We provide IT Staff Augmentation Services!

Penetration Tester / Vulnerability Assessment Resume

4.00/5 (Submit Your Rating)

Anaheim, CA

SUMMARY

  • Penetration tester with over 10+ years of experience in the creation and deployment of solutions protecting applications, networks, systems and information assets for diverse companies and organizations.
  • Experience in detecting - SQL injection, XML injection, techniques to obtain command prompts on the servers , PDF exploits, HTTP response splitting attacks, CSRF, web services vulnerabilities, Anonymity (TOR) traffic identification - DOS pattern identification using Artificial Intelligence algorithms etc.
  • Highly skilled in installing, testing, maintaining and designing advance secure network solutions
  • Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
  • Skilled in identifying the business requirements for information security as well as regulations of information security.
  • Extensive experience in Penetration testing - Expertise in detecting various vulnerabilities (including OWASP top 10) comprised over authentication, authorization, input validation, session management, server configuration, cryptography, information leakage areas
  • Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, HP Web inspect and IBM Appscan.
  • Developed, implemented and enforced security policies through experience, in-depth knowledge of security software, and asking the customer the right questions
  • An enthusiastic team player who embodies a strong work ethic and a leader who utilizes complex problem solving skills for incident analysis.
  • As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions, Dormant & Never Logged IDs clean-up.
  • Technical business expert employing tremendous Information Security Audit, Strategy and Risk Management Techniques.
  • Excellent communication, analytical, troubleshooting, customer service and problem solving skills; excels in mission-critical environments requiring advanced decision-making.
  • Experience in automation tools development for penetration testing.
  • Developed testing practices, training plan and trained new members in penetration test duties.
  • Developed remediation plans for various vulnerabilities and assisted development teams across the organization in remediating them.
  • Developed testing practices, training plan and trained new members in penetration test duties

TECHNICAL SKILLS

Tools: IBM AppScan Standard Edition, HP Web Inspect, Acunetix, Burp proxy, Parosproxy, Wire shark, OWASP, Web Scarab, map, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify, DIR-Buster, Acunetix Web Scanner, SQL Injection Tools, Havij, CSRFTester AND Kali Linux, Fortify, veracoad, Webgoat SSL implementation, RSA implementation, PKI (Public key infrastructure) Encryption algorithms

Platforms: Windows 98/2000/XP/Vista/Windows 7, Windows Server 2000/2003/2008

Database: My SQL 5.0

Packages: MSOffice

Network Tools: NMap, Wire Shark, Nessus, QualysGuard

PROFESSIONAL EXPERIENCE

Confidential - Anaheim, CA

Penetration Tester / Vulnerability Assessment

Responsibilities:

  • Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients
  • Review and define requirements for information security solutions
  • Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
  • Participate in Security Assessments of networks, systems and applications
  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
  • Working with Altassian JIRA tool using for bug tracking, issue tracking, and project management functions.
  • Experience creating test cases, running test cases, automate test cases and logging/verifying defects.
  • Acquainted with various approaches to Grey & Black box security testing.
  • Penetration testing based on OWASP Top 10.
  • Security assessment of online mobile applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging .
  • Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Metasploit, WebInspect, Kali Linux, CheckMarks,NetSparker Havij, DirBuster, IBM appscan , for web application penetration tests.
  • Ensure all the controls are covered in the checklist.
  • Responsible for performing static code analysis of application source code.
  • Having review meetings on daily basis,Weekly & Monthly basis for software development ie. relying on agile scrum development model
  • Generated and presented reports on Security Vulnerabilities to both internal and external customers.
  • Capturing and analyzing network traffic at all layers of the OSI model.
  • Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
  • Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports.
  • Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
  • Scan Networks, Servers , and other resources to validate compliance and security issues using numerous tools.
  • Conducted onsite penetration tests from an insider threat perspective
  • Involve actively in the release management process to ensure all the changes of the application had gone to security assessment.
  • Burp suite, Dirbuster, HP Fortify NMap tools on daily basis to complete the assessments
  • To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
  • Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of the risk potential and options for remediatio

Confidential, NY

Penetration Tester / Vulnerability Assessment

Responsibilities:

  • Black box pen testing on internet and intranet facing applications
  • Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests
  • Perform peer reviews of Security Assessment Reports
  • Hands on Experience in conducting web application security scan using IBM Appscan HP web inspect and Accunetix
  • Perform threat modelling of the applications to identify the threats.
  • OWASP Top 10 Issues identifications like SQLi, CSRF, XSS
  • Training the development team on the secure coding practices
  • Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, cookie manager, Tamper data.
  • Providing details of the issues identified and the remediation plan to the stake holders .
  • Involved in a major merger activity of the company and provided insights in separation of different client data and securing PII .
  • Identification of different vulnerabilities of applications by using proxies like Burp suite to validate the server side validations
  • Execute and craft different payloads to attack the system to execute XSS and different attacks
  • SQLMap to dump the database data to the local folder
  • Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations
  • Preparation of security testing checklist to the company.
  • Developed ontological and heuristic behavior frameworks for incident investigation and response. Many of my findings were implemented into a leading security platform.
  • Finding security deficiencies in applications, networks or people or processes
  • Ensure all the controls are covered in the checklist
  • Managing and prioritizing multiple tasks in accordance with high level objectives Perform pen tests on different application a week Metasploit to exploit the systems .
  • Updating of the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market
  • Creation of secure virtualized lab for exploit creation, malware distribution analysis and security product testing.

Confidential, MN

Penetration Tester / Vulnerability Assessment

Responsibilities:

  • Responsible for configuring, supporting, and troubleshooting network devices such as Cisco routers, switches, firewalls, wireless access points and controllers, ACS, ISE;
  • Build site to site VPN for remote locations and partner connections using Cisco Next Generation Firewalls .
  • Configure Cisco UCS module, install ESXi host, and provision virtual machines for store retail applications .
  • Perform vulnerability analysis and Pen-Testing to mitigate/remediate security threats mandated by in PCI Compliance/Remediation.
  • Respond to network connectivity and regional data center outages; coordinate efforts with Service Desk, ISP provider; local tech and/or store personnel to restore network services
  • Provide network support for new application and device deployment; identify new connectivity requirements and develop solution
  • Monitor QRadar, a SIEM product , to identify any security violations
  • Planned, managed, and implemented a WiFi deployment project to upgrade more than 1000 Cisco wireless access points; certified wireless coverage using AirMagnet wireless tool.
  • Actively involved in new store openings, closings, renovations, relocations, and technology lifecycle initiatives.

Confidential, Alexandria,VA

Penetration Tester/ Security Analyst

Responsibilities:

  • Exploited the logic flow of web application and recommend mitigation to the findings.
  • Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
  • Brute force assessment to insure strong passwords requirement.
  • Good Experience in exploiting the recognized vulnerabilities in web applications.
  • Performed, reviewed and analyzed security vulnerability data to identify applicability and false positives
  • Define the timelines to the given application & Conduct the security assessments and Report out the vulnerability findings with remediation process to the development team.
  • Manual validating vulnerability findings by identifying false positives.
  • Develop and manage vulnerability assessments including development of risk mitigation strategies.
  • Performed network Vulnerability Assessments using various network tools.

Confidential, Houston, TX

Application Security Engineer

Responsibilities:

  • Perform validation and verification. Recommend process improvements.
  • Assisting customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality
  • Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project.
  • Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation.
  • Manual validating vulnerability findings by identifying false positives.
  • Develop and manage vulnerability assessments including development of risk mitigation strategies.
  • Documented information security guidance in step by step operational procedures.
  • Performed static code reviews with the help of automation tools.
  • Conducted vulnerability assessment of internal/external facing web application using automated tools such as IBM Appscan, Burp Suite, and OWASP ZAP.

Confidential

Security Engineer

Responsibilities:

  • Analyze, log, track and complex software and hardware matters of significance pertaining to networking connectivity issues, printer, server, and application to meet business needs.
  • Handled the tasks of designing and planning LAN network expansion of the organization.
  • Responsible for upgrading and configuring Microsoft Window servers.
  • Handled the tasks of monitoring database and ensures security of stored data monitored the access of stored information in company databases.
  • Installed network routers, firewall and cabling .
  • Responsible for preparing, loading, documenting and testing desktop and network developed applications for deployment, staff training, and inventory
  • Managed computer/user accounts in Active Directory .
  • Supported users in multiple branches with computer, network and desktop application software; image new PCs for new employees or reimage current; install printers to user profiles; map network drives ; assist in user login and connectivity issues

We'd love your feedback!