PROFESSIONAL SUMMARY:

• 8 + years of experience in Cyber Security and network security, including extensive experience in Web Application, Vulnerability Assessment, Infrastructure Security, penetration testing
• Experience in penetration testing with Kali Linux: nmap, nessus, nexpose, wireshark,password cracking, TCPDump, metasploit
• Proficient in Linux operating system configuration, shell scripting
• Worked on Application Security Tools like Qualys Nessus scanner & IBM AppScan
• Experience using a wide variety of security tools to include Kali - Linux, Wireshark, Snort, Nitko, IBM Appscan, Nessus, Open Vas, Metasploit, Burp Suite, OWASP ZAP Proxy, Nessus, Nmap and HP Fortify.
• Performed bi-weekly network scans. Analyze risks and automate repeatable tasks.
• Experience in POS, Transaction Logs ( TLOG), payment systems, electronic funds transfer, cloud, data warehousing, web development, applications
• Experience in Point of Sale application testing including Functional, System Integration, User/Business acceptance, regression, data migration, data conversion, E2E and production acceptance Testing for web-based applications
• Good understanding on OWASP vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak passwords
• Configured, maintained and Worked on firewalls, switches, VPNs and routers
• Worked on software development lifecycle and Software Testing Life cycle and Agile Methodologies
• Experience in different web application security testing tools
• Good Knowledge on OWASP Top 10 and SANS Top25
• Worked on onsite/offsite environment
• Reviewing, Designing, modifying test scenarios, test cases & Creating test data.
• Extensive experience working with Qualys Guard to conduct Network Security assessments.
• Good Understanding of compliance and regulatory requirements like PCI DSS, SOX & HIPAA.
• Team player and ability to learn the new concepts effectively and efficiently.
• Experience in Preparing test strategy/Plan, status reports.
• Expert in Planning, scheduling, and test environment/data setup, execution, tracking and reporting
• Conducted presentations to clients projecting the security services offered by the firm.
• Having good experience in Source Code Analysis Tools on Web based Applications.
• Skilled in analyzing and monitoring network security solutions

TECHNICAL SKILLS:

Vulnerability Testing: Tenable Nessus, NMAP, OpenVAS, Qualys Guard Rapid 7 nexpose

Application Security: IBM Rational AppScan, Burp Suite,HPWeb Inspect, HP Fortify, Nikto, Metasploit, Kali Linux,Veracode,SonarQube

SIEM Tools: SPLUNK, Arc Sight

Penetration Testing: Wireshark, Metasploit

Languages & Databases: SQL, Python, Shell scripting

SECURITY SKILLS/TOOLS:

Port/Vulnerability Scanning: Nmap/ ZENMAP, Nessus, OpenVAS

Sniffing/Man-in-the-Middle: Wireshark

Web Application Vulnerability Scanning: Nessus, OpenVAS, HP Fortify, Acunetix, HP Web inspect, IBM AppScan, Burpsuite Pro.

Server/Client-Side Exploitation: Metasploit

Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper

Web Application: Manual SQL Injection, Manual Cross Site Scripting(XSS), Cross site request

Wireless: Aircrack-NG Suite and Kismet

Operating system: Windows and Linux

Protocols: TCP/IP,IPv4,TACACS,SSH,SSL,TLS,RADIUS(AAA),SNMP,DHCP,ICMP,FTP,VLAN,VTP,NAT,IPSEC,VPN,Subnetting,RIP,OSPF,BGP,LAN/WAN,DNS,ATM,PPP

Tools: JIRA, Quality center(HPALM),SCCM, Confluence, Bug zilla, SVN,CDETS

PROFESSIONAL EXPERIENCE:

Confidential, Boston, MA

Senior Security Engineer

Responsibilities:

• Conducting Web Application Vulnerability Assessment & Threat Modeling, Gap Analysis, secure code review on the applications..
• Used SAST tools (SonarQube) to test source to expose weaknesses in the software before it is deployed.
• Perform DAST on the web applications using Burpsuite pro, OWASP ZAP to identify security weaknesses and provide remediations.
• Perform Manual assessments on the source code (Java, .Net & Python) to look for security weakness inside the code.
• Hands on Experience in conducting web application security scan using IBM Appscan, HP web inspect and Accunetix.
• Discussing with Mangers and Development Team on the identified vulnerabilities
• Assigning the priority and Planning for the remediation of the high level Vulnerabilities found during the scan reports
• Assist developers in remediating issues with Security Assessments with respect to OWASP standards.
• Perform Mobile penetration testing and using Open source tools and validate results by eliminating false positives.
• Executing vulnerability assessments using tools like Nmap,Nexpose, Nessus & Qualys
• Providing KT sessions on vulnerabilities and security policies to the different teams.
• Performing Web application and source code assessments to make sure application are compliant with PCI DSS requirements.
• Worked on Manual penetration testing using tools like Kalilinux,Metaspoilt,aircrack
• Participate in daily scrum meetings & security assessment meetings.

Confidential

Senior Security Engineer

Responsibilities:

• Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.
• Work with different application teams to help them understand the vulnerabilities listed and provide recommendations to fix the same.
• Used SAST tools (SonarQube) to test source to expose weaknesses in the software before it is deployed.
• Session with the application teams to understand the application security requirements, application flow, functionality, architecture and the technology.
• Understanding the OWASP and SANS Top 25 vulnerabilities.
• Verifying the router performance with the live environment
• Checking the difference between the vendors routers
• Responsible for Working on different DSL Technologies
• Used DAST Tools IBM App scan to test the Web application implemented.
• Maintained network and ensured that all changes were implemented effectively.
• Ensured that all data was maintained in accordance to quality requirements.
• Trained and recommended improvements in process.
• Prepared guides for performing troubleshoot on system and upgraded procedures accordingly.
• Configure, monitor and troubleshoot firewalls using CLI commands and GUI interface
• Configure, implement and troubleshoot IPSec, SSL and remote access VPN
• Preparing monthly and weekly reports based on the Tool reports
• Experience with Change management process and Project documentation tools like Excel and VISIO
• Experience in Network Security like creating Access Lists(ACL), NAT.
• Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP, NTP
• Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
• Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
• Support day to day event parsing and repairing of events that have missing or incorrect information, create log source extensions, and flow management
• Providing KT sessions on Threat modelling and security Projects to the different teams.

Confidential

Security Engineer

Responsibilities:

• Executed network Vulnerability Assessments using tools to evaluate vulnerabilities.
• Conducted vulnerability scanning on both internal and external IPs using NMAP and reported the same.
• Used Network scanning using tools like NMap and Nessus, and Nitko as part of the penetration testing, performed vulnerability testing using tools such as Nessus and OpenVAS.
• Performing source code analysis to find the vulnerabilities at the code level and providing mitigation techniques to the developers.
• Worked closely with risk assessment team to provide them with the proof for the vulnerabilities exploited for the final report.
• Used SAST tools (SonarQube) to test source to expose weaknesses in the software before it is deployed.
• Used DAST Tools IBM App scan to test the Web application implemented.
• Prepared Threat modelling reports for the different projects
• Providing KT sessions on Threat modelling and security Projects to the different teams.
• Discussing with Mangers and Development Team on the identified vulnerabilities
• Assigning the priority and Planning for the remediation of the high level Vulnerabilities found during the scan reports
• Worked on Manual penetration testing using tools like Kalilinux, Metaspoilt, aircrack
• Generated and presented reports on Security Vulnerabilities to both internal and external customers.
• Experience in using Kali Linux to do vulnerability assessment with tools like Nessus, and NMap.
• Regular tracking of threats and vulnerabilities using the Tools and mitigating the issues.

Confidential

Security Engineer

Responsibilities:

• Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.
• Preparing Test plan, Test cases and Test results..
• Performed vulnerability scans using Qualys Guard, report findings, create remediation plan
• Scheduled and execute the Vulnerability Assessments and a Evaluate the results obtained
• Hands on Experience in conducting web application security scan using IBM Appscan, on daily basis to complete the assessments.
• Preparing monthly and weekly reports based on the Tool reports