SEETAIAH MANDALAPU
216-***-**** adzvhr@r.postjobfree.com
Professional Summary
Over 3.8 Years of professional IT Experience in Application Security Testing particularly focused on performing technical activities such as Code review, Vulnerability Analysis, Penetration Testing, Threat Modeling Secure Application Testing, Network security, and Cloud Security.
•Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based and Mobile Applications.
•Expertise in Black Box and White Box penetration tests. Threat Modeling (TMT). Vulnerability Detection and Remediation.
•Performed vulnerability scans using Checkmarx, Fortify, HP Web Inspect, IBM App Scan, Qualys Guard, Nessus, Burp Suite, and Metasploit auxiliary modules.
•Implemented security frameworks ISO 27002, NIST, and PCI.
•Experience in REST/SOAP API Security Testing.
•Utilized dynamic and static analysis techniques to assess internal and third-party applications for Security vulnerabilities.
•Performed Industry standard vulnerability severity and risk ranking using CWE, CVSS.
•Periodically review and update overall security strategy for the modernization program.
•Created security guide lines and security best practices for JAVA, .NET, C, C++ and Angular JS frame works.
•Understand security requirements: areas of the application which deal with PII information in consultation with the business user/client and baseline the requirements.
•Reverse engineered third party applications and developed proof of concept exploits. Assist developers in remediation efforts.
•Static, Dynamic & Forensics analysis for Mobile based applications.
•Threat modeling the new features and design controls to ensure web & mobile applications are secured.
TECHNICAL SKILLS
Programming Languages: C, Java, Html, python.
Security tools: Burp Suite, Wireshark, N-map, Net sparker, Nessus, Postman, SoapUI, Metasploit, Qualys, Kali Linux tools,
Testing & Framework: Application security, Network security, VLAN segmentation, Source code review, API testing. Applied Cryptography, Risk Analysis, Wireshark, Kali Linux, SIEM, Nessus, Web Scarab, HP Fortify, Nmap, Burp Suite Pro, Mobile Apps, Paros Proxy, Splunk, Cobalt Strike, Web Applications, HP WebInspect, Android Tamer, OWASP, Hping, NSLookUp, NIST SP 800, Checkmarx
PROFESSIONAL EXPERIENCE
Client: BDO INDIA
Role: Cyber Security analyst
Location: Bangalore, India July 2020- July2021
•Performed open-source intelligence OSINT gathering for target customers in preparation for security assessments.
•Performed Network and Web Application Penetration tests within the parameters defined by rules of engagement coordinated with the client.
•Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
•Developed training materials for Strategic Security Online courses on the following subjects.
•Network Penetration Testing
•Web Application Penetration Testing
•Conducted application penetration testing of 10+ business applications
•Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, DirBuster for web application penetration tests.
•Used frameworks such as Mitre Att&ck and Cyber Kill Chain framework to classify incidents, identify gaps, and prioritize efforts.
•Use Qualys WAS for automated secure code review for app assessments.
•Responsible for internal Qualys WAS services and WhiteHat Security scans.
•Tools used: Qualys WAS, WhiteHat Security services.
•Worked on Mitre ATT&CT to strengthen the cyber defense and developed analytical techniques.
•Analyze business requirements, convert it into technical needs, prepare budget, present solution, POC and Performed Static Application Security Testing (SAST) using tools such as HP.
•Fortify and Dynamic Application Security Testing (DAST) using tools such as IBM.
•AppScan.
•Integration of SAST and DAST tools with Jenkins in agile development process.
Client: Square bridge technologies
Role: Security Analyst
Location: Bangalore, India NOV 2017 – JUN 2020
Responsible for conducting vulnerability assessment scans, assisting with penetration testing, exposing security vulnerabilities and risks, and recommending solutions to mitigate such vulnerabilities.
Contributes to building and delivering services, solutions, and processes that enable security defects to be found, fixed, or avoided before applications are released to production.
Tracks public and privately released vulnerabilities and assists in the corporate triage process including identification, criticality evaluation, remediation planning, communications, and resolution.
Conducts vulnerability assessment scans, exposing security vulnerabilities and risks and recommending solutions to mitigate such vulnerabilities.
Guide security strategy through interaction with and direction to, when necessary, other teams in Information Security (e.g., network operations, Cyber)
Aid team members with enhancement and enrichment of security monitoring tools with contextual information
Adhere to all policies and standards, as well as regulatory requirements regarding reporting and escalations.
Excellent experience executing, ethical hacking and penetration testing.
Introductory knowledge regarding security vulnerabilities, application analysis, and protocol analysis
Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE)
EDUCATION
Masters in information systems security and assurance
Gannon university, Erie PA- 2023
Bachelor of Technology in Mechanical engineering
Vignan institute of technology, India-2017
CERTIFICATIONS
Certified Information Security Consultant Jan 2018