Sumithra Arul's Email Addresses & Phone Numbers

application security engineer @ Audible, Inc. newark, new jerseySecurity Tester @ Cognizant Technology Solutions From December 2009 to January 2011 (1 year 2 months) Chennai Area, IndiaInformation Security Consultant @ MetLife • Lead the security assessment team of 10 members at offshore in performing Security Testing activities based on the project requirements.• Preparation of the Testing Artifacts...

application security engineer @ Audible, Inc. newark, new jerseySecurity Tester @ Cognizant Technology Solutions From December 2009 to January 2011 (1 year 2 months) Chennai Area, IndiaInformation Security Consultant @ MetLife • Lead the security assessment team of 10 members at offshore in performing Security Testing activities based on the project requirements.• Preparation of the Testing Artifacts like Test Plan, Test Strategy, Executive and Technical Reports, Rescan Reports and Secure Coding Best Practice documents• Ensure on time delivery of the testing artifacts and meet the project deadlines• Coordinate with the various Application development teams, Client side IT Risk and security teams and the Third Party Security teams such as Vera code, Prim eon and Accenture to conduct Security Testing of the applications and take the vulnerabilities to proper mitigation• Recommend preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.• Make the Application team understand the vulnerabilities and act as a liaison between the team and Vera code, Primeon and Accenture, in closing the finding and making the application in complaince with company standards.• Work on estimations, application prioritization, schedule creation for the deliverables• Provide Remediation Support to the Development team to fix the Security vulnerabilities identified as part of the vulnerability • Represent the Offshore team in the status and client calls, share weekly status reports with the Client.• Assist the client in understanding the entire security remediation during SDLC cycle and help them in addressing the security loopholes in the application.• Work with the site minder team, configuration team and multiple other teams within the company in order to address the findings and make the application secure. From December 2014 to September 2015 (10 months) Greater New York City AreaInformation Security Analyst @ Wyndham Hotel Group • Perform black-box assessment on web /mobile applications, thick client Applications, Native applications and Web services.• Vulnerability assessment to identify the business logic vulnerabilities in the applications.• Perform Automated/manual Assessment using IBM Appscan Standard edition, Qualys, and other open source tools.• Perform the Application core testing using both commercial and open source tools.• Performed Automated/manual Code Review using IBM Appscan Source edition, Fortify and other open source tools.• Database vulnerability assessment and auditing through Info sphere Gaurdium.• Lead the security testers in performing Security Testing activities based on the project requirements.• Preparation of the Testing Artifacts like Test Plan, Test Strategy, Executive and Technical Reports, Rescan Reports and Secure Coding Best Practice documents.• PCI compliance based assessment for applications to find the gaps that has to be remediated.• Review Application code to check the adherence to the secure coding guidelines.• Review and assess the mobile application from compliance and security perspective.• Ensure on time delivery of the testing artifacts and meet the project deadlines. From January 2011 to December 2014 (4 years) Chennai Area, IndiaSecurity Specialist @ Trafigura, Cognizant technology solutions Project Abstract Client is a leading player in manufacturing and logistics industry. This project is to perform vulnerability assessment and penetration testing to analyze the security posture of the client’s web application against attacks based on known vulnerabilities.Roles and Responsibilities • Discuss with client team to understand their current scanning process• Understand the scope of work in application.• Performed the Application core testing using both commercial and open source tools.• Performed Automatic Code Review using IBM Appscan tools and Nessus tools.• Generated different levels of reports as per the requirements.• Common testing areas where - Authentication Mechanism Testing, Access Control Management, Users Identity tracking, Session Management and Hijacking, Privilege Escalation, Injection flaws and Database enumeration by Custom SQL queries, Client-side scripting attacks• Inform the Development Team about the findings from the Security Testing, follow-up and guide them to the fix the issues and confirm the fixes by re-testing. This also includes Defect logging and monitoring.• Updating the Onsite Team on a day-to-day basis on the development and progress in the assessment performed.• Preparation of the Testing Artifacts like Test Plan, Test Strategy, Executive and Technical ReportsTechnologies / Tools Technology: Java Applications with JSF Framework.Tools: Appscan Standard Edition, Nessus , NMap FocaFree,SQL ninja , SQLMap , Fiddler , BurpSuite and other necessary open source tools From April 2014 to July 2014 (4 months) Chennai Area, India