Experience

• 

  Confidential

  Sept 2017 - Jul 2020

  Cyber security analyst

  1. Web Application Penetration Testing, Infrastructure Security, Internal and External Penetration Testing, Vulnerability Assessment, Server Hardening, Config Audit Review and comprehensive report preparation.2. Scanned and analyzed ports scan results.3. Manually verified the vulnerabilities related to the ports.4. Testing Web Applications and networks for OWASP top 10 and SANS top 25 vulnerabilities.5. Experience in working with major tools like “IBM AppScan, Acunetix, Nmap, Metasploit, Nexpose, Wireshark, Nessus, Qualys Guard, BackTrack suit and other vulnerability scanners.6. Manual approach for web application penetration testing”.7. Configuration Review for various OS and databases8. Testing, evaluating and recommending new tools and technologies.9. Overall co-ordination with clients and internal teams to complete requirements with in the time.10. Tested web application, network infrastructures (Internal/External).11. Web Application Security Testing, Security Code Audits and Reviews, Web Server Log Analysis, Hacking Incident Handling.12. Deal with both external internal clients. Show less

• 

  Northern lights technology development

  Jul 2020 - Aug 2021

  Nltd information security analyst

  1. Responsible for analyzing and in identifying the vulnerabilities manually.2. Conducting fully manual web application testing of PCI website as per client requirement with OWASP top 10 Vulnerabilities. Also designed and integrated custom rules and reports.3. Worked on Burp, Qualys, Nessus, HP-Fortify SCA, IBM Appscan Source, and other such static analysis tools.4. Apart from Application Security also responsible for Configuring, implementing, managing and administering security technologies such as anti-malware, system hardening, intrusion detection/prevention, firewalls, security assessment utilities, and content filtering utilities on Cyberoam UTM Firewall, Checkpoint GAIA, Trust wave Web defend WAF, Squid , SEPM, SIEM, and Checkpoint IPS.5. Able to Plan the mitigation of specific network vulnerabilities and exploits with Accuentix Web Scanner , Nessus ,Metasploit Framework, Open VAS and IBM App Scan.6. Assisting network defense initiatives, incident investigations, and end-user security awareness training and monitored compromised system that is infected from zero day virus.7. Responsible for Network Security Audit and Web Application Security Audit for the clients and review Vulnerability assessment penetration testing report of network and PCI Web application. Show less

• 

  Accenture

  Aug 2021 - Jan 2023

  Security delivery senior analyst

  1. Manage particular testing activities end-to-end as part of customer projects;2. Manage communications in the meetings with security and project teams;3. Develop penetration testing strategies based on customer risk assessment, threat models, technical and business solution/environment architecture, industry best practices as well as specifics of the telecom domain;4. Discover system and solution vulnerabilities (e.g. XSS, CSRF, CRLF, SQLi, XXE and uncommon HTTP Request Smuggling/Splitting, other vulnerabilities categorized e.g. by OWASP, CWE/CVE) and security weaknesses from a variety of sources (technical documentation, source code, communication with project and development teams);5. Assess the penetration test results with security and development teams, contribute to risk mitigation actions at the technical and project management levels;6. Contribute to developing training programs for development and testing teams.7. Also responsible for the Administration & configuration of the Multiple Security Products which includes Checkpoint Firewall, Source Fire IDS and SIEM (Dell SecureWorks,OSSIM) Fire-Eye for advanced persistent zero day threat in MNP Project.8. Performed Manual/Automated web application security assessments using open-source and commercial security tools (ex. Qualys, Nmap,IBM AppScan, Burp Suite, White Hat vulnerability scanners, Contrast,local proxies etc) across web technologies and various operating systems.9. Understanding of application security guidelines/requirements from OWASP, OSTMM.10. Experienced working in Multi-OS Environments (Linux, Redhat, Solaries, Windows). Show less

• 

  Cme group

  Jan 2023 - now

  Security engineer ii ( global information security)

  1. Primary responsibility to conduct Black/Grey/White box Vulnerability Assessments & Penetration Testing for web application, network infrastructures (Internal/External web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and IBM Appscan Enterprise/Standard and Qualys (Vulnerability Managment). 2. Writing a formal security assessment report for each application, using our company’s standard reporting format.3. Participating in conference calls with clients to review your assessment results and consult with the clients on remediation options.4. Retesting security vulnerabilities that have been fixed and republishing your report to indicate the results of your retesting.5. Supporting clients in giving step-by-step guide for replicating potential attack scenarios and security patches if required.6. Conduct fully manual web application testing with in-depth knowledge of OWASP top 10 vulnerabilities, SANS Top 25; etc.7. Testing web applications for common security vulnerabilities such as input validation vulnerabilities, cross-site scripting, SQL injection and insecure direct object references.8. Demonstrating manual web application testing experience; i.e. candidate must be able to simulate a SQL inject attack without the use of tools. Show less