Quality Assurance Automation Test
Resume:
Sharda S. Khati
adya0a@r.postjobfree.com / 703-***-**** / LinkedIn: https://www.linkedin.com/in/shardakhati / Arlington, Virginia
US Citizen
Certification: Security + SE certified
Education: Bachelor Degree in Applied Science & Technology
Security Clearance: Public Trust and WCCIS clearance – in past
BRIEF SUMMARY:
IT professional since from 2006 with experience on different systems with different domains under the project of Federal Government and private companies.
SDLC and STLC knowledge based on Agile and Waterfalls methodology including DevOps cloud based systems, under JAVA and .NET platforms for Windows operating system and few on Ubuntu desktop (Linux).
Manual testing: functional & non-functional testing which includes: system, integration, smoke, patch bundle, backend (batch processing to generate reports & statements), regression, user acceptance, performance, security, section 508 compliance. Tested different web applications as well as client server applications.
Analysis of different documents such as Requirement, detail design and technical in regards to create test plan, test scenarios and test cases. Also developed reports and traceability metrics by mapping requirement, business rules, test scenarios and test cases.
Multi-Factor authentication (MFA) verification and validation.
Automation testing: Web UI applications using different tools like Selenium WebDriver, Selenium IDE, Selenium Grid, Maven, TestNG, Junit, JavaScript, Eclipse, Firebug. Also familiar with other automation tools like IBM Rational Functional Tester and HP UFT. Knowledge on OOPs concept, POM file, data-driven and behavior-driven frameworks, environment variable setting for user & system for maven file, creating class & utility files etc.
Agile framework using Scrum approach as well as Kanban in SDLC: experience on different ceremonies and artifacts such as sprint planning, grooming meeting (breaking down of features into stories and estimated tasks into story points to measure the velocity of works), sprint planning (work on selected stories for the particular sprint timeframe of 2 to 3 weeks, daily standup meeting, slush meeting (discuses about the bugs tickets before deployment in production), retrospective meeting (finding improvements based on that particular sprint), epics, product backlogs, sprint backlogs, burndown chats etc.
JIRA Confluence; HP ALM, Quality Center; IBM Rational tools, Google Cloud documentation, Slack
Well experience on identity and access management (IAM), multifactor authentication (MFA) for ID proofing as well as certification and accreditation to access the systems or applications or servers for authentication and authorization process in regards of access control.
SQL queries to retrieve test data from multiple tables from different database such as Oracle, DB2, and MySQL.
Web service API testing using SoapUI tool, knowledge on different HTTP methods for both HTTP Request and HTTP Response when performing data validation; HTTP GET, HTTP POST, HTTP DELETE etc. Actively testing involve with REST API endpoint testing in Linux workstation for web service testing.
Hands-on knowledge on Amazon Web Service, commit and push the automation test scripts in GitHub, setup and checking the continuous integration of new code in Jenkins for the regression test.
Knowledge on OSI and TCP/IP model --- the security layers.
EMPLOYMENT HISTORY:
QA Tester – Washington, DC September 2021 – March 2023
Sub-Contractor – Dept. of Labor – through GSSI Solutions Inc.
Working on DOL-ECOMP project of Department of Labor which is Federal employees’ compensation program of Office of Workers’ Compensation Programs (OWCP), when the employees get sick or injured at the workplace.
Testing different features of ECOMP and DMP systems such as creating different users such as Admin, Agency Reviewer, OSHA Record Keeper, CRUD functionalities of each users, MFA functionalities when user attempt to access to the system, User management, Case Management, verification of different Email notifications etc.
Testing for Multifactor authentication (MFA) to access the system through refactor identity verification route
API testing for CRUD functionality using POSTMAN
Developed Test Cases in Xray Test Repository under JIRA Confluence as well as documentation
Sometime use Crystal Report tool to generate the reports
Few accessibility testing for 508 Compliance using JAW tool
Software Test Engineer – Silver Spring, MD June. 2020 – March 2021
Contractor – Dept. of Commerce – through ERT Inc.
Worked on project of National Weather Service (NWS) of NOAA which is a part of Department of Commerce related to weather
REST API endpoint testing of different parameters of weather components from different aspect and authentication is the security testing aspects
Different HTTP methods were used such as POST, DELETE, GET, PATCH, PUT for API endpoints to execute CRUD functionalities by sending request from client application to the server and received HTTP repose code. One of the testing was for status code 401 which is for unauthorized access to the system or application; a part of OES tool of IAM policy test when accessing the system, application and the server too.
Worked on to create tickets on ServiceNow system as well as testing to ensure the functionalities of the system works fine.
Worked on different JIRA ticket issues related to different issues such as API, message routing system, ServiceNow, patching, including both frontend and backend process for alerts & forecast data. Also tested some network issues of Xymon (mainframe) server & applications such as report generation issue.
Documentation in Confluence as well as google doc
Worked on data verification on different servers Linux workstation through Putty
Testing performed on both front-end and back-end testing
Worked on different applications and systems such as NGITWS, NWS Chat, Alerts & Forecast application, RabbitMQ (Message routing system for notification system), Gray Log system, GitHub etc.
Application Test Engineer (Software Tester – Washington, DC June. 2019 – April 2020
Sub-contractor – Dept. of Justice (DOJ) – through Unisys [vendor is ABBTECH]
Working on Asset Forfeiture Management System (AFMS) project of DOJ
Working on Consolidated Asset Tracking System (CATS) of DOJ application for different forfeiture type such as Administrative or Civil or Criminal seized assets
Working on Adoption Request Online (ARO) application to create and manage adoption request from different Agencies such as USAO, MLARS, Investment Agency (e.g. FBI, DEA), and State/Local
Working on Online Claim and Petition (OCP) application for filing claim and petition related to seized assets
Single-sign-on (SSO) access control tool for identity and access management was applied to each login system of the application which as verified with both valid and invalid login credential to access and DOJ system and application.
Working on different SharePoint application such as Financial Reports, eDocs, etc.
Working on User Management Center (UMC) application to manage the user permission privileges for different security roles
Report generation Testing different application of DOJ
Working on data validation in the database by running SQL query from multiple tables using MySQL
Jr/Mid Security Assessor (Security Tester) – Arlington VA Jul. 2017 – March 2018
Federal Deposit Insurance Corporation (FDIC) – through Blue Canopy Jacobs
Security testing to mitigate different security control issues on FDIC related different applications such as WinServ, MidServ, DCOM, Voice Video etc.
From quality assurance perspective, performed to approve and reject the finding by technical and non-technical assessment/testing, based on provided evidence on different security issues such as configuration, access control issues, authentication & authorization, audit, and accountabilities etc.
Followed different NIST SP 800 security compliance of FISMA, such as NIST SP 800 53, 53A, 37, 171 etc. for the quality assurance perspective.
Scheduled meetings interacted with clients via conference call, in-person meeting, Skype meeting, shoulder surf meeting, in regards to collect evidence to mitigate the findings.
Automated Test Engineer – Hanover MD Nov. 2016 – Feb. 2017
Lockheed Martin – through ALKU Government Solutions
Automation UI testing for critical event management system and task order for training to military personnel based on different user role and responsibilities as well as type of organization i.e. cyber mission force and non-cyber mission force organization.
Created automation test scripts in Selenium Web and Selenium IDE under Ubuntu desktop environment. Created Java objects by using selenium WebDriver for different classes and called the methods to execute the functionality based on OOP concept. Also familiar with C# in selenium.
Created test data in the MS Excel sheet for the data-driven testing framework.
Used different tools and technology such as Eclipse, JRE, JDK, Junit, TestNG, POI libraries, Selenium jar files, Apache POI libraries, Java, JavaScript, Maven, and Cucumber etc.
Created automation test script for UI testing for the forms as well as some login functions for behavioral driven development process by using Gherkin language.
Use maven installs command to build the code and upload & deployed the automation test script in GitHub using Bash command and stored in Amazon Web Service (AWS) using the terminal.
SSO and MFA tool of IAM used for authentication and authorization to access the system based on different user role as well as the security policy setup in the system for all testing environment.
Monitored the continuous integration of code in Jenkins for regression testing to ensure the codes are not breaking down due to new code in night batch job process.
Also performed some web service API testing using SoapUI testing for backend data validation by validating HTTP network traffic of HTTP Request from a client application and the HTTP Response from Application Server. Also, perform XML verification to get the correct XPath value to get the expected web element for the automation test script.
Managed defects and created tickets in JIRA as well as some modification on test schedule for recent project plan.
QA Tester - Washington DC Oct. 2015 – June 2016
Department of Labor (DOL) – through Quadrant Inc.
Working under ETA – OIST project on different applications such as UI, eGrant, EBSS, TAACCCT, RAPIDS, Youth Offender etc.
Actively participated in all phases of SDLC and STLC from requirement gathering to test scenarios and test script development (both manual and automation) and tested both front end and back end data table are displayed correct data in client application as it displayed in the Web Application Server.
Key QA person to manage, document as well as approved/rejected documents in SCM Harvest, verification and validation of documents in Service Desk & Service Management tool (BMC Remedy); before it goes for deployment.
SSO tool of identify and access management was a part of each applications to get access to each application through the login credential.
As a QA tester, assisted lead for test schedule for project plan by modifying the properties of test plan iteration such as update the test schedule date, release date, change of timelines, updated # of defect validation, etc. Used a tool such as IBM Rational Quality Manager.
Created automation test script in Eclipse using Selenium WebDriver, Java and JavaScript.
Section 508 Compliance testing, by using the tools, such as WAVE, Inspect, WAT and Java Ferret.
Created test cases in QC ALM and logged and tracked defects. And created defect reports and graphs.
Documented different documents in SharePoint.
IACS Web Application Tester – Columbia MD Aug. 2012 – Jun. 2013
Quality Software Services Inc. (QSSI)
Worked on three different interfaces of Individual Authorized Access to CMS Computer Services (IACS) applications for identity management and authentication services on the Federal Government project for the Department of Health and Human Resources.
Reviewed & analyzed different documents such as requirement, detail design, and technical documents. Wrote test plan, test scenarios, test case, log file, report files.
Developed a requirement traceability matrix by mapping requirements, business rules, test scenarios, and test cases.
Performed testing on different user interface CMS applications such as HIPAA Eligibility Transaction System (HETS) User Interface (UI), Electronic Health Records (EHR) and so on.
Created automation test script for web application in Selenium WebDriver, Selenium IDE as well as Cucumber for testing of behavioral functionalities.
Used different identify and access management tools are used for the user credential such as single-sign-on (SSO), and multi-factor authentication (MFA) to get authorization to access the system.
Wrote SQL query to retrieve data for testing purpose as well as data validation in the database as well as tested to retrieve data Tested to retrieve data from DB2, Oracle, MySQL database from Admin Console by using query developing tool
Tested application for black box testing, white box testing, system testing, system integration testing, system acceptance testing, regression testing, functional testing, parallel testing, patch bundle testing, performance testing, browser compatibility testing.
Defect tracking and management of defects, documentation.
Scheduled meetings and participated scrum meeting as well as different review meeting like test readiness review, peer review, QA review.
Web service testing by using SoapUI for backend testing for HTTP request and response to ensure the data communication between client application and application server.
Executed test cases both manually and some automated; used QTP automation tool.
Some security testing in Burp Suite by intercepting data for the proxy test.
Hands-on knowledge of healthcare medical claim processing testing.
Engineer Software Quality 3 (Software Tester) – Lanham MD Aug. 2011 – Feb. 2012
Northrop Grumman - contract to Internal Revenue Service (IRS)
Worked as a system acceptance (SAT) Tester on TIPS Task Order 5 for e-Authentication and E-Transcript application for ID proofing to access different IRS applications for Taxpayer users within IRS Enterprise Life Cycle.
eAuth tool of identity and access management (IAM) was used as tax-payer users to access tax registration application.
Performed testing on the Registration module of Registered User Portal (RUP) for e-Authentication of ID proofing of the tax-payer users under the Integrated Customer Communication Environment (ICCE) and Enterprise Integrated Testing Environment (EITE).
Experienced in multi-tiered applications using IBM WebSphere and Data Tier. Has a deep understanding of architecture and infrastructure of these applications.
The test was performed according to the Authentication Matching Rules and the Authentication Eligibility Verification Rules for ID proofing of taxpayer user for both quality assurance and quality control perspective.
Verification of XML flat file for a reason to fail to get data from client-server application i.e. Business Web Application Server (BWAS).
Analyzed and developed different flat files, reports and documents, track defects & performed regression testing to make sure the issues are resolved from quality assurance perspective. Used different tools.
System Consult Analyst - SQA/Mainframe Tester – Germantown MD Mar. 2006 – Apr. 2011
Affiliated Computer Services (ACS) A Xerox Company
Worked on maintenance & enhancement project of Direct Loan Servicing system on system integration and system acceptance testing environment. It was student loan system of the US Department of education.
Performed different types of testing like smoke test, black box test, integration test, regression test, backend test, user acceptance test, parallel test, patch bundle test, web service test.
Ran SQL queries to retrieve test data from multiple tables as well validate the data in the database.
IBM tools such as Rational ClearCase, Rational ClearQuest, Rational Data Center, SharePoint, Financial Reports, eDocs.
In regards to test certification and accreditation for user credential to access the system, different IAM tool were used such as SSO, MFA in a regular basis when access to system or application as well as in server.
Analyzed different documents such as detail design document, requirement document, and technical documents. And developed test plan, test strategy, test scenarios, test scripts, log files, test result documents, Requirement Verification Traceability Matrix. Modification on test plan iteration for the test schedule by changing the release date, defect validation rate, etc.
Worked on Siebel Financial Service version 7.8 of CRM application and performed the following functionalities those are (a) updated customer information by call process and ran batch job to update the data in the database (b) Search data for customer (c) reset the data (d) create and update the communication log in Siebel
Back end testing: FTP the data file from test resign to the server, created input files and ran the batch job, ran scheduled jobs such as daily/weekly/monthly jobs; created report files and data files, generated fill reports such as borrower history activity report.
Worked on different middleware such as CICS, JCL, JSP, CFOL, OLTP, MVC, JBoss and IAM.
Management of the defects, documentation management, mapped different business rules, test scenarios, and test scripts and developed requirement traceability matrix (RTM). And support the quality assurance of the application to meet the company standard.
Wrote SQL statement to retrieved test data from multiple tables as well as verified & validated data.
Created automation test script in IBM Rational Functional Tester by recording the functionalities of each component of the application and re-run the script.
Developed PowerPoint presentation of a test result document and presented to the client. And satisfying the client by answering each cross questions related to the application based on the given requirements.
Automation by using Rational Functional Tester used to create a test suite, test plan, create a test script and run, put the breakpoints and check the object repository for files when error message shows while running the scripts.
Technical skills on Tool and Technology:
Operating Systems: Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2003 R2, Windows NT, z/OS TSO, Unix, Linux (Kali Linux, Ubuntu, RedHat), Apache, VirtualBox – VMware, Unix (Putty), OS/390 (IBM Mainframe), Mac OS.
Servers: WebSphere Application Server, SSL Server, Middleware Server (RedHat, Linux), Business Web Application Server (BWAS), DNS, z/OS Security Server, Proxy Server, Apache HTTP Server, CI Servers (e.g. Jenkin).
Database: Sun/Oracle IAM suite, ACRS, Oracle 9i, and Oracle 10g, TOAD, Microsoft SQL Server, DB2, MySQL, Database Table Query Form, IBM MQSeries, WebLogic/WebSphere, z/OS Security Server, MS Access Database, CRM Database, Xymon monitoring for report, DevOps
Protocols: TCP/IP, SSL, TLS, UDP, HTTP/HTTPS, SSH, SMTP, FTP/SFTP, Sign-Sign-On (session & user authentication service), SecureFX (flexible SFTP, FTPS).
Networking: Active Directory, LDAP, DNS, WAN, LAN, VPNs, OSI model (all 7 security layers of the application).
Languages: Java, JavaScript, Java Applet, ActiveX, JDK, JRE, JVM, JCL, JMS, Jobs, JSP, J2EE, .NET, ASP.net, HTML, XML, SQL, T-SQL, JUnit, Gherkins, WSDL, Maven, VBScript, API, AIX, AJAX, ASCII, RabbitMQ system
Microsoft Office Tools: MS Office 2003/2007/2010, Outlook, Project Manager, Microsoft Office365.
Automation tools & technology: Selenium, WebDriver, Selenium IDE, JUnit, Maven, Eclipse, Cucumber, Bamboo, SOA, SoapUI, REST API, Postman tool
Security Tools: OpenFISMA, Security Center, Nessus Vulnerability Scanner, Burp Suite, Splunk, Security Audit & Analysis System (SAAS), CyberArk.
Repository: LDAP, Active Directory.
Other Tools: HP Application Life Cycle Management (ALM) tools such as Quality Center (QC), QTP, Confluence JIRA, Confluence, IBM Rational tools (Test Manager, ReqPro, ClearCase, ClearQuest, RQM ), BMC Remedy, SCM Harvest, Team Foundation Server (TFS), TSO, COBOL OpenVMS application, AutoSys – GUI form, Visual Basic, IAM, eDocs, Command Center, Siebel Financial Service – CRM tool, Centropy system, Direct Loan Servicing System (DLSS), Microsoft SharePoint, CATS, ARO, UMC, Financial Reports, eDocs, Microsoft Visio 2005, MS PowerPoint.
Defect Tracking Tools: IBM Rational ClearQuest, HP KISAM (Knowledge Incident/Problem Service Asset Management), Bugzilla, JIRA, HP Quality Center.
Section 508 Testing Tool: WAVE, JAWS, WAT, Inspect, Java Ferret.
Reporting System: Crystal Report, Financial Reports, ACA (Agreements, Certification, and Audits), Business Intelligent Reporting (BI), SQL Server Reporting System (SSRS), SSIS, and Physician Quality Reporting System (PQRS), Electronic Reporting System (ERS).
Third Party Tools: COTS products such as Identity Manager (IDM), Access Management tool, SiteMinder, Selenium and Bamboo.
Native Tools: Amazon Web Service (AWS), Jenkin (for continuous integration), GitHub (to update and deploy the code in the cloud), Planning and Budgeting Cloud Services (PBCS).
Career Accomplishments:
Year 2021:
TRAINING on Google Cloud Platform (GCP) boot camp training, hosted by Women Society of Cyberjutsu (WSC). This was for Cloud Engineer Associate. Learned on different cloud components and google cloud console, cloud IAM and create roles & permission, created compute instances (virtual machine), cloud storage (S3), deployment model of cloud etc.
TRAINING hosted by Amazon on "AWS Cloud Practitioner Essentials": It was learning about the basic AWS Cloud, security services, functionalities on account management/billing & pricing/security etc.
WORKSHOP on Splunk tool: it was about a real world Observability which was related to metrics, traces & logs. Second workshop was on Operations and Observability. And third workshop was on monitoring of cloud infrastructure & network, application performance, and the incident response by using Splunk tool.
WORKSHOP on “DFRWS USA 2021 Virtual”: This was four days’ workshop. It was about digital forensic and Malware analysis. It was USA DFRWS annual event.
WEBINAR on “Cloud Security”: It was hosted by Microsoft Office 365. I learned about MFA factors for authentication, attack lifecycle, account takeover by phishing etc.
Year 2017:
TRAINING on Certified Information Systems Security Professional (CISSP) from George Mason University in Arlington VA. I was awarded scholarship for this training from Arlington Employment Center (AEC). Learn about 8 Domains which are affiliated with information system security.
WORKSHOP of Cisco WebEx Event on Identity Access Management and Privileged Account Security was hosted by CyberArk and SailPoint. Learn about different privilege account type for identity access management in regards to authentication and authorization from the security perspective.
Year 2016:
TRAINING on the following topics- Cyber-Security Fundamental, Network+, Vulnerability Scanning and Pen Testing, Forensic analysis. It was hosted by Women Society of Cyberjutsu (WSC). I learned about key fundamental of cyber security, layer security, OSI models, different cyber security terminologies, how to create a virtual machine in VirtualBox, different command line for troubleshooting in Kali Linux & Ubuntu, type of attacks and countermeasures, key fundamentals of network security, ID & MAC address, sub-netting, vulnerability scanning process, basic forensics analysis and so on.
Year 2015:
TRAINING on CompTIA Advanced Security Practitioner (CASP), hosted by Intellectual Point, Learn about advanced level of security + to know about different type of cyber security from both physical and logical perspective etc.
4th Annual Government Innovator’s Virtual Summit which was hosted by GovLoop. Learn about the type of Cyber threat and countermeasure for protection of the system.
WEBINAR on data security and Informatics data governance was hosted by IBM. Learn about data security and data encryption methodologies.
WEBINAR on Application Security Bootcamp was hosted by WhiteHat Team. Learn about application security of different layers of the application during the process of authentication & authorization of the users’ credential.
TRAINING on TOAST Master for Sergeant at Arms was hosted by District 29 ToastMaster Team. Learn about the role of Sergeant at Arms, during the Toast Master session in the organization.
Year 2014:
Achieve certification on Security + SE from CompTIA, valid up to 2023. Certification No. is COMP0010120270706
Year 2013:
TRAING on Certified Information Systems Security Professional (CISSP) from Security University in Herndon VA. Learn about information system security for all 10 Domains of Cyber Security.
Contact this candidate