S.Rahul
acykk4@r.postjobfree.com
SUMMARY OF QUALIFICATIONS:
Having 5 years of experience in IT industry as security analyst and penetration tester.
Static Code Analysis during development phase. Penetration testing based on OWASP Top 10.
Worked as an Information Security Test Consultant, involved in recommending security solutions of new
applications incorporating secured SDLC, OWASP Top 10 based Vulnerability Assessment of various
internets facing point of sale web applications.
Experience in Threat Modelling during Requirement gathering and Design phases.
Hands on Experience on vulnerability assessment and penetration testing using various tools like IBM
Appscan, HP Fortify, Acunetix, Qualysguard, Kali-Linux, BurpSuite, Fiddler 2.0, DirBuster, OWASP
ZAP Proxy, SQLmap, Nmap, Nessus, FileZilla, Gpg4win Kleopatra, Cain and Abel, Nitko, HP
WebInspect, Metasploit,, Wireshark, L0phtcrack, Snort, Nmap, Nmap-NSE, Cain and Abel, Nitko,
Dirbuster, IBM App scan, Nessus, Open Vas, W3AF, BeEF, Etthercap, Maltego, Wifi-Security, Havij,
Recon-ng, Aircrack-ng suite.
Penetration testing based on OWASP 10.
Involved in implementing and validating the security principles of minimum attack surface area, least
privilege, secure defaults, Defence in depth, Avoiding security by obscurity, Keep security simple, Fixing
security issues correctly.
Validate the false positives and report the issues.
Quick Learner, Committed team player with interpersonal skills and enjoy challenging environment with
scope to improve self and contribute to the cause of the organization.
Excellent problem-solving and leadership abilities.
Technical Skills:
Proxy Tools & Ad-Ons BurpSuite, DirBuster, OWASP ZAP Proxy, Nmap, Live http header,
Tamperdata.
Programming Languages C, C++, PHP
Scripting Languages Python, Basic shell Scripting
Web Technologies HTML 4.0/5, XHTML, DHTML, CSS2/CSS3, JAVASCRIPT, JQUERY,
AJAX, JSON and XML
Operating System Linux/Unix (Red Hat Enterprise Linux, Debian, Ubuntu, Fedora, Santoku,
Backtrack 2/3/4/5, Kali Linux), Windows.
Database MySQL, Oracle, MSSQL
Certifications:
Certified Ethical Hacker (CEH v8)
Professional Experience:
Penetration Tester
Time Warner Cable - Herndon, VA January 2016 to Present
Responsibilities:
Conducted application penetration testing of 10+ business applications
Conducted Vulnerability Assessment on Various Applications
Acquainted with various approaches to Grey & Black box security testing
Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication
bypass, weak cryptography, authentication flaws etc.
Conducted security assessment of PKI Enabled Applications.
Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web application
penetration tests.
Generated and presented reports on Security Vulnerabilities to both internal and external customers.
Security assessment of online applications to identify the vulnerabilities in different categories like Input and
data Validation, Authentication, Authorization, Auditing & logging.
Vulnerability Assessment of various web applications used in the organization using Burp Suite, and Web
Scarab, YASCA, HP Web Inspect.
Training the development team on the most common vulnerabilities and common code review issues and
explaining the remediation.
Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing
System
Environment: Kali Linux, Java, .NET, Oracle DBA
Application Penetration Tester
American Express Phoenix, AZ January 2015 till November 2015
Responsibilities:
Pen testing on various application contacting PHI to ensure the company meets the compliance requirements
Schedule the pen test, also make sure that all the applications are covered in the schedule and completed in
the time frame.
OWASP Top 10 Issues identifications like SQLi, CSRF, XSS using open source tools in Kali linux.
Perform pen tests on different application a week.
Created written reports, detailing assessment findings and recommendations.
Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application
logic etc.) across various platforms.
Performed risk assessments to ensure corporate compliance.
Controls on session management like Server side session states, session termination, Session ID randomness,
expiration, Unique tokens, concurrent logged in session, session fixation prevention.
Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities in order to
safeguard information assets and ensure protection has been put in place on the systems
Perform, review and analyze security vulnerability data to identify applicability and false positives
Work closely with research and development teams for vulnerability remediation
Environment: Metasploit, Burp Suite, Fiddler 2.0, Splunk, Nessus, SQLmap, PHP, HTML, OWASP Mutillidae-
II, Dirbuster, Microsoft Visual Studio, SFTP, FileZilla, Nmap, Nessus.
Security Consultant
Medtronic Northridge, LA April 2014 to December 2014
Responsibilities:
Working as a Technical Security Consultant in the areas of application security highlighting the security
controls needed at the design level.
Understanding & implementation of security into SDLC via application risk assessment, requirements
gathering, design review, application vulnerability assessment.
Validate Input validations, sessions management, client protocol controls, cryptography, Logging,
Information leakage.
Perform thorough penetration testing on web applications.
Perform both manual and automation vulnerability assessment using tools like burp suite, SQLMap.
Ensure the issues identified are reported as per the reporting standards.
Perform validation on design of features like authentication, authorization, accountability.
Provide the report and explain the issues to the development team.
Implement security solutions according to Security Policy and Practices established by the Client.
Review of projects during the SDLC and make actionable recommendations to the project team, understand
the technology and bring solutions based on them.
Burpsuite, Dirbuster, HP Fortify, HP WebInspect, NMap tools on daily basis to complete the assessments.
Manages risk by analysing the root cause of issues, impact to technology and required corrective actions
leveraging advanced analytical skills.
Environment: JAVA, Asp.net, MySQL, Apache Kali Linux, Fiddler 2.0, Burp Suite, SQLmap,OWASP Mutillidae-II,
Dirbuster, Microsoft Visual Studio, HP Fortify, HP WebInspect, SFTP, FileZilla, Nmap, Nessus, Wireshark.
Jr. Security Engineer
Atlantic Software Services ltd Hyderabad, IN February 2012 to December 2013
Responsibilities:
Perform threat modeling of the applications to identify the threats.
Identify issues in the web applications in various categories like Cryptography, Exception Management.
Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
In the team, main focus of work was to audit the application prior moving to production.
Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts
to rework on issues identified during penetration tests.
Providing remediation to the developers based on the issues identified.
Revalidate the issues to ensure the closure of the vulnerabilities.
Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege
escalations, Lease Privilege and Defense in depth.
Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header,
Tamper data.
UI Developer - Intern
N4 Express, Hyderabad, IN February 2011-January 2012
Responsibilities:
Worked in Agile and Scrum development environments.
Interacted with business system analyst to understand the technical requirements of the project.
Coordinated with Photoshop designers to implement mock ups and the layouts of the application.
Involved in developing the UI pages using HTML, DHTML, CSS, and JavaScript.
Developed web pages with functionalities like login, register, forget password, Email, Filters using Java
Script, jQuery and HTML.
Used JavaScript to update a portion of a web page thus reducing bandwidth usage and load time in web pages
to get user input and requests.
Coded JavaScript for page functionality and Pop up Screens and used HTML to make dropdown menus on
web pages and display part of a web page upon user request.
Involved in writing SQL Queries, Stored Procedures.
Environment: HTML, CSS, JavaScript, DHTML, SQL, PL/SQL, MS Office