Freelancer » Informations- und Kommunikationstechnologie » Qualitätsmanagement / Testing (IT)
freiberufler Security Consultant auf freelance.de

Security Consultant

offline
  • auf Anfrage
  • nicht angegeben
  • auf Anfrage
  • ta  |  en
  • 14.06.2023
Jetzt registrieren & Kontakt aufnehmen

Kurzvorstellung

Hi! I'm a Security Analyst with a passion driven through Cyber-Security. With 3.5+ years of hands on experience in various security testing and tools, expertise in real world vulnerabilities and skilled in attack and threat vector aspects.

Qualifikationen

  • Bash Shell
  • Certified Ethical Hacker (CEH)
  • Cyber Security
  • Cyber Security Practitioner (CSP)
  • Informatik5 J.
  • Licensed Penetration Tester (LPT)
  • McAfee Vulnerability Manager
  • Python
  • Security Operations Center (SOC)
  • Sicherheit von Webanwendungen
  • Sicherheitsmanagement

Projekt‐ & Berufserfahrung

Security Consultant (Festanstellung)
Kundenname anonymisiert, Chennai
12/2019 – offen (5 Jahre, 2 Monate)
IT & Entwicklung
Tätigkeitszeitraum

12/2019 – offen

Tätigkeitsbeschreibung

1) Hands-on experience with various security solutions, including antivirus, Security Incident and Event Management
(SIEM), encryption, endpoint detection and response, data loss prevention (DLP), intrusion detection & prevention, systems patching, vulnerability management, and threat intelligence.
2) Coordinated the effective management of security incidents and operational responses.
3) Knowledge of the latest OWASP Top 10 2021 and SANS Top 25 vulnerabilities and the corresponding mitigation techniques.
4) Deep understanding of Entrust, web application security threats, vulnerabilities, exploits, and prevention (SQL Injection, XSS, CSRF, platform hardening, etc.)
5) Excellent up-to-date technical and hands-on knowledge and experience in current attack methods, penetration testing
methods, and hacking tools, specifically for web and mobile applications 6) Experience with automated tools and manual testing techniques to identify flaws, weakness and vulnerabilities and
attack vectors in web applications (DAST, SAST).
7) Deep knowledge of enterprise and cloud networks and security controls and detection techniques and technologies.
8) Leverages tooling and custom applications to monitor the operational status of applications, infrastructure, networks, databases, and security; optimizes and tunes performance as appropriate.
8) Gathered functional requirements, developed technical specifications, and build prototypes and proofs of concepts (POC’s).
9) Support global architecture and deployment of Web Application Firewalls (WAF) working in close conjunction with security architecture, vendors, and internal stakeholders.
9) Develop, maintain, test and troubleshoot WAF policies and rule sets globally.
10) Experience integrating security tools in CI/CD pipelines, Hands on experience with containers, such as Docker and/or Kubernetes

Eingesetzte Qualifikationen

Informatik

Ausbildung

B.Tech(Hons)
Computer Science Engineering
Lovely Professional Univeristy
2016
Punjab, India

Über mich

With more than 3.5+ years’ experience as an Information Security Analyst, I am adept in risk assessment, planning, and mitigation strategies. Moreover, my on-the-job experience has afforded me a well-rounded skill set, including first-rate project management and problem-solving abilities.I have deep knowledge of Security Assessment Methodology to identify vulnerabilities in Network, Cloud, API, Web, and Mobile Applications.

- Why did you hire me for this project?

► Hall Of Fame: Google | Microsoft | Apple | Facebook and Many Other Leading Companies
► Completed 500+ Websites and Mobile Application Penetration Testing
► Working with Middle East Government and 5+ Global Clients to Provide Securities.
► Certified Ethical Hacker, Security Researcher, and Bug Bounty Hunter
► Implemented WAF in AWS to Prevent Future Attacks

- I have provided Penetration Test, Vulnerability Assessment services, including professional reports for companies in the world complying with:
► CREST standards
► Offensive Security (OSCP) standards
► OWASP Top 10 Vulnerability
► Application Security Verification Standard 4.0 (ASVS 4.0)
► CWE Top 25 Most Dangerous Software Errors
► ISO 27001 Penetration Testing
► Payment Card Industry Data Security Standard (PCI DSS)
► General Data Protection Regulation (GDPR)
► Common Vulnerability Scoring System (CVSS)
► Open Source Security Testing Methodology Manual (OSSTMM)

- I have some cybersecurity certifications, including:
► Certified Ethical Hacker (CEH)
► Offensive Security Certified Professional (OSCP)

- The deliverable will be a professional Penetration Testing report which includes:
► Executive Summary
► Assessment Methodology
► Type of Test (Blackbox, Greybox, and Whitebox)
► Risk Level Classifications
► Detailed Engagement Data
► Port Scanning Results
► Result Summary
► Table of Findings
► Detailed Findings. Each finding listed within the report will contain CVSS score, Issue Description, Proof of Concept, Remediation, and Reference sections
► Tool List (Acunetix, Nessus, BurpSuite Professional, Nmap, Metasploit Framework, OpenVAS, Netsparker, Mimikatz, SQLmap, Nikto, Zaproxy, Gobuster, etc.)

Technical Skills: Vulnerability Assessment and Penetration Testing, Malware Analysis, Reverse Engineering, Automation using Python, Exploit Development, Threat Hunter.

Programming Skills: Python, Flask, Yara, Bash, Linux Administration, C, C++.

Persönliche Daten

Sprache
  • Tamil (Muttersprache)
  • Englisch (Fließend)
Reisebereitschaft
auf Anfrage
Profilaufrufe
283
Alter
26
Berufserfahrung
5 Jahre und 1 Monat (seit 12/2019)
Projektleitung
3 Jahre

Kontaktdaten

Nur registrierte PREMIUM-Mitglieder von freelance.de können Kontaktdaten einsehen.

Jetzt Mitglied werden