Post Job Free
Sign in

Security Engineering

Location:
Brookline, MA
Posted:
March 29, 2020

Contact this candidate

Resume:

Aman Mankar

linkedin.com/in/amanmankar adcifz@r.postjobfree.com 857-***-**** 618 Columbus Ave Boston MA 02118 https://github.com/amanmankar

EDUCATION

Northeastern University, Boston, MA Dec. 2019

Candidate of Master of Science in Cyber Security GPA: 3.5/4 Related Courses: Computer System Security, Network Security Practices, Software Vulnerabilities and Security, System Forensics, Applied Cryptography, Decision Making: Critical Infrastructure, Cyberspace Programming Sant Gadge Baba Amravati University, Amravati, MH, India June 2016 Bachelor’s Degree in Computer Science & Engineering Related Courses: Data Communication, Computer Networks, Network Security, Web Engineering WORK EXPERIENCE

Kohlberg Kravis Roberts and Co., Cybersecurity Analyst, New York, NY Jan. 2019 - June 2019

• Monitored the ticketing system for events and incidents with the help of tools such as SIEM, E-mail security gateway and sandboxes to perform efficient incident response, event triage and reporting

• Created SIEM alerts for suspicious process creation based on windows event logs. Used SIEM to analyze different logs such as Windows Events, DNS, Firewall, MFA, AD, etc in support of event triage and threat hunting

• Created an inventory of over 500 servers using AD PowerShell, VSphere-CLI and AWS-CLI, onboarded the servers into various management systems, created scheduled scans and monitored them for critical vulnerabilities

• Managed Qualys Guard vulnerability management platform, and improved the server owner remediation program by creating broad asset groups, report templates and owner tagging

• Maintained inventory of external subnets and internet facing systems utilized for managing attack surface and vulnerability management

• Audited for unauthorized local admins on domain workstations, fixed a script that automatically removed unauthorized local admins and reduced the number of deployed admin accounts by 80%

• Audited current windows security configuration and policies against the CIS controls & benchmarks for windows 10 American Chemical Society, Security Analyst Intern, Washington, DC May 2018 - Aug. 2018

• Performed penetration testing exercises on company’s external web applications and found multiple vulnerabilities

• Facilitated the company’s SSL/TLS migration process by writing an automation script in Python which identified all the hosts running older versions of SSL/TLS

• Performed code reviews for the web application developers and provided trainings on secure development practices

• Resolved security incidents, conducted risk analysis and threat modelling to find and fill gaps in the architecture ACADEMIC PROJECTS

Web Application Vulnerabilities Sept. 2017

• Coordinated a team of 3 to research and exploit vulnerabilities in OWASP’s deliberate vulnerable web application called WebGoat using tools such as Burp Suite, Sqlmap, BeEF and explored different solutions to prevent attacks

• Exploited flawed authentication and input validation mechanism in web applications using various attacks such as Brute Force, Stored XSS, Reflected XSS, etc.

System Hardening Oct. 2017

• Enforced mandatory access control on services and applications using SELinux security mechanism

• Deployed XINETD daemon to provide access control and extensive logging on services like SSH and HTTPD

• Created new IPtable rules in CentOS and configured host-based firewall

• Implemented CHROOT Jailing to isolate SSH service from the file system with minimum privileges Security Information & Event Management (SIEM) using Splunk

• Analysed raw network and audit logs using Splunk web interface and successfully identified anomalies

• Developed dashboards, rules, alert configurations and reports using the parsed data to detect future attacks TECHNICAL KNOWLEDGE

Languages: Python, Bash, PowerShell

Operating Systems: Kali, Ubuntu, Windows, CentOS

Tools: Qualys Guard, Mimecast, KnowBe4, Splunk, Axonius, Cylance, JIRA, Falcon, Wildfire, Active Directory, Wireshark, Nmap, Nessus, Metasploit Framework, Burp Suite, SQLmap, Putty, Snort, Suricata, Netcat, Hashcat, SCAP, Nikto, OpenVAS, Github Skills: Penetration Testing, Web Application Security, Authentication and Authorization, Incident Response and Triage, Password Cracking, TCP/IP, Network Protocols (HTTPS/SSL, IPSEC, SSH, DNS, DHCP), OWASP TOP 10, SAML, JWT, OAuth

Certifications: Certified Ethical Hacker (C EH) V9 - EC Council, currently pursuing OSCP INTERESTS & ACTIVITIES

• Participated in penetration testing competition/exercises on online platforms such as Hackthebox.eu, ctflearn.com, ctf.csaw.io, vulnhub.com, etc.

• Planned and coordinated seminars & technical events on “Ethical Hacking & Data Security” as student representative of Computer Society of India (CSI) to spread awareness regarding internet threats



Contact this candidate