Security Analyst Network
Resume:
CONFIDENTIAL
RAJYA LAKSHMI D email: *.*****@***.***;***********@*****.***
Application Security Analyst Phone: 678-***-****
Atlanta, USA
Professional Summary
• 8+ years of industry experience in Application & Network security
• Experience in working across Healthcare, E-Commerce, Education, Retail, Telecom, Airlines, and IT sector domains.
• Performed security assessments for more than 25 clients across multiple domains.
• Expertise in coordinating with onsite & offshore teams.
• Excellent client handling skills at every level of security engagement like requirement gathering & scope analysis, security testing & reviews, reporting & demonstration of the issues.
• Expertise in carrying out vulnerability assessment and penetration testing for web applications, internal/external networks.
• Expertise in Grey box and Black box Testing.
• Expertise in commercial and open-source vulnerability/port scanning tools.
• Expertise in Proxy/Network Sniffing/Exploitation
• Proficient in report preparation using identified vulnerabilities, risk criticality, mitigation and POCs.
• Expertise in risk analysis using CVSS score system.
• Knowledge of code review.
• Expertise in vulnerability validations and providing cost-effective solutions by following industry best practices (OWASP top 10 and SANS 25).
Technical Skills
• Web Applications/Services Security Assessment Tools
• Burp Suite, OWASP ZAP, Wappalyzer, Cookies Manager, Sqlmap, Qualys etc.
• Static Code Analysis Tool- Checkmarx
• Vulnerability Management Tool – Blackduck, Snyk
• Network Security Assessment Tools
• Nessus, Nexpose, Nmap, Nikto, Metasploit, Wireshark, Ettercap, Hydra, SSLscan, SQLMap, dnsmap etc.
• Web Client Technologies HTML, JavaScript, Linux scripting
• Operating Systems Windows, Kali Linux
• Monitoring Tools/Sniffers Wireshark, Ettercap
• Languages/Technologies Basics of HTML java script, Java
• Web Application Servers Apache
• Database Servers Knowledge in MySQL, Oracle
Employment History
Automated Security Tester, Citi Bank, USA
Tata Consultancy Services
Oct 2022 – till date
Triaging the scanned reports of Checkmarx as a part of SAST. Confirm the true positive and notify with remediation measures.
As a part of CVM report the vulnerable libraries by providing the recommended versions from Black duck.
Working with Dev teams to on board security tools like Checkmarks, Black duck, Contrast and Sync CLI.
Code review of Java applications for malicious code or for Backdoor detection.
Performing the pen testing activities for limited scope SOW.
Perform Retest once remediation completed by Developers. CONFIDENTIAL
Application Security Analyst, Aplihs Software Solutions Pvt Ltd, India Sep 2019 – Aug 2021
Network Penetration Testing & Vulnerability Assessment
Penetration Testing and Web application security assessments on all the web applications.
Prepare threat profile for the business logic checks by performing the requirement & scope analysis.
Perform internal company network security assessments on a regular basis.
Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate information to appropriate team members throughout the organization on a timely basis.
Experienced Web Application based attacks which include Denial-Of-Services attacks, MITM attacks, Local File Inclusions (LFI), Remote File Inclusion (RFI), SSRF (Server-Side Request Forgery) which is OWASP 2020 top 10 and Buffer Overflow.
Document the vulnerabilities with proper POC’s and generate reports and send for closure as per software compliance with proper security fixes as per latest threats. Web Application Penetration testing
Plan, conduct and report vulnerabilities and risks assessed for applications. Explain risks associated with vulnerability to the project team for better understanding and guide project team towards its closure / remediation.
Responsible for interaction with client for project clarity and prerequisites.
Provide preventive, mitigating, and compensating controls to ensure the appropriate levels of protection and adherence to the goals of the overall information security strategy.
Assist customer in understanding risk and threat level associated with vulnerability so that customer may ormay not accept risk with respect to business criticality.
Assist reviews of business solution architectures from security point of view which helps avoiding security related issues / threats at the early stage of project. Jr. Pentester, Adiroha Solutions Pvt Ltd, Bengaluru Aug 2018– Sep 2019
Practice testing and reviewing business internal applications.
Reviewed violations of computer security procedures and developed mitigation plans.
Recommend improvements in security systems and procedures.
Developed plans to safeguard computer files against modification, destruction or disclosure.
Created spreadsheets using Microsoft Excel for daily, weekly and monthly reporting.
Experience with analyzing the development of technical documentation, including test plans, executive briefs, and test reports.
Significant experience of undertaking Penetration Tests, for highly resilient solutions.
Detailed knowledge of Penetration Testing Tools, Techniques and Methodologies.
Extensive, demonstrable knowledge of security vulnerabilities and remediation techniques.
Experience of undertaking both automated and manual application Penetration Testing assessments within Agile environments.
Performing penetration testing for all critical Infrastructures (network, server and Web applications).
Interpreting the risk rating of the vulnerability findings depending upon the criteria defined using CVSS score system.
Understanding network pen-testing tools like Nmap Scanning, Metasploit Framework, DNS Enum, Enum4Linux, Nessus etc.
Software Engineer, Aqura Infotech, Visakhapatnam
Mar-2004 – Jun 2009
Policy Renewal Integration is a project based on Insurance where integration team need to integrate the services with different other microservices using Java.
Analyze and develop the code as per the requirements.
Involved in developing API using servlets & JSP web services with high quality code by following software CONFIDENTIAL
engineering practices
Involved in end-to-end testing of API and resolving issues.
Working along with Onsite team on analyzing and delivering the requirements.
Fixing the bugs raised by business team.
Creating change requests and production deployment Education: Master of Computer Application
Contact this candidate