Software Engineer Data

PREET SHAH

* ******* ******, ***. * linkedin.com/in/shahprit **********@*****.***

Boston, MA 02120 +1-857-***-****

EDUCATION

Northeastern University, Boston, MA Jan. 2015 - Dec. 2016 Master of Science in Information Assurance (GPA – 3.67) Courses: Network Security Practices, Software Vulnerabilities and Security, Information System Forensics, Computer System Security, Data Mining in Cyberspace

Gujarat University (S.V.I.T), Gujarat, India Aug. 2007 - Jul. 2011 Bachelor of Engineering in Electronics and Communication (GPA – 3.86) TECHNICAL SKILLS

Languages

JAVA

Python

Assembly x86

Penetration Testing

Metasploit

Nmap

Burp Suite

OpenVAS

Traffic Analyzers

Wireshark

tcpdump

Netwitness

Forensics Tools

Autopsy

ProDiscover

EnCase Forensic

Reverse Engineering

Radare

gdb (Linux)

WORK EXPERIENCE

Fidelity Investments, Boston, MA Jan. 2016 – Jul. 2016 IT Audit Co-op Associate

Developed secure JAVA based web application with SSO functionality to fast track the desktop and network audit.

Developed data flow diagram of new web scrapping Nexus technology; found financial and IT risks in eMoney Advisors company audit (External Audit) and provided secure controls.

Cybersecurity audit- Reviewed and upgraded the critical security policies and Technical Directive based on NIST 800-53 controls and ISO 27001 to secure company’s network and systems. Odysseus Solutions, Gujarat, India Jun. 2014 – Dec. 2014 Software System Analyst

Took full responsibility in Vulnerability assessment on web application to verify whether application is vulnerable to injection or XSS attacks.

Led team of 4 in project using PI database and MySQL for tracking real time data of the cruise ships.

Developed the technical documents for the developer, and also drafted knowledge based documents for the users. Tech Mahindra Ltd, Pune, India May. 2012- May. 2014 Software Engineer

Developed JAVA based Customer Relationship Management (CRM) web application.

Empowered uninterrupted services by fixing bugs in Siebel 8.0 and BRM tools for Vodafone Qatar client project.

Monitored the activity logs of all applications and database servers. PROJECTS/ RESEARCH

Research Paper I- Securing PII (Personally Identifiable Information) confidentiality Mar. 2015

Figured out short comings in HIPAA and CMR 17.0 Mass Privacy law that are formed to secure PII data.

Proposed hashing technique to store PII data at rest and to maintain the integrity of confidential data. Research Paper II- Cloud Forensics Investigation Jul. 2015

Reviewed cloud forensics tools recently used in the market and challenges faced in cloud forensics investigation.

Recommend quicker and enhanced way of data acquisition in cloud environment. Binary Exploitation Aug. 2015

Developed Perl scripts and shellcode to automate buffer overflow attack on remote Windows systems.

Performed stack overflow attack on remote Ubuntu server (part of online challenge). Resource Exhaustion Sep. 2015

Demonstrated DDOS attack using Software Defined Networks (SDN). Web Application Attacks Oct. 2015 - Sep. 2016

Simulated SQL injection and XSS attacks on the iseclab.org web application to retrieve database admin credentials.

Demonstrated Advance SQL injection attack on web application to retrieve database information.

Performed parameter injection on remote application server to fingerprint the OS and services. Hobby Projects

Developed network IP scanner using Python.

Practice online CTFs for enhancing my skills in web application security.

Contact this candidate