PROFESSIONAL SUMMARY:

• A Mid - Level web and mobile application security professional and Oracle Applications/ Core DBA over 4+ years of experience in financial, insurance, hospitality industries, specialized in information technology assurance, web application security, secure coding, mobile application security, application security controls and validation, risk assessment, regulatory compliance and Secure Software Development Life Cycle (secure SDLC).
• Having experience in finding SQL Injection, Script Injection, XSS and major hacking techniques.
• Static Code Analysis during development phase and Penetration testing based on OWASP Top 10.
• Hands-on with DAST, SAST and manual ethical hacking.
• Expertise in working on Network Penetration Testing and Vulnerability Scanners.
• Monitored security logs from Firewalls and IDS (ISS, Dragon, and Snort). Installed and supported IDS.
• Capable of defining, deploying and monitoring risk management, compliance, and information security programs while functioning as a primary IT disaster recovery coordinator.
• Vulnerability Assessment includes analysis of bugs in various applications spread across N-tier on various domains by using both manual and Automation tools.
• Worked with global security teams performing IT infrastructure and application security assessments.
• Good knowledge and experience in Vulnerability Assessment and Penetration Testing on WEB based Applications, Infrastructure penetration testing.
• Sound knowledge on black box testing with all security aspects of identifying Gaps on web applications.
• Scanning of source code for a large financial Institution using Fortify.
• Having experience on exploiting Server/Client-Side Exploitation using Metasploit Social Engineering Toolkit.
• Worked on Web-based applications, networks, and other types of computer systems on a regular basis and also performed White Box, Black Box, and Grey Box testing on various methodologies in security.
• Worked with Wireless security tool Aircrack- NG Suite.
• Experience on vulnerability assessment and penetration testing using various tools like HP web inspect, IBM App Scan, Burp suite, Metasploit OWASP ZAP Proxy, NMap, Nessus, Kali Linux.
• Knowledge on basic C, JAVA and SQL Languages.
• Knowledge on basic bash, Python and Perl scripting.
• Experience with TCP/IP, Firewalls, LAN/WAN.
• Experience in Linux system administration.
• Hands on experience on Oracle Database Administration.
• Knowledge in Networking Protocols like TCP/IP, HTTP, FTP, SMTP.
• Ability to analyze and solve problems in a constantly changing work environment.
• A good team player, Inquisitive, good in basic concepts.
• Excellent communicator, capable of achieving exceptional results with internal and external, technical and non-technical stakeholders.

TECHNICAL SKILLS:

Languages: C, Java, XML, SQL, Python, Bash

Web Technologies: HTML, JavaScript

Databases: Oracle, MySQL

Operating Systems: UNIX, LINUX, Windows Server

Security Tools: HP Web Inspect, IBM AppScan Suite, Metasploit, Burp Suite, Kali Linux, Aircrack-NG Suite

Network Tools: NMap, Wire Shark, Nessus, Fortify

Web Server: Apache

EXPERIENCE SUMMARY:

Confidential, Dublin, OH

Application Security Consultant

Responsibilities:

• Implemented Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and QA environments.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS.
• Conducted security assessment to ensure compliance to firm’s security standards (i.e., OWASP Top 10).
• Performed remote debugging and exploits with Metasploit Reverse Shell.
• Responsible for researching and identifying security vulnerabilities on the networks and systems. Also responsible for patching security holes.
• Specifically, manual testing has been performed to identify Cross-Site Scripting and SQL Injection related attacks during the code review.
• Developed a intranet portal with LDAP authentication using Python/Django
• Investigated sqlmap fingerprinting mechanism and made custom changes which is completely coded in python.
• Research new developments in IT security in order to recommend, develop and implement new security policies, standards, procedures and operating doctrines across a major global enterprise.
• Making sure users can access their accounts via the API without leaving their data vulnerable.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing and logging.
• Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by IBM AppScan, Burp Suite, HP Web Inspect and eliminated false positives.
• Enforce internal projects conduct Fortify SCA scan and all external facing websites that built by vendors to have HP WebInspect dynamic security testing performed.
• Demonstrated exploits on vulnerable assets to prove weakness by using Metasploit and NMap.
• Automated repetitive tasks using shell scripting and minimizing the time to ease better results.
• Making Sure API principles are well defined when the code is ready for the deployment phase.
• Reviewed Architecture Design Documents (ADD) and Solution overview Documents (SODs) to identify security anomalies in the system architecture and design, and provided recommendations to address data security and privacy concerns.
• Reviewed security vulnerability reports for applications and databases, analyzed and worked extensively with the development teams for the implementation of mitigating controls.
• Created a shell script using sql queries to minimize the runtime of front end implementations of setting printers to the cloned instances by adding data to the copies of the base tables.
• Black box pen testing on internet and intranet facing applications.
• Providing fixes and filtering false findings for the vulnerabilities reported in the scan reports.
• Participated in the implementation of Safe Net product for encrypting customer credit card information using Public Key Infrastructure (PKI).
• Create detailed assessment reports with remediation, recommendations, and present findings to clients and re-testing the security issues.

Confidential, Columbus, OH

Application Security Engineer

Responsibilities:

• Conducted security assessment of PKI Enabled Applications.
• Selecting and optimizing tools for security such as source code analysis and dynamic testing.
• Involved in design phases on SDLC to choose which apps, developers and partners can access which APIs.
• Monitor, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
• Improved the workings of company systems by effectively analyzing security issues and creating and implementing security strategies.
• Developed python scripts to automate performing network monitoring scans during non-working hours.
• Penetration testing based on OWASP 10.
• Performing security tests as well as contributing to other cross discipline security projects on as needed basis.
• Creating shell scripts to minimize the front end run time to perform analyzing process.
• Perform proactive research to identify and understand new threats, vulnerabilities, and exploits.
• Performed risk assessments to ensure corporate compliance.
• Work closely with research and development teams for vulnerability remediation.

Confidential

Application Security Engineer

Responsibilities:

• Conducted application penetration testing on various business applications.
• Acquainted with various approaches to Grey and Black box security testing.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Generated and presented reports on Security Vulnerabilities to both internal and external customers.
• Good understanding of application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
• Documented security findings, recommendations and presented to the business users, executive committee and Compliance departments.
• Maintained activities log for each penetration test administered and its outcomes
• Designed a series of penetration tests as a basis for more advanced testing, resulting in ease of strategic tests development.
• Performed penetration testing for external facing web applications. Security areas covering DMZ architecture, threat modeling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed.
• Performed database management system audits across all business lines and entities in North America hub.
• Database servers such as Oracle, SQL Server and Sybase were reviewed for compliance to global and local security baselines.

Confidential

Oracle Applications DBA

Responsibilities:

• Support and maintain Oracle Applications 11i instances including production.
• Configured, and maintained production, development, and testing instances.
• Applying database and applications patches (Maintenance, mini-packs, bugs, technology and security patches) and cloning the databases.
• Administrating the Oracle Applications instances, User administration and patch management
• Create Database Objects for custom applications.
• Create and maintain custom responsibilities as per the client request.
• Backing up System & User databases by using different Backup strategies, scheduling the Backups. Restoring them whenever necessary.
• Configuring load balancing on client and server side and Monitoring RAC database on load tests and performance monitoring and generating reports for analyze and giving suggests to application teams and creating required Indexes for better performance.
• Checking Alert Logs, Archive Logs, Trace files and to work proactively on alerts for the file system and CPU issues.
• Managing Responsibilities and adding custom responsibilities to users.
• Daily routine Developer/DBA tasks like handling user’s permissions and space issues on Production and handling maintenance Jobs including backups and restores.
• Worked with Oracle Support to solve open Service Requests.
• Creating database links, Materialized views as per the requirement.
• Performing daily and weekly health checks of various Databases. Installing and implementing new oracle apps modules and Products.
• Installation, Creation and Configuration of database.
• Upgrading and Migrating Oracle E-Business suites.
• Configure custom scripts for application and database backups and built DR rsync process for logs/out files.
• Configuring Workflow Notification Mailer.
• Creating temporary tablespace groups and assigning to users.
• User management, roles and Profile creation.
• Checking free space in data files.
• Tablespace management, Adding and resizing data files in tablespaces.
• Applying database patches using OPATCH utility.