About
Overall, 4.5 years of experience in security assessments (Web Based Applications, Mobile based applications, API'S(DAST), Penetration Testing and Vulnerability Assessment). Performed Application Penetration Testing for various clients. Conducted vulnerability assessment of multiple servers and network devices. Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project. Experience in running scans on Source code files using Checkmark, and verifying vulnerabilities to eliminate false positives. Skilled using Various Tools for web application penetration tests such as Burp Suite, OWASP ZAP, Wireshark, WinHex, Nmap, Nessus, Acunetix, Echo-Mirage. Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, authentication bypass, weak cryptography, Session Management, etc. Skilled in executing OWASP top 10 test cases.
Skills & Expertise (32)
Work Experience
Security Analyst
Axis Bank
Present - Present
Conducted web application penetration testing on business applications. Perform infrastructure security assessments by analyzing the networks, enumeration of services on hosts and identify vulnerabilities. Exploitation of identified vulnerabilities in network hosts by using existing exploits or manual methodologies. Manual web application penetration testing using Burp Suite. Using web application vulnerability scanners like Webinspect and Fortify to perform automated testing. Proficient in identifying application-level vulnerabilities like XSS, SQL Injection, CSRF, IDOR, Authentication & Authorization bypass and Cryptographic flaws etc. False positives removal by analyzing the results from automated scanners. Reporting the vulnerabilities with evidence, business impact and remediation steps. Responsible for timely delivery of status updates and final reports to clients. Work closely with developers and network/system administrators while fixing the findings. Vulnerability management by keeping track of reported issues and ensure fixing. Performed Threat Modelling of the applications in coordination with development teams. Used Nessus and Nmap to perform network wide security assessments. Provided details of the issues identified and the remediation plan to the stakeholders. Using standards like CVSS (Common Vulnerability Scoring System) to provide the severity (Critical, High, Medium, Low) rating to the vulnerabilities identified.
Security Analyst
ICICI Life Insurance
Present - Present
Responsible for Secure SDLC process for application security assessment activities. Ensure applications follow Secure SDLC phases and all security requirements are implemented before each release. Perform penetration testing for all online digital web applications. Responsible for identifying security gaps and vulnerabilities through various tools and techniques. Evaluate applications against OWASP Web Top 10 and other industry standards. Perform mandatory security checks based on Input Validation, Development Environment, Authentication, Authorization, Configuration Management, Sensitive Data Exposure, Availability Management and Session Management etc. Perform expert advice and guidance to internal teams on risk assessment, testing and in fixing vulnerabilities. Validating the findings reported by external teams, third party org and other security groups and investigating security incidents with incident response teams.
Security Analyst
KPMG
Apr 2021 - Present
Working as security Analyst in KPMG.
Education
B Tech - MLRITM College of Engineering
- 2018 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Relocation
Depends on Offer