Jayaprakash Reddy

Strong experience of web application vulnerability assessments, penetration testing. Ability to conduct penetration testing for well-known technologies and known security flaw concepts SQL Injection, XML injection, XSS, CSRF, IDOR, Path Traversal, etc. Extensive experience in troubleshooting the network with the Packet capturing in Wire shark and resolving the issues. Identification of different vulnerabilities of applications by using proxies like Burp suite to validate the server-side validations. Proven experience in manual/automated security testing in OWASP Top 10 Security related issues. Good knowledge and understanding of Software Development Lifecycle (SDLC) and Software Testing Lifecycle (STLC) for different development methodologies. Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control. Experience in different web application security testing tools like Burp suite, SQL map, OWASP ZAP Proxy, Cookie Manager, Nmap. Experience in Web Application and Manual pen Testing. Experience in preparing Test Plan and Test Scenarios. Created and Documented Testing procedures for test life cycles and quality assurance. Experienced Senior Associate driven to optimize processes and streamline operations for team efficiency. Decisive leader with an analytical and flexible approach to solving problems.

Cloud Kinetics Technology Solution Pvt Ltd, 

Duration - 09/2022 to  02/2024.

Project Names: Equinix Applications, Database and Cloud. 

Environment/Skills Used: OWASP TOP 10 Vulnerabilities, Burp suite Proxy, Nmap, Kali Linux, ZAP.

• Supported product managers and development teams across all phases of testing from planning to execution, troubleshooting, and reporting within a high-volume, agile environment.
• Manage priorities when assigned to multiple teams.
• Additionally, assist Team Members in priority management.
• Created automated load testing scripts, using JMeter and Visual studio.
• Performed Security testing i.e. Penetration Testing, Vulnerability assessment (VAPT) and provided the report with an assessment, using OWASP ZAP 2.9.0 and Burp Suite.
• Participating in all aspects of product testing, including test plan development, execution, and delivery of well- tested solutions with a short time to release. Independently analyzes issues, recommends software changes, and writes detailed bug reports.
• Creates and maintains ownership of test cases and test results throughout SDLC and STLC.
• Provides the highest level of customer service to customers, whether these are current or prospective clients of the Company, vendors, staff, business partners, or visitors.
• Collaborated with developers and project managers to assess program capabilities, features, and testing demands.
• Tracked, prioritized, and organized defects with Jira, working with the development team to facilitate timely corrections.
• Conducting Application vulnerability assessments with manual testing and automated scanners.
• Reporting Vulnerability findings to Application owners and helping them in remediation of vulnerabilities.
• Conducting Project Security Reviews, security requirements and design reviews to implement security at Concept & analysis phases in SDLC.
• Conducting periodic Security Risk Assessments for High-Risk applications.
• Evaluating the application security classification by conducting risk assessment meetings with clients.
• Performing exploitation, vulnerability and penetration assessments that identify current and future internal and external security vulnerabilities.
• Performing vulnerability scanning and penetration test. To analyze the information and determine the risk to the organization.
• Web Application Pen-test based on OWASP standards and testing guide and reporting to the client.
• Manual Web application testing using burp suite, Firefox add-ons, kali Linux tools and Automated Testing using Burp suite Pro, Zap.
• Performed penetration testing using automated tools for web application. Documenting the vulnerabilities and prioritizing remediation plans.

Security Analyst, 

Nirant Technologies, 

12/2019 to 08/2022, 

Client: Millennium (Liquid Analytics Patient Mastering) 

Environment/Skills Used: Burp suite Proxy, Nmap, Kali Linux, ZAP., Application Security Analysis (Manual & Automated) 

• Experience in web applications to proven effort estimates for conducting security assessments.
• Experience in remediation review and recommendations to vulnerabilities identified during Security Assessments.
• Experience in preparing executive reports for every assessment.
• Also conduct closing meeting calls with respective clients.
• Experience in assisting short term client engagements for Vulnerability assessment and Penetration Testing.
• Check for regular security updates from standard bodies such as: Open Web Application Security Project (OWASP).
• Preparing documents on Security methodologies of various app modernization projects.
• Security monitoring, managing security cases & tickets, security incident analysis, and other security tasks. Security Analyst.

Nirant Technologies 

Duration - 05/2017 to11/2019.

Client: NIRD and APSSDC, 

• Application Security Analysis (Manual & Automated) experience of web applications using Burp Suite tools.
• Interacting with Application development teams to guide them on the observations reported and the impact of its exploitation.
• Suggesting remediation recommendations for failed controls for vulnerability assessment and code reviews.
• Preparing executive reports for every assessment.
• Also conduct closing meeting calls with respective clients.
• Provide effort estimates for conducting security assessments.
• Assisting short term client engagements for Vulnerability assessment and Penetration Testing.
• Trained dev teams on imparting security related incidents and the remediation to secure the applications from external threats.
• Reporting the Web Application testing vulnerabilities which are found during Manual Testing and depicting/justifying the false positive and true positive vulnerabilities in Automated App scan reports.
• Scanning the entire network by configuring related sites in expose and generating the vulnerability reports accordingly.

hp India Pvt ltd

(P&G) 

Role - SAP Security, SAP R/3

Duration - 02/2010 to 01/2016.

• SAP User access Management CM/BG user creation and administration which gives access to SAP background users (E.g. SAP user auto lock is being done by Background SAP users) as well as the Communication users (E.g. SAP automated E-mails being sent by Communication User IDs)
• Escalate the tickets to EAI team for password Sync Transportation of SAP roles from development systems to non-production and production systems
• Experienced in configuration and implementation of security changes (including Documentation of RFC) in SAP Localization of SAP Roles/Creation of SAP roles as per the region for which the SAP parent role need to be localized and inherited to the child role