Mar 2022 – Mar 2024 · 2 yrs · Bengaluru, Karnataka, India

• Experience on Security Testing of Web, Network and Mobile.
• Web application Security Testing and Security Architecture - SAST and DAST
• Application Threat Modeling using STRIDE/DREAD/CVSS/Attack Tree
• Enterprise Network Security- Internal and External IP Scanning
• End point security and management
• Mobile security
• Security Management - Secure Policies, Standards and Procedures with proper change management, Incident management and Risk Management process.
• Compliance - ISO-27001, GDPR, PCIDSS, HIPPA , OWASP Top 10, SANS Top 25
• Tools:
• Web Vulnerability Scanners (DAST): IBM App scan Standard, HP Web Inspect, Acunetix, Nessus, Burpsuite, ZAP
• Network Vulnerability Scanners (DAST): Qualys, Nessus, TruffleHog - API KEYS.
• Static Code Scanners: Fortify, IBM App scan Source, Veracode, Coverity
• End Point Security and Management: Mcafee Virus Scan Enterprise, IPS, IDS, DLP, Browser Protection, SIEM, Cloud ePO, Mcafee Agent, SIEM
• Penetration Testing: Metasploit, nmap, Wireshark, Hydra, netcat, Burpsuite Proxy, Kali Linux
• experience in Software Automation, Performance Testing, Build deployments, Test Setup, DevOps, Virtualization.
• API Security, Cloud Security: CI/CD pipelines using Jenkins.
• Tools:
• Automation: Selenium Webdriver (C# / Java), SQL 2008/2012, SOAP UI, Postman, WCF Test Services, MS Test, TestNG, Maven, Log4j and ApachePOI.
• Performance: New Relic, Xperf, Perfmon, SQL profiler, VSTS WebTests

Jan 2018 – Mar 2022 · 4 yrs 2 mos

• Web Application Security, Penetration Testing, Code Review, Threat Modellingand AWS Cloud Security,Risk Management, OWASPTop 10, Burp suite, Nmap, Metasploit.
• Actively monitoring security components to ensure that confidentiality, integrity,and availability of all information assets are ensured.
• McAfee ePolicy Orchestrator, Virus Scanner, Drive Encryption, Data Loss Prevention, TIE, File and Removable media Protection, Endpoint Security (ENS), Nessus, Symantec Message Labs, Barracuda IPS/IDS, Splunk Enterprise, Sparta, Qualys Enterprise, and SIEM Enterprise
• AWS Cloud Infrastructure -Configure and fine tune cloud infrastructure systems
• Ubuntu, Kali, RHEVLinux Administrator as anIntermediateLevel
• Experienced and workingon ticketing systems like Incident Management, Problem management and ITIL Process with tools based on Service-Now, HPSM, Remedy tool and ITSS Ticket Management✓Experienced in Administering, monitoring,and maintaining LINUX & Windows IT infrastructure.

Jan 2016 – Apr 2018 · 2 yrs 3 mos

• Performed vulnerability assessments and penetration testing on web application and providing comprehensive report with recommendations.
• Ability to work as part of a team and to build strong relationships with relevant individual
• Interact with customers in a collaborative, consultative manner to deliver results, provide feedback and remediation recommendations on findings.
• Performed Application Security Standard Testing (ASST) on internal applications.
• Good exposure to Security Testing on DAST and started working on SAST.
• Have experience in SQL Injection, XSS (Cross site scripting) attacks and major hacking protection techniques.
• Hands on experience in working with penetration testing tools like Burp suite, Web Inspect, ZAP , sqlmap.
• Analyze application security vulnerabilities found through testing and collaborate with development and other internal technical teams to provide mitigation steps to reduce the risk.
• Ability to apply experience and expertise to problem solving in a complex technical environment.
• Preparing vulnerability assessment report and manual verification of testing results.
• Re-validation of vulnerabilities after developer closing them and providing go or no go from application security perspectives

Feb 2014 – Dec 2015 · 1 yr 10 mos

• DDoS attack: UDP/ICMP Flood, SYN Flood,HTTP Get Flood, TCP Connection Attack, TCPFlag-based Attacks.
• DataSecurity: McAfee Data Loss Prevention, RSA Data Loss Prevention Suite, Websense's Content Protection Suite, Guardium, PKI, RSA Secure ID, DLP, digital signature.
• Monitoring:AWS CloudWatch,AWS Config,BMC Patrol, Manage Engine, and Bluecoat.
• Honeypots: Database Honeypots (Elastic honey), Web honeypots (Glastopf, Shadow Daemon, Google Hack Honeypot), Service Honeypots (Kippo, troje), Deployment (Dionaea, honeypotpi).
• Microsoft technologies: -Microsoft Identity Manager (MIM), AD, LDAP, Windows PKI, SharePoint, WSUS and SQL Server.✓Cryptography: Encryption Algorithms, Digital Signature, Deploying PKI.✓SIEM: MacAfee ESM (Nitro), RSA Envision and Splunk
• Malware Analysis: Process Explorer, Process Monitor.✓Virtualization: VMWARE, VMWARE ESXI and ORACLE VIRTUAL BOX.✓Process Skills: InformationSecurityManagement System, BCP/DR Planning.

Aug 2013 – Feb 2014 · 6 mos · Hyderabad, Telangana, India

• Static Application Security Testing (SAST):•Experience in performing automated Static Application Security Testing and Secure Code Review•Performed manual code reviews.•Evaluated security vulnerabilities and prepared customized Vulnerability Assessment Reports along with Recommendations.•Develop secure code practices and provide Remediation Assistance to development teams.•Good hands on Static scanning tools -IBM APPScan Source Code Edition, SecureAssist.
• Dynamic Application Security Testing (DAST):•Experience in performing automated Dynamic Application Security Testing.•Assessment of web applications for security vulnerabilities and design flaws.•Performed manual validation of Security Vulnerabilities.•Evaluated security vulnerabilities and prepared customized Vulnerability Assessment Report along with Recommendations.•Good hands on various dynamic scanning tools like WebInspect, HP AMP Tool, HP Toolkit, IBM APPScan etc.