Application Security Consultant Resume Profile
3.50/5 (Submit Your Rating)
NJ
Summary
- 5.5 years of professional experience, focused on Security Development Lifecycle covering application security requirements, threat modeling, source code reviews and blackbox testing.
- Successfully carried out web application vulnerability assessments and implemented security solutions for wide range clients based out of US.
- Involved in various knowledge management, competency development and security evangelization sessions within the organization. Also involved in conceptualization and development of various standard procedural documents, charters, check lists.
- Awarded Microsoft 'Most Valuable Professional 2009' MVP in 'Developer Security' category for showcasing exceptional leadership skills and quality of technical expertise delivered within the security community across the globe.
- Certified Ethical Hacker CEH v 6 from EC - Council.
- Certified in 'Fortify Application Security Suite'
- Certified in Cenzic Hailstorm Security Assessment Tool
- Member of OWASP Seattle, WA and Bangalore, India.
- Presented sessions on customizing firefox/chrome for PenTesting, defending applications against keygens, debugging Apps with OllyDbg .
- Participated in SecureCamp conducted by RSA Security Labs.
- Tech blogger Writeup on application hacking and security tools/tutorials
- More than 10000 visits / month.
- 85,000 views for OllyDbg video tutorial, 2500 views/month for Android app decompilation, 700 views/month on toggling XSS feature in internet explorer
- Bachelors in Electronics and Communications Calicut University, Kerala, India: 2002 - 2006
Security Tools:
- Black Box Testing Frontend Security Testing
- HP - WebInspect Enterprise Edition Centralized
- Cenzic Hailstrom, IBM AppScan, Acunetix, N-Stalker
- White Box Testing Code Review
- Fortify Security Suite Web Application Vulnerability Scanner
- OunceLabs Secuity Analyst Vulnerability Assessment Tool
- Security OS Distributions VMs Backtrack, DVL, OWASP Live CD, Samurai, Pentoo
- Free/ Open Source
- ZAP, WebScarab, Burp Suite, Fiddler, SWF Intruder
- WebSecurify, Skipfish, Nikto, Nessus, Nmap, WireShark, Foundstone Tools
- Android/iPhone/Win7 Simulators
- HP QualityCenter Creation and tracking of security test cases, ClearQuest tracking defects
- ArcSight ESM, Ncircle Vulnerability Scanner, AirDefense - Enterprise Wireless LAN Security
Languages: Java, JavaScript, PHP, Visual Basic 6.0, C, C, HTML, XML
Operating Systems: Windows, OSX, NIX, Mobile - Android, iOS, Win Mobile
Databases: SQL Server 2000, Oracle, MS-Access
Servers: Tomcat, Apache, Microsoft IIS
Professional Experience:
Confidential
Role: Application Security Consultant
- Leading the application security team assessing client web and mobile applications that handle PCI and customer sensitive data.
- Assist in creation of data flow diagrams and threat models for pilot applications.
- Create Test Execution plan and Strategy to perform release based application scan for client's applications.
- Security testing performed on Mobile applications running on Android, iPhone, iPad and Windows 7 platforms.
- Design and Implementation of vulnerability dashboard This dashboard is a one-stop portal for the client senior management to track the threat level of their applications. A fully-fledged knowledge base is also a part of the portal that helps developers and security testers to quickly communicate and understand the vulnerabilities discovered.
Role: Security Consultant Customer
Confidential
- Web Application Code Review Manual review as well as with ounce labs tool source code analyzer. Validate source code for Top OWASP and PCI Vulnerabilities.
- Web Application Blackbox Testing Used Cenzic Hailstorm and Appscan to assist in blackbox testing. Executed manual tests by validating with custom security checklists.
- Penetration Testing Framework - Involved in developing a security framework for Infosys.
- Testing Flash and Ajax applications Tested flash applications using tools like SWF Intruder and manual code review with decompiled SWF files.
- Application Weight Estimation Developed a prototype model that helps us to estimate the effort and prioritize the applications in testing queue.
Role: Security Analyst Customer
Confidential
- Web Application Vulnerability Assessment Performed web application blackbox testing.
- Web Server Testing Performed vulnerability scanning using various tools like Nessus Nmap a: Large Banking and Financial Institution US
Confidential
- Security Event Monitoring and Root cause analysis of data from different devices like Firewalls, Intrusion Detection Systems, Active Directory, Antivirus, and Wireless LAN Security through Airdefense.
- Vulnerability Assessment Analyzed by correlating data obtained from vulnerable systems obtained through nCircle IP 360 Scanner. Created a java application for generating reports from the info obtained from the mainframe logs. Created various tools in visual basic for correlating the events observed from various devices
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
