PERUMAL RAJA CEH- ECC***********
Mobile: +91-994*******
Email-ID: ac9iw6@r.postjobfree.com
Vulnerability Assessment, Pentesting & Web application, Web services Security Testing
Summary
Security Analyst possessing 6.5 years of Experience in Vulnerability Assessment, Penetration Testing. Experience in conducting VA/PT for Large Bank & Telecom networks with a proven ability to meet agreed deadlines, co-ordinate work within a structured environment.
Technical Skills:
VA/PT Tools
IBM App scanner, Checkmarx, Wireshark Network Packet Analyzer, Tenable Nessus Professional, Metasploit, Kali Linux, Acunetix Web Vulnerability Scanner, QualysGuard, Burp-suite professional, OWASP ZAP Proxy, NMAP/Zenmap Port Scanner, Blackduck, Synopsys coverity.
VAPT knowledge
Source Code Analysis (Manual &Tools) on WEB based Applications, API and web services pentest, SAST and DAST for web applications, report generation
Programming Language
Asp.net, C#, MVC, Python, Bash script
Domain Experience
Banking, Tele-communication, Retail, Ecommerce, Medical Industry
SOC Analysis
ArcSight Enterprise Security Manager, AlienVault – SIEM, Splunk Enterprise.
Server Experience
Windows, Linux.
PROFESSIONAL EXPERIENCE:
Organization: WIPRO LIMITED
Web application Penetration Testing & Web services VAPT
Large cybersecurity software and services (Symantec Corporation)
Duration: March 2019 - Present
Key Responsibilities:
•Familiar with various approaches to Grey & Black box security testing.
•Finding effective ways of manipulating the vulnerable domains of the systems.
•Maintaining high level of security of the information that is crucial for the business growth of the organization.
•Utilized common security tools dynamic and static analysis to evaluate the security of target systems and applications.
•Experience in finding - SQL injection, XML injection, techniques to obtain command prompts on the servers, PDF exploits, HTTP response splitting attacks, LFI, RFI, CSRF and web services like XML/SOAP and API vulnerabilities using various tools (commercial and open source).
•Exploited the logic flow of web application and recommend mitigation to the findings.
•Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
•Good Experience in exploiting the recognized vulnerabilities in web applications.
•Performed, reviewed and analyzed security vulnerability data to identify applicability and false positives.
•Used CVSS Scores to create reports demonstrating the severity of the existing vulnerabilities and was helpful to prioritize the course of implementation depending on the severity of the vulnerabilities.
•Participated in the development of IT risk assessments for enterprise applications.
•Remediation planning and implementation.
Application Vulnerability Assessment and Penetration Testing
Large Retail Company (Kohl’s Department)
Duration: September 2018 – March 2019
Key Responsibilities:
•Performed application security and vulnerability analysis of Network, servers, web applications using various open source and commercial tools (Fortify WebInspect).
•Performed Dynamic Application Security Testing (DAST) on Burpsuite on various findings like XSS, SQLI, LFI, RFI and related with OWASP top 10 rules.
•Analyze scan reports and suggest remediation/mitigation plan.
•Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies
Vulnerability Assessment and Penetration Testing & Web application Vulnerability Assessment Large Telecommunication Network (Grameenphone Limited)
Duration: December 2017 – August 2018
Key Responsibilities:
•Conducted application security discussions and vulnerability analysis of Network, servers, web applications using various open source and commercial tools (Nessus – Compliance scan, agent scan).
•Conducted penetration test and launch exploits using Nessus, Metasploit, Burp Suite and Kali Linux tools sets, Acunetix manual pentest tools.
•Provided assistance in code reviews and risk assessments.
•Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.
•Analyze scan reports and suggest remediation/mitigation plan.
•Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies
•Familiar and have had pen-testing experience against common network topologies and implementations
(e.g., Infrastructure, DMZs, Zones, Wireless, Web applications, etc.)
Experience with Code reviews of HTML, CSS, PHP, Asp.net, C# and other languages and identification of
code logic flaws
•Performed vulnerability assessment, confirmation, and validation tools, processes, methodologies, and strategies, including static and dynamic analysis tools/techniques
•Complete Familiarity with the Open Web Application Security Project (OWASP)
•Indicators of Compromise (IOCs) is implemented from client server through blocking Phishing URLs, IPS, File Hash, Email, Malicious URLs is based Service Request approval.
•Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions
•Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, IPs,
IDS, etc.) to determine the correct remediation actions and escalation paths for each incident.
•Perform security reviews of application designs, covering various types of applications (web application, web services, SaaS)
•Analyst performs monitoring, research, assessment and malware analysis on Intrusion Detection and
Prevention tools as well as Anomaly Detection systems, Firewalls, Antivirus systems, proxy devices
(ArcSight, Check Point, etc.) which requires demonstrable security incident response experience
•Ensure all Service Management procedures are being followed and SLA’s met.
•Installation, configuration and troubleshoot of Splunk apps to onboard security data sources into Splunk
•Good experience in working with SNMP traps and Syslog NG, collect and index log data in onboarding the security devices on Splunk monitoring.
•Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
•Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.
•Supports, Monitors, and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
Organization: Ensure Support Services India Limited
Project: Network VAPT & Web application Vulnerability Assessment
Duration: September 2016 – July 2017
Key Responsibilities:
•Ensure the SOC analyst team is providing excellent customer service and support
•Influence and improve upon existing processes through innovation and operational change
•Evaluate existing technical capabilities and systems and identify opportunities for improvement
•Interpret information provided by tools to form a sound hypothesis regarding the root cause of an event
•Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
•Creates new ways to solve existing production security issues
•Research and test new security tools/products and make recommendations of tools to be implemented in the SOC environment
•Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions
•Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident
Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
•Provide information regarding intrusion events, security incidents, and other threat indications and warning information
•Observe security solutions; SIEMs, firewall appliances, intrusion prevention systems, data loss prevention systems, analysis tools, log aggregation tools
•Create and maintain operational reports for Key Performance Indicators and weekly and Monthly Metrics.
Organization: TATA CONSULTANCY SERVICES
Project: Large Banking Domain in USA
Vulnerability assessment and penetration testing & Web application Vulnerability Assessment
Duration: FEB 2015 – August 2016
Key Responsibilities:
•Perform vulnerability analysis on Kalignite Terminal Controller.
•Perform Network VA testing using Tenable Nessus for infrastructure and network, application.
•Network penetration testing using Kali Linux and Metasploit, Acunetix Web Vulnerability Scanner.
•Web application (ATM ROI-Remote Object Interface) penetration applied for OWASP top 10 rules and OWASP ZAP tool and Nessus, Nmap, OWASP Zed, Wireshark, IBMAppscan.
•Static code analysis tool (Checkmarx) used to secure code review in CITI group web application testing
•Perform Architectural Risk Analysis and Recommend changes in application to meet the quality guidelines.
•Evaluate, test and review new or modified software programs to determine if program performance meets design requirements, provides valid and accurate results, deploy new patches, operates reliably, and conforms to established industry standards.
•Participate in functional and technical requirements, vendor handoff documents and present queries on the same for more clarity
•Work with project team on continuous process improvements, analysis defects
•Preparing and presenting various metrics like Vulnerability analysis, Sql Server Reporting
•Developed Sql server reports and configured reporting services in onshore and offshore environment,
•Prepared the penetration test sheet for ROI (Remote Object Interface) and CITI KTC Application.
Organization: Reality Graphics
Vulnerability assessment and penetration Testing
Duration: April 2012 – August 2014
Key Responsibilities:
•Involved from the beginning of Application life cycle
•Involved from the beginning of Information security like Nessus, IBM Appscan, Nmap - Zenmap GUI
•Preparation of application development and functionality.
•Developed Pre-approval process and Sanction Order
•Design requirements, provides valid and accurate results, operates reliably, and conforms to established industry standards.
•Review functional and technical requirements, client documents to expose inconsistencies or contradictions, lack of clarity or insufficient details
•Supporting the existing project codes and fix the issues.
•Involved from the Intermediate level of Application supporting.
•Preparation of application DB migration.
•Preparing and presenting client documents and technical requirements.
Experienced in team foundation server and deploy the project through server.
•Analyze and develop project development plans.
•Interface with implement "on-the-spot" fixes.
•New development through Sql server DB email subscription.
Organization: Reality Graphics
Biomed-intelligence – Large Medical Industry in USA Key
Duration: April 2012 – August 2014
Responsibilities:
•Developed the module as prescription data report generator.
•Integrated the software with several courier companies.
•Manage all deliverables from offshore for RxVector program modules.
•Integrating project codes to server using Team Foundation Server.
•Developing new procedures and functions using SQL server.
•Daily interactions with the clients.
•Maintaining the administrator work in RxVector DB (sql server).
•Design the WPF MVVM UI using Infragistics third party controls.
Organization: Reality Graphics
Client: Large Marine University
Duration: April 2012 – August 2014
Key Responsibilities:
•Gathering client requirement and prepared document.
•Co-ordinate with client and implement the web application.
•Developed the application in store and access student information.
•Integrated the payment integration through our web application and use payment transaction to online.
•Examination details like reports and mark details share to parents email and online generation.
•Learning Books download facility available to student portal
•Tracking of Defects on daily basis in client email and report to DB.
Certifications:
Title
Status
Acquired On
Expires On
EC Council – CEH
Certified Ethical Hacker –V9
Certificate Number: ECC87956378501
01/09/2016
01-09-2019
Education Qualifications:
Qualification Category
Qualification
Subject
Bachelor of Engineering
BE
Computer Science and Engineering
Standard Xii / H.S.C
XII
General
SSC
SSLC
General