SUMMARY

• Five years of hands on experience in web application, security testing, software security, vulnerability assessment, penetration testing and generating their reports. Resolved possible causes of security threats early on by looking at things from a security perspective and recommending enhancements to management.
• Knowledge of and practiced experience with penetration testing and ethical hacking product.
• Knowledge of common vulnerabilities and related attack vectors, including OWASP Top 10 and non - technical audiences on security threats, vulnerabilities, and risks-Ability to obtain a security clearance
• Researched and analyzed non hacker methodology, system exploits and vulnerabilities.
• Demonstrated experience with industry-standard security testing tools such as IBM AppScan, Acunetix, Web Inspect, Burp Suite.
• Conducted Dynamic Security Scans, Manual validations/Pen Testing, and other Security QA activities and participated in Pen Testing and Ethical hacking activities using tools like OWASP ZAP and Web Inspect
• Understanding of teh security mechanisms associated with Windows or Unix operating systems, switched networks, web-based applications and databases.
• Experience with network tools such as Nessus, Nexpose, Nmap, etc.
• Perform web application dynamic scans and pen tests
• Performed manual testing to identify Cross-Site Scripting and SQL Injections.
• Good understanding of networking fundamentals (All OSI & TCP/IP layers, protocols, etc.)
• Experience with multiple SDLC’s such as Agile, Dev Ops, and Waterfall.
• Created written reports, detailing assessment findings and recommendations. Provide both strategic analysis and near real-time auditing, analyzing, investigating, reporting, remediation, coordinating, and tracking of security-related activities for customer.
• Highly motivated with teh willingness to take ownership / responsibility for their work and teh ability to work alone or as part of a team
• Work Status: Lawful Permanent Resident.

TECHNICAL SKILLS

Application Security tools: Burp Suite, Nessus, Acunetix, IBM AppScan, HP Web-Inspect, SQL Map, Nmap, Maltego, OWASP ZAP, Wireshark, Kali Linux, Acunetix, Qualys SSL, SSLYZE

Operating System: Linux, Unix, Windows, Mac

Programming Language: Python, JavaScript, Oracle SQL

Applications: MS Word, Excel, PowerPoint, Service Now, Word Press

PROFESSIONAL EXPERIENCE

Security Engineer

RESPONSIBILITY:

• Perform in code reviews, wired and wireless environment assessments, and social engineering
• Recommended remediation actions for teh security vulnerabilities.
• Familiarity with tools like Nmap, Kali Linux, BurpSuite, Owasp zap, Qualys, Acunetix, Wireshark etc.
• Ability to assess new testing tools.
• Performed web application vulnerability scans (e.g., AppScan, Web inspect, Accunetix, Burpsuite Pro, etc)
• Strong noledge of teh OWASP, WASC security Standards and detailed noledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Direct Object reference, Click jacking, buffer overflows, etc.
• Analyses network and LAN problems and recommends solutions
• Determined hardware and software requirements; acquired equipment; established user accounts; helped users setup e-mail and Internet accounts; maintained Ethernet connectivity.
• Installed a Variety of software applications as well as troubleshooting and resolving conflicts with hardware and software; ensured uninterrupted LAN service support.
• Created detailed written reports on teh assessment findings and recommendations.

Confidential

Web Application Security Penetration Tester

Responsibilities:

• Conducted Dynamic Security Scans, Manual validations/Pen Testing, and other Security QA activities and participated in Pen Testing and Ethical hacking activities using tools like OWASP ZAP and Web Inspect.
• Worked with DevOps teams to automate security scanning into teh build process.
• Reviewed security vulnerability reports for applications and databases, analyzed and worked extensively with teh development teams for teh implementation of mitigating controls.
• Conducting Vulnerability Assessments and Penetration Testing on Web Application, Mobile Application/devices, and Infrastructure. detect and report teh security issues in various environments.
• Analyze teh output of teh various tools and document technical and logical security findings identified and report them in a timely manner.
• Performing application security testing using manual techniques and automated tools along with runtime vulnerability testing tools.
• All applications must be scanned at least once quarterly so created a scan schedule for complete year, per schedule contact teh App Owner and provide teh scan date and application name and request all required information for scan (Required information for Web appscan).
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.

Application Security Analyst

RESPONSIBILITIES:

• Identify critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10.
• Have worked with a team of individuals dedicated for conducting research, attack detection and build mitigation techniques for threats posed in network and application layers.
• Conducted application penetration testing over various business applications.
• Acquainted with various approaches to Grey & Black box security testing.
• Providing fixes & filtering false findings for teh vulnerabilities reported in teh scan reports.
• Having real time experience in DOS, DDOS, SQL Injection protection, XSS protection, script injection and major hacking protection techniques.
• Supported to address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
• Assist developers in remediating issues with Security Assessments with respect to OWASP standards.
• Skilled using Burp Suite, Nessus Automatic Scanner, IBM App Scan, N-map for web application penetration tests.
• Conducted application penetration testing of 50+ business applications.
• Performing fine tuning for all reports, documents for teh assigned projects