Summary

Overview

Work History

Education

Skills

Certification

Awards

Training

Timeline

Bindhu Rajan

Sterling,VA

Summary

Experienced IT professional with 14 years specializing in Information Security. Actively involved in SDLC to implement robust security controls. Expertise in Threat Modeling, vulnerability assessment, and penetration testing. Skilled in using tools such as Tenable Nessus Security Center, Burp Suite, OWASP ZAP Proxy, NMap, Kali Linux, Metasploit, Accunetix, and Netsparker. Knowledge extends to Splunk Fundamentals and Security Risk Management in TCP-based networking environments. Proficient in risk analysis and assigning risk ratings based on CVSS scores. Led training programs on tool-based solutions, Static Analysis, and more. Skilled pen tester with experience in diverse applications and domains. Strong inquisitive nature and teamwork abilities. Conducted gap analyses and software licensing audits. Expertise in least privilege and segregation of duties. Experienced in SOX Compliance Audits focusing on User Access Management, Change Management, and Incident Management. Ready to contribute effectively to any organization's security objectives.

Overview

years of professional experience

Certification

Work History

Security Analyst

AO Of US Courts

03.2016 - Current

Conduct Vulnerability Assessments on servers, web applications, databases, and network devices for the Vulnerability Scanning Program
Vulnerability Assessment for the Judiciary’s publicly accessible servers physically located at the Internet Data Centers (IDCs)
Security assessment of applications to identify the vulnerabilities in different categories like authentication, authorization, session management, and input validation
Server compliance scanning to identify missing patches for installed software as well as security relevant configuration checks related to auditing, logging, password and account lockout policies, extraneous software and services, and use of secure protocols
Testing based on guidelines provided by the Judiciary’s internal security framework, NIST 800-53 revision4, OWASP Top 10, and CIS Benchmarks
Provide technical guidance to facilitate the remediation of security issues during the security scanning process, ad-hoc scanning, and threat scanning
Exposing potential security flaws and identifying exploitable vulnerabilities
Sharing recommended patches and Ensuring systems stay up to date for courts and program office
Run vulnerability scans and review vulnerability assessment reports
Work on the Formal Scan findings report that summarizes the analysis, observations, and recommendations of the security assessment and then deliver the reports to the courts
Review asset discovery and vulnerability assessment data
Performing Basic Event Correlation and Validation Activities
Monitor, Analyze, and respond to security incidents in the infrastructure
Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures
Involving in the SED(Security Engineering Division) Mentoring program and following up with the mentors from different courts in support of ongoing questions, technologies, and processes of security scans using Nessus Security Center
Providing security evaluation of both forward-facing assets as well as backend databases, where applicable
Perform Ad-hoc scans for the courts in response to intelligence regarding a public vulnerability, such as a newly reported zero-day exploit, or response to a security incident

Security Analyst

Delta Dental California

08.2015 - 02.2016

Conducted application penetration testing of 50+ business applications
Performed functional testing of security solutions like RSA two-factor authentication, Novel single sign-on, DLP, and SIEM
Prepare risk-based test plans and perform security testing
Worked on various business development activities like drafting responses to RFPs and preparing SOW’s documents
Acquainted with various approaches to Grey & Black box security testing
Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws, etc
Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, DirBuster, QualysGuard, Nessus, and SQLmap for web application penetration tests and infrastructure testing
Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment

Security Tester

Accenture

06.2010 - 07.2013

Capturing and analyzing network traffic at all layers of the OSI model
Monitor the Security of Critical Systems (e.g
E-mail servers, database servers, Web Servers, Application Servers, etc.)
Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities
Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities, and develop remediation plans and Security Procedures
Identifying the critical, High, Medium, and Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on their criticality
The experience has enabled me to find and address security issues effectively, implement new technologies, and efficiently resolve security problems
Conducted Vulnerability Assessments on various applications
Acquainted with various approaches to Grey & Black box security testing
Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws, etc
Skilled in using Burp Suite, Acunetix Automatic Scanner, NMAP, and DirBuster for web application penetration tests
Generated and presented reports on Security Vulnerabilities to both internal and external customers
Security assessment of online applications to identify the vulnerabilities in different categories like input data validation, authentication, authorization, audit, and logging
Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect
Training the development team on the most common vulnerabilities and common code review issues and explaining the remediations
Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure
Configuration and management of Cisco IDS, Checkpoint firewall

Education

Master of Science - Computer Science

Skills

IBM App Scan
Cenzic Hailstorm
Acunetix
Burp Suite Professional
SQL Map
Wire Shark
Checkmarx
HP Web Inspect
Splunk
HP Fortify
Vera Code
Nessus
Nmap
OWASP Dependency Check
Cloudflare

Protecting networks
Developing security plans
Incident response
Application security
Critical thinking skills
Security needs assessment
Vulnerability assessment
Penetration testing
Reporting and documentation
Ethical hacking
Risk mitigation
Websense data loss prevention
Network security
Linux server
Intrusion detection

Certification

Certified Ethical Hacker

Awards

Star of the Quarter, Awarded for outstanding and consistent performance.
Client Appreciation, For being innovative and for client team satisfaction at the AO US Courts.

Training

Nessus Manager
Splunk Certified User

Timeline

Security Analyst

AO Of US Courts

03.2016 - Current

Security Analyst

Delta Dental California

08.2015 - 02.2016

Security Tester

Accenture

06.2010 - 07.2013

Bindhu Rajan

Summary

Overview

Work History

Security Analyst

Security Analyst

Security Tester

Education

Master of Science - Computer Science

Skills

Certification

Awards

Training

Timeline

Security Analyst

Security Analyst

Security Tester

Master of Science - Computer Science

Similar Profiles

Nicole A. BrownNicole A. Brown

VINCENT TULIVINCENT TULI

Aaqib HussainAaqib Hussain

Kelly CareyKelly Carey

Nancy GarciaNancy Garcia