Praveen Gummadi

No.***, Jaya Nilaya, *st Main *th Cross, Ramaiah Reddy Layout, Doddanakundi, Bangalore 560037

Contact: +91-996*******; E-mail: adjx4n@r.postjobfree.com; Date of Birth: 22 April 1991

Objective

Seeking a challenging and rewarding opportunity with an organization of repute, which recognizes and utilizes my true potential while nurturing my analytical and technical skills.

Profile

Application Security:

Web Application Security Testing (Web-App PT):

Proficient and thorough knowledge of Web Application Security Testing that covers OWASP Top 10 standards.

Understanding the functional specification using the functional document provided by the client, test planning, identifying threats and creating proof of concepts with detail report.

Analysing of application for missing best practices by manual and automated tool scanning.

Exploitation of vulnerabilities and complex attacks with detail demonstration steps and providing mitigating controls.

Research on latest market threats and new attack vectors.

Presentation and analysis of all reported vulnerabilities. Discussing it with development team, Peer report review, process updates and performing quality checks.

Web-App Pentesting Tools Expertise:

Manual Proxy interception: Burp suite free/professional, Charles Web scarab, Owasp ZAP etc.

Automated testing: Burp scanner, Veracode[SAST and DAST](Expert), Acunetix, Qualys Guard WAS etc.

3rd Party App Approvals over the globe for SmartScripts(iframes) developed over a web application.

Network Security:

Vulnerability Assessment and Penetration Testing (NetworkPT):

Performing sophisticated penetration examinations for ascertaining the technical weaknesses existing the operating systems and servers.

Understanding for server deployment environment like iDMZ, Segmentation, UAT, Production environment.

Exploitation of vulnerabilities with client permission and without affecting client reputation and service disruption.

Produce Post Remediation Assessment reports for different teams.

Stay up to date with security websites like exploit-db, The HackerNews, Alien-Vault, Twitter(Hacker news) etc.

VAPT Testing Tools Expertise:

Finger printing, Information gathering and port scanning: Qualys Guard EnterpriseVersion, Nmap, Zenmap, NSE etc.

Manual testing and exploitation: Kali Linux, Metasploit framework.

Network analysis by web traffic scanning with Wireshark.

Automated testing with Qualys Guard EnterpriseVersion Nessus Security Centre, Teenable.io and professional feed, Nikto, Netcat etc.

Mobile Apps Security (Android & iOS ):

Proficient and thorough knowledge of Mobile Apps Security Testing that covers OWASP Top 10 standards.

Understanding the functional specification using the functional document provided by the client, test planning, identifying threats and creating proof of concepts with detail report.

Analysing of application for missing best practices by manual and automated tool scanning.

Exploitation of vulnerabilities and complex attacks with detail demonstration steps and providing mitigating controls.

Research on latest market threats and new attack vectors.

Presentation and analysis of all reported vulnerabilities. Discussing it with development team, Peer report review, process updates and performing quality checks.

Mobile-App Testing Tools Expertise:

MobSF framework, Magsik Manger, Dex2jar, JD-JUI, Burpsuite Pro, Xposed Framework https, SSL Kill Switch.

PCI Vulnerability Scan Report Submission:

Vulnerability scan submission for PCI Compliance using Qualys Guard Merchant and submitting the reports to bank payment gateways using Trustwave and accomplishing the compliant status.

Manual scan report to PCI auditors.

GDPR:

GDPR SME for all the applications following under our division (TCH) in Amadeus.

Wireless Penetration Testing:

Had a good knowledge on performing Wireless penetration testing but have not had a chance of performing/performed till date.

Thick Client Penetration Testing:

Worked on a thick client application i.e., on Java know the basic level on source code review manually and automated tools using Veracode (SAST).

IoT Testing:

Did IoT Penetration testing in Paris (Versailles), on the IoT device, Web UI and network related Issues.

Organizational Work Experience:

Eka Software Solutions Pvt Ltd(R&D) (Dec 2019 to till date):

Sr. Security Engineer (Individual Contributor Product Security):

1.Cloud Security for our AWS SaaS application platform.

2.Web Application Penetration Testing.

3.Network Penetration Testing.

4.Auditing and compliance on PCI-DSS

5.Security awareness session to developers, coordinatively working with developers on Secure SDLC (Threat modelling and design flow and secure code review).

6.Mobile Penetration testing (Android)

Amadeus Software Labs R&D (Aug 2018 to Dec 2019):

Sr. Security Engineer (Individual Contributor Whitehat):

1.Security awareness session to developers, coordinatively working with developers on Secure SDLC (Threat modelling and design flow and secure code review).

2.Individual contributor for (TCH) division (Includes Bangalore, Dubai, Greater China and Bangkok) regions.

3.Point of SME for GDPR.

4.Auditing and compliance on PCI-DSS

5.Penetration tester (whenever required with respect to Audit).

6.Third Party customizations approver for the globe.

Sigma-Aldrich Chemicals Pvt ltd (A business of Merck)( May 2017 to Aug 2018):

Security Analyst (Compliance and Governance):

1.Penetration tester, compliance and governance team.

2.Worked extensively with penetration testing on web Applications and Network

3.Vulnerability management and assessment

4.HIPPA Compliance and governance risk caretaker.

5.PCI-DSS submission to payment gateways and successfully receiving certification to our internal /inhouse applications.

6.Infrastructure scanning and explanation/mitigation of vulnerabilities to different teams.

7.Security awareness session to developers, coordinatively working with developers on Secure SDLC (Threat modelling and design flow and secure code review).

Trisan Info Pvt ltd (Feb 2013 to May 2017)

Information Security Analyst:

1.Penetration tester for various clients on Web applications.

2.Penetration tester for various clients on Network and infrastructure.

3.Qualys SME

4.Veracode SME

5.Nessus SME

6.VM

In depth knowledge of threat, modelling and other risk identification techniques. Ability to work independently and in a team, taking ownership of performing end to end security threat assessment and providing recommendations for rectification, for Web applications.

Protect the confidentiality, integrity and availability of information assets and work closely with internal security teams to complete necessary assessments or any other dependencies.

Certifications and Trainings

Nullcon X 2019 “Pen testing on Modern application stack hacking” training and certification.

Technical Skills

Key Skills

Operating Systems:

Web Application penetration Testing, Network & System Security, Vulnerability Assessments, Internal/External Penetration Testing, Risk Assessment, PCI-DSS, GDPR, Secure SDLC.

Kali Linux, Windows XP/Vista/7/8, Windows server 2008.

Technical Language:

PHP, Html, XML, Angular JS

Others:

MS/Libre Office (Word, Excel, PowerPoint)

Work Experience

Organization: EKA Software solutions Pvt.ltd R&D.

Job Position: Senior Security Engineer

Job Position: Dec 2019 to till date.

Organization: Amadeus Software R&D labs

Job Position: Senior Security Engineer

Job Position: Aug 2018 to Dec 2019.

Organization: Sigma Aldrich (A business of Merckgroup KGaA, Darmstadt, Germany.)

Job Position: Security Analyst

Job Position: May 2017 to Aug 2018.

Organization: Trisan Info Pvt Ltd, Hyderabad

Job Position: Information Security Analyst

Job Tenure: February 2013 to May 2017

EDUCATIONAL CREDENTIALS

B.Tech, Computer Science & Engineering Year 2008-12

Gudlavalleru College of Engineering, Gudlavalleru, Andhra Pradesh.

Intermediate (+2) pass out in Year 2008:

Narayan Jr College, Vijayawada, Andhra Pradesh.

SSC pass out in Year 2006:

Assisi High School, Pamarru, Krishna District, Andhra Pradesh.

volunteering

ISR information security awareness campaign volunteer.

Volunteer in Blue Cross Society.

Languages Known : Telugu, English and Hindi

Contact this candidate