Information Security Profile

Synopsis:

• Result oriented professional with 13 years of expertise in IT predominantly in Information Security Domain.
• Experience across diverse organizations involving Security Consulting, Product Security, Security Services, Security Compliance and Incident Response.
• Hands-on experience on Vulnerability Assessment and Penetration testing of Web Application and its related infrastructure.
• Mobile Security testing based on guidelines published by OWASP.
• Experience in Enterprise Risk Management and GRC
• Working experience in audit requirement for PCI-DSS, FIPS, STIG and Common Criteria.
• Proficient in analyzing information system needs, evaluating end-user requirements, custom designing solutions, troubleshooting for complex issues.
• Capable of defining business mission and integrating resource strengths to deliver impeccable performances aligned to overall security objectives.
• Demonstrated leadership, teaming, organizational and people-management skills with consistent performance levels in excess of job requirements.

Core Competencies:

• Strategic Planning
• General Administration
• Technical Support
• Project Management
• Compliance Management
• Reporting Documentation
• Resource Optimization
• Customer Relationship Management
• Cross Functional Team Coordination

Professional Experience

Role: Principal Engineer RSA Security

Responsibilities:

• Lead the Security Testing Practice for the RSA Security products, responsible for revamping the security test practice across Advance Security Operation Center product line.
• Chair the Product Security Forum to lead efforts to build a cohesive force to address early identification of Security defects in products across EMC-RSA.
• Perform Dynamic and Static application security testing as part of release criteria.
• Create reusable security test case suite to identify functional security flaw within the product.
• Design and manage a test lab for recreating security vulnerability scenarios
• Created sanity test suite to aid development team test for XSS vulnerability.
• Streamline Security test function across different product line
• Be a frontline for Product Security Response Center for all vulnerability management issues
• Support customer identified security threats to reproduce, validate and prioritize the fix
• Responsible for platform security and hardening tests.
• Responsible for sign-off on Security Configuration Guides for customers
• Worked towards audit and compliance requirement for STIG, FIPS and Common Criteria.
• Tools Usage Cenzic Hailstrom, Paros, Metasploit, Burp Suite ZAP

Confidential

Responsibilities:

• Being part of the Global Security Office, support security services to manage, monitoring and respond to security events. Drive proactive efforts to identify security vulnerability in applications, network and products.
• Application Security Testing
• Involved in scoping, identification, analysis and evaluation of application security risk.
• Perform vulnerability assessment penetration-testing using automated tools on web applications. Tools Usage Cenzic Hailstrom, HP WebInspect Paros, Metasploit, Burp Suite ZAP
• Testing Mobile App primarily on Android platform to identify OWASP Top Ten Mobile Risk.
• Create test scenarios to identify functional security issues and provide feedback to development leads.
• Evaluate vulnerabilities identified due to configuration issues, patch management and third party applications. Tool Usage Nmap, Nessus PF
• Global Vulnerability Management Program
• Conduct periodic scans on different network assets involving Labs, DMZ and Data Center across the globe. Tool Usage Mcfee Foundstone, Archer GRC, Qualys Guard
• Support remediation activity to mitigate the issue identified during the scanning process.
• Create dashboard to gather visibility on the risk posture to the leadership team
• Identify/ remediate deviation from defined organization's information security policy.
• Product Security Testing Product Security Office
• o Perform necessary security automated for different products as a part of go-live criteria
• o Primarily interface for validation and fixing of customers reported security issues/escalations Tools Usage Qualys Guard, Nessus Security Center, IBM AppScan
• o Help development teams to align with PSO defined secure development procedure and polices.

Responsibilities:

• Client Leading Health Insurance Company
• Ensured smooth functioning of Symantec Vontu tool on various DMZ networks of the client.
• Customized Symantec Vontu tool to scan for required identifiers
• Identified PHI PPI information traced in the report to minimize false positive.
• Groomed mentored team members into the process.
• Client Leading Payment Card Industry
• Functioned as Lead Security Advisor involved in management of security related issues.
• Developed Secure SDLC Methodology for Application development.
• Conducted external QSA audit for PCI-DSS compliance.
• Designed training modules on OWASP top vulnerability.
• Worked on readiness campaign for PCI DSS controls 6.x.
• Client A global technology leader in information commerce
• Involved in end-to-end management of project in compliance to project delivery schedules and other SLA parameters.
• Conducted vulnerability assessment on the application underlining infrastructure.
• Performed Web Application Testing using IBM Rational AppScan, intrusive and non-intrusive techniques.
• Tools Usage IBM Rational AppScan, Paros, Qualys Guard, Burp Suite

Responsibilities:

• Functioned as presales consultant role for the Security Vulnerability Offering.
• Focused on presales, development of practice collateral, education support of the marketing team. Worked on Avaya and Citrix Solutions.

Client Oracle Siebel CRM

• Conducted Web Application Security Testing Black Box Testing using automated tools and detailed manual testing looking for typical web application specific security holes like Cross-Site Scripting, SQL Injection, URL redirection as well as attempts to avert business logic of the application.
• Focused on OWASP Top 10 vulnerability assessment and test framework development.
• Customized report generated by WebInspect aligned to client requirements.
• Coordinated with developers in understanding fixing of vulnerabilities as part of the QA process.
• Certified product with third part authentication solutions like SunOne, IBM, and Novell and ADSI ldap servers.

Client SymphonySMS

• Involved in Infrastructure Security Assessment based on OSSTMM methodology, Vulnerability Assessment and Penetration testing of infrastructure.
• Identified vulnerability mitigation techniques and OS hardening routines across platforms.
• Conducted training sessions for individuals on various aspects of security mitigation techniques.

Client Hyperion

• Led a team of 3 consultants to perform Vulnerability Assessment on the Web Based application.
• Involved in detection classification of vulnerability based on OWASP Top Ten methodology.
• Work on common vulnerabilities such as directory traversal, parameter manipulation, information disclosure, web server vulnerabilities, buffer overflows, format string bugs, race conditions, weak authentication authorization schemes, session management, cookie manipulation and forceful browsing.
• Installed, configured customized Fortify Secure Code Analyzer to assist in Secure Development Process.

Responsibilities:

• Involved in design management of projects related to new security requirements enhancements to the Internet infrastructure.
• Planned developed secured information systems network infrastructure to strategically support Internet infrastructure.
• Designed/ conducted Security Hardening/Audits/ Penetration Testing on Systems/Applications.
• Developed maintained BCP and DR plan.
• Built VPN circuit linking three corporate offices in Japan, India and US.
• Liaised with vendors with regards to technology comparison and cost effectiveness.

Responsibilities:

• Conducted penetration testing vulnerability assessment for in-house applications followed by preparation of detailed reports.
• Performed architectural review, security policy, firewall rule base analysis, application testing and general benchmarking using manual and automated penetration testing.
• Designed, implemented, administered troubleshot NIDS, HIDS and Antivirus infrastructure.
• Implemented troubleshot Firewall based on Network Security Design including implementation of NIDS using Snort conducted regular vulnerability assessments on systems with fresh/ existing installations.
• Setup centralized support tickets request using OTRS Open Ticket Resource System and network monitoring services using Nagios.
• Spearheaded a team of 4 members.

Responsibilities:

• Worked on network security including implementation for perimeter security.
• Security hardening of network infrastructure and monitoring.