Neeraja Nelluri 872-***-**** • ac4i5y@r.postjobfree.com • LinkedIn

SUMMARY:

IT Professional with nearly 2+ years of experience. Dedicated to helping the organization improve their security posture, by leveraging strong technical and analytical skills.

SKILLS:

• Web application assessment • OWASP Top 10 • Robust understanding of information security principles and core technologies (Confidentiality, Integrity & Availability triad ) • Encryption • Vulnerability assessment • Burp-Suite • Nessus • DIR-Buster • SQLMap • Kali Linux Tools • Metasploit • Nmap • Fuzzing • Threat Modeling • HP Fortify • Rapid 7 Nexpose • Linux (Command line) • Security policy creation • Open Source Intelligence Gathering (OSINT) • Advanced excel skills • Operating system hardening • NIST Frameworks • Amazon Web Services (AWS) (EC2) • Splunk • VMWare • VirtualBox • Python Scripting • Cryptography • HP Exstream • OSI Model • Nikto • Wireshark • Computer and network security • OWASP ZAP Proxy • Veracode • DAST and SAST • Security Information and Event Management (SIEM) • Black box, Grey box, and White box testing • TCP/IP • Security incident handling

EXPERIENCE:

MATTER

Evolve Security-Security Professional, Chicago, IL 09/2017 – Present

Executed Application Vulnerability Assessment and Penetration Testing following OWASP guidelines by utilizing both automated tools such as Nessus and Metasploit as well as manual testing with Burp Suite and custom scripts for a local non-profit with over 600 active members. Identified vulnerabilities and rated them as critical, high, medium, low level based on OWASP standards.

Developed and delivered Rules of Engagement and final Application Vulnerability Assessment (AVA) report containing a detailed explanation and recommended action for each vulnerability. Provided methods of remediation to stakeholders.

Performed Open Source Intelligence Gathering (OSINT) in the process of collecting data from publicly available sources. Identified threats and vulnerabilities of a said organization and mitigated those presented risks by adding to the security policy.

Performed source code analysis on an software application built on Ruby on Rails using static tool called Brakeman. Used Python libraries and Scapy to create a few basic network monitoring and analysis scripts. Configured Splunk and analyzed event logs.

Performed server hardening on CentOS environment by enforcing best practices such as configuring an appropriate password policy, implementing a firewall through iptables, and disabling weak cryptographic ciphers resulting in the removal of common attack vectors.

COGNIZANT TECHNOLOGY SOLUTIONS

Programmer Analyst, Chennai, India 01/2014 – 08/2015

Involved in automation and manual application vulnerability assessment based on OWASP standards using tools like Burp Suite, OWASP Zap, Nessus, Vega, Nikto, Wpscan.

Examined scanned assessment results and generated a detailed report. Closely worked with developers on remediating issues identified.

Designed and developed different kinds of Medical underwriting Letters using HP Exstream (Open Text Exstream) tool and actively involved in estimation, designing, coding, deliverable review, testing and successful implementation of the project. Input files are in “.xml’ format and this project incorporated output generation in multiple formats like PDF, PostScript, PDF/A.

Involved in development activities like creating Pages, Documents, and Templates along with logic implementation. The scope of this project included HP Exstream environment setup, sorting, and bundling.

Worked on different types of data files: customer driver file, initialization files, reference files and Gained good knowledge of XML, columnar and delimited file formats.

EDUCATION:

Evolve Security Academy

Intensive 17-week cyber security boot camp with accelerated, hands-on-training, Chicago, IL, January 2018

Areas of focus included application & network stack; vulnerability detection/management; cryptography; security program creation; physical/social engineering; incident response.

Jawaharlal Nehru Technological University

Bachelor of Technology in Electronics and Communication Engineering, India, March 2013

CERTIFICATIONS:

CompTIA Security+ Certification – Anticipated Date, February 2018

Evolve Security Certified Professional (ESCP) – January 2018