S.Rahul

acykk4@r.postjobfree.com

510-***-****

SUMMARY OF QUALIFICATIONS:

Having 5 years of experience in IT industry as security analyst and penetration tester.

Static Code Analysis during development phase. Penetration testing based on OWASP Top 10.

Worked as an Information Security Test Consultant, involved in recommending security solutions of new

applications incorporating secured SDLC, OWASP Top 10 based Vulnerability Assessment of various

internets facing point of sale web applications.

Experience in Threat Modelling during Requirement gathering and Design phases.

Hands on Experience on vulnerability assessment and penetration testing using various tools like IBM

Appscan, HP Fortify, Acunetix, Qualysguard, Kali-Linux, BurpSuite, Fiddler 2.0, DirBuster, OWASP

ZAP Proxy, SQLmap, Nmap, Nessus, FileZilla, Gpg4win Kleopatra, Cain and Abel, Nitko, HP

WebInspect, Metasploit,, Wireshark, L0phtcrack, Snort, Nmap, Nmap-NSE, Cain and Abel, Nitko,

Dirbuster, IBM App scan, Nessus, Open Vas, W3AF, BeEF, Etthercap, Maltego, Wifi-Security, Havij,

Recon-ng, Aircrack-ng suite.

Penetration testing based on OWASP 10.

Involved in implementing and validating the security principles of minimum attack surface area, least

privilege, secure defaults, Defence in depth, Avoiding security by obscurity, Keep security simple, Fixing

security issues correctly.

Validate the false positives and report the issues.

Quick Learner, Committed team player with interpersonal skills and enjoy challenging environment with

scope to improve self and contribute to the cause of the organization.

Excellent problem-solving and leadership abilities.

Technical Skills:

Proxy Tools & Ad-Ons BurpSuite, DirBuster, OWASP ZAP Proxy, Nmap, Live http header,

Tamperdata.

Programming Languages C, C++, PHP

Scripting Languages Python, Basic shell Scripting

Web Technologies HTML 4.0/5, XHTML, DHTML, CSS2/CSS3, JAVASCRIPT, JQUERY,

AJAX, JSON and XML

Operating System Linux/Unix (Red Hat Enterprise Linux, Debian, Ubuntu, Fedora, Santoku,

Backtrack 2/3/4/5, Kali Linux), Windows.

Database MySQL, Oracle, MSSQL

Certifications:

Certified Ethical Hacker (CEH v8)

Professional Experience:

Penetration Tester

Time Warner Cable - Herndon, VA January 2016 to Present

Responsibilities:

Conducted application penetration testing of 10+ business applications

Conducted Vulnerability Assessment on Various Applications

Acquainted with various approaches to Grey & Black box security testing

Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication

bypass, weak cryptography, authentication flaws etc.

Conducted security assessment of PKI Enabled Applications.

Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web application

penetration tests.

Generated and presented reports on Security Vulnerabilities to both internal and external customers.

Security assessment of online applications to identify the vulnerabilities in different categories like Input and

data Validation, Authentication, Authorization, Auditing & logging.

Vulnerability Assessment of various web applications used in the organization using Burp Suite, and Web

Scarab, YASCA, HP Web Inspect.

Training the development team on the most common vulnerabilities and common code review issues and

explaining the remediation.

Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.

Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing

System

Environment: Kali Linux, Java, .NET, Oracle DBA

Application Penetration Tester

American Express Phoenix, AZ January 2015 till November 2015

Responsibilities:

Pen testing on various application contacting PHI to ensure the company meets the compliance requirements

Schedule the pen test, also make sure that all the applications are covered in the schedule and completed in

the time frame.

OWASP Top 10 Issues identifications like SQLi, CSRF, XSS using open source tools in Kali linux.

Perform pen tests on different application a week.

Created written reports, detailing assessment findings and recommendations.

Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application

logic etc.) across various platforms.

Performed risk assessments to ensure corporate compliance.

Controls on session management like Server side session states, session termination, Session ID randomness,

expiration, Unique tokens, concurrent logged in session, session fixation prevention.

Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities in order to

safeguard information assets and ensure protection has been put in place on the systems

Perform, review and analyze security vulnerability data to identify applicability and false positives

Work closely with research and development teams for vulnerability remediation

Environment: Metasploit, Burp Suite, Fiddler 2.0, Splunk, Nessus, SQLmap, PHP, HTML, OWASP Mutillidae-

II, Dirbuster, Microsoft Visual Studio, SFTP, FileZilla, Nmap, Nessus.

Security Consultant

Medtronic Northridge, LA April 2014 to December 2014

Responsibilities:

Working as a Technical Security Consultant in the areas of application security highlighting the security

controls needed at the design level.

Understanding & implementation of security into SDLC via application risk assessment, requirements

gathering, design review, application vulnerability assessment.

Validate Input validations, sessions management, client protocol controls, cryptography, Logging,

Information leakage.

Perform thorough penetration testing on web applications.

Perform both manual and automation vulnerability assessment using tools like burp suite, SQLMap.

Ensure the issues identified are reported as per the reporting standards.

Perform validation on design of features like authentication, authorization, accountability.

Provide the report and explain the issues to the development team.

Implement security solutions according to Security Policy and Practices established by the Client.

Review of projects during the SDLC and make actionable recommendations to the project team, understand

the technology and bring solutions based on them.

Burpsuite, Dirbuster, HP Fortify, HP WebInspect, NMap tools on daily basis to complete the assessments.

Manages risk by analysing the root cause of issues, impact to technology and required corrective actions

leveraging advanced analytical skills.

Environment: JAVA, Asp.net, MySQL, Apache Kali Linux, Fiddler 2.0, Burp Suite, SQLmap,OWASP Mutillidae-II,

Dirbuster, Microsoft Visual Studio, HP Fortify, HP WebInspect, SFTP, FileZilla, Nmap, Nessus, Wireshark.

Jr. Security Engineer

Atlantic Software Services ltd Hyderabad, IN February 2012 to December 2013

Responsibilities:

Perform threat modeling of the applications to identify the threats.

Identify issues in the web applications in various categories like Cryptography, Exception Management.

Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.

In the team, main focus of work was to audit the application prior moving to production.

Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts

to rework on issues identified during penetration tests.

Providing remediation to the developers based on the issues identified.

Revalidate the issues to ensure the closure of the vulnerabilities.

Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege

escalations, Lease Privilege and Defense in depth.

Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header,

Tamper data.

UI Developer - Intern

N4 Express, Hyderabad, IN February 2011-January 2012

Responsibilities:

Worked in Agile and Scrum development environments.

Interacted with business system analyst to understand the technical requirements of the project.

Coordinated with Photoshop designers to implement mock ups and the layouts of the application.

Involved in developing the UI pages using HTML, DHTML, CSS, and JavaScript.

Developed web pages with functionalities like login, register, forget password, Email, Filters using Java

Script, jQuery and HTML.

Used JavaScript to update a portion of a web page thus reducing bandwidth usage and load time in web pages

to get user input and requests.

Coded JavaScript for page functionality and Pop up Screens and used HTML to make dropdown menus on

web pages and display part of a web page upon user request.

Involved in writing SQL Queries, Stored Procedures.

Environment: HTML, CSS, JavaScript, DHTML, SQL, PL/SQL, MS Office

Contact this candidate