jay prakash resume
TRANSCRIPT
Jay Prakash [email protected]
D.O.B.- 1st July 1989 +62 895 2222 2333+91 7030300051
Experience Highlight
5 years of experience in Vulnerability assessment, Application & Network Security testing, Incident Management.
Performed 200+ security assessments for various merchants integrated with bank’s payment gateway.
Web Application Security assessment for leading financial firms and banks, telecom gi-ants.
Exposure to onsite International Projects. Internal Penetration Testing for banks, financial institutions, IT infrastructure including
cloud hosting companies. Conducted Configuration Audit of multiple servers and devices. Created SCD (Secure Configuration Document) for various devices. Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF,
session hijacking, authentication bypass etc.
Conducted security assessment of online banking application.
Skilled in using Burp Suite, Paros proxy tools and Tenable Nessus scanner for web appli-cation penetration tests.
(Secure) Network Architecture Review Trained in Mobile Application security. End to End security solution to client. Imparted training to newly recruited batches. Imparted training and presentations to clients. Awarded Top 10 rating during annual review and appraisals (twice in a row).
Certifications
EC-Council Certified Ethical Hacker-CEHv7
Education Summary
Qualification Institution Board/university Percentage Year of passing
B.E.-Electronics & Communication Engineering
NRI Institute of Information Science & Technology, Bhopal
Rajiv Gandhi Technical University, Bhopal
73.09% 2011
HSE Delhi Public School, Nigahi, Singrauli
CBSE 85.2% 2007
SSE Jyoti Eng. Med. High School, Jayant, Singrauli
CBSE 81.8% 2004
Professional Experience
Company : Tech Mahindra Ltd, PuneDesignation : Associate Security ConsultantDuration : November 25th, 2015 – Present
Key project at Tech Mahindra
Key Projects
Security Management
Client Telecom sector
Description A project that asks for comprehensive security of the IT infrastructure and act as point of contact for all security requirements.
Role Remediation of all security open points highlighted in a security assessment by assigning the right points to the right stake holders and ensuring to get them fixed within the given time frame.
Implementing new processes that ensure that the open points are addressed well for the existing as well as the new infrastructure as a process.
Getting proper exceptions from the business/responsible people to keep the business running without compromising on security.
SPOC for all security related matters when it comes to the IT infra.
Assessing the applications, changes, Infra for security loopholes on a calendar basis and take up ad-hoc requests as well.
Presenting the report to the stake holders and ensuring that they understand the risks involved and the impact that the vulnerabilities could result into.
Looking for new areas where the security services can be implemented so as to smoothen business.
Creating/Modifying policies/processes where ever required to ensure that security is a part of the organisation and the daily operations.
Company : IBM India Pvt Ltd, PuneDesignation : IT Security Specialist - Application securityDuration : November 4th, 2014 – 23rd November 2015
Key project at IBM
Key Projects
Undertaking Application security and Incident management
Client Telecom sector
Description The task is to conduct application security assessment of all the applications that run the business and manage any incidents that occur.
Role Application security assessment Assessment of all application changes and ensure that they
have proper security enforced before go live Drive Closure activities Ensure that all SLAs are met Incident Management
Company : Paladion Networks Pvt Ltd,Navi MumbaiDesignation : Security ConsultantDuration : October 31, 2011 – October 27, 2014
Key projects at Paladion
Key Projects
Integration of Merchant Applications to Payment Gateway
Client One of the largest Banks in India.
Description The project is concerned with the fact that any merchant who uses payment gateway for its online transactions should be integrated in a secure way ie. No fraud should occur while a complete end to end transaction is being made.
Role Process Knowledge transfer UA test planning Executing test cases Reporting and documenting vulnerabilities found during
testing Helping the developers in closing the findings by explaining
the vulnerabilities over call Sign off
Contribution Understand the workflow of the payment gateway, Understanding of the data flow from merchant’s application
to the payment gateway and then to the bank, Created a threat model based on business risks, Mapped threats to technical vulnerabilities, Identified vulnerabilities in the integration process of a
merchant’s application with Bank’s payment gateway and Reported observations based on impact and severity with
recommendations
Application Security Assessment of Banking Application
Client Indian and International Banks
Description The project aimed at finding vulnerabilities in applications (web based as well as internal).The goal was to test the application for points that could be exploited and may cause business risk.
Role Executing test cases Reporting and documenting vulnerabilities found during
testing Sign off
Contribution Understanding the application functionality from the owners Determine the threats that could come up Creation of threat model based on what the functionality of
application is and also based on the sensitivity of the data that it handles
Mapping threats to technical vulnerabilities Reporting observations based on impact and severity with
recommendations
Application Security Assessment of Insurance Application
Client Banks and Financial organisations in India
Description The scope of this assignment was to conduct an Application Security Assessment of Core Insurance application. The application is used by External Users to look, opt and buy various insurance policies offered by the bank [Insurance Company].
Contribution Understand the data flow of the application from the end user to the servers
Create a threat model based on how the data gets approved
Share the threat model with the application owners to make them understand the security risks involved
Make the application owners understand the business impact that could result from those security weak points.
Map the threat to a test plan to proceed with the testing methodology.
Execute all the test cases using automated tools and manual analysis.
Create and share a vulnerability document with the developers and the owners at the end of the testing with recommendations to patch the findings.
Application Security Assessment of Web Portals.
Client Government and Private organisations, Food Chain Stores, Finance
Description The applications related to Employee management, HR, Promotion of the company, were tested for security flaws. The scope aimed at finding access level flaws and functionality related open points that could have led to security risks.
Role Executing test cases Reporting and documenting vulnerabilities found during
testing Sign off
Contribution Understanding the application functionality with the owners Creation of threat model Mapping threats to technical vulnerabilities Reporting observations based on impact and severity with
recommendations
Secure Network Architecture Review
Client F & B, Government Organisations
Description The aim of the project is to check whether the controls in the network are proper or not.
Role Studying the Network Diagram of the organisation, checking for all the necessary controls in the current setup.Get an understanding of the network from the network admin.Figure out the weak points in the network.Reporting and documenting vulnerabilities found during testingSign off
Contribution Understanding the existing network architecture by interviewing the respective admins.
Creation of a set of questionnaire for the critical assets based on the network model.
Identifying threats in the current setup. Mapping threats to technical vulnerabilities and their business
impact. Reporting observations based on impact and severity with
recommendations Propose a new secure network architecture.
Internal and External Penetration Testing
Client Leading Banks in India, International banks, Cloud hosting companies, F & B, Financial Institutions.
Description Internal Penetration testing allows organisations to test, if an attacker had the equivalent of internal access how they may they may have access to perform unauthorised data disclosure, misuse, alteration or destruction of confidential information, including Non-Public Personal Information (NPPI).
Role Discover Live IPs within the organisation
Find out the open ports in the IPs that are live Service Fingerprinting Run Automated Scanners to find out the vulnerabilities Manual analysis of the reported vulnerabilities Prepare detailed report explaining the impact of the
vulnerabilities present and how to fix themContribution Network penetration testing for assessing vulnerabilities as
seen from inside the organisation/outside world Performed Internal Penetration Testing Reporting of detected vulnerabilities with solutions.
Configuration Audit
Client Financial Institutions, Banks.
Description Configuration audit is a process wherein the settings and configuration of operating systems, applications, databases and network devices are checked to meet the set standard and security policies. The scope of these assignments were to conduct internal Vulnerability Assessment [Configuration Audits] of various Servers which involved OS like Windows 2000 till 2008R2, Application like IIS, Apache; Database components (MS-SQL, Oracle) and Network devices(Cisco switches and Routers), firewalls, cyberoam content filter, SAN.
Role Manual check of each and every policy and confirm that they meet the set standards.
Create Secure Configuration Document for the Hardening of devices.
Capture outputs related to the policies to be audited and then analyse them for mis-configurations.
Reporting all the mis-configurations and explain the client as how can they pose a threat.
Help the client in hardening the devices and platforms.
OWASP Top 10 Training
Client A leading private bank and financial institution.
Description Make the client aware of the OWASP top 10 related to web applications and also make them understand the business impact through those vulnerabilities.
Role Conduct a training of the client about the OWASP top 10 Make the developers and the owners understand the
mapping of these vulnerabilities to the business risks they could have.
Answer all doubts concerning the solutions to be implemented to overcome the vulnerabilities.