Dear Sir,
I would like to take this opportunity describe why I’m suitable for this job.
I initially start my career as Linux System Administrator. I was inspired by the field of information security and I started to learn System Security and Application Security then i move on working as an Information Security Analyst. Currently I’m working in fortune 500 company which runs 500+ web application products over 6000+ servers. I successfully completed Certified Ethical Hacker Examination (V7) from EC Council USA and currently pursuing ISC2 Certified Secure Software Lifecycle Professional (CSSLP).
I gain several years of application security experience by working as an web/mobile application penetration tester. My core responsibility is to find out vulnerabilities in web/mobile applications and consult developers to fix them. I have experience in java, .Net, PHP, Play and Django platforms.
I’m also familiar with automated application review tools such as Veracode(static code analysis), IBM Appscan and Contrast and also I have sound knowledge in tools like Burp Suite and ZAP Proxy.
My testing methodologies involve black box and white box testing which involve application code review. I conduct security review complying to the OWASP Top 10 and SANS Top 10 and also I’m using Microsoft Risk Assessment Model DREAD for prioritise my findings. Which makes developer life easier.
Kind Regards
Lohitha Perera