Candidate Information | Title | Security Engineer Cloud | Target Location | US-PA-Morton | | 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateProfessional Summary:Having 7+ years of experience in financial, insurance and healthcare industries. Knowledgeable Security Engineer Professional with a deep understanding of security principles, risk assessment, and threat management, Penetration Testing, Security Controls and Validation. Proficient in CI/CD pipelines, web application security assessments, dynamic and static code analysis, and scripting for automation.Professional Experience:Client: The World Bank Group, Washington, DC Nov 2022 PresentRole: Security EngineerResponsibilities:Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by HCL AppScan, BurpSuite, White Hat Sentinel, HP WebInspect, HP Fortify, Checkmarx, Contrast Security and eliminated false positives.Designed, implemented, and maintained security controls and measures to protect against cyber threats and vulnerabilities.Conducted risk assessments and vulnerability scans to identify security risks and develop mitigation strategies.Conducted vulnerability assessments and code reviews using Veracode and SonarQube, identifying critical security issues and providing actionable remediation strategies.Implemented Cloud Security Access Broker (CASB) for Cloud applications in AWS.Worked on Imperva SecureSphere Web Application Firewalls (WAF), AWS Cloud Security, SymantecSOC Cloud Access Security Broker (CASB).Designed and deployed a multi-region Kubernetes cluster on AWS, ensuring high availability and fault tolerance for critical applications.Maintained and made docker pictures for a tech stack including Cassandra, Kafka, Apache and a couple in house made java organizations running in Google Cloud Platform (GCP) on Kubernete.Implemented all components of AWS, Azure and GCP security standards and Used Google Cloud Platform (GCP) Services like Compute Engine, Cloud Functions, Cloud DNS, Cloud Storage and Cloud Deployment Manager and SaaS, PaaS, and IaaS concepts of Cloud computing and Implementation using GCP.Implemented best practices for managing compute, storage, and other cloud resource types securely and efficiently.Worked closely with cloud architects and security teams to identify and mitigate security risks in the cloud environment.Working knowledge on cloud security engineering and administrating for SaaS, PaaS, and IaaS (including AWS and Azure).Participated in AWS migration and developed security controls for IaaS, PaaS, SaaS based application in the cloud.Conducted comprehensive security assessments and risk analyses for cloud-based applications, identifying and mitigating potential vulnerabilities.Utilized AWS Security Hub, Azure Security Center, and Google Cloud Security Command Center to monitor and enhance the security posture of cloud assets.Performed in-depth manual audits of application code to uncover security vulnerabilities and ensure compliance with industry standards.Collaborated with development teams to implement secure coding practices, enhancing the overall security posture of applications.Managed vulnerability tracking and resolution using Atlassian tools such as Jira and Confluence.Developed and maintained security policies and procedures in line with OWASP Top Ten and NIST guidelines.Implemented security policies, procedures, and guidelines to ensure compliance with industry standards and regulations.Collaborated with cross-functional teams to address security requirements and integrate security solutions into existing infrastructure.Experience with Java programming and well-versed in secure coding standards including OWASP Top Ten, MITRE, Sun, and NIST.Developed secure Java applications, adhering to industry best practices and secure coding standards.Participated in code reviews and peer reviews to identify and address potential security vulnerabilities.Experience in Using GIT for code repository and as version control mechanismImplemented authentication solutions for various types of applications using OAuth2.0, SAML and OpenID.Automated security scanning process (DevSecOps) as part of Continuous Integration and Continuous Delivery (CI/CD) of security reports into the build cycle.Led the automation of security scanning processes as part of the DevSecOps strategy, integrating security reports into the CI/CD pipeline for seamless delivery.Collaborated with DevOps and development teams to integrate security best practices into CI/CD pipelines.Collaborated with development and operations teams to embed security practices into the software development lifecycle.Conducted security assessments and audits to identify vulnerabilities and ensure compliance with security standards and regulations.Conducted comprehensive penetration tests and vulnerability assessments using tools such as Nessus, Qualys, and Metasploit.Experience with GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.Collaborated with development teams to integrate security into the software development lifecycle (SDLC), ensuring secure coding practices.Good understanding of web application attacks including SQLi, XSS, CSRF, and other common security issues beyond the OWASP Top 10.Conduct Penetration Testing, DAST, SAST and manual ethical hacking for web applications using IBM AppScan, HP WebInspect, HP Fortify, Checkmark, BurpSuitePro.Developed threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications.Conducted comprehensive code reviews and vulnerability assessments using Veracode and SonarQube, identifying critical security flaws and providing detailed remediation recommendations.Performed manual audits and security assessments on Java-based applications, ensuring compliance with secure coding standards such as OWASP Top Ten and NIST.Developed and maintained security guidelines and best practices for application development and deployment.Strong knowledge of web application security, web-related protocols (HTTP, HTTP/2, SSL, WebSockets, etc.)Worked with DevOps teams to automate security scanning into the build process.Implemented network security measures using AWS WAF, Security Groups, and NACLs to protect against external threats.Performed regular security audits and risk assessments, providing actionable recommendations to mitigate identified risks.Provided guidance and support to development teams on secure coding practices and security best practices.Client: CVS Health, Virginia Aug 2021 Oct 2022Role: Security EngineerResponsibilities:Implemented authentication for applications using web application vulnerability scanning tools ( IBM AppScan, IBM AppScan Source, WebInspect. HP Fortify, HP WebInspect, BurpSuite, ZAP, Kali Linux, etc.)Performed pen testing of both internal and external networks as per PCI-DSS standards. The pen testing scope included O/S (Windows and Linux) and external facing web apps and database servers that store credit card information.Reviewed security vulnerability reports for applications and databases, analyzed and worked extensively with the development teams for the implementation of mitigating controls.Implemented IBM AppScan standard, source editions, HP WebInspect and QualysGuard web application scanners. In addition, the security tools Metasploit and BurpSuite were utilized for manual penetration testing.Performed security assessments for the client-facing apps. The associated IT infrastructure such as database management systems, middleware systems, web services (SOA) were also included in the security assessments.Reported security findings, recommendations and presented to the business users, executive committee and Compliance departments.Managed cloud security tools such as AWS Security Hub and Azure Security Center, ensuring continuous monitoring and threat detection.Participated in security assessments and audits, providing insights and recommendations for improving cloud security.Experience on EC2, S3, RDS in AWS environment and Hands on experience on Google Pubsub, Dataflow in the GCP environment.Gained hands-on experience with cloud security tools and technologies, enhancing the security of cloud environments.Contributed to the development and documentation of cloud security best practices and guidelines.Experience with Identity and Access Management (IAM) and development of user roles and policies for user access management.Conducted workshops and user awareness training on security policies, procedures and baselines.Worked with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards.Developed security policies and baselines for mobile and web applications. Performed compliance audits to ensure security policies and baselines have been adequately implemented.Performed PCI pre-assessment audit for the entire network as well as the related applications in preparation for the annual external PCI compliance audit.Collaborated with development teams to implement secure coding practices and address security vulnerabilities in a timely manner.Client: Intuit, San Diego, CA May 2019 Jul 2021Role: Information Security EngineerResponsibilities:Participated in the deployment of Security Incident and Event Management (SIEM) system. Reviewed technical specifications for SIEM, logging and proposed recommendations to improve the overall deployment of the solution.Hands on experience in installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R77.20, Secure Platform Installation, VPN, DMZ, clustering, and HA.Administered Maintained, and Deployed Imperva web application firewall, Checkpoint IPS & VPN systems, and McAfee network-based Data Loss Prevention (DLP) devices.Conduct regular risk assessments and vulnerability assessments to identify potential threats.Implement and manage security measures such as firewalls, intrusion detection systems, and encryption protocols.Coordinate incident response activities, ensuring quick and effective resolution of security breaches.Collaborate with IT and development teams to integrate security best practices into the SDLC.Managed Telecommunications security audit mission covering Voice over IP (VoIP) infrastructure implemented in the firm.Manage and configure security infrastructure, including firewalls, IDS/IPS and encryption technologies.Collaborate with IT and compliance teams to ensure adherence to financial regulations and standards (e.g. PCI-DSS, SOX).Assisted in the development and implementation of disaster recovery and business continuity plans.Managed endpoint security solutions and coordinated timely updates and patches.Provided detailed reports on security incidents, vulnerabilities, and trends to senior management.Conducted security compliance audits covering Disaster Recovery (DR) simulations and its adherence to security policies and standards (SOX, FFIEC, SSAE 16).Performed penetration testing for external facing web applications. Security areas covering threat modeling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed.Conducted security assessments for various applications supporting various businesses. The web application infrastructure such as IBM WebSphere, Apache Tomcat, and IIS web/application servers were reviewed for compliance to firms security baselines.Managed security assessments for various types of Operating Systems (O/S) used by the firm. The security audits of RedHat Linux, SharePoint, Oracle Solaris, Windows (including Active Directory) and IBM AIX were conducted. Several control enhancements, specifically, on the patch management process, were recommended.Executed database management system assessments across all business lines and entities in North America hub. Database servers such as, Oracle, SQL Server and Sybase were reviewed for compliance to global and local security standards.Participated in the integrated security design reviews. Mainly responsible for the review of input/output security, data completeness and accuracy of data reconciliations and timely processing of security batch jobs.Proficient in excellent communication, relationship building & interfacing skills, systematic approach and ability to work effectively with stakeholders in fast paced environments.Epsilon, Wakefield, MA Feb 2018 to April 2019Role: Java DeveloperResponsibilities:Designed and developed User Interface using JSP, CSS, HTML and JavaScript. Used JavaScript DOM manipulation and JavaScript event to generate the data result in UI.Designed and Developed Java Script frame work which is wrapper on top of JQUERY frame work and AJAX based UI frame work for UI Configuration widgets.Reviewed previous research papers related to the study. Fetched data by conducting a survey to gather information required to perform experimentsPerformed detailed analysis on the report and results. Used Latex and BibTex to generate organized documents that stand out in the scientific and academic community.Extensively involved in requirements gathering and analysing them, checking the dependencies and design of the project.Used Ajax, OO Java Script, JSP, JQuery, HTML5 and CSS3 to develop the application.Developed different JQUERY component in MVC micro architecture framework which internally use various design pattern such as singleton, command, delegate, etc.Worked on REST API to create services and used in Angular JS to bind the data in the front end.Involved in redesigning the entire site with CSS styles for consistent look and feel across all browsers and all pages.Implemented Log4J 1.2 for Logging Errors, debugging and tracking using loggers, appenders.Improved outgoing quality through test and yield improvements and characterization. Also reduced costs through test time improvements.Wrote test plans and performed unit testing and performance testing. Fetched the data from Meta data tables with help of Hibernate Template for dropdowns.Used GIT for code repository and as version control mechanismEducation:Bachelors in Computer Science and Information Systems, University of MichiganSecurity Certifications/Training Courses Attended:Microsoft Certified Solutions Associate (MCSA: Windows Server 2018)IBM-Cigital Defensive Programming for .NET ApplicationsIdentity Management and Single Sign-On by Learning Tree International |