fa882c92-9d92-4196-8905-f1b86b774c57

Andrew Smith


Phone:

(000) 000-0000

Email:

[email protected]

Address:

287 Custer Street, Hopewell, PA 00000

Professional Summary

 
Intend to work in a challenging and competitive environment where strong senses of responsibility and commitment requires; where dignity of work provides job satisfactions and the place of work provides potential avenues for learning and growing and also to achieve top level in the respective field at a well-structured organization and successfully apply acquired technical and interpersonal skills to enhance organizational efficiencies. 

Software Security Engineer with larger focus on Security testing. Able to do vulnerability assessments, penetration testing, threat modeling, OWASP top 10 vulnerability assessment, cryptography, Network Security Testing, code analytics etc. as far as system and software system security is concern.

Employment history

Nov. 2019 – Present
East Roosevelt, Arizona
Application Security Manager, Reichel-Konopelski

  • Run vulnerability/penetration tests/gap assessments.
  • Review and audit application/database logs and respond to alerts.
  • Manage and coordinate with the Chief Security Officer incident response and mitigation plans to address cause(s).
  • Secure software design — translating security requirements into application design elements
  • Secure software implementation/coding—work with QA to implement unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
  • Software acceptance — security implication in the software acceptance phase
  • Software Deployment, Operations, Maintenance and Disposal—security issues around steady state operations and management of software
  • In conjunction with the Chief Security Officer, serve as Augmedix’s security point person on Infrastructure and Application Development security issues.
  • Identify and implement missing key security program elements that may include security policies, procedures, guidelines, procedures, controls, training, metrics and technologies.
  • Perform internal audits
  • Work with external audit entities to ensure compliance.
  • Review responses to client security questionnaires and RFPs.
  • Advise IT leadership concerning technology architecture, and configuration of IT infrastructure and applications to improve security.
  • Research business and technical requirements and evaluate vendor products and services.
  • Perform related duties as requested or assigned. 

Apr. 2020 – Present
North Yoshikofort, Texas
Penetration Tester (Consultant), Bayer LLC

  • Network Penetration Testing
  • Mobile Application Penetration Testing 
  • Web Application Penetration Testing 
  • Wireless Network Penetration Testing 

Mar. 2014 – Oct. 2014
Port Earlestad, Maryland
QA Specialist, Corkery-Vandervort

  • Team Leading 
  • Understand the project requirements. 
  • Prepare the Test Bed. 
  • Conduct all type of testing which includes Black Box testing, GUI testing, Regression testing, Functional and non-Functional testing, Integration testing, Localization testing, Security testing, Smoke testing. 
  • Boundary Value Analysis of the CDN management tool using Positive and Negative testing. 
  • Monitoring the server log report using Linux terminal. 
  • Execute test case. 
  • Update the test result document. 
  • Log the defects using defect tracking tool and report bug findings. 
  • Verify defects. 
  • Discuss doubts and queries with development team or client. 
  • Monitoring bug status on JIRA. 
  • Prepare several checklists such as Version Update, Usability Checklist. 
  • Web Application Testing Checklist. 

Jun. 2011 – Apr. 2012
Port Ned, South Carolina
Senior SQA Engineer, Kuphal-Kunde

  • Develop testing programs that address areas such as database impacts, software scenarios, regression testing, negative testing, error or bug retests, or usability.
  • Design test plans, scenarios, scripts, or procedures.
  • Test system modifications to prepare for implementation.
  • Visit beta testing sites to evaluate software performance.
  • Update automated test scripts to ensure currency.
  • Develop or specify standards, methods, or procedures to determine product quality or release readiness.Understand the project requirements. 
  • Prepare the Test Bed. 
  • Conduct all type of testing which includes Black Box testing, GUI testing, Regression testing, Functional and non-Functional testing, Integration testing, Localization testing, Security testing, Smoke testing. 
  • Attending the conference call with foreign client as well as mail well as mail correspondence. 
  • Identify bugs & report them in the Bug Tracking System – (TFS

Jun. 2009 – Nov. 2009
Gulgowskimouth, Indiana
Executive (Web Developer), Bechtelar Group

  • Design, build, or maintain web sites, using authoring or scripting languages, content creation tools, management tools, and digital media.
  • Perform or direct web site updates.
  • Write, design, or edit web page content, or direct others producing content.
  • Confer with management or development teams to prioritize needs, resolve conflicts, develop content criteria, or choose solutions.
  • Analyze user needs to determine technical requirements.
  • Write supporting code for web applications or web sites.

Mar. 2008 – Dec. 2008
Port Willstad, Alaska
Web Developer, Durgan and Sons

  • Create web models or prototypes that include physical, interface, logical, or data models.
  • Design, build, or maintain web sites, using authoring or scripting languages, content creation tools, management tools, and digital media.
  • Perform or direct web site updates.
  • Write, design, or edit web page content, or direct others producing content.
  • Confer with management or development teams to prioritize needs, resolve conflicts, develop content criteria, or choose solutions.

Education

Sep. 2007
Bachelor of Science: Computer Science & Engineering

  • Northern North Dakota Institute – Emilioview, Iowa

Languages

Bengali
Native speaker

English
Fluent

Skills

Cryptography
Experienced

IT Security Operations
Expert

IT Security Audit
Expert

Vulnerability Management
Expert

Risk Assessment
Expert

Security Incident Management
Expert

IT Security
Expert

Web/Network/DB/Cloud Penetration Testing
Expert

Accomplishments

penetration tester

  • IronPort (Setting up TLS between Client and a Third Party)
  • Share Access Review
  • Lumension (Setting up a new User)
  • Microsoft Monthly Patch Process
  • Carried out reverse shell attacks using Metasploit framework to compromise android and windows clients
  • Carried out DDOS using Hping, MITM (Session Hijacking and IP spoofing) using Ettercap
  • Carried out Social Engineering attacks using the social engineering toolkit (File Infectors, Web attacks, Credential Harvestors, DNS Spoofing)

penetration tester

  • Cisco Umbrella (Filtering on Corporate Wi-Fi network, monitoring, and restriction roaming clients)
  • Digital Certs (Renewing an External and Internal Certificates, requesting a new external and internal certificate, creating a purchase order for buying Digi-sign certs, renewal on GoDaddy, Digi-Access Chain Certificates, PKI – SHA 2 generating internal certificates and creating certificates templates, renewing a Digi-Sign Certificates, request an internal certificate, and SSL certificates)
  • Firewall Rule Review and Response Planning 
  • IDS (SourceFire and weekly IDS Blacklist process)

junior penetration tester

  • Account Lockout Troubleshooting and Delete Cashed Credentials 
  • BMC Patrol Application (Monitor Server health and to view various alerts)
  • SCOM (Account Lockout Reports)
  • Backup Plan (Nexpose, Sourcefire, Quest Change Auditor, Websense, Ironport, Sourcefire, Symantec Endpoint Protection)

penetration tester

  • Document computer security and emergency measures policies, procedures, and tests.Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
  • F5 Forcepoint Load Balancing
  • Fiddler (Debugging Proxy logs HTTP (s) traffics)
  • Forcepoint Triton APX (Proxy Server Infrastructure) 

penetration tester (intern)

  • Wrote a Python script to test the iDRAC servers on any port for the support of TLS/SSL ciphers.
  • Scripted the features to check the iDRAC server for installed certificates (SSL & TLS) and to test the server for known CVEs.
  • Collaborating with Security Architecture and Network Administrators 
  • Project Reviews and Advisory 

penetration tester (research)

  • Used AWS EC2 instances to set up pen-testing environments with varying industry standard security configurations
  • Conduction passive and active information gathering (Recon-ng, Netcraft, DNS Zone transfer attack, Nmap/Zenmap)
  • Used Netcraft to bypass Cloudflare’s IP masking (Cloudflare IP leakage + Hosting History + Misconfiured web services)
  • Used Nmap and Nmap scripts to carry out a wide variety of scans on IP addresses in subdomain in order to avoid detection by IDS
  • Scanned for vulnerabilities in common ports (OpenVAS, Nessus, Metasploit, Nikto) and web vulnerabilities (Burp suite)
  • Used Owasp top 10 guidelines to scan for web vulnerabilities 
  • Tested various web attack vectors including file inclusions, SQL injections, Content Injections, XSS 

penetration tester (consultant)

  • Network Penetration Testing
  • Mobile Application Penetration Testing 
  • Web Application Penetration Testing 
  • Wireless Network Penetration Testing 

penetration tester

  •  Analyzing Web Application and finding bug’s.
  • Managing Symantic ATP
  • Citrix and AppSense management 
  • Vulnerability scanner 

senior penetration tester

  • External Pen testing 
  • Internal Pen testing
  • Auditing
  • Security Reviews 
  • Scripting    
  • Update Admin Play Book
  • Reviewing and Auditing Firewall issues and upgrade