Pallav Dave

· Performing SAST (Static AppSec testing) and DAST (Dynamic AppSec testing assessment) on mobile and web application

• Experience in development and execution of a Security Management program across multiple, agile software development teams
• Experience testing and evaluating an application during runtime using tools like WhiteHat, Synopsys, Veracode, Checkmarx etc.

· Experienced in Vulnerability Scanning, Vulnerability Remediation, and Secure Configurations support (i.e., DISA STIGS and SRGs)

· Develops and implement manual and automated web application security testing of e-commerce web applications to enforce security standards.

· Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations

· Experience with the entire SDLC process to check in and check out tools. This includes experience with CI/CD and Code Repositories like Jenkins, TFS, Gitlab, GitHub etc.

· Experience using automated Static Code Analysis (SCA) tools, such as Find Bugs, Coverity, Klocwork, and SonarQube.

· Experience with penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc.

· Experience with threats and solutions relating to web applications including cross-site scripting, URL manipulation, SQL injection

· Threat model web applications and work with development team throughout the SDLC

· Experience with industry standard application security testing tools such as White Hat, IBM Application Scan, HP Fortify, Web Inspect, Burp Suite, etc.

· perform on-going security code and testing review to improve software security

· Knowledge and familiarity with Software Development Lifecycles (SDLC); including both Waterfall and Agile methodologies.

· Monitor logs and review alerts while identifying, remediating, and escalating incidents that occur within the environment.

· Experience with Cloud Security, IAM, Security Audit and Monitoring, Cloud Network Controls, Security Vulnerability Management, Security Incident Management, and Penetration testing.

· Work with developers to communicate and track critical security vulnerabilities within application code. Assist in automating code scanning and tickets for vulnerabilities.

· Implement best practices for SSDLC and for Application security

· Provide guidance on secure CI/CD and API enabled delivery

· Automate and integrate security processes and controls throughout our entire SDLC, from IDEs to source control systems to CI/CD pipelines to production deployments.

· Perform hands on (white box / grey box) end to end application security assessments including source code reviews, vulnerability scans, manual pen tests and possibly lean threat modeling or design reviews.

· Perform vulnerability assessment, and penetration testing on vehicle applications (including but not limited to Cloud services, APIs, mobile/web application)

· Perform third-party libraries security assessment and dependency analysis such as OWASP dependency checks for Java applications and Retire Js for JavaScript and Node Js.

· Experience with web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation

· Build threat models and control catalogs for software teams; stay current on emerging threats.

· Develop test plans, automation, and processes to validate that application security controls and features are correct and complete; audit controls and identify areas for improvement.

· Select, deploy, and configure tools for security testing of applications and systems.

• Conduct effective risk assessments and threat modeling in a rapidly changing environment
• Configuration Management and Compliance – Know how your application is configured and whether it follows your policies (e.g., Ansible, Chef, Puppet)

· Using Twistlock to manage all our containers from vulnerability and compliance standpoint

· Securing container technologies (such as Docker and Kubernetes)

· Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers and company

· Develop and maintain technical documentation around the discovery and mitigation of threats and vulnerabilities

· Deep understanding of web application security threats, vulnerabilities, exploits, and prevention (SQL Injection, XSS, CSRF, platform hardening, etc.)

· Experience with Agile/SCRUM software development models.

· Knowledge of web related technologies (web applications, web services, and service-oriented architectures) and of network/web related protocols.

· experience with server operating systems including Microsoft Windows, Red Hat Enterprise Linux, etc.

· Securely manage secrets for Continuous Integration servers and applications

· Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers and company

· Implementing secure development practices in to SDLC

· Pull reports from Tenable for vulnerability reports on hosts, break down reports to applicable components in the boundary and discuss the finding with server POC.

· Demonstrated direct project experience driving security considerations through all phases of the Software Development Lifecycle (SDLC)

· Proficient in static and dynamic vulnerability analysis and penetration testing techniques such as fuzzing

· Perform application security scans for all web applications, mobile applications, and APIs as part of development process and in accordance with High-Risk Application Security Management Standard and DevSecOps methodology.

· Perform monthly security scans using Nessus tool to verify the configuration, patch, and vulnerabilities on systems in scope. Follow-up with internal and external stakeholders and keep the track of vulnerabilities and remediation status.

· Experience implementing security solutions that resolve security and business risk trade-offs
· An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP)

· Use Jira to create a security Vulnerability Dashboard as tracking mechanism whereby vulnerabilities are resolved in a time frame in support of the Agile methodology

· Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement

· Conduct meeting with DevOps teams on vulnerability management on both our applications and our servers that are running.

· Perform security monitoring and incident response of cyber security events for proper determination of being considered a cybersecurity event

· Provide security expertise and technical leadership while collaborating with security specialists, program managers, developers,and all levels of management to execute on strategic and tactical goals to improve security of applications, software code, and infrastructure.

· Deep knowledge of network mapping, vulnerability scanning, penetration testing, and Web Application testing

· Experience identifying, exploit, and remediate common application vulnerabilities through use of tools and code review

· Conduct security assessment when new systems are added to our boundary by provided security evidence shows that application control is implemented or planned.

· Review current security system configurations for correctness; monitor, report and investigate access to determine unauthorized access attempts; provide continuous testing of systems for situations requiring corrective action.

· Performing vulnerability assessment and penetration testing practices at SWIFT, covering the full assessment life cycle (Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, and Reporting)

· Create and maintain Application Security policies including secure coding policies, procedures and standards, coding standards, and the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.

· Customize Scanning Rules to reduce False Positives vulnerability Scanning – Automatically identify known issues in your application for penetration testing (e.g., Nessus) Infrastructure as Code – Ensures the application is deployed securely and without errors in a repeatable manner (e.g., Ansible).

· Create process documents from security tools into daily security operations.

· Report and communicate security issues and topics to technical and non-technical audiences

· Monitor logs and review alerts while identifying, remediating, and escalating incidents that occur within the environment.

· Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement

· Experienced in languages such: Java, JavaScript

· Weekly account tracking to make inactive accounts are deleted and all accounts follows security policies

· Participate in security NIST based incident response process including event handling, process reviews and tabletop exercises. Supervise all investigations into problematic activity and provide on-going communication and reports significant security events to the board, supervisory committee, and management as appropriate.

· Experience with network and related protocols (TCP/IP, HTTP, VPNs, etc.) and ability to use inspection tools (Burp, Wireshark, etc.)

• Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
• Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS etc.).

· Experience managing temporary ATO's due to unforeseen contingencies realized during assessments leading to the creation of open POA&M's to track and remediate critical and high vulnerabilities before a 3-year ATO can be granted.

· Assessed information systems to make sure the controls are implemented correctly and performing their assigned functions following NIST 800 special publications especially NIST 800-53 and Federal Information Processing Standards (FIPS).

• Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.

· Knowledgeable in thoroughly reviewed and assessing technical, operational and management controls following the RMF NIST 800-37 rev 1 methodology and other NIST 800 publications.

· Align all the security procedure to fit correctly in Risk management Framework in Support of the SCA process

· Performed security categorization using (FIPS 199) / and NIST 800-60 as implementation guide, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and ensure FISMA compliance.

• Reviews firewall rules on a period basis to ensure all are required and are properly configured.
• Ensures all shared services teams responsible for operation duties are executing as required (e.g., daily log reviews such as firewall logs, server logs, etc.).
• Overseeing analysis processes and standards for business and system requirements and capabilities (e.g., access controls) including data gathering, calculations, and formal reporting
• Monitor computer network for security issues
• Supporting and maintaining Security tools including, Orion NetFlow, Wireshark, IAM etc
• Experience with encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management.

· Review daily log reports generated from information security systems and escalate anomalous behaviors.

· Serve as a liaison between development teams and stakeholders to understand and formulate complex security requirements.

· Implements the information security strategy and objectives, as approved by the Chief Information Officer, including strategies to monitor and address current and emerging risks

· Contribute to the organizations security policies, procedures, and processes.

· Contributes to, and where appropriate creates and maintains, the enterprise's security documents (policies, standards, baselines, guidelines, and procedures) in collaboration with the Chief Information officer.

· Reviewed security authorization documentation including security plan, risk assessment, contingency plan, privacy threshold analysis, and other required deliverables for an ATO package.

· Experienced with AWS config to monitor our resources and keep an appropriate baseline

· Use AWS Cloud Trail to track events such as authorized an unauthorized

· Uses AWS Config to assess, audit, and evaluate the configurations of your AWS resources.

· Use AWS Config continuously monitors and records your AWS resource configurations and automate the evaluation of recorded configurations against desired configurations.

· Use Twistlock to manage OpenShift which automates the build, deployment, and management of containerized applications in a secure, available architecture

· Experience categorizing, selecting, and implementing security controls per NIST and FIPS requirements.

· Experience in time planning, prioritizing tasks, and managing resources to ensure effective delivery of resources.

· Experience reviewing security artifacts including, but not limited to, System Security Plans, inventories, screenshots of technical files, Scan data, requirement traceability matrices, control allocation tables, and security assessment reports.

· Teamed up with ISSO's to create and manage POA&Ms for identified system vulnerabilities and track findings to ensure that they are remediated and closured.

· Thoroughly read and review information system documents like System Security Plans (SSP), Security Assessment Reports (SAR) and Executive Summaries to ensure FISMA compliance.

· Worked as a team with co-workers to ensure that deliverables were completed with the highest quality and submitted on time as required by FISMA.

· Knowledgeable in thoroughly reviewed and assessing technical, operational and management controls following the RMF NIST 800-37 rev 1 methodology and other NIST 800 publications.

· · Experience with web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation

· · Maintain and enforces application security best practices. Supports opportunities for process improvement and implementation efforts.

· Perform security maintenance duties, such as performing analyses of vulnerabilities and providing recommended resolutions

· Experience with web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation

· Monitoring security events, correlating information from the functional areas to identify incidents, issues, threats, and vulnerabilities

· Develop and maintain security and incident response plans, playbooks, procedures, and other documentation.

· Develop and track remediation plans and make recommendations for risk management alternatives

· Managed security defects on Web application by running Static, Dynamic and Penetration test to generate vulnerability report.

· Experience monitoring threats via a SIEM console with significant experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, or intrusion prevention logs

· Assists in the administration and continuing implementation of the agency's comprehensive Information Security & Privacy Policy (ISPP). Leads audits, annual compliance, and risk exceptions with vendors.

· Knowledge of the capabilities and limitations of a wide range of equipment, software, and services necessary to develop and deliver information systems and solutions to meet the needs of the agency.

· · Monitor and maintain that audit logs are configured as agency's policy and devices are send logs to centralized log management tool

· Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise

· Effectively collaborating other Information Security teams such as Cyber Monitoring, Threat Intel, Forensics, Threat Detection and Vulnerability management teams as well as external teams in various lines-of-business to enable enhancements in the company's security posture

· Perform periodic vulnerability assessment using industry tools such as windows baseline analyzer, retina, Wireshark, and Nessus.

· Periodically review Active Directory (AD) to identify possible instances of authorization creep

· Participate in the implementation and review of audit trail logs and reporting mechanisms, vulnerability assessments, and penetration tests

· Interpreting and acting on results from various security technologies including SIEM, IDS/IPS, Endpoint Solutions, DLP, etc

· Perform Threat Modelling by Documenting the threats in the system and the approach to mitigate these threats.

· Vulnerability Management skills by documenting all vulnerabilities, prioritizing, signing to respective dev team, explaining the exploitability, and populating a Dashboard that will show progress and the status of each vulnerability.

· Scan our applications against OWASP Top 10 2017 to that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities

· Using Splunk to gain end-to-end visibility across the AWS environment. This includes critical security, operational and economic insights from services such as AWS CloudTrail, AWS Config, Amazon Inspector, Amazon VPC Flow Logs, Amazon CloudWatch, AWS ELB, Amazon CloudFront, Amazon S3 and AWS Billing.

· Develop a Splunk Dashboard for Account management and Audit log review

· Use Jira to create a security Vulnerability Dashboard as tracking mechanism whereby vulnerabilities are resolved in a time frame in support of the Agile methodology

· Proficient with Security Information and Event Management (SIEM) tools, network, and operating system security features (e.g., TCP/IP, UDP, Windows, Unix, Cisco, AD, LDAP

· Control assessment with CSAM to ensure documented control satisfy the description in the SSP and provide evidence to support the documentation

· ALL applications against OWASP Top 10 2017 to that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities

· Vulnerability Management skills by documenting all vulnerabilities, prioritizing, signing to respective dev team, explaining the exploitability, and populating a Dashboard that will show progress and the status of each vulnerability.

· Document traceability of technical specifications from requirements analysis through testing and validation

· Perform Threat Modelling by Documenting the threats in the system and the approach to mitigate these threats.

· Interpreting and acting on results from various security technologies including SIEM, IDS/IPS, Endpoint Solutions, DLP, etc.

· Experience with Microsoft security technologies such as Microsoft Defender for Endpoint, Microsoft Cloud App Security, and Azure Sentinel

· Working experience with the following technology vendors and products: Tenable Vulnerability Scanner, Windows Defender Antivirus, SolarWinds SEM, Carbon Black Protec

· Proactively monitor the environment to detect and implement steps to mitigate cyber-attacks before they occur.

· Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

· Assist with review of policy, security alerts, guidance, and regulations in IT Security Management.

· Perform Penetration Test using Burp Suite Pro to actively examine the system for weaknesses and vulnerabilities.

· Categorize, prioritize, and normalize an event to determine if it meets the threshold of a potential incident and declare an incident, if required following documented process.

· Based on the review of the process and steps taken to remediate an incident, suggest and implement improvements in the environment (such as improving technical controls) and/or improve the incident response process.

· Provided reporting on POA&M remediation for all systems upon request by the Federal Government using the CSAM tool as repository for all POAM documents.

· Managed security defects on Web application by running Static, Dynamic and Penetration test to generate vulnerability report.

· Supported Security Assessment and Authorization (SA&A) activities, by preparing the complete ATO package for the authorization official to make accreditation decision