We provide IT Staff Augmentation Services!

Sr. Penetration Tester,resume Profile

Owings, MillS

SUMMARY OF QUALIFICATIONS IT Security and Networking Professional with excellent written and oral communication skills. Thorough understanding of Networking Information Assurance and Cybersecurity disciplines to include open-source information gathering threat and vulnerability assessments penetration testing and techniques and network defense. I have over twelve year of hands on experience in IT Security specializing in penetration testing. I am an accomplished security engineer malware analyst and incident responder. I recently attained certification as an Offensive Security Certified Professional OSCP .

AREAS OF EXPERTISE Network Analysis Physical Security Threat and Vulnerability Research Analysis Incident Handling and Response speaking two languages English and Russian. CERTIFICATIONS

EXPERIENCE

confidential

Sr. Penetration Tester

  • Lead Security Engineer of an Assessment Team doing full vulnerability assessments of the US Courts national systems
  • Conduct network/host penetration tests and web application penetration tests using
  • Assist the information security risk assessment program by identifying risks in the current security posture. Conduct risk assessment using NIST SP 800-53 v4 Operational Management and Technical controls
  • Perform network security analysis and risk management for designated systems
  • Develop test cases to test web application according to OWASP and mapped every test case to NIST controls
  • Assess and evaluated risk based on threats vulnerabilities and shortfalls uncovered in testing
  • Develop CVSS calculator to rate risks for vulnerabilities found in assessments
  • Examine assets to determine if vulnerabilities exist and if vulnerabilities are found proposes remediation strategies that can be applied to mitigate them
  • Assist in vulnerability remediation efforts across various projects by proposing remediation strategies and engaging key stakeholders utilizing Plan of Actions and Milestones PO AM risk management process
  • Key contributor for developing templates such as Security Assessment Plan Security Assessment Report Rules of Engagement Security Assessment Questionnaire Kick-Off and Exit Brief

confidential

  • Member of the Computer Security Information Response Center CSIRC participating in incident analysis response and threat assessment on a daily basis.
  • Deployed Fire Eye Symantec DLP Symantec Web Gateway and Splunk
  • Performed firewall reviews and tuning
  • Conducted Penetration Test of the United States Mint s non-Commerce web site and related infrastructure including web servers application and database servers. Weaknesses discovered resulted in a multi-phase remediation and upgrade effort to resolve flaws.
  • Conducted PCI required Penetration Test of the eCommerce System which resulted in minor findings requiring remediation and furthered the PCI compliance effort for the system.
  • Conducted PCI required Penetration Test of the outsourced call center and fulfillment operation serving the ecommerce line of business. Findings resulted in a multi-phase remediation effort.
  • Performed wireless scans using Kismet KisMac and the Aircrack-ng suite
  • Participated in the development of the tailored security baselines for servers and networking equipment
  • Built configured and deployed Snort IDS appliances to monitor Manufacturing department SCADA and industrial control assets.
  • Developed custom written malware to evade anti-virus systems as a demonstration for non-Commerce website stakeholders and United States Mint management. This resulted in the cancellation of a project to receive file submissions from the public on non-hardened infrastructure.
  • Performed evasions of Symantec and Sophos antivirus suites using various techniques to deliver payloads in PDF and executable files
  • Conducted social engineering test exercises coordinated with Treasury GSOC to determine level of infiltration possible using remote command and control frameworks.
  • Developed custom written Python scripts to generate weekly vulnerability dashboards used by technical and management staff.
  • PHP and Cold Fusion source code analysis to reveal vulnerabilities

confidential

Penetration Tester/Courseware writer

  • Performed open-source intelligence OSINT gathering for target customers in preparation for security assessments
  • Performed Network and Web Application Penetration tests within the parameters defined by rules of engagement coordinated with the client.
  • Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
  • Developed training materials for Strategic Security Online courses on the following subjects
  • Network Penetration Testing
  • Web Application Penetration Testing
  • Network/Host Forensics
  • Maintained the Strategic Security Online target lab network comprised of the following Operating Systems
  • o Red Hat/Ubuntu
  • o Windows 2000/XP/Vista/Windows 7
  • Vulnerable Web Applications on the following platforms
  • o ASP/MSSQL2000
  • o ASP.NET/MSSQL2005
  • o PHP/MySQL
  • C PHP and Cold Fusion source code analysis to reveal vulnerabilities

confidential

Project Dulles International Airport IAD

Network Administrator Assistant/Security Analyst

  • Developed and maintained installation and configuration procedures for a project at Dulles International Airport. Performed system monitoring to verify the integrity and availability of hardware server resources and systems security on a proactive basis
  • Assisted in creation of a Network Security website for both administrators and end users to access proper configuration templates safe internet surfing
  • Monitored network intrusion attempts using Snort IDS
  • Installed upgraded and diagnosed software issues
  • Performed network scanning using Nessus to identify weaknesses
  • Demonstrated exploits on vulnerable assets to prove weakness by using Metasploit and Nmap
  • Conducted remediation activities to close vulnerabilities

TECHNICAL EXPERIENCE General Technical Skills

Scripting Languages Shell scripting Python Java C

Operating Systems Windows 95/98/NT/2000/XP/Vista/7/2003/2008 Mac OS X Linux/Unix Red Hat Enterprise Linux Debian Ubuntu Fedora Backtrack 2/3/4/5

Software Applications Symantec/Norton/McAfee Antivirus/AntiSpyWare/Antispam products Microsoft Office 2003/2007 Microsoft Office Mac 2008 Apache Microsoft IIS Virtual Box VMware Fusion/Workstation/Server Tenable Security Center FireEye Symantec Web Gateway.

Security Skills/Tools

Network Enumeration Maltego Google Hacking DNS SMB LDAP SNMP

Port/Vulnerability Scanning Nmap/Nmap Scripting Engine NSE Hping 2/3 Netcat Nessus

Sniffing/Man-in-the-Middle Wireshark Ettercap Cain

Web Application Vulnerability Scanning Acunetix tool similar to WebInspect/AppScan NTOSPider

Exploitation

o Reversing Malware analysis and source code analysis to find vulnerabilities in software

o Exploit development Windows based exploits such as Stack/Buffer overflows and Linux/Unix based exploits such as Stack/Buffer overflows.

o Server/Client-Side Exploitation Metasploit Social Engineering Toolkit SET

Core Impact/Insight

o Password Cracking Hydra Rainbow Crack 0phcrack John the Ripper

o Web Application Manual SQL Injection Manual Cross Site Scritping SQLmap

Debuggers Ollydbg Immunity Debugger WinDBG GDB

Wireless Kismet Aircrack-NG Suite

Hire Now