Associate - Projects
Cognizant Technology Solutions
Total years of experience :3 years, 10 Months
Application Security Analyst with 3.8 Years of experience in information security with the aim of helping the clients to reduce the “Attack Surface” of a web application.
Strong experience in conducting VAPT and Strong knowledge on OWASP, SANS, WASC standards and Methodologies (Web/Mobile).
Enhancing the Quality of an application in terms of SECURITY by performing Dynamic Application Security Testing (DAST) for the web applications which includes Test Planning, Test Execution, Vulnerability Reporting, and Remediation Support.
Performing Source Code Review using automated scanner (Checkmarx) to minimize the risk of an application at Development phase. • Analyzing the automated scanner’s report to avoid “False Positive” Vulnerabilities.
Providing on demand support for walkthrough and Remediation support for the reported vulnerability findings.
Verifying the Compliance like PCI-DSS based on the sensitive data being used in that particular application.
Coordinating with project stakeholders during the Delivery phase to smoother & successful completion of project deliverables as per the schedule.
Having hands-on experience in Automated Source Code Review (SAST), Mobile (Android) Security and Network Vulnerability Assessment using Qualys.
Exploring/Referring CVE database for latest threats and vulnerabilities and sharing it to development team for secure configuration of web application
Providing guidance on secure development using OWASP ASVS checklist to development team.
Identifying scope of the application in security perspective
Publishing security test plan
Designing test cases based on the OWASP Guidelines 2013 and application scope
Conducting peer review for the security test cases
Identifying testing tools for performing vulnerability assessment and penetration testing
Conducting in Vulnerability Assessment and executing the test cases
Reporting which include identified vulnerabilities based on severity level with mitigation to avoid future attacks
Verification of identified vulnerabilities to avoid false positives
Performing server hardening audit for security compliance
B.E(EEE)
Higher Secondary Education
SSLC - Secondary School Leaving Certificate