SUMMARY

• Accomplished IT security professional combining extensive experience in managing risk assessment, application security testing, infrastructure and network assessments, high level auditing, threat assessments, and remediation recommendation in mission critical projects in global environments. Successfully led Web application security and Penetration testing team for global organizations.
• 15 plus years of experience in the IT industry as: App. Sec. Test Manger, Ethical Hacker/Pen Tester, Digital Forensic/e - Discovery Investigator, Security Analyst, Software QA Manager, QA Lead and Hands on Test/QA Engineer
• Certified Ethical Hacker, Certified Security Analyst, Certified Forensic Investigator, Certified Software Test Manager
• Strong background with OWASP top 10, SANS 25, PCI, FISMA, COBIT 5, ISO 27001 and other industry standards and compliances
• Manage comprehensive application security, risk and vulnerability assessment engagements and possess strong security compliance and audit knowledge
• Strong background with application and QA release management and maintenance.
• Strong knowledge in Capability Maturity Model CMMI, Testing Maturity Model, Automated Software Testing Maturity Model, and Automated Testing Life-Cycle Methodology.
• Exceptionally well organized and process orientation
• Possess strong communication skills and a willingness to work hard to achieve employer’s confidence and objective. Leverages exceptional communication abilities, while working with diverse, cross-functional teams to achieve common goals
• Strong Security Testing background in the following areas: Web application security, Mobile security, Network security, Wireless security, API security
• Exposure to Red Team and Blue Team exercises
• Strong compliance and audit background

TECHNICAL SKILLS

Scanning & Recon Tools: Nmap, Nessus, Hping, Look-at-Lan, Nslookup & Dig, Ping& Traceroute, Superscan, Fing, Webinspect, AppScan

Network Security Tools: Smoothwall, Linux Firewalls, Wireshark

Wireless Security Tools: Net Stumbler, InSSider, Wireless Capture Tools, Aircrack

Web Tools: Nikto/Wikto, NetCraft, Whois, Paros Proxy, Webgoat

API Testing: SecurePro

Encryption Tools: TrueCrypt

Penetration Testing Tools: Metasploit, Netcat, John the Ripper, Cain and Abel,AppScan, Weblnspect, Fortify, Acunetix, Burpsuite, Maltego Zap Proxy, Tamper Data

Forensic Tools: EnCase, FTK, Adepto, Ghost, Autopsy

Defect Tracking tools: Remedy, Bugzilla, Test director, Quality Center, Test TrackClear Quest, Test Manager, ALM, Jira

Operating Systems: MS-DOS, UNIX, Sun Solaris, Windows-95,2000, Vista, Win

Languages: C, C++, PERL, JAVA, SQL, UNIX, VBScript, JavaScript

ERP: SAP, Ellucian (SunGuard) Banner

Web Technologies: HTML, IIS, ASP, Java Script, Java Servlets, JSP, FrontPage, weblogic, AJAX, JSON, and SharePoint

RDBMS: Oracle 9I/10G/11G, MS SQL Server, Informix, DB2

Utilities: Windows, Linux & Unix Utilities for e-Discover & Pen Test

Framework: MetaSploit, Dradis Framework for Ethical Hacking, MobSF

Other Tools: QTP, Clear Case, LoadRunner, Toad, MS Project, MSOffice, MS Visio, Share Point

PROFESSIONAL EXPERIENCE

Confidential, Irving

App Sec. Test Manager

Responsibilities:

• Build application security testing team from the ground up
• Create Policy, Processes and Procedures associated with performing penetration testing and vulnerability assessments
• Perform security reviews on web, internet and mobile applications
• Provide direct management and day-to-day task oversight to the team onshore and offshore
• Serve as the Appsec. contact point for cross functional groups and responsible for ensuring applications vet in through security standards
• Collaborate with development and other groups and advocate secure application development practices
• Manage testing user reviews, assessing test findings from internal and external testers, creating awareness, offering remediation's
• Hire new resources, Provide coaching, mentoring to a geographically dispersed team
• Manage budget, estimation, scheduling, KPI's
• Conduct performance evaluation and calibration
• Manage SDLC project related security testing activities
• Manage/Test Production and Infrastructure security defects
• Manage security metrics, dashboard, threat and risk rating
• Work to formulate NIST 800-64 implementation
• Create templates, forms and checklists for providing security certifications to clients’ software
• Standardize threat modeling and vulnerability rating methods to promote consistency
• Manage, Plan and perform web application related pen testing effort
• Manage Mobile, Network, WIFI, API security testing effort as a secondary responsibility
• Manage Static Code Analysis review process
• Gather footprint, Recon, Enumerate and Conduct vulnerability assessment and Penetration Testing using Burp Suite and WebInspect and other authorized tools.
• Analyze mobile applications and security assessments
• Plan and perform IOS and Android related pen testing
• Participate in internal and external audit meetings and compliance interviews
• Present reports to the stakeholders and lead remediation sessions

Environment: Java, J2EE, .Net, XML, MQ, SOAP, Unix, Oracle, SharePoint, ALM, Jira, MetaSploit, Kali Linux, Backtrack, Wireshark, WebInspect, Burpsuite, Maltigo, NMAP, Archer, Veracode

Confidential, NC

Web Application Security Test Manager

Responsibilities:

• Manage Web application security test team consists 5 team members
• Manage ongoing operational day to day security testing on web applications
• Create procedures and processes associated with performing penetration testing and vulnerability assessments
• Create checklists for providing security certifications to clients’ software
• Standardized threat modeling and vulnerability rating methods to promote consistency
• Perform security reviews on internet and mobile applications
• Create/Review security policies and procedures
• Research new attack vectors and mitigating solutions
• Provide guidance to regional security teams
• Plan and perform web application related pen testing
• Analyze mobile applications and security assessments
• Perform ethical cracks (‘hacks’) to assess the vulnerabilities test, internet and/or intranet connected systems, web applications, networks, Wifi etc.
• Generate and present report and metrics on security vulnerabilities, audit recommendations to both internal and external customers
• Perform scan using IBM Appscan, Nessus and BurpSuite

Environment: Java, J2EE, .Net, XML, MQ, SOAP, Unix, Oracle, SharePoint, ALM, Jira, MetaSploit, Backtrack, Wireshark, AppScan, WebInspect

Confidential, Phoenix, AZ

Pen Tester/Sr. Security Tester

Responsibilities:

• Assess & Identify Pen/Security testing process and strategy for the organization
• Create a Security test lab equipped with state of the art forensic tools and utilities
• Create a test infrastructure that supports robust training, communication and an effective testing framework
• Conduct network & application penetration testing, web application security reviews, mobile application reviews, and source code security analysis
• Work with developers and administrators to remediate identified vulnerabilities
• Provides authoritative advice and guidance to testers, users or stakeholders on any aspect of testing, including training of testers and other developers where appropriate
• Plans, arranges and controls meetings, workshops and relations with client/user staff during test planning and throughout development and testing activities
• Takes responsibility for all phases of testing and the management of the testing activities within a development project
• Estimate testing need for various phases and schedule testing
• Collaborate with divisions/managers within the organization
• Identify vulnerabilities recommend corrective measures and ensure the adequacy of existing information security controls.
• Educate business unit managers, IT development team, and the user community about risks and security controls.
• Prepare detail practices and procedures on technical processes
• Analyze security incidents and presented a quarterly report to the upper management
• Investigate potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes
• Conduct routine social engineering tests and clean-desk audits
• Provide Test metrics, Reports, Recommendations to the Senior leadership

Environment: Java, XML, MQ, SOAP, J2EE, .NET, Unix, Oracle, AIX, Cisco, PEGA PRPC, Nessus, Metasploit, Netcat, Wireshirk, Cain and Abel, Ip Spoofing, AppScan, Webinspect, Fortify

Confidential, North Dakota

QA Manager/Information Technology Department Projects

Responsibilities:

• Managed QA team members and seasoned (12) testers of various Gov. agencies
• Established QA goals, Policy and Process for the Organization
• Managed/Coordinated testing effort with other agencies/vendors
• Trained, Coached testers as necessary
• Run & participated daily/weekly project planning and feature demo meetings
• Planned, scheduled and control large-scale programs and individual projects
• Offered the right strategic mix of projects - created scope/traceability documents
• Established QA goal/policy/processes for State Gov. Of North Dakota.
• Created a seamless defect management. Build management process within Gov.
• Managed/Participated Security testing and vulnerability assessment QA checkpoints
• Done Pen/security Testing using various network security tools to scan, hack and identify bottlenecks
• Led security test team and managed dynamic and static testing
• Executed vulnerability assessment using AppScan
• Created report and metrics using IBM AppScan
• Involved in creating security policy and processes
• Created/managed Digital Forensic management