TECHNICAL SKILLS:

NETWORK TECHNOLGIES: IPv4/IPv6 TCIP/IP &IP Routing Protocols(OSPF,OSPFV3, RIP, RIPNG,EIGRP,EIGRPV6, NHRP,IBGP, EBGP,MPBGP), MGRE, GRE ODR,MPLS VPN,HSRP, NAT,NAT - PT, PIM SM/DM,IGMP,MLD,MSDP, QOS,VRF LITE, HSRP, VRRP, GLBP,CIDR, VLSM, Static routing, DNS V4,DNSV4/6,DHCPV4/6,WCCP,FTP, TFTP,SMB, NIS, SMTP, IMAP,POP3,LDAP, QOS(WRED, PQ,CQ,CBWFQ,LLQ, Marking, Policing, Shaping, Compression, RSVP)ISDN, T1 / T3 / DS3 / OC3, Ethernet, Frame Relay, ISDN, PPP, PPoE, ATM, VLAN(ISL,dot1Q), PVSTP+, VTP, STP, MSTP, RSTP, LACP, Pagp, QinQ, TELNET,SCP, SSH, NETFLOW, NBAR, SYSLOG,IP Accounting, EEM,NTP, SNMP, RMON, IP SLA, IP Traffic Export(RITE), ICMPV4/6, PFR, WIRESHARK, Cisco Works, Whatsup Gold, SPAN,RSPAN, CCP, ASDM, SDM, PRTG,PBR

PLATFORM: Cisco Routers (12000, 7500, 7600, 72000) ISRG1 (3800, 3600, 2800, 2600, 800), ISRG2, 3900, 2900, 2600, 800), ASR Routers, Cisco Switches (Cat6K, Cat5K, Cat4K, 3xxx), FW (PIX 5xx, ASA 55xx, FWSM). CISCO IPS 42 XX, Cisco NAC, CSM, ACE, CISCO ACS, Nokia Check Point Firewalls, Watchguard Firewalls, cisco Access-Point,/WLC, WCS, Windows 95/98/2000, XP, MS server / 2000/2003/2008, Microsoft Forefront LINUX, RedHAT

PROFESSIONAL EXPERIENCE:

Confidential

PKI/VPN Security Consultant

• Design, implement and troubleshoot IOS/ASA AnyConnect SSL/IKEV2 VPN WITH LDAP/ACS),VPN QOS and authored remote access and third party connection policy and Provide support for CISCO ASA firewall
• Design and evaluation of WEBTRUST compliant PKI infrastructure and cryptographic services. Accountable for PKI CPS/CP, PKI CSA, PKI audit, PKI health check, and responsible for PKI audit and health check remediation
• Responsible for coordinating PKI audit and audit finding remediation. Leading key/Rekey ceremony, Key and Certificate life cycle management, Smart card life cycle management with Microsoft FIM-CLM/MIM, CRL management and CRL publication failures
• Authoring and modification of CPS/CP, liaison and yearly training for PKI Policy Authority and PKI trusted role holder. Creation and implementation of security policy (physical and logical) to secure CA servers and PKI infrastructure
• Designing, Installing, Configuring and supporting Thales Ncipher HSM (edge, connect and solo), Active Directory Certificate Service, ADCS clustering, Certificate Enrollment Web & Policy Service (CES & CEP), Network Device Enrollment Service(NDES)/ SCEP, web enrollment, Online Certificate Responder (OCSP)/ OCSP-X/SCVP
• Support for PKI applications, Blob Recovery, SSL Certificate, Group Mailbox Encryption and External Email Encryption, Kerberos auth, VPN,802.1x, MDM, digital signing Cross certification, Certificate deployment and troubleshooting for user, computer, cisco IOS, SSL application, Domain controller, VPN,802.1x, Azure RMS BYOK etc.
• Design and implementation of SHA2 PKI and migration of SHA1 End Entity to SHA2 PK1 infrastructure. Responsible for key management life cycle, CA rekey, Key ceremony and CRL management’s Template creation and modification. Migration and decommissioning of PKI CA, yearly PKI BCP/DR

Confidential SAN JOSE

Team Lead: PKI/VPN Security technologies

• Worked as VPN security go-to Subject Matter Expect. Provided Real-time worldwide exceptional and high quality customer support for high complexity security technologies(design, Configuration and troubleshooting assistance) for technologies including; IPV4/IPV6 IKEV1/IKEV2 VPN technologies, including Remote Access VPN client (cisco VPN client, Cisco Any connect Secure Mobility, DAP), CISCO IOS PKI, CISCO FLEX VPN, IPSEC IPV6 VPN, CISCO SECURE DESKTOP(CSD), CISCO SECURITY MANAGER(CSM), Crypto modules ( ISM,VAM,AIM 6500/7200 VAM2+/VPN SPA/ SSLVPN/WEBVPN/VPNSM MODULE), High-Availability Stateful Failover for IPSec with SSO,HSRP, High Availability Using Link Resiliency (with Loopback Interface for Peering), High Availability Using HSRP and RRI, High Availability Using IPSec Backup Peers, High Availability Using GRE over IPSec (Dynamic Routing), IOS and ASA eazy VPN remote, easy VPN server with (Client, Network, Network+), CISCO EAZY VPN dual tunnel, IPSEC SVTI and DVTI, multicast over IPSEC, GRE over IPSEC, Integrating GET VPN with a DMVPN Solution, IPSec LAN-to-LAN IOS to ASA VPN using PSK/PKI, Dynamic VPN PEER, IPSEC VPN QOS, DMVPN(PHASE 1,2,3) SHSD,SHDD,SLB,DHSD,MHSD,TREE BASED with PSK/PKI, DMVPN QOS, VRF-Aware(IVRF/FVRF)VPN, ASA and IOS for WebVPN, and SSL VPN WITH LDAP/AAA AUTHENTICATION, XAuth, Split-Tunnel, RRI, NAT-T,DPD, GETVPN COOP using PSK/PKI.
• Provided escalation support for large enterprise hierarchical PKI CA (Microsoft Certificate Authority (ADCS) and CISCO IOS CA: management, administration and troubleshoot of enrollment request database, trust point, manual and auto enrolment(SCEP),RA server, CDP, key rollover, generation and validation of CSR, certificate template, key recovery, key archival Back, and CA keys. Re-enrolling/issuing key for compromised systems
• Act as PKI SME: Authoring PKI security policy and procedure and assist different high profile customers in designing and planning enterprise PKI infrastructure using best practices, protecting ROOT CA, Identifying continuous improvement areas. Deploying next generation PKI using suite-B cipher suite
• Worked with product engineering to develop next generation security product. Participated in executive-engineer meetings to discuss new initiatives and make suggestions to improve seamless adoption
• Responsible for technical content development and also review of technical documentations and product requirement document and delivering technical training sessions.
• Shaping next-generation product features and solutions, ensuring continued product supportability, usability, and quality.

Confidential

Principal Engineer (Network Security)

• Configured and supported CISCO ASA firewall for WebVPN, ACL, routing, MPF, NAT,CTP, and ASA failover(A/A,A/S)
• Re-resigned, implemented and supported Certificate (PKI) based VPN technologies (IPSEC, EASYVPN, DMVPN,GET, VTI, GRE,IOS-SSL VPN, AnyConnect, SSL VPN WITH LDAP/ACS),VPN QOS and authored remote access and third party connection policy.
• Lead design teams and advises team leaders on Compliance effort, Security product review, evaluation and testing
• Designed, implemented, monitored, enhanced and troubleshoot systems in assigned areas. Reviewed work plans and designs and advises on improvements and acted as moderator for technical working group
• Attack mitigation with ACL(RFC 3330,2827,2401),IPS appliance, IOS IPS, control plane management (CoPP),CARS,NBAR,FPM,NETFLOW, IP Source Tracker, TCP-INTERCEPT,URPF,RTBH,MQC,PBR,IOS,AIP/CSC-SSM.
• Sound working knowledge of CISCO NAC, CSA,CSMARS,Anomaly Guard/Detection

Confidential

Information Security Specialist

• Lead the implementation of Software Asset Management (SAM) program to help achieve compliance, build more accurate financial forecast/budgeting and reduce software expenditure.
• Provided confidentiality for sensitive data and email using windows NTFS permission and PGP Universal Gateway (whole disk, email and folder encryption).
• Managed Microsoft Active Directory, forefront server and PKI infrastructure with smart card deployment on windows PC, performed periodic patch management (with WSUS), periodical vulnerability scanning(Retina eEye, MBSA, Nessus) and penetration testing on critical servers, prioritize vulnerability outcome and remediate immediately. Administered Windows server 2008/2003 active directory domain and network infrastructure, Checkpoint UTM, Microsoft Exchange 2007 and IBM Proventia Network IPS.
• Controlled business internet usage, Web and email Content filtering by configuring and administering Websense and Microsoft ISA server 2006, Forefront and McAfee Email Gateway (Iron Mail).
• Advises the organization with current information about information security technologies and related regulatory issues and monitored the internal control systems to ensure that appropriate access levels are maintained.
• Cisco CBAC, Zone based firewall(ZBF), L2 attack mitigation with IPSG,DAI,PVLAN,VACL,PACL,MACL,DHCP Snooping, Port security,Dot1x,SPANNING TREE, ACS RADIUS/TACACS,IOS RBAC CLI,AUTH-PROXY,CISCO router IOS security.

Confidential

Sr. Information Security Analyst/Consultant

• Acted as a process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies, standards and industry regulations. Reviewed all system-related security plans throughout the organization's network, and acted as a liaison to Information Systems. Served as a Subject Matter Expert (SME) to the organization and worked closely with external auditors towards regulatory and compliance objectives.
• Lead the Corporate Information Security department and reported activities to CISO. Formulated corporate information security roadmap that aligns with corporate goals and business objectives, obtained approval and support from management for major enterprise security projects. Managed these projects including but not limited to budget estimation, product evaluation, software procurement, resource acquisition/management, and ensured projects are completed within scope, timely and within budget. Responsible for IT security project risk management and control. Managed and monitored project resources, milestones, budget, project deliverables, and ensured projects were completed on time and within approved budget. Reported project progress to stakeholders.
• Accountable for daily operations of information security. Lead a team of over ten people to identify and manage information security risks to achieve business objectives and ensured IT security strategy are business driven.
• Developed rules of engagement (ROE) for business partners. Performed periodic audit and risk assessment on routers, switches, firewalls, third party/ business partners/vendors /branch offices/ teleworkers/remote access connections, and mobile computers (PDAs, blackberries, smart phones etc). Identified potential threats and authored, enforced and communicated security policy to mitigate potential threats. Evaluated enterprise security products for encryption, theft prevention, secure messaging, privacy, data monitoring, intrusion detection and lead implementation efforts.

Confidential

Information Security Analyst

• Co-developed enterprise security policies, standards and procedures; implemented a risk-based approach to identifying, monitoring, measuring and reporting various types of information security risks. Identified and prioritized security risks and recommended mitigating controls. Identified and managed information security risks to achieve business objectives and ensure compliance with ISO 17799 risk management framework.
• Designed and implemented a security event mgmt program (SEIM) including IT/IS incidents to gather, store, correlate, analyze and respond to security data from logs and incident reports. Developed secure enterprise wireless network architecture, reviewed and identified potential threat and network vulnerability.
• Deployed secure 802.11 wireless network with Cisco Aironet 1240AG using WPA2 with,EAP PEAP-MS-CHAP v2 and Microsoft Certificate Services (PKI), remote access policy, group policy, Cisco ACS(RADIUS/TACACS) administration for routers and switches, firewall and administered Windows certificate based validation services.
• Secured Cisco IOS 3500 switches and 3600 routers, reviewed firewall policies/rules, mitigated threats and attacks with ACL, hardened MS Windows servers using GPO, secured Windows XP, WINCE, WIN POCKET PC client with Desktop Firewall, Antivirus, Host Intrusion Prevention systems and secure browser settings.
• Managed a Windows server 2003 environment; installed, configured and administered Active Directory, OU, domains, Trees, Forest, Group Policies and Sites, site links and site replication.
• Responsible for network documentation and the conduction of security awareness training for end users.

Confidential

Information Security Team Lead

• Accountable for daily operations of information security. Lead a team of over ten people to identify and manage information security risks to achieve business objectives, aligned IT security strategic plan with business objective. Responsible for resource allocation, deployment, logistics, recruiting, team building, process design, methodology, mentoring and development of IT security team.
• Designed and deployed a Corporate Information Security Risk Management program. Conducted technical security risk assessments on enterprise network and provided recommendations for compliance (PCI-DSS, SOX and HIPPA). Deployed security management framework and lead SOX, GLB, COBIT, HIPAA compliance efforts.
• Drafted and monitored SLA with client/supply partners. Reported violations and ensured proper service delivery using Cisco life cycle and ITIL approach. Worked with diverse customer base to define and consolidate functional needs and performed requirement analysis/systems development and functional requirements documentation. Security products recommendation/rating. Integrated and positioned multi-vendor products to produce network solution to meet clients’ requirements. Responded to bid documents, RFI, RFQ.
• Perform regular scans and security assessments of the infrastructure, notify/escalate with IT, and document findings in a complete comprehensive report that includes technical and non-technical findings and recommendations and Evaluating security infrastructure logs for anomalous and unknown behavior.
• Planning/designing and implementing/configuring self defending network for enterprise and SMB network using Cisco PIX, Cisco ASA firewall, Cisco IDS, FWSM, IDSM-2, Cisco IOS/ACL, CBAC, Multi-tiered DMZs, IOS and OS Hardening. Management of SSL and IPSEC VPN for Remote Access and Site-to-Site, Administering Cisco ACS server.

Confidential

Security and Network Systems Architect

• Enterprise strategic information security consulting, planning, implementation and support. Network vulnerability and security posture assessment. Information Risk Management and analysis. Responsible for Security Architectural Design, developing Security Policy, Standard Operation Procedures, firewall/IDS management and security architecture for data centers.
• Proactively monitored server logs, intrusion detection logs and network traffic for unusual or suspicious activity. Interpreted suspicious activities and made recommendations for resolution. Performed packet capture analysis, attack signature detection and isolation network attack.
• IT project risk management and control. Defined project requirement and milestones and project deliverables, and ensured projects are completed timely and within approved budget. Ensured project resource management, quality management, KPI and SLA review. Provided customer feedback reports to management.
• Designed and supported wireless (802.11X) network. Designed and supported RAD Data Communication access solution such as Multi Access Platform, TDM over packet-switched network (Ethernet, IP and MPLS), IP Cellular Backhauling, Compressed Voice System (CVS), Ethernet over PDH/SDH, Last Mile Access and data network quality assurance.
• Monitored network with MRTG, Cisco Works, and HP OpenView, WhatsUpGold and network monitor/SNMP applications.