Information Security Analyst

Sukanya Sukhavasi

Email: *******.*********@*****.***

Phone: 317-***-****

Professional with 2.5 years of experience in IT Security space with extensive experience in in performing vulnerability assessment and penetration testing using OWASP Top 10, Incident Handling and implementing Security controls at organization and applications at high-level, seeking a responsible position as an Information Security Analyst. Good team player and security enthusiast with excellent communication skills and ability to work independently along with strong problem solving, learning and interpersonal skills. Education:

Master of Science in Computer and Information Science, May 2016 Purdue School of Engineering, IN, USA

• Comptia (Security +) CE

• EC-Council Certified Ethical Hacker (C EH)

• EC-Council Certified Security Analyst (ECSA)

Work Experience:

Information Security Analyst, RCR Technology Corp. (State of Indiana – FSSA), Indianapolis May 2016 - Current

o Performed vulnerability assessments and penetration testing of various internal and external applications for State of Indiana (FSSA)

o Performed pen testing and discovered security vulnerabilities in various web applications and web services using manual testing and automated tools - Sqlmap, Burp Suite and other tools like Postman Interceptor, Nessus, Nmap, Kali Linux, Metasploit Framework etc,. o Exploit Testing and Analysis

o Responsible to keep the portals secure by testing against the OWASP top 10 and assuring the compliance of each application against OWASP testing framework o Perform Information Security audits on various internal portals of State of Indiana (FSSA) o Scripting in Python to automate the tasks to retrieve data o Discover Software insecurities and stomp out bugs and flaws of the web application that holds valuable PII Data in different forms of Front End and Back End. o Risk Evaluation to client information resources, prioritizing concerns, and developing plans and to remediate risks through multitude of security tools. o Asses and analyze the vulnerabilities on the data base side like SQL Injection, Blind MongoDB, NoSQL Injection and on the back end like Java Script Denial of Service attacks. o Perform threat hunting activities, implement preventative controls in response to new threat intelligence that are received, and assist in the resolution of various security incidents that may arise. o Use SOAP UI to execute testing cases for secure back end validations on different applications of the state.

o Other assigned tasks: Quality Assurance duties to test the applications manually, processes by following SDLC methodologies.

o Directly work with CISO of state in handling security requirements and reports Technology Support Center, IUPUI, Indianapolis October 2014-May 2016 Analysis &

Exploitation Tools

Burp Suite, OWASP ZAP, SQLMap, Nmap, Qualys, Nessus, Metasploit framework, IBM AppScan, Acunetix Scanner, Wireshark Operating Systems Windows 7/8.1/10, Linux (Ubuntu, Kali Linux, Parrot OS) Programming & HTML, Python, JavaScript, PHP

Other tools Alert Logic IDS, Postman Interceptor, Virtual Box o Maintained IT infrastructure in transportation department and responsible for office computers and printers.

o Troubleshooting computers, applying patches and maintaining up-to-date virus definitions in anti- viruses.

o System administration, familiar with Active directory Security Operations Center Analyst Intern, Rook Security, Indianapolis May 2015 - Aug 2015 o Participated in internal and process audits to ensure internal Networks, Systems and Applications are in compliance with security related regulatory requirements. o Trained in CIRT (Computer Incident Response Team) process. o Participated in numerous computer incident investigations. o Member of investigation team of FBI for an incident in 2015 o Implemented automated security monitoring processes with basic scripts in Python. o Worked on real-time detection and reaction services of incidents of information security under process audit.

o Parsing and Analyzing the Website Data using CIF - Implemented automated scripts for crawling the web data and analyzed data for finding fixed patterns. Created parsers and analyzed different web data using CIF

IT Analyst Intern, Vizag Steel Plant, Andhra Pradesh, India June 2012 – January 2013

o Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests. o Perform threat modeling of the applications to identify the threats. o Identify issues in the web applications in various categories like Cryptography, Exception Management, client-server side attacks.

o Trained in basics of different stages of pen testing Miscellaneous

o Attended CircleCityCon's 5th Annual Information Security Conference, June 2018 – Member of Security community trainings as a part of this. (Violent Python, Securing Web Application Practices)

o Leading member of Board of Employee Activity Committee at RCR Technology Corp. and had been successfully organizing social activities across different teams o Ongoing Offensive Security Certified Professional (OSCP) Training

Contact this candidate