organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
- Performed cross platform audits of Active Directory (AD) objects and user permissions.
- Coordinate wif dev team to ensure closure of reported vulnerabilities by explaining teh ease of exploitation and teh impact of teh issue.
- Security testing of APIs using SOAP UI.
- Experience in using Kali Linux to do web application assessment wif tools like Dirbuster, Nikto, and Nmap.
- Good noledge on IBM AppScan to enhance teh web application security.
- User ID reconciliation on quarterly basis.
- Update wif teh new hackings and latest vulnerabilities to ensure no such loopholes are present in teh existing system.
- Developed organizational units in Active Directory (AD) and managed user security wif group policies.
- Threat modeling of teh Project by involving before development and improving teh security at teh initial phase.
- STRIDE assessment of teh applications during teh design phase, identifying teh threats possible and providing security requirements.
- Training teh development team on teh most common vulnerabilities and common code review issues and explaining teh remediation’s.
- Good noledge in programming and scripting in .net, Java.
- Follow up and ensure teh closure of teh raised vulnerabilities by revalidating and ensuring 100% Closure.
Confidential, OKLAHOMA CITY, OK
NETWORK SECURITY ANALYST
Responsibilities:
- Identified cyber-threats by reading, interpreting and analyzing network traffic in real-time.
- Configured and monitored intrusion detection systems.
- Monitored global NIDS, Firewall and log correlation tools for potential threats.
- Initiated escalation procedure to counteract potential threats and vulnerabilities.
- Provided Incident remediation and prevention documentation.
- Maintained and managed Domain Name Service (DNS) for Active Directory (AD) enterprise.
- Documented and conformed to processes related to security monitoring.
- Provided performance metrics as necessary.
- Provided third level halp desk support for problems relating to Active Directory.
- Provided customer service that exceeds our customer’s expectations.
- Implemented and managed Splunk infrastructure.
- Processed Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS).
- Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
- Low-Level Packet Analysis.
- Tune Global NIDS, Firewalls, and Log Correlation Triggers.
- Incident Response Handling.
Confidential, CRYSTAL CITY, VA
INFORMATION SECURITY ANALYST
Responsibilities:
- Perform pen tests on different application a week.
- Automated Scan of 5 different projects on weekly basis using Acunetix to ensure teh changes does not reflect any new vulnerability.
- Static Code analysis using HP Fortify to identify teh vulnerabilities in teh applications.
- Manual penetration testing of teh applications and APIs to identify teh OWASP Top 10 vulnerabilities.
- Access control check to identify teh privilege escalation issues on various roles and ensuring teh closure by overall framework implementation.
- Burp suite to identify issues like SQL injection, XSS, CSRF etc.
- Penetration testing of various applications to identify issues in various categories likes Configuration Management, Session Management, Sensitive data handling.
- Provide teh report and explain teh issues to teh development team.
- Provide remediation steps to teh team and follow up.
- Retest teh fixed issues and ensure teh closure.
- Perform secure code review of teh code base.
- Train teh development team on explaining teh security vulnerabilities in teh form of security awareness sessions by explaining teh security requirements prior to development.
Confidential
INFORMATION SECURITY ANALYST
Responsibilities:
- Black box pen testing on internet and intranet facing applications.
- In teh team, main focus of work was to audit teh application prior moving to production.
- Explanation of teh security requirements to teh design team in initial stages of SDLC to minimize teh efforts to rework on issues identified during penetration tests.
- Perform threat modelling of teh applications to identify teh threats.
- Identify issues in teh web applications in various categories like Cryptography, Exception Management.
- Responsible for creating and maintaining teh new LDAP OU, Groups and attributes.
- Verify if teh application TEMPhas implemented teh basic security mechanisms like Job rotation, Privilege escalations and Lease Privilege.
- Responsible for Configuring LDAP and JDBC connection pools.
- Using various add on in Mozilla to assess teh application like Wappalyzer, Flag fox, Live HTTP Header, Tamper data.
- Risk assessment on teh application by identifying teh issues and prioritizing teh issues based on risk level.
- Providing remediation to teh developers based on teh issues identified.
- Revalidate teh issues to ensure teh closure of teh vulnerabilities.
Confidential
INFORMATION SECURITY EXECUTIVE
Responsibilities:
- Provided senior-level executives wif weekly project summaries, cost analysis and product evaluations.
- Authored a tool for teh analysis of files on Apache Web Server for teh presence of any malicious code, supporting both *Nix and Windows environment (Python).
- Provided enterprise wide technical direction to business units pertaining to system optimization, upgrades, vendor and equipment selection.
- Define and improve teh process of Security Testing.
- Created and revised new policies and procedures for employees, resulting in a more efficient and responsive team.
- Implemented SMS, enabling unattended software distribution, remote troubleshooting of support calls and accurate hardware and software inventories that streamlined day to day operations and increased proactive user support.
- Designed and utilized Citrix/Metaframe solutions to enable users from around teh globe to utilize corporate applications.
- Help developers to implement SSDLC (Secure Software Development Life Cycle) Process.