OBJECTIVE

Seeking a competitive environment to utilize my professional

knowledge/skills company where I have opportunities to utilize my
experience in Project management, Hadoop Big data,Hive,Security
assessment of Cloud,Database/Mobile Client/Server, Enterprise
Applications and Web applications.
PROFESSIONAL SUMMARY

 Expertise in Project Planning, Effort estimates, Proof of Concept (POC) and

Resource management.

 Proficient in risk management life cycle (Threat Model) and agile

methodologies.

 Experience in Cloud, Database,Web, Network, Mobile and SCADA security

applications Assessment, Secure Source code review.

 Expertise in using Security tools like HP Web inspects, IBM APP Scan, ESM,
Nessus, GFI LAN Guard and good understanding of reverse engineering
applications (IDAPro).

 Good implementation understanding of IDM products like Site Minder, Citrix

IDM and access control and also SSO implementation.

 Knowledge in the ISO, PCI and other security standards and ITGRC
compliance methodologies.

 Experience in Agiliance ITGRC tools multitenant and single tenant of Sas

applications and also Symantec ESM IT GRC tool Security standards and work
flow execution

 ISO 27001 LA, involved in implementation and internal auditing.

 Good understanding of Hive, CassandraDb,Hbase.

 Big data hadoop, Map Reduced Architecture and Hadoop Administration.

 Experience in Virtualization VMware products ESX server, VC, VI,Memory

hardening Experience in testing on Single Sin On,Linux, Radius, Samba, AIX,
Solaris and A.D.

 Experience Training internally and conducted external trainings managing

team and actively involved in team motivation in carrier planning and
reaching the targets.
  Good interpersonal skills and effective team member with self-motivating
skills.

EDUCATION

B.E (ECE) Amravati University

PGDBM(QualityManagement,ProjectManagement),Central University,Hyderabad)
EXPERIENCE DETAILS

Cognizant technologies Pvt Ltd

Agiliance India Pvt ltd
Apere(Citrix) India Pvt Ltd
COE Security Pvt Ltd
Security certifications

 CEH: Certified Ethical Hacker

 CHFI: Computer Hacking Forensic Investigator
 ECSA: Eccouncil certified security analyst
 IBM Rational AppScan Standard Edit
 Certified ISO 27001:2005 Lead Auditor.
 Got Trained from ISCA on Auditing (CISA).

SKILL SET

 Operating Systems: Android,Ios,Linux,Solaris,AIX,Windows

 Security Testing Tools:– IBM Appscan, HP Fortify, HP Web inspect, Network
Mapper (nmap),Nessus Vulnerability Scanner, Retina Network Security
Scanner,Testing and Performance Tools: - Load runner, PC, Site scope,
VMstat Analyzer, Selenium.
 Languages: -C, Java (Basics)
 Web Technologies: - HTML, Web services, XML, Bigdata Hadoop.
 Virtualization Tools and servers: - ESX servers 2.x, 3.x, VMware, VC, VIC.
 Bug tracking tools:-Bugzilla, QATrac
 IT GRC Tools : Agiliance, ESM
 SERVERS Database: Mysql,Atrium DB,Samba,A.D
Operating System
Achievements and awards

 Implemented and rolled out new services offering like mobile security
 Effect of Mobile Microwaves- Inter National Level - Isamap2K4-I.I.T
,Kharagpur
 Wirelesslan&its security process- State Level ,Technoxtreme-Yavatmal
 Mobile Communications- National Level - Computest-Spandan-Nagpur’
 Neurological Abnormalities Associated with Mobile Microwaves- National Level
- Esoterica-2004-Punjab University
Project Profile

Major Banking client May 2013 – till date

 Performed Web/Mobile Application Security /Penetration Testing in accordance

with OWASP standards and SANS guidelines, using manual techniques and
Analysis tools and also helping internal project security audits.
 Recommend Best Practices for securing the mobile and web Application.
 Communicating and coordinating day-to-day project activities within the project
team and assure that priorities are developed and known.
 Provide assistance to IT staff and provide all security specifications for all vendor
products and evaluate all requests for security architecture.
 Assess all risk and evaluate all impact for technology changes in processes and
maintain knowledge of all security systems and deploy all required infrastructure.
 Manage all repeated threats to all systems and perform vulnerability tests.
 Evaluate all system and recommend all application patches and suggest
appropriate security products and perform regular audit on systems and ensure
compliance to all standards and policies.

Major credit card Provider Jan 2013 – May 2013

 Threat model implementation in QA process and helping the testing team to

understand the security process in agile model.
 Performed mobile Web Application Security /Penetration Testing in accordance
with OWASP standards and SANS guidelines, using manual techniques and
Analysis tools.
 Involved in understanding the business requirements and applications flow and
also support in RFP and POC’s.
 ISO 27001 LA, involved in implementation and internal auditing.
 Defining and monitoring ITGRC policies and procedures to get complained to the
Bank standards.
 Communicating and coordinating day-to-day project activities within the project
team and assure that priorities are developed and known.
 Manage all repeated threats to all systems and perform vulnerability tests.
 Evaluate all system and recommend all application patches and suggest
appropriate security products and perform regular audit on systems and ensure
compliance to all standards and policies.
 Managed projects including accountability for project plan, scope, cost, work
schedule and contractual deliverables.
 Managing the relationship with the client, stakeholders, IT&S support
organizations, and 3rd party suppliers.
 Recommend Best Practices for securing the Application.
 Provide assistance to IT staff and provide all security specifications for all vendor
products and evaluate all requests for security architecture.
 Manage all communication with all internal and external auditors and implement
all security services.

Client : Major Banking Group Aug 2012 – Jan 2013

 Involved in understanding the business requirements and applications flow and
also support in RFP and POC’s.
 Managed projects including accountability for project plan, scope, cost, work
schedule and contractual deliverables.
 Managing the relationship with the client, stakeholders, IT&S support
organizations, and 3rd party suppliers.
 Performed Web Application Security /Penetration Testing in accordance with
OWASP standards and SANS guidelines, using manual techniques and Analysis
tools.
 Recommend Best Practices for securing the Application.
 Defining and monitoring ITGRC policies and procedures to get complained to the
Bank standards.
 ISO 27001 LA,involved in implementation and internal auditing.
 Communicating and coordinating day-to-day project activities within the project
team and assure that priorities are developed and known.
 Provide assistance to IT staff and provide all security specifications for all vendor
products and evaluate all requests for security architecture.
 Assess all risk and evaluate all impact for technology changes in processes and
maintain knowledge of all security systems and deploy all required infrastructure.
 Manage all repeated threats to all systems and perform vulnerability tests.
 Evaluate all system and recommend all application patches and suggest
appropriate security products and perform regular audit on systems and ensure
compliance to all standards and policies.
 Manage all communication with all internal and external auditors and implement
all security services.

Client : Health Care Provider Feb 2012 – Jul 2012

 Involved all the projects at all stages to help in the security related issues and
solutions.
 Involved in the network security and also web application security scanning and
Analysis in the R&D IT department in the client side.
 Involved in understanding the business requirements and applications flow and
also support in RFP and POC’s.
 Involved in preparation of Security Project Plan and cost and man power
Estimations.
 Performed Web Application Security /Penetration Testing in accordance with
mobile OWASP standards and WADS guidelines, using manual techniques and
open source tools.
 Recommend Best Practices for securing the Applications and also servers to be
compline with client security base line.

Client : Internal Projects Oct 2011 – Jan 2012

 Took leadership in new mobile service offerings by doing RND.
 Involved in the training business and management team on the Mobile services
and its scope Analysis.
 Involved in analysis of different mobile OS architectures and also mobiles
simulators.
 Involved in the Security activities planning, Assessment tools – Mobile OS like
Android, phone, Deliverables Assessment phase and also involved in Execution of
Proof-of-concept, Creating Engineering Strategy and Approach. Involved in
analyzing the application according to the mobile security standards. Participated
in Management Reviews and Teleconferences.
Client : Major Audio supplier July 2011 – Sep 2011
 Mentoring the team and co coordinating with the team. Involved in the reviewing
the security reports prepared by the team.
 Involved in preparation of Security Test Plan
 Test scenarios and Estimations of the project.
 Participated in Management Reviews and Teleconferences.

Client : Major Insurance firm Apr 2011 – Jun 2011

 Involved in understanding the business requirements and applications flow
and also support in RFP and POC’s.
 Involved in preparation of Security Test Plan and Estimations.
 Performed Web Application Security / Penetration Testing in accordance with
OWASP standards and guidelines, using manual techniques and open source
tools.
 Generating different levels of reports as per the requirements and Regression
Testing.
 Recommend Best Practices for securing the Application.
 Participated in Management Reviews and developers demos to understand the
high level Architecture.

Client : Major Insurance firm Jan 2011 – Mar 2011

 Maintain efficient security architecture and prepare drafts of all security
procedures and protocols to ensure effective administration.
 Analyze all system security audit reports and manage all system emergencies
and counter all security hazards.
 Prepare reports for all monthly metrics and perform audits on reports and
manage all security questionnaires for all vendors and provide education for
all security programs.
 Monitor all security processes and recommend all risk mitigation processes
 Perform regular vulnerability scans on security systems and coordinate with
development team to ensure achievement of all business objectives and
recommend appropriate hardware and software for all security products.

Client : Major Insurance firm Oct 2010 – Dec 2010

 Managed security team and mentored them all over the project.
 Involved in the client discussion and developers discussion to understand the
Architecture of the application
 Involved in preparing the matrix in the cost estimation and also resource
allocation.
 Involved in understanding the business requirements and applications flow
and also support in RFP and POC’s.
 Involved Preparation of Security Test Plan and Estimations.
 Helped the team to understand the security concepts and the approach.
 Involved in the helping the development team in the security areas.

Client : Major Heath care client Aug 2010-Sep 2010

 Performed Web Application Security / Penetration Testing in accordance with

OWASP standards and SANS guidelines, using manual techniques and open
source tools.
 Generating different levels of reports as per the requirements and Regression
Testing.
  Recommend Best Practices for securing the Application to the development
team.
 Participated in Management Reviews and Teleconferences.
 Involved in understanding the business requirements and applications flow
and involved POC’s.
 Involved Preparation of Security Test Plan and Estimations.

Client : Major publishing provider May 2010-Jul 2010

 Understanding the business requirements and applications flow.Preparation of
Security Test Plan and Estimation.
 Performed Web Application Security / Penetration Analysis in accordance with
OWASP standards and guidelines, using manual techniques and open source
tools.Recommend Best Practices for securing the Application.
 Participate in Management Reviews and Teleconferences.

Client: Major Virtualization Product Provider Feb 2010-Apr 2010

 Analysis on the migrated VMs and also memory Harding.
 Running the Nessus scan on the target ESX server.
 Understanding the business requirements and applications flow.
 Performed Web Application Security / Penetration Testing in accordance with
OWASP standards and guidelines, using manual techniques and open source
tools.
 Security Analysis on the migrated VMs and also memory Harding.
 Helping the development in understanding the security report and security
recommendations.

Client: Major GRC Product Provider May 2008-Jan2010

Project Title: - Agiliance IT-GRC

 Involved in the product enhancements and ITGRC work flows.
 Involved in the creating the ITGRC policies for various standards like
NIST,PCI,CSI bench marks for different OS like Linux,windows,AIX,Solaris.
 Understanding the business requirements and applications flow.
 Preparation of Security Test Plan and Estimation. Performed Web Application
Security / Penetration Analysis in accordance with OWASP standards and
SANS guidelines, using manual techniques and open source tools.

Client: Major IDM Product Provider Dec 2006-Apr 2008

 Involved in understanding the business requirements and applications flow.

 Involved in the Imprevata SSO and also Google APIS integration with
product.
 Performed Web Application Security / Penetration Testing in accordance with
OWASP standards and guidelines, using manual techniques and open source
tools.Product security testing, Web Application security Analysis and Netwrok
Security Analysis .
 Security Analysis on the migrated VMs and also memory Harding.
 Running the Nessus scan on the target IMAG to understand the security
vulnerabilities and standards.
 IMAG-AD Virtualization that provides a virtualization layer for active directory
to enable the segregation of duties for administrators and provide self service
portal with workflow for end users.
  Worked on the self-service password reset and audit trail for various
enterprise applications and IT infrastructure devices, as well as PCI
compliance mandate periodic password resets for users and administrators
with access to data;
 Involved in the Analysis of the IMAG that enables organizations to implement
an identity management solution; and IMAG–RCA, a rapid connector platform
that provides agent less and non-API based connectivity to AD, non-AD, Web
enabled, client/server, and custom/legacy applications, as well as network
devices.
 Installation and creating the test environment for own network work flows to
replication the client environment for deploying the product.
 Involved in with sales team in client presentation and POC.

Client : Major Banking Group Apr 2005 –Nov 2006

 Product security testing, Web Application security Analysis and Network
Security testing.
 Played a key role in training and presentation on the new security tools.
 Creating the security test scenarios and best practices.
 Understanding the business requirements and applications flow.
 Performed Web Application Security / Penetration Testing in accordance with
OWASP Top 10 standards and guidelines, using manual techniques and open
source tools.
Note: - Projects were not mentioned due to severe non-disclosure agreement with
clients. The above details are only indicative and not comprehensive. There are a
number of smaller projects of similar nature. Client references where permitted have
been given, in other projects, specific client details have not been mentioned to
maintain high confidentiality.