Security Information
Resume:
Reshma Reddy
***************@*****.***
SUMMARY
An IT professional with 6+ years of experience in Information Security
Experience in implementing security in every phase of SDLC. Have hands-on experience in application security, vulnerability assessments and OWASP along with different security testing tools.
A Certified Ethical Hacker.
Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.
Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify.
As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions.
Executed antivirus scans and eradicate viruses
Experience in reverse Engineering of Native Mobile Application.
Exploring local Storage and hard coded information and file structure of Native Application.
Reporting the identified issues in the industry standard framework.
Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
Experience in software Licensing audit.
Ability to take data driven decisions using operational intelligence tools like SPLUNK, PGP.
Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
Good knowledge in programming and scripting in asp, Java.
Ability to work in large and small teams as well as independently.
CERTIFICATIONS:
Certified Ethical Hacker
EDUCATION:
Master of Computer Science, California USA.
TECHNICAL SKILLS:
IBM AppScan Standard Edition,HP Web Inspect, OWASP Top 10 and SANS Top 25, Vulnerability Assessment, Paros Proxy, Wappalyzer, Live HTTP Header, Tamper data, Flag fox, Burp Suite, Web Scarab, SOAPUI, DirBuster, YASCA,Sqlmap, Nikto, Metasploit, Kali Linux
PROFESSIONAL EXPERIENCE:
Client: Cisco Sanjose, CA April 2015 to till date
Role: Pen Tester
RESPONSIBILITES:
Performed security research, analysis and design for all client computing systems and the network infrastructure.
Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
Security testing of APIs using SOAP UI.
Experience in reverse Engineering of Native Mobile Application.
Exploring local Storage and hard coded information and file structure of Native Application.
Experience in using Kali Linux to do web application assessment with tools like Dirbuster, Nikto, and NMap.
Good knowledge on IBM AppScan to enhance the web application security.
User ID reconciliation on quarterly basis.
Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
Threat modelling of the Project by involving before development and improving the security at the initial phase.
STRIDE assessment of the applications during the design phase, identifying the threats possible and providing security requirements.
Monitoring and analyzed the security logs and applications data logs from Application Firewall using SPLUNK.
Training the development team on the most common vulnerabilities and common code review issues and explaining the remediations.
Good knowledge in programming and scripting in .net, Java.
Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
Ensuring SDLC to be a Secure SDLC.
Client: Paypal Sanjose CA Feb 2014 to March 2015
Role: Security Analyst
RESPONSIBILITES:
Perform pen tests on different application a week
Automated Scan of 5 different projects on weekly basis using Acunetix to ensure the changes does not reflect any new vulnerability.
Static Code analysis using HP Fortify to identify the vulnerabilities in the applications.
Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities and SANS 25.
Access control check to identify the privilege escalation issues on various roles and ensuring the closure by overall framework implementation.
Burp suite to identify issues like sql injection, XSS, CSRF etc.
Penetration testing of various applications to identify issues in various categories likes Configuration Management, Session Management, Sensitive data handling.
Provide the report and explain the issues to the development team
Manage antivirus and antispyware protection systems, verifying definitions are up to date Retest the fixed issues and ensure the closure
Testing on WEB based applications, Mobile based application and Infrastructure penetration testing.
Perform secure code review of the code base.
Train the development team on explaining the security vulnerabilities in the form of security awareness sessions by explaining the security requirements prior to development.
Google, India Dec 2011 to Jan 2013
Role: Security Analyst
RESPONSIBILITES:
Black box pen testing on internet and intranet facing applications.
In the team, main focus of work was to audit the application prior moving to production.
Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests.
Perform threat modelling of the applications to identify the threats.
Google Apps Administration
Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
Providing remediation to the developers based on the issues identified.
Revalidate the issues to ensure the closure of the vulnerabilities.
Write security test cases from project requirements and help QA teams to incorporate security testing in Scrum Backlog.
Vulnerability assessment (VA), Security policy, and network and security audit.
Ensuring compliance with legal and regulatory requirements
To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk
TCS, India Jun 2010 – Oct 2011
Security Analyst / Pen Tester
Responsibilities:
Conducted application penetration testing of 90+ business applications
Conducted Compliance Audits
Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests.
Monitor, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool.
Identify issues in the web applications in various categories like Cryptography, Exception Management.
Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defence in depth.
Initiate and develop new mechanisms to addresses unidentified security holes & challenges.
Real-time Analysis and defense.
Using various add on in Mozilla to assess the application like Wappalyzer, Flag fox, Live HTTP Header, Tamper data.
Management, Logging, Penetration Testing, etc.
Contact this candidate