ANURAG CHAUBEY
Ph: 226-***-**** Email: ada6x9@r.postjobfree.com LinkedIn: www.linkedin.com/in/anurag-chaubey City: Toronto
DEVSECOPS AND CLOUD SECURITY ENGINEER
DevSecOps OWASP Hashicorp Vault App Security Penetration Testing Vulnerability Assessment
TECHNICAL SUMMARY
Nearly 1 year as a DevSecOps Engineer involving work on securing Cloud infrastructure and securing CICD Pipelines
Skilled IT Professional with Post-Graduation Diploma in Information Security Management in addition to hands-on experience working with various Networking devices, Security Applications and Tools used towards securing Information Technology Infrastructure
Worked on preparing Disaster Recovery and Business Continuity Plans for Projects and Portfolio
Practical experience on doing penetration testing to the deployed infrastructure and conducting a vulnerability assessment of the application and the infrastructure using security tools
Integrated security tools into the CICD pipeline viz Veracode for Code Vulnerability, Sonatype for Executable security, Nexpos for VM security, Carbon Black for VM vulnerability, Endpoint security for overall VM security
Very good in the ability to maintain Network Security by configuring Firewalls
Working knowledge in Active Directory, LDAP, WSUS, IPTables, NGFW and ACL’s
Hands-on knowledge in Linux including performance tuning NUMA, cgroups, network stack, IPtables etc
Expert knowledge in setting up a secured private cloud (virtualization) using vSphere, Hyper-V, KVM, Xen, ESXi
Expert proficiency in Python, Shell; moderate proficiency in Java, Perl and C/C++
Implemented enterprise capabilities for DevOps, DevSecOps, and CI/CD in the public cloud AWS
Hands-on experience with writing rules into Intrusion Detection Systems and Intrusion Prevention Systems
Experience working on Web Application Security and in exploiting OWASP TOP 10 vulnerabilities
Agile Team player with excellent interpersonal skills, self-motivated, dedicated and understanding the demands of 24/7 security maintenance
SKILL MATRIX
Atlassian Tools and Others
Jira, Confluence
Version Control Tools
Bitbucket, GitHub
CICD Deployment Tools
Jenkins, Ansible
Configuration Management Tools
Ansible
Security Tools
Sonatype, Veracode, Nexpos, Symantec Endpoint Security, AWS Shield, Azure Web Application Gateway
Clouds
Amazon AWS, Microsoft Azure
Infrastructure as Code tools
Terraform
Security as Code Tools
Hashicorp Vault, AWS Parameter Store, Azure KeyVault
Programming Languages
C, C++, Java
Scripting Languages
Bash Shell, Python, PowerShell, Perl
Operating Systems
Windows, Kali Linux
EDUCATION
PG Diploma in Information Security Management Fanshawe College, London, ON 1 Year
PG Diploma in Software & Information Systems Testing Fanshawe College, London, ON 1 Year
Bachelor of Computer Applications, Bangalore University, Bangalore, India 3 years
WORK EXPERIENCE
DevSecOps Engineer University of Toronto, Toronto Apr’19 - Till Date
Part of the R&D Security team responsible for the design and implementation of Website security features and security maintenance.
Responsible for the website security audit using various third-party tools: penetration testing frameworks (Kali Linux), security vulnerability scanners (Nessus, IBM AppScan, Burp)
Responsible for the special security investigations and utility development: brute-force attacks, DDoS simulations, research of sophisticated vulnerability exploitation scenarios
Involved in defining website security requirements and security checklist
Defined and setup application quality/health monitoring tools and documenting best practices
Drove the security mindset across the entire organization teams
Initiated and managed projects for relevant security compliances.
Participated in the planning and design of security systems by evaluating and applying application security frameworks and technologies.
Assisted in determining security requirements by evaluating business strategies and requirements. Researched information security standards; conducted system security and vulnerability analysis and risk assessments; studied application architecture/platform.
Developed and coordinated security training programs.
Security Analyst NCPL Inc, Hyderabad May’17- Dec’17
Performed app security reviews, outlining requirements, verifying remediation, threat modeling, Data migration, etc
Assessed application-level vulnerabilities (i.e., code, libraries, databases, frameworks, etc.)
Performed risk assessments
Assisted the full-stack development and DevOps teams in building secure software and infrastructure.
Performed the threat analysis and security audits on the software and infrastructure
Monitored emerging IT security threats and trends
Defined hardening configurations
REFERENCES
Available on request