SUMMARY:

• Over 6 Years of Professional IT experience in Application Security, Security Life Cycle, SDLC, Penetration Testing, and Vulnerability Assessment using OWASP, NIST and CWE/SANS Special Publications.
• Hands - on experience in reviewing and defining requirements for information security solutions and mitigation techniques.
• Involved in vulnerability assessment, Patch management and penetration testing using various tools like Metasploit, Burp Suite, DirBuster, OWASP ZAP proxy, NMAP, Nessus, SQL Map, IBM AppScan enterprise, Kali Linux, Wireshark.
• Skilled in performing both manual and automated security testing for web, mobile applications based on OWASP and CWE/SANS publications.
• Working Knowledge in Windows and Linux (Kali Linux) operating system configuration, utilities and programming.
• Experienced in developing cryptographic and hashing algorithms.
• Experience in Security, Risk and Compliance Management and RISK Management methodologies.
• Strong Experience in Security Health Check, Patch and Vulnerability management for Open Systems and Middleware applications.
• Can conduct both internal and external tests based on the client’s specifications.
• Experienced in performing analysis of the results from penetration test to identify the risks that need to be taken care of immediately.
• Well versed with performing source code review (Java, .Net, Python)to find the flaws overlooked in the initial phases of development.
• Expertise in Infrastructure security, Intrusion Detection and Prevention, configuring firewall rules and content filtering, Auditing, File integrity monitoring and Database monitoring.
• Excellent understanding of Network and security technologies such as Firewalls, LAN/WAN technologies, TCP/IP Suite, Routing and Switching, IP Sub netting, Routing protocols, Proxy services Encryption, Encoding, Hashing and SSL. Well Versed with technical report writing and Social engineering.
• Have technical knowledge on network security domains such as SAML, Siteminder, OpenId, Kerberos.
• Generated and presented reports on Security Vulnerabilities to both internal and external customers.
• Good team player with excellent analytical, inter-personal, communication and written skills, problem-solving and trouble-shooting capabilities. Highly motivated and can adapt to work in any new environment.
• Familiarity with Agile/Scrum methodologies.

TECHNICAL SKILLS:

Programming languages: C language, Python, SQL, Java, HTML, Java Script, XML, Bash Shell Scripting, VHDL and Verilog.

Operating systems: Windows, Kali Linux, MAC

Advanced Security Scanning and Penetration Testing Tools: Metasploit Pro, SOAPUI, IBM App scanner, Nexpose Vulnerability Scanner, Wireshark, Network Packet Analyzer, Kali Linux, OpenVAS Vulnerability Scanner, Nessus Scanner, TCPDump, NETCAT, Netsparker, Burp-suite Web Application Scanner, OWASP ZAP, NMAP Port Scanner, SQLMap, DirBuster, Splunk, Tripwire, W3AF Web application security scanner.

Database Systems: SQL server, Oracle, DB2,

Other tools: MAT Lab, Microsoft Office, Outlook and SharePoint

PROFESSIONAL EXPERIENCE:

Penetration Tester/ Application Security Engineer

Roles and Responsibilities:

• Performed manual security testing (Penetration Testing) on critical client applications.
• Uncovered high vulnerabilities at the infrastructure level for internet facing websites.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, integration, Authentication, Authorization, Auditing and logging.
• Conducted Dynamic and Static Application Security Testing (SAST & DAST).
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system by performing Vulnerability assessment and pen testing for our clients.
• Manual Code review to find logic flaw which are not identify by Automated Tool. 
• Experience in using Kali Linux to do web application assessment with tools like Dir-buster and NMAP. 
• Using various Firefox add-ons like Flag fox, Live HTTP Header to perform the pen test. 
• Network scanning using tools like NMAP and Nessus and Wireshark.
• Training the development team on vulnerabilities, review issues, ease of exploitation, impact, security requirements and remedies for individual issues. 
• Providing details of the issues identified and the remediation plan to the stake holders.
• Communicating and coordinating day-to- day project activities within the project team and assure that priorities are developed and known.
• Create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system, and suggestions to mitigate any exposures and testing known vulnerabilities

Application Security Engineer

Roles and Responsibilities:

• Performed Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, Web Scarab, YASCA and HP Web Inspect.
• Identified, documented and communicated vulnerabilities to appropriate members of management team prioritizing remediation requirements and increasing focus on secure coding processes and configurations.
• Coordinated with development team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue. 
• Updating the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market.
• Collaborated with clients and company teams defining requirements for security and operations programs including vulnerability Management, patch management, disaster recovery and access control. 
• Performed scoping engagements, vulnerability assessments, web application penetration testing, network penetration testing, and phishing campaigns to test security controls and policies. 
• Performed Security Health Check and Patch Management on the assets of State Street Corporation on a frequency basis for Open Systems and Middleware.
• Conducted Web Application Vulnerability Assessment and Threat Modelling, Gap Analysis, secure code reviews on the applications. 
• Captured and analyzed network traffic at all layers of the OSI model.  Monitored the Security of Critical System (e.g. e-mail servers, database servers, Webservers, Application Servers, etc.).
• Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
• Access control check to identify the privilege escalation issues on various roles and ensuring the closure by overall framework implementation.
• Handle tasks of defining and reviewing technology implementations, information security policy, and guidelines for business operations.

Technical Security Engineer

Roles and Responsibilities:

• Worked in collaboration with both networking and security teams and participated in security assessment of web applications, systems and networks.
• Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.
• Conducted penetration tests on systems and applications using automated and manual techniques with tools such as Metasploit, Burp Suite, Kali Linux, and other open source tools as needed and report the findings. 
• Worked with tools like Burp Suite, DirBuster, HP Fortify, Nmap, Acunetix, Webinspect, Nessus, IBM app scan as part of the penetration testing, on daily basis to complete the assessments.
• Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.
• Conducted testing the applications to comply with PCI DSS Standards.
• Strong knowledge in Security Information Event Management (SIEM).
• Executed live packet data capture using Wireshark to examine security flaws in the network devices.
• Worked on SIEM tools like Qradar, Splunk for logging and analyzing the network and application logs. 
• Participated in Vulnerability Assessment Team meetings on patch applicability.
• Worked on configuring, monitoring and analyzing the firewall logs.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing System.

Cryptographer

Roles and Responsibilities:

• Designed an algorithm to protect data from illegal hackers and cyber-terrorists and from interception, copying, modification and/or deletion.
• Evaluate, analyze and target weaknesses in cryptographic security systems and algorithms.
• Designed robust security systems to prevent vulnerabilities.
• Developed statistical and mathematical models to analyze data and solve security problems.
• Investigate, research and test new cryptology theories and applications.
• Conducted penetration testing on our web applications using some tools.
• Worked on authentication and authorization protocols such as SAML, Siteminder, SSO (Single Sign On).
• Ensure message transmission data (e.g. wireless network, secure telephone, cell phones, email, etc.) are not illegally accessed or altered in transit.
• Decode cryptic messages and coding systems for military, political and/or law enforcement agencies.
• Develop and update methods for efficient handling of cryptic processes and provided technical support to government, businesses and industry to solve security-related issues.
• Advised colleagues and research staff on cryptical /mathematical methods and applications.