Summary
Overview
Work History
Education
Skills
Websites
Accomplishments
Certification
Additional Information
Affiliations
Languages
Timeline
Generic

Pallav Dave

Edison,NJ

Summary

As an Application security Engineer I lead our application security program for our SaaS products to Build and mature application security practices and processes, with an automation first mindset, across the SDLC (Software Development Life Cycle) and Partner with Software Engineering, Cloud Infrastructure, Product Management, IT and other teams to make it easier for engineers to deliver secure applications, to improve our application security posture and to reduce risk to our customers and company .

Cyber Security Analyst with proficient and thorough experience and a good understanding of information technology. information security analyst with comprehensive knowledge and hands on experience using the Risk Management Framework (RMF), NIST special Publications (NIST SP 800s) and FIPS based on FISMA Act 2002. Extensively trained and industry certified expert in conducting audits and analyzing risks to ensure security, integrity, and reliability of information systems and data. Specialized in proactive network monitoring of SIEM (Splunk). Proven ability to collaborate cross-functionally to support clients, facilitate user risk and compliance training programs, and present recommendations to reduce risks and improve processes. Skilled in the utilization of vulnerability analysis, security risk assessment, and auditing tools and applications. Able to use various security tools to perform logs and packet analysis. Finally, can perform malware analysis with the overall objective to ensure confidentiality, integrity, and availability of the systems, networks, and data. Tech-savvy innovator with hands-on experience in emerging technologies and passion for continuous improvement. Skilled in identifying opportunities for technological enhancements and implementing effective solutions. Adept at leveraging new tools and methods to solve problems and enhance productivity. Excels in adapting to fast-paced environments and driving technological advancements. Demonstrates strong analytical, communication, and teamwork skills, with proven ability to quickly adapt to new environments. Eager to contribute to team success and further develop professional skills. Brings positive attitude and commitment to continuous learning and growth. Results-oriented achiever with proven ability to exceed targets and drive success in fast-paced environments. Combines strategic thinking with hands-on experience to deliver impactful solutions and enhance organizational performance. Security professional with extensive experience in ensuring application safety and integrity. Known for identifying and mitigating security risks while working closely with cross-functional teams. Consistently adaptable to changing security landscapes and focused on delivering reliable solutions. Skilled in vulnerability assessment and incident response with proactive and results-driven approach. Offering strong foundation in cybersecurity principles and practices, eager to learn and develop in professional environment. Brings understanding of secure coding practices and vulnerability assessments. Ready to use and develop skills in penetration testing and threat modeling in [Desired Position] role. Diligent [Desired Position] with deep understanding of application security principles and practices. Proven track record in identifying vulnerabilities and implementing security measures to protect systems and data. Demonstrated ability to collaborate with development teams and enhance security protocols. Developed skills in high-security environment with focus on application safeguarding and vulnerability management. Demonstrated ability to analyze complex security issues and implement effective solutions. Seeking to transition to new field, bringing proactive approach to problem-solving and commitment to maintaining high security standards. Professional in application security with strong background in identifying vulnerabilities and implementing robust security measures. Adept at collaborating with cross-functional teams to ensure secure software development and deployment. Known for adaptability in dynamic environments and results-driven approach. Skilled in threat modeling, penetration testing, and risk assessment. Reliable and flexible, consistently delivering high-quality outcomes. Experienced with identifying and addressing security vulnerabilities. Utilizes effective methods to safeguard applications and prevent breaches. Track record of collaborating with teams to implement robust security measures. Personable and highly analytical with robust understanding of cybersecurity principles and practices. Proficient in identifying vulnerabilities and implementing mitigation strategies to secure applications. Committed to leveraging technical skills to enhance system integrity and safeguard critical information. Energetic [Job Title] offering wealth of experience in technical troubleshooting and problem-solving business issues. Hardworking, educated, and willing to go extra mile to complete any task. Skilled programming in [Software] to develop [Type] applications. Dedicated Application Developer adept at creating new programs and solutions for [Industry] clients. Knowledgeable in [Area of expertise]. Successful technology career history comprising more than [Number] years. Motivated [Job Title] proficient in [Type] programming languages. Background in [Area of expertise]. Provides high level of service to clients in custom application development for mobile devices and proprietary customizations. Versatile developer with over [Number] years of leveraging software engineering and implementing new technologies to maximize development efficiency. Conducting extensive market and consumer research to translate into application features. Acquiring and applying new complex technology concepts in short period of time. Ambitious [Job Title] committed to formulating innovative solutions to challenges while optimizing processes. Polished in developing and implementing security plans and procedures and developing strategies to respond and recover from security breaches. Logical and analytical leader familiar with security tools and technologies such as firewalls and proxy servers. Watchful professional offering comprehensive, hands-on experience identifying, investigating, and responding to information security alerts. Expertise in searching through data-sets to detect threats and anomalies and administering metrics to maintain security processes and controls. Focused on helping businesses safeguard sensitive data from hackers and cyber-criminals. Organized and dependable candidate successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals. Pursuing full-time role that presents professional challenges and leverages interpersonal skills, effective time management, and problem-solving expertise. Hardworking and passionate job seeker with strong organizational skills eager to secure entry-level [Job Title] position. Ready to help team achieve company goals. Thorough team contributor with strong organizational capabilities. Experienced in handling numerous projects at once while ensuring accuracy. Effective at prioritizing tasks and meeting deadlines. Innovative technology professional with several years of diverse experience. Skilled in enhancing systems and aligning technical solutions with business objectives. Proven success in leading projects from start to finish and contributing to organizational growth and success. Experienced leader with strong background in guiding teams, managing complex projects, and achieving strategic objectives. Excels in developing efficient processes, ensuring high standards, and aligning efforts with organizational goals. Known for collaborative approach and commitment to excellence. Recent graduate with foundational knowledge in [Area of study] and hands-on experience gained through academic projects and internships. Demonstrates strong teamwork, problem-solving, and time-management skills. Prepared to start career and make meaningful contributions with commitment and drive. Detail-oriented individual with exceptional communication and project management skills. Proven ability to handle multiple tasks effectively and efficiently in fast-paced environments. Recognized for taking proactive approach to identifying and addressing issues, with focus on optimizing processes and supporting team objectives. Equipped with strong problem-solving abilities, willingness to learn, and excellent communication skills. Poised to contribute to team success and achieve positive results. Ready to tackle new challenges and advance organizational objectives with dedication and enthusiasm. Possesses versatile skills in project management, problem-solving, and collaboration. Brings fresh perspective and strong commitment to quality and success. Recognized for adaptability and proactive approach in delivering effective solutions. Proactive and goal-oriented professional with excellent time management and problem-solving skills. Known for reliability and adaptability, with swift capacity to learn and apply new skills. Committed to leveraging these qualities to drive team success and contribute to organizational growth. Dynamic individual with hands-on experience in [Area of expertise] and talent for navigating challenges. Brings strong problem-solving skills and proactive approach to new tasks. Known for adaptability, creativity, and results-oriented mindset. Committed to making meaningful contributions and advancing organizational goals.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Application Security Engineer

Saan International
09.2019 - Current

· Performing SAST (Static AppSec testing) and DAST (Dynamic AppSec testing assessment) on mobile and web application

  • Experience in development and execution of a Security Management program across multiple, agile software development teams
  • Experience testing and evaluating an application during runtime using tools like WhiteHat, Synopsys, Veracode, Checkmarx etc.

· Experienced in Vulnerability Scanning, Vulnerability Remediation, and Secure Configurations support (i.e., DISA STIGS and SRGs)

· Develops and implement manual and automated web application security testing of e-commerce web applications to enforce security standards.

· Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations

· Experience with the entire SDLC process to check in and check out tools. This includes experience with CI/CD and Code Repositories like Jenkins, TFS, Gitlab, GitHub etc.

· Experience using automated Static Code Analysis (SCA) tools, such as Find Bugs, Coverity, Klocwork, and SonarQube.

· Experience with penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc.

· Experience with threats and solutions relating to web applications including cross-site scripting, URL manipulation, SQL injection

· Threat model web applications and work with development team throughout the SDLC

· Experience with industry standard application security testing tools such as White Hat, IBM Application Scan, HP Fortify, Web Inspect, Burp Suite, etc.

· perform on-going security code and testing review to improve software security

· Knowledge and familiarity with Software Development Lifecycles (SDLC); including both Waterfall and Agile methodologies.

· Monitor logs and review alerts while identifying, remediating, and escalating incidents that occur within the environment.

· Experience with Cloud Security, IAM, Security Audit and Monitoring, Cloud Network Controls, Security Vulnerability Management, Security Incident Management, and Penetration testing.

· Work with developers to communicate and track critical security vulnerabilities within application code. Assist in automating code scanning and tickets for vulnerabilities.

· Implement best practices for SSDLC and for Application security

· Provide guidance on secure CI/CD and API enabled delivery

· Automate and integrate security processes and controls throughout our entire SDLC, from IDEs to source control systems to CI/CD pipelines to production deployments.

· Perform hands on (white box / grey box) end to end application security assessments including source code reviews, vulnerability scans, manual pen tests and possibly lean threat modeling or design reviews.

· Perform vulnerability assessment, and penetration testing on vehicle applications (including but not limited to Cloud services, APIs, mobile/web application)

· Perform third-party libraries security assessment and dependency analysis such as OWASP dependency checks for Java applications and Retire Js for JavaScript and Node Js.

· Experience with web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation

· Build threat models and control catalogs for software teams; stay current on emerging threats.

· Develop test plans, automation, and processes to validate that application security controls and features are correct and complete; audit controls and identify areas for improvement.

· Select, deploy, and configure tools for security testing of applications and systems.

  • Conduct effective risk assessments and threat modeling in a rapidly changing environment
  • Configuration Management and Compliance – Know how your application is configured and whether it follows your policies (e.g., Ansible, Chef, Puppet)

· Using Twistlock to manage all our containers from vulnerability and compliance standpoint

· Securing container technologies (such as Docker and Kubernetes)

· Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers and company

· Develop and maintain technical documentation around the discovery and mitigation of threats and vulnerabilities

· Deep understanding of web application security threats, vulnerabilities, exploits, and prevention (SQL Injection, XSS, CSRF, platform hardening, etc.)

· Experience with Agile/SCRUM software development models.

· Knowledge of web related technologies (web applications, web services, and service-oriented architectures) and of network/web related protocols.

· experience with server operating systems including Microsoft Windows, Red Hat Enterprise Linux, etc.

· Securely manage secrets for Continuous Integration servers and applications

· Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers and company

· Implementing secure development practices in to SDLC

· Pull reports from Tenable for vulnerability reports on hosts, break down reports to applicable components in the boundary and discuss the finding with server POC.

· Demonstrated direct project experience driving security considerations through all phases of the Software Development Lifecycle (SDLC)

· Proficient in static and dynamic vulnerability analysis and penetration testing techniques such as fuzzing

· Perform application security scans for all web applications, mobile applications, and APIs as part of development process and in accordance with High-Risk Application Security Management Standard and DevSecOps methodology.

· Perform monthly security scans using Nessus tool to verify the configuration, patch, and vulnerabilities on systems in scope. Follow-up with internal and external stakeholders and keep the track of vulnerabilities and remediation status.

· Experience implementing security solutions that resolve security and business risk trade-offs
· An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP)

· Use Jira to create a security Vulnerability Dashboard as tracking mechanism whereby vulnerabilities are resolved in a time frame in support of the Agile methodology

· Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement

· Conduct meeting with DevOps teams on vulnerability management on both our applications and our servers that are running.

· Perform security monitoring and incident response of cyber security events for proper determination of being considered a cybersecurity event

· Provide security expertise and technical leadership while collaborating with security specialists, program managers, developers,and all levels of management to execute on strategic and tactical goals to improve security of applications, software code, and infrastructure.

· Deep knowledge of network mapping, vulnerability scanning, penetration testing, and Web Application testing

· Experience identifying, exploit, and remediate common application vulnerabilities through use of tools and code review

· Conduct security assessment when new systems are added to our boundary by provided security evidence shows that application control is implemented or planned.

· Review current security system configurations for correctness; monitor, report and investigate access to determine unauthorized access attempts; provide continuous testing of systems for situations requiring corrective action.

· Performing vulnerability assessment and penetration testing practices at SWIFT, covering the full assessment life cycle (Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, and Reporting)

· Create and maintain Application Security policies including secure coding policies, procedures and standards, coding standards, and the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.

· Customize Scanning Rules to reduce False Positives vulnerability Scanning – Automatically identify known issues in your application for penetration testing (e.g., Nessus) Infrastructure as Code – Ensures the application is deployed securely and without errors in a repeatable manner (e.g., Ansible).

· Create process documents from security tools into daily security operations.

· Report and communicate security issues and topics to technical and non-technical audiences

· Monitor logs and review alerts while identifying, remediating, and escalating incidents that occur within the environment.

· Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement

· Experienced in languages such: Java, JavaScript

· Weekly account tracking to make inactive accounts are deleted and all accounts follows security policies

Snr Information Security Analyst

Building Solutions And Design
09.2017 - 07.2018

· Participate in security NIST based incident response process including event handling, process reviews and tabletop exercises. Supervise all investigations into problematic activity and provide on-going communication and reports significant security events to the board, supervisory committee, and management as appropriate.

· Experience with network and related protocols (TCP/IP, HTTP, VPNs, etc.) and ability to use inspection tools (Burp, Wireshark, etc.)

  • Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
  • Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS etc.).

· Experience managing temporary ATO's due to unforeseen contingencies realized during assessments leading to the creation of open POA&M's to track and remediate critical and high vulnerabilities before a 3-year ATO can be granted.

· Assessed information systems to make sure the controls are implemented correctly and performing their assigned functions following NIST 800 special publications especially NIST 800-53 and Federal Information Processing Standards (FIPS).

  • Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.

· Knowledgeable in thoroughly reviewed and assessing technical, operational and management controls following the RMF NIST 800-37 rev 1 methodology and other NIST 800 publications.

· Align all the security procedure to fit correctly in Risk management Framework in Support of the SCA process

· Performed security categorization using (FIPS 199) / and NIST 800-60 as implementation guide, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and ensure FISMA compliance.

  • Reviews firewall rules on a period basis to ensure all are required and are properly configured.
  • Ensures all shared services teams responsible for operation duties are executing as required (e.g., daily log reviews such as firewall logs, server logs, etc.).
  • Overseeing analysis processes and standards for business and system requirements and capabilities (e.g., access controls) including data gathering, calculations, and formal reporting
  • Monitor computer network for security issues
  • Supporting and maintaining Security tools including, Orion NetFlow, Wireshark, IAM etc
  • Experience with encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management.

· Review daily log reports generated from information security systems and escalate anomalous behaviors.

· Serve as a liaison between development teams and stakeholders to understand and formulate complex security requirements.

· Implements the information security strategy and objectives, as approved by the Chief Information Officer, including strategies to monitor and address current and emerging risks

· Contribute to the organizations security policies, procedures, and processes.

· Contributes to, and where appropriate creates and maintains, the enterprise's security documents (policies, standards, baselines, guidelines, and procedures) in collaboration with the Chief Information officer.

· Reviewed security authorization documentation including security plan, risk assessment, contingency plan, privacy threshold analysis, and other required deliverables for an ATO package.

· Experienced with AWS config to monitor our resources and keep an appropriate baseline

· Use AWS Cloud Trail to track events such as authorized an unauthorized

· Uses AWS Config to assess, audit, and evaluate the configurations of your AWS resources.

· Use AWS Config continuously monitors and records your AWS resource configurations and automate the evaluation of recorded configurations against desired configurations.

· Use Twistlock to manage OpenShift which automates the build, deployment, and management of containerized applications in a secure, available architecture

· Experience categorizing, selecting, and implementing security controls per NIST and FIPS requirements.

· Experience in time planning, prioritizing tasks, and managing resources to ensure effective delivery of resources.

· Experience reviewing security artifacts including, but not limited to, System Security Plans, inventories, screenshots of technical files, Scan data, requirement traceability matrices, control allocation tables, and security assessment reports.

· Teamed up with ISSO's to create and manage POA&Ms for identified system vulnerabilities and track findings to ensure that they are remediated and closured.

· Thoroughly read and review information system documents like System Security Plans (SSP), Security Assessment Reports (SAR) and Executive Summaries to ensure FISMA compliance.

· Worked as a team with co-workers to ensure that deliverables were completed with the highest quality and submitted on time as required by FISMA.

· Knowledgeable in thoroughly reviewed and assessing technical, operational and management controls following the RMF NIST 800-37 rev 1 methodology and other NIST 800 publications.

· · Experience with web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation

· · Maintain and enforces application security best practices. Supports opportunities for process improvement and implementation efforts.

Security Compliance Analyst

Sunoco Logistics
10.2015 - 07.2017

· Perform security maintenance duties, such as performing analyses of vulnerabilities and providing recommended resolutions

· Experience with web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation

· Monitoring security events, correlating information from the functional areas to identify incidents, issues, threats, and vulnerabilities

· Develop and maintain security and incident response plans, playbooks, procedures, and other documentation.

· Develop and track remediation plans and make recommendations for risk management alternatives

· Managed security defects on Web application by running Static, Dynamic and Penetration test to generate vulnerability report.

· Experience monitoring threats via a SIEM console with significant experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, or intrusion prevention logs

· Assists in the administration and continuing implementation of the agency's comprehensive Information Security & Privacy Policy (ISPP). Leads audits, annual compliance, and risk exceptions with vendors.

· Knowledge of the capabilities and limitations of a wide range of equipment, software, and services necessary to develop and deliver information systems and solutions to meet the needs of the agency.

· · Monitor and maintain that audit logs are configured as agency's policy and devices are send logs to centralized log management tool

· Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise

· Effectively collaborating other Information Security teams such as Cyber Monitoring, Threat Intel, Forensics, Threat Detection and Vulnerability management teams as well as external teams in various lines-of-business to enable enhancements in the company's security posture

· Perform periodic vulnerability assessment using industry tools such as windows baseline analyzer, retina, Wireshark, and Nessus.

· Periodically review Active Directory (AD) to identify possible instances of authorization creep

· Participate in the implementation and review of audit trail logs and reporting mechanisms, vulnerability assessments, and penetration tests

· Interpreting and acting on results from various security technologies including SIEM, IDS/IPS, Endpoint Solutions, DLP, etc

· Perform Threat Modelling by Documenting the threats in the system and the approach to mitigate these threats.

· Vulnerability Management skills by documenting all vulnerabilities, prioritizing, signing to respective dev team, explaining the exploitability, and populating a Dashboard that will show progress and the status of each vulnerability.

· Scan our applications against OWASP Top 10 2017 to that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities

· Using Splunk to gain end-to-end visibility across the AWS environment. This includes critical security, operational and economic insights from services such as AWS CloudTrail, AWS Config, Amazon Inspector, Amazon VPC Flow Logs, Amazon CloudWatch, AWS ELB, Amazon CloudFront, Amazon S3 and AWS Billing.

· Develop a Splunk Dashboard for Account management and Audit log review

· Use Jira to create a security Vulnerability Dashboard as tracking mechanism whereby vulnerabilities are resolved in a time frame in support of the Agile methodology

· Proficient with Security Information and Event Management (SIEM) tools, network, and operating system security features (e.g., TCP/IP, UDP, Windows, Unix, Cisco, AD, LDAP

· Control assessment with CSAM to ensure documented control satisfy the description in the SSP and provide evidence to support the documentation

· ALL applications against OWASP Top 10 2017 to that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities

· Vulnerability Management skills by documenting all vulnerabilities, prioritizing, signing to respective dev team, explaining the exploitability, and populating a Dashboard that will show progress and the status of each vulnerability.

· Document traceability of technical specifications from requirements analysis through testing and validation

· Perform Threat Modelling by Documenting the threats in the system and the approach to mitigate these threats.

· Interpreting and acting on results from various security technologies including SIEM, IDS/IPS, Endpoint Solutions, DLP, etc.

· Experience with Microsoft security technologies such as Microsoft Defender for Endpoint, Microsoft Cloud App Security, and Azure Sentinel

· Working experience with the following technology vendors and products: Tenable Vulnerability Scanner, Windows Defender Antivirus, SolarWinds SEM, Carbon Black Protec

· Proactively monitor the environment to detect and implement steps to mitigate cyber-attacks before they occur.

· Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

· Assist with review of policy, security alerts, guidance, and regulations in IT Security Management.

· Perform Penetration Test using Burp Suite Pro to actively examine the system for weaknesses and vulnerabilities.

· Categorize, prioritize, and normalize an event to determine if it meets the threshold of a potential incident and declare an incident, if required following documented process.

· Based on the review of the process and steps taken to remediate an incident, suggest and implement improvements in the environment (such as improving technical controls) and/or improve the incident response process.

· Provided reporting on POA&M remediation for all systems upon request by the Federal Government using the CSAM tool as repository for all POAM documents.

· Managed security defects on Web application by running Static, Dynamic and Penetration test to generate vulnerability report.

· Supported Security Assessment and Authorization (SA&A) activities, by preparing the complete ATO package for the authorization official to make accreditation decision

Education

Bachelor of Science - Computer Science

Old Dominion University
Norfolk, VA
05.2021

Skills

Network Packet Analysis

Advanced Threat Detection

Analyzing network traffics

Cloud computing and infrastructure (AWS, Google Cloud Platform, Azure, OpenStack)

Security vulnerability from source code testing

Pen testing (Burp Suite)

Java, Java script, C

Python

Ansible

Security Event Response

Strong knowledge in Intrusion Detection

Endpoint protection

PowerShell scripting

Risk Management Framework and POA&M remediation

Runtime Application Self-Protection (RASP)

Lead Dynamic Application Security Testing (DAST)

Lead Static Application Security Testing (SAST)

Lead Interactive Application Security Testing (IAST)

Mobile Application Security Testing (MAST)

Strong Jira experience

Coordinate testing activities with both InfoSec and Dev teams

SCA (Software Composition Analysis)

Accomplishments

· Lead Dynamic Application Security Testing (DAST) team

· Lead Static Application Security Testing (SAST) team

· Lead Interactive Application Security Testing (IAST) team

Certification

· AWS Solutions Architect (AWS)

· AWS Certified Security – (AWS) Specialty

· CompTIA Advanced Security Practitioner (CASP)

· Certified Information Security Manager (CISM)

· Certified secure software development lifecycle (CSSLP)

· Certified Information system Security professional (CISSP) (ISC)

Additional Information

SONARQUBE, SECURITY ASSESSMENT AND AUTHORIZATION, OPENSHIFT, BURP SUITE PRO, GIT, JENKINS, POSTMAN, DOCKER, JIRA, STRONG PROFICENCY REPORT WRITING CONFLUENCE, AWS CONSOLE, SPLUNK, MCAFEE, VULNEARABILITY MANAGEMENT, OWASP DEPENDENCY CHECK, RETIRE JS, OWASP ZAP, TWISTLOCK, VERACODE, CSAM, CFACTS, XACTA, DOCKER, IDS/IPS, NESSUS VULNEARBILTY SCANNER, VERACODE, SIEM, WAF, WIRESHAKE, ARCSIGHT

Affiliations

· NIST 800-series Rev. 4

· ISO 27001 and 27002

· SOX section 404

· PCIDSS

· HIPPA

Languages

Spanish
Professional Working
English
Native or Bilingual

Timeline

Application Security Engineer

Saan International
09.2019 - Current

Snr Information Security Analyst

Building Solutions And Design
09.2017 - 07.2018

Security Compliance Analyst

Sunoco Logistics
10.2015 - 07.2017

Bachelor of Science - Computer Science

Old Dominion University
Pallav Dave