| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Mobile: PHONE NUMBER AVAILABLEEMAIL AVAILABLECumming GA Street Address
SKILLSPenetration TestingBurp SuiteNmapWeevleyDASTApplication Security TestingRed TeamAgile Methods & ToolsDatabase Security TestingKali LinuxSQLMAPAircrack-ngNIST SP 800-53 Rev. 5Cyber Security AssuranceNIST SP 800-115Infrastructure SecurityReportingWeb Application Security AssessmentWiresharkAPI TestingAzure CloudSSDLCOWASP TOP 10AWS CloudOWASP ZAPMetasploitWiresharkWeb Application TestingOWASP ASVSPostmanMetasploitThreat & Vulnerability ManagementSecurity TechnologiesCyber Risk ManagementNetwork Penetration TestingEXPERINCE03/11/2024 - Present Solution Senior Consultant, Deloitte Consulting Atlanta GAPenetration testing manual web security using OWASP methodology and tools such as Zap, Burp Suite and functional testingIdentified need to create security assessment project for existing internal projects.Experience with penetration testing tools and frameworks such as Metasploit, Nmap, and Nessus.Deep insight into conducting formal tests on web-based applications and networks using deep assessment parametersVerse knowledge and understanding of XSS, CSRF, and Blind SQL Injection vulnerabilities. Local File Inclusion, Reverse shell/Remote Shell, Veil framework etc.Strong understanding of how to use wordlist to test WPA/WPA2Solid understanding of penetration testing standards and process, including the development of documentation such as rules of engagement, scope, and remediation reportsGood understanding of how to configure wireless setting for maximum securityExpert knowledge of OWASP Top 10 and ability to articulate web security risks.Conducts complex analytical functions by performing security assessments and ethical hacks of high-risk sensitive applicationsProvide accurate and timely reporting of findings and proposed remediation and mitigations02/02/2020 - 12/31/2023 Lead IT Test Engineer, INCOMM Payment Atlanta GAVerse knowledge and understanding of how-to pentest systems vulnerabilities using reverse shell or remote shell.I developed ARP spoofing and hstshihjack scripts using better caplet to test HTTP, HTTPS & HSTSWork with other functional groups within Information Security included, including Risk, Security Architecture, and SSDLCDeep insight into conducting formal tests on web-based applications and networks using deep assessment parameters.Verse knowledge and understanding of XSS, CSRF, and Blind SQL Injection vulnerabilities. Local File Inclusion, Reverse Shell/Remote Shell, Veil framework, etc.Strong understanding of how to use wordlist to test WPA/WPA2Solid understanding of penetration testing standards and processes, including the development of documentation such as rules of engagement, scope, and remediation reportsGood understanding of how to configure wireless settings for maximum security.Expert knowledge of OWASP Top 10 and ability to articulate web security risks.Conducts complex analytical functions by performing security assessments and ethical hacks of high-risk sensitive applications.Provide accurate and timely reporting of findings and proposed remediation and mitigations.Strong knowledge of Windows or Java Architecture Internals with experience in PHP or JavaScript and their associated FrameworksAbility to build threat models and communicate risks in business terms.Conducted PCI-required penetration test of e-commerce system.07/07/2018 - 01/31/2020 Sr. Technical Architect, HCL Consulting Alpharetta GAPenetration testing manual web security using OWASP methodology and tools such as Zap, Burp Suite and functional testingIdentified need to create security assessment project for existing internal projects.Experience with penetration testing tools and frameworks such as Metasploit, Nmap, and Nessus.Deep insight into conducting formal tests on web-based applications and networks using deep assessment parametersVerse knowledge and understanding of XSS, CSRF, and Blind SQL Injection vulnerabilities. Local File Inclusion, Reverse shell/Remote Shell, Veil framework etc.Strong understanding of how to use wordlist to test WPA/WPA2Solid understanding of penetration testing standards and process, including the development of documentation such as rules of engagement, scope, and remediation reportsGood understanding of how to configure wireless setting for maximum securityExpert knowledge of OWASP Top 10 and ability to articulate web security risks.Conducts complex analytical functions by performing security assessments and ethical hacks of high-risk sensitive applicationsProvide accurate and timely reporting of findings and proposed remediation and mitigations05/05/2017 - 12/31/2018 Sr. Penetration Tester, ADP Atlanta GAVerse knowledge and understanding of how to use net.sniff to spy on network devices for penetration testing.Perform web Application and network penetration tests within the parameters defined by rule of engagement coordinated with client.Perform open-source intelligence OSINT to gather for target customers for preparation for security assessments.Provide details reports on the findings of work and application tests including mitigation and remediation activities.Developed test cases to test web Applications according to OWASP and mapped every test case with NIST control.Assess and evaluate risk based on threats vulnerability and shortfall uncovered in testing.Examine assets to determine if vulnerabilities exist and if vulnerabilities are found proposes remediation strategies that can be applied to mitigate them.Perform network security analysis and risk management for designated systems.Assist the information security risk assessment program by identifying risk in the current security posture. Conduct risk assessment using NIST SP 800-53 v4 operational management and technical controls.Conducted social engineering test exercise coordinator with the payroll department to determine the level of infiltration possible using a remote command and control framework.Thorough knowledge of TCP/IP ports and protocolsConducted IDOR pen-testing to retrieve objects belonging to other users.11/10/2014 02/10/2017 Sr. QA Engineer, Deloitte Consulting Atlanta GALead the Defect Management process during the test execution phases performing daily triage meetings.Communicated progress of the QA test plan by facilitating meetings with senior leaders and Product & Development teams.Lead the Quality Assurance effort and Coordinate QA release deployment(s) and verification.Performed Back-End integration testing to ensure data consistency on front-end by writing and executing SQL Performed web-based transactions, batch transactions, trading partner testing and file exchange testing.Verified that successful integration can be achieved between the system and external entities.Performed Navigation testing and cross-browser testing on IE, Firefox, and Chrome.Used Color Contrast Checker to analyze webpage colors to verify the contrast and ensure better accessibility.Wrote and Performed Smoke test and Functional testing on every build of the application.Extensively used RQM for test planning and defect reporting, tracking, and executing manual test cases.Perform Web Services and XML testing using Soap UI.Using acceptance criteria which was produced by business analysts to perform UAT testing.Used TestNG to create the Test Suites and to execute all the test scripts.Identified and created automation test cases and test scripts using hybrid hybrid-driven framework and page object model (POM) to test the web application.Environment: IBM RFT, RTC, RQM, Java, Manual testing, MS SQL Server 2008, Oracle 10/11G, and Selenium web driver.Provide accurate and timely reporting of findings and proposed remediation and mitigations04/11/2014 11/2014 Senior Software QA Engineer, Deloitte Consulting Tallahassee FLWorked on test team status reports and proactively addressed issues related to environment/integration/builds. Extensive experience with assistive technology web application Tools such as JAWS, Color Contrast Analyzer and mobile apps IOS & Android tools.Performed different types of testing: Accessibility, Functional, System, User Interface, Regression, Mobile accessibility and Sanity testing for both Web and Mobile Native Applications.Attended Defect Triage meeting. Informed Senior Management of Risks / Issues discovered while testing.Ensured a top user experience by meeting with users and UAT teams to address testing defects.Used TestNG to create the Test Suites and to execute all the test scripts.Responsible for the implementation of Data Driven Automation Framework build using Selenium Web Driver, TestNG, and Maven technologies under the Java platform.Created data from scratch or imported data into new data pools using a CSV file.Performing testing of new software releases on Java-based web applications.Extensively used RQM for test planning and defect reporting, tracking, and executing manual test cases. Maintained bug reports using Rational ClearQuest.05/11/2012 03/2014 Software Test Engineer, EMC Hopkinton MAWorked with the product backend QA team verifying complex algorithm, data processing and results using Microsoft SQL 2008.Responsible for writing ETL table test cases under general guidance of the test lead.Performed functional testing, integration testing, regression testing, GUI testing, back-end testing, browser compatibility testing, and component testing on Windows.Provide client, server, SAN storage array support for the configuration and maintenance of the engineering computer lab systems.Managed higher availability and data protection using VMware vCenter Server Create and maintain storage allocation.Execute test procedures for ensuring the quality and serviceability of new features and releases of software for EMC storage products VNX, VNXe and VPLEX.Provide support for EMC storage including the design, implementation and support of EMC Storage arrays and software e.g. CLARiiON, VNX, Power-Path, EMC Celerra, and Data-Domain.Participate in auxiliary projects such as adding features to the Master Equipment List website and management of lab equipment.Environment: MS SQL Server 2008, Oracle 10G, Java, Manual testing, Windows 2003/2008 Server, MYSQL, Red Hat Linux, Java.05/11/2005 04/2012 IT Support Specialist, BRIDGES INC. - Jamestown, RIProvide desktop support for Windows XP and 2007 Pro along with MS Office 2003/2010 Pro and all supporting software applications.Setting up permission, delegating permission, Routing Groups, and Routing Groups Connectors.Hardware installs and maintenance for site servers, desktops, laptops, printers, scanners, projectors, video conferencing equipment, IP phone systems, and many other peripherals.Performed installs, and maintained, network operations for a static addressed client-server environment including cabling, network stack build-out, and troubleshooting with CISCO routers and Netgear switches.Apply OS patches and upgrades on a regular basis and upgrade administrative tools and utilities. Configure / add new services as necessary.Determined the causes of networking problems and utilized diagnostic testing software and equipment to troubleshoot various technical problems under time constraints Managing and Monitoring Dynamic Host Configuration Protocol (DHCP).Implementing an Active Directory Forest Domain Structure, Organizational Unit Structure, User, Group, and Computer Accounts & the Placement of Domain Controllers.Designing an Active Directory and Network Infrastructure, Forest & Domain Infrastructure, and Site Infrastructure.EDUCATION & CERTIFICATIONSGraduated 05/2013 B.Sc. IT / ISS, University of Phoenix, Boston, MAAS Degree IT Support Specialist, Community College of RI, Warwick, RIProfessional AffiliationsCompTIA PenTest CertifiedCompTIA A+ (Hardware & Software)Certified SAFe 5 Scrum MasterMicrosoft Certified: Azure Fundamentals |
