VINITHA BUDDULA 571-***-**** ac399w@r.postjobfree.com

APPLICATION SECURITY PROFESSIONAL https://www.linkedin.com/in/vinitha-buddula

PROFESSIONAL SUMMARY

A knowledgeable, creative and passionate security engineer with 10 years of IT experience includes penetration testing, security assessments and Test Automation.

Certified Ethical Hacker (CEH) by EC Council

Hands on experience in providing recommendations to improve the security posture of the application.

Hands on experience in using the tools like Burp Suite, IBM app scan, SoapUI, HP Web inspect, HTTP watch.

Good working knowledge on OWASP Penetration testing methodology, attack vectors in web and mobile applications, risk assessment and vulnerability reporting.

In-depth knowledge on various vulnerability categories like Authentication, Authorization, Encryption, Session Management, XSS, SQL injection, CSRF etc.

Performed threat modelling on various web applications.

Good understanding of firewalls/IDS/IPS.

Exposure to all stages of Agile, SDLC, STLC methodologies.

Having good working knowledge on Agile Scrum environment.

Knowledge on .net application development.

Expertise in testing web services-SOA architecture, SOAP, HTTP and REST using various industry standard tools like SOAP UI.

Possess good working experience in test automation on Selenium using C# and Java.

Involved in different types of testing like Regression Testing, End to End Testing and Adhoc Testing, Certifying the patches in production.

Involved in Peer reviews and Periodic review meetings.

Excellent communication, interpersonal and presentation skills with strong analytical mind-set.

TECHNICAL EXPERIENCE:

Primary Skills: Web, mobile application penetration testing, OWASP methodology

Security Vulnerabilities: SQL injection, XSS, CSRF, Session Management, Cryptographic issues

Security Testing Tools: Burp Suite, AppScan, WebInspect, Fortify, Nmap, Nessus, Kali Linux

Protocols: HTTP, SSL, IPSEC, SSH, VPN, SMTP, FTP, TCP/IP

Programming skills: C, Java, C#, Python, HTML, CSS, JavaScript, VB Script,XML, JUnit

Database Servers: SQL Server 2008

Operating Systems: Windows 7, 8, 10,Windows Server 2008, IOS

Automation tools: Selenium using Java and C#,UFT 11.0/UFT12

GRC tool: Archer

WORK EXPERIENCE:

Security & Automation Engineer, SCUBEL LLC May 2016 - Till date

Project 1: Web Technologies

Responsible for developing and enhancing the Selenium Automation Framework using Eclipse Java.

Worked on POC for Selenium framework using C#.

Responsible for preparing the Automation Test Scripts.

Involved in testing the database and data validation using SQL Queries.

Involved in Regression test executions on Scubel application.

Carried out manual penetration tests on Scubel client application.

Manual penetration testing of web,IOS based applications

Documenting all the vulnerabilities with proper risk assessment.

Suggesting possible remediation’s to fix the vulnerabilities.

Security & Automation Engineer, ADP May 2007 – May 2016

Project 1: STAT – Security Testing & Analysis Team

Responsible for performing manual penetration testing, automated security scanning and static code analysis of ADP products using Burp Suite Professional, IBM AppScan.

Analyze the scan results and effectively eliminate the false positives.

Threat modelling applications to identify and address the security risks associated with them.

Performed security testing for over 70 ADP web, mobile and desktop applications.

Communicated and demonstrated the security vulnerabilities to development teams.

Adding and updating the findings in Archer.

Performed the remediation tests after the vulnerabilities are being fixed.

Development and enhancement of STAT Team portal which is an internal application developed in C# to capture the team’s weekly efforts.

Strategic approach towards proceeding with testing the application by defining the application perimeter.

Manual penetration testing of web and IOS applications.

Performing source code analysis against the findings reported by IBM App scan Source tool.

Creating proof of concepts to demonstrate the exploits.

Writing scripts/tools to perform security assessments of complex applications.

Documenting all the vulnerabilities with proper risk assessment.

Suggesting possible remediation’s to fix the vulnerabilities.

Exploring different web technologies to understand the security issues arise in web applications.

Web service penetration tests and occasional source code reviews.

Training & Mentoring the new team members from the basics.

Preparation of dashboard reports.

Received appreciations for identifying critical risk security vulnerabilities: SQL injection, XSS, Authorization bypass.

Evaluated various tools like SOAP UI and HP Web Inspect.

Project 2: RUN Automation (Payroll Application)

Responsible for developing and enhancing the UFT/Selenium Framework by adding new functions.

Involved in designing and developing a new framework in Selenium using C# and Java.

Responsible for preparing the Automation Test Scripts.

Involved in Regression test executions.

Performed Smoke testing in Production environment when new code is released to Production.

Responsible for certifying the patches before they are released to Production

Preparing reports to publish to the management mentioning burn down charts, automation status of team etc.

Involved in testing the database and data validation using SQL Queries.

Performed Parallel, Cross - Browser, multiple platforms Testing using Selenium Webdriver.

Actively involved in Scrum methodology for the project from requirements through the delivery of project.

Developing scripts for build, deployment, maintenance and related tasks using Jenkins

Involved in Sprint planning meetings and user story discussions.

Reported and Tracked Defects using Quality Center,MTM,TFS,Rally

Project 3: Retirement Services

Responsible for developing and enhancing the Framework by using UFT Framework and HLLAPI to support Mainframes.

Responsible for preparing the Automation Test Script in EzTest.

Involved in preparation of Status Report, and Execution Report.

Reported the Coverage status of test performed on the daily/weekly basis.

Project 4: EzTest

Involved in developing the framework on QTP by using VB script. Extended support to clients by enhancing the framework as per the requirement.

Updated the framework to support Delphi,Siebel, Mainframes applications.

Maintained the framework by resolving the issues raised by clients at the earliest.

CERTIFICATIONS:

Certified Ethical Hacker (CEH) V8

HP Certified professional in QTP V10.

ISTQB

AWARDS & RECOGNITIONS:

Hall of Fame Award @ ADP Jan 2012 Isquare award for automating a BPO process Mar 2010

EDUCATION:

Jawaharlal Technological University India

B.Tech., in Electrical and Electronics April 2007

Contact this candidate