SUMMARY:

• 15 months of experience in Web Application Security, Logging and Alerting, Security Design, Penetration Testing, Secure Coding, Mobile Application Security, Application Security Controls and Validation, Risk Assessments, Regulatory Compliance and Secure Software Development Life Cycle (secure SDLC).
• Experience in conducting IT Security Risk Assessments in accordance to Confidential and FFIEC framework.
• Ability to find in vulnerability assessment and penetration testing using various tools like Burp Suite, OWASP ZAP proxy, Accunetix, NMAP, Nessus, Nikto, web scanner, HP Fortify, Kali Linux.
• Work with global security teams performing application and IT infrastructure security assessments. knowledge of penetration testing for web applications.
• Have a good understanding of Web Application based attacks to include Denial - of-service attacks, MITM attacks, Local file inclusion(LFI), Remote file inclusion(RFI) and Buffer overflow.
• Performed security design and architecture reviews for web and mobile applications.
• Hands on Experience working with LAN and WAN topologies, TCP/IP protocol, routers, switches, and firewalls in Internet, Intranet and Extranet environments.
• Security assessment based on OSSTMM methodology and OWASP framework. understanding with Cloud compliant and web application security using Qualys Guard.
• Excellent scripting and debugging skills on JavaScript, Python Scripting
• Working knowledge of OWASP Top 10 and SANS Top 25 software guidelines, Federal Financial Institutions Examination Council's (FFIEC) regulations, including Payment Card Industry (PCI-DSS), HIPAA/HITECH and Sarbanes-Oxley Section404 (SOX).
• Ability to handle multiple tasks and work independently as well as in a team.
• An efficient team player in challenging and creative environment with excellent capacity to adapt new technologies and skills.

SKILL:

NMAP, MetaSploit, Nikto, Jhon the ripper, Brup Suits, Maltego, Confidential, Siem, Splunk, Wireshark, Html, Javascript, Python, Requirement analysis, Xml, Data analysis, Database, Mysql, Sql, Network security, Networking, Virtualization, Linux, Penetration Testing, CEH

TECHNICAL SKILLS:

Splunk: Splunk Enterprise.

Operating Systems: Windows, Unix/Linux.

Data Analysis: Requirement Analysis, Business Analysis, detail design.

Web technologies: HTML, CSS, JavaScript, XML, Advanced XML.

Concepts: SIEM, SDLC, Object Oriented Analysis and Design.

Programming Languages: Python, UNIX shell scripts.

Database: Oracle, MySQL, SQL queries, SQL Procedures.

Tools: Microsoft Word, Microsoft PowerPoint, Microsoft Excel, Microsoft outlook, Project, Wireshark.

WORK EXPERIENCE:

Jr. Penetration Tester

Confidential, Philadelphia, PA

Responsibilities:

• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation.
• Perform pen tests on different application a week.
• Perform grey box testing of the web applications.
• Create written reports, detailing assessment findings and recommendations.
• Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms.
• Perform Static assessment of various applications by Static code analyzers like HP Fortify
• Perform Dynamic assessment of applications by HP Fortify and verify false positives.
• Performed static code reviews with the help of automation tools Veracode and checkmarx.
• Perform, review and analyze security vulnerability data to identify applicability and false positives.
• Work closely with research and development teams for vulnerability remediation.
• Identify issues in the web applications in various categories like Cryptography, Exception Management.
• Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards.
• Analyze parsed data from Qualys, Nessus for Vulnerability Remediation.
• Work on Vendor based Applications, Middleware and layer products
• Provide both strategic analysis and near real-time auditing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
• Analyze data and prepared reports that document vulnerabilities from network based attacks and recommended actions to prevent, repair or mitigate these vulnerabilities
• Skilled using tools like Automatic Scanner, NMAP, Dirbuster, Qualysguard, Nessus, HP Fortify, HP Webinspect, IBM App scan for web application penetration tests and infrastructure testing.
• Identify issues on sessions management, Input validations, output encoding, Logging Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Proactively identified system vulnerabilities to reduce or eliminate potential exploitation using Nessus Security Center and Passive Vulnerability Scanning.
• Work on Enterprise Release Management and Governance activities.
• Performed Scanning, analyzed data and took remediation steps.
• Knowledge of Both White and Black Box penetration testing
• Strong IP networking and troubleshooting skills
• Good Knowledge in Both Linux and Windows environments
• Experience with virtualization products such as VMware, Virtual PC, Virtual Box and Hyper -V
• Familiar with Confidential Guidelines on Network Security Testing, The OSSTMM methodologies