Naresh Kumar

Cybersecurity professional with over 8 years of experience in IT, specializing in vulnerability management and assessment. Proficient in OWASP top 10, DEPS procedures, and threat modeling. Skilled in SAST/DAST code review and familiar with tools such as Fortify, Nessus, and Veracode. Strong background in Linux/Unix and version control systems including GitHub and GitLab.

• Microsoft Certified Azure fundamentals (AZ-900)
• Certified in Cybersecurity (CC) certification with ISC2
• OCJP Certified Programmer for Java Standard Edition 6.0
• O Level certificate from DOEACC [New Delhi]

1. Portrait Mobile Solution, GE Healthcare, Product Security Analyst (PSR), 2 Years, Burp Suite, Nessus, BlackDuck scan, Dependency Checker, GitHub, HCL Compass, My workshop, Creating the DEPS documents (SRA, PIA, Threat Model, MMSR, Baseline risk control list), and upload these documents on eSG portal., Using the eSG portal to perform Vulnerability assessment., Create HIPPA document/ Assessment for Portrait Core Services (Sub system)., Deploying the Portrait Core Services on EHL server and performing security scan., Creating Software Bill of Materials (SBOM, VSBOM, and Disclosure SBOM using Anchore syft, DC tools)., Performed container scan and third-party dependency using DC tool., Perform Black duck scan to check the version vulnerability and upgrade of SOUP., Perform SAST/DAST code review and create assessment reports., Using the Burp suite tool to scan the application., Using Nessus tool to scan infrastructure Network., Analyzing the Nessus and Burp suite vulnerabilities., Creating the SPR against non-mitigated vulnerability using HCL Compass tool. 

2. Dell Emc, Dell (US), Sr. Cyber security consultant, 1.1 years, Burp Suite, Veracode, Nessus, CyberArk, JavaScript, GitHub, ServiceNow, performed code scan and dependency check, performed DAST scan using the Burp Suite tool on the application, triaging the application, verifying the vulnerability risk, working with all environments to achieve the target before the given time period, setting the severity of the vulnerability, triaging the false positive flaws, communicating with the developer team and providing the mitigation notes, integration of the third-party application with the Veracode tool

3. Voya Financial and Health Check, Voya Financial (US), Code Reviewer, 1 year 4 months, Fortify scan 19.1, Veracode, CyberArk, Java 1.7, GitHub, ClearCase, ServiceNow, Dependency checker, JFrog X-ray scan, performed code scan and code review SAST and DAST, performed dependency check scan and X-ray scan for third-party dependencies, uploading the application to scan on Veracode tool and triaging the application, verify and approve the vulnerability risk, discuss with the developer team to fix the vulnerability, using ServiceNow as an administrator, create custom application in ServiceNow, create new user and user group in ServiceNow, assigning the role to the new user group 

4. Channel Partner Profile, HP, Software Engineer, 4 months, Fortify scan, SQL Server, CyberArk, Veracode, JFrog Artifactory, Java 7, Burp Suite, ServiceNow, performed code scan and dependency check, uploading the application to scan and triaging on Veracode tool, verify and approve the vulnerability risk, discuss with the developer team to fix the vulnerability, performed code scan and dependency check, uploading the application to scan on Fortify tool, triaging the application, prepare the report using SQL Server, set the risk rating for finding vulnerability, discuss with the developer team to fix the vulnerability 

5. ABHRA IT Infrastructure, ABHRA, Security Engineer, 9 months, Fortify scan, CyberArk, JFrog Artifactory, SQL Server, Dependency checker, performed code scan and dependency check, uploaded the application to scan on the Fortify tool, triaged the application, prepared the report using SQL Server, set the risk rating for finding vulnerabilities, remediated how to fix the vulnerabilities, and discussed with the developer team to fix the vulnerabilities 

6 CrestShop, Crestech, 1.3 years, 6, Java, Spring Boot 1.5, Maven 3.2, STS 3.5, Rest WS, SQL Server, Tomcat, as a developer for CrestShop, my main responsibilities in this application were to develop functionality of the application, be responsible for coding the application, demonstrate the application to the functional team (BAs), write and execute the defects found by the testing team, Audit Analysis System, Motherson Corporate, Java Developer, 1.1 years, JEE, Spring Boot 1.5.8, JPA, Hibernate, Eclipse, MySQL, Service Now, Tomcat 7.x, be involved in enhancement activities, be involved in preparing the flow of execution document of an application, code and unit testing, work on Spring Boot, and use the Service Now tool for ticketing purposes

Fortify, Nessus, Black Duck, Veracode, Burp Suite, Dependency Checker, JFrog X-Ray Scan, Nmap, Linux/Unix, GitHub/GitLab, ClearCase, Service Now