Project Engineer Resume
5.00/5 (Submit Your Rating)
SUMMARY:
- Having around 7.5 years of experience in the domain VAPT (Vulnerability Assessment and Penetration Testing), Secure code Review, BRD review process, Secure Architecture review process and Threat Modeling.
- Worked as Application Security Analyst, Security architect and Project Engineer in the industry vertical Insurance, Retail, Banking, etc.
- Specialization includes Threat Modeling and Architecture review on cloud security controls, Security Testing of Web Applications and secures code review.
- Familiar with AWS and Azure cloud technologies, worked on wide range of vulnerability assessment tools and Secure code review tools like IBM App scan Standard Edition, IBM Appscan Enterprise Edition, HP Web Inspect, HP Fortify, Checkmarx, Sonatype, SonarQube,open source tools and proxies like Burp Suite, ZAP, Paros, Tamper IE, OWSP ZAP, Tamper Data, wire shark, Echomirage, Nmap, Zenmap, HTTPrint, OWASP CSRF tester, etc. Have worked on wide variety of Web Application developed in JAVA, C#, PHP, SQL and PL/SQL.
- Trained and Well - Versed in the domain Application security (VAPT and Source Code Review) and familiar with Application penetration testing techniques especially OWASP Top 10 web based attacks and OWASP’s testing guide and OWASP secure code review guide.
- Well experienced on performing Security Architecture review process and Threat modeling.
- Wide exposure on cloud based technologies like AWS and Microsoft Azure.
- Have worked towards CI/CD by automating SSDLC process.
- Worked on Sonatype tool used to assess open source code and libraries.
- Knowledge on different types of attacks that can be possible in an application like Parameter manipulation, SQL injection, Cookie poisoning and Cross Site Scripting, CSRF, Path Traversal etc.
- Experience on performing Penetration testing
- Acquainted with the tool HP Fortify and Checkmarx used for Source code review.
- Acquainted with the tool IBM Rational Appscan standard Edition and Enterprise Edition, HP WebInspect used to assess the web application vulnerabilities.
- Have also worked on Thick client Application Security.
- Experienced on various open source proxies like Burp Suite, OWASP ZAP, Paros, Web Scarab, Tamper IE, Tamper Data to intercept and modify the communication among Client - Server in form of request and responses.
- Worked on Java, C#, PHP, PL/SQL, C, Cobol Apps.
- Also, worked on Threadfix tool to aggregate various Application Security reports from different SAST and DAST tools.
- Well acquainted with security controls around AWS set up and S3.
- Worked on Agile and waterfall SDLC methodologies.
- Knowledge on federated identity management systems.
- Familiar with encryption methodologies and various algorithms.
- Have worked on multiple architecture design reviews involving protocols like HTTP, LDAP, SSL/TLS, NDM, SFTP.
TECHNOLOGY EXPERIENCE:
Databases: Oracle, SQL server, MySql, Amazon RDS, Dynamo DB, S3
Development/Productivity Tools: Java IDE, Visual studio, and SQL*Plus
Web Technologies: Tomcat Web Server, IIS, Web Logic.
Functional Areas: Security Operations Management.
IT Security Services: Security Architecture, Appsec, PACE NFT, ITCB Advisory, Enterprise Application Security
Programming Languages: Java, C#,C, SQL, PHP,PL/SQL
Security Tools and Proxies: HP Fortify, Checkmarx, Sonatype,HP WebInspect, IBM Rational App scan Standard Edition, Enterprise Edition,Burpsuite pro, Tamper IE, Tamper Data, Add N Edit cookie editor, Burp suite, OWASP ZAP, NMap, Zenmap, Wire shark, HTTPrint, OWASP CSRF Tester etc .Thread fix tool for creating a standard report.
Verticals: Insurance, Retail, Banking, etc..
PROFESSIONAL EXPERIENCE:
Confidential
Technologies Used: Fortify 360-Secure code analyzer, Microsoft Visual studio 2008.
Project Engineer
Responsibilities:
- Facilitating Developers with the read out by walking through the Security report and assisting them with necessary recommendations and code snippets to fix the issue.
- Design risk mitigated architecture by appending necessary security controls.
- Attending project kick off calls with the client and development team
- Manual walk through of the application
- Installation of all the required tools and plug in’s to perform Vulnerability assessment and Penetration testing.
- Automated vulnerability assessment SAST and DAST.
- Analyzing the results generated by the tool in order to eliminate False positives
- Perform manual secure code review on need basis.
- Manual testing(Penetration testing) and analysis using open source tools
- Attending day to day status calls with the client
- Preparing a clear detailed report on all the vulnerabilities identified along with recommendations.
- Explaining the issues identified to the development team and proving mitigation techniques to fix the vulnerability
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
