• Vulnerability assessment on the web applications, networks, servers OS and database serversOWASP top 10 Issues identification like SQLi, CSRF, XSS Manipulation, file, upload vulnerability, sessionhijacking, Cross-Site Scripting• Reviewed polices and act like a Subject Matter Expert on best practice. Verified SSL authentication forsecure applications development on Web Servers•Performed dynamic and static analysis of web application using IBM AppScan. Analyze systems forpotential vulnerabilities that may result from improper system configuration, hardware of software flaws,or operational• Installing security firewalls, Web application firewalls• Port scan servers using NMAP and close all the unnecessary ports to reduce the attacks surface• Perform an investigation to determine validity of files, links, domains, and emails by using OSINT toolssuch as VirusTotal, MX Toolbox, urlscan, Email Header Analyzer and AnyRun• Programming exploits in python, pearl and powershell to automate the process• Vulnerability assessment and penetration testing on cloud based infrastructure• Conducted white/grey box penetration testing on the financial systems using Kali Linux, Cobalt Strike• Led identification, development, implementation, and maintenance of security requirements for entireorganization• Working with the team to manage IAM identity and access management, IDS/IPS, network security using and web application firewalls.

• Internal penetration testing on web applications, Network and operating systems with in the organization using Metasploit, OpenVas, Nmap• Monitored SIEM and IDS/IPS feed to identify possible enterprise threats. Investigate and triage threats to determine nature of incident• Forwarded findings to Cyber Forensics Investigate or Security Incident response teams(s) to furtherinvestigate and remediate findings• Collaborated with fellow analyst and leadership to develop and streamline operational guidelines• Perform analytical support of security incident calls across the enterprise• Helped to research open-source intelligence feeds for current and emerging threat information• Vulnerability Management - collaborated with other team members• Risk Assessment Support - Supported routine and ad hoc audits• Reporting, Metrics, Deliverable - Provided concise and professional deliverables for architecting andimplementing Enterprise-Level logging and security event information management solution• Design alerting, communications, workflows and training to other IT users• Assist in engineering integration to other key security systems• Worked on IBM Guardium tool & reduced intentional intrusion/detection by 20% through reporting

• Served as the primary responder for managed security incidents pertaining in-unit firewalls and allnetwork infrastructure componentTroubleshoot and researched security incidents using SIEM applications, McAfee Enterprise Security• Manager , McAfee Endpoint protections, IBM Qradar Security Intelligence Platform and HP ArcSight• Conducted network penetration tests, application assessment scans, and risk assessmentsEvent analysis and correlation using multiple log sources including Windows/ Linux/ Cisco ASA systemsand SIEM solutions• Investigating root cause analysis and remediation technique for clients in regards to security incidentsand governance documents• Collaborate with team members in tunning SIEMS applications in an effort to establish a baseline fornetwork activity and rule out false positive events