Application security, Pentesting
Resume:
ANITHA M
Email: **********.*@*****.***
Phone: +1-574-***-****
PROFESSIONAL SUMMARY
• Have over 5+ years of experience in application security with focus on both automation & manual penetration testing (DAST & SAST)
• Handling scoping of the application, understanding the application environment with test plans and execute tests, developed detailed test cases, establish remedies as per the vulnerabilities found.
• Coordinated with support / technical managers & teams globally and provided support experience individually or as a part of the team.
• Excellent skills in Pentesting web sites and applications.
• Good experience in testing both API services using Postman and tested both XML and JSON formats.
• Experience in Defect tracking systems and bug life cycle using JIRA.
• Involved with developers for the closures of JIRA tickets as per region and deadlines.
• Conducted in-depth research into evolving trends and best practices in network analysis and visibility (NAV), managed security services (MSS), security operations (SecOps), and Zero Trust
(ZT) security principles.
• Consulted with global clients to apply Zscaler’s research findings to their specific business contexts, providing in-depth guidance and advisory sessions to solve their security and risk management challenges.
• Authored multiple complex research reports annually, introducing new business and technology strategies, presenting implementation plans, comparing technologies/services, and predicting emerging business opportunities.
• Continuously created intellectual property in various forms, including written reports, video analyses, tools and templates, blogs, on security and risk technologies/services, industry events, predictions, and competitive market dynamics.
• Consulted with global clients to apply research findings to their specific business contexts, providing in-depth guidance and advisory sessions to solve their security and risk management challenges.
• Supported global clients across EMEA, APAC, and NA regions, showcasing flexibility to accommodate different time zones.
TOOLS
• HCL AppScan,
• Manage Engine
• Zscaler
• Burp Suite Pro,
• SQLMap,
• Kali Linux,
• Checkmarx,
• Rapid7 AppSpider,
• Nmap,
• Netsparker and
• Open Source Tools (Nuclei, Nikto, OWASP ZAP etc.) WORK EXPERIENCE
AUJAS NETWORKS PVT LTD. 12/2022 – 07/2023
• Hands-on experience in testing application security using OWASP-2021 Pen Testing methodology and addressing attack vectors in web applications.
• Performing API testing on various web-based applications at the product level using POSTMAN and providing feedback for information security fixes.
• Proficient in using the Netsparker tool for identifying security vulnerabilities.
• Basic understanding of web application security testing and source code review.
• Experience in analyzing source code review results through Checkmarx for different languages and assisting development teams in understanding the security posture of the product.
• Planning and analyzing security testing scope based on requirements and advising development teams on best security practices.
• Involved in issue closure, tracking, and project management.
• Raising tickets for issues and retesting resolved issues.
• Experience working on e-commerce and banking applications.
• Understanding requirements and writing clear, comprehensive test cases.
• Handling client requirements by defining scope, specifications, and deadlines.
• Leading the team to meet client requirements by prioritizing tasks and managing schedules.
• Managing resource estimation and ensuring quality control of projects and resources.
• Acting as an intermediary between clients and resources.
• Involved in conflict management to maintain a healthy work environment.
• Responsible for project closure duties and presenting the final product. SYNOPSYS INC. 04/2021 – 12/2022
• Have hands on experience in testing application security on OWASP-2021 Pen testing methodology, attack vectors in web applications.
• Performing API testing shadow on various web-based applications at product- level and Review and Provide feedback for information security fixes.
• Having hands on experience in Net sparker tool and Burp Tool
• Have experience in performing shadow for couple of applications for API testing on various web- based applications at product-level.
• Planning & analyzing the security testing scope based on requirements and provide best security practices to the development teams.
• Reporting the final report of bugs found in the application as a document.
• Performed defect reporting and bug tracking and followed up with development team to verify bug fixes, and update bug status.
• Analyze business requirements, Software requirement specifications to create test plan and test cases for manual and automation testing.
• Handling the resource to complete and update the vulnerabilities found in JIRA.
• Prepared Test Plans, Test Procedures and Test Cases for Manual Testing Bug Report generation and Defect Tracking
• Participated in defining test objectives for the application and performed Manual Testing and automated testing.
• Involves scoping of the application, Validating functionality of web applications. and defining the scope and target deadline.
• Collection of vulnerabilities in details form along with screenshots from resource and sharing to client.
• Worked on Banking applications, e-commerce applications, client internal applications. RISHTA FOODS 11/2019 - 03/2021
• Have hands on experience in testing application security on OWASP Pen testing methodology, attack vectors in web applications.
• Planning & analyzing the security testing scope based on requirements and provide best security practices to the development teams.
• Expertise in performing Vulnerability assessments through manual testing by finding business logic related flaws in Web Applications.
• Performing risk assessment and creating reports for the same.
• Understanding new concepts & conducting information security evaluation for new projects manually and through automated tools.
• Identify Security Vulnerabilities and articulate the business risks to stake holders for one of the major clients.
• Expertise in performing Vulnerability assessments through manual testing by finding business logic related flaws in Web Applications.
• Participate in and contribute test effort estimates in sprint cycle planning sessions.
• Attend daily stand-up and team meetings, sprint reviews, and retrospective meetings. SHRIJRG FOOD PRODUCTS PVT. LTD. 09/2017 - 10/2019
• Works according to the Client requirements, Planning & analyzing the scope based on requirements and provide best practices to the development teams.
• Collection of documents from client/Stake holders according to the need of the project.
• Understanding the requirements and provides all the possibilities.
• Presenting the possibilities to the stake holders and ensure the clarity of scope.
• Knowledge transfer to the required teams and ensure the development team to be updated with requirement.
• Planning and ensuring the requirements to be shared with the concern team.
• Ensuring project scope to be shared with team and tracking the project update.
• Ensuring the budget to be undertaken within the interest of client/ stake holder and vendor.
• Participate in and contribute test effort estimates in sprint cycle planning sessions.
• Attend daily stand-up and team meetings, sprint reviews meetings.
• Responsible for project to be complete on time, on budget by focusing on the project scope.
• Performing risk assessment and creating reports for the same. EDUCATION
• MBA
o BANGALORE UNIVERSITY 06/2016 - 04/2018
• BBM
o S.V UNIVERSITY 06/2013 - 04/2016
• BOARD OF INTERMEDIATE EDUCATION
o NRI JR COLLEGE 06/2011 - 04/2013
• BOARD OF SECONDARY EDUCATION
o SRI CHAITANYA TECHNO SCHOOLS 06/2010 - 04/2011
DECLARATION
• I hereby declare that the above information is true to the best of my knowledge. Place: Signature
(Anitha M)
Contact this candidate