DHARMESH GONDI

M: (408) 518-0402
gondisap@gmail.com

PROFESSIONAL SUMMARY

 Over 8 years of experience in IT professional within Information Security.

 Involved in Software development Life cycle (SDLC) to ensure security controls are in place.
 Experience in Threat Modeling during Requirement gathering and Design phases.
 Experience on vulnerability assessment and penetration testing using various tools like IBM App Scan, Burpsuite,
DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, Accunetix.
 Conduct network monitoring and intrusion detection analysis using various Computer Network Defense (CND) tools,
such as Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Host Based Security System (HBSS), etc.
 Experience in security code review of applications developed in C, C++, JAVA & .Net.
 Experience with Security Risk Management with TCP-based networking.
 Experience with TCP/IP, Firewalls, LAN/WAN.
 Experience with network intrusion detection technologies (Snort, Bro, Sguil, etc).
 Knowledge of common information security standards, such as: ISO 27001/27002, NIST.
 Ability to utilize and create attack signatures, tactics, techniques and procedures to aid in identification of anomaly
and zero day attacks.
 Experience with incident response and handling.
 Static Code Analysis during development phase with tools like fortify.
 A Certified Ethical Hacker.
 A Pen tester with experience of penetration testing on various applications in different domains.
 Penetration testing based on OWASP Top 10.
 A good team player, Inquisitive, good in basic concepts and an excellent team player.
 Performed the gap analysis to identify scenarios like privilege escalation.
 Performed software Licensing audit.
 Interpreted least privilege for applications and segregation of duties.

AREAS OF EXPERTISE

 Threat Modelling  Penetration Testing  Secure Applications

 Automated/Manual Code  Customer Relationship Development Methodologies
Reviews Management Skills (SSDLC).
 Dynamic Web Application  Escalation Management  Reporting & Analytics.
Vulnerability Assessments  DevOps Methodologies in
Security

TECHNICAL SKILLS

Dharmesh Gondi
Page 1
Tools HP Fortify, IBM App Scan, Burp-Suit, Nmap, Nessus, DIR-Buster, SQL Map, Acunetix Web
Scanner, SQL Injection Tools and Kali Linux, Qradar(SIEM), ZAP Proxy
Office Tools MS Office (MS Excel, MS Word, MS PowerPoint, MS Visio)
Web Technologies HTML, JavaScript
WebServer Apache, IIS 6.0/7.0
Databases DB2,Oracle 11c/10g/ 9i, SQL Server 2005/2008, MS Access, Teradata 13
Environments Windows NT/98/95/2000/XP, UNIX (Sun Solaris)
Languages Unix Shell scripting, Python, Java.
Network Tools Nmap, Wire Shark, Nessus.

PROFESSIONAL EXPERIENCE

Nationwide Inc., Des Moines IA June 2017 – Till Date

Role: Sr. Penetration Tester/ Security Analyst

Responsibilities:

 Conducted application penetration testing 50+ business applications.

 Conducted Vulnerability Assessment of Web Applications using IBM App Scan.
 Conducted security assessment of C, C++ & Python Web Applications
 Worked on various business development activities like drafting response to RFP’s and preparing SOW’s documents.
 Reviewing Firewall systems and IPS along with VPN for security and access controls.
 Support in detecting, understanding and resolving information security incidents and remediation.
 Perform risk analysis to identify points of vulnerability and recommend disaster recovery strategies and business
continuity planning.
 Manage and maintain an Active Directory forest infrastructure.
 Troubleshoot common Windows and Active Directory issues.
 Locate and assimilate new information to provide context for security events.
 Undertake interviewing processes and recruit the security analysts at offshore, etc
 Evaluate, deploy and manage information security system solutions such as strong authentication, key management,
IPS, SIEM, antimalware, vulnerability scanners, MDM and others.
 Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass,
cryptographic attacks, authentication flaws etc
 Skilled using Burp Suite, IBM APP Scan, Acunetix Automatic Scanner, NMAP, Havij, Dirbuster, Qualysguard, Nessus,
SQLMap for web application penetration tests and infrastructure testing.
 Performing onsite & remote security consulting including penetration testing, application testing, web application
security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS
hardware deployment.

Dharmesh Gondi
Page 2
 Conduct network monitoring and intrusion detection analysis using various Computer Network Defense (CND) tools,
such as Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Host Based Security System (HBSS), etc.
 Capturing and analyzing network traffic at all layers of the OSI model.
 Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).
 Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative
actions, investigate and report on noted irregularities.
 Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities
and develop remediation plans and Security Procedures.
 Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25
and prioritizing them based on the criticality.
 The experience has enabled me to find and address security issues effectively, implement new technologies and
efficiently resolve security problems. With having strong Network Communications, Systems & Application
Security(software) background looking forward for implementing, creating, managing and maintaining information
security frameworks for large scale challenging environments.

Medline Inc., Mundelein IL June 2016 – May 2017

Role: Application Security Engineer

Responsibilities:

 Conducted application penetration testing of 70+ business applications

 Acquainted with various approaches to Grey & Black box security testing
 Conducted Static and Dynamic analysis of Web Applications using IBM AppScan.
 Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication
bypass, weak cryptography, authentication flaws etc.
 Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, Dirbuster for web application penetration
tests.
 Evaluate, deploy and manage information security system solutions such as strong authentication, key
management, IPS, antimalware, vulnerability scanners, MDM and others.
 Perform analysis on any malware that breaches the environment to determine breadth of attack and
remediation steps.
 Inspect and identify network traffic for possible anomalous network activity.
 Undertake interviewing processes and recruit the e-commerce analysts, marketing executives, etc
 Manage and maintain an Active Directory forest infrastructure.
 Troubleshoot common Windows and Active Directory issues.
 Locate and assimilate new information to provide context for security events.
 Responding to inquires/issues from end users related to active director
 Generated and presented reports on Security Vulnerabilities to both internal and external customers.
 Security assessment of online applications to identify the vulnerabilities in different categories like Input and
data Validation, Authentication, Authorization, Auditing & logging.

 Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite,
and Web Scarab, YASCA, HP Web Inspect.
 Training the development team on the most common vulnerabilities and common code review issues and
explaining the remediation’s.
 Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
Dharmesh Gondi
Page 3
Cisco Systems Inc., San Jose CA Nov 2014– Jun 2016
Role: Security Engineer

Responsibilities:

 Involved in Analyze the requirements, Generating scenario to validate requirements

 Conducted application penetration testing of 50+ business applications
 Conducted Vulnerability Assessment of Web Applications
 Responsible for performing security code reviews and application risk assessments for customer facing
applications. Audited applications written in multiple languages, including Java/JSP, VB.NET, ASP.NET,PHP, and
Classic ASP. Utilized OWASP and Ounce Labs formal methodology to conduct code reviews and risk
assessments.
 Web Penetration testing to prove Software Security Vulnerabilities with IBM Appscan, Burp Professional, Paros
and Manual Fuzzing and Penetration Testing with AppScan and Firefox plug-ins.
 Conducted security assessment of including Java/JSP, ASP.NET,Web Applications
 Performed manual and automated Web penetration testing using HP Web Inspect IBM Appscan and manual
methods testing for SQL injection, Cross Site Scripting and Cross Site Request Forgery.
 Worked on various business development activities like drafting response to RFP’s and preparing SOW’s
documents
 Undertake interviewing processes and recruit the e-commerce analysts, marketing executives, etc.
 Identifying and evaluating new marketing opportunities to increase the website traffic and online production
 Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass,
cryptographic attacks, authentication flaws etc.
 Performing onsite & remote security consulting including penetration testing, application testing, web
application security assessment, onsite internet security assessment, social engineering, wireless assessment,
and IDS/IPS hardware deployment.
 Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System
Vulnerabilities and develop remediation plans and Security Procedures.
 Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS
25 and prioritizing them based on the criticality.

PayPal Inc., San Jose CA Jan 2013 – Nov 2014

Role: Security Engineer

Responsibilities:

 Conducted application penetration testing of 70+ business applications

 Created custom scripts to take out certain security vulnerabilities, used regular expressions to search for
sensitive data, like credit card numbers and social security numbers.
 Provided security code reviews using the Fortify Source Code Analysis Product and evaluated results for security
vulnerabilities for ecommerce applications. Trained, documented and advised application developers for
security risks, secure coding best practices, with practical remediation guidance to developers.
 Deployed early life cycle service source code scanning to 232 internet facing web applications. Completed 100
percent Bank developed internet apps. Reviewed Source code in .NET, PHP, Internet-Web, J2EE, Java, Java
Script.

Dharmesh Gondi
Page 4
  Acquainted with various approaches to Grey & Black box security testing
 Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass,
weak cryptography, authentication flaws etc.
 Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, Dirbuster for web application penetration
tests.
 Responding to inquires/issues from end users related to active directory
 Generated and presented reports on Security Vulnerabilities to both internal and external customers.
 Security assessment of online applications to identify the vulnerabilities in different categories like Input and
data Validation, Authentication, Authorization, Auditing & logging.
 Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and
Web Scarab, YASCA.
 Training the development team on the most common vulnerabilities and common code review issues and
explaining the remediation’s.
 Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
 Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing
system

Cardinal Healthcare Inc., Columbus OH May 2011 – Dec 2012

Role: Security Analyst

Responsibilities:

 Conducted application penetration testing of 60+ business applications

 Created custom scripts to take out certain security vulnerabilities, used regular expressions to search for
sensitive data, like credit card numbers and social security numbers.
 Provided security code reviews using the Fortify Source Code Analysis Product and evaluated results for security
vulnerabilities for ecommerce applications. Trained, documented and advised application developers for
security risks, secure coding best practices, with practical remediation guidance to developers.
 Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP
and SIEM.
 Deployed early life cycle service source code scanning to 32 internet facing web applications. Completed 30
percent Bank developed internet apps. Reviewed Source code in .NET, PHP, Internet-Web, J2EE, Java, Java
Script.
 Acquainted with various approaches to Grey & Black box security testing
 Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass,
weak cryptography, authentication flaws etc.
 Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij
 Testing Validation of error logs in Execution Error Log table for rejected and warning

Limited Inc., Columbus OH May 2009 – Apr 2011

Role: Security Engineer

Responsibilities:

 Conducted application penetration testing of 90+ business applications

 Responding to inquires/issues from end users related to active directory

Dharmesh Gondi
Page 5
  Acquainted with various approaches to Grey & Black box security testing
 Conducted security assessment of PKI Enabled Applications.
 Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests.
 Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and
SANS 25 and prioritizing them based on the criticality.
 Monitor, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security
issues found in the infrastructure according to the security standards and procedures.
 Actively search for potential security issues and security gaps that are beyond the ability of detection by any
security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes &
challenges.
 Real-time Analysis and defense.
 Vulnerability assessment (VA), Security policy, and network and security audit.

CERTIFICATION
 Certified Ethical Hacker - Penetration Testing

Dharmesh Gondi
Page 6