Austin, Texas, United States
Working on H1-B and Seeking Full Time opportunity in Application Security Roles *Over all 7+years of experience as Security Engineer in Vulnerability Assessment and Penetration Testing on WEB based Applications, Mobile based application and Infrastructure penetration testing. *Having Good Experience in DevSecOps methodology and CI/CD process. *Integration of source code analysis tools like HP Fortify with Azure DevOps, Jenkins to automate the security scans. *Experience with using a framework to evaluate and analyze mobile devices, applications, mobile environments, and supporting infrastructures and to identify design weaknesses and vulnerabilities. *Proficient in using a wide variety of security tools to include Kali-Linux, Wireshark, Nitko, Dirbuster, IBM Appscan, HP Fortify, Nessus, Open Vas, W3AF, BeEF, Etthercap, Maltego & Metasploit. *Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality *Excellent knowledge in CWE, OWASP Top 10, and WASC THREAT CLASSIFICATION 2.0 methodologies. *Good Understanding of compliance and regulatory requirements like NIST, FIMS, PCI DSS, SOX & HIPPA. *Perform DAST & SAST assessments on both web applications using Industry standard tools like Hp Fortify, IBM Appscan and Veracode. *Perform Manual assesements on Scan results using proxy tools Burp suite proxy to eliminate false positives. *Perform Penetration testing, reverse engineering on Mobile applications (Aandriod & iOS). *Performing network devices scanning regularly based on organization policy and working with different departments to close the vulnerabilities accordingly. *Create customized vulnerability report and log defects in Jira for better tracking and fixing of Vulnerabilities. *Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.