ABIZER A Charaniya

Professional Summary

Security Engineer/Anaylst having around 7+ years of total IT experience Security Engineering experience in Web, mobile and Cloud applications.

Migrated SAML and OAuth connections from NetIQ Access Manger to Ping Federate in staging Environment.

Hands-on experience in conducting pen testing of both web, mobile and cloud applications.

Well versed with OWASP Top 10 and SANS25, having strong experience in Cryptography and have excellent communication skills.

Skills

Password Cracking:

Hydra, Rainbow Crack, 0phcrack, John the Ripper, Pyrit.

Security Tools/Frameworks:

Metasploit Pro, AppDetect, AppRador, Oracle IdentityManager, Oracle Access Manager, JHijack, OAuth 2.0, SAML2.0, SQLMAP, Wireshark, WebScarab, Paros, Nmap, BMC BladeLogic, Tenable Nessus, Rapid7 Nexpose, Tripwire, Symantec DLP, DBProtect, HP ArcSight SIEM, DBProtect, e-DMZ Password Auto Repository (PAR), Varonis. Splunk ( SIEM)

DAST, SAST, IAST Security:

IBM AppScan Enterprise, Veracode, Standard & Source editions, HP WebInspect, Fortify SCA, Checkmarx, QualysGuard, BurpSuite Pro, Acunetix, OWASP Zaproxy, Contrast Security IAST.

Network Security:

Symantec DLP, Checkpoint, Palo Alto, Netcat, Tenable Nesses Security Center, Openvas, Cisco IDS/IPS, Symantec Endpoint Protection, Anti-virus.

Cloud Security:

Amazon Web Services and MS Azure,GCP

Middleware:

TIBCO EMS, IBM WebSphere MQ, JMS

Continuous Integration (CI) and Continuous Delivery (CI/CD) Pipeline:

Jenkins, Maven, ANT, Gradle, RTC, GitHub, Aqua Container Security

Databases:

Oracle, MS SQL Server, DB2, MySQ, MongoDB.

Operating Systems:

Oracle Solaris UNIX, RedHat Linux, Kali Linux, Ubuntu

Servers:

Weblogic Server, Linux, Windows Server 2008/2012, Netscape Application Server

Languages:

Java, Python, C/C++, C#.NET, Perl, Struts2, Spring Framework, Servlets, JavaServerPages (JSPs),

Apache, Encryption, Functional, Java Beans, Netscape, Proposals, Servlet, TIBCO

API, Cryptography, GCP, JavaScript, Enterprise, Python, Servlets, Trend

Auditing, CSS, HP, JDBC, Network Security, Quality, Scripts, Troubleshoot

Automate, Clients, HTML, JMS, Networks, Ram, Scripting, UML

Automation, Client, HTTP, JNDI, Networking, RedHat Linux, SOAP, UNIX

Bridges, Customer support, IBM, LDAP, Network, Relational database, Software development, Upgrades

Business process, Databases, DB2, Linux, Operating Systems, Reporting, Solaris, Validation

C, Delivery, IBM WebSphere, Loss Prevention, Oracle, Risk management, MS SQL Server, VM

C++, Documentation, IDS, Managing, Developer, RMI, SQL, Web Applications

CD, Edge, Information security, Access, Orbix, Routers, Strategy, Web developer

Cisco, Event Management, Information Systems, C#, Perl, Routing, Struts2, Weblogic

Cloud implementation

Programming literacy in [Java, Python, .Net, c#)

Password management

Security infrastructure architecture

Penetration testing [ Burp Suite, OWASP Zed Attack Proxy, SQLmap,PUTTY).

Operational setup

CompTIA Security+

Risk mitigation strategies

Patching

Security logging

Penetration testing

Security vulnerability assessment

Security regulations compliance

Engineering Design Development

Implementing Security Measures

Developing Security Plans

Engineering Documents Comprehension

Work History

Client: Mercedes Benz (Remote from TX) 12/2021to Current

Role: Application Security Engineerv(Cloud Platform)

Completed proof-of-concept thin-client web framework for enterprise intelligence applications with web developer under extreme deadline.

Developed Application Security program (DAST, SAST, IAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments.

Designed, documented and executed maintenance procedures, including system upgrades, patch management (security patches) and system backups.

Implemented rules for securing/hardening of IDS/IPS and MPS.

Specifically, security testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting, Click Jacking, and SQL Injection related attacks within the code.

Developed threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications.

Implemented file system security by applying hashing techniques for protecting data stored in files on the file servers.

Utilize various information security solutions, and associated security event data, for the global enterprise, such as, but not limited to web security solutions (web gateway, web application firewall), endpoint security solutions (antivirus, desktop firewall, web content filtering, intrusion prevention), encryption and certificate management solutions (full disk, file/folder, PKI), data leakage protection (DLP), and other solutions used to ensure regulatory and corporate policy compliance

Designing and implementing applications integration with PingFederate/ PingAccess /Ping ID in both Non-Production and Production. Working with application's business and technical teams to gather requirement to integrate application with PingFederate/PingAccess/Ping ID for Single Sign On.

Design and Administer J2EE applications using single-sign-on tools CA SiteMinder, Ping Federate and LDAP across all the environments Migration of critical 200+ applications that are secured using CA SiteMinder to Ping Federate version 7.1/7.3 Providing support to internal and external teams for integration of applications with CA SiteMinder and Ping Federate

Integration of third-party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services, created both WS-Fed and SAML 2.0 protocol Service Providers endpoints using Ping Federate.

Participated in the development of IT risk assessments for enterprise applications.

Reviewed source code (Java/J2EE/C#/.NET/Spring/FTL/JavaScript) and identified security vulnerabilities.

Implemented DevSecOps for the entire application security scanning including, automatic scanning, application of security policies, upload the results to the enterprise portal.

Automated the build and release management process including monitoring and tracking changes between releases using Continuous Integration tool Jenkins.

Worked on Ping Federate Clustering with Engine and console servers being part of cluster by maintaining multiple clusters for the high availability, Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding. Configuring Ping Access logout and sharing the URL with Application team

Setup Jenkins as CI/CD for integrating build tools into the development life cycle.

Implemented, and automated security controls, governance processes, and compliance validation.

Partnered with Internal teams to protect client information by the delivery of security analysy, recommendations, projects and compliance methods and practice..

Troubleshooted and resolved web application issues escalated from customer support and other departments with a 100% success rate.

Deployed and configured Tanium Asset, Patch, EDR and Vulnerability Configuration modules.

Participated in the implementation of Tanium platform.

Worked on Imperva SecureSphere Web Application Firewalls (WAF), AWS Cloud Security, Symantec SOC Cloud Access Security Broker (CASB), Twistlock (Prisma Cloud) Container Security.

Strong AWS platform experience with Route53, CloudWatch, S3, ELB/ALB, Lambda, EC2 and Subnets.

HTTP Streaming, ABR Formats, VOD Content, CDN Assisted VOD Platform, Edge Caches, MID Caches, Origin, Content Routing, Traffic Ops, Traffic Monitoring, InfluxDB, Stats Server, Content Health Monitor, Delivery Services, Content Federation, Persistent Storage for partitions, Ram Cache, Apache Traffic Server, Make Doc's documentation server.

Client: Ameren St Louis 08/2019-11/2021

Sr. Application Security Engineer

Provided Technical Support to the team and worked with various information technologies like network devices, operating systems, endpoint security systems such as intrusion protection, antivirus solutions, and information security technologies.

Implemented security controlsin accordance to NIST, CIS Benchmarks, FFIEC, ISO 27001 Frameworks.

Worked with DevOps tools such as Jenkins, Maven, ANT, GITHub, Python for CI/CD integration.

Defined and deployed monitoring, metrics, and logging systems.

Implemented systems that are highly available, scalable, and self-healing on the web, mobile and cloud platforms.

Designed, managed, and maintained tools to automate operational processes.

Developed Information Assurance (IA) designs to meet specific operational needs and environmental factors.

Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud.

Configured Qualys scanner and performed both authenticated and unauthenticated scans.

Enabled continuous monitoring for the hosts using Qualys VM/VMDR.

Developed WACLS and configured to rules and conditions to detect security vulnerabilities in the AWS Cloud Front.

Implemented OAuth2.0 andSAML authorization frameworks for granting permissions by third party Identify Providers.

Experience with SaaS applications in configuring and deploying to the cloud platform Worked with DevOps teams to automate security scanning into the build process.

Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by IBM/HCLAppScan, BurpSuite, MicrofocusWebInspect, Fortify, Checkmarx and eliminated false positives.

Reviewed Android and iOS mobile source code manually and recommended code fixes.

Participated in the Proof of Concept (POC) in implementing Arxan application protection software for Mobile apps.

Performed Root Cause Analysis for the incidents reported at Security Operations Center.

Performed Security event monitoring of heterogeneous networks such as Firewalls, IDS/IPS, CiscoASA, DLP devices using Splunk SIEM.

.

Client: NIKAYA INFRASTRUCTURES, PUNE, MAHARASHTRA,INDIA 06/2017 to 07/2019

Gather the user requirements and develop application modules using java and weblogic portal.

Functional and unit testing of the developed code to provide quality product to end users.

Follow the SDLC rules and regulations to develop the product/modules documenting the key functionality.

Code review, Code merging and deployment Managemen.

Developed complete front & back end using JSPs & Servlets, Java Beans.

Designed and developed effective internal Web applications, relational database and stored procedures to analyze and monitor all activities related to Web-based sales.

Developed application presentation layer, which is based on Spring MVC framework involving JSP, Servlets and HTML, CSS.

Involved in implementing SOAP as well as RESTful web services using WSDL, SOAP, JAX-WS, JAX- RS, SOAP UI and JERSEY.

Education

Bachelor in Business Administration from MIT (MAHARASHTRA) INDIA -2016-2018

Master of Science in Technology Management from Lindsey Wilson University –Kentchey USA -2019-

Certifications & Trainings

Certified Ethical Hacker v10

Penetration Testing with Kali Linux by Offensive Security.

AWS Certified Solution Architect-Associate

Contact this candidate