Srinivas Keerthi
Colonia, NJ
Phone: 732-***-**** (C)
Email: **********@*****.***
SUMMARY:
Over Fifteen years of experience in IT industry as Analyst with extensive knowledge in Security, Governance, Risk & Compliance, Data Analytical techniques & Quality Assurance. Competent in Software Development Life Cycle (SDLC) development with Waterfall, Agile, RUP methodology. Strong experience in Project Management. In-depth knowledge of web technologies, relational databases and multi-tier applications.
Excellent organizational, written, communication and Interpersonal skills Proficient in Preparing Test Plans, Test Scenarios, Test Cases, Test Reports, Traceablity matrix, Test Coverage Documentation and implementation of test plans and test procedures for the Client/Server applications and projects using UNIX, SQL, and PL/SQL. Involved extensively in System Testing, Functional, Regression and Integration testing.
The following experience highlights my career work.
Installation and configuration of Cyber-Ark vault, PVWA, CPM and PSM in Prod and DR.
Installation and capacity management of Cyber-Ark Privilege Session Manager (PSM) including RDS Session host and licensing.
Managed Safes and Server/ host addresses in Enterprise Password vault. Resolved issues in Cyber Ark’s Central Password Manager to communicate with hosts to reconcile credentials.
Provided guidance in addition, removal, change and lifecycle of Privileged ID Management (PIM) in order to provide the highest quality levels of Security.
Ensured that the bank’s policies and guidelines relating to IAM ((Identity and Access Management) are adhered to and implemented
Expert in Client/Server and Web application testing.
Worked with various types of manual testing like Black-Box Testing, Unit Testing, Regression Testing, Integration Testing and System Testing.
Experience in writing test plans, test strategy, resource estimation, test matrix, test cases using Business, Technical and functional specification, analyzing bugs and interacting with team members in fixing the defects. And executing test procedures using various tools.
Performed Expertise in Automated Regression Testing process using Mercury Interactive Suite (Winrunner, Load runner, Test Director)
Sound knowledge of standard business methodologies & SDLC.
Good team player with excellent communication, analytical, interpersonal and writing skills.
Ability to handle multiple tasks and work independently as well as in a team.
Experienced in back-end testing using SQL QUERIES, generating reports to ensure data integrity and validate business rules.
TECHNICAL SKILLS; HARDWARE AND SOFTWARE:
Procedural Languages : C, SHELL, SQL, PL/SQL, COBOL
Development Tools/Kits : Java, Selenium, Cyber ARK
RDBMS : Sybase 11.9.3, Sybase 12.0, and Oracle 8.i.
Operating Systems : HP UX 10.2/11, SunOS 5.6, Windows 95/98
Test Tool : SQA Manager, SQA Robot, SQA Test Log Viewer & comparators.
Win Runner 6.0, Quick Test Pro and the reporting tool Test Director.
WORK EXPERIENCE
Information Security - Access Control Analyst July 2017 – December 2017.
Collabera@MUFG
As IAM analyst worked on creating the Security Access Profile(SAP), which ensures that User roles are created according to their job role, with least privileges needed and access on a need-to-know basis. This document is the baseline document to authenticate the use of privileges for each line of business.
Ensured that proper segregation of duties and least privileged access of user entitlements.
Analyzed and ensured that Security Administrators do not have access to sensitive business data.
Ensured that Application users do not have direct access to an application database and Cross-functional roles are prohibited.
Tasks completed on time for each of the different phases like:
oReviewing exiting data,
oConverting SAP Template,
oApplication walkthrough by the system owner,
oAnalysis/SOD,
oNegative Testing &
oSign-off.
Worked with the application owners to answer theirs queries on role segregation of duties, such as a maker or creator of a transaction cannot be the approver of the same transaction.
Used Aveksa for provisioning of users for different departments,, joiner/mover/terminated users.
Created rules for segregation of duties.
Documented the gaps and logged the gaps into Archer as findings.
Third Party Vendor Risk Assessment/ Business Analyst April2017 to June 2017
Steven Douglas@Credit-Suissse
As CISO doing assessment of credit Suisse third party vendors.
Review the RO submitted IRQ’s and then sent out the ITRA questionnaire to the vendors for high level questionnaire.
Chased the vendors to get the ITRAS to be reverted back by the deadline to move on to the next stage and complete the assessment on before the deadline.
Also DDQ’s like Resiliency DDQ’s, Internet Facing DDQ’s, Consolidated DDQ’s, and reviewed them once they are answered by the vendor. R
Evaluated and rated the answers and concluded if there are any gaps or any controls are not there by giving ratings as High Risk, Vulnerable, Adequate and No controls.
Also advised the control gaps and worked with vendors to resolve the issues and close the gaps to remove or mitigate the risks.
Worked with project stakeholders to define the requirements to ensure the business policies get properly represented as security requirements in any new or
ongoing solution the organization is developing
Managed, facilitated, and conducted interviews related to application, database, vendor assessments.
Ensured all regulatory and audit requirements and captured and prioritized
Worked with stakeholders to gather information needed for application risk assessment
Provided expertise and guidance into requirements and solutions
Facilitation of workshops to drive out prioritization
Worked closely with the Program Manager to ensure all project requirements and deadlines are met.
kept a risk log to track identified risks along with how the business is mitigating those risks,
helped determine how to best mitigate those risks, possibly through new requirements or process changes.
Produced requirement documentation for implementing scanning tools that search networks for intrusions.
Documented functional and technical specs
Provided expertise and guidance as solutions are developed
Was also Managing scope change
Helped in the definition of test plans, QA of deliverables & facilitation of UAT phases.
ENVIRONMENT: Hiperos, Pivot tables, TNVA
Information Security IAM Analyst June 2014 – Jan 15 2017
(GRMS ITC) consultant @ Deutsche Bank
Engaging with multiple Delivery Managers for firm-wide critical suppliers to ensure compliance with all required assessments per the policy and procedures.
Implements information risk processes, executes and monitors risk related procedures, promotes risk policy awareness, and/or tracks and reports on risk compliance in line with established IT Control policies, processes and procedures.
Driving all aspects of the risk assessment of firm-wide critical suppliers, service providers.
Assessing completed questionnaire and supporting materials to ensure they are complete
Identifying control breaks and vulnerabilities with third party.
Document findings and work with the LOB Delivery Manager to resolve those findings through Remediation Plans (RPs) or seek Non-Compliance Acceptance (NCA) approvals.
Validating evidence from third party before Remediation Plans are closed.
Escalating issues associated with third parties as needed.
Assisting with various Third Party Risk Management program initiatives
Supporting internal education and best practices sharing with peers and colleagues
Perform information security risk based remote assessments, and onsite assessments when required.
Assessments done based on three levels of vendor profiles – aka Tier ranking according to their risk level.
Assign standard security questionnaire (SIG) based on SharedAssesssments.org to vendors. Also used AUP as guideline to carry out certain procedures and report the details.
Directed the end-to end Broker Onboarding process for integrating Access Critical applications mandated by Internal Audit and Industry Regulators. Communicated Identity and access management compliance requirements for mitigating exposure and operational risks and for achieving compliance requirements to application stakeholders.
Identified non-compliant issues and engage with the global application owners and support resources to implement remedial actions essential for IT Security controls and protocols for privileged user access of applications, databases, systems, etc., within Unix/Windows Production/DR, UAT and development environments.
Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs.
Identified control gaps and recommended remediation and improvements to the ITAO’s who were the primary contacts for the application.
Assisted in the re-certifications, reconciliations, system profile reviews. Ensure the ITAO’s finish the required access rights for re-certification within a timely manner.
Developed infrastructure documentation and procedures as needed for applications to comply with different regulatory policies
Provided regular updates to stakeholders, including but not limited to Functional Delivery Managers, Technical Delivery Managers, Regulatory Program Managers, Technical Access Management and the IT security steering committee
Basic knowledge of SQL, PLSQL, UNIX, Active Director, Windows etc.,
Information Security Analyst / CyberArk Security Engineer June 2012 – Jan 15 2014
(GRMS ITC) consultant @ Deutsche Bank
Cyber Ark Vault Maintenances, 2FA troubleshooting, accesses and authentications, SAPM troubleshooting & repairs, SUPM user authentications and maintenances. General managing of Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault scripting, and Digital Certification supporting.
Directed the end-to end Broker Onboarding process for integrating Access Critical applications mandated by Internal Audit and Industry Regulators. Communicated Identity and access management compliance requirements for mitigating exposure and operational risks and for achieving compliance requirements to application stakeholders.
Identified non-compliant issues and engage with the global application owners and support resources to implement remedial actions essential for IT Security controls and protocols for privileged user access of applications, databases, systems, etc., within Unix/Windows Production/DR, UAT and development environments.
Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs.
Frame set up for Role mining, Role Based Access Control (RBAC), Entitlement Management and Identity Management. Established standards, designs and implementation of appropriate identity and access management processes and controls which help improve operations and lower risk.
Supported operations & maintenance of LDAP connectivity.
Defined and implemented the IAM control framework.
Created and maintained documentation (including process documents and procedures)
Develop and implement new process and procedures to address audit and regulatory issues.
Identified control gaps and recommended remediation and improvements to the ITAO’s who were the primary contacts for the application.
Assisted in the re-certifications, reconciliations, system profile reviews. Ensure the ITAO’s finish the required access rights for re-certification within a timely manner.
CPM policies management and redistribution.
Implementing the Password Upload Utility.
Creating/updating policies, adding exceptions on different platforms, duplicating platforms,, creating & setting up users in the PVWA web client.
Enabling PSM in the Master Policy, testing the PSM & adding exceptions.
Installing & restoring the backup solution.
Auditing Accounts and work on various reports, user’s server login issues and user permission issues as per requirements.
Developed infrastructure documentation and procedures as needed for applications to comply with different regulatory policies
Worked with IT Application owners and database production support team to ensure correct implementation of new access controls within the specified applications
Ensured Applications are included in recertification process
Provided regular updates to stakeholders, including but not limited to Functional Delivery Managers, Technical Delivery Managers, Regulatory Program Managers, Technical Access Management and the IT security steering committee
Basic knowledge of SQL, PLSQL, UNIX, Active Director, Windows etc.,
CyberArk Security Engineer March 2010 – June 2012
(GRMS ITC) consultant @ MORGAN STANLEY, New York, NY
Administer CyberArk from an operational perspective
Responsible for defining access control
Perform internal configurations
Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods
Creation of policies and reports in PVWA
Responsible for the creation of documentation indigenous to CyberArk Administrator of CyberArk's Privileged Account Management solution with approximately 3,000 Safes and over 80,000 Accounts
Closely work with the CyberArk Professional services to define policy management and creating key documentation.
Responsible for defining access control, user entitlements, and managing applications (EPV, CPM, PSM, PVWA, AIM, PTA and ADUC)
Responsible for maintaining the CyberArk environment, and work closely with the CyberArk Professional Services for overall optimization
Responsible for determining the target Privileged Session Management (PSM) audience
Determine what infrastructure and systems PSM will target (servers, virtual servers, database)
Engineer and calculate number of servers needed to maintain PSM target audience. Assessed resources required; installed and configured PSM on the servers
Performed internal configuration of PSM to the vault itself
Configured Radius Servers for 2 Factor Authentication (including DBParm.ini file). Created certificates, secret share, etc. for Radius / 2 Factor Authentication
Analyze information provided and make recommendations for changes where applicable
Created rules in Aveksa which is the IAM tool.
Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods
Creation of policies and reports in PVWA
System Tester May 2008 – March 2010
SGA Consultant @ Standard & Poor’s
As a system tester for the RMBS (Residential Mortgage Based Securities) enhancements and Mortgage Evaluation Report (MOR) projects.
Responsibilities:
Analyzed business requirements, use cases and technical specifications for scripting comprehensive test cases.
Participated in Functional Walk-Through to validate the Application Design against the Test Cases written.
Designed and implemented Test Plan, Test Cases and Test Strategies for the module functionality.
Conducted Black Box Testing, Functional Testing and Integration Testing on the Business Application module.
Manually tested the Web application
Conducted Black Box Testing, Functional Testing, Module Testing and Integration Testing on the Business Application module. Tested the database to check field size validation, check constraints, stored procedures and cross verifying the field size defined in the application is matching with that in the database and check the return type of each function and Out Parameter for each procedure
Involved in development of SQL queries to test data consistency.
Testing the reports by running the reports and verifying the reports are picking the correct values from the database by logging into the database to cross check.
Tested the newly created DTS_Deal table to check the field validations, referential integrity check.
ENVIRONMENT: Java, Oracle 9.0, TOAD 8.6.1. PEGA.
Data warehouse Tester July 2007 – May 2008
TEKsystems Consultant @ Lehman Brothers, New York
As a Tester for the Data Warehouse tested different components of Data Consolidation application that provides
the relationship managers with the ability to generate Wealth Management reports for their High Net Worth Clients that consolidate client investments and summarize them in a manner consistent with the current IMD Wealth Management Offerings as well as provide comprehensive Performance Reporting and multi portifolio/multi-entity views.
Responsibilities:
Analyzed business requirements, technical specifications and design documents for scripting comprehensive test cases.
Designed and implemented Test Plan, Test Cases and Test Strategies for the module functionality.
Created the test cases in the test director, segregated common functionalities.
Written complex SQL Queries in DB2 to compare the source and target databases. Checked the Referential Integrity of the tables.
Tested the ETL’s by running & comparing the source and target db’s. Conducted the Data validity testing, Data Reconciliation, Data Integrity Testing, Performance related to database.
Tested the PL/SQL code, Stored Proedures, Triggers and functions.
Compared the source tables with target tables column by column. Testing the duplicates, missing attributes for each table in the target database, volume of the data loaded in to each table daily to check if the rows in the source to target are same.
Created test cases, test data to Holding Values, Account Values and Account Flows to the Performance Reporting Engine.
Created test cases and data to cover all the test scenarios based on the business rules, to check for validations based on the business rules, checked for the negative conditions, boundary values.
Created requirement and test cases matrix.
Tested the Hearsay application where the Data is entered into the application for external accounts of a client when the external statements are arrived. Verified the data entered is properly mapped to the fields by viewing the entered data in the data viewer application.
Created the xml files required to process the account information. Manipulated the xml files to enter the data in the respective tags.
ENVIRONMENT: Mainframes, DB2, Perl/shell Scripts, DBArtisan, Autosys, Quality Center 9.2, Informatica 8, J2EE, xml & JIRA.
ING Financial, New York City October 2006 – July 2007
As a system test lead for different projects like Quantum, LoanIQ etc, created the test plan, test cases and Executed them. Also worked as code reviewer and building the versions from the source supplied by the developers.
Responsibilities:
Analyzed business requirements, use cases and technical specifications for scripting comprehensive test cases.
Participated in Functional Walk-Through to validate the Application Design against the Test Cases written.
Designed and implemented Test Plan, Test Cases and Test Strategies for the module functionality.
Conducted Black Box Testing, Functional Testing, Module Testing and Integration Testing on the Business Application module.
Created Test Plan, Requirement traceability matrix, Test Scenario, Test Cases and executed them.
Worked on the Version Control Tool Harvest, reviewed the code and build the applications developed in VB, Power builder and reviewed the PERL & JIL scripts in UNIX environment and recommended suggestions.
Tested the fix protocol messages & tags for FIX 4.2.
Written SQL Querries to do the backend testing. Wrote shell scripts. Used Service Desk to log the bugs.
Attended the review meetings, validated the documents an participated in the triage meetings.
ENVIRONMENT: Windows, Unix shell scripts, Harvest 7.1, Service Desk, Visual Basic, Power builder, Unix, Autosys, Perl Scripts.
Morgan Stanley, New York City, June 2005 – Oct 2006
As a QA lead analyst for Law IT in Morgan Stanley, testing the Web based Anti Money Laundering Application developed in Java.
Responsibilities:
Analyzed business requirements, participated in Functional Walk-Through to validate the Test Cases written against the Application Design.
Responsible for developing test strategies, test plans and metrics for the QA team and Sr management.
Created the test data to test different scenarios for different business units.
Created the test cases in the test director, segregated common functionalities of all the business units and created the regression suite.
Mapped the Requirements into the Requirement module, created test plan, test cases in the Test Plan Module, and created test sets in the Test lab module and logged the defects in the defects module of Test Director.
Manually tested the client/server application and converted the test cases into Win Runner automated test cases for Regression testing.
Conducted Black Box Testing, Functional Testing, Module Testing and Integration Testing on the Business Application module.
Created the Data file to create alerts or all scenarios, covering all the thresholds.
Verified the Data is mapped properly after running the mapping process by querying into the database.
Tested the Unix shell scripts for Scheduling and running the batch jobs.
Verifying outputs and logs on the Unix server.
Worked on file creations, modifications and directory structures on Unix.
Scheduled and ran the jobs on a daily basis for all the process.
Used the Unix commands like ls to list the directories with options, grep to find a text in a file, ps to check the processes running and various other commands
Created/Tested the reports and crosschecked to verify the valid data is being pulled by the reports.
Created the Adhoc Reports by selecting different fields, defining different group by, defining different sort orders, by creating formulas to do calculations and by defining different filters.
ENVIRONMENT: SAS, UNIX shell scripts, DB2, Java, Java Script, DBArtisan, WinRunner, Load runner, Test Director 7.2 and Internet Explorer.
Merrill Lynch, Hopewell Oct 2004 – June 2005
As a system test lead for the EXSOP (Executive Stock Option Plan), tested the web applications for the Plan Administrator, Plan Sponsor, Financial Advisor and Participant for the stock option plans offered by Merrill Lynch.
ENVIRONMENT: ASP.net, C#, Oracle 9i, QTP, VBScript, Java Script, ASP, Internet Explorer 6.0, PLSQL/Developer, Toad & Crystal Reports 9
Citibank, 111 Wall Street Jan 2004 – Aug 2004
As a test lead in the migration of server process of Municipal trading system from Solaris 2.5 to 2.8, which is a comprehensive suite of integrated applications that facilitates the Municipal Business Division in trading of Municipal bonds and making markets across segments including Institutional, Retail and B2B eCommerce (middle market).
Environment: C++ Apache 2.2.0, Sybase Adaptive Server 12.5, Sybase Open Servers12.5, Motif X windows clients, Rnet 2.0, CORBA, MQ 5.3, Java 2.4.0, Orbix MT3.2, BEA Web logic 5.1p9, Swing Clients, Win Runner 6.0,TD 7.6, PVCS control, UNIX, Shell Scripting.
AT&T WorldNet Service, AT&T Labs, NJ Sept 1999 – Jan 2004
As a Systems Tester for The AT&T WorldNet Service that provides Internet connectivity through dial-up and cable access to over 4 million customers to access Email (web mail), Netnews, World Wide Web and Personal Web Publishing service features. All the above services are billed using the third part software ARBOR BP and WorldNet Billing supporting systems.
ENVIRONMENT: HP-UX B.11.00, SYBASE 12.00, KENAN ARBOR SOFTWARE 7.1, SYBASE OPEN CLIENT EMBEDDED SQL/C EXECUTABLES, C++, and SHELL SCRIPTS.
Lucent Technologies (Berkeley Heights) Dec 1998 – Sept 1999
Project: Order Management System:
Environment: Unix Shell Scripts, INFORMIX.
EDUCATION:
Bachelor in Computer Science from Osmania University (1991).