Vulnerability Management Analyst
Name: Anil Kumar
Contact : 203-***-****
Email : *************@*****.***
Experienced Vulnerability management Analyst with over 3+ years of experience in vulnerability management, incident handling, and Security Assessment. This includes, but not limited to detecting threats and vulnerabilities in target systems, networks and applications by conducting system and network penetration testing.
Professional Abridgement
• Perform vulnerability, configuration and compliance scan with Nessus to detect deficiencies and validate compliance of information systems configuration with organization policies and standards.
• Experience in deploying and maintaining enterprise-wide computing and information security requirements, standards, policies, guidelines and procedures.
• Analysed Web traffic and inspected email contents for potential malware and infection.
• Strong skills in evaluating and testing network, system, web application vulnerabilities using Burp, Nmap, Qualys.
• Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, OWASP ZAP Proxy, Nmap, Nessus, Kali Linux and Metasploit.
• Coordinate all internal and external domain service requests through multiple domains.
• Sound knowledge and industry experience in vulnerability assessment and penetration testing on web based applications and infrastructure penetration testing.
• Supervising the administration of systems and servers related network to ensure availability of services to authorized users.
• Experience in incident handling for high severity incidents including network intrusions and security breaches.
• Experience with Firewall Administration, Rule Analysis, Rule Modification.
• Define and implementing Unix operating system strategy with application installation and configuration.
• Experience with SANS top 20, OWASP 10, PCI standards.
• VMware administration and deployment.
• Capable of identifying flaws like injection, XSS, Insecure direct object reference, Security Miss configuration, Sensitive data exposure, Functional level access control, CSRF, invalidated refirects.
• Experienced in working on Patch management, vulnerability scanners and penetration testing.
Skills:
• Network Management : Wire shark, TCP Dump, Net Flow, SNMP, Netcool.
• Operating Systems : Windows XP/7/8, Windows Server 2000/2003/2008, Solaris UNIX
• Security Tools: Splunk, IBM QRadar, HP ArcSight, Nessus, Qualys, OpenVAS, Kali Linux, Rapid7 Nexpose, DVWA, Metasploit, AppScan, BlueCoat, McAfee Foundstone, Volatility.
• IT Security/ Frameworks: IDS/IPS, Malware analysis, Logging and Monitoring, Vulnerability Management, Application and Infrastructure security, Reporting and Documentation, HIPAA compliance, Digital forensics, Ethical Hacking, Penetration Testing, SDLC, ITILv3. Certification and Education
EC-Council – Certified Security Analyst (ECSA v9) – Sep 2020. EC-Council – Certified Ethical Hacker (CEH v8) – Jun 2017 Qualys Certified Specialist.
Master of Science in Cyber Security, Sacred Heart University, Connecticut. – Dec 2016 Diploma in Information Assurance & Security, Wellington, NZ – Jan 2013 Bachelor’s in Computer Science & Engineering-2011, JNTU-India. UBS (Feb 2018 – Apr 2018)
Weehawken, NJ
Vulnerability Management Analyst
• Analysing vulnerabilities and security data to identify trends and weakness with patching effectiveness.
• Identifying published vulnerabilities affecting the bank and assessing the bank’s exposure to the vulnerabilities.
• Performing patch and security configuration activities to ensure servers, workstations and databases are properly secured and up to date.
• Perform Information assurance vulnerability management to improve security posture.
• Perform operating system, network, web and compliance scan with MVM to detect vulnerabilities.
• Monitor and remediate vulnerabilities on servers and workstations using Qualys Vulnerability Management tool.
• Interface with system owners, the information security officials and senior executives to brief on the vulnerabilities and compliance assessment report.
• Use CVSS scoring system and the vendor’s risk rating to calculate the organization’s exposure to that published vulnerability.
• Develop the vulnerability assessment report for the vulnerabilities and non-compliance issues that were detected.
Johnson & Johnson Pharmaceutical Services (Mar 2017 – Nov 2017) New Jersey
Vulnerability Management
• Perform vulnerability, configuration and compliance scan with Nessus to detect deficiencies and validate compliance of information systems configuration with organization's policies and standards such as Center for Internet Security (CIS) benchmarks.
• Analyze vulnerabilities to determine remediation measures and rule out false positive using resources such as National Vulnerability Database (NVD), US-CERT, CIS, and Tenable Web.
• Implemented and tested processes, controls on Qualys Vulnerability Scans and patch management.
• Vulnerability management using Nexpose to scan servers and produce reports.
• Develop Vulnerability Assessment Report (VAR) to document findings and recommend remediation measures.
• Experience in DDos, SQL injection protection, XSS Protection, script injection and other hacking protection techniques.
• Create and configure new scans for new data centers and monitor vulnerabilities using Nexpose.
• Testing and troubleshoot new versions of Nexpose software.
• Risk management framework knowledge /Risk assessments security awareness.
• Brief Senior Executives, Information System Security Officers, System Administrators on the vulnerability report and the recommended remediation.
• Intrusion Detection/prevention, security monitoring, application security assessment.
• Incident response and support team on penetration testing.
• Develop Vulnerability Assessment Report to document findings and recommend remediation measures.
• Hands on experience in working with security tools like Wireshark, Tcpdump and Nmap.
• Assist in the planning of remediation strategies. Propose new initiatives to increase efficiency, better and faster processes of accomplishing tasks.
• Author Standard Operation Procedure (SOP) for Vulnerability Management for process improvement.
Hyundai (Mar 2014- July 2015)
India
Security Analyst
• Performed Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
• Monitored and analysed IDS to identify security issues for remediation.
• Used Burp Suite, HPWebInspect automatic scanner, NMAP for web application penetration tests.
• Document vulnerabilities with the aid of HPWebInspect to detect potential risks on a single or multiple assets across the enterprise network.
• Recognized potential, successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Evaluated firewall change requests and assess organizational risk.
• Provide guidelines for implementing secure systems to customers or installation teams.
• Assisted with implementation of counter-measures or mitigating controls.
• Ensured the integrity and protection of networks, systems and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
• Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external web integrity scans to determine compliance.
• Design web listeners and firewall policy rules to reverse proxy to allow the internet users to access the internal servers/resources through internet. Xero (Jan 2013- July 2013)
Wellington, NZ
Vulnerability Assessment Internship
§ Gained experience in a professional environment working with a team on web application testing, responsible for performing manual web application security testing against one of Xero’s ancillary applications using Portswigger Successfully recovered some unreported issues and received recognition from management for the strength of skills.
§ Worked directly with clients, building rapport while engaging in information gathering, demonstrating ability to translate highly technical information into business solutions.
§ Provided examples in detail for clients about what an attacker would do when gathering information about Xero from publically available resources, gaining their trust.
§ Performed network scanning on Zero’s internal, semi-public and public networks to look for running devices, operating systems and host information.
§ Conducted vulnerability scanning on networks using Nessus Vulnerability Scanner and submitted an executive summary that outlined the details of any issues discovered.
§ Managed strong initiatives for resolving issues that would affect the project scope, effort and risks.
§ Implemented crucial security concepts while also conducting regular maintenance of security and business continuity documentation.
§ Followed all security-related policies and guidelines including periodic controls and compliance.
§ Executed critical risk and business impact assessments and continuity and recovery management plans, while addressing security and business continuity concerns in a professional manner.