SUMMARY

• Professional with 6+ years of progressive experience in information technology with extensive experience in information security, application security, software security, enterprise vulnerability management, penetration testing and generating reports using tools.
• Domain expertise in telecom, banking and financial services, health care.
• Expertise in performing application security risk assessments throughout the sdlc cycle performed application security which includes application security design, review, testing and remediation
• Experience in vulnerability assessment and penetration testing using various tools like metasploit, burp suite, dirbuster, owasp zap proxy, nmap, openvas, nessus, hp fortify, ibm appscan enterprise, kali linux.
• Good experience in web technologies like http, html, css, forms, database connectivity.
• Good knowledge in programming and scripting in asp, java.
• Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Reporting the identified issues in the industry standard framework.
• Sound knowledge and industry experience in vulnerability assessment and penetration.
• Testing on web based applications, mobile based application and infrastructure penetration testing.
• Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Proven experience in manual/automated security testing, secure code review of web and mobile applications
• Security assessment based on osstmm methodology and owasp framework.
• Experience in establishing process for periodic reviews of privilege user groups at ad,database and application level.
• Implementation and review of security controls across sdlc.
• Ability to work in large and small teams as well as independently.

TECHNICAL SKILLS

Standards & framework: Owasp, osstmm, pci dss

Application scanners: Ibm appscan, hp webinspect

Network security tools: Nessus, openvas, nmap

Proxies/sniffers/tools: Burp suite, web scarab, wireshark, dirbuster

Operating systems: Windows, rhel, kali linux

Databases: Mysql, ms sql, oracle

Penetration testing: Wireshark, metasploit framework

Programming languages: C, c#, java, python, javascripting, swift,obj - c

PROFESSIONAL EXPERIENCE

Confidential, Atlanta-GA

Penetration tester

Responsibilities:

• Performed manual application security testing on the everyday changes carried out in the application.
• Performed automation scanning and analysis on the applications on a monthly basis.
• Uncovered high vulnerabilities at the infrastructure level for internet facing web sites.
• Documented information security guidance in step by step operational procedures.
• Performed static code reviews with the help of automation tools.
• Network scanning using tools like nmap and nessus.
• Initiative to streamline the access control mechanism of various applications.
• Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediations for individual findings.
• Attended meetings with development team to discuss the previously submitted reports on the findings to ensure that the fixes are made to those applications.
• Performed a threat analysis on the new requirements and features.
• Burp suite, dirbuster, hp fortify, nmap tools were used as part of the penetration testing, on daily basis to complete the assessments.

Confidential, Franklin-NJ

Penetration Tester

Responsibilities:

• Performed network scanning using tools nessus, openvas and nmap.
• Metasploit, burp suite, nmap tools were used as part of the penetration testing, on daily basis to complete the assessments.
• Automation scanning and analysis on the networks and applications on a daily basis.
• Uncovered critical vulnerabilities at the infrastructure level for enterprise networks.
• Provided detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediations for individual findings.
• Attended meetings with risk assessment team to discuss the previously submitted reports on the findings to ensure that the fixes are made to those applications.
• Documented information security guidance in step by step operational procedures.
• Performed threat analysis on the new requirements and features.

Confidential, san jose,ca penetration tester

Responsibilities:

• Performed grey box testing of the web applications.
• Execute and craft different payloads to attack the system for finding vulnerabilities with respect to input validation, authorization checks, etc.
• Review and validate the user access compliance on a quarterly basis.
• Review the requirements for privileged access on an everyday basis and provide recommendations.
• Review and validate the privileged users and groups at active directory, databases and application on a periodic basis.
• Documented information security guidance in step by step operational procedures.
• Performed static code reviews with the help of automation tools.
• Performed a threat analysis on the new requirements and features.
• Burp suite, dirbuster, hp fortify, nmap tools were used as part of the penetration testing, on daily basis to complete the assessments.
• Establishing and improving the processes for privileged user access request.
• Review of firewall rules and policies in web proxy.
• Highlight the user access and privileged user access risks to the organization and providing the remediation plan.