PROFESSIONAL SYNOPSIS :
Security Research Professional whose qualification includes a degree in computer science and Global Certifications like CEH, Qualys-VM, Qualys-PC. Good knowledge of application level vulnerabilities and corresponding attacks, manual techniques to test the exploitation feasibility. Resourceful and a goal oriented individual.
SKILLS :
- Web Application Security Manual as well as automated testing
- Knowledge of Vulnerability Assessment .
- Hands on experience in bash scripting.
- Proficient in Linux Operating System Configuration, utilities and monitoring.
- Knowledge of security and privacy standard ISO/IEC 27701, NIST
- Manually/Automated checking for Owasp top 10 vulnerabilities .
- Understanding and Implementation Server Security and imply security hardening in accordance.
- Able to clearly understand the problems and find positive solutions through the use of troubleshooting, problem solving, teaming and communication skills.
TOOLS USED :
- BurpSuite Community/Pro.
- Nmap
- Nessus
- Qualysguard VM
- Qualysguard PC
- Wireshark
- Nexpose
- Metasploit
PROFESSIONAL CERTIFICATIONS :
- Certified Ethical Hacker ( ECC89630247512 )
- QualysGuard Certified Specialist - Vulnerability Management
- Red Hat Certified Engineer (RHEL 6)
- Red Hat Certified System Administrator (RHEL 6)
Accomplishments :
- Appreciated and acknowledged by NCIIPC ( a unit of NTRO, India )
- Achievement Badge by Bugcrowd
- Hall of Fame by Bugcrowd
- Hall of Fame by Indeed
- Hall of Fame by Caffeine TV
- Hall of Fame by Underarmour
- Hall of Fame by iRobot
- Hall of Fame by MoneyTree KK
- Hall of Fame by Caviar
- Hall of Fame by Pantheon, Optimizely, Mailgun
- Presented a talk on “Command Injection” at InfosecGirls, a Infosec Chapter lead by Vandana Verma, OWASPWIA Lead India.
- Presented a talk on “Recon Methodology” at InfosecGirls, a Infosec Chapter lead by Vandana Verma, OWASPWIA Lead India.
WORK EXPERIENCE :
Freelance Work
- Conducted Web Application Pentesting for 3 clients based in India(Government Website) and the Middle East ( E-commerce and Workforce management)
- Conducted testing on “Order management flaws” like Price manipulation during order placement, Shipping address manipulation after order placement, “Content management system flaws” like Unusual activities involving role-based access control, Flaws in third-party application program interfaces (APIs) and also flaws like “Use of multiple coupons for the same transaction”, “Predictable coupon codes” etc on the E-Commerce Websites.
- Also conducted OWASP TOP 10 tests like OWASP Top 10 tests like “Injection Attacks” , “Session Management Flaws”, “Sensitive Data Exposure”, “Broken Access Control” etc on the websites
- Security Hardening tests like Password Policy Implementation, Enforced SSL Implementation, Open ports and Services on the Webserver were also checked.
QA Engineer, Policy Compliance – Qualys Security Tech Services Pvt Ltd, Pune Period: 22 nd August 2016 – 10th April 2019
RESPONSIBILITY:
- Manual Testing on Signatures and Security Policies developed on OS like Linux, Debian, Windows.
- Researching for vulnerabilities.
- Testing the Provided technology ( Any OS, network devices, firewalls etc ) in accordance with CIS, NIST, DISA Benchmarks.
- Working on Administrative Policies like Group Policy Administration, Windows Registry Security etc
- Automation of processes and tasks in hand.
Linux System Administrator - Mithi Software Technologies Pvt. Ltd. Period: 2nd September 2013 – July 2016.
RESPONSIBILITY:
- Understanding Server Security and implying server hardening.
- Remote Installation, Deployment, Reconfiguration of product on Linux platform, configuring, monitoring, troubleshooting of email Servers for spectrum of clients and ensuring maximum Network and Server uptime.
- Interacted and provided Web Training to customers of company across India.
TECHNICAL EXPERTISE :
- Security Technologies: BurpSuite, NMAP, Wireshark, QualysGuard, Nessus, Nikto, Sparta.
- Systems: Redhat, CenTOS, Ubuntu, Kali
- Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)
EDUCATION : Bachelor’s Degree : Computer Technology, RashtraSant Tukadoji Maharaj Nagpur University, Nagpur, Maharashtra