We provide IT Staff Augmentation Services!

Senior Test Engineer Resume Profile

Professional Experience:

Confidential has eleven years of technical, security, and customer service experience with the Government and commercial industries. He currently uses his technical experience to develop, test, and engineer security assessments for the various DOD and commercial entities. His engineering skills allow for an in-depth understanding of system security and posture with respect to today's exploits.

  • Information Assurance Mgmt
  • PPSM, Packet Analysis
  • Firewall/Routers/Switch Security Mgmt
  • Application Security
  • Systems Hardening
  • IPS/IDS/HBSS/VPN Mgmt
  • Active Directory Mgmt
  • Malware Analysis Antivirus Mgmt
  • Exploit Development
  • Development of IA plans
  • Implementation of IA plans, solutions and auditing
  • Security Assessments
  • Penetration Testing
  • Security Awareness Development
  • TCP/IP Architecture
  • Vulnerability Assessments
  • NIST, DIACAP,FISMA,DITSCAP
  • Systems Administration
  • Certification and Accreditation
  • DoD 8500.1/.2, 8570.1, CJCSM
  • MS Exchange Server Administration
  • Reverse Engineering
  • SharePoint Portal Administration
  • SQL 2000- SQL2008, Office 97-2010

Skills/Tools:

OS/Applications: Windows 3.1 Windows 7, OS X, Linux: Redhat Enterprise, CentOS, Debian,

Ubuntu, Fedora, Suse, Slackware, Mandrake, Enigma, Red Hat, Beehive, Knoppix STD, NST,

BackTrack, Samurai, VMware ESXi Unix: Solaris, FreeBSD/Open BSD ,Open VMS, Novell

Forensic Software: Autopsy, SleuthKit, dd/dc3dd, PTK, DD, Pasco

GOTS scripts: DISA Unix SRR, Oracle SRR, SQL SRR, WebSRR, and Gold Disk.

Penetration and Vulnerability scanning software: SAINT, Core Impact, Nmap, Nessus,

Metasploit, AppDetective, ISS, FoundStone, WebInspect, Retina, Nikto, NTOSpider, SuperScan,

Netscan, Retina, X-Scan, AIX, Unicornscan, Sshmitm,Webmitm, Arpspoof, Hydra, Cain and

Able, TCP DUMP, Netcat, Cryptcat, Hping, Xscan, AutoScan, Firewalk, DNSwalk, Fport,

HttpPrint, Immunity Canvas, OpenVaus, admsnmp, Cisco Global Exploiter, Fierce, Maltego,

Mantra, SQL Ninja, snmpenum, one sixty one, Armitage, Karmetasploit, Social Engineering Tool kit SET , WCE Windows credential editor, Nexpose. Browser exploitation framework

Sniffers: Ethereal, Etherape, Ettercap WireShark, Dsniff, Kismet

Debug/Reverse Engineering: Peach Fuzz, FileFuzz, Exploitable, DebugDiag,Spike, Immunity Debugger, IDA Pro, Ollydbg, windbg

Web Application: Havij SQL Injection , Tamper Data, Acunetix, Paros, WebScarab, w3af, Burp Suite, Wfuzz, Web Inspect, Nikto, NTO Spider, Net Sparker.

Professional Summary

Confidential

As a Senior Penetration Test Engineer for Knowledge consulting group, Confidential responsibilities include internal/external penetration testing, vulnerability assessments,, and web application pentesting. Mr Farid leads pen testing engagements in support of the KCG Cyber Attack Penetration Division for customers such as Rapid7, Akamai, Stratfor,Intelligence, Metlife, DC WASA, Empire State NYC, BPD, DHS, DOI, FMS, and FRB. In addition to penetration testing, Mr. Farid conducts ST E for Federal information systems in accordance with NIST standards and oversees and manages the delivery of security assessment services to commercial and Federal customers. Mr. Farid led the FEDRAMP initiative as a 3PAO technical lead for Akamai. Mr. Farid manages all aspects of assessment and response engagements from inception to completion.

Confidential

As a Senior Security Engineer for Telos Corporation, Confidential responsibilities include conducting vulnerability assessments, penetration testing, and web application assessments. Mr. Farid performs multi-scaled analysis ranging from large scale vulnerability to automated and manual penetration testing in addition to web application testing. Vulnerability assessments are in accordance with the Department of Defense Information Assurance Certification and Accreditation Process DIACAP, DITSCAP, AR 25-2, and NIST SP 800 series. Mr. Farid manages all aspects of assessment and response engagements from inception to completion.

Confidential leverages the Application Security and Development Security Technical Implementation Guide and OWASP to provide security guidance for use throughout the application development lifecycle. Mr. Farid provides the guidance needed to promote the development, integration, and maintenance of secure applications. Mr. Farid utilizes VMware ESXi server to develop a lab environment for application security and penetration testing. Mr. Farid leverages multiple tools in Back Track distro to perform penetration testing and web application testing. Mr. Farid performs vulnerability testing leveraging tools such as Defense Information System Agency DISA Security Readiness Review SRR scripts, Nessus/Newt, AppDetective, NTO Spider, Nikto, ISS, FoundStone, WebInspect. Mr. Farid consolidates and analyzes the output from the findings tools and presents them in the form of a vulnerability matrix consisting of a POA M, DIP, SIP, and DIACAP scorecard. Mr. Farid concludes projects by developing an Appendix Q and Appendix F for each respected assignment.

Confidential

As an intern for Learn Security Online, Confidential has the distinct honor of working for and following the guidance of Joe McCray. Joe has 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, incident response, and forensics in the both DoD community and the private sector. Joe is also a frequent trainer/presenter at security conferences such as Black Hat, Def Con, ToorCon, BruCON, LayerOne, TechnoSecurity, and TechnoForensics. Mr. Farid performs Network and Application Penetration tests within the parameters defined by the customer. Mr. Farid provides detailed reports on the findings of network and application penetration tests. Mr. Farid's duties include generating course curriculum by means of producing step by step instructions on intermediate and advanced pen testing techniques. Mr. Farid develops labs by means of virtualized testing environments for penetration testing.

Confidential

As an intern for Security University, Confidential immerses students into an interactive environment where they're shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students begin by understanding how perimeter defenses work and then lead into scanning and attacking their own networks. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Hire Now