| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Ph#: PHONE NUMBER AVAILABLEEMAIL AVAILABLEOver 9 years of experience in Information Technology and around 5 years in the field of cyber security as a penetration testing expert.PROFESSIONAL SUMMARY:Proficient in OWASP Top 10 2010 and WASC THREAT CLASSIFICATION v2.0 methodologies.Strong experience in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.Strong knowledge in Manual and Automated Security testing for Web Applications.Good Experience in exploiting the recognized vulnerabilities.Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes & challenges.Analyzing the results of penetration testing, designing reviews, source code reviews and other security tests.Highly analytical computer security analyst with success both defending and attacking large-scale enterprise networks.Experience using a wide variety of security tools to include Kali-Linux, Metasploit, Burp Suite Pro, Wireshark, ophcrack, Nmap, Cain and Abel, Dirbuster, IBM AppScan, Nessus, OpenVAS, W3AF, Etthercap, Maltego.Experience in developing web applications using HTML, CSS, JavaScript, jQuery, XML, XSLT.Experience with Security Risk Management, SIEM & TCP-based networking.Working Knowledge in Windows/Linux, UNIX operating system configuration, utilities and programming.Experienced in working on Patch Management, Vulnerability Scanners and Penetration Testing.Experience in working with the basic programming languages.Having Good knowledge in gathering requirements from stakeholders, Constructing RFP/RFQs, devising and planning and strong technical understanding of vulnerabilities, and how attackers can exploit vulnerabilities to compromise systems.Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based applications.SOX Compliance Audit experience on controls like User access management, Change Management, Incident Management.Knowledge on TPMs (trusted platform module) installation.Performed software Licensing audit, security auditWorked with project managers in developing the project scope, allocating resources and budget.Demonstrated sound written and verbal communication skills.Excellent problem-solving and leadership abilities.TECHNICAL SKILLS:Network Enumeration: Maltego, Nmap, Netcat, DNSMap, LDAP enumeration, SMB enumeration, NessusWeb Application VulnerabilityScanning/port Scanning: Nessus, OpenVAS, Vega, Acunetix, HP WebInspect, IBM AppScan, Burp Suite, OWASP ZAP (Zed Attack Proxy),Sniffing/Man-in-the-Middle: Wireshark, Ettercap, Cain & AbelClient/Server-side exploitations: Social Engineering Toolkit (SET), MetasploitPassword Cracking: Hydra, John the Ripper, RainbowCrack, OphcrackSQL Injection Tools: Sqlmap, HavijPenetration Testing Platform: Kali LinuxLanguage: C, Python, Shell scripting, .Net, JavaWeb Technologies: HTML5, CSS, JavaScript, jQuery, AngularJS, PHPPlatforms: Windows NT, 2000, 2003, Windows XP, 7, 8.1, 10, MAC OSXWeb Server: Apache, IIS 6.0/7.0Database: MySQL, MS SQL, OraclePackages: MS OfficeOther Tools: Paros Proxy, DirBuster, CSRFTester, HP Fortify, OWASP WebScarab, Veracode, fiMap, SSL implementation, RSA implementation, Public Key Infrastructure algorithms, Google dorks, Nmap Security Engine(NSE)Professional Experience:Keruig Dec17- PresentInformation security Engineer/Penetration TesterResponsibilities:Conduct web application penetration testing for more than ten applications.Perform security analysis and identifying possible vulnerabilities, following OWASP standard and SANS 25, create Vulnerability Assessment report, detail all the exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.Expertise in the three security testing approaches viz., White box, Black box and Grey box testing.Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports.Active experience in managing and/or auditing governance and compliance such as SOX, PCI, PII, NIST standards and risk management regulations.Work with the Data Security Standards as per PCI (PCI DSS)Conduct penetration tests on systems and applications using automated and manual techniques with tools such as Fortify, fiMap, Qualysguard, Metasploit, Burp suite, Web Inspect, Kali Linux, Check Marx and many other open source tools as needed.Work on full disk encryption/ File system encryption with network administrators to protect physical devices against theft security, leave the devices unattended 24*7.Conduct reviews for both internal and vendor-acquired software to validate compliance with the organizational policiesConfiguration of the IBM App Scan tool to meet individual scanning requirementsUsing HP Fortify for identifying vulnerabilities like XSS, CSRF, SQL Injection at the early stages of Software Development Life Cycle hence reducing the major time and expenses.Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation.Perform tech talks and assist in security awareness campaigns.Safeguarding the information systems on compliance with both federal and organizational policiesSupervising the junior team members and training them in OWASP Top 10Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing SystemProject: VW Connected Services Web Portal Oct 15 - Nov17Client: HTI, AtlantaInformation security analyst/ Penetration TesterResponsibilities:Conducted application penetration testing for various business applications through agile methodology.Applied the password cracking tests over the accounts (administrator and various users) to find out the strength of the passwords.Used John the Ripper, Rainbow Crack, Hydra for password cracking tests.Proficient in understanding the vulnerabilities like XSS, SQL Injection, CSRF.Effectively communicated with the security developers, engineers and other non-technical staff from different domains.Perform SAST and DAST application security testingPerform static code review using HP FortifyRe-evaluated the issues to ensure the closure of vulnerabilities addressed during analysis phase.Conducted security assessment for PKI enabled applications.Effectively handled vulnerabilities which rise in-between the release cycles using Fortify on Demand production monitoring.Provider Portal Sep 13 - Oct 15Client: BCBS, AlabamaInformation Security SpecialistResponsibilities:Performed complex security related testing, manual and automated tests (black box, white box and grey box testing), create the reports and follow up with the respected teams for proper security.Analyze the test results and identify the severity of the vulnerabilityEnsure all the controls are covered in the checklist.Capturing and analyzing network traffic at all layers of the OSI model.Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, HP Web Inspect.Analyze the IT processes to identify the major security issues in the industry.Hands-on experience in using the open source tools such as Burp Suite, Acunetix Automatic Scanner, NMAP, Dirbuster, Qualysguard, Nessus, SQLMap for penetration testing.Worked on installation, configuration, and administration and troubleshooting of LAN/WAN infrastructure.Performed pen tests over different business applications and network devices of the organization.Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defense in depth.Providing KT to Development team for better understanding of Vulnerabilities.Ratings Gateway-Structured Finance & Corporate Governance Jul 11 to Aug 13Client: Standard & Poor's, NYSecurity EngineerResponsibilities:Established vulnerability assessment practice, proactively ensuring safety of client-facing applications.Creation of Generic Scripts for testing and reusability.Application Security Review of all the impacted and non-impacted issues.Had real time experience in DDoS, Sql Injection protection, XSS protection, script injection and major hacking protection techniques.Vulnerability Assessment including analysis of bugs in various applications spread across N-tier on various domains by using both manual and Automation tools.Used numerous open source tools for scanning the networks, servers and web applications and test for all the vulnerabilities.Trained the development team for a better and secure coding practicesWorked on various SQL Injection techniques to find the level of riskGenerated reports of the issues and vulnerabilities identified and also suggest techniques to be used to overcome such security threatsClient: ALLTEL, GA, USAProduction Support Engineer Jun 09 - July 11Responsibilities:Experience in using UNIX Shell scripting, LINUX, JAVA, J2EE and Oracle Web logic Server (10.3g/11g) for code development.Experience in multiple enhancements of the applications to improve the performance of the existing design.Experience in working closely with customers through agile methodology. .Responsible for the collaboration of all the teams for an effective production release.Responsible for implementing the code deploy through HPOO (HP Operations Orchestrations Software).As part of the release management team, took the responsibility to plan and schedule the releases, manage the change requests.Project: Online Deal Confirmations (Citi Treasury OLC) Jan 09 - May 09Client: Citicorp, NJJunior Security AnalystResponsibilities:Conducted VAPT following the OWASP Top 10 standards.Actively participated in Patch Management for clients like VISA, IRCTCMinimized the attack surface, participated in ASM.Worked with Active Directories, firewalls for windows security.Conducts formal risk analysis and self-assessments program for various Information Services systems and processes.Contributes expertise to help determine requirements and functional specifications for entire organization.Generates reports on assessment findings and summarizes them to facilitate remediation tasks for otheroperational teams.Works effectively with cross-functional and/or global teams, readily shares information with others. |
