SUMMARY:

• Penetration testing based on OWASP Top 10.
• Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Decide on what to remediate and what to risk accept based on security requirements.
• Highly analytical computer security analyst with success both defending and attacking large - scale enterprise networks.
• Experience using a wide variety of security tools to include Kali-Linux, Metasploit, Burp Suite Pro, Wireshark, L0phtcrack, Snort, Nmap, Nmap-NSE, Cain and Abel, Nitko, Dirbuster, IBM App scan, HP Fortify, HP WebInspect, Nessus, Open Vas, W3AF, BeEF, Etthercap, Maltego, Wifi-Security, SIFT, SOAP UI, FOCA, Havij, Yersinia, Recon-ng, Aircrack-ng suite.
• Involved in implementing and validating the security principles of minimum attack surface area, least privilege, secure defaults, avoiding security by obscurity, keep security simple, Fixing security issues correctly.
• Strong knowledge in Manual and Automated Security testing for Web Applications.
• Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Decide on what to remediate and what to risk accept based on security requirements.
• Good Experience in exploiting the recognized vulnerabilities.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Experience with Security Risk Management with TCP-based networking.
• Experience with TCP/IP, Firewalls, LAN/WAN.
• Quick Learner, Committed team player with interpersonal skills and enjoy challenging environment with scope to improve self and contribute to the cause of the organization.
• Excellent problem-solving and leadership abilities.
• Experience in Web UI Development implementing web development tools like HTML 4.0/5, XHTML, DHTML, CSS/CSS3, JavaScript, jQuery, AJAX, JSON and XML.
• Knowledgeable about Document Object Model (DOM) and DOM Functions along with experience in Object Oriented Programming Concepts, Object Oriented JavaScript and Implementation.
• Worked on RWD (Responsive Web Design) and implemented basic level of Twitter Bootstrap and Angular.js

TECHNICAL SKILLS:

Software/Tool/Technology: BurpSuite, DirBuster, OWASP ZAP Proxy, Nmap, Live http header, Tamperdata.

Programming Languages: C, C++, PHP

Scripting Languages: Python, Basic shell Scripting

Web Technologies: HTML 4.0/5, XHTML, DHTML, CSS2/CSS3, JAVASCRIPT, JQUERY, AJAX, JSON and XML

Operating System: Linux/Unix (Red Hat Enterprise Linux, Debian, Ubuntu, Fedora, Backtrack 2/3/4/5, Kali Linux), Windows.

Database: MySQL, Oracle, MSSQL

Network Enumeration: Maletgo, Google Hacking, DNS, SMB, LDAP

Port/Vulnerability Scanning: Nmap/Nmap Scripting Engine (NSE), Netcat, Nessus

Sniffing/ManintheMiddle: Wireshark, Ettercap, Cain

Web Application vulnerability scanning: Acunetix,, HP Fortify,IBM Appscan, Nessus,, Openvas, Qualys guard.Manual SQL Injection, XSS, CSRF, Exploitation using SQLmap

Server/Clientside Exploitation: Metasploit, Social Engineering Toolkit (SET).

Password Cracking: Hydra, Medusa, John the Ripper, Rainbow Crack, Pyrit, Rainbow crack, Ophcrack

Debuggers: Ollydbg, WinDBG

Wireless: Aircrack-NG suite, Kismet

PROFESSIONAL EXPERIENCE:

Penetration Tester

Confidential

• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Conducted application penetration testing of internal and external business applications
• Security Code Review and Penetration Testing for all Internal & External Applications of Confidential &T.
• Follow up with Development teams to get recent functionality changes, their security analysis scheduling and coordinating with my team to sync with the project changes
• Acquainted with various approaches to Grey & Black box security testing
• Discovered application level vulnerabilities like Injection flaws (SQL Injection, Command Injection etc), Cross Site Scripting (XSS), CSRF, Authentication bypass, cryptographic attacks, authentication flaws etc.
• Define the timelines to the given application & Conduct the security assessments and Report out the vulnerability findings with remediation process to the development team.
• Conducted security assessment of PKI Enabled Applications
• Used Burp Suite Pro, Acunetix Automatic Scanner, NMAP & NMAP Scripting Engine (NSE), Havij, Dirbuster, IBM Appscan, Nessus, SQLMap for web application penetration tests and infrastructure testing.
• Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
• Capturing and analyzing network traffic at all layers of the OSI model using Wireshark.
• Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).
• Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
• The experience has enabled me to find and address security issues effectively, implement new technologies and efficiently resolve security problems. With having strong Network Communications, Systems & Application Security (software) background looking forward for implementing, creating, managing and maintaining information security frameworks for large scale challenging environments.

Security Tools: Kali Linux, IBM Appscan, Burpsuite, HP Webinspect, Nessus, Nmap Scripting Engine etc.

Pen Tester

Confidential,Boston,MA

• Analyze the application for Security Assessment both manual & automation.
• Perform validation and verification. Recommend process improvements.
• Define the timelines to the given application & Conduct the security assessments and Report out the vulnerability findings with remediation process to the development team.
• Conducted application penetration testing of 15+ business applications
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web application penetration tests.
• Generated and presented reports on Security Vulnerabilities to both internal and external customers.
• Retesting the application for the found vulnerabilities & Post production support.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
• Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing System

Tools: Acunetix, HP Web Inspect, Yasca, Web scarab, Nessus, Burpsuite etc.

Web Application Penetration Tester

Confidential,Northridge,LA

• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10.
• Perform penetration tests on different applications a week.
• Preparation of security testing checklist to the company.
• Ensure all the security controls are covered in the checklist.
• Identified vulnerabilities such as File upload, Path traversal, SQL Injection and more, and helped the development team to fix the issues.
• Updating of the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market.
• Providing detailed knowledge transfer to Development team for better understanding of Vulnerabilities.
• Information gathering of the application using websites like Shodan, ReverseDNS, Hackertarget.com
• Using various Firefox add-ons like Flag fox, Wappalyzer, Live HTTP Header, Tamper data to perform the pen test.
• Performed network vulnerability assessments using tools to evaluate attack vectors, develop remediation plans, and identify system vulnerabilities and security procedures.
• Network scanning using tools like NMap and Nessus.
• Used Metasploit framework to exploit the network based vulnerabilities.
• Initiative to stream line the access control mechanism of various applications.

Environment: Live HTTP Header, Nmap, Metasploit, Tamper Data, Shodan etc

Jr. Security Engineer

Confidential

• Involved in Web Application Vulnerability Assessment & Threat Modeling, Gap Analysis, and secure code review on the applications.
• Extensive Interaction with Onsite Coordinator in understanding the business issues, requirements, doing exhaustive analysis and providing end-to-end solutions.
• Doing multiple level of testing before production to ensure smooth deployment cycle.
• Helped lead security engineer in writing scripts for automation of network scans.
• Security Review of all the impacted and non-impacted issues.
• Prepared report about the findings and action items to fix the identified vulnerabilities
• Other Adhoc Activities like monthly and weekly report creations. Scheduling meeting with different applications SVP for understanding future pipelines for applications.
• Assisting customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality.
• Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project

Confidential

UI Developer (Internship)

• Worked in Agile and Scrum development environments.
• Interacted with business system analyst to understand the technical requirements of the project.
• Coordinated with Photoshop designers to implement mock ups and the layouts of the application.
• Involved in developing the UI pages using HTML, DHTML, CSS, and JavaScript.
• Developed web pages with functionalities like login, register, forget password, Email, Filters using Java Script, jQuery and HTML.
• Used JavaScript to update a portion of a web page thus reducing bandwidth usage and load time in web pages to get user input and requests.
• Coded JavaScript for page functionality and Pop up Screens and used HTML to make dropdown menus on web pages and display part of a web page upon user request.
• Involved in writing SQL Queries, Stored Procedures.

Environment: HTML, CSS, JavaScript, DHTML, SQL, PL/SQL, MS Office