Hema Kumar
Web Application Penetration Tester
Hyderabad,TG
Summary
Cyber Security geek with overall 11 years of IT experience and 6 years of relevant experience in Information Security Domain. Has been working on Web Application security, Mobile Application Security, API Security assessments, Network Vulnerability assessments, Secure code review, Threat Modelling
Overview
3
3
Languages
4
4
years of post-secondary education
11
11
years of professional experience
Work History
Technical Lead
Application Security, Legato
06.2020 - Current
- Perform Manual Penetration test for all Decare applications using Burp suite.
- Creating detailed report about vulnerabilities with remediation steps and send it over to dev team.
- Coordinating with the respective development team to remediate the identified potential vulnerabilities and helping them in fixing the vulnerabilities.
- Perform Qualys scan on all Decare applications and send the scan report (Server related vulnerabilities) to respective teams.
- Identify fix and perform impact analysis and confirming with respective appdev owners about the impact and creating SNOW tickets to get fix implemented in Production.
- Perform the Qualys scan again to make sure the fixes got implemented and those vulnerabilities are not occurring in the next scan on biweekly basis.
- Perform veracode scan of all Decare applications and send out the detailed scan report to respective dev teams.
- Based on the bandwidth we used to fix the vulnerabilities by cloning the code from Bit Bucket into Eclipse IDE and will do initial analysis whether its false positive or vulnerability exists in veracode tool.
Information Security Analyst
Wells Fargo
07.2014 - 05.2020
- Performing the Dynamic Application Security Testing on the, internal and public facing Web applications, APIs and Mobile applications to identify the potential vulnerabilities.
- Ensuring that automated tests are completed successfully.
- Reviewing test results from tools, verify/validating defect fixes.
- Providing ad-hoc penetration testing as necessary for defects/issues identified by the industry.
- Providing application security consulting SME Support to developers and assist developers with understanding of security defects and risk.
- Responsible and accountable for timely delivery of high quality deliverables and strive to achieve metrics.
- Preparing the security testing report including all the evidences and POCs of vulnerabilities existed in the application.
- Coordinating the with the respective development team to remediate the identified potential vulnerabilities and helping them in fixing the defects.
- Conducted corporate security awareness programs and Ethical Hacking trainings.
- Being a quick and efficient learner, I can get trained on new technologies.
- Practical experience in Python programing language and Bash Scripting, Java Scripting.
- Sound knowledge on networking concepts like OSI Layers, TCP/IP, Network protocols.
- Good knowledge on Cryptography concepts like PKI, Digital Signatures & Certificates.
Senior QA Engineer, Value labs
11.2012 - 07.2014
- Analyzing Requirement from travels (clients).
- Responsible for preparing the test cases.
- Responsible for Web Application Functional Testing ,Admin, Web Services Testing.
- Executing the Manual test cases.
- Sanity Testing, Regression testing, Adhoc Testing.
- Bug Reporting in Bugzilla Tool.
- Discussion of bugs with Development teams.
QA Engineer
Knoahsoft
Hyderabad
06.2010 - 11.2012
- Requirement analysis of Speech Analytics and created process flow diagrams using Mind Map tool.
- Tested all components in different environments like Cisco Express, IPT, and Enterprise in 6.0 and 7.0 versions and also in Avaya environment.
- Involved in Functionality, Regression, Security, Performance, Concurrency testing.
- Prepared bug reports and tracked defects using defect tracking form.
- Created Deployment Architecture Diagrams.
- Installed product at client places through Remote access.
Education
BTECH - Information Technology
JTNU Kakinada University
Vishakapatnam 06.2006 - 06.2010
Skills
VAPT
Certifications/Trainings
Certifications/Trainings:.
- My udemy course (https://www.udemy.com/course/practical-bug-bounty-techniques-complete-course/?referralCode=F573129E48B546CB30E5).
- YouTube channel (https://www.youtube.com/channel/UCwA3Ob99xJUCyY5kiLz0_TA).
- Given lot of OWASP Top 10 trainings at Organization level with hands on practice.
- Given trainings on the Best Security Coding practices to the development team.
- CSX (Cyber Security Fundamentals).
- OSCP (Pending in September).
- Cybrary (Advanced Web application Penetration Testing Course with Certificate).
- PEH, Windows Privilege and Linux Privilege courses by Cyber Mentor.
- Active Player in HacktheBox, Portswigger web academy, YesweHack and pentesterlab.
- Hall of Fame Reported five vulnerabilities to newseaonsmarket.com and one vulnerability to roblox.com and one vulnerability for mobikwik, and 4 vulnerabilities to GM (General Motors), I reported potential security vulnerabilities in their web applications.
- Active Bug bounty Hunter in Hackerone, Bug crowd, Yeswehack and Public programs.
Timeline
Technical Lead
Application Security, Legato
06.2020 - Current
Information Security Analyst
Wells Fargo
07.2014 - 05.2020
Senior QA Engineer, Value labs
11.2012 - 07.2014
QA Engineer
Knoahsoft
06.2010 - 11.2012
BTECH - Information Technology
JTNU Kakinada University
06.2006 - 06.2010
Similar Profiles
Pivot NgoyPivot Ngoy
Security Operations Analyst Intern at Legato SecuritySecurity Operations Analyst Intern at Legato Security
Cody YatesCody Yates
SOC Analyst at Legato SecuritySOC Analyst at Legato Security
Dr.Malay Joshi (PT, PGDHM)Dr.Malay Joshi (PT, PGDHM)
Product Owner at Legato Health TechnologiesProduct Owner at Legato Health Technologies