Cyber Security Data Analytics
Resume:
VIKAS RAMINEEDU
ad5vre@r.postjobfree.com
PROFESSIONAL SUMMARY
Graduate professional with around 5 years of experience assisting organizations on enterprise-wide security projects.
Implicated towards Cyber Security, Advisory and Data Analytics, seeking opportunities where I can leverage my diverse technical skills and experience including IT security domains such as Security Architecture, Social Engineering, Risk Assessment, Vulnerability Assessment & Penetration Testing for Web, Mobile, Web Services, and Cloud Platforms.
Experienced with Black Box, Grey Box and White Box Security testing, Threat Modelling, Security Architecture, Vulnerability Detection and Remediation, Report Generation and Vulnerability Management pertaining to Network and Application Security.
Proficiency in using Dynamic and Static analysis techniques to assess internal and third-party applications for Security Vulnerabilities and manual exploitation and mitigation of security findings not limited to but including OWASP Top 10 and SANS 25.
Proficiency in designing a robust & secure application architecture by communicating identified vulnerability findings with clients/customers and remediating appropriate mitigations
Performing assessment and risk classification of identified vulnerabilities based on the security impact, likelihood, and business risks.
Reverse engineered hardware components to understand functionality and improve performance in embedded systems.
Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation.
SKILLS
Operating Systems: Linux, Windows and IOS
Programming Languages: .Net(C#), Java, HTML, JavaScript, C++, Python, VB, Angular JS
Source Code Analysis Tools: HP Fortify, Checkmarx, IBM Source, Veracode, SonarQube
Dynamic analysis tools: HP WebInspect, Invicti, Acunetix, Burp Suite, OWASP ZAP
Penetration Testing Tools: Burp Suite, Owasp ZAP, Kali Linux
Cloud Security Tools: Qualys, Okta, Whitehat, Centrify, Nmaps
API Testing Tools: POSTMAN, SOAPUI, Burp Suite
Library Scans: Nexus, JFrog, Black Duck
Network Security Testing Tools: Nmap, Metasploit, Nessus, Qualys Guard, SSLScan, Wireshark
Proxy Tools: Burp Suite, ZAP, Paros
Cloud Infrastructure: AWS, GCP
Methodologies: Waterfall, Agile, RUP
Data Processing: Ms. Excel, SQL, Minitab, SharePoint, Ms. Access
Presentation & Business Modeling: Ms. Visio, Ms. PowerPoint, Visual Studios, Mock Flow
Container security
Web Application security & Application risk assessment
API security & Open-source security
Threat modeling
Static code analysis
EXPERIENCE
Client: UPS
Role: SR APPLICATION SECURITY ENGINEER
Duration: August 2022 – Present
Responsibilities:
Led the implementation of a corporate vulnerability management program, ensuring continuous remediation of vulnerabilities within compliance deadlines.
Led the integration of Checkmarx into the development lifecycle, automating static code analysis and ensuring the continuous identification and remediation of security vulnerabilities in .NET and JAVA applications.
Identified and mitigated security risks associated with APIs and providing guidance and support to development teams on API security best practices.
Conducted vulnerability assessments and penetration testing of APIs.
Integrated security into the SDLC, collaborating with development teams and adhering to Left-Shift principles to enhance code quality and security.
Responsible for automating API security assessments into continuous integration and continuous deployment (CI/CD) pipelines of authentication and authorization infrastructure (e.g. SAML OpenID OAuth)
Performed static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects using tools like Burp Suite, IBM AppScan, Invicti, Blackduck, Kali Linux, SonarQube, Nexus, Checkmarx etc.
Experience with performing vulnerability assessments, red teaming, or penetration testing.
Proficient in capturing application-level vulnerabilities like XXE (XML External Entity), XSS, SQL Injection, CSRF, Broken Authentication, sensitive data, HTTP response, Insecure credential storage, RFI/LFI.
Experience in scanning the third-party library vulnerabilities using JFrog, blackduck.
Hands-on experience in API Security Testing using Postman, SOAP UI, REST API.
Hands on experience on Tools Nessus, Metasploit, Burp Suite, SQL Map, OWASP ZAP Proxy, Acunetix, N-map, and HP Fortify used for web applications Security testing.
Client: Blackbuck EV
Role: APPLICATION SECURITY ENGINEER
Duration: June 2019 - July 2022
Responsibilities:
Skilled in developing strategies and programs to ensure capability enhancement to include measurable goals and objectives.
Implemented continuous monitoring practices in accordance with NIST guidelines, leveraging automated tools and processes to detect, assess, and respond to security incidents in real time.
Maintained guidance documents and tracking systems for assigned campaigns/projects.
Interacted and coordinated in understanding the business issues, requirements, doing exhaustive analysis and offering end-to-end solutions.
Designed, developed, and tested technical solutions collaborating with senior engineers and was involved in code/design reviews.
Worked with limited supervision and overseen the installation, configuration, and maintenance of Security related information systems.
Utilized reverse engineering techniques to identify and resolve vulnerabilities in software systems, enhancing overall security posture.
Conducted various approaches to Grey & Black box security testing.
Conducted Dynamic and Static Application Security Testing (SAST & DAST)
Collaborated with cross-functional teams to integrate NIST cybersecurity controls into system development life cycle (SDLC) processes, ensuring security by design principles are applied from inception to deployment.
Developed reports and presentations regarding Security activities.
Provided support for Security activities, including meeting agendas, memoranda, reports, or other documents using word-processing or other software systems such as Microsoft Word, Excel, Outlook E-mail, and Calendar system.
Assisted developers in re-mediating issues with Security Assessments concerning OWASP standards.
Learned how to independently resolve production issues through the troubleshooting of applications and components.
Identified vulnerabilities like SQL injection, XSS, CSRF relating to session management, privilege escalation and other logical issues.
Served as a Security engineer for multiple projects / Teams on a cross-functional team responsible for Vulnerability identity management.
EDUCATION
Master of Science – Business Analytics from Sacred Heart University-Connecticut
Contact this candidate