SUMMARY:

• Performance - driven Information Security professional with more than six years of combined experience in IT/Infrastructure management and cyber security space. Strong knowledge and exposure to various IT security frameworks, governance, vulnerability management, and operational security best practices, tools and methodologies.
• Penetration tester with over 6 years of experience in the creation and deployment of solutions protecting applications, networks, systems and information assets for diverse companies and organizations. 
• Experience in detecting - SQL injection, XML injection, techniques to obtain command prompts on the servers , PDF exploits, HTTP response splitting attacks, CSRF, web services vulnerabilities, Anonymity (TOR) traffic identification - DOS pattern identification using Artificial Intelligence algorithms etc. 
• Highly skilled in installing, testing, maintaining and designing advance secure network solutions. 
• Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on WEB based Applications, mobile  based application and Infrastructure penetration testing. 
• Proven experience in manual/automated security testing, secure code review of web and  mobile applications.
• Provide detailed   mobile   apps security test reports highlighting possible vulnerabilities and security fixes. 
• Troubleshooting Station Cable Problems using Black Box Network   Tester .
• Perform security, functional and regression testing on  mobile   applications (iOS and Android) using tools such as Nexpose - Rapid 7, McAfee Vulnerability Manager, Charles Proxy, Burp, Wireshark, Xcode, Kali Linux  Pen   Testing tools. 
• Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internets facing point of sale web applications and Web services. 
• Skilled in identifying the business requirements for information security as well as regulations of information security.
• Extensive experience in Penetration testing - Expertise in detecting various vulnerabilities (including OWASP top 10) comprised over authentication, authorization, input validation, session management, server configuration, cryptography, information leakage areas. 
• Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, HP Web inspect and IBM Appscan. 
• Developed, implemented and enforced security policies through experience, in-depth knowledge of security software, and asking the customer the right questions.
• Experience in working with C and .Net , Java, JavaScript, J2EE, XML , Software teams and try to solve the errors in order to reduce Flaws.
• Checking with the Testing teams and worked together with testing automation and in test designing.
• An enthusiastic team player who embodies a strong work ethic and a leader who utilizes complex problem solving skills for incident analysis. 
• As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions, Dormant & Never Logged IDs clean-up.  
• Technical business expert employing tremendous Information Security Audit, Strategy and Risk Management Techniques. 
• Excellent communication, analytical, troubleshooting, customer service and problem solving skills; excels in mission-critical environments requiring advanced decision-making. 
• Experience in automation tools development for penetration  testing.
• Developed  testing practices, training plan and trained new members in penetration test duties.
• Developed remediation plans for various vulnerabilities and assisted development teams across the organization in remediating them. 
• Developed  testing  practices, training plan and trained new members in penetration test duties.

TECHNICAL SKILLS:

Tools : IBM AppScan Standard Edition, HP Web Inspect, HP Notify, Acunetix, Burp proxy, Parosproxy, Wire shark, OWASP, Web Scarab, map, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify, DIR-Buster, Acunetix Web Scanner, SQL Injection Tools, Havij, CSRFTester AND Kali Linux, Fortify, veracoad, Webgoat SSL implementation,  Fiddler2, BackTrack 5 RSA implementation, PKI (Public key infrastructure) Encryption algorithms

Platforms : Windows 98/2000/XP/Vista/Windows 7, Windows Server 2000/2003/2008

Database : My SQL 5.0

Packages : MSOffice

Network Tools : NMap, Wire Shark, Nessus, QualysGuard

PROFESSIONAL EXPERIENCE:

Confidential, Charlotte NC

Security Analyst

Responsibilities:

• Working as Security Analyst at Wells Forgo and involved in business decision makings.
• Performed Security scans on java and .net applications using HP Fortify tool.
• Work closely with development teams to remediate application vulnerabilities detected through fortify tool.
• Installing, Configuring and managing the Qualys  scanner appliance.
• Conducted vulnerability scans on DOD websites using BURP SUITE and HP  WebInspect .
• Reviewed source code and developed security filters within   AppScan   for critical applications. 
• Creation, updating, modifying the Qualys  policies as per requirements.
• Used IBM AppScan   to test websites for vulnerabilities. 
• Performing Vulnerability assessment using  Qualys  guard and Nessus scanner.
• Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services,   mobile  applications, SaaS).
• Performing automated scanning for dynamic assessment using HP   WebInspect .
• Mobile  pentesting Android and iOS devices for MEH (Manual Ethical Hacking) engagements.
• Perform Vulnerability assessment and policy compliance and PCI compliance using Qualys and IBM AppScan .
• Responsible for performing static code analysis of application source code. 
• Prepared Assessment report and assessment review.
• Implemented common security exploitation techniques and mitigations using Sqlmap,   Burpsuite  and others. 
• Having review meetings on fortify report with application teams and status meetings with the offshore team.
• Code Remediation and remediation review.
• Report deliverables and security signoff on time to the Project teams before going into the Deployment.
• Providing the vulnerability metrics to the application team of each on the severity of High, Medium, Low, where the security test of application is based on Categorization of SEV1, SEV2, SEV3, SEV4 and SEV5.
• Co-ordination with application development team.
• Communicated technical application security concepts to application teams once the fortify scan reports are generated.
• Worked on tools like IBM RAD, eclipse and Visual Studio 8, 10, 13 .
• Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of the risk potential and options for remediation.

Confidential, RI

Pen Tester

Responsibilities:

• Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients.
• Review and define requirements for information security solutions.
• Performed vulnerability scans with Qualys  vulnerability scanner.
• Conduct network and endpoint discovery mapping and administer vulnerability management assessment scans for remote networks using Qualys.
• Dynamic Vulnerability Analysis: Configured   WebInspect  Scans for vulnerabilities and manual Pen-Tests. 
• Administered software applications by identification of security malfunctions using Sqlmap,   Burpsuite and other tools.
• Scanned web and mobile applications prior to deployment using AppScan   to identify security vulnerabilities and generated reports and fix recommendations. 
• Used Burp Suite, Dir-buster, Acunetix Automatic Scanner,   AppScan   Nessus, NMAP, SqlMap, and Nessus for web application penetration testing & infrastructure testing. 
• Performed dynamic and static analysis of web application using IBM AppScan.
• Produce vulnerability management reports based on current patch levels, vulnerability severity, PCI compliance standards, and malware risk levels Qualys.
• Created  mobile   device security policy to protect corporate data.
• Created security policies to secure   mobile  devices.
• Created and execute IT security policies to  mobile  devices using Good Enterprise Server.
• Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Participate in Security Assessments of networks, systems and applications.
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
• Working with Altassian JIRA tool using for bug tracking, issue tracking, and project management functions.
• Experience creating test cases, running test cases, automate test cases and logging/verifying defects.
• Acquainted with various approaches to Grey & Black box security testing.
• Penetration testing based on OWASP Top 10.
• Security assessment of online mobile applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & amp logging .
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Metasploit, WebInspect, Kali Linux, CheckMarks,NetSparker Havij, DirBuster, IBM appscan , for web application penetration tests.
• Ensure all the controls are covered in the checklist.
• Responsible for performing static code analysis of application source code. 
• Having review meetings on daily basis, Weekly & Monthly basis for software development i.e. relying on agile scrum development model.
• Generated and presented reports on Security Vulnerabilities to both internal and external customers.
• Capturing and analyzing network traffic at all layers of the OSI model.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports.
• Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers , and other resources to validate compliance and security issues using numerous tools.
• Conducted onsite penetration tests from an insider threat perspective.
• Involve actively in the release management process to ensure all the changes of the application had gone to security assessment. 
• Burp suite, Dirbuster, HP Fortify NMap tools on daily basis to complete the assessments.
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
• Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of the risk potential and options for remediation.

Confidential, CT

Security Engineer

Responsibilities:

• Black box pen testing on internet and intranet facing applications  
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests 
• Perform peer reviews of Security Assessment Reports  
• Hands on Experience in conducting web application security scan using IBM Appscan  HP web inspect and Acunetix. 
• Perform threat modelling of the applications to identify the threats. 
• OWASP Top 10 Issues identifications like SQLI, CSRF, XSS  
• Training the development team on the secure coding practices 
• Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, cookie manager, Tamper data. 
• Providing details of the issues identified and the remediation plan to the stake holders.
• Involved in a major merger activity of the company and provided insights in separation of different client data and securing PII .
• Identification of different vulnerabilities of applications by using proxies like Burp suite to validate the server side validations 
• Execute and craft different payloads to attack the system to execute XSS and different attacks 
• SQLMap to dump the database data to the local folder 
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations
• Preparation of security  testing  checklist to the company. 
• Developed ontological and heuristic behavior frameworks for incident investigation and response. Many of my findings were implemented into a leading security platform. 
• Finding security deficiencies in applications, networks or people or processes  
• Ensure all the controls are covered in the checklist 
• Managing and prioritizing multiple tasks in accordance with high level objectives Perform  pen  tests on different application a week Metasploit to exploit the systems .
• Updating of the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market 
• Creation of secure virtualized lab for exploit creation, malware distribution analysis and security product  testing.

Confidential, MA

System Administrator

Responsibilities:

• Responsible for configuring, supporting, and troubleshooting network devices such as Cisco routers, switches, firewalls, wireless access points and controllers, ACS, ISE; 
• Build site to site VPN for remote locations and partner connections using Cisco Next Generation Firewalls.
• Configure Cisco UCS module, install ESXi host, and provision virtual machines for store retail applications.
• Perform vulnerability analysis and  Pen-Testing  to mitigate/remediate security threats mandated by in PCI Compliance/Remediation.
• Respond to network connectivity and regional data center outages; coordinate efforts with Service Desk, ISP provider; local tech and/or store personnel to restore network services 
• Provide network support for new application and device deployment; identify new connectivity requirements and develop solution 
• Monitor QRadar, a SIEM product , to identify any security violations 
• Planned, managed, and implemented a Wi-Fi deployment project to upgrade more than 1000 Cisco wireless access points; certified wireless coverage using AirMagnet wireless tool. 
• Actively involved in new store openings, closings, renovations, relocations, and technology lifecycle initiatives.

Confidential, CA

Network Administrator

Responsibilities:

• Analyze, log, track and complex software and hardware matters of significance pertaining to networking connectivity issues, printer, server, and application to meet business needs.
• Provide network support for new application and device deployment; identify new connectivity requirements and develop solution.
• Build site to site VPN for remote locations and partner connections using Cisco Next Generation Firewalls.
• Actively involved in new store openings, closings, renovations, relocations, and technology lifecycle initiatives.
• Planned, managed, and implemented a Wi-Fi deployment project to upgrade more than 1000 Cisco wireless access points; certified wireless coverage using Air Magnet wireless tool. 
• Respond to network connectivity and regional data center outages; coordinate efforts with Service Desk, ISP provider; local tech and/or store personnel to restore network services.
• Handled the tasks of designing and planning LAN network expansion of the organization.
• Responsible for upgrading and configuring Microsoft Window servers.
• Monitor QRadar, a SIEM product, to identify any security violations.
• Handled the tasks of monitoring database and ensures security of stored data monitored the access of stored information in company databases.
• Managed computer/user accounts in Active Directory.
• Installed network routers, firewall and cabling.
• Responsible for preparing, loading, documenting and  testing desktop and network developed applications for deployment, staff training, and inventory 
• Managed computer/user accounts in Active Directory.
• Supported users in multiple branches with computer, network and desktop application software; image new PCs for new employees or reimage current; install printers to user profiles; map network drives; assist in user login and connectivity issues.