SUMMARY

• 7 years of experience in Information, Application and Network Security.
• Experienced in various domains such as Web Application security testing, Vulnerability Assessment, penetration testing and generating reports using tools.
• Extensive knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Knowledge of OWASP top 10 and SANS 25 standards.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
• Hands - on experience on tools like NMap, Nessus, QualysGuard, Metasploit, Wireshark, HP Fortify and IBM AppScan.
• Validate the false positives and report the issues.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
• The ability to comprehend and troubleshoot in a timely fashion.
• Excellent communication skills and capability to interact with diverse individuals, Skilled in mentoring a team and working in a group very efficiently.

TECHNICAL SKILLS

Hacking Tools: Aircrack-ng, Hydra, Burpsuite, Metasploit, Nmap, Wireshark, Sqlmap, Nesuss, Owasp zap

Wireless Pen testing: WPA, WPA2, WEP, AirSnort, Kismet, InSSIDer

Web Technologies: HTML, JavaScript, XSS, SQL Injection

Programming Languages: Python, SQL

Password Cracking: MD5, SH1, SH2, RainbowCrack, Bruter

Sniffing Tools: WireShark, Omnipeek, Metasploit, NetCat

Databases: IBM InfoSphere Guardium

SIEMs: ArcSight ESM, IBM QRadar

Vulnerability Scanners: Nessus, Metasploit, OWASP, Qualis IBM appscan

Operating systems: Kali Linux, Parrot OS, Backtrack, Windows

PROFESSIONAL EXPERIENCE

Confidential, Richmond, VA

Penetration tester

Responsibilities:

• Identifying and exploiting network, and application vulnerabilities in order to illustrate risks and provide prioritized recommendations to clients.
• Performed port scanning on servers using NMAP and closed all unnecessary ports to reduce the attack surface.
• Performed penetration testing using Kali Linux based on OWASP Top 10 to find XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws.
• Used IBM AppScan for static code and dynamic code analysis for web application.
• Performing the code review to remove the False Positives and also identify the False Negatives.
• Prepared comprehensive security report detailing identifications, risk description and recommendations with the code snippets for the Vulnerabilities.
• Captured live packets using Wireshark to examine security flaws in the network.

Confidential, Illinois

Security Analyst

Responsibilities:

• Ensure that all access controls are implemented, maintained and monitored through a security methodology that supports operation and security compliance requirements.
• Continually assess the systems against potential threats and vulnerabilities via system and network security monitoring.
• Used Splunk to consolidate, monitor and alert on any abnormal or malicious logged activities.
• Ensure that all identified vulnerabilities are mitigated in a timely fashion.
• Support incident responses for all security-related issues.
• Cross correlate and analyze log information, packet captures, security alerts and artifacts to identify entry vectors, network traversal and malicious activity.
• Experienced in configuring, running, validating and contextualizing the findings of vulnerability discovery tools such as Nessus and NeXpose.
• Knowledge of either executing or defending against complex, targeted cyber threats to high-value systems and data.
• Research and understand emerging information security threats, vulnerabilities, and their countermeasures.

Confidential

Penetration Tester

Responsibilities:

• Analyze systems for potential vulnerabilities with the help of Qualys VM that may result from improper system configuration, hardware or software flaws.
• Conducted penetration testing using Kali Linux and Cobalt Strike to identify critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports. Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools.
• Assisting in preparation of plans to review software components through source code review or application security review.
• Assist developers in remediating issues with Security Assessments with respect to OSWASP standards.

Confidential

Penetration Tester

Responsibilities:

• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• Performed vulnerability scan using Nessus to identify and understand exploits, vulnerabilities and threats
• Performed port scanning on servers using NMAP and closed all unnecessary ports to reduce the attack surface.
• Wireshark is used to capture live data packets to analyze the network traffic and to examine security flaws within the network.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.