Post Job Free

Resume

Sign in

Application Analyst Security Architect

Location:
Canton, MI
Posted:
June 16, 2021

Contact this candidate

Resume:

Syed Atif Rizvi

adm6cm@r.postjobfree.com

313-***-****

EXECUTIVE SUMMARY

●Extensive experience in Application Security Architecture design and threat modeling with web application development background

●Experience in leading Application Security testing with Burp Suite, NetSparker, Nessus, OWASP ZAP, Metasploit and HP Fortify

●Working domain knowledge in Web technologies, Mobile applications, SharePoint, Business Intelligence, Azure Cloud, IT Infrastructure and Enterprise security

●Skills in Splunk, Risk Assessment, Security monitoring tools, Cloud Security Assessment, NIST and OWASP frameworks, SDLC and CI/CD Pipeline integration

●Excellent leadership, interpersonal, communication, analytical, problem-solving, people management and presentation skills.

●A highly organized, detail-oriented professional with excellent skills and ability to rapidly learn innovative technology, defining, directing and designing a creative approach in Cyber Security domain and project management standards.

PROFESSIONAL EXPERIENCE

Application Security Architect, Mr Cooper, Dallax, TX Aug 2020 – Present

Key Contributions and Results:

Implemented HP Fortify solution across the organization for SAST and DAST for web application, mobile, client/server and Microservices scanning and develops remediation plan to discuss with business and development team

Routinely performs application onboarding, application/Cloud security assessment, Azure DevOp integration with Fortify

Participate in secure application design meetings with developers and Architects and provide consultation for the

Secure SDLC control, Secure architecture and threat modeling analysis

Review the quarterly third party “pentest” report and develop the mitigation strategy with the development team

Published Secure Coding Standards, Cloud Application Security, Web Application, Mobile and API security standard for the development teams and to meet the Internal Audit requirements.

Verifying and implementing the gap for OAuth, SAML and Open ID Connect standard

Periodically assessed tools like MuleSoft, “noname” API security, CheckMarx, MetaSploit pro, VulnDB etc.

Developed the Splunk dashboard for application inventory and integrated it with Threat and Vulnerability management

Provide security exception for the certain unfixable/third party libraries and issues

Integrated the Security controls in the SDLC cycle by referencing the OWASP ASVS, OWASP Preventive control common control present in the Fod

Source code reviews with the developers for critical and high issues vulnerability found in the Fortify

Occasionally works with Internal Audit finding in the Archer to resolve enterprise-wide security issues

Oversee the Vendor developed application security and enforce the vendor to adhere to company application security standard and requirements

Mentor junior team member

Lead Application Security Engineer, Wayne County, Detroit, MI May 2019 - May 2020

Key Contributions and Results:

Implemented NetSparker cloud solution for dynamic application security testing.

Dynamic Analysis vulnerability analysis and penetration testing of Granicus kiosks, Qomo Android TV, JAIS web application, Pay Taxes Online Web Application, Wayne County intranet portal, Vital record web application, UASI word press web application assessment

Vulnerability analysis and pen tested Xamarin developed Android Mobile applications hosted at Google Play

Collaborated with the Application and integration teams to develop Android application security apps policy using OWASP Top 10 and implemented SAST and DAST framework for Mobile applications using MobSF framework.

Implemented Cysafe controls for Software Inventory, Web Browser Protections, Penetration Tests, Monitoring and Review of Third-Party Services and Software Whitelisting using SCCM

Performed Manual Static Analysis with Code reviews and evaluated Proof of Concept for Static Analysis tools from CheckMarx

Presented Application security vulnerability analysis reports tailored for developer and to the upper management and coordinated in remediation of vulnerabilities

Performed developers training for Secure application development

Evaluated options of Software Security testing evaluation in Azure DevOp

Completed Splunk dashboards for Software inventories by integrating SCCM and Ivanti enterprise applications using Splunk DB Connect.

Implemented IIS server logging, Web application monitoring using Splunk Apps.

Senior Application Analyst, Beaumont Health System, Troy, MI July 2014 – May 2019

Key Contributions & Results:

Planned and executed web and mobile application vulnerability and penetration compliance for OWASP Top 10 and presented vulnerabilities and risk assessment report to management and development team for remediation

Integrated Qualys scans in DevSecOp web development process

Routinely perform dynamic analysis using Burp Suite and OWASP ZAP

Extensive knowledge in .Net frameworks, classic ASP, Angular and Xamarin

Performed SQL server vulnerability assessment and hardened the security gaps

Implemented Identity management processes for SharePoint to hardened the Access security that also reduced the number of help-desk calls for IT support teams and that saved 100K in revenue per annum

Security Risk Assessment for Azure Cloud, critical enterprise applications, vendor and other IT assets

Assisted in the information security risk assessment program by identifying risks in the current security posture.

Reviewed and assessed the findings for the key vulnerabilities, developed a comprehensive Project Plan to address all reported defects, and execute a plan of remedial action to either repair the identified defects, or develop the appropriate compensating controls.

Performed Information Security Risk Management activities which include development of programs, security awareness and training

SharePoint Analyst, Masco Corporation, Ann Arbor, MI March 2014 to July 2014

Key Contributions & Results:

Assessed and planned the migration of in-house hosted applications (Web and SharePoint) to Cloud environment

Senior Application Management (Consultant), Ford Motor Company, Dearborn, MI Apr 2013 to March 2014

Key Contributions & Results:

Responsible for the vulnerability testing of the applications and their remediation

Performed Penetration testing on web applications, servers and SharePoint infrastructure

Categorized and labelled the web and SharePoint applications based on the data classification analysis

Proactively identified process improvements that reduce support cost and effort.

Developed a plan to monitor by using WebTrend Analytics tool and created a report for business regarding performance metrics for websites.

Led the deployments, key enhancements and break fix using Change Management process. Audited and refined the security and developed documentation for retention policies with Stakeholders.

Estimated work effort for own tasks as well as team members and mentoring junior offshore support analysts

Presented the application support model to the entire support staff.

Web Applications Lead, Affinia Group, Ann Arbor, MI Feb 2011 to April 2013

Key Contributions & Results:

Reviewed and fixed the cross-site scripting and SQL injection security issues for the web sites

Participated in IT Internal Audits of Web apps and coordinated with the Third-party Auditor

Manual and automated scanning of web applications against known application vulnerabilities

Demonstrated exploits on vulnerable assets to prove weakness

Technical lead in supporting 10 internet-based web sites and performed regular modification and maintenance

Lead the team of development and migration of internet-based websites to Sitefinity portal at Azure cloud hosting

Completed the project of migrating 7 business part catalog Classic ASP websites from Internet Service provider to

company internal hosting and coordinated with infrastructure and database teams to resolve technical issues

Compuware Corporation, Detroit, MI May 2007 to Jan 2011

Client: GM

Position: Development lead, Project duration: 4 months

Major Projects:

Lead the conversion of .Net based applications to SharePoint publishing web sites.

Client: HealthCare – CareTech Solution

Position: Migration Lead, Project duration: 4 months

Major Projects:

Maintenance cost saved by converting classic ASP applications to .NET for several hospital web sites.

Client: GM

Position: Web Infrastructure Consultant, Project duration: 6 months

Major Projects:

Worked in Agile environment to setup up Infrastructure consolidation with HP and Compuware for hosting servers

SharePoint servers for intranet sites

Client: Visteon

Position: Technical Lead, Project duration: 2 years and 5 months

Role:

Key Contributions & Results:

Architected, designed and developed HR Performance Tool, HR Human skill capital project and Visteon Badging request system .Net applications. Led the project in collaboration with IBM Vendor for consolidation of several Perl/CGI applications hosted on scattered web servers and consolidated to load balanced web servers in Sun Solaris environment, resulting in 500K$ per annum savings. Led the decommissioning project for non-active web applications to reclaim the hard drive space, simplified portal applications resulting in increased the performance of the server. Co-ordinated with IBM DBA team and Web Server team for database and web site migration from UK datacenter to US datacenter. Supported two internal intranet portals – my Visteon portal and hub Visteon portal.

Web Application Developer, Plastech Engineered Products, Dearborn, MI Sep 2002 to May 2007

Key Contributions & Results:

Developed several lines of business custom Classic ASP and .Net applications.

Promoted to Team Lead of Application development team

EDUCATION and CERTIFICATIONS

Master of Science (MS) in Computer Engineering, Wayne State, Detroit, MI

Security Risk assessment training

Splunk Power User Certified, Java Certified Programmer (JCP)

Attended GrrCON Conference, Digital Security Government Summits Security Conferences

PMP (PMI) Certified, AGILE SCRUM Master (EXIN) Certified, Fred Pryor – Management and Leadership training



Contact this candidate