Post Job Free
Sign in

Engineer Security

Location:
India
Posted:
March 15, 2018

Contact this candidate

Resume:

Curriculum Vitae

Swapnil Pravinrao Pawar

E-mail: ***************@*****.***

Morya Colony,Sant Tukaram nagar, Ccontact: +91-973******* Aalandi road,

Bhosari, Pune 411039

PROFILE SUMMARY

• 3.5 year of experience in Application Security in Banking, Finance, Consulting and Health care domain

• CEH, CISSP, Penetration Testing, Secure Coding Best Practices certified

• Penetration Testing, Vulnerability Assessment,

• Static Code Analysis (Manual, Tool)

• Threat Modeling and Risk Analysis

• Remediation, Mitigation Metrix

• Open source software review

• Security Architecture review

PROFESSIONAL SUMMARY

• Currently working with Allscripts India As a Application Security Engineer.

• Previously worked with Paladion Networks Pvt. Ltd, as a Information Security Analyst.

• Previously worked with Varutra Consulting, as a Security Developer. CERTIFICATIONS & ACHIEVEMENTS

• CEH v9 certified

• Completed CISSP Certification from Cybrary

• Completed Penetration Testing Certification from Cybrary

• Completed Secure Coding Best Practices Certification from Cybrary

• Completed Java Certification from IT Source Company Pvt. Ltd, Pune with ‘A’ grade

• Received Awards and recognitions at Allscripts

• Received Rewards and recognitions from bug hunting program SECURITY TOOLING EXPERIENCE

Security tools: Fortify, Checkmarx, Kali Linux, Fiddler, Burp Suite TECHNICAL LANGUAGES

• Java, .Net, PHP, Objective-C, JavaScript, J Query PROJECT EXPERIENCE

1. Assessment Type : Static code analysis/ Source code review Role : Application Security engineer

Client : Allscripts client and In-house products

Tool : Fortify, Checkmarx and manual review

Description:

secure code review process comes under the Development Phase, which means that when the application is being coded by the developers, we perform automated scan via Fortify and Checkmarx and validate false/positive result, sometime we do manual review as well as the automated tools are having few limitations and dependency. Establish the remediation plan, engage with development team to make them understand the vulnerability and risk associate with it and provide them remediation. Responsibilities:

• Perform Automated tool scanning

• Perform false/positive analysis

• Analyzes the risk

• Generate the vulnerability report

• Setup a meeting with development team to discuss and present reported security issue

• Provide recommendation

• Tracking the status and follow ups with dev team

• Maintaining the secure coding best practice

2. Assessment Type : Vulnerability Assessment And Penetration Testing Role : Application Security engineer

Client : Allscripts client and In-house products

Tool : Burp Suite, Wireshark, kali Linux

Description:

A vulnerability assessment focuses only on evaluating the security of a application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.

Responsibilities:

• Perform Automated and manual assessment

• Analyzes the risk

• Generate the vulnerability report

• Setup a meeting with development team to discuss and present reported security issue

• Provide recommendation

• Tracking the status and follow ups with dev team 3. Assessment Type : Threat Modeling and Architecture Review Role : Application Security engineer

Client : Allscripts client and In-house products

Tool : Microsoft Threat modeling tool

Description:

Threat modeling allows you to apply a structured approach to security and to address the top threats that have the greatest potential impact to your application before it goes in development. This exercise can be happening in early development life cycle to address potential Threat and apply the mitigation.

Responsibilities:

• Developed Custom template add new Threat and category

• Perform Threat modeling on product

• Generate Threat report

• Analyzes false/positive

• Setup a meeting with development team to discuss and present reported security issue

• Provide recommendation

• Tracking the status and follow ups with a team

4. Assessment Type : Open Source software review

Role : Application Security engineer

Client : Allscripts client and In-house products

Tool : black duck, NVD database, known CVE details Description:

OSS is a great way to get community sourced and reviewed capabilities without significant investment from the development teams. And, if support lapses or the team needs to make changes, there is typically the option to alter the source directly. There are downsides around licensing and general protection of Company IP as well as potential for unknown security risks to be part of that OSS offering. Responsibilities:

• Test against the security tool and perform manual review as well

• Understand the risk upon their implementation or integration with product

• Find out alternative with no known security vulnerability

• Provide approval/rejection with proper comment and recommendation EDUCATIONAL QUALIFICATION

• B.E. in Computer Science and Engineering from P. R. Pote College of Engineering, Amravati in 2013 with 64.50% marks.

• Diploma in Computer Science from Government polytechnic Arvi in 2009 with 74.00% marks.

• SSC from Deorao Thakare Vidyalay, Ashoknagar in 2006 with 77.86% marks. PERSONAL PARTICULARS

Name : Swapnil Pravinrao. Pawar

Father’s Name : Pravin W.Pawar

DOB : 07/05/1990

Nationality : Indian

Marital Status : Single

Languages Known : English, Hindi and Marathi

Permanent Address : at:Gavha(Nipani),Po:Kavali,Tq:Dhamangaon(RLY), Di: Amravati, 444709.

DATE: SIGNATURE

(Swapnil Pawar)



Contact this candidate