Shoeb - Cyber Security Engineer |
[email protected] |
Location: Irving, Texas, USA |
Relocation: yes |
Visa: GC |
+1 (469)-988-5899
[email protected] Cyber Security Engineer SUMMARY Over 8 Years of professional IT Experience in Security Engineer particularly focused on performing technical activities such as Code review, Vulnerability Analysis, Penetration testing, Secure Application Testing based on OWASP. Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, Fiddler, ZAP Proxy, SQL map, HP Web Inspect and IBM AppScan, HP fortify, to determine the security of web application developed in different platforms like .NET, Java, AJAX, PHP and many others. Experience integrating security into CI/CD pipelines to ensure secure software delivery. In-depth understanding of DevSecOps principles and practices. Skilled in conducting vulnerability assessments and providing remediation guidance. Identifying and exploiting network level vulnerabilities on open ports like SSH vulnerabilities, SSL certificate related vulnerabilities, RDP, FTP, SMTP, and SNMP Vulnerabilities etc., Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, Sqlmap, OWASP ZAP Proxy, HP Fortify and Veracode. Experienced in security testing and penetration tools that includes Burp, Kali Linux, Metasploit, Nmap, Wireshark, and Red / Blue team assessment experience. Experience with static, dynamic, and interactive application security testing platforms. (SAST/DAST/IAST) Experience working on monitoring tools using Rapid 7 Nexpose to scan the network for security threats and vulnerabilities. Experience in Vulnerability Management using tools like Qualys. Good understanding of Qualys Policy Compliance module, policy creation, troubleshooting control failures and errors Remediation lead to drive both VM and Policy compliance Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, Fiddler, ZAP Proxy, SQL map, HP Web Inspect and IBM AppScan, HP fortify, Experienced in Static Analysis Security Testing (SAST) using CHECKMARX and Dynamic Analysis Security Testing (DAST) using Burp Suite and Acunetix. Experience in different web application security testing tools like Accunetix, Metasploit, Burp Suite, Sqlmap, OWASP ZAP Proxy, Nmap and HP Fortify. Used a variety of IAST/RASP scanning, penetration testing, and performance & quality tools to eliminate vulnerabilities and to achieve sector security governance, risk management, & compliance (GRC). Hands on experience of risk assessment, change management, incident management, third party risk assessment, and access control methods. Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging. Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, including scripting and editing existing code. Experience in analyzing Security logs generated by Intrusion Detection/Prevention Systems, firewalls, network flow system, and Anti-virus. Skilled & technically proficient with multiple firewall solutions, network security, and information security practices. Configuration and maintenance of SIM/SIEMS tools - QRadar, Splunk & ArcSight. EDUCATION Bachelor s degree in computer science engineering from Osmania University TECHNICAL SKILLS Security Tools Web-Based Application Vulnerabilities (OWASP Top 10), Vulnerability Research, Application Security, Code Maintenance & Review, Azure Active Directory Reconnaissance, SIEM Tools Azure Services Azure AppInsight, Azure DevOps, Azure Monitor, CosmosDB, Key-vault, Security center, VM etc. AWS Services AWS CloudFormation, Code pipelines, RDS, VPC, EC2, Cloudwatch, CloudTrail, S3, EBS, IAM etc. Monitoring Tools Splunk, AWS Cloudwatch, Azure Monitor Version Control Git, GitHub, Bitbucket, SVN, TFS Build/Automation Puppet, Jenkins, Maven, Ansible, Chef, Ant Bug Tracking JIRA, ITSM and ServiceNow Scripting Bash, Shell, Ruby, PowerShell, Python, Perl, YAML Databases MySQL, SQL Server, MongoDB, PostgreSQL Web/App Server Apache, IIS, TFS, Tomcat, Web/Programming XML, HTML, Javascript, Java, Python, Shell, Ruby, YAML Operating Systems RHEL/CentOS 5.x/6.x/7.x, Ubuntu/Debian/Fedora, Sun Solaris, Windows PROFESSIONAL EXPERIENCE Abbott Labs, Minneapolis, MN Jan 2023 Present Cyber Security Engineer Conducted Dynamic and Static Application Security Testing (SAST & DAST). Conducted thorough security assessments to identify vulnerabilities in accordance with OWASP Top 10, SANS Top 25, and other industry standards. Monitored and analyzed the National Vulnerability Database (NVD) and promptly applied security patches to address emerging threats. Utilized the Common Vulnerability Scoring System (CVSS) to prioritize and assess the severity of vulnerabilities. Maintained an up-to-date inventory of Common Vulnerabilities and Exposures (CVE) and implemented appropriate solutions. Conduct comprehensive API security scans to identify vulnerabilities and potential threats. Performed pen testing of both internal and external networks. The pen testing scope included O/S (Windows and Linux) and external facing web apps and database servers that store customer confidential information. Conduct network Vulnerability Assessments using tools to evaluate attack vectors, identify System Vulnerabilities and develop remediation plans and Security Procedures. Developed threat modeling framework (STRIDE, DREAD) for critical applications to identify Potential threats during the design phase of applications. Implemented and managed CI/CD pipelines using Jenkins, automating the build, test, and deployment processes for multiple projects. Integrated GitHub Actions into the development workflow, enabling automated testing and deployment directly from GitHub repositories. Configured and maintained Artifactory and Nexus repositories for efficient artifact management, ensuring version control and traceability. Conducted Web Application Vulnerability Assessment and Threat Modelling, Gap Analysis, secure code reviews on the applications. Orchestrated containerized applications using Docker, and managed container orchestration with Kubernetes for scalable and reliable deployments. Automated infrastructure provisioning and configuration using Ansible and Terraform, reducing manual intervention and ensuring consistency across environments. Skilled using tools like Automatic Scanner, NMAP, Dirbuster, Qualysguard, Nessus, HP Fortify, HP Webinspect, IBM Appscan for web application penetration tests and infrastructure testing. Conducted vulnerability assessment, Blue team vulnerability employing and intrusion assessments, cyber security inspections and Red Team operations employing internal and external capabilities to provide a systemic view of enclave and IS technical and traditional security posture. Responsible in web application vulnerabilities (OWASP TOP 10, SANS, NIST) to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation. Performed penetration testing on CVS infrastructure and vulnerability assessment of application and database servers. Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests. Involved in all the projects at all stages to help in the security related issues and solutions. Develop test cases to test web applications according to OWASP and mapped every test case to NIST control. Worked closely with DevOps and CI/CD teams to integrate security seamlessly into the development pipeline, ensuring a secure and compliant software delivery lifecycle. Conducted regular vulnerability assessments and provided remediation guidance to address security vulnerabilities promptly. Responsible for implementing monitoring solutions in Ansible, Terraform, Docker, and Jenkins. Worked in collaboration with both networking and security teams and participated in security assessment of web applications, systems and networks. Work (Nexpose) to setup, schedule and documentation of a Vulnerability scanning cycle. Manages a team of Security Analysts and Engineers in supporting security authorization efforts in vulnerability detection, mitigation, and eradication. Implement known security methodologies and standards such as OWASP etc. Performed risk assessments on the vulnerabilities found during the test. Evaluates and coordinates the identification of cyber threats, vulnerabilities, and risks to the HRSA IT Enterprise. Conducted Blue Team assessments to identify vulnerabilities in client networks. Manage incident and threat capabilities in support of security operation efforts. US Bank, Minneapolis, MN Feb 2021 Dec 2022 Cyber Security Engineer In-depth internal and external network penetration tests. Conduct network/host penetration tests and web application penetration tests. Performed Network scanning using tools Nessus and Nmap and generated reports. Participates in Blue Team Incident Response team, coordinate with Cyber Security Incident Responder Use threat modelling and attack frameworks to develop advanced detection mechanisms for a variety of security tools and technologies to identify, detect and respond to malicious activity. Familiar with the TTP playbook for Incident Response, adhering to the MITRE Industrial Control Systems attack matrix. Network Monitoring and security scanning utilizing Nessus Vulnerability scanning. Performed penetration testing on infrastructure and vulnerability assessment of application and database servers. Working with the Red team to do application testing, Web application testing etc. Instruct cyber red and blue team curriculum, facilitate Security Operations Center exercise and playbook. Implemented security controls in accordance to NIST, CIS Benchmarks, ISO 27001 Frameworks. Conducted system security assessments based on FISMA, NIST and PCI DSS Compliance. Worked on OWASP top 10, SANS 25 and Common Vulnerabilities and Exposures (CVE) identifying, reporting and help developers in remediating the issues. Conducting Web Application Vulnerability Assessment, Threat Modeling and secure code reviews on the applications. Responsible for deploying various network security & High Availability in Checkpoint Firewall. Efficiently performed web application, vulnerability assessment using Burp Suite, HP Web Inspect, Nexpose and IBM AppScan. Perform manual security testing for OWASP Top 10 vulnerabilities like SQL Injection attacks, cross site scripting (XSS), CSRF, and Session Management etc. Using Qualys Vulnerability Management tool to aid in manual pen-testing in red teaming work. Security assessment of online web applications to identify the vulnerabilities in distinct categories like Input and data Validation, Authentication, Authorization and risk assessment. Experience in using Kali Linux performing web application assessment to identify, validate and exploit vulnerabilities using tools like Metasploit, DirBuster, OpenVAS, Nikto, SoapUI and Nmap. Create develop and test environments of different applications by provisioning Kubernetes clusters on AWS using Docker, Ansible, and Terraform Experience working with SQLmap, an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. Identifying the risk level (critical, High, Medium, Low) and prioritizing vulnerabilities found in web applications based on OWASP Top 10, SANS 25 and GSEC. Performed static code reviews with the help of automation tools. Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation's, prioritizing the issues found. STRIDE assessment of the applications during the design phase, identifying the threats possible and providing security requirements. Provide software security support related to Fortify, HP Web inspect and remediation guidance to development teams. Identifying vulnerabilities and threats based on client's security policy and regulatory requirements such as PCI, PII, HIPAA, and SOX. Performed penetration testing and vulnerability management over the enterprise systems to audit the standards to comply with NIST and ISO 2700x standards. Vulnerability Management by scanning, mapping, and identifying possible security holes using Qualys Guard and Nessus scanner. Management lead and engineer for internal Blue Team Vulnerability Assessment efforts for VAAM and PT SiriusXM Irving, Texas Oct 2018 Jan 2020 Security Engineer Expertise with a wide range of tools to include Vulnerability Manger, Rapid 7 Nexpose, Nessus, Tripwire, Qualys, and Kali Linux. Conducted regular security assessments and audits, identifying, and addressing potential vulnerabilities in systems and applications. Managed security risk oversight, ensuring compliance with industry standards and regulations. Conducted regular reviews of security controls and implemented necessary adjustments. Utilized NIST/NVD and CVSS to assess the severity of vulnerabilities and prioritize remediation efforts. Worked closely with teams from various departments to create and deploy automated security solutions, fostering a forward-thinking strategy for identifying and addressing potential threats. Perform in-depth analysis of API security logs and incidents, ensuring timely detection and response to potential breaches. Recognized by leadership for overseeing a Vulnerability Analysis and Penetration Testing (VAPT) project for SAP servers; led a junior security analyst; mitigated security risk by discovering and closing unnecessary ports and services; exposed vulnerabilities. Contributed towards a penetrating testing project for the Digital Team Web Application by documenting vulnerabilities; collaborated with a 2-member project team. Performed black, grey, and white box testing on Windows and Linux servers. Executed company-wide vulnerability analyses; leveraged Nessus to scan all network devices, including Firewall switches as well as Windows and Linux servers; reported security risks to network administrators and followed up for vulnerability patching. Contributed to crafting and executing CI/CD pipelines with Bamboo to ensure seamless integration and continuous delivery. Engaged in version control and collaborative coding practices through Bitbucket within the Atlassian Suite. Played a role in deploying and overseeing applications within containerized environments, leveraging Docker and Kubernetes for efficient management. Created triggers using PL / SQL and UNIX Shell scripts. Developed custom Dashboards for client leadership, including executive leadership for displaying useful DLP & security event metrics, Threat Protection summary and other key risk insights. Implemented API and Cloud Exchange integrations with SIEM solutions and CrowdStrike EDR for monitoring security events, and bidirectional sharing of IoCs for advanced threat protection. Successfully performed several insider threat investigations through DLP and SIEM tools, conducted interviews and authored threat investigation reports for escalations. Conducting third-party information security assessments; managing third-party information security assessment contractors; implementing and systems administration of Process Unity GRC tool. Configure MCAS (Aka Defender for Cloud Apps) - configure policy and create playbooks for detection and alerts. Consolidating analysis of suspicious Splunk data security event logs (Windows Defender and Audit Events). Implemented Cloud Access Security Broker (CASB) into environment. Walgreens - Chicago, IL Dec 2017 Sep 2018 Cyber Security Engineer Ensure the SOC analyst team is providing excellent customer service and support. Identification: The incident was initially detected through [e.g., Intrusion Detection System, Security Information and Event Management (SIEM) tool, etc.] alerting our SOC team. Investigate security incidents and threats using CrowdStrike and Splunk as a SIEM tool. Daily CrowdStrike tasks include Assess alerts that are displayed within the CrowdStrike console. Security Agent Endpoint testing of CrowdStrike SaaS, SentinelOneSaas, and ForcePoint DLP on Windows and Mac systems. Conducts Threat Hunting using CrowdStrike. Utilized CrowdStrike Falcon and Sentinel One EDR solutions to perform triage analysis with the goal of detecting and responding to incidents on computer workstations and other Endpoints. Acted as a bridge between offensive (Red) and defensive (blue) security teams to optimize strategies. Responsibilities include supporting 24/7 SOC environment. Oversee the daily operation in a SOC and responsible for managing Tier1 and Tier 2 Security analysts on my shift. Delegate duties SOC Analyst (Tier 1 & 2) and manage escalation. Security Analyst, experienced in Penetration Testing/Red Team, Incident Response, Information Security, Network Security, Vulnerability Assessments, and Systems Engineering. Continually learning and completed several Industry. Conduct threat hunting within the environment to identify anomalous and potentially malicious activity. Operate in a 24/7/O365 CSIRT SOC that monitors and responds to Cyber & Information Security incidents. Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts, reports and dashboards. Azure Security Centre monitoring to address threats and resolve security vulnerabilities. Enhanced Conventional incident response methods and Security Operations by employing and combining Intrusion Prevention, Cyber kill chain model analysis, and Cyber Threat Analysis. Configured and Monitored Azure Sentinel (SIEM - Security Information and event management tool) Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm. Compliance standards and frameworks such as PCI, NIST 800-53, and Privacy standards and frameworks such as Generally Accepted Privacy Principles (GAPP) Deploy, support and manage Tenable (Nessus, Container Security Centre). Conduct periodic DLP tuning sessions to adapt to evolving data patterns and potential threats. Customizing DLP rules based on specific business requirements is a key aspect of effective tuning. Implemented and troubleshoot Zscaler cloud-based proxy solution for web content filtering, DLP tools. Implement, configure, and maintain security solutions, DLP, antivirus, vulnerability scanners, IPS/IDS, web filters, VPN, SIEM, SOAR, etc. Perform daily security systems monitoring, verifying the integrity and availability of all systems and key processes. SDR Infotech Hyderabad, India Jan 2016 Nov 2017 Cyber Security Engineer Use threat intelligence and models to create hypotheses. Hands-on experience in developing Threat models, security controls, threat analysis, and creation of Vulnerability control matrices and corresponding mitigation strategies. Responsibility in Threat Intel & Hunting. Reviewed and approved security vulnerability acceptance requests, ensuring alignment with established security standards and policies. Monitored and enforced adherence to vulnerability remediation Service Level Agreements (SLAs). Conducted regular threat assessments and contributed to the development of comprehensive remediation strategies. Ensured compliance with industry regulations and internal security guidelines. Using the following tools and technologies such as: Cyber Security Technology, Threat Modeling & Intel, Cyber Security Ethical Issues, Wireless and Mobile Security, Splunk (ES & ITSI), Evident.io, AirWatch, AlienVault, CrowdStrike falcon. Created a TTP (Tactics Techniques and Procedure) playbook for Incident Response adhering to the MITRE ICS attack matrix. Performed Gap Analysis for MITRE Attack evaluation for transferability to ICS environment. Hands on experience performing security assessment with SAST and DAST using tools like HP Fortify, HP Web Inspect and IBM AppScan. Performed Vulnerability Assessments using - Kali Linux / Metasploit / Burp Suite / Paros / SQLmap and many open-source tools. Maintains network performance by performing network monitoring and analysis, performance tuning, troubleshooting network problems. Skilled using Burp Suite, Acunetix Automatic Scanner, MAP, Dir-Buster, HP Fortify, Qualys-guard, Working with red team in SOC to apply security awareness to Cyber Kill Chain management as well as using moving target defense approach. Responsible for Source code analysis of multiple teams using Checkmarx and updating the triaged report findings to developers. Established and managed continuous integration and continuous delivery (CI/CD) pipelines across various projects, employing cutting-edge tools like Jenkins GitHub Actions, Artifactory, Docker, Ansible, Nexus, Kubernetes and Terraform. Initiated/run DAST, SAST scans (Fortify, Checkmarx). Identify and remediate application security vulnerabilities (OWASP top 10) using Dynamic analysis (DAST), static analysis (SAST) tools such as IBM Appscan, Checkmarx. Performed dynamic analysis (DAST) and static code reviews ( SAST)with Veracode, extracted reports and opened tickets to track the development efforts using JIRA, and meet with development teams as required and remediate. Used Sqlmap and Nmap for VAPT, and prepared reports for audit according to OWASP with all issues and their mitigation. Experienced on Firewalls Cisco ASA, SonicWall, Palo Alto Networks, Sourcefire, Checkpoint, Juniper Networks, Arista, Huawei, Peplink, and ADTRAN.Tested authentication in OSPF and BGP. Proficient in detecting application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication flaws etc. both through automation and manual testing. Identified issues on session management, Input validations, output encoding, Logging, Cookie attributes, Encryption, Privilege escalations. Create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities. And Follow NIST, CIS, OTX and OWASP recommendations. Performed Network scanning using tools Nessus and Nmap and generated reports. Responsible for maintaining, reporting and communication of SIEM between event-sources and endpoints. Participates in Blue Team Incident Response team, coordinate with Cyber Security Incident Responder Network Monitoring and security scanning utilizing Nessus Vulnerability scanning. Handling SIEM events and response in critical environments (Email Threat Analysis, Web Threat Analysis, Malware Analysis, etc.). Red Team/ Blue Team Exercises with postmortem remediation efforts and lessons learned. Analyze multiple network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine and apply proper remediation actions and escalation paths for each incident. Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, and Splunk). Keywords: cprogramm cplusplus continuous integration continuous deployment sthree information technology hewlett packard procedural language Illinois Minnesota |