AMIT KUMAR SWAIN

o Maintain and Troubleshoot LAN Connection Errors. o Network troubleshooting using ping, tracert, telnet. o Resolving Network, System Related and Virus-Related issues. o Installing Operating Systems, new software, and Antivirus. o Administrative Password Reset & Giving Access.

Job Profile: Project: IT Compliance (March 2019 – September 2019) ❖ Performed dynamic analysis security testing (DSAT) using IBM App scan. ❖ Security assessment of applications using Burp Suit Pro to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging. ❖ Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure. ❖ Risk associated with vulnerability explained to the project team for better understanding and guiding project team towards its closure / remediation. ❖ Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue. Project: Financial Client (January 2016 – February 2019) ❖ Perform infrastructure penetration tests, as well as physical security review and social engineering tests for aligned client. ❖ Provided detailed reports on the findings of Infrastructure penetration tests including mitigation and remediation activities. ❖ Lead Security Engineer of an Assessment Team doing full vulnerability assessments and compliance scanning of the client infrastructure weekly basis and reviewed security standard and security baseline for the client. ❖ Perform review and analyze security vulnerability data to identify applicability and false positives. ❖ Drive monitoring of security events using Manage Engine Event Log Analyzer and other feeds like DLP, Symantec Antivirus & MFA, looking for significant events, and processing reports of unexpected activities. ❖ Collaborate with team members in tuning SIEM applications in an effort to establish a baseline for network activity and rule out false positive events. ❖ Performed risk assessments to ensure corporate compliance.

Job Profile: ❖ Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures. ❖ Performed host, network, and web application penetration tests. ❖ Proposed remediation strategies for remediating system vulnerabilities. ❖ Skilled using Burp Suite, NMAP, Dirbuster, Qualys VM and WAS, Nessus, SQLMap, Websploit, WPscan, Nikto, Metasploit, Testssl etc. for web application penetration tests and infrastructure testing. ❖ Capturing and analyzing network traffic at all layers of the OSI model ❖ Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality. ❖ Security testing of APIs using SOAP UI & Postmaster. ❖ Identification of Injection, Business logic, Authentication, Session Management, etc... related flaws in applications and encasing attack scenarios and associated risk to business. ❖ Providing remediation to the developers based on the issues identified. ❖ Revalidate the issues to ensure the closure of the vulnerabilities. ❖ Work towards develop the policies, standards and procedures related to Security Management.

Job Profile: ❖ Performed Infrastructure and Cloud Penetration testing using NMAP, Metasploit, Rapid 7 and publicly available exploits within the parameters defined by rules of engagement coordinated with the Project Team. ❖ Performed segmentation testing on PCI environments to fulfill PCI requirements. Also, Co-ordinate with Network to fix the issue if any issue found on segmentation testing. ❖ Perform Web application testing as per project requirements. ❖ Communicated technical vulnerabilities and remediation steps to developers and management. ❖ Co-ordinate with the Project team to tracking, validate, assess, understand root cause and mitigate vulnerabilities. ❖ Performed Cloud control Audits. ❖ Working with both Cloud team and project team to remediate issues found on Wiz scan. ❖ Worked with external vendors to perform penetration tests on network devices, operating systems, databases, and Applications as necessary. ❖ Providing preventive, mitigating and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. ❖ Assisting customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality. ❖ Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project. ❖ Port scan servers using NMAP and close all unnecessary ports to reduce the attack surface. ❖ Ran Vulnerability scan and compliance scanning on machines and reviewed security standard and minimum-security baseline for DN. ❖ Reviewing and approving MSB Controls. ❖ Perform other essential duties as assigned.