Security Analyst Assessment
Resume:
NIKKI SOLANKI
Security Analyst *****.******@*****.***
Jersey City, NJ 07306 917-***-****
PROFESSIONAL SUMMARY
Hands on 3+ years of relevant work experience in Cyber security arena as a Security Analyst
Skilled in identifying the requirements for information security and knowledge on industry best practices like NIST 800-53, GDPR, ISO 27001
Strong experience on assessing and mitigating OWASP 10 critical risks
Experience on Vulnerability Assessment and Penetration Testing using various tools like Burp Suite, OWASP ZAP Proxy, Rapid7 Metasploit Framework, Nexpose and WebInspect
Solid experience of Web-application Security - Web application vulnerability assessments, Penetration testing. Have good expertise in Black box testing
Expert in Reverse Engineering mobile apps for security assessment
Capable of conducting Compliance Scans on mobile applications using OWASP MSTG/MASVS methodology
Knowledgeable in identifying security gaps in mobile applications and associated web services
Expertise in creating Dashboards, Reports, Queries, Asset Groups, Alerts, using Common Vulnerability scoring system (CVSS)
Contributed to developed content for secure development best practices
Experienced in identifying security vulnerabilities, potential threats and constantly building processes and design systems to monitor and defend against them
Good understanding of Patch management, System Hardening, Business continuity planning
(BCP) & Disaster recovery (DR) operations
Capacity to bring complex technical security concepts to technical and non-technical audiences including executives
Highly self-motivated & quick learner with strong interpersonal, excellent communication skills
An enthusiastic team player who embodies a strong work ethic and a leader who utilizes complex problem-solving skills
Critical thinking, troubleshooting, customer service and excel in mission-critical environments which requires advanced decision-making
WORK EXPERIENCE
Application Penetration Tester, Specialist May 2022 – Oct 2022 KPMG US Spectrum, Montvale, NJ
Tools: Burp Suite pro, Invicti, Postman, SOAP UI, SSLyze, Owasp ZAP Client: Bank of America
Primary responsibility was to perform Automated Ethical Hacking on client’s web applications, internal application and API services utilizing multiple tools
Routine involvement with various team during engagements pre-interaction to clarify the scoping information and verifying access controls
Executing penetration tests using OWASP methodology focusing on web apps and micro services
Incorporated different security auditing approaches like Black box/ White Box to surface hidden vulnerabilities from business logic
Conducted manual vulnerability validation to assess its risk, and calculation the severity using CVSS score along with internal policies to align risk and their priorities
Proactively learning new skills, techniques and testing methods to strategies new attack methods
Using Burp Suite, to validate server-side manipulation, capturing data transmission and identify any potential PII leakage
Lead client’s engagements from pre-interaction to successful deliverables with customer service attitude in mind
Prepared detailed reports including mitigation recommendations for technical and non- technical audiences
Lead post-engagement presentations with multiple stakeholders to walk through complete assessment reports and pin-point areas of interest from high to low urgency
Provided ad-hoc assessment support along with ongoing engagements to accommodate client’s security need
Regular involvement in skills development and knowledge transfer from colleagues Vulnerability Assessment Analyst Mar 2019 - Sept 2021 Ana-Data Consulting, Jersey City, NJ
Tools: Fortify WebInspect, Nessus, Nmap, Burp Suite, DirBusters, Maltego, Metasploit Framework, WebScarab, SQLMap, OpenVAS, Hydra, Wireshark and Nikto
As a part of the team that performs Vulnerability Assessments and Penetration Testing which was responsible for keeping check of current hacking-strategies and latest vulnerabilities to make sure no such weaknesses are present inside the organization’s technical infrastructure
Carried out web application and infrastructure vulnerability assessment, as well as Social Engineering tests
Provided precise reviews on the outcome of network & application penetration tests including mitigation and remediation activities
Identified vulnerabilities of applications by using proxies like Burp Suite to validate the server- side validations
Creating vulnerability reports using the automated reports from tools on exposed vulnerabilities by removing false positives. Used standardized method for scoring IT weaknesses and regulating the urgency of response (CVSSv2.0 Calculator).
Analyzing the critical, high, medium, low vulnerabilities in the packages primarily based on OWASP Top 10 & SANS 25 prioritizing them based on the necessity
Performed periodic penetration tests to exploit vulnerabilities in existing technologies, and supplied timely report to the management on the risk exposure and options for remediation
Responsible for defining the scope of pen-testing procedures by attaining pre-engagement interactions and setting up rules of engagement agreement with the client
Experience in detecting - SQL injection, XML injection, methods to obtain command prompts on the servers, PDF exploits, CSRF, perform distinctive payloads to attack the device using XSS
Worked with the team that implements and validates IAM controls on like logging and monitoring user access, Authentication, profile modification, log retention etc.
Working with risk group to ensure security risks are properly aligned with business protection requirements
Involved in training the development team on the most common vulnerabilities and common code review issues and explaining the remediation
EDUCATION
Associates in Computer Science August 2018
Major in Information Technology & Computer Programming ASA College - New York, NY
Bachelor of Information Technologies August 2015
Undergraduate in Information Technology
Bundelkhand University, UP, IN
SKILLS
Tools
Rapid7 Metasploit Pro, Qualys, Nexpose, OpenVAS, Tenable Nessus, BurpSuite, SQLMap, OWASP ZAP Proxy, Fortify WebInspect, Veracode, Armitage, Nmap, Nikto, Hydra, DIRBuster, Maltego, WebScarab
Platforms Windows 98-10, Windows Server 2000/2003/2008, Kali Linux, MacOS Virtual Machines VMware Workstation, VM Virtual box SIEM Rapid7, Splunk
Network Tools Nmap, Wireshark
Reporting Tool JIRA
Programming languages SQL, HTML, JavaScript
Contact this candidate