• Conduct black box penetration testing on internet and intranet-facing applications.• Conduct Vulnerability Assessment and Security Testing (VAST).• Identify and prioritize vulnerabilities based on OWASP Top 10.• Assess web applications for vulnerabilities in authentication, authorization, and input data validation.• Utilize tools such as Burp Suite and HP Web Inspect for vulnerability assessment.• Collaborate with development teams to remediate reported vulnerabilities.• Employ Kali Linux and tools like Dirbuster, Nikto, NMap, and IBM App Scan for web application assessment.• Craft and execute payloads for XSS and other attacks.• Identify and address issues related to session management, input validation, output encoding, logging, exceptions, cookie attributes, encryption, and privilege escalation.• Conduct static application security testing, dynamic application security testing, and manual penetration testing.• Provide stakeholders with detailed issue reports and remediation plans.• Verify and enhance existing security controls.• Collaborate on cross-team technical issues and contribute to the knowledge base.

• Utilized Tenable security for authenticated scans and diagnostic scans on servers.• Pulled reports from BitSight for customer presentations.• Managed reports from RedSeal to identify vulnerable servers in the DMZ.• Conducted continuous scans for new CVEs and assessed our environment using Tenable and Tanium scanners.• Utilized Tanium for vulnerability assessments on servers and workstations.• Prepared zero-day vulnerability templates and informed customers of urgent vulnerabilities

• Conducted security research, analysis, and design for client computing systems and network infrastructure.• Performed security assessments on online applications, focusing on input validation, authentication, authorization, auditing, and logging.• Conducted Vulnerability Assessments using Paros Proxy, Burp Suite, Web Scarab, HP Web Inspect, and Qualys.• Collaborated with development teams to remediate reported vulnerabilities.• Conducted security testing of APIs using SOAP UI and addressed OWASP Mobile Top Ten vulnerabilities.• Utilized Kali Linux with tools like Dirbuster, Nikto, NMap for web application assessments.• Conducted security code reviews using static analysis tools like HP Fortify and IBM Source Edition.• Assisted in the remediation of security issues.• Provided training to development teams on common vulnerabilities and code review best practices.• Ensured secure software development lifecycle (SDLC).• Conducted manual (DAST) security testing against OWASP's top 10 standards.