Application Security Information Technology

RICHA SHARMA

College station, TX ***** +1-979-***-**** ***************@*****.*** Richa-Sharma

PROFESSIONAL SUMMARY

I worked for over 4.5 years with hands-on experience in product and application security testing. Experience with security assessment of various internet facing applications based on OWASP Top 10 methodology. Possess experience with code reviews, code signing and automated security tools for conducting SAST and DAST.

EDUCATION

Texas A&M University, College Station, USA CGPA - 4.0/4.0 August 2023 – May 2025 Masters in Cybersecurity

Coursework: Cryptography, Applied Digital Forensics and Incident Response, ML Based Cyber Defenses, Cybersecurity Risk SRM Institute of Science &Technology, Chennai, India CGPA - 3.61/4.00 May 2015 – May 2019 Bachelor of Technology in Information Technology

Coursework: Computer Network, Operating System, Data Structure, Computer Architecture TECHNICAL SKILLS

• Operating Systems: Linux, Windows

• Tools: Burp Suite, Kali, OWASP ZAP, Process Monitor, Metasploit, Wireshark, Veracode, Dradis, ADB Command-line tool, MobSF, Frida, SysInternalSuits, APK Tool, Jdax, Nessus, Nmap, sqlmap, Acunetix, Autopsy, Ghidra, Objection.

• Database System: SQL Server, PostgreSQL

• Programming & Scripting Languages: Java, JavaScript, HTML, CSS, PHP, Python, C, C++, Bash/Shell.

• Security Best Practices: NIST Cybersecurity Framework, ISO, HIPAA, GDPR, PCI DSS PROFESSIONAL EXPERIENCE

Cyber Security Engineer II - HP Inc, Bangalore, India August 2019 - August 2023

• Executed pen tests on over 100+ applications across diverse platforms like Web, Desktop, Mobile (Android & iOS), and Printer applications. Identified critical vulnerabilities like SQL Injection, privilege escalation, remote code execution, authentication bypass, XSS, Improper Session, SSRF, IDOR etc., which lead to reduction in potential security risks.

• Created comprehensive reports that include issue descriptions, proof of concepts, security policies, and processes to mitigate issues discovered during penetration testing.

• Created Lambda functions to monitor and close unused ports in the AWS Dev and Prod Accounts, helped to detect suspicious activities on the network.

• Reduced the security architecture consultant's report writing strain to about 30% by automating the process of preparing report templates and emails using Microsoft flows.

• Involved in 200+ SAST (Static Application Security Testing) for all printer apps from third party before pushing it to the HP Printer Application Center. Also, reviewed static analysis reports from the contingent workers and offered the appropriate feedback if required.

• I contributed to the red team activity, identified critical vulnerabilities thus improve security posture and reduce risk.

• Maintained vulnerability assessment tools like MobSF on AWS window machine with customization related to HP specific security requirements and timely patching to detect printer and mobile applications vulnerabilities.

• Delivered multiple Security SIG and Tech-Bits seminars on mobile and printer application security to HP's global audience, to help reduce the number of security policy violations.

• Collaborated with development teams to ensure secure development standards and secure coding best practices are followed. Cyber Security Engineer Intern - HP Inc. Bangalore, India Jan 2019 – July 2019

• Reviewed the security architecture of 200+ cloud accounts to be migrated to the HP public cloud.

• Developed Lambda function using Python and boto3 to monitor and report open ports on EC2 instances, enhancing security posture.

• Coordinated as part of the security architectural review process as a program manager. PROJECTS Feb 2024 – April 2024

ML Based Cyber Defenses Defender Challenge Project python, docker, Random Forest Classifier, SGD Classifier

• Developed a machine learning pipeline to identify binary malware, gaining insight into the functionality of antivirus and security solutions. Leveraged a dataset consisting of 138,000 executable files, extracted features from PE files using TF-IDF. Employed a Random Forest model to uncover key data patterns, thus establishing a robust malware detection framework.

• Created adversarial samples using machine learning to attack and defend third-party models, acquiring practical skills in adversarial techniques. Explored the threats posed by adversarial examples to machine learning models, providing context for the suitability of machine learning solutions. ACHIEVEMENTS

• Participated in AWS GAME DAY at HP and secured 2nd Rank.

• Academic excellence helped in being accepted into the Super 30 project, which offers a year of free education. CERTIFICATIONS

• CompTIA Security+ 701 Issued Mar 2024 - Expires Mar 2027

• AWS Solution Architect Associate

ADDITIONALS

Active Member of WiCyS

Training: Tryhackme, Hack The Box, TCM Security

Contact this candidate