Post Job Free
Sign in

Security Engineer

Location:
Naperville, IL
Posted:
March 15, 2021

Contact this candidate

Resume:

Sravani Pamulapati

Fairfax, VA, ***** ***************@*****.*** 703-***-****

KEY CAPABILITIES AND SKILLS:

6+ years of experience in IT industry. Specialized in information technology assurance, web application security, application security controls and validation, regulatory compliance and Secure Software Development Life Cycle (Secure SDLC).

Experience in Developing and Implementing of Information Security Policies and Guidelines as per OWASP (Open Web Application Security Projects), SANS Secure Coding guidelines.

Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, HP Web Inspect and IBM App Scan, checkmark, HP fortify.

Having experience in identifying SQL Injection, Script Injection, XSS, Phishing and CSRF attacks.

Involved in Secure Software Development Life Cycle (secure SDLC) process.

Hands-on with DAST, SAST and manual ethical hacking.

Create detailed assessment reports with remediation, recommendations, and present findings to clients and re-testing the security issues.

Vulnerability Assessment includes analysis of bugs in various applications by using both manual and Automation tools.

Worked on Risk Control Assessment process based on HITRUST for 40+ applications.

Excellent oral and written communications, interpersonal, negotiation, judgment, decision-making, analysis and problem-solving skills.

EDUCATION:

Doctorate of Science in Information Technology, University of the Cumberlands Currently Pursuing

Master of Science in Computers and Information systems security, University of the Cumberlands April 2019

Master of Science in Computer Science, Virginia International University May 2016

Bachelor of Technology in Computers, JNTUK May 2010

WORK EXPERIENCE:

Employer: Delta Dental of NJ Inc.., - Application Security Engineer May 2018 – November 2020

Conducted Vulnerability Assessment of Web Applications.

Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools.

Manage all repeated threats to all systems and perform vulnerability tests.

Evaluate all system and recommend all application patches and suggest appropriate security products and perform regular audit on systems and ensure compliance to all standards and policies.

Consult with other IT teams as required on security designs of applications, questions about vulnerabilities, and remediation approaches.

Assist with the creation of training materials to educate developers and other stakeholders about key security concepts.

Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.

Working closely with developers during the SDLC process.

Recommend Best in industry standards for securing the Application.

Final Report is submitted to the application owner and organization about the gaps of the application.

Lead the Application Risk Assessment program and conduct risk assessments for internal and cloud applications.

Worked on Risk Control Assessment process which includes data risk profile and identifying the criticality as High, Medium and Low applications.

Analyzes the gap of the application-based Data Risk Profile.

Based on HITRUST security controls are divided for High, Medium, Low applications.

Actively working on Third Party Risk Management Program.

Environments: Rapid 7 App Spider Pro, Fortify Source code Analyzer, Prevalent(3GRC), OWASP Top 10, SANS 25

Employer: Delviom LLC. - Application Security Engineer November 2016 – March 2018

Conducted Vulnerability Assessment of Web Applications.

Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment.

Security assessment of online mobile applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.

Assess all risk and evaluate all impact for technology changes in processes and maintain knowledge of all security systems and deploy all required infrastructure.

Manage all repeated threats to all systems and perform vulnerability tests.

Evaluate all system and recommend all application patches and suggest appropriate security products and perform regular audit on systems and ensure compliance to all standards and policies.

Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.

Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.

Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.

Worked on risk assessment process which includes data risk profile and identifying the criticality as High, Medium and Low applications.

Analyzes the gap of the application-based Data Risk Profile.

Based on HITRUST security controls are divided for High, Medium, Low applications.

Working closely with developers during the SDLC process.

Recommend Best in industry standards for securing the Application.

Final Report is submitted to the application owner and organization about the gaps of the application.

Environments: Checkmarx, IBM AppScan, Veracode, OWASP Top 10, SANS 25

Employer: Design Studio, India. - Web Application Developer Mar 2011 – June 2014

Involved in System Analysis, requirement gathering, specification/documenting, designing, coding, testing, debugging, application evaluation and implementation

Analysis of Business Requirement Specification to understand the work flow

Prepared technical artifacts including UML class diagram, sequences diagrams using Microsoft Visio.

Designed UI in ASP.NET MVC, JQUERY.

Used LINQ for data sorting, paging and searching in data tables and .Net Generic list.

Developed UI components using ASP.NET and C#.

Interacted with external clients for and requirements gathering.

Involved in Analysis and Design of all the modules within the application.

Created ASP.NET Web forms and server controls to display dynamic data obtained through the use of Microsoft ADO.NET and Data binding.

Used CSS and Themes to maintain design consistency across all web forms.

Used JavaScript for Client side validation.

Heavily used .NET Web Controls, Validation Controls and User Controls.

Performed Unit Testing on the entire application.

Environments: C, C++, ASP.NET, HTML, JQuery, CSS, Windows, Linux.



Contact this candidate