PERUMAL RAJA CEH- ECC***********

Mobile: +91-994*******

Email-ID: ac9iw6@r.postjobfree.com

Vulnerability Assessment, Pentesting & Web application, Web services Security Testing

Summary

Security Analyst possessing 6.5 years of Experience in Vulnerability Assessment, Penetration Testing. Experience in conducting VA/PT for Large Bank & Telecom networks with a proven ability to meet agreed deadlines, co-ordinate work within a structured environment.

Technical Skills:

VA/PT Tools

IBM App scanner, Checkmarx, Wireshark Network Packet Analyzer, Tenable Nessus Professional, Metasploit, Kali Linux, Acunetix Web Vulnerability Scanner, QualysGuard, Burp-suite professional, OWASP ZAP Proxy, NMAP/Zenmap Port Scanner, Blackduck, Synopsys coverity.

VAPT knowledge

Source Code Analysis (Manual &Tools) on WEB based Applications, API and web services pentest, SAST and DAST for web applications, report generation

Programming Language

Asp.net, C#, MVC, Python, Bash script

Domain Experience

Banking, Tele-communication, Retail, Ecommerce, Medical Industry

SOC Analysis

ArcSight Enterprise Security Manager, AlienVault – SIEM, Splunk Enterprise.

Server Experience

Windows, Linux.

PROFESSIONAL EXPERIENCE:

Organization: WIPRO LIMITED

Web application Penetration Testing & Web services VAPT

Large cybersecurity software and services (Symantec Corporation)

Duration: March 2019 - Present

Key Responsibilities:

•Familiar with various approaches to Grey & Black box security testing.

•Finding effective ways of manipulating the vulnerable domains of the systems.

•Maintaining high level of security of the information that is crucial for the business growth of the organization.

•Utilized common security tools dynamic and static analysis to evaluate the security of target systems and applications.

•Experience in finding - SQL injection, XML injection, techniques to obtain command prompts on the servers, PDF exploits, HTTP response splitting attacks, LFI, RFI, CSRF and web services like XML/SOAP and API vulnerabilities using various tools (commercial and open source).

•Exploited the logic flow of web application and recommend mitigation to the findings.

•Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.

•Good Experience in exploiting the recognized vulnerabilities in web applications.

•Performed, reviewed and analyzed security vulnerability data to identify applicability and false positives.

•Used CVSS Scores to create reports demonstrating the severity of the existing vulnerabilities and was helpful to prioritize the course of implementation depending on the severity of the vulnerabilities.

•Participated in the development of IT risk assessments for enterprise applications.

•Remediation planning and implementation.

Application Vulnerability Assessment and Penetration Testing

Large Retail Company (Kohl’s Department)

Duration: September 2018 – March 2019

Key Responsibilities:

•Performed application security and vulnerability analysis of Network, servers, web applications using various open source and commercial tools (Fortify WebInspect).

•Performed Dynamic Application Security Testing (DAST) on Burpsuite on various findings like XSS, SQLI, LFI, RFI and related with OWASP top 10 rules.

•Analyze scan reports and suggest remediation/mitigation plan.

•Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies

Vulnerability Assessment and Penetration Testing & Web application Vulnerability Assessment Large Telecommunication Network (Grameenphone Limited)

Duration: December 2017 – August 2018

Key Responsibilities:

•Conducted application security discussions and vulnerability analysis of Network, servers, web applications using various open source and commercial tools (Nessus – Compliance scan, agent scan).

•Conducted penetration test and launch exploits using Nessus, Metasploit, Burp Suite and Kali Linux tools sets, Acunetix manual pentest tools.

•Provided assistance in code reviews and risk assessments.

•Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.

•Analyze scan reports and suggest remediation/mitigation plan.

•Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies

•Familiar and have had pen-testing experience against common network topologies and implementations

(e.g., Infrastructure, DMZs, Zones, Wireless, Web applications, etc.)

Experience with Code reviews of HTML, CSS, PHP, Asp.net, C# and other languages and identification of

code logic flaws

•Performed vulnerability assessment, confirmation, and validation tools, processes, methodologies, and strategies, including static and dynamic analysis tools/techniques

•Complete Familiarity with the Open Web Application Security Project (OWASP)

•Indicators of Compromise (IOCs) is implemented from client server through blocking Phishing URLs, IPS, File Hash, Email, Malicious URLs is based Service Request approval.

•Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions

•Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, IPs,

IDS, etc.) to determine the correct remediation actions and escalation paths for each incident.

•Perform security reviews of application designs, covering various types of applications (web application, web services, SaaS)

•Analyst performs monitoring, research, assessment and malware analysis on Intrusion Detection and

Prevention tools as well as Anomaly Detection systems, Firewalls, Antivirus systems, proxy devices

(ArcSight, Check Point, etc.) which requires demonstrable security incident response experience

•Ensure all Service Management procedures are being followed and SLA’s met.

•Installation, configuration and troubleshoot of Splunk apps to onboard security data sources into Splunk

•Good experience in working with SNMP traps and Syslog NG, collect and index log data in onboarding the security devices on Splunk monitoring.

•Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.

•Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.

•Supports, Monitors, and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.

Organization: Ensure Support Services India Limited

Project: Network VAPT & Web application Vulnerability Assessment

Duration: September 2016 – July 2017

Key Responsibilities:

•Ensure the SOC analyst team is providing excellent customer service and support

•Influence and improve upon existing processes through innovation and operational change

•Evaluate existing technical capabilities and systems and identify opportunities for improvement

•Interpret information provided by tools to form a sound hypothesis regarding the root cause of an event

•Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts

•Creates new ways to solve existing production security issues

•Research and test new security tools/products and make recommendations of tools to be implemented in the SOC environment

•Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions

•Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident

Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident

•Provide information regarding intrusion events, security incidents, and other threat indications and warning information

•Observe security solutions; SIEMs, firewall appliances, intrusion prevention systems, data loss prevention systems, analysis tools, log aggregation tools

•Create and maintain operational reports for Key Performance Indicators and weekly and Monthly Metrics.

Organization: TATA CONSULTANCY SERVICES

Project: Large Banking Domain in USA

Vulnerability assessment and penetration testing & Web application Vulnerability Assessment

Duration: FEB 2015 – August 2016

Key Responsibilities:

•Perform vulnerability analysis on Kalignite Terminal Controller.

•Perform Network VA testing using Tenable Nessus for infrastructure and network, application.

•Network penetration testing using Kali Linux and Metasploit, Acunetix Web Vulnerability Scanner.

•Web application (ATM ROI-Remote Object Interface) penetration applied for OWASP top 10 rules and OWASP ZAP tool and Nessus, Nmap, OWASP Zed, Wireshark, IBMAppscan.

•Static code analysis tool (Checkmarx) used to secure code review in CITI group web application testing

•Perform Architectural Risk Analysis and Recommend changes in application to meet the quality guidelines.

•Evaluate, test and review new or modified software programs to determine if program performance meets design requirements, provides valid and accurate results, deploy new patches, operates reliably, and conforms to established industry standards.

•Participate in functional and technical requirements, vendor handoff documents and present queries on the same for more clarity

•Work with project team on continuous process improvements, analysis defects

•Preparing and presenting various metrics like Vulnerability analysis, Sql Server Reporting

•Developed Sql server reports and configured reporting services in onshore and offshore environment,

•Prepared the penetration test sheet for ROI (Remote Object Interface) and CITI KTC Application.

Organization: Reality Graphics

Vulnerability assessment and penetration Testing

Duration: April 2012 – August 2014

Key Responsibilities:

•Involved from the beginning of Application life cycle

•Involved from the beginning of Information security like Nessus, IBM Appscan, Nmap - Zenmap GUI

•Preparation of application development and functionality.

•Developed Pre-approval process and Sanction Order

•Design requirements, provides valid and accurate results, operates reliably, and conforms to established industry standards.

•Review functional and technical requirements, client documents to expose inconsistencies or contradictions, lack of clarity or insufficient details

•Supporting the existing project codes and fix the issues.

•Involved from the Intermediate level of Application supporting.

•Preparation of application DB migration.

•Preparing and presenting client documents and technical requirements.

Experienced in team foundation server and deploy the project through server.

•Analyze and develop project development plans.

•Interface with implement "on-the-spot" fixes.

•New development through Sql server DB email subscription.

Organization: Reality Graphics

Biomed-intelligence – Large Medical Industry in USA Key

Duration: April 2012 – August 2014

Responsibilities:

•Developed the module as prescription data report generator.

•Integrated the software with several courier companies.

•Manage all deliverables from offshore for RxVector program modules.

•Integrating project codes to server using Team Foundation Server.

•Developing new procedures and functions using SQL server.

•Daily interactions with the clients.

•Maintaining the administrator work in RxVector DB (sql server).

•Design the WPF MVVM UI using Infragistics third party controls.

Organization: Reality Graphics

Client: Large Marine University

Duration: April 2012 – August 2014

Key Responsibilities:

•Gathering client requirement and prepared document.

•Co-ordinate with client and implement the web application.

•Developed the application in store and access student information.

•Integrated the payment integration through our web application and use payment transaction to online.

•Examination details like reports and mark details share to parents email and online generation.

•Learning Books download facility available to student portal

•Tracking of Defects on daily basis in client email and report to DB.

Certifications:

Title

Status

Acquired On

Expires On

EC Council – CEH

Certified Ethical Hacker –V9

Certificate Number: ECC87956378501

01/09/2016

01-09-2019

Education Qualifications:

Qualification Category

Qualification

Subject

Bachelor of Engineering

BE

Computer Science and Engineering

Standard Xii / H.S.C

XII

General

SSC

SSLC

General

Contact this candidate