Aneeshwar
Role: Penetration Testing Email:**********@*****.*********:********@*****.*** Phone: 973-***-****
Summary of Professional Experience:
A Penetration Tester and Security Analyst with 3 years of professional experience and specialized master’s degree in Cyber Forensics and Security with 8 months academic project on VoIP technology and 4 months project on penetration testing.
Performing port checking and filtering all the open ports and defenselessness examining on the IP & identifying IP, ports, administrations, vulnerabilities, and administrations running on the objective system (vulnerability and network scanning)
Using Enterprise level Vulnerability scanners like IBM App Scan, Nessus, OpenVAS Scanner, Armitage, Snort, Dirbuster and various opensource and free in-built tools like Nmap, Metasploit, OWASP ZAP, Hping3, Aircrack-ng, OpenVAS Vulnerability Scanner and many in-built tools available in Kali Linux and Parrot Security Operating systems.
Adept in penetration testing and forensic analysis. Certified in Cisco Network Associate, Kali Linux, PCI DSS Auditing, and worked on VoIP, HTTPS, SNMP, FTP, RDP, TCP, RTP etc.
Good practical knowledge in vulnerability analysis, Exploit Creation, risk mitigation and recommendation on how to avert the security breach.
Hands-on knowledge in computer forensics, extracting data logs for a breach and doing a live forensic analysis. Security Auditing in PCI DSS, Policy Creation, audit assessment, compliance and reporting.
Checkpoint firewall administration with configuration, Java, SQL and technical support for most of the devices.
Troubleshooting system and network problems and diagnosing and solving hardware or software faults, replacing parts as required, setting up new users' accounts and profiles and dealing with password issues.
Maintenance of internet connections, monitor and test system performance and provide performance statistics and reports. Prepared technical documents by implementing the necessary changes as defined in the change management process.
In-depth understanding of Information Security Concepts, Vulnerability Assessment and Penetration testing.
Sound Knowledge in Security Auditing and hand-on experience in PCI DSS Assessment and report writing.
Complete hand-on experience with Checkpoint firewall from configuration to policy creation and logging.
Configuration of wireless routers, switches & modems. Purchasing of IT Peripheral online & offline. Aware of video conferencing system in organization, Knowledge of Cloud storage system like, G- Drive, One Drive and box.
Good Knowledge on Encryption/Decryption, Authentication and Authorization, Signing, GnuPGP, Public-key Encryption.
Tools:
Nessus Enterprise
Paladin (Desktop Forensics)
Burp Suite Pro
OpenVAS Scanner
Qualys Guard
Wireshark
Cherry tree Report Maker
FTK Imager
Kali Linux
Windows
IBM AppScan
Metasploit
Snort
Splunk
W3AF (Web App testing)
Encase
Win Hex
Parrot Security
Windows Servers
Maltego
Nmap
Nikto Scanner
Armitage
Social Engineering Toolkit
The Sleuth Kit
ProDiscover Forensics
Ubuntu
Checkpoint Firewall
Work Experience:
Client: Verint Systems
Role: Vulnerability Assessment and Penetration testing Duration: September 2018 -- Present
Location: Alpharetta, Georgia
Responsibilities:
In-depth understanding of information security concepts.
Experience on assessment and penetration testing
Perform Vulnerability assessment on the internal network in the organization to identify if they are patched and updated.
Conduct vulnerability scans and patch management on client application and machines
Schedule and initiate automated vulnerability scans in Nessus and IBM Scan, and manual verification of the vulnerabilities by conducting penetration testing to quantify the impact and calculate time frame for the patching.
Conducting Web Application Vulnerability Assessment using Burp Suite, IBM AppScan, and OWASP-ZAP to patch the latest web threats like SQL Injection, Access Control, Sensitive Information exposure and rarely cross site scripting. Manual Code review and secure code testing and used SOAPUI to test the webservices.
Support blue team in the defending against the active threats and patch the threats as soon as possible.
Researching and preparing demo's on latest vulnerabilities with exploits which might affect company.
Investigate and resolve any security issues found in the host systems, databases, network configurations, OS vulnerabilities, users and password creations and try to be in compliant.
Extensive experience working with Qualys-guard to conduct Network Security assessments.
Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on web-based Applications, Infrastructure and penetration testing and Mobile based applications.
Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
Experience in vulnerability assessment and penetration testing using various tools like Metasploit, Burp Suite, DirBuster, OWASP ZAP proxy, NMap, OpenVAS, Nessus, IBM AppScan enterprise, Kali Linux
Expertise in SQL Injection protection, XSS Protection, Script Injection and mitigation and prevention techniques
Involved in Software Development Life cycle (SDLC) to ensure security controls are in place
Experience in Threat Modelling during Requirement gathering and Design phases
Static Code Analysis during development phase
Performed the gap analysis to identify scenarios like privilege escalation
Experience as an Information Security Analyst involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services
Client: W.W. Grainger Role: SOC Analyst II
Duration: March 2018 - September 2018 Location: Chicago, IL
Responsibilities:
Conducted vulnerability assessments on host systems, web applications, company network servers and firewall devices and operating systems and carefully identified critical vulnerabilities in applications and systems that cyber attackers could exploit.
Conducted network security audits and scanning on a predetermined basis on assets.
Executed vulnerability assessment using the enterprise application like Tenable Nessus Scanner to pinpoint vulnerabilities and reduce time-consuming tasks.
Performed manual testing techniques and methods to gain a better understanding of the environment and reduce false positives on certain findings in the reports.
Compiled and tracked vulnerabilities over time for metrics purposes and produced deliverables on a weekly basis for the customer. Developed and presented comprehensive Vulnerability Assessments on the system assets in my scope. Reviewed and defined requirements for information security solutions and worked directly with systems engineers and developers to resolve findings.
Performed penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.). Planned, communicated, coordinated and performed penetration testing, application testing, and security assessments at application, system and enterprise level.
Conducted testing on web applications and performed scans using BurpSuite, OWASP ZAP Scanner and BurpSuite and SOAPUI. Validated findings by performing manual exploitation of findings to eliminate false positives.
Recognized, explained, documented, and reported vulnerabilities and kill chains, describing remediation activities, with the ability to extensively communicate the results, in both technical, and layman terms, to the appropriate audience. Contributed to developing and implementing tools for penetration testing and early warning of weaknesses.
Client: CanGo Network Pvt Ltd Role: Jr. Network Systems Engineer Duration: June 2016 - August 2017 Location: Chennai, India
Responsibilities:
Handle daily tier one support from end users and generate tickets.
Organize daily support tickets and finish them on time.
Maintaining and administering computer networks and related computing environments including systems software, applications software, hardware, and configurations.
Troubleshooting, diagnosing and resolving hardware, software, and other network and system problems.
Replacing faulty network hardware components when required.
Maintaining, configuring, and monitoring virus protection software and email applications.
Monitoring network performance to determine if adjustments need to be made.
Conferring with network users about solving existing system problems.
Coordinating computer network access and use.
Designing, configuring and testing networking software, computer hardware, and operating system software.
Testing and checking the system for weaknesses in software and hardware.
Configure CPU, memory, and disk partitions as required.
Perform daily routine checking on servers and services.
Take on call role to provide 24/7 support to end users.
Certifications:
Cisco Certified Network Associate (CCNA) - CSCO13342997
CompTIA Security+ - Udemy Online Course
Certified Ethical Hacker (CEH) - Hands-on Training EC-Council
Red hat Certified System Administrator (RHCSA) CERTIFICATE NUMBER: 160-044-434
Education:
Master’s Degree in Cyber Forensics and Security from Illinois Institute of Technology with GPA: 3.8/4.0
Bachelor’s Degree in Information Technology from SRM University with GPA: 3.3/4.0
Academic Projects:
Penetration Testing and Vulnerability Analysis
Illinois Institute of Technology
Conducted Grey-box Penetration Testing on web server hosted on University virtual server.
Used Vulnerability scanners Nessus, Metasploit Framework, OpenVAS, Nmap, Nikto, OWASP-ZAP.
Found vulnerable to Eternal Blue, RDP, SNMP, FTP, Remote Code Execution, Clear text transmission.
Exploited RDP, brute-force User login, FTP, Remote Code Execution, and Eternal Blue
Created a Penetration Testing Report based on all the findings and Exploits and given mitigation steps.
Network Stenography - Team Leader
Illinois Institute of Technology
Developed a model which can send voice messages from one system to another using VoIP call session as cover channels.
Implemented a VoIP session using sip callers and PBX Server and a hacker eavesdropping on the network traffic.
Used a rtpinsertsound/rtpmixsound programs to send a pre-recorded audio message into the VoIP stream. Hacker on the network won’t be able to intercept and listen to the message.
Hacker used Wireshark traffic analysis. Done extensive testing and research on different methods.