Interview questions based on resume

Below I will share you a resume. Please list all of the tools mentioned into lists and talk about them such what features each tools has and how to use it or what purpose. Please try to understand I’m expecting all features of the each tools mentioned in resume.
Beside that answer these common interview questions based on resume

1. Tell me about yourself/Tell me about your background.

2.Describe yourself.

3. Why are you applying for this position?

4. Why do you want this job?

5.What did you to at Bank of America and what tools you used? and what did you do at blue shield and what tools you used tell me in details?

6.

Tell me what you know about the role you are appolying

7.

Why are you looking for jobs?

8.

What are you passionate about?

9.

What are your salary expectations?

10.

Are you interviewing with other companies? AndWhen can you start?

11.

What type of management style do you prefer?

12.

Do you have any questions?

ResumeObjective

My objective is to work as a Web application security job/ pen testing / security analyst job.

Summary

• An IT professional with 4 years of experience in Information Security Hands on experience with Tenable network security.
• Proficient in communicating with stakeholders for understanding their requirements
• Gathering feedback about system performance from end users so as to bring necessary changes
• Have hands-on experience in application security, vulnerability assessments, and OWASP along with different security testing tools.
• Experience as an Information Security Analyst involved in OWASP Top 10 based Vulnerability Assessment of various internet-facing point of sale web applications and Web services.
• Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.
• Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQLmap, OWASP Zed Attack Proxy, and HP Fortify.
• As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions.
• Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
• Hands-on experience in conducting Web Application Security scan, Ethical Hacking using commercial and non-commercial applications and methodologies such as SANS Web application assessment, OWASP Top 10, and CVSS Scoring using IBM App Scan.
• Good experience in Web technologies like HTTP, HTML, CSS, Database Connectivity.
• Experience using automated vulnerability assessment tools Qualys, Nmap, Retina, Nessus.
• Knowledge in Cyber Security and Vulnerability Management.
• Perform security tests on different static application security testing, dynamic application security testing, and manual penetration testing of applications.
• Experience in Splunk and SIEM systems.

Skills

HP Web Inspect OWASP Top 10 Vulnerability Assessment Paros Proxy Live HTTP Header Tamper data Burp Suite

Web ScarabDirBuster Sqlmap Nikto Metasploit Kali Linux Qualys Tenable network security.

Experience Technology analyst

Bank of Ameriva

• Performed gray box testing of the web applications
• Executed and crafted different payloads to attack the system for finding vulnerabilities with respect to input validation, authorization checks, and more
• Reviewed and Validate the User Access Compliance on a quarterly basis
• Reviewed the requirements for privileged access on an everyday basis and provide recommendations
• Reviewed and validate the privileged users and groups at Active Directory, Databases and application on a periodic basis
• Documented information security guidance in step by step operational procedures
• Performed static code reviews with the help of automation tools
• Performed a threat analysis on the new requirements and features
• Burp Suite, DirBuster, Hp Fortify, NMap tools were used as part of the penetration testing, on daily basis to complete the assessments
• Established and improved the processes for privileged user access request
• Reviewed firewall rules and policies in web proxy
• Highlighted the user access and privileged user access risks to the organization and providing the remediation plan

Environment: MS SQL, MySQL, Web scarab, HTML, Kali Linux, OWSP, DirBuster, NMAP, IBM AppScan, Burp Suite, HP Fortify, Windows XP, PHP

Security Tester

Blue Shield

• Performed security research, analysis, and design for all client computing systems and the network infrastructure
• Security assessment of online applications to identify the vulnerabilities in different
• Categories like Input and data Validation, Authentication, Authorization, Auditing & logging
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, HP Web Inspect, Qualys
• Coordinate with the dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue
• Security testing of APIs using SOAP UI, OWASP Mobile Top Ten vulnerabilities
• Experience in using Kali Linux to do web application assessment with tools like Dirbuster, Nikto, and NMap
• Good knowledge of IBM AppScan to enhance web application security
• Perform security code review of JAVA, .Net, PHP code using static code analysis tools e.g
• HP Fortify and IBM source edition
• Help the team to remediate security issues with sample code
• Good knowledge of Tenable network security
• Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation
• Good knowledge in programming and scripting in .net, Java
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure
• Good experience in Web technologies like HTTP, HTML, CSS, Database Connectivity
• Ensuring SDLC to be a Secure SDLC
• Manual (DAST) security testing on web applications against OWASP’s top 10 standards.

Education and Training

Bachelor of Applied Science in Cyber Security -2023

Some university

Associate of Applied Science in Cyber Security

Some College |

Certifications

(CySA+)

(Sec+ )