Software Design Engineer Resume Profile
4.00/5 (Submit Your Rating)
SUMMARY:
- He has over 9 years of experience in a variety of roles including Sr. Information and Network Security Engineer, Security Engineer, and Software Design Engineer. As a Security Consultant, he has overseen and performed penetration test, secure code review and architectural risk analysis of systems built from a few thousand lines of code t systems containing tens of millions of lines of code Java, .Net, C/C and Obj - C .
- Able t apply both technical and business knowledge t all aspects of a project during all phases of the project lifecycle, thereby keeping each phase in line with the big picture business and technical goals Identifies and articulates risks t senior management and individual contributors, and develops mitigation strategies t manage risks.
- Omair Manzoor has published responsible disclosures against well-known vendors such as Microsoft. His exploits are now part of penetration frameworks such as Immunity Sec's Canvas and Metasploit Framework. His work als includes a technical review for a book called Computer Security 2nd edition by Prof. Dr. William Stallings.
Confidential
EXPERIENCES:
Confidential
- Act as technical lead for multiple ongoing assessments from major financial institution t health care organizations.
- Responsible t perform complete Vulnerability Assessment for clients using Threat Modeling, Architecture Risk Analysis, Penetration Testing and Code Review.
- Responsible for Architecture Risk Analysis ARA of various applications, infrastructure and solutions including real-time trading system, cloud based services, virtual appliances, online games and mobile payment solutions.
- Perform Threat Modeling for clients' application s and infrastructure as a part of vulnerability assessment.
- Execute and lead Penetration Test on different platforms and software that includes web-application, thick clients Windows, Linux and Mac OS X, mobile applications iOS, Android and Windows Phone and web-services.
- Responsible for Manual and Automatic Code Review for Fortune 500 customers.
- Architects secure applications and infrastructure for several clients.
- Responsible for analysis and design review of clients' solution from security perspective.
- Helps clients build secure software development programs and provide guidance t software development teams on software weaknesses and remediation.
- Work as a trusted technical advisor for several clients t mitigate their technical and business risks, evaluate security posture of their application, infrastructure and security controls in place.
- Act as subject matter expert within the organization for security of web-applications, thick client applications Windows, Linux and Mac OS X and mobile applications iOS, Android and Windows Phone .
- Client coordination t ensure smooth and efficient projects' execution.
- Research coordination within the organization t develop internal tools and intellectual property that aids in security assessment during engagements.
- Co-authored Foundation of Mobile Security, iOS security, Defensive programming C/C and Defensive Programming Android classes taught by Cigital.
Senior Engineer.
Confidential
- Responsible for security and overall testing of content aware infrastructure DPI in 2.5G 3G and 4G networks.
- Security assurance of application aware networking in UMTS/, HSPA, LTE and WiMax and other mobile Internet technology.
- Responsible for extensive security and other testing on Packet Core Technology and Deep Packet Inspection WiCHROUS specific .
- Conduct strong Layer 4 t Layer 7 in terms of OSI model testing on ASN, GGSN and on Smart Internet breakout products of company.
- Assist organization t develop deep packet inspection for content based charging and Defense in Depth technology integrated with mobile Internet gateways and similar technologies.
- Design, development, execution, and automation of complex test scenarios for the network security and application identification 300 applications on Layer 7 in organization's product line.
- Setup infrastructure and perform vulnerability assessment on Mobile Internet Gateways and similar products from infrastructure point of view.
- Perform penetration testing on DPI module t testify against security threats and coordinate with development team for solutions.
- Train new employees and help them in understanding of AAA, RADIUS/DIAMETER, GGSN, SGSN, PDN Gateways and other Internet Service Gateways.
- Responsible for developing test plans for black box, white box and unit testing framework for Network Processing Units NPUs .
- Test complete product line particularly focusing on network security capabilities and mechanisms access control on wire-line and wireless networks, IPSec, firewalls, deep packet inspection, and transport security.
- Identify potential product issues and defects and champion their successful resolution.
- Deployment of test topology and execute use case scenarios for product benchmarking, performance and stress testing.
- Manage offshore test team and lead them t deliver accurate test results for final deployment of product.
- Design development of test automation frameworks from scratch and code sophisticate natured tools according t custom specifications or team needs.
- Present Tech-Talk technical presentations t developers helping them in mitigation of new attacks vectors and best defensive approaches against vulnerabilities.
Sr. Information Network Security Engineer.
Confidential
- Perform security risk assessment for new projects, including provision of expert advice on system, network architectures, appropriate security controls, and overall risk rating.
- Conduct code-reviews and assurance of industry's best security methodologies in implementation for in-house development.
- Development of long term strategies for IT security.
- T act as the company's technical security expert with a particular focus on Microsoft Linux/Unix, Oracle and Cisc technologies.
- Act as technical incident response expert, including when required the application of computer forensic analysis techniques.
- Technical evaluation and selection of IT security management tools t enable the implementation of IT Security Policies, Procedures and Standards.
- Advising Board and Management on Information Security Issues.
- Conduct Vulnerability Assessment, Penetration Testing t ensue confidentiality, integrity and availability of networks and applications including web-applications .
- T ensure the establishment of security guidelines, procedures and compliance with security policies.
- Generate and present reports on security vulnerabilities t both Management and Development teams.
- Perform other duties as assigned.
Software Design Engineer.
Confidential
- Responsible for researching, designing, writing new software programs and investigating new technologies focusing on security aspects of software.
- Develop software and coordinate with other team members.
- Working with different computer coding languages.
- Design Application Programming Interfaces for Hardware Integration.
- Working closely with other staff, such as project managers, graphic artists, systems analysts, and sales and marketing professionals.
- Information security evaluation for new projects.
- Training Project Management Team for deployment of project and troubleshooting.
- Constantly updating technical knowledge and skills by attending in-house and/or external courses, reading manuals and accessing new applications.
- Problem-solving and thinking laterally as part of a team, or individually, t meet the needs of the project.
Security Support Engineer.
Confidential
- Train users and promote security awareness t ensure system security and t improve server and network efficiency.
- Develop plans t safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and t meet emergency data processing needs.
- Maintaining Confidentiality, Integrity and Availability of Data.
- Perform risk assessments and execute tests of data processing system t ensure functioning of data processing activities and security measures.
- Perform Penetration Testing and Vulnerability Assessment of complete network including application level testing as well as network level.
- Document computer security and emergency measures policies, procedures, and tests.
- Review violations of computer security procedures and discuss procedures with violators t ensure violations are not repeated.
- Implementing the unified security module Firewall, IPS, IDS, Antivirus, surveillance security application modules .
AREAS OF EXPERTISE:
- Information, Network and Software Security.
- Vulnerability Assessment and Penetration Testing Application and Infrastructure .
- Information Risk Management.
- Architecture Risk Analysis and Threat Modeling.
- Reverse Engineering on Windows, Linux, Mac OS X, iOS and Android.
- Mobile and Computer Security.
- Threat Monitoring and Mitigation.
- Exploit development.
- Secure Architecture.
- Computer Operating System GNU/Linux Unix .
KEY SKILLS AND COMPETENCIES:
INFORMATION SECURITY MANAGEMENT:
- Security business role
- Security in software development
- Information Risk management
- Risk Analysis
- Policies, Standards, Strategies, Principles and Procedures
- Information classification
- Access Control Systems such as DAC, MACs etc.
- Cryptographic Key Management
- Patch Management
- Identity Management
- Business Process Re-engineering
- BS 17799 Part I, II and II or IS 27001-2
INFORMATION SECURITY TECHNICAL:
- Incident Handling/Response
- Designing Implementation of Secure System and Network Architecture
- Vulnerability Assessment for Mobile, Web- /Applications, Operating Systems and Networks Risk Analysis
- Information Gathering
- Configuration Management Testing
- Authentication Testing
- Authorization testing
- Session Management Testing
- Data Validation Testing
- Penetration Testing for Mobile, Web-/Application, Operating System and Networks.
- Foot printing
- Scanning Enumeration
- Exploitation Attacking
- Escalation
- Reporting
- Security solutions.
- Personal Access Control System
- Vehicle Access Control System
- Open Source Technology Integration and Implementation of Secure Enterprise level Services architecture
- Symmetric, Asymmetric and PKI Cryptography.
- AES, DES, 3DES, Blowfish TwoFish
- Diffe-Hellman, ECC RSA
- DSS and PGP
- Custom Security tools development
- Intrusion Detection/Prevention Auditing Scripting
- Exploit Development.
- Reverse Engineering
- Rootkit Honeynets
- Wireless Network Security Testing
OPERATING SYSTEMS:
RedHat, Fedora, Mandrake, Susie, Ubuntu, Slackware, Solaris, Windows and Linux based RTOS systems.
REVERSE ENGINEERING:
- Expertise in reverse engineering of Windows, Linux Unix, and Mobile applications using several debuggers like
- GDB, WindDBG, ollydbg and IDA pro.
- Exploit coding using different techniques such as Buffer Overflows, Format String Bugs and Heap corruption.
- Expertise in Windows and GNU/Linux shell coding.
- COMPUTER NETWORK SECURITY:
- Expert level abilities of Penetration testing, Vulnerability scanning and auditing.
- Has used Snort, Dsniff, Ettercap, Air snort, IPchains, TCPdump, Ethereal.
- Capable of designing simple t complex Firewall using IPTables.
- Expertise in ARP, DNS poising and WIRELESS Security.
- Capable of implementing the unified security module Firewall, IPS, IDS, Antivirus, surveillance security application modules .
- In-depth knowledge on networks from Layer 2 t Layer 7 OSI-model .
- Knowledge in IPv4 Forwarding, VLANs, routing, IPv6, IPSec etc.
- Expertise in deep packet inspection and strong hands-on experience in TCP/IP networking.
- Hands on experience in traffic simulators like Spirent STC L4L7, AX4000 or IXIA.
- Can perform Cyber Forensic Services using FTK.
- Proficient with OWASP tools for web-app penetration testing and other tools such as Burp Suite, Web-Inspect, AppScan, Acunetix, Metasploit framework and Backtrack.
PROGRAMMING TOOLS:
- Intermediate t Advanced C/C programming experience.
- Intermediate t Advanced experience of using GDB, make-file, CVS, g, gcc, OPNET.
- Intermediate experience of using SQL, MATLAB, Assembly, Pascal and Visual Basic.
- Basic Kernel level device driver programming in GNU/Linux.
- Expert level knowledge of PHP, Perl, Bash scripting, Expect and TCL scripts.
- Proficient with PostgreSQL, PL/SQL, T/SQL, Visual C 2005 dot net, ASP.net and JAVA programming.