- 5 years of experience in IT industry specialized in Information Security.
- Experience in implementing security in every phase of SDLC.
- Expertise in performing Application Security risk assessments throughout the SDLC cycle Performed Application security which includes Application Security design, review, testing and remediation.
- Well versed with various vulnerabilities and attacks in web applications - OWASP top 10.
- Have hands-on experience in application security, vulnerability assessments and OWASP along with different security testing tools.
- Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP proxy, NMap, Nessus, Hp Fortify, IBM AppScan, Kali Linux, Metasploit .
- Scanning customer source code, auditing results with development and security teams and offering plans for remediation of vulnerabilities.
- Conduct source code review of application using Fortify.
- Analyzing the results of penetration testing, designing reviews, source code reviews and other security tests.
- Experience in Threat Modelling during Requirement gathering and Design phases.
- Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
- Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
- Reporting the identified issues in the industry standard framework.
- Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing.
- Proven experience in manual/automated security testing, secure code review of web applications.
- Validate the false positives and report the issues.
- Implementation and review of security controls across SDLC.
- Ability to work in large and small teams as well as independently.
TOOLs: IBM APP Scan, Burp-Suite, HP Fortify, Nmap, Nessus, WebInspect, DIR-Buster, SQL Map, Acunetix Web Scanner, SQL Injection Tools, CSRFTester AND Kali Linux.
Language: C, C++, Basic, ASP.NET
Network Tools: Nmap, Nessus
- Understanding and implementation of security into SDLC via application risk assessment, requirements gathering, design review, application vulnerability assessment.
- Conducted Vulnerability Assessment of Web Applications.
- Skilled in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, authentication flaws etc.
- Proficient using IBM App Scan, Burp Suite, Acunetix Automatic Scanner, NMAP, Dirbuster, Nessus, SQLMap for web application penetration tests and infrastructure testing.
- Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
- Capturing and analyzing network traffic at all layers of the OSI model.
- Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).
- Perform validation on design of features like authentication, authorization, accountability. Provide the report and explain the issues to the development team.
- Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
- Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and Sans 25 Vulnerabilities prioritizing them based on the criticality.
- The experience has enabled me to find and address security issues effectively, implement new technologies and efficiently resolve security problems.
- Reviewing the SCA report by removing the false- positives and reporting to the application teams with recommended remediations.
- Conducted OWASP top 10 Vulnerability Assessment on Various Applications.
- Well versed with various vulnerabilities and attacks at application - OWASP top 10, SQL Injection, XSS, and CSRF etc.
- Burp suite, Dirbuster, NMap tools on daily basis to complete the assessments.
- Generated and presented reports on Security Vulnerabilities to both internal and external customers.
- Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
- Ensures that the operation, design, and management of information systems are in according to the standards of the organization.
- Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, HP Web Inspect.
- Ensure the issues identified are reported as per the reporting standards.
- Provide the report and explain the issues to the development team.
- Assist the develop teams in closing the vulnerabilities identified.
- Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
Jr. Security Analyst
- Experience in Application Security testing with EMC Corporation.
- Conducted application penetration testing for business applications.
- Static Code analysis using HP Fortify to identify the vulnerabilities in the applications.
- Manual penetration testing of the web applications and APIs to identify the OWASP Top 10 vulnerabilities and SANS 25.
- Burp suite as a proxy to validate the server side validations and to identify issues like Sql injection, XSS, CSRF etc.
- Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests.
- Monitor, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
- Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes & challenges.
- Real-time Analysis and defense.
- Vulnerability assessment (VA), Security policy, and network and security audit.