SUMMARY

• Professional with 12 years of dynamic involvement in Information Technology with broad involvement in Information Security, Application Security, Software Security, Enterprise Vulnerability Management and Windows System Administration.
• Expertise in performing Application Security hazard evaluations all through the SDLC cycle Performed Application security which incorporates Application Security configuration, audit, testing and remediation.
• Experience in different web and Mobile application security testing using tools like Metasploit, Acunetix, Burp Suite, DirBuster, Sqlmap, OWASP ZAP intermediary, NMap, Nessus, HP Fortify, IBM AppScan venture, Kali Linux.
• Managed the cycle of project continuity, reviewed the technical work of team, and ensured the quality of service deliverables.
• Skilled in Customer relation, business requirement gathering and Threat modeling. Organize meetings and reviews.
• Good involvement in Web innovations like HTTP, HTML, CSS, Forms, Database Connectivity.
• Simulate how an assailant would abuse the vulnerabilities distinguished amid the dynamic examination stage.
• Excellent knowledge in OWASP Top 10 2013, and WASC THREAT CLASSIFICATION 2.0 methodologies.
• Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.
• Coordinate with dev group to guarantee conclusion of announced vulnerabilities by clarifying the simplicity of misuse and the effect of the issue.
• Reporting the distinguished issues in the business standard structure.
• Sound learning and industry involvement in Vulnerability Assessment and Penetration.
• Proven involvement in manual/computerized security testing, secure code audit of web and versatile applications.
• Security appraisal in view of Open Web Application Security Project(OWASP) structure.
• Experience in monitoring periodic reviews of privilege user groups at Active Directory in both Database & Application levels.

TECHNICAL SKILLS

Standards and Framework: OWASP, PCI DSS

Application Scanners: IBM Appscan, HP Webinspect

Network Security Tools: Nessus, OpenVAS, NMap

Proxies & Sniffer Tools: Burp Suite, Web Scarab, Wireshark, DirBuster

Operating Systems: Windows,Linux

Databases: Oracle, MS SQL, MySQL

Penetration Testing: Wireshark, Metasploit Framework

Programming Languages: HTML, Java, Phyton, Java Script

PROFESSIONAL EXPERIENCE

Confidential, Alexandria, VA

SR PENETRATION TESTER

Responsibilities:

• Perform Security Testing on all projects in Web Platform. This includes Web applications, web services, backend processes and Thick clients.
• Manage and perform IBM AppScan and Acunetix scans before all production releases and analyze vulnerabilities and report to all stakeholders.
• Perform manual security testing for OWASP Top 10 and WASC vulnerabilities like Injection attacks, XSS, CSRF, Session Management etc.
• Performing the manual code review to remove the False Positives and also identify the False Negatives.
• Prepared comprehensive security report detailing identifications, risk description and recommendations with the code snippets for the Vulnerabilities
• Conduct re - assessment after mitigating the vulnerabilities found in the assessment phase
• Provide Security requirements to project teams during design phase.
• Write security test cases from project requirements and help QA teams to in corporate security testing in Scrum Backlog.
• Security test planning and security test execution on Web platform projects.
• Train QA Team to identify and acknowledge security issues in their projects.

Confidential, Baltimore, MD

PENETRATION TEST ENGINEER / THUNDERHEAD OPERATIONS SUPPORT ENGINEER

Responsibilities:

• Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings.
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• Having real time experience in DDos, Sql Injection protection, XSS protection, script injection and major hacking protection techniques
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk
• Management, Logging, Penetration Testing, etc.
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports. Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
• Assisting in preparation of plans to review software components through source code review or application security review
• Assist developers in remediating issues with Security Assessments with respect to OSWASP standards.

Confidential, Boston, MA

PENETRATION TESTER

Responsibilities:

• Perform threat modelling of the applications to identify the threats.
• Identify issues in the web applications in various categories like Cryptography, Exception Management.
• Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
• In the team, focus of work was to audit the application prior moving to production.
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests.
• Providing remediation to the developers based on the issues identified.
• Revalidate the issues to ensure the closure of the vulnerabilities.
• Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defense in depth.
• Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, Tamper data.

Confidential, Richardson, TX

Security Test Engineer

Responsibilities:

• Identified attacks like SQLi, XSS, CSRF, RFI/LFI, logical issues.
• Using various Firefox add-ons like Flag fox, Live HTTP header, and Tamper data to perform the pen test.
• Performed port scanning using Network scanning tools like NMap and Nessus.
• Diagnosed and troubleshot UNIX and windows processing problems and applied solutions to increase client security.
• Performing manual/automated application security testing on the major changes carried out in the application.
• Guiding the developers in fixing the issues by simulating the attack.
• Performing a threat analysis on the new requirements and features.
• Taking Training session and spreading security awareness.

Confidential, Chicago, IL

Sr. Systems / Network Administrator

Responsibilities:

• Administration and implementation of Windows 2000/ 2003 Server having DC, ADC, DNS, DHCP, Active Directory, Group Policies
• Installation of various types of server like IBM, Dell and HP.
• Configured RAID volume and Firmware up gradation.
• Installing, configuring and troubleshooting Active Directory. IIS, DNS, DHCP.
• Managing active directory user and groups. And Appling security policy.
• Handling day to day server backup operation.
• Handling day to day Server operation like user creation, password reset,
• Patches deployment.
• To develop and implement tools for monitoring and analysis.
• To prepare Root Cause analysis for major incidents.
• To contribute with documentations for Knowledge management.
• Coordination with network Team and software vender to resolve issue.

Confidential, Phoenix, AZ

System Administrator

Responsibilities:

• Administrating Widows 2000 Multiple Server-Based network with Windows 2000 Professional & Windows XP clients.
• Windows 2000 - Active Directory implementation using Forest, Trees & Domains.
• Installing, managing and troubleshooting Windows 2000 Advanced Server.
• Configuring and maintenance of AD, DHCP, DNS, IIS, IAS, RAS & FTP servers.
• Implementing security and installing applications using Group policies.
• Managing a Microsoft Windows 2000 Network Environment
• Managing Network Infrastructure, Network Security using proxy servers.
• Performing Backup and Recovering User data and System state data.
• Managing user accounts & Shares and File Permissions & disk quota.
• Installed and maintained various software’s as per organization requirement.
• Performing Backup and Restoring User data &System state data using Backup Utility.
• Administration of a Windows NT network with 400+ users/workstations, Cisco 5500 switches and 3Com switches and hubs.
• Desktops and Server based software configuration and installation.
• Monitoring of AS backups and other tasks related to network and system administration.
• Liaison with service providers and vendors.