Summary
Overview
Work History
Skills
Accomplishments
Timeline
Generic

JAKKULA S

Austin

Summary

Over 8+ years of professional expertise as a Technical Security Analyst, specializing in application security engineering. In-depth knowledge and hands-on experience with OWASP Top 10, WASC Threat Classification, and advanced skills in SAST and DAST and IAST methodologies. Demonstrated leadership in application security analysis, working with major clients and coordinating with software development teams to enhance security postures. Profound understanding and application of compliance standards like PCI DSS and HIPAA, ensuring regulatory adherence across diverse client environments. Expert in conducting comprehensive vulnerability assessments and penetration tests for web and mobile applications, utilizing tools like Burp Suite, Kali Linux, and Metasploit. Developed and implemented robust security testing pipelines in Jenkins, enhancing code review and penetration testing processes. Proficient in network security practices, employing tools such as NMap and Nessus for effective network scanning and vulnerability detection. Advanced skills in threat modeling and security control development, contributing significantly to project security from initial design phases. Extensive experience in integrating security practices into various SDLC methodologies, including Waterfall, Agile, CI, and CD. Implemented and managed IBM AppScan for enterprise-wide security analysis and automation, showcasing proficiency in enterprise security solutions. Strong capability in Secure SDLC practices, ensuring thorough source code analysis and security integration in web-based applications. Exceptional ability to handle multiple tasks simultaneously, displaying strong independent working skills as well as effective team collaboration. Skilled in applying industry-standard security frameworks and systems, including CWE, CVSS, and CVE, for accurate vulnerability assessment and management. Proven track record in delivering detailed security assessment reports, offering clear remediation strategies and effectively communicating findings to stakeholders. Outstanding oral and written communication skills, complemented by superior negotiation and problem-solving abilities, facilitating effective security solutions and team management.

Overview

8
8
years of professional experience

Work History

SR. APPLICATION SECURITY ENGINEER

ORACLE CORPORATION
07.2022 - Current
  • Proficient in Grey and Black box security testing, focusing on identifying and manipulating system vulnerabilities
  • Experienced in threat modeling during various phases of the SDLC, including requirement gathering and design
  • Utilized a range of security tools for dynamic, static, and manual analysis, proficient in detecting and exploiting vulnerabilities like SQL and XML injection, server exploits, and web services vulnerabilities
  • Skilled in identifying and addressing security issues in session management, input validation, output encoding, logging, exceptions, cookie attributes, encryption, and privilege escalations
  • Conducted thorough security assessments using tools like HP Fortify, IBM AppScan, Nessus, Burp Suite, OWASP ZAP, and Metasploit
  • Played a key role in remediation planning, implementation, and IT risk assessments for enterprise applications
  • Established comprehensive application security programs, integrating security into development processes using tools like Jenkins, and ensuring compliance with standards like MITRE ATT&CK, CIS, NIST, ISO27001, Stride, and Dread
  • Provided secure coding guidance and conducted manual code reviews, focusing on continuous improvement in application and cloud infrastructure security
  • Managed bug reports from HackerOne bug bounty programs and conducted regular security tests on web applications
  • Utilized AWS services like S3 and CloudWatch for data management, monitoring, and logging, enhancing cloud security
  • Collaborated closely with development teams, including mobile app teams, integrating security into the entire software development lifecycle.

SR. APPLICATION SECURITY ENGINEER

PNC BANK
07.2020 - 06.2022
  • Proficient in Grey and Black box security testing, focusing on identifying and manipulating system vulnerabilities
  • Experienced in threat modeling during various phases of the SDLC, including requirement gathering and design
  • Utilized a range of security tools for dynamic, static, and manual analysis, proficient in detecting and exploiting vulnerabilities like SQL and XML injection, server exploits, and web services vulnerabilities
  • Skilled in identifying and addressing security issues in session management, input validation, output encoding, logging, exceptions, cookie attributes, encryption, and privilege escalations
  • Conducted thorough security assessments using tools like HP Fortify, IBM AppScan, Nessus, Burp Suite, OWASP ZAP, and Metasploit
  • Played a key role in remediation planning, implementation, and IT risk assessments for enterprise applications
  • Established comprehensive application security programs, integrating security into development processes using tools like Jenkins, and ensuring compliance with standards like MITRE ATT&CK, CIS, NIST, ISO27001, Stride, and Dread
  • Provided secure coding guidance and conducted manual code reviews, focusing on continuous improvement in application and cloud infrastructure security
  • Managed bug reports from HackerOne bug bounty programs and conducted regular security tests on web applications
  • Utilized AWS services like S3 and CloudWatch for data management, monitoring, and logging, enhancing cloud security
  • Collaborated closely with development teams, including mobile app teams, integrating security into the entire software development lifecycle.

APPLICATION SECURITY ENGINEER

STATE OF TEXAS
11.2018 - 06.2020
  • Recommended best practices for application security, ensuring clear communication and coordination of daily project activities within the team, with a focus on establishing and maintaining priorities
  • Provided IT staff assistance, specifying security requirements for vendor products and evaluating requests related to security architecture, often using tools like IBM AppScan and HP Fortify for analysis
  • Assessed risks and evaluated the impact of technology changes in processes, maintaining expertise in security systems and deploying necessary infrastructure, including tools like FireEye and Symantec
  • Managed and responded to repeated threats across systems, conducting regular vulnerability tests with tools such as Qualys and Rapid7
  • Recommended application patches and appropriate security products based on findings from security audits, ensuring compliance with standards and policies using auditing tools like Splunk and AlienVault
  • Conducted vulnerability assessments using Nessus, Wireshark, and other advanced monitoring tools
  • Developed enterprise risk dashboards and generated reports as required by the organization, utilizing analytics tools like Tableau and Microsoft Power BI
  • Performed application penetration testing on over 20 business applications, employing methods and tools like OWASP ZAP and Metasploit
  • Assessed the vulnerability of web applications, integrating tools like Burp Suite and Acunetix in the evaluation process
  • Led research, mitigation, and coordination efforts to reduce information security risks across internet-facing presences, utilizing threat intelligence platforms like Recorded Future and CrowdStrike
  • Collaborated with development teams to ensure the closure of reported vulnerabilities, leveraging communication tools like Slack and Microsoft Teams for effective coordination
  • Carried out security assessments of online mobile applications, using mobile security tools like MobSF and Nessus for different categories like input and data validation, authentication, authorization, auditing, and logging
  • Stayed updated with new hacking techniques and latest vulnerabilities, employing advanced scanning tools to ensure the existing system's security
  • Facilitated clear communication and collaboration with both internal and external teams, using project management tools like Jira and Asana
  • Performed onsite and remote security consulting, including penetration testing, application testing, web application security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment, using a combination of tools like Cisco and Juniper for network security assessments.

SR. SECURITY ENGINEER

CALPINE
11.2017 - 10.2018
  • Conducted extensive security assessments, including asset inventory, scanning, manual code reviews, and penetration tests, utilizing a range of tools such as HP Fortify, IBM AppScan, Nessus, HP WebInspect, and ZAProxy
  • Established a robust application security program from the ground up, demonstrating a proactive approach to safeguarding applications
  • Collaborated closely with development and reliability teams to integrate security checks seamlessly into the development process, leveraging tools like Jenkins to automate security measures
  • Showcased expertise in utilizing a range of security tools, including Burp Suite, OWASP ZAP, Nessus, and Metasploit, to conduct comprehensive vulnerability testing
  • Employed the ThreatModeler tool to analyze and create threat models, enhancing overall security by identifying potential risks
  • Conducted a thorough evaluation of various security tool options to select the most suitable solutions tailored to the organization's specific needs
  • Conducted manual code reviews and provided invaluable secure coding guidance to developers, ensuring the development of secure applications
  • Ensured strict compliance with industry standards such as MITRE ATT&CK, CIS, NIST, ISO27001, Stride, and Dread, adhering to best practices in the field of cybersecurity
  • Applied cryptographic knowledge effectively to identify and rectify security weaknesses resulting from errors or weak configurations
  • Conducted monthly security tests on web applications and diligently reported identified issues to the development team for prompt resolution
  • Managed and prioritized bug reports stemming from a HackerOne bug bounty program, addressing security vulnerabilities efficiently
  • Utilized AWS S3 for efficient data storage solutions, optimizing data management within the organization
  • Implemented AWS CloudWatch for monitoring and logging, proactively identifying and addressing potential issues in real-time
  • Strengthened the security of cloud infrastructure by implementing various controls, enhancing overall cloud security
  • Developed continuous monitoring systems to detect potential threats and issues promptly, ensuring a proactive security stance
  • Efficiently managed code repositories using GitHub, facilitating collaborative development while maintaining code security
  • Collaborated closely with mobile app teams to assess and enhance security on Android and iOS platforms, ensuring the protection of mobile applications
  • Integrated security seamlessly into the entire software development process, ensuring ongoing protection throughout the development lifecycle
  • Established and managed robust processes for receiving, prioritizing, and addressing reported vulnerabilities, ultimately enhancing product security and minimizing risks
  • Leveraged AWS WAF templates effectively to restrict IP addresses and elevate web application security, reinforcing protection against common web exploits and attacks.

Java Developer

FIDELITY INVESTMENTS
06.2015 - 10.2016
  • Developed the web interface using MVC design pattern with Struts framework
  • Designed and implemented most of the Java related portions of the application including EJBs for encapsulating business logic
  • Developed server side utilities using J2EE technologies Servlets, JSP, JDBC using JDeveloper
  • Developed the JSP’s using the struts framework tag libraries
  • Developed the WORKFLOW concept using the struts framework to avoid the back button problems
  • Responsible to analyze existing C ++ project to prepare business logic documents
  • Was responsible to communicate with End client to support the application and analyze the issue and fixed the issue
  • Preparation of Test Plans
  • Maintained the struts-config files, tiles definition files and web.xml
  • Session Beans are designed in such a way to serve the following: Inserting, updating, and deleting data from the database
  • Developed and executed the business validation logic in form beans
  • The framework involves a struts framework, which internally uses the J2EE design patterns
  • Developed the servlets, and beans for the application
  • Involved in application development and unit testing
  • Implemented the security features and access roles in Web Pages and Filtering of requests
  • Developed Application on MVC software architecture using struts separating presentation from business logic
  • Developed Struts Action Classes, and Action Forms and implemented Struts Validation Framework
  • Applied Springs IOC Container to facilitate Dependency Injection
  • Used spring for handling Data Access Exception and Transaction Exception
  • Refactored large code base to conform to best practices, including MDB Listeners to spring design patterns
  • Involved in developing the core base Classes and designed the packaging needed for the project.

Skills

  • TECHNICAL SKILLS
  • TOOLS: BURPSUITE, DIRBUSTER, HP FORTIFY, IBM APPSCAN, OWASP ZAP PROXY, NMAP, NESSUS, KALI LINUX, METASPLOIT, HP WEB INSPECT, ACCUNETIX, SNYK, BLACKDUCK, CHECKMARX
  • PROGRAMMING LANGUAGES : JAVA, PYTHON, NET, C, C
  • WEB TECHNOLOGIES : HTML, CSS, XML, JAVASCRIPT
  • OPERATING SYSTEMS : KALI LINUX, GNU/LINUX, WINDOWS XP/VISTA/7, REDHAT LINUX
  • NETWORK SECURITY TOOLS : NMAP, WIRE SHARK, METASPLOIT, NESSUS, QUALYS GUARDSSLDIGGER, SSLSMART, SSLSCAN
  • BUG TRACKING TOOLS: JIRA, SERVICENOW
  • SECURITY ASSESSMENT : PENETRATIONTESTING, SOURCE CODE REVIEW, DAST, SAST, IAST, MANUAL ETHICAL HACKING
  • DEVOPS TOOLS : JENKINS AND DOCKER CONTAINERS
  • WEB SERVERS : APACHE TOMCAT, NGINX, JBOSS AND JRUN, IIS, WEBSPHERE
  • COMPLIANCE AND KNOWLEDGE : OWASP STANDARDS, SANS TOP25, PCI COMPLIANCE, SECURITY REGULATIONS

Accomplishments

  • Specialized in Web Application Firewall (WAF) configuration and management, particularly with tools like AWS WAF and Cloudflare
  • Proficient in securing container environments, including Docker and Kubernetes, for safe orchestration and deployment
  • Utilized automated security scanning tools in CI/CD environments, such as SonarQube and GitLab CI, for early identification and remediation of security issues
  • Conducted security training and awareness programs for development teams to instill a culture of security best practices
  • Experienced in API security testing and validation using tools like Postman and SoapUI
  • Implemented secure code repositories using Git and SVN, ensuring source code integrity and security
  • Developed custom security scripts and tools for automating security testing and enhancing efficiency
  • Led the adoption of secure coding standards across development teams, aligning with OWASP and CERT guidelines.

Timeline

SR. APPLICATION SECURITY ENGINEER

ORACLE CORPORATION
07.2022 - Current

SR. APPLICATION SECURITY ENGINEER

PNC BANK
07.2020 - 06.2022

APPLICATION SECURITY ENGINEER

STATE OF TEXAS
11.2018 - 06.2020

SR. SECURITY ENGINEER

CALPINE
11.2017 - 10.2018

Java Developer

FIDELITY INVESTMENTS
06.2015 - 10.2016

Similar Profiles

CREATE PROFILE
JAKKULA S