SUMMARY

• Accomplished professional and creative problem solver with experience in Information Security, Cyber Security and Application Security.
• Expertise in finding the OWASP TOP 10 and SANS 25 vulnerabilities (Automated), exploitation and mitigation of the risk.
• Extensive experience in the Application design, architecture, development with project management skills.
• Over 12+ years of IT experience with 5+ years of extensive experience in security testing and Cyber Security Management. Motivational team leader who owns complete deliverables and bridge customer expectations.
• Hands on Experience on security assessment using various tools like Burp Suite, Micro Focus Web Inspect and IBM AppScan, Smartbear.
• Having experience in identifying SQL Injection, Script Injection, XSS and CSRF attacks.
• Involved in Secure Software Development Life Cycle (secure SDLC) process, possesses substantial understanding and experience on the secure SDLC, which has been effectively translated across several consulting engagements.
• Hands - on with DAST, SAST and manual penetration testing.
• Involved in implementing and validating the security principles of minimum attack surface area, least privilege, secure defaults, Defense in depth, keep security simple, fixing security issues correctly.
• Create detailed assessment reports with remediation, recommendations, and present findings to clients and re-testing the security issues.
• Expertise in Project Planning, Effort estimates, Proof of Concept (POC) and Resource management.
• Conducted Vulnerability Assessment using Nessus, Nexpose, Nmap tools.
• Exposure to IT Security Compliance frameworks such as ISO27001, NIST and Industrial Control Systems Risk assessments.
• Publish Analysis reports and communicate effectively with the stakeholders on the status and Build application security risk dashboards and generate reports as needed for the organization.

TECHNICAL SKILLS

Languages: C, C++, PHP, Python, JavaScript, .Net, PowerShell Scripting

Web technologies: HTML, HTML5, CSS, XML, JavaScript, web services, SharePoint Online/Office 365/SharePoint Server/Designer 2013/2010/2007 , Microsoft InfoPath 2013/2010, PowerApps, QuickBase, Qunect ODBC

Operating system: Kali Linux, GNU/Linux, Windows

Testing Tools: SOAP UI and SOA Test tools for web services security.

Tracking Tools: Bugzilla, QC Trac, Team Forge

Servers and databases: MSSQL, Oracle, MySQL

Web Application tools: IBM Appscan, Zap, Micro Focus Web Inspect, Paros, Fiddler2, Burp suite, OWASP ZAP Proxy, kali Linux, Metasploit, Accunetix, Sqlmap, Checkmarkx

Vulnerability Assessment: Nessus, Nexpose, NMAP and Wireshark.

PROFESSIONAL EXPERIENCE

Confidential, Washington, DC

Application Security Engineer

Responsibilities:

• Worked extensively with software development teams to review the security vulnerabilities generated by Micro Focus WebInspect, BurpSuite and Micro Focus Fortify and eliminated false positives.
• Executed security assessments to ensure compliance to firm security standards (i.e., OWASP Top 10). Specifically, security testing has been performed to identify Cross-Site Scripting, Click Jacking, and SQL Injection related attacks within the code.
• Managed Application Security program (DAST and SAST) to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments.
• Reviewed source code (Java/J2EE/Spring/JavaScript) and developed security filters within CheckMarx for critical applications.
• Generated executive summary reports showing the security assessments results, recommendations (CWE, CVE) and risk mitigation plans and presented them to the respective business sponsors and senior management.
• Participated in the development of IT risk assessments for enterprise applications.
• Prepared technical documentation which included vulnerability reports, checklists, metrics, enrollment forms, DAST & SAST play books and user guides.
• Researched, initiated and drove the evaluation of tools, technologies, processes, policies, controls, standards to maintain and enhance the security of applications.
• Involved in the client discussions from the RFP to Project Signoff.
• Conducted studies of new security technologies to provide more efficient and cost-effective security solutions.

Confidential, Washington, DC

Penetration Tester

Responsibilities:

• Dynamic scanning of various applications using IBM Appscan, identify false positives and report the vulnerabilities.
• Conducted manual assessment using Burp Suite Pro and identified SQL injection, script injection, XSS, CSRF vulnerabilities.
• Identified the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Follow up with development teams to get recent functionality changes, their security analysis scheduling and coordinating with security testing.
• Conducted source code assessment using Veracode.
• Prepared and documented test plans for security evaluations. Designed and updated reports about security of targeted systems.
• Follow up/triage and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Assisted clients with questions regarding vulnerabilities and proposed mitigations.
• Management reporting and matrix management.

Confidential, Washington, DC

Penetration Tester

Responsibilities:

• Conducted Entity Security assessment (EAS) to validate vendor‘s Infrastructure security and Software Security assessment (SSA) to validate vendor’s application security. Conducted more than 15 vendor security assessments and identified various threats and security control gaps
• Worked with Client’s Business Information Security Officer (BISO) and liaising, advocating, and facilitating the implementation of infosec controls.
• Setup Quality Assurance validation program for security assessments. Governed overall vendor risk assessment process using GRC platform.
• Identified risks and developed risk mitigation and contingency plans
• Lead the entire SDLC process includes, system planning, solution, project issue, project scheduling/estimation, high-level/detailed design, test planning, implementation, user training, post-project feedback / lessons-learned analysis and development of best practices
• Conducted vulnerability assessment for more 250 assets using Nessus. Performed Dynamic Testing (DAST) on internal developed websites using IBM Appscan. Vulnerabilities were tracked and reported.
• Created, maintained and tracked security awareness training to employees and management team
• Developed business relevant metrics to measure the efficiency and effectiveness of the company’s information security management program, forecasting appropriate resource allocation and increase the maturity of the program

Confidential, Washington, DC

SharePoint Developer/Applications Developer

Responsibilities:

• Involved in all the phases of SDLC from Software Requirements Phase to Design, Implementation, testing, debugging and Documentation.
• Involved in gathering User requirements and Requirements Analysis.
• Created Database schemas and developed SQL scripts and stored procedures.
• Extensively used SharePoint Manager for user Security, Sites, lists & Item Management.
• Developed and deployedCustom Web partsfor SharePoint 2010using C# .NETand Visual Studio 2010.
• Developed the custom workflow using SharePointDesigner 2010.
• Worked on creatingMaster Pages, Page layouts, using SharePoint 2010, and customize them using SharePoint Designer,CSSscripting language.
• DevelopedEventReceivers,Timer Jobs,Features, InfoPath forms.
• Created Workflows with SharePoint Designer and Nintex.
• Created a Customized SharePoint page containing the dashboard reports (SSRS 2008 reports), which are displayed inside the customized Report viewer control based on data from the Provider web part.
• Documented technical specifications and evolution of application including functionality for end users.
• Branded the SharePoint Portal and team sites using the CSS and SharePoint designer 2010 to have a consistent and uniform look throughout the portal.
• Utilized CAML queries and worked on Xml Technologies SOAP, WSDL, XML Schemas for development and implementation of business logic in SharePoint Web Applications.
• Automated tasks like search for broken links, delete users, application pool recycle using PowerShell.
• Created Custom Event Handler by using SharePoint Event Receivers for performing different tasks and implement monitoring.
• Integrated QuickBase HTTP API, JavaScript API.
• Build customized database for internal use using QuickBase.

Confidential, New York

SharePoint Developer/Administrator

Responsibilities:

• Involved in installing and configuring SharePoint on Windows platform to implement a custom corporate intranet portal site.
• Adding/changing/removing users and user permissions, adding permissions for users on various sites, updating content, changing navigation, creating/modifying/restoring SharePoint Portal Sites and Windows SharePoint Services sites.
• Used validation controls in ASP.NET for validation purposes.
• Planning Farm Topology, Installation and Configuration of complete end to end Share Point 2010 N Tier Farm with Intranet, enabled on Internet and extended as Extranet.
• Created new User Groups in Active Directory and set different permission levels.
• Configuring multiple Service Applications like User Profiles, Search, BCS, Visio, performance point, Managed metadata service etc. and Schedule User profiles import and Search Crawls.
• Done seamless Migration from SharePoint 2007 to SharePoint 2010.
• Extensively used Docave tool for the purpose of Migration, Backup and Recovery for High availability of the SharePoint farms.
• Integrated V4.Master and Mysite.Master pages and made 'My Site' as Default Home page.
• Designed page layouts using SPD 2010|2007 and Themes using Visio 2010.
• Involved in migrating the content from Lotus Notes to SharePoint.
• Export data from Lotus Notes to SharePoint via Lotus Script & C# to XML.
• Created multiple Item level/Document level/Reusable workflows using SPD 2010 as per requirements and attached same to Content types and Lists.
• Developed the form template to trigger a Sequential Work Flow for approval and track the status using Nintex tool.
• Imported and implemented Visio 2010 Business process workflow using SharePoint Designer 2010.
• Build Professional Dashboards for Business Intelligence using Dundas Charts|Gauges and thru Excel services.
• Developed External content types (BCS) and connected to SQL Server using SPD 2010 and configured Search Crawls for ECT's.
• Utilized CAML and LINQ extensively for data Retrieving, Querying and Manipulation.
• Create Event Receivers, Visual web parts, List/Site definitions, Features using Visual studio 2010(SharePoint Object model) and deploy them as Sandbox |Farm level solutions(using PowerShell)
• Designed and deployed multiple browser compatible InfoPath 2010|2007 forms as per clients requirements & attached event receivers and developed dashboards using Dundas.
• Define and implemented site to item level systematic permission levels and security access policy across the portal.
• Used SharePoint Web services in InfoPath.
• Deploy solution with the use of Stsadm and Central Application.
• Install and Activate Feature with the use of Stsadm and Portal Application.
• Extensively used OOPS concepts in implementing the projects for code reusability
• Created and maintained connections with the use of Microsoft Enterprise Library.
• Used ADO.NET objects such as Data Reader, Dataset and List for consistent access to MS SQL Server data sources.
• Communicate with the QA to solve the QA and performance related issues.
• Used Team Foundation Server for version control during development and maintenance.
• Worked on Business logic and UI to get the data from CMS and present to the end user.
• Worked with customer insights team to test website usability. As a result, initiated user journey upgrade to increase time on site and conversion rates.
• Providing knowledge of data transfer process from database to staging environment to API.
• QuickBase Administration - manage users and built, manage, and/or enhance various QuickBase applications.
• Designed and developed the Business logic part of the application with best utilization of Object Oriented Principles and Practices.
• Involved in writing stored procedures and business logic implementation.

Confidential, Washington, DC

Applications Developer

Responsibilities:

• Involved in all the phases of SDLC from Software Requirements Phase to Design, Implementation, testing, debugging and Documentation.
• Developed and implemented the New Heights Student Tracking application using QuickBase for the District of Columbia Public Schools.
• Analyze, design and development of various structured modules for Department of Human Services
• Involved in gathering User requirements and Requirements Analysis.
• Created Database schemas and developed SQL scripts and stored procedures.
• Design and developedWIRES enhancementsusing Asp.NetandC#.
• Documented technical specifications and evolution of application including functionality for end users.
• Wrote extensively SQL queries, developed PL/SQL store procedures
• Worked on Linked servers to access data from different database.

Confidential, Atlanta, GA

SharePoint Developer

Responsibilities:

• Developed new UI screens using Winforms & Webforms for new enhancement.
• Created custom forms using InfoPath 2007/2010 provided data validation and published them to SharePoint Form Library.
• Extensively used SharePoint Object model to show SharePoint data in ASP.NET web applications.
• Designed and Developed Custom Page Layouts for Branding and Chroming of portal by SharePoint Designer 2007/2010 for the look and feel of the portal by modifying Master Pages.
• CreatedSharePointsites and sub sites with custom Document LibrariesandLists.
• Used SharePoint Designer 2007/2010 for branding and customizing SharePoint Sitesby modifying MasterPages.Used SharePoint designer for creating Page Layoutsfor different modules.
• DevelopedcustomWork flowsto automate the business processesusingVisual Studio andSharePointDesigner 2007/2010.
• Extensively worked onInfoPath Forms, form services andintegrated them with workflows.
• CreatedCustomDocument Libraries, Lists, ListViews,Content TypesandSite Columns.
• Created Report Center with dashboard pages and added KPIs and web parts to the dashboard.
• Designed and developed the CustomwebpartsandWebpages for SharePoint in Visual Studio 2008 with AJAX.
• CreatedDocument Librariesand associatedthemwith the workflows,Event handlers using custom coding and SharePoint Designer.
• Customized the intranet site using SharePoint Designer to give it a same look as the website.
• Used SharePoint Designer for customizing SharePoint Server by modifying Master Pages.
• Designed Well Formed User interface using XHTML, JavaScript, HTML and PHP.
• Implemented ADO.NET to interact with the database using SQL Statements and Stored Procedures.
• Wrote Stored Procedures that read, process and insert information across multiple tables using SQL Server 2005/2008.
• Used SSIS as an ETL tool to create source/target definitions, mappings and sessions to extract, transform and load data into staging tables from various sources.
• Deployment of Application on Test and Production Server, debugging and troubleshooting applications.

Confidential, Atlanta, GA

.NET Developer

Responsibilities:

• Designed and developed the user interface screens with Grid View, Date Picker, Tree View and Progress Bar.
• Involved in all phases of the application development from business requirements analysis, design, development and Testing of the application.
• Used Master Pages, Cascading Style Sheets (CSS) and Skins to attain uniformity of all web pages and to control the layout and look of the page easily.
• Implemented rich user interface for Windows Forms using WPF.
• Used Several AJAX Controls such as Modal Popup, Password Strength, and Auto Complete Controls which helped the User Interface pages development fast.
• Implemented Forms based authentication to provide secure access to different modules based on the profile information.
• Designed ADO.NET to implement business logic and VB.NET as code behind language.
• Wrote PL/SQL procedures to automate the cloning process and to create the repository database.
• Used Crystal Reports for the generation of client reports using datasets and Procedures.