Security Engineer
Resume:
VISHAL JALI
Mobile: 732-***-****
Email: adgom7@r.postjobfree.com
Summary:
Having 6+ years of experience in IT Industry as Security Engineer includes Experience in Vulnerability assessment and penetration testing using various tools like BurpSuite, Nessus, DirBuster, OWASP ZAP Proxy, NMap, SQLMap, Kali Linux, HP WebInspect, HP Fortify and Acunetix.
Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Decide on what to remediate and what to risk accept based on security requirements.
Worked on manual and automated Vulnerability assessments and penetration testing for Web or Mobile Applications.
Experience with Manual Security Testing & Dynamic Application Security Testing tools like BurpSuite, IBM AppScan, WhiteHat and WebInspect and Qualys Web Application Scanning.
Experience on Sub-Domains with SIEM, Thread Modeling, PCI/HIPAA auditing and Risk assessments, as well as onsite and offshore team management.
Demonstrating flexibility in prioritizing and completing tasks and working collaboratively with the client to identify and solve key constraints, vulnerability and risks.
Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
Worked on Static Application Security Testing tools like Fortify, AppScan Source edition, Veracode, Checkmarx and HCL.
Involved in implementing and validating the security principles of minimum attack surface area, least privilege, secure defaults, avoiding security by obscurity, keep security simple, fixing security issues correctly.
Very Strong Experience in exploiting the recognized vulnerabilities CSRF, XSS, SQL Injection all the test-case of a web application security testing.
Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success even when faced with high-pressure or high-risk situations.
Proven technical skills include the ability to manage project, lead by example, and thrive in an entrepreneurial environment.
Areas of Experience:
Port/Vulnerability Scanning
Nmap, Nessus, Rapid7
Network Security Testing
Symantec DLP-1 year, End-point Protection-1 year, Checkpoint-1 year, Palo Alto-1 year, Cisco, IDS/IPS-1 year, Anti-virus-1 year
Password Cracking
Hydra, Rainbow Crack, BladeLogic, Remedy, Ophcrack, John the Ripper, Pyrit
Security Tools
ZED attack proxy, SQLMAP, Wireshark, WebScarab, Paros, Nmap, Nessus, Rapid7 Nexpose, Arcsight SIEM, Varonis, Alien vault USM (SIEM)
DAST and SAST Tools
IBM AppScan Enterprise (ASE), Standard & Source editions, HP WebInspect, Burpsuite Pro, Acunetix
Operating Systems
UNIX, RedHat Linux 4/5, Windows Server2003/2008
Programming Languages
Spring Framework, Java, J2EE, Python, C/C++, C#, .NET, Perl
Professional Experience:
Client
Location
Duration
Blue Cross Blue Shield
Jacksonville, FL
Jun’18 – Present
Amex
Phoenix, AZ
Jun’16 - May’18
Linsyssoft Technologies
Pune, India
Jun’13 - Jul’15
Work Experience:
Blue Cross Blue Shield June 2018 - Present
Role:
Security Analyst
Location:
Jacksonville, FL
Responsibilities:
Performed Dynamic application Security testing and Source Code Analysis using Micro focus WebInspect enterprise and Fortify.
Triaged the findings in DAST using Burp suite pro and identified the false positives in DAST scanning.
Performed scans using BurpSuite Pro for Multi factor Authentication applications.
Assisted the developers in identifying the false positives in the source code analysis and helped them with the remediation techniques.
Performed manual penetration testing on the applications using BurpSuite Pro.
Documented the findings and helped tracking the remediation of the issues found in the scanning.
Doing multiple level of testing before production to ensure smooth deployment cycle.
Threat and Virus scanning the emails coming into organization using IronPort.
Worked on Symantec MSSP Security Incident and Event Management System (SIEM) tool to look for the Suspicious network.
Worked on Whitelisting and backlisting the Ip’s in the bluecoat proxies.
Working on bluecoat proxies.
Working on Splunk to look and investigate the excessive logons in the organization and reporting and create reports for our daily monitoring.
Working on Carbon black for black listing the file hashes and approving the non-malicious files to execute on the system by writing rules.
Took part in the disaster recovery exercise and assisted in gathering the requirements and documenting the issues faced during the exercise.
Maintained reports associated with the Inventory and Scanning systems. Partner with IT technical staff and Business Sponsor to ensure the design accomplishes both business and technical requirements.
Revised System Security Policies and Procedures as necessary to ensure effective compliance with CMS requirements and to enhance internal controls.
Skilled using BurpSuite Pro, Acunetix Automatic Scanner, NMAP, Dirbuster, QualysGuard, Nessus, SQLMap for web application penetration tests and infrastructure testing.
Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
Amex June 2016 - May 2018
Role:
System Security Engineer
Location:
Phoenix, AZ
Responsibilities:
Developed Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments.
Designed, documented and executed maintenance procedures, including system upgrades, patch management and system backups.
Specifically, security testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting, ClickJacking, and SQL Injection related attacks within the code.
Implemented file system security by applying hashing techniques for protecting data stored in files on the file servers.
Administered cryptography, certificate management and implemented dual keys to address segregation of duties issue between DBAs and security admins.
Experience in implementing Security Incident and Event Management System (SIEM) using Alien Vault.
Conducted security assessments to ensure compliance to firm’s security standards (i.e., OWASP Top 10, SANS25).
The NIST framework has been utilized for IT risk assessments.
Rolled out IBM AppScan products such as AppScan Enterprise (ASE), Standard, Source, Checkmarx, Developer plug-ins to various development teams across the business lines.
Generated executive summary reports showing the security assessments results, recommendations (CWE, CVE) and risk mitigation plans and presented them to the respective department using Nessus Security Center.
Deployed agent based scanning throughout the organization using Nessus Manager and Centralized into Nessus Security Center.
Conducted monthly developer workshops to educate and train developers on secure SDLC, scan source code using IBM AppScan Source, triage and resolve the security vulnerabilities.
Doing multiple level of testing before production to ensure smooth deployment cycle.
Performed vulnerability testing using tools such as Nessus and QualysGuard.
Skilled using BurpSuite Pro, Acunetix Automatic Scanner, NMAP, Dirbuster, QualysGuard, Nessus, SQLMap for web application penetration tests and infrastructure testing.
Linsyssoft Technologies June 2013 - July 2015
Role:
Security Engineer
Location:
Pune, India
Responsibilities:
Provided project planning, guidance and technical expertise in program, policy, process, and planning; risk management, auditing, and assessments; A&A; and quality planning and control.
Researched and analyzed known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities.
Assisted with the update and administration of all SOX audit requirements from an IT internal controls perspective.
Provided with Threat profiling of the application to the client and prepared combined reports of level of risks, their trend, and frequency to the client.
Conducted white/gray box penetration testing on the financial systems using Kali, Linus, Cobalt Strike for OWASP top 10 Vulnerabilities like XSS, SQL Injection, CSRF, Privilege Escalation and all the test-case of a web application security testing.
Threat and Virus scanning using Malwarebytes from centralized console Enforcement of policies and procedures for users, admins, and management.
Education:
Degree
College/University
Master’s in information technology (MSIT)
IGlobal University
Contact this candidate