Lakshmi Venkata Mallikarjuna Ummadisetty

Conducted application penetration testing of 50+ business applications

• Conducted Vulnerability Assessment of Web Applications
• Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and SIEM
• Worked on various business development activities like drafting response to RFP’s and preparing SOW’s documents
• Acquainted with various approaches to Grey & Black box security testing
• Experienced in finding security flaws using automation tool like veracode
• By using AppScan tool prepared dynamic testing of applications and reported remedy process for security issues
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc
• Conducted security assessment of PKI Enabled Applications
• Skilled using Burp Suite, Acunetix Automatic Scanner, SecureAssist, CheckMarx, Fortify, WAS, NMAP, Qualysguard, Nessus, SQLmap for web application penetration tests and infrastructure testing
• Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment
• Capturing and analyzing network traffic at all layers of OSI model
• Working with Devops teams and implementing security scans in CI/CD pipeline for automation process
• Implementing Devsecops concepts to automate all security scans
• Developing python and power shell scripts for vulnerability bug reporting purposes
• Guide, create path for career improvement, and lead team of DevOps engineers
• Performed Mobile testing and assessed risk associated for Customers while doing transactions through mobile
• Performed vulnerability assessment for credit card devices
• Identifying critical, High, Medium, Low vulnerabilities in applications based on OWASP Top 10 and SANS 25 and prioritizing them based on criticality
• This experience has enabled me to find and address security issues effectively, implement new technologies and efficiently resolve security problems
• Performed translation of complex data into actionable insights and provide recommendations based on their analysis
• Worked as Data Analyst with diverse experience in all stages of Software Development Life Cycle with emphasis on Business Analysis, Data Analysis, Gap Analysis and Quality Assurance.
• Experience or creating Source to Target mapping documents, gathering business requirements from business/user, creating Process Flows and Data Flow Diagram DD
• Working directly with ETL team for data extraction, Data Quality DQ team for validation
• Experience on gathering business requirements from business/user, creating Process Flows and Data Flow Diagram DFD.
• Stayed current on emerging threats and trends in cybersecurity, adapting testing methods as needed to address new risks.
• Mentored junior team members in best practices for ethical hacking and penetration testing techniques, fostering professional growth among colleagues.

Environment: JAVA, Asp.net, MySQL, App scan, Apache Kali Linux, Burp suite, Veracode, Microsoft Visual Studio, HP Fortify, NMap, Wireshark, Amazon S3,Amazon CloudWatch, AWS Lambda, Azure Functions, Ansible ,Git,Bash,Linux,Cloud Computing,Cloud Applications,DevOps, Jenkins, Amazon Web Services (AWS)

• Conducted application penetration testing of 90+ business applications
• Conducted Compliance Audits
• Acquainted with various approaches to Grey & Black box security testing
• Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc
• Conducted security assessment of PKI Enabled Applications
• Well Experienced in preparing testing automation using AppScan and reported source code vulnerabilities for organization’s applications
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests
• Good knowledge of network and security technologies such as Firewalls, TCP/IP, LAN/WAN, IDS/IPS, Routing and Switching
• Monitor, Analyze and respond to security incidents in infrastructure
• Investigate and resolve any security issues found in infrastructure according to security standards and procedures
• Performed Security testing to find OWASP Vulnerabilities using SecureAssist, CheckMarx, Fortify, WAS
• Actively search for potential security issues and security gaps that are beyond ability of detection by any security scanner tool
• Initiate and develop new mechanisms to addresses unidentified security holes & challenges
• Experienced in Mobile testing by finding Flaws and loop holes in Code of Mobile Applications
• Performed (SIEM), network security monitoring, and threat intelligence using IBM Qadar
• Collect and analyze log data from various sources, including firewalls, intrusion detection systems, and operating systems
• Correlate events across multiple sources to identify potential security incidents
• Created custom dashboards and reports to track key performance indicators and identify trends over time
• Monitored network traffic for suspicious activity and detected potential threats in real-time
• Real-time Analysis and defense
• Vulnerability assessment (VA), Security policy, and network and security audit
• Configuration and management of Cisco IDS, Checkpoint firewall, Snort
• Integrated CI pipeline with configuration management tools for continuous deployment such as using Gitlab-CI with Puppet
• In this project, as Cloud DevOps Engineer, I am responsible for migrating applications into AWS cloud by creating CI/CD pipelines using Jenkins
• Created nightly builds with integration to code quality tools such as SonarQube, Veracode
• Created quality gates in SonarQube dashboard and enforced in pipelines to fail builds when conditions not met
• Rebuilding of entire existing platform over to Docker containers
• Setup Kubernetes clusters using Amazon EKS
• Experience in complete Unified Modeling Language UM, Software Development Life Cycle SDLC, Software Testing Life Cycle STLC and Bug Life Cycle BLC
• Proficient in all cycles of test life cycle from test planning to defect tracking and managing defect lifecycle
• Experience in defining scope and objectives, researching and root-cause analysis analyzing business and user requirements for complex projects
• Experience in creating Business Required Document BRD, Functional Required Documents FRD, and Functional Specification Document FSD.

Environment: PHP, ASP, MS SQL, MY-SQL, Apache, OWASP ZAP Proxy, AppScan, Dirbuster, HP Fortify, NMap, Metasploit, SecureAssist, CheckMarx, Fortify, Jenkins, Linux, Terraform, Ansible, Puppet and Docker hands on training on AWS and Azure, IBM Qadar.

• Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities
• Automated security testing process using AppScan tool
• Installation, Configuration and Troubleshooting of Check Point Security Gateways
• Adding and removing checkpoint firewall policies based on requirements of various projects
• Using Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess and pinpoint networking issues causing service disruption
• Having real time experience in DDos, Sql Injection protection, XSS protection, script injection and major hacking protection techniques
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc
• Prepared remedy process for Security issues detected using SecureAssist, CheckMarx, Fortify, WAS
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports
• Adding new vulnerabilities to Vulnerability Database for various platforms with proper exploits
• Performed (SIEM), network security monitoring, and threat intelligence using IBM Qadar
• Created custom dashboards and reports to track key performance indicators and identify trends over time
• Monitored network traffic for suspicious activity and detected potential threats in real-time
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
• Conducted periodic scans and on demand scan as and when new network devices are introduced, or configurations are updated in windows servers with Qualys Guard
• Assisting in preparation of plans to review software components through source code review or application security review.

Environment: Threat modeling, Penetration testing, AppScan, Code review Software security OWASP, Vulnerability assessment, SecureAssist, CheckMarx, Fortify, IBM Qadar, WAS, Network monitoring SDLC.