SUMMARY

• IT Professional having solid hands on experience in analysis, design, develop and deployment of secure web - based applications using Java, JEE based technologies, open source frameworks in distributed environments.
• Expert in providing solution to make application secure and vulnerable free and experience in code analysis using Fortify,Black-duck, AppScan, Checkmarx and WebInspect, ZAP,Burp Suite and Open source tools.
• Strong hands on experience in identifying potential threats, develop mitigation plan and efficient, modern, cost-effective and OWASP TOP 10 -2017 compliant security solutions.
• Provide hands on training to application developers in secure coding techniques and best practices and helping to integrate security into the software development life cycle (DevSecOps).
• Automation of security scanning tools using Jenkin jobs and drove the adoption of security scanning tools Checkmax,Fortify, Black Duck for both development and production use.
• Expert in performing static/dynamic vulnerabilities code fixes, testing, manual code inspection, threat modelling and design reviews to identify vulnerabilities and security defects.
• Hands on experience in Object oriented analysis, and design using Visio, Rational Rose, UML, and design patterns/design principles.
• Strong hands on experience in Portal development & implementing internal/external SSO in Sun IDM, IAM using different Encryption/Decryption techniques (like secure keys, SAML).
• Experience in the Agile Model Driven Development, Scrum, JUNIT frameworks.
• Hands on experience in developing in automation of security tasks during code builds, testing and deployments using Jenkins / Ansible scripts.
• Hands on experience on automation framework, Agile, DevOps, DevSecOps, CHEF client/server, integration of CHEF with Jenkins for continuous deployment and creating recipes/cookbooks using Ruby programming.
• Fair understanding of Big data, Spark, AWS, MangoDB, AGENSGRAPH, Neo4J, SQLite.
• Build maintain and enhance communication channels with the project board, senior management, clients, suppliers, end users and internal departments.

TECHNICAL SKILLS

Java/J2EE Technologies: Advanced Java, Servlet, JSP, JDBC, JNDI, JMS, JAXB,AJAX,Jquery

Scripting Language: Shell Script, Perl Script, JavaScript,Jython,Python,Ruby

IDE: Eclipse, Net Beans/iRapid, JDeveloper, SOAP UI.

Database/Languages: SQL, PL/SQL, MySQL, Oracle11g, Informix

Frameworks: Struts 2.0, Hibernate 2.0, Spring,Angular JS, TestNG,Agile

Web/Application/portal Servers: Tomcat, JBOSS, We Logic, iPlanet Portal 7.0, Identity Manager 7.0.1

OS: Unix/Linux, Windows

Testing/Defect Tracking Tools: JUnit,JAmon, JMeter/TestNG, Remedy, Quality Centre, Sonar, Jira, Bugzilla, Nimble

Tools: /Technologies: XSLT, LDAP, SAML, Erwin TOAD, Eclipse, ServiceNow, Jira, SOA, RESTful Web Services, JMS, SOAP, EA, PMD, FindBugs,Checkstyles, CHEF,Jenkins,GIT,Stash,Ruby,Rational Rose, CVS, VSS, SVN, Clear Case

Development Methodologies: OOAD, SOA, 6 Sigma

Software Engineering Practice: Agile, DevOps, DevSecOps, SCRUM, Iterative development.

PROFESSIONAL EXPERIENCE

Confidential

Senior Security Lead Developer (Java)

Responsibilities:

• Develop cost effective security solutions for potential vulnerabilities found across Confidential Technologies web applications and propose recommended solutions using Java, J2EE, Java Script, Spring, SOAP, Restful, Python.
• Validate source code for OWASP Top 10 vulnerabilities across applications, identify potential threats and provided cost effective solution as per the OWASP/ Confidential guidelines.
• Security assessment for third party open source libraries, identify recommended version of libraries.
• Engagement with cross functional development teams starting from initiating static/dynamic scans, REPID7, Kenna, White Hat, Fortify tool training, remediate identified vulnerabilities and work with dev teams to review findings that are candidates for false positive.
• Security assessment for third party open source libraries, identify recommended version of libraries.
• Training application developers in secure coding techniques and best practices and helping to integrate security into the software development life cycle (SDLC).
• Document practices and guidelines for use by application team during development and process improvements.
• Penetration Testing using Burp Suite, OWASP ZAP.

Environment: Fortify, RAPID7,Kenna,SonarQube,Secureworks, Java, Python, XML, JUnit, JSP, Java Script, Shell script/Perl script, SSL/TLS, White Hat, Kenna, Jenkins, Ansible, Confluence, Burp Suite, OWASP ZAP, GIT, Stash, DevOps, DevSecOps, Oracle, Red Hat Linux, Jira, tomcat.

Confidential, Framingham,MA

Principal Application Security Consultant (Java)

Responsibilities:

• Develop cost effective security solutions for potential vulnerabilities found across web applications and propose recommended solutions usingJava, J2EE, Java Script,Spring,SOAP, RESTful,Python.
• Writing groovy scripts as part of DevSecOps and remediation of Checkmarx with Jenkins server; drove the adoption of security scanning tools Checkmarx and AppScan for both development production use.
• Writing utility /common classes in Java/Python as part of mitigation of critical vulnerabilities across web applications
• Validate source code for OWASP Top 10 vulnerabilities across applications, identify potential threats and provided cost effective solution as per the Staples/OWASP guidelines.
• Engagement with cross functional development teams starting from initiating static/dynamic scans, Checkmarx, App Scan tool training, remediate identified vulnerabilities and work with dev teams to review findings that are candidates for false positive.
• Security assessment for third party open source libraries, identify recommended version of libraries.
• Involved in support and maintenance activity for Checkmarx upgrade/installation, SSL certificate installations, Jenkins up-gradation/installation, fixing potential vulnerabilities on Jenkins server.
• Training application developers in secure coding techniques and best practices and helping to integrate security into the software development life cycle (SDLC).
• Penetration Testing using Burp Suite, OWASP ZAP.
• Actively involved in developing applications on emerging technologies- DevOps, DevSecOps, Ansible, GitHub, Bitbucket, Spark, on Linux environment.

Environment: Java, Python, Jython, XML, JUnit, JSP, Java Script, Shell script/Perl script, SSL/TLS, CheckMarx, AppScan, Jenkins, Ansible, Confluence,Burp Suite,OWASP ZAP, GIT, Stash, DevOps, DevSecOps, MS SQL Server, Red Hat Linux, Jira, tomcat.

Confidential, MA

Senior Application Developer

Responsibilities:

• Analysis of existing PONMS/VPNS management systems and developed design specifications for retrieving alarms from various NE’s through third party vendors.
• Implementation of consuming SOAP/REST web services for retrieving alarms from NE’s through third party systems and filtering and posting alarms to Verizon Fault Management System using Java/J2EE.
• Developed business rules for processing alarms and implemented filtering rules using Python/Jython scripts
• Design and development of live alarms using JMS (Reading, Parsing XML files using SAX and posting of data to Verizon systems.
• Validate source code for OWASP Top 10 vulnerabilities across applications, identify potential threats and provided cost effective solution as per the Verizon’s /OWASP guidelines.
• Automation of security scanning tools using Jenkins jobs and drove the adoption of security scanning tools Fortify, Black Duck for both development production use.
• Led the security reviews for Application Security, Web Applications and Infrastructure Security .
• Performed security automation focusing on Threat modelling, manual exploitation and mitigation of OWASP Top 10 security threats in web applications.
• Training application developers in secure coding techniques and best practices and helping to integrate security into the software development life cycle (SDLC).
• Actively involved in developing applications on emerging technologies- DevOps, DevSecOps Jenkins, Ansible, Stash, GIT on Linux environment.

Environment: Java, Python, Jython, XML, Apache CXF, Axis2, JSP, Java Script, Shell script/Perl script, TL1, SOAP Web services, RESTful Web Services, JMS, Fortify, Blackduck, Web Inspect, Jenkins, Ansible, GIT, Stash, Spring JPA with Hibernate, Red Hat Linux, Oracle, SOAP UI, Oracle, Jira, WebLogic, tomcat.

Confidential

Lead Developer - JAVA

Responsibilities:

• Design and development of communication canter (Secure emails) functionality to make inquiries, Reply emails and retrieve emails from SOAP web services using Java/JEE, JSP, HTML, JQuery, JDBC,JAXB, and Spring framework.
• Wrote code for exception handling, logging, and implemented various encryption/decryption techniques for secure content and session integration for entire module.
• Provided security code reviews using Nimble, AppScan, CheckMarx Product and evaluated results for security vulnerabilities for banking applications. Trained, documented and advised application developers for security risks.
• Migrated from finding security problems to finding elegant and effective business security solutions for bank.
• Implemented viruses scan functionality for uploading attachments for secure email modules.
• Design and development of UCM Utility (Reading, Parsing XML files using SAX and DOM parser and display data on screens).
• Design and development of viewing Tax Documents and retrieve the data from SOAP web services using JAXB.
• Wrote Shell script to automate standalone /batch processes and java program to call super scheduler to manage various jobs.
• Developed test cases using JUnit and done the thorough testing of applications.
• Developed Functional & Technical specifications documents for Message Centre module.
• Actively involved in developing applications on CHEF for IT infrastructure automation, rainbow for testing automation Jenkins for continuous deployment which can drive business innovation.
• Developed POC for installing and configuring CHEF client/server, creating recipes/cook books, integration of Jenkins & GIT with CHEF on Linux environment

Environment: Java, JDBC, XML, HTML 5,JQuery,Java Script, HTML,CSS3 AJAX, Angular JS, JAXB, JNDI, Spring 3.0, hibernate, Smooks, SOAP, JMS, RESTful, Shell script,, SVN, Maven, SQL, PL/SQL, Oracle 11g,JBOSS 7.1.3,Tomcat 1.7,QC,Fortify,Sonar,AppScan, Nimble, Bootstrap, SOAP UI, Junit, JMETER, TestNG, Jira, GIT,CHEF, Jenkins, Ruby,Super Scheduler.

Confidential

Sr. Developer

Responsibilities:

• Designed & developed “Card and Application Management System” & “Participant” module.
• Development & customization of “IPMD” module for Telecom Billing CCBS- System.
• Analyze and worked on SK Telecom product - NVIOS & Mobile Wallet.
• Designed and developed web pages using HTML 5, CSS3, JSP,AJAX, jQuery.
• Designed the database tables using Erwin data modeler and Toad as GUI tool.
• Provided solution for application code venerability fixes and code review, code optimization.
• Implemented external SSO using various encryptions, decryption techniques using SAML.
• Analyze information security systems and applications, recommend and develop security measures to protect information against unauthorized modification or loss.
• Wrote programs in C language for batch files creation and libraries used for mediation system.

Environment: NexCore, C, Java, JDBC, JSP, JSON, AJAX, JQuery, JavaScript, HTML, Spring 3.0, Oracle, iBATIS,JIRA, MAVEN, JBOSS, Tomcat, web logic, Eclipse, JMS, Web Services, Jira, Jmeter, TestNG, Linux, Oracle, Erwin, Toad, CVS, Clear case, Jira, SOAP UI.