Java/Cybersecurity Lead
Name: Yoga Sanjeev
Contact: 475-***-****
Email id: ***********@*****.***
Professional Summary:
IT professional with around 9 years of experience in all phases of Software Development Life Cycle (SDLC) process in various web Applications using JAVA/J2EE technologies, Oracle Middleware products with Identity and Access Management (IAM) and Security Products.
More than 5 years of experience in financial industry, specialized in Web Application Security, Security Architecture & Design, Penetration Testing, Application security controls and validation, Risk assessments and Regulatory Compliance.
Developed Application Security program (DAST and SAST) at the enterprise level to identify and Remediate Security Vulnerabilities.
Hands on experience in developing Threat Models, Security Controls, Threat Analysis and Risk Mitigation strategies.
Led Application Security Analysis for one of the clients using HP Fortify, CheckMarx, CAST, SonarQube, InsightAppSec.
Performed security design and architecture reviews for web and mobile applications.
Working knowledge of OWASP Top 10 Software guidelines 2020 and 2021 on various Web applications.
Worked extensively with software development teams to review the source code, analyze the security vulnerabilities generated by HP Fortify, CheckMarx. Burp Suite and eliminated False positives.
Experience on fixing security vulnerabilities by running the Applications code on different security tools like Foss Scan, Black Duck, SAST, CheckMarx, CAST, InsightAppSec, SonarQube security tools.
Experience on onboarding applications on InsightAppSec by crawling application URL.
Worked on scanning applications on Rapid7 InisghtAppSec by Selenium, Multi-factor Authentication and Macro Authentication approaches.
Experience on Penetration Testing using Kali Linux, Metasploit, Nessus, Nmap for web applications and performed Black/White/Gray Testing.
Experience on setting up Bamboo plans and CICD Pipelines for security scans Automation.
Developed Threat Modelling framework (STRIDE and DREAD) for critical applications.
Experience in using STS for developing, debugging, integrating, and deploying the application.
Specialization in Oracle Identity, Access Manager(11gR2,11gR1,10g) and Java/J2ee development.
Hands on OAM configuration & development, Authentication and Authorization policies, Authentication providers functionalities.
Worked with Relational Database Management Systems including Oracle, SQL Server and PL/SQL and have worked extensively on JDBC to connect to and access various remote database including Oracle, MySQL, SQL Server.
Extensive experience in working with various databases like Oracle 11g/12c, SQL Server and MySQL.
Worked on Java upgrades and WebLogic upgrades from JA11 to JA12 and OSJ7 to OSJ10.
Experience with Core Java with Multithreading, Concurrency, Exception Handling, File handling, IO, Generics, Data structures and Collections, Garbage Collection.
Expertise in configuring the Spring Application Context with dependency injection and using Spring Framework that can integrate Hibernate and Web Services.
Expertise in writing Soap based web services using AXIS/Rest API.
Extensive experience on Micro Services, Cloud-Native Applications, Spring Transaction Management.
Knowledge in implementing a REST API/Microservice using Spring Boot.
Hands on experience with production support tool such as Jira as bug tracking tool
Experience in On-boarding and integrating additional business applications into OIM for centralized management and OAM for single sign-on (SSO), authorization and audit functions.
Worked on development of OAM customizations related to login pages, error pages and page flow, authentication, and authorization plugins, setting up OAM policies, installing components.
Quick learner with strong problem-solving skills, good verbal, and analytical skills
Technical Skills:
Operating Systems
Windows, Linux/UNIX,
Programming/Script Languages
Java, J2EE, C++, UNIX Shell Script
Java/J2EE Technologies
Core Java, JDBC, Servlets, JSP, Hibernate, EJB
Framework
Spring MVC, JMS, Spring Boot, Micro Services
Databases
Oracle, MySQL, DB2, MongoDB, Sybase
Web Servers
Oracle WebLogic 9/10/11/12, IBM WebSphere 7.x/6.x, Tomcat 6.x, Apache.
DAST and SAST Security Tools
Foss Scan, Black Duck, SAST, CheckMarx, CAST, InsightAppSec, SonarQube, HP Fortify, Burp Suite. Pen Testing (Kali Linux, Metasploit, Nessus, Nmap).
Security Products
Oracle Identity/Access Manager 11g R2,11gR1, 10g, PING FEDERATE, OAUTH
Functional Expertise
Identity and Access Management, Single Sign On, Authentication and Authorization, OUD, SUN LDAP
Cloud Technologies
Kubernetes, Amazon Web Services (AWS), AWS SDK, AWS DynamoDB, AWS Lambda, Pivotal Cloud Foundry, Pivotal Web Services, PCF Client API.
Web Development
JavaScript, HTML, DHTML, XHTML, CSS, XML, XSLT, XSD, AJAX, GWT.
Build/Testing tools
ANT, JUnit, Maven
Web Services
SOAP, REST, WSDL
Others/Tools
Git, GitHub, Jenkins, Bamboo, JIRA, ServiceNow.
PROFESSIONAL EXPERIENCE:
Northern Trust July 2021 to Till Date
Role: Cybersecurity Consultant
Responsibilities:
Led Security Architecture for Java and .net Upgrade projects and scanned the code on New and Legacy versions.
Worked on setting up Bamboo plans and CICD Pipelines for Java upgrade to scan the code on respective security vendor tools like CheckMarx, CAST, InsightAppSec and SonarQube.
Worked on setting up InsightAppSec and onboarding applications on to it.
Implemented InsightAppSec for to Crawl URLs by using Macro Authentication and Multifactor Authentication.
Worked on Attack Templates and Engine Groups for InsightAppSec Scanning.
Worked with DevOps teams to automate security scanning into the build process.
Worked on comparing the security vulnerabilities with old and new code after the upgrade.
Worked on fixing the security vulnerabilities that are on High and Medium risk.
Worked on CICD pipelines for to build and run CheckMarx, CAST scans from pipelines.
Reported security findings, recommendations and presented to the business users, Application Teams.
Implemented Secure Software Development Life Cycle (S-SDLC) Process.
Automated the pipelines for to scan the code as per application team recommendation.
Worked on fixing the security vulnerabilities by running the Applications code on different security tools like CheckMarx, CAST, InsightAppSec, SonarQube tools.
Worked on REST based services API design, plan, and development.
Designing, preparing technical specifications, and developing web services.
Migrated legacy enrollment system to J2EE and Spring, Hibernate frameworks.
Worked on migrating Java applications from JA11 to JA12 as a part of upgrade.
Worked on migrating Java applications from OSJ7 to OSJ10 as a part of upgrade.
Build Spring Boot microservices for the delivery of software products across the enterprise.
Created client library that provided load balanced and fault tolerant consumption of Spring Boot microservices from monolithic application.
Created POC of Authentication and Authorization with Oauth2 Spring Boot microservice. Utilized JWT as tokenization scheme for Oauth2.
Configured and maintained codebase to support the build and deployment of code on servers.
Freddie Mac May 2020 to June 2021
Role: Application Security Lead
Responsibilities:
Performed SAST and DAST security scans on mobile and web applications.
Worked on designing security Architecture and development of security software’s like Checkmarx, Blackduck, HP Fortify.
Worked on setting up DevSecOps pipelines for to integrate with security Tools.
Performed Penetration Testing for external facing web applications, Security areas covering Threat Modelling, Secure coding practices (OWASP standards) and vulnerability analysis were assessed.
Worked on Kali Linux, Nessus, MetaSploit, Nmap as a part of penetration testing.
Performed Static Analysis and Dynamic Analysis (SAST and DAST) for various applications as per OWASP Security standards.
Worked on performing vulnerability assessment and penetration testing using Kali Linux and Nessus.
Involved in SDLC to ensure security controls are in place.
Developed and Implemented Threat Modelling framework (STRIDE and DREAD) for critical applications.
Performed scoping engagements, vulnerability assessments, web application penetration testing and Network penetration testing to test security control and policies.
Worked on opensource scanning and testing for Legacy and New Upgraded code.
Experience on DAST, Threat modelling and security scans.
Implemented and designed security standards like NIST and ISO as a part of cybersecurity governance.
Developed patterns for creating HTTP compliant and conventional REST APIs.
Worked as Administration, maintenance, support and scaling of Application Servers WebLogic, WebSphere, and Apache.
Worked on building and maintaining, three Batch Frameworks utilizing Autosys, and Unix Korn Shell Scripts.
Web designing & development using HTML5, CSS3, JavaScript, React Js and Ajax.
Worked on upgrading the environment from WebLogic 8.1/9.2 to 10.0MP2 and 10.3.
Involved in Enhancement of existing application utilizing AngularJS, created HTML navigation menu.
Worked in Design, build and configure WebLogic servers in Linux, Solaris environment.
Configuring clustering, security, and JMS resources, troubleshooting and performance tuning of Production servers.
BEA WebLogic 9.x/10.x, with expertise in Installation, Configuration, Tuning, and Deploying applications on Unix/Linux, Solaris.
Northern Trust Aug 2017 to May 2020
Role: OAM Security Consultant
Responsibilities:
Developing and integrated a logging framework in one of our applications, which helped team members to Identify issues. Team environment utilized an agile SCRUM methodology - daily stand-ups, planning.
Configured OAM authentication policies and Authorization policies and worked and on Meta Data export and import.
Provided Custom Last Password management.
Upgraded Oracle Access Management stack from 10g to 11g.
Used various Core Java concepts such as Exception Handling, Collection APIs and Executer Service Framework to implement various features and enhancements.
Used Spring extensively to achieve dependency injection to wire the object of business class.
Implement OAuth tokenisation for RESTful webservices using Spring boot.
Involved in creating and Deployment of REST API and Microservices in Java J2EE using Spring Boot.
Implementation of authentication for Restful web services using Spring Boot Security Starter.
Worked on development of OAM customizations related to login pages, error pages and page flow, authentication and authorization plugins, setting up OAM policies, installing components
Integrated new applications for Single Sign On integration by working with Application teams, Business Analysts and Architecture teams
Responsible for the development and maintenance of the web Application using Spring MVC, Spring boot, Spring Data/JPA, Hibernate and JAVA 8.
Performed installing, configuring, administering and performance tuning clustered SOA environments.
Worked on migration from WebLogic 8.x to WebLogic 10.x.
Working closely with product owners in a very successful dynamic and collaborative environment.
Using Spring LDAP to manage and store user data.
Using custom Docker Trusted Registry for storing image repositories for containers.
Worked on developing rest services for APIs.
Elsevier Inc., Dayton, OH Jan 2017 to July 2017
Role: Java/J2EE Developer
Responsibilities:
Involved in various phases of Software Development Life Cycle (SDLC).
Used Spring Web MVC framework for applying MVC Implementation to the application.
Used Spring’s JDBC and DAO layers to offer abstraction for the business logic from database related code (CRUD).
Worked in developing Spring related backend services.
Used JAXB (Marshalling and Unmarshalling) to bind XML schemas and Java representations.
Responsible for working within team and with external teams to develop solutions, prioritize needs and resolve issues.
Responsible for providing feedback and constructive criticism, and to propose changes to assigned tasks (if necessary) to ensure a quality product.
Review problems uncovered by testing or customer feedback and design and implement solution to those problems.
Development or validation of test routines to ensure that test cases mimic external interfaces.
Designed Use Case Diagrams, Class Diagrams and Sequence Diagrams and Object Diagrams to model the detail design of the application using UML Rational Rose.
Worked on using WebSphere server built in JMS provider for communicating with legacy applications
Configured and build Asynchronous communication with JMS services with MQ services.
Worked on Log4J to validate functionalities and JUnit for unit testing.
Developed UNIX shell scripts for performing administrative tasks.
Client: Americloud Solutions, INDIA June 2013 to July 2015
Role: Java Developer
Responsibilities:
Created a plan template in the control panel to populate attributes like plan name, description, trial period, amount, currency, billing cycle when in new subscription is created.
Used Luhn Algorithm user to enter a credit card number as a long integer and Display whether that card is valid or invalid.
Created one touch pay for using Java Script SDK.
Developed Oracle PL/SQL Stored Procedures and Queries for Payment release process and authorization process.
Performed extensive test-driven development using JUnit for unit testing.
Utilized JSP Standard Tag Libraries in the design and development of Views.
Created complex Stored Procedures using Oracle PL/SQL.
Developed a Standalone Application using Spring Boot, Spring Batch, Spring JDBC and SOAP Web services.
Developed Stored Procedures for retrieving data from several databases.
Used SPRING framework that handles application logic and makes calls to business objects and services mainly SOAP Web services.
Developed MAVEN scripts to build and deploy the application.
Educational Details
Bachelors in engineering from JNTUA, India. (2009 - 2013)
Master`s Degree in Computer Science, USA. (AUG -2015 to DEC 2016).