ANURAG CHAUBEY

Ph: 226-***-**** Email: ada6x9@r.postjobfree.com LinkedIn: www.linkedin.com/in/anurag-chaubey City: Toronto

DEVSECOPS AND CLOUD SECURITY ENGINEER

DevSecOps OWASP Hashicorp Vault App Security Penetration Testing Vulnerability Assessment

TECHNICAL SUMMARY

Nearly 1 year as a DevSecOps Engineer involving work on securing Cloud infrastructure and securing CICD Pipelines

Skilled IT Professional with Post-Graduation Diploma in Information Security Management in addition to hands-on experience working with various Networking devices, Security Applications and Tools used towards securing Information Technology Infrastructure

Worked on preparing Disaster Recovery and Business Continuity Plans for Projects and Portfolio

Practical experience on doing penetration testing to the deployed infrastructure and conducting a vulnerability assessment of the application and the infrastructure using security tools

Integrated security tools into the CICD pipeline viz Veracode for Code Vulnerability, Sonatype for Executable security, Nexpos for VM security, Carbon Black for VM vulnerability, Endpoint security for overall VM security

Very good in the ability to maintain Network Security by configuring Firewalls

Working knowledge in Active Directory, LDAP, WSUS, IPTables, NGFW and ACL’s

Hands-on knowledge in Linux including performance tuning NUMA, cgroups, network stack, IPtables etc

Expert knowledge in setting up a secured private cloud (virtualization) using vSphere, Hyper-V, KVM, Xen, ESXi

Expert proficiency in Python, Shell; moderate proficiency in Java, Perl and C/C++

Implemented enterprise capabilities for DevOps, DevSecOps, and CI/CD in the public cloud AWS

Hands-on experience with writing rules into Intrusion Detection Systems and Intrusion Prevention Systems

Experience working on Web Application Security and in exploiting OWASP TOP 10 vulnerabilities

Agile Team player with excellent interpersonal skills, self-motivated, dedicated and understanding the demands of 24/7 security maintenance

SKILL MATRIX

Atlassian Tools and Others

Jira, Confluence

Version Control Tools

Bitbucket, GitHub

CICD Deployment Tools

Jenkins, Ansible

Configuration Management Tools

Ansible

Security Tools

Sonatype, Veracode, Nexpos, Symantec Endpoint Security, AWS Shield, Azure Web Application Gateway

Clouds

Amazon AWS, Microsoft Azure

Infrastructure as Code tools

Terraform

Security as Code Tools

Hashicorp Vault, AWS Parameter Store, Azure KeyVault

Programming Languages

C, C++, Java

Scripting Languages

Bash Shell, Python, PowerShell, Perl

Operating Systems

Windows, Kali Linux

EDUCATION

PG Diploma in Information Security Management Fanshawe College, London, ON 1 Year

PG Diploma in Software & Information Systems Testing Fanshawe College, London, ON 1 Year

Bachelor of Computer Applications, Bangalore University, Bangalore, India 3 years

WORK EXPERIENCE

DevSecOps Engineer University of Toronto, Toronto Apr’19 - Till Date

Part of the R&D Security team responsible for the design and implementation of Website security features and security maintenance.

Responsible for the website security audit using various third-party tools: penetration testing frameworks (Kali Linux), security vulnerability scanners (Nessus, IBM AppScan, Burp)

Responsible for the special security investigations and utility development: brute-force attacks, DDoS simulations, research of sophisticated vulnerability exploitation scenarios

Involved in defining website security requirements and security checklist

Defined and setup application quality/health monitoring tools and documenting best practices

Drove the security mindset across the entire organization teams

Initiated and managed projects for relevant security compliances.

Participated in the planning and design of security systems by evaluating and applying application security frameworks and technologies.

Assisted in determining security requirements by evaluating business strategies and requirements. Researched information security standards; conducted system security and vulnerability analysis and risk assessments; studied application architecture/platform.

Developed and coordinated security training programs.

Security Analyst NCPL Inc, Hyderabad May’17- Dec’17

Performed app security reviews, outlining requirements, verifying remediation, threat modeling, Data migration, etc

Assessed application-level vulnerabilities (i.e., code, libraries, databases, frameworks, etc.)

Performed risk assessments

Assisted the full-stack development and DevOps teams in building secure software and infrastructure.

Performed the threat analysis and security audits on the software and infrastructure

Monitored emerging IT security threats and trends

Defined hardening configurations

REFERENCES

Available on request

Contact this candidate