| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
PHONE NUMBER AVAILABLEEMAIL AVAILABLEPROFESSIONAL SUMMARYGraduate professional with around 5 years of experience assisting organizations on enterprise-wide security projects.Implicated towards Cyber Security, Advisory and Data Analytics, seeking opportunities where I can leverage my diverse technical skills and experience including IT security domains such as Security Architecture, Social Engineering, Risk Assessment, Vulnerability Assessment & Penetration Testing for Web, Mobile, Web Services, and Cloud Platforms.Experienced with Black Box, Grey Box and White Box Security testing, Threat Modelling, Security Architecture, Vulnerability Detection and Remediation, Report Generation and Vulnerability Management pertaining to Network and Application Security.Proficiency in using Dynamic and Static analysis techniques to assess internal and third-party applications for Security Vulnerabilities and manual exploitation and mitigation of security findings not limited to but including OWASP Top 10 and SANS 25.Proficiency in designing a robust & secure application architecture by communicating identified vulnerability findings with clients/customers and remediating appropriate mitigationsPerforming assessment and risk classification of identified vulnerabilities based on the security impact, likelihood, and business risks.Reverse engineered hardware components to understand functionality and improve performance in embedded systems.Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation.SKILLSOperating Systems: Linux, Windows and IOSProgramming Languages: .Net(C#), Java, HTML, JavaScript, C++, Python, VB, Angular JSSource Code Analysis Tools: HP Fortify, Checkmarx, IBM Source, Veracode, SonarQubeDynamic analysis tools: HP WebInspect, Invicti, Acunetix, Burp Suite, OWASP ZAPPenetration Testing Tools: Burp Suite, Owasp ZAP, Kali LinuxCloud Security Tools: Qualys, Okta, Whitehat, Centrify, NmapsAPI Testing Tools: POSTMAN, SOAPUI, Burp SuiteLibrary Scans: Nexus, JFrog, Black DuckNetwork Security Testing Tools: Nmap, Metasploit, Nessus, Qualys Guard, SSLScan, WiresharkProxy Tools: Burp Suite, ZAP, ParosCloud Infrastructure: AWS, GCPMethodologies: Waterfall, Agile, RUPData Processing: Ms. Excel, SQL, Minitab, SharePoint, Ms. AccessPresentation & Business Modeling: Ms. Visio, Ms. PowerPoint, Visual Studios, Mock FlowContainer securityWeb Application security & Application risk assessmentAPI security & Open-source securityThreat modelingStatic code analysisEXPERIENCEClient: UPSRole: SR APPLICATION SECURITY ENGINEERDuration: August 2022 PresentResponsibilities:Led the implementation of a corporate vulnerability management program, ensuring continuous remediation of vulnerabilities within compliance deadlines.Led the integration of Checkmarx into the development lifecycle, automating static code analysis and ensuring the continuous identification and remediation of security vulnerabilities in .NET and JAVA applications.Identified and mitigated security risks associated with APIs and providing guidance and support to development teams on API security best practices.Conducted vulnerability assessments and penetration testing of APIs.Integrated security into the SDLC, collaborating with development teams and adhering to Left-Shift principles to enhance code quality and security.Responsible for automating API security assessments into continuous integration and continuous deployment (CI/CD) pipelines of authentication and authorization infrastructure (e.g. SAML OpenID OAuth)Performed static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects using tools like Burp Suite, IBM AppScan, Invicti, Blackduck, Kali Linux, SonarQube, Nexus, Checkmarx etc.Experience with performing vulnerability assessments, red teaming, or penetration testing.Proficient in capturing application-level vulnerabilities like XXE (XML External Entity), XSS, SQL Injection, CSRF, Broken Authentication, sensitive data, HTTP response, Insecure credential storage, RFI/LFI.Experience in scanning the third-party library vulnerabilities using JFrog, blackduck.Hands-on experience in API Security Testing using Postman, SOAP UI, REST API.Hands on experience on Tools Nessus, Metasploit, Burp Suite, SQL Map, OWASP ZAP Proxy, Acunetix, N-map, and HP Fortify used for web applications Security testing.Client: Blackbuck EVRole: APPLICATION SECURITY ENGINEERDuration: June 2019 - July 2022Responsibilities:Skilled in developing strategies and programs to ensure capability enhancement to include measurable goals and objectives.Implemented continuous monitoring practices in accordance with NIST guidelines, leveraging automated tools and processes to detect, assess, and respond to security incidents in real time.Maintained guidance documents and tracking systems for assigned campaigns/projects.Interacted and coordinated in understanding the business issues, requirements, doing exhaustive analysis and offering end-to-end solutions.Designed, developed, and tested technical solutions collaborating with senior engineers and was involved in code/design reviews.Worked with limited supervision and overseen the installation, configuration, and maintenance of Security related information systems.Utilized reverse engineering techniques to identify and resolve vulnerabilities in software systems, enhancing overall security posture.Conducted various approaches to Grey & Black box security testing.Conducted Dynamic and Static Application Security Testing (SAST & DAST)Collaborated with cross-functional teams to integrate NIST cybersecurity controls into system development life cycle (SDLC) processes, ensuring security by design principles are applied from inception to deployment.Developed reports and presentations regarding Security activities.Provided support for Security activities, including meeting agendas, memoranda, reports, or other documents using word-processing or other software systems such as Microsoft Word, Excel, Outlook E-mail, and Calendar system.Assisted developers in re-mediating issues with Security Assessments concerning OWASP standards.Learned how to independently resolve production issues through the troubleshooting of applications and components.Identified vulnerabilities like SQL injection, XSS, CSRF relating to session management, privilege escalation and other logical issues.Served as a Security engineer for multiple projects / Teams on a cross-functional team responsible for Vulnerability identity management.EDUCATIONMaster of Science Business Analytics from Sacred Heart University-Connecticut |
