PROFESSIONAL SUMMARY:

• Overall 7+ years of IT security experience in performing risk evaluation and develop mitigation plans for various IT Companies and Financial institutions including but not limited to Firewalls, IDS/IPS, Security Event Monitoring, Logs Management, and vulnerability assessment.
• Profound Knowledge and experience in Vulnerability assessment, Penetration testing, Web - Application Testing and Infrastructure security testing.
• Proficient in the key aspects of information security such as (Confidentiality, Integrity, Availability and Non-Repudiation) and in information security controls (Administration, Logical and Physical).
• Good experience and knowledge in identifying and responding to different types of attacks such as DOS, DDOS, Phishing, Man-in the Middle attack, replay attack, Wireless attacks, Password based attacks, Sniffer attack, IP, MAC and DNS Spoofing attacks, and Malware attacks.
• Follow industry best practices and methodologies including NIST 800 Series, OWASP TOP 10 and SANS 20 Vulnerabilities list.
• Identifying vulnerabilities and threats based on Company’s security policy and regulatory requirements such as PCI, PII, GLBA, HIPAA, and SOX.
• Monitor information security alerts using SIEM to respond, triage, escalate and remediation of unauthorized activity as needed. Alerts include logs from Firewall, IDS/IPS, Antivirus, Proxy Servers, DNS, DHCP, AD, CISCO ESA AND WSA, Event logs from NT line of Microsoft Windows.
• Review security events which are detrimental to the overall security posture of the organization, identify and analyze the sophisticated and nuanced attacks, discern the false positives from enterprise configured policies.
• Perform Forensic analysis and evaluate the systems using vulnerability scanners and evaluations.
• Perform the Risk analysis and provide the security architecture and finally bringing security as part of SDLC process.
• Good experience in risk compliance functions and Administering GRC tools such as RSA security Archer.
• Experience in Monitoring and managing DLP (Data Loss Protection) and SIEM (Security Incident and Event Management) Solutions.
• Design and implement the reports on overall security posture of the systems as well as the network by monitoring Clients, Servers, Security devices and Network traffic for unusual and suspicious activity. Interpret the activity and make recommendations for resolution.
• Able to discover new and un-patched vulnerabilities in common software applications and network services through the independent research (via source code audit and fuzzing).
• Have experience in performing application and infrastructure penetration tests as well as social engineering tests for the clients to review and redefine requirements for information security solutions, application designs, source code and deployment as required.
• Profound ability to assist with investigations of security events such as unauthorized access, non-compliance with company policies, fraud and service exploitation etc.
• Good experience in assisting information security team on implementation of security policies and procedures (e.g., user log on, authentication rules, security breach escalation procedure, auditing procedure and use of firewalls and encryption routines).
• Good knowledge and ability to assist with Security Related Software and Firmware (e.g., FIREWALL & DMZ, IDS/IPS, DLP, END-POINT SECURITY, SIEM TOOLS, PROXY SERVERS, CHOKING POINT, URL FILTERING and DNS etc.
• Detailed knowledge of network and web related protocols (e.g., TCP/IP, IPsec, HTTP, SSL and routing protocols) and has ability to move seamlessly between a Hacker/Attacker mindset to a Security Engineer/ Defender mindset.
• Good Knowledge and experience in writing and modifying scripts in Python, bash and PowerShell which includes Exploit codes and Recon scripts which automate the pen testing process during vulnerability assessment step.

TECHNICAL SKILLS:

Offensive Security Tools: NMAP, METASPLOIT, NESSUS, BURPSUIT, VEIL-EVASION, MALTEGO, ZAP PROXY, Dhcpstarv, SQLMAP, H-PING 3, NETCAT and more tools using KALI LINUX.

Defensive Security Skills: QRADAR, SOURCE FIRE, ANTIVIRUS, MONITORING LOGS FROM FIREWALL, IDS/IPS, ACTIVE DIRECTORY, DHCP, PROXY SERVER etc. PACKET Capturing and Analyzing using WIRESHARK/SCAPY.

Web Application& Mobile Application DAST: HP Fortify, HP WebInspect, IBM APP SCAN, BURP SUITE and NESSUS.

Operating Systems: Windows, Mac and Linux based Systems.

Programming Skills: C, JAVA, SQL, HTML, LINUX, PowerShell and Python.

SIEM IDS Tools: IBM QRadar.

Protocol Analyzer Tool: Wireshark, TCP Dump, Ettercap, Scapy and Colasoft.

Networking Concepts: OSI Model, TCP/IP, UDP, IPV4, IPV6, Subnetting and VLSM.

Security Services: VPN, NAT/PAT, Access-Lists, IPsec, TACACS+, RADIUS, SSL, SSH, AES, SHA and Juniper SRX

Firewall: Cisco PIX, ASA, Juniper Secure Access VPN Appliance, Checkpoint and Palo Alto.

PROFESSIONAL EXPERIENCE:

Confidential, Manchester NH

IT Security Analyst

Responsibilities:

• Discover the Vulnerabilities by understanding the security posture of the Systems and the network to reduce the attack surface area.
• Responsible for creation and maintenance of User Accounts, groups and active directory, as well as many other peripheral systems.
• Utilizes security rules to grant/revoke access to application, servers, group folder etc.
• Provides timely response to customer requests and help desk incidents that was sent to security team.
• Analyzed security risks and controls.
• Hardening the systems including changing the defaults, removing the unnecessary protocols and services, Closing the unused Ports and keeping the system up to date by patching them at regular intervals.
• Performed the risk analysis and provide the security architecture of the system and the network and finally making security part of the SDLC process.
• Educate the end users by conducting workshops and meetings about the risks and security controls of the system and network as the humans are the weakest form of security.
• Monitor the network traffic, packet capturing using Wireshark, analyzing patterns, correlation between the Events to identify and mitigate the Risks associated with them.
• Collaborate with different teams such as IT management, legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.
• Has developed, implemented, enforced and validated the information security policies, standards, methods and procedures and monitor the compliance across the enterprise.
• Performed procedures and assessments necessary to ensure the safety of the information systems assets and to protect systems from intentional and in-advertent access or destruction.
• Involved in Active directory security implementation and migration in target domain.
• Checked for insecure file permissions, application permissions on whole DFS file system.
• Performed the penetration testing in accordance with the Bank’s policy and its assessment of risk and laid much focus on
• On newly developed Information System.
• Legacy System undergoing major upgrade.
• Changes made to the environment in which information system operates.
• A new type of attack is discovered and may impact the system.
• Anti-Virus products and central control.
• Meets with developers and managers to help specify and negotiate application security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensure safe transition of applications to production.

Confidential, Great Neck, NY

Application Penetration Tester

Responsibilities:

• Identifying the vulnerabilities and recommend corrective measures and ensure the adequacy of existing information security controls.
• Identifying the Critical, High, Medium and Low Vulnerabilities in the application based on OWASP Top 10 and prioritizing them based on the criticality.
• Performed the live data capture with Wireshark to examine security breach/flaws.
• Implemented Tenable Nessus, Tenable security center and customized audit compliance dashboards of system configurations and content for vulnerability/ configuration compliance management and monitoring programs.
• Monitoring the security of critical systems (e.g., e-mail servers, Database servers, web servers etc.) and recommend changes to highly sensitive computer security controls to ensure appropriate system, administrative actions, investigate and report on noted irregularities.
• Conduct routine social engineering attacks, phishing attacks and clean-desk audits.
• Investigate potential or actual security violations or incidents to identify issues or areas that require new security measures or policy changes.
• Monitoring the logs from SIEM tools and correlating them to identify the suspicious activity.
• Discover the Vulnerabilities by understanding the security posture of the Systems and the network to reduce the attack surface area.
• Hardening the systems including changing the defaults, removing the unnecessary protocols and services, Closing the unused Ports and keeping the system up to date by patching them at regular intervals.
• Performed the risk analysis and provide the security architecture of the system and the network and finally making security part of the SDLC process.
• Educate the end users by conducting workshops and meetings about the risks and security controls of the system and network as the humans are the weakest form of security.
• Monitor the network traffic, packet capturing using Wireshark, analyzing patterns, correlation between the Events to identify and mitigate the Risks associated with them.
• Collaborate with different teams such as IT management, legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.
• Has developed, implemented, enforced and validated the information security policies, standards, methods and procedures and monitor the compliance across the enterprise.
• Performed procedures and assessments necessary to ensure the safety of the information systems assets and to protect systems from intentional and in-advertent access or destruction.
• Had advised the end users and management of the identified critical issues that may affect customers, suppliers, buyers and finally company from the reports generated from Risk assessment.
• Conducted IMPACT ANALYSIS to ensure resources are adequately protected with proper security measures.
• Examine, interview, and test procedures in accordance with the NIST A Revision 4 and ensure that the client & agency policies are adhered to and that required controls are implemented.
• Validate respective information system security plans to ensure NIST control requirements are met.
• Reviews the risk assessments, analyze the effectiveness of information security control activities, and reports on them with actionable recommendations.
• Consult with end users and managers on the data classification of their resources and made recommendations regarding critical points of failure (CPOF) and single points of failure (SPOF) respectively.
• Identified and resolved root causes of security related problems. Actively responded to security incidents and conducted forensic investigations and targeted the reviews of suspected areas.

Confidential

Information Security Analyst/AML officer

Responsibilities:

• Responsible for implementing, monitoring, and enhancing controls for Banks information security program.
• Will be responsible for installing, implementing and documenting security software, products and programs.
• Closely work with CISO (Chief Information Security Officer) to enhance the delivery of information security awareness across all the departments of the Bank.
• Worked closely with the CISO to assist the Bank with performing required due diligence for evaluation and selection of new vendors, software and hardware applications.
• Provided 24/7 coverage and support when necessary for security events and incident response.
• Responsible for log management review and control enhancement and developing the Bank’s Security Event Management technology.
• Worked closely with the internal and external audit groups to monitor, respond and mitigate any required risk areas required.
• Worked closely with the Legal Department as needed to assist with the contract renew process, monitor legal and regulatory changes and finally identify and fill the loop holes and gaps in the security program coverage and business processes.
• Conduct investigations into information security incidents and conduct forensic analysis of artifacts, collect evidence and ensure proper chain of custody and control of security incident evidence.
• Conduct security Compliance assessments, as per the Guidelines laid out by RBI, IRDA, SOX, SEBI and PCI etc.
• Performed day-to-day operational security duties (e.g., respond to ad hoc security requests) and other administrative functions, when required.
• Handle the management and execution of second line monitoring and assessment program for Anti-Money Laundering/ Counter-Terrorism Financing (AML/CTF).
• Aid in the design, development and implementation of a risk assessment framework to support all customer interactions.
• Develop and participate in compliance reporting to ensure the completion and proper analysis of suspicious activity reports that have been conducted.
• Examine, interview, and test procedures in accordance with the NIST Revision 1 and ensure that the client & agency policies are adhered to and that required controls are implemented.
• Assisted in detection and identification of discrepancies in the information security program and information systems, by leveraging the control definitions located in NIST SP Revision 1 series to ensure acceptable level of Risk have been achieved.
• Perform the day-to-day operations, management and administration to protect the Integrity, Confidentiality, and Availability of information assets and technology infrastructures of the organization:
• Meets with developers and managers to help specify and negotiate application security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensure safe transition of applications to production.

Confidential

Cyber Security Analyst/Penetration Tester

Responsibilities:

• Perform the security reviews of application designs, source code and deployments as required, spanning all types of applications such as (web application, web services, mobile applications, thick client applications and SAAS etc.).
• Collected and reported on requirements to improve the flow of information to ensure data is properly secured and protected from Cyber Security and insider threats.
• Performed the penetration testing in accordance with the Bank’s policy and its assessment of risk and laid much focus on
• On newly developed Information System.
• Legacy System undergoing major upgrade.
• Changes made to the environment in which information system operates.
• A new type of attack is discovered and may impact the system.
• Produced the results indicating a likelihood of occurrence for a given attacker by using the level of effort the team needed to expend in penetrating the information system as an indicator of the penetration resistance of the system.
• Validated the existing security controls (including the risk mitigation mechanisms such as Firewall, IDS and IPS systems).
• Provided a detailed Report of verifiable and reproducible logs of all activities performed during the test, and actionable results with information about possible remediation measures for the successful attacks performed.
• Thoroughly documenting all the penetration test results, including all the Vulnerabilities, and how the vulnerabilities were combined into attacks.
• Strong ability and understanding of exploiting known Vulnerabilities and expertise to identify the specific weakness and unknown Vulnerabilities in the Bank’s security arrangements.
• Simulated how the attacker would exploit the reported Vulnerabilities during the dynamic analysis phase.
• Following additional tasks were performed.
• Test for heavy loads on the data servers and web servers.
• Check for DDOS and DOS vulnerable systems.
• Run SYN attack and Port Flooding attacks on the servers.
• Run the email-bomber on the email servers.
• Flood the web forms with bogus entries.
• Documented all the findings with Timestamp and reported to senior management at regular intervals.