Web Application Security Consultant Resume Samples

Description :

1. Advising on and communicating software development and web application security principles, including the OWASP Top 10.
2. Working collaboratively with application and project teams and developers.
3. Assessing and conveying cybersecurity risks.
4. Deploying software to RHEL Windows-based systems using automation tools whilst having the ability to troubleshoot common software installation failures at network, operating system, or application levels.
5. Conduct Penetration testing for thin and thick client-based applications.
6. Manual security assessments of web applications on thick and thin clients.
7. Conducted comprehensive security assessments of web applications to identify vulnerabilities and recommend appropriate remediation strategies to enhance overall security posture.

Experience

7-10 Years

Level

Consultant

Education

BSc Computer Science

Description :

1. Performed network penetration testing, system vulnerability assessment, and security configuration review.
2. Responsible for understanding web application security and secure coding.
3. Responsible for understanding vulnerability assessment penetration testing.
4. Developed and implemented security testing methodologies, including static and dynamic analysis, to ensure a thorough evaluation of web application security controls.
5. Performed penetration testing on web applications to simulate real-world attacks, providing detailed reports on findings and actionable recommendations for mitigation.
6. Collaborated with development teams to integrate security best practices into the software development lifecycle, ensuring that security is considered at every stage of application development.
7. Utilized various security tools and frameworks, such as OWASP ZAP and Burp Suite, to automate security testing processes and improve efficiency in vulnerability detection.

Experience

5-7 Years

Level

Executive

Education

MSc InfoSec

Description :

1. Maintained thorough documentation of assessments, findings, recommendations, and remediation efforts. 
2. Cleared and concised documentation is essential for tracking progress and demonstrating compliance.
3. Implemented and maintained systems for continuous monitoring of applications to detect and respond to security threats in real time.
4. Adhered to ethical guidelines and maintain the highest standards of professionalism and integrity, especially when handling sensitive information and vulnerabilities.
5. Performed manual and automated (tool-based) application security testing, with a focus on CRs (Change Requests).
6. Performed assessments involving manual testing and analysis as well as the use of automated web applications, and vulnerability scanningtesting tools.
7. Conducted Static and Dynamic mobile application security testing for Android based applications.

Experience

7-10 Years

Level

Senior

Education

BSc IT

Description :

1. Handled kick-off meetings with project teams to understand the detailed architecture workflow of applications before starting the security assessment.
2. Defined scope, objectives, and methodologies for assessments based on client requirements and industry best practices.
3. Conducted comprehensive vulnerability assessments and penetration testing of networks, systems, applications, and infrastructure.
4. Worked closely with clients development teams and assist with secure development activities.
5. Designed application security solutions to meet clients needs.
6. Reviewed issues identified and related remediation with clients and assist with implementation.
7. Identified areas for process improvement and automation, and aid in efforts to implement the recommendation as appropriate.

Experience

0-2 Years

Level

Entry Level

Education

MSc Cybersecurity

Description :

1. Led engagements from start to completion, working closely with internal and external teams.
2. Provided application security services including design review and pen testing of web, mobile, or desktop applications using automation tools as well as manual methods.
3. Created and delivered application security design documents and risk assessment reports.
4. Provided Application Security subject matter expertise, peer reviews, and mentorship.
5. Assisted with Cloud Infrastructure security and engagements in other domains as appropriate.
6. Contributed to forward securitys growth and role as an industry leader by delivering best-in-class services.
7. Assisted with technical sales of application security and other services.

Experience

10+ Years

Level

Management

Education

BSc Software Engineering

Description :

1. Provided regular updates to forward security leadership on key activities, metrics, accomplishments, and blockers. 
2. Created, deployed, maintained, and troubleshot F5 ASM policies for new and existing web applications.
3. Configured and managed WAF configuration for Imperva cloud WAF.
4. Reviewed vulnerabilities that impact web applications and developed WAF Virtual Patching solutions.
5. Monitored and analysed activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks.
6. Reviewed WAF usage and defined means to improve and mature protection policies.
7. Understood web applications at a sufficient level to work with developers to implement protective controls that may need to be customized for specific applications.

Experience

2-5 Years

Level

Junior

Education

Cert Web App Sec

Description :

1. Interpreted web protocol information to determine the source, intent, and risk of threat agents.
2. Provided preventative maintenance, and troubleshooting and quickly resolved problems to ensure infrastructure and application stability.
3. Participated in technical design activities to ensure a sound design and any infrastructure impact was understood.
4. Created and maintained technical documentation regarding the WAF infrastructure including network diagrams, policies, and operational procedures for managing the infrastructure.
5. Worked closely with Development, QA, Operations, InfoSec, and design engineers to ensure security requirements were met and web applications were adequately protected from cyber-attacks.
6. Reviewed vulnerability scan output and assessed where WAF configuration can be used to mitigate attacks.
7. Understood data flow technologies such as routing, natting, arps, and associated command line tools such as TCP dump.

Experience

5-7 Years

Level

Consultant

Education

BA CIS

Description :

1. Responsible for reviewing security techniques and technologies regularly to remain aware of best practices.
2. Responsible for ensuring the operation of technical systems are consistent with policies and procedures.
3. Responsible for following the latest security trends and vulnerabilities.
4. Responsible for monitoring and maintaining current security access.
5. Responsible for conducting security assessments through vulnerability tests and risk analysis.
6. Responded to security incidents promptly.
7. Provided training and awareness sessions for development and operations teams on secure coding practices and common web application vulnerabilities, fostering a culture of security.

Experience

2-5 Years

Level

Executive

Education

MBA IS

Description :

1. Responsible for analyzing breaches to determine their root cause.
2. Responsible for developing strategies to prevent security breaches from occurring.
3. Responsible for updating an organizations incident response and recovery plans.
4. Responsible for instructing employees on how to be safe with their information.
5. Responsible for collaborating with third-party vendors to meet security requirements.
6. Responsible for performing internal and external security audits.
7. Responsible for generating reports for IT administrators and managers to evaluate the efficacy of security policies.

Experience

0-2 Years

Level

Entry Level

Education

Dip Ethical Hacking

Description :

1. Analyzed business impact and exposure based on emerging security threats, vulnerabilities, and risks, and recommended technologies and solutions to mitigate them.
2. Implemented security considerations for in-house developed, COTS and SaaS solutions.
3. Translated technical concepts into plain language to show business risk.
4. Collaborated with developers and software architects to adjust designs to securely meet business and technical requirements.
5. Performed penetration testing, both internal and external, to evaluate the security of web applications.
6. Identified potential security weaknesses in applications, such as code flaws, misconfigurations, and design vulnerabilities.
7. Analyzed and concluded from the results of security testing and assessments. 

Experience

10+ Years

Level

Management

Education

MSc Data Science