Rajyalakshmi Javvaji

Information Security Engineer

Phone: 224-***-**** Email: ad1ou7@r.postjobfree.com Status: Green Card

SUMMARY

Passionate and Skilled Information Security Engineer with overall 8 years of industry experience in which 5 years of experience in Information Technology and 3 years of experience as Mechanical Design Engineer.

SKILLS

• Experience in Manual penetration testing of applications to identify OWASP Top 10 and CWE Top 25 Vulnerabilities.

• Good experience in finding vulnerabilities like SQL Injection, Cross site scripting

(XSS), Session management, Sensitive Data Exposure (SDE), CSRF, Security Misconfigurations, Weak Cryptography, Authentication, Functional level access control and Authentication flaws and many more.

• Experience in vulnerability assessment using Burp Suite tool.

• Experience in Configuration findings using NMAP and NESSUS tools.

• Ensuring the identified issues are reported in tools like Bugzilla, Brinqa, JIRA as per reporting standards.

• Identified Critical, High, Medium and Low vulnerabilities in the web application and Calculated criticality of the vulnerability using CVSS score board.

• Functional knowledge of cryptography SSL/TLS, AES, SHA-256, Common Implementation Pitfalls.

• Played a key role in implementing security in each and every phase of SDLC and Suggesting security in early stages of SDLC like requirement phase, Design phase to minimize the efforts to rework on the issues.

• Knowledge on Secure coding methodology including OWASP Secure SDLC.

• Good experience in database programming and securing databases like SQL server, My SQL, Oracle.

• Familiar with Industry frameworks like NIST 800-53, PCI-DSS and HIPPA compliance standards.

• Involved in reviewing open-source software components by using Black-Duck Tool.

• Experience in web application testing in different operating systems like Windows, MAC and Linux.

• Ability to work as individual and as well as a team player to learn. Can adapt new skills and make efforts to do the work at hand and manage time effectively. WORK EXPERIENCE

Fifth Third Bank

Role : Information Security Engineer March 2021 to Till date Responsibilities

• Understanding the Business requirements of the application from Walk- throughs provided by the Application team to Application security Team.

• Involved in Manual Penetration testing of the web application using Burp suite tool and found Vulnerabilities and develop recommendations for application security procedures

• Involved in both Web application testing and API testing based on requirement. Identified vulnerabilities on Reflected Cross-site scripting, Stored Cross-site scripting, Weak SSL/TLS Configuration, and Missing http security headers, Account policy – Weak Lockout policy and Weak Password policy, Weak session management, Missing Cookie attributes and many more.

• Using Burp Suite tool, identified major vulnerabilities related to Insecure Direct Object Reference (IDOR), Unrestricted File uploads and Sensitive Data exposure, Cross site scripting, Broken Authentication, Session Management, HTML injection, Security Misconfigurations, Logging, Cookie attributes, Privilege escalations and many more.

• Well versed with Injection flaws like SQL injection, XSS, HTML injection, XML External Entity etc

• Performed False Positive analysis and included High, Medium and Low vulnerabilities in the reporting tool Brinqa and also provided Impacts and remediations to it.

• Involved in API Penetration testing using POSTMAN tool and SOAPUI tool.

• Involved in Report readouts discussing about vulnerabilities and their impacts. Providing appropriate remediations and Time frames to Application Team.

• Performed Re-testing on vulnerabilities in Production environment.

• Reviewed multiple open-source components and provided approval from application security perspective.

• Involved in reviewing open-source software components by using Black Duck tool.

• Maintained and updated software vulnerability Remediation standard document, Web software security design standards document related to policies and procedures and worked with various teams to ensure annual inspection of documents.

• Involved in Weekly threat update meetings and Information security Compliance team meetings.

• Provided Training to new Interns from ITLP program about Penetration testing.

• Performed Threat modelling using STRIDE and making sure of Security at the Architecture level.

• Reviewing and enforcing security design patterns to support Architecture.

• Assigned the tasks of auditing & proposing solutions to improve current security levels.

Technologies/Tools: Burp Suite, OWASP ZAP Proxy, NMAP, NESSUS, Postman, SoapUI, Java.

GAP Inc –San Francisco, CA

Automation QA Engineer /SDET Jan 2017 to July 2019 Responsibilities:

• Worked on Hybrid automation framework, Java for Page Object pattern using Apache POI for Data driven along with Keyword Driven approach. Used Java to write Selenium scripts and used TestNG for assertions for testing web application.

• Worked with Selenium Grid and TestNG to execute parallel testing scripts.

• Used Selenium WebDriver and TestNG to run the parallel testing by creating Groups, and prioritizing test cases.

• Create down wrappers for Configuration, WebDriver, Web Element to make code reusable.

• Worked with automation of Rest APIs using API framework with Rest Assured, Java and TestNG.

• Performed data driven testing by using JDBC and Groovy script as a data source in SOAP UI and configured SQL queries to fetch data from the Oracle database.

• Developed Groovy scripts to test Report application output and to customize test.

• Developed BDD tests using Cucumber by writing behaviour and step definitions & developed required Selenium support code in JAVA for Cucumber

• Followed Agile project management methodology actively involved in scrum daily standup, sprint planning, sprint review and retrospective meeting.

• Created data validation in Black box testing environment.

• Worked through all cycle of test specification to test deployment for pre and post release usage like monitoring and functional tests.

• Used SQL for data integrity testing, captured the SQL statements from the application execution and manually checked the results.

• Identified network related issues using NMAP and Wire-Shark Tool.

• Testing the product, creating any defect and track any issues in RALLY.

• Worked in Agile environment, task planning, scrums and status reporting. Release on every sprint.

• Worked with UNIX commands when required.

• Analysis of functional specifications and designing test plans, test cases for functional testing.

• Developed test plan, test scenarios, manual as well as automated test cases. Technologies/Tools:: Selenium WebDriver / Grid, TestNG, JMeter, Java, Jenkins, Maven, REST Assured, UNIX, SQL, Agile, Oracle, RALLY

Hyundai Motor India Engineering, India

Digital Designer April 2012 to May 2014

Description: Making Class - A Surfacing for interior parts using CATIA, Moulding Techniques, Forming techniques. Making of trim parts in HYUNDAI MOTOR INDIA ENGINEERING, Hyderabad Research and Development center. Responsibilities:

• Experienced in class A surface generation using Catia V5

• Ability to develop vehicle exterior and interior concept surfaces from Vehicle concept

• Ability to develop Class-A Surface from Clay model scan data and integrating the same with the base model.

• Have experience in CATIA V5 with all the modules

• Prepare in 3D digital design from sketches, technical references, scan data etc.

• Extensive experience in Surface Modelling in CatiaV5.

• Worked with Studio designers of Hyundai and Kia Motors, Seoul, Korea. Environment: Catia V5, Catia V6.

Infotech Enterprises Private Limited, India

Client: Boeing

Assistant Digital Designer Jan 2011 – Feb 2012

Description: The project involves 3-D construction of the entire fuselage which includes the front Fuselage, central Fuselage, tail boom and the Canopy region. Responsibilities:

• Prepared 3D Models.

• Performing design engineer activities using the CATIA tool and have good exposure to Sheet Metal Design, Part Design, Drafting and Surface Design

• Involved in surface design of many components.

• Involved in drawings using AUTOCAD.

• Experience in 2D to 3D Modelling.

• Involved in migrating parts from Catia V4 to V5.

• Involved in solid modelling using Pro-E.

• Have extensive experience in Catia V5 with all the workbenches. Education:

• 2010, Bachelor’s in Mechanical Engineering from Acharya Nagarjuna University, India.

Contact this candidate