Tarek Hasan

adb86y@r.postjobfree.com

914-***-****

PROFESSIONAL SUMMARY

•Having up to 4+ years of experience in IT industry specialized in Information Security.

•Well versed with various vulnerabilities and attacks in web applications - OWASP top 10.

•Experienced in SQL Injection protection, XSS Protection, Script Injection and major hacking protection techniques.

•Skilled in various web application security testing tools like Metasploit, Burp-Suite, SQL map, OWASP ZAP Proxy, Acunetix Automatic Scanner, Kali Linux and Nikto.

•Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.

•Skilled in identifying the business requirements for information security as well as regulations of information security

•Experience on vulnerability assessment and penetration testing using various tools like Burp Suite,

•OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, IBM Appscan.

•Developed, implemented and enforced security policies through experience, in-depth knowledge of security software, and asking the customer the right questions

•An enthusiastic team player who embodies a strong work ethic and a leader who utilizes complex problem-solving skills for incident analysis.

•Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks.

•Good knowledge in Vulnerability Assessment and Penetration Testing on Mobile based application, WEB based Applications and Infrastructure penetration testing.

•Experience in Threat Modelling during Requirement gathering and Design phases.

•Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes & challenges.

•Technical business expert employing tremendous Information Security Audit, Strategy and Risk Management Techniques.

•Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP proxy, NMap, Nessus, Kali Linux, Metasploit.

•Capable of identifying flaws like Security Misconfiguration, Insecure direct object reference, Sensitive data exposure, Functional level access control, Invalidated redirects.

TECHNICAL SKILLS:

Languages

C++, JAVA SQL

Tools

Nessus, Nmap, Burp Suite, Metasploit, Kali Linux,

Network Tools

Nmap, Wireshark, Nessus, Metasploit

Operating Systems

Windows, and Linux, MacOS

WORK EXPERIENCE

Penetration Tester Consultant Mar 2018 - Present

Tia Cref - Iselin, NJ

•Responsible for assessing the controls to identify gaps and to design and analyze segregation of duties, least privilege for that application.

•Conducted Vulnerability Assessment on various applications.

•Performed security research, analysis and design for all client computing systems and the network infrastructure.

•Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.

•Worked with management to update security manuals and address current concerns.

•Acquainted with various approaches to Grey & Black box security testing.

•Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.

•Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.

•Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project.

•Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10.

•Experience with Burp Suite, SQL Map, NMap, and Nessus.

•Conducted application penetration testing over various business applications.

•Conduct penetration tests on systems and applications using automated and manual techniques with tools such as Core Impact, Hp Fortify, Metasploit, Burp suite, Web Inspect, Kali Linux, and many other open source tools as needed.

•Work with support teams to address findings as a result of the tests.

•Conducted analysis using Kali Linux environment and effectively neutralized DOS, DDOS, CSRF, XSS and SQL Injection Attacks.

•Skilled using Burp Suite, Nessus, for web application penetration tests and infrastructure testing.

•Ensure the issues identified are reported as per the reporting standards.

•Advised on secure data deletion and equipment sanitization, decommissioning and reuse guidelines for high security environments.

•Perform risk assessments to ensure corporate compliance

•Provide oral briefings to leadership and technical staff, as necessary.

•Provide the report and explain the issues to the development team.

•Proactively conducted research, analyze, and report on trends in certain activities, vulnerabilities, reported

•Capable of identifying flaws like Security Misconfiguration, Insecure direct object reference, Sensitive data exposure, Functional level access control, Invalidated redirects.

Penetration Tester / Security Analyst June 2016 – Feb 2018

McKesson Corporation - Atlanta, GA

•Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.

•Performed penetration testing over the enterprise systems to audit the standards to comply with ISO Standards.

•Becoming familiar with the business functions and infrastructure of the organization

•Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.

•Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.

•Executed live packet data capture using Wireshark to examine security flaws in the network devices.

•Given presentations to client over their security issues and potential solutions for those problems.

•Provide remediation steps to the team and follow up.

•Re testing the applications for found vulnerabilities and post production support.

•Retest the fixed issues and ensure the closure

•Performed Vulnerability Assessments and Data Classification

•The security tools Metasploit and BurpSuite were utilized for manual penetration testing.

•Developed and implemented online security procedures.

•Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.

•Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project.

•Performed security research, analysis and design for all client computing systems and the network infrastructure.

Software Tester April 2015 – May 2016

Allindia Technologies Ltd (remote)

•Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.

•Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System

•Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc

•Vulnerabilities and develop remediation plans and Security Procedures.

•Performing onsite & remote security consulting including penetration testing, application testing,

•web application security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.

•The experience has enabled me to find and address security issues effectively, implement new technologies

•Capturing and analyzing network traffic at all layers of the OSI model.

•Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).

•Conducted application penetration testing of 50+ business applications

•Conducted Vulnerability Assessment of Web Applications

•Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10.

•Security(software) background looking forward for implementing, creating, managing and maintaining

•information security frameworks for large scale challenging environments.

Contact this candidate