SUMMARY:

• I’ m an experienced Information Security professional with over 10 years of professional work experience starting my career with hands on implementation of network security using Confidential, Juniper, Check Point and F5 devices; achieving a Confidential and other security certifications along the way.
• I exhibit a high level of competence in various information security domains such as solution architecture, application security, access control and identity management, network security, encryption, computer forensics and data recovery, information security management and audit, risk management, writing and reviewing security policies, processes, security baselines and procedures.
• I also have experience in applying relevant regulations and industry best standard practices applicable to the business and its customers to ensure compliance Confidential all times.
• I make significant contributions towards corporate goals and objectives while remaining an efficient team player and a brilliant performer.

­­­­­

CONSULTING AND TECHNICAL SKILLS SUMMARY:

Cloud/Security Consulting: Access control models and techniques, information classification, Identification and Multifactor authentication, Authorization methods, Access Aggregation (SSO), Intrusion Detection and prevention techniques, Security Control and regulatory compliance (using ITIL, COBIT, ISO 27001 and 27002, PCI - DSS and SOX), Security Risk Assessment, Communicating and demonstrating risks to C-level executive/ ensuring compliance, network security ( defending IP spoofing, Smurf attacks, DDoS), Business continuity consulting, penetration testing and vulnerability assessment, PKI, assessing cryptosystems and cryptosystems key management, embedded systems security, applying service segregation and defense in depth principles

Network Security: Security design using firewall products like Confidential ASA and Pix firewalls, FWSM/ASA modules, Check Point Juniper Net screen/SRX and Palo Alto Firewalls. Security context design, implementation of different VPN solutions (IPSec, SSL and DMVPN), security rule base design and implementation, multifactor authentication and access control techniques. IDS using source fire and Tipping point, use of Arbor appliance for DDOS mitigation. Penetration testing using Nessus/Nmap/Qualys Guard

Application Security and vulnerability management: API integrations, assessment of orchestration layers, Source code analysis, pen test scoping, Vulnerability Assessment, patch management

Routing and Switching: Design & implementation of scalable switched and routed TCP/IP networks delivering high-end network applications using BGP, MPBGP, OSPF, EIGRP, RIPv2, Ether channel, STP, RSTP, MSTP, PVSTP, QOS, IP Multicast. Platforms worked on include Confidential 6500, Nexus 7k, 5k and 2k, Juniper MX series routers, Confidential ASRs. Software used includes Confidential IOS, Confidential IOS XR and Junos. Design and troubleshooting of low latency networks using Confidential Nexus and 4500 series switches and Juniper EX switches

Service Provider: Design and implementation of MPLS L3VPN involving different customers, VPLS, MPLS traffic engineering using IOS and IOS XR. Design of transport protocols like IS-IS, MP-BGP and LDP. Multicasting- RP resilience using Anycast RP address and MSDP.

VoIP and IP Telephony: Design, implementation and management of Confidential based Voice over IP (VoIP), IP telephony, Unified Communication Solutions, IPCC, CME, Unity, UCM, H323, MGCP, SIP

Datacenter: Confidential using Confidential GSS and Citrix Netscaler, Data Centre virtualization using Virtual Device Contexts on Nexus switches, contexts on ACE load balancers and firewalls. Inter -Data Centre bridging using Overlay Transport Protocol (OTV), Confidential FabricPath, vPC, VXLAN, Confidential ACI fabric and contracts between EPG setup.TCP optimization and WAN Acceleration using Confidential WAAS and Riverbed Steelhead. Multicast in trading floor environments. Setup and deployment of F5 Viprion Chassis.:

Wireless: Secured wireless using Confidential WLS, WiSM and lightweight access points. Dot1x control to secure enterprise wireless networks

Quality of Service: IP Precedence, CoS, ToS, DiffServ, marking and classification, traffic shaping and policing, low latency queuing, WRED to prevent congestion.

Tools: and Operating systems: Unix administration, Windows, Active directory administration, ISA server administration, Service Now, Maximo, HP open view, Trivoli, Qradar, LDAP, BIND DNS, Mac Afee EPO, IPAM using Inflobox, DBMS, GRC tools (Archer & RSAM), snoop, wireshark

Data Formats: XML, JSON

WORK EXPERIENCE:

Confidential

Information Security and GRC consultant

Responsibilities:

• Understand Cloud deployment models (Public, Private, community and Hybrid) and service models (SaaS, PaaS, IaaS).
• Involved in the assessment of key security and privacy issues with Cloud Deployment - GRC, trust, access management, data protection, availability and incident response
• Involved in evaluating Cloud Models and mapping to Security control and Compliance model by completing gap analysis - aided by Cloud security Questionnaire to Cloud Providers.
• Aided the business decision of what, when and how to move to the Cloud by helping identify and evaluate assets for Cloud deployments.
• Use of Confidential other Compliance organization advisories to aid risk assessing Cloud environments.
• Familiar with Confidential and SOC 2 report definitions and where applicable when assessing Cloud providers
• Familiar with SOC type 1 vs type 2 reporting and where applicable when assessing cloud providers

Confidential

Network and Security Engineer / service account support

Responsibilities:

• Configured OSPF and BGP routing protocols on ASR 9000 platform
• Configured Routing Policy Language (RPL) sets and policies on ASR 9000
• Configured multiple area OSPF domain and operation verification on ASR 9000
• Implement route redistribution with a route policy on ASR 9000
• Configure external BGP between adjacent autonomous systems on ASR 9000
• Troubleshooting IS-IS L1 & L2 routing on IOS XR
• Implement and support intra/inter-As L3VPN within ATT VPN cloud
• Implement and troubleshoot Carrier supporting carrier (CSC) MPLS VPNs
• Provide daily network support to whirlpool datacenters and spokes
• Versatile use of Confidential & Confidential tools like Maximo, Service Now, NCS Prime, VitalSuite, AOTS, Poller and BERT
• Responsible for Whirlpool North America support queue in Service Now
• Attend severity 1 bridge to resolve/alleviate network based issues
• Liaising with ATT GCSC and other units to onboard devices to support
• Requires in depth know of Spanning-tree, VTP, and general layer 2 topologies and security mechanism
• Everyday use of routing protocols like OSPF,EIGRP and BGP
• Confidential VSS troubleshooting and configuration
• Supporting and troubleshooting technologies like vPC, vPC+, and VDCs on Confidential Nexus Platforms N7K installed Confidential Whirlpool’s datacentres
• Drawing Visio diagrams to depict old and new traffic flows as well as enforcement points on Whirlpools network.
• Support for Whirlpool’s centralized identity management solution ( Confidential ACS and ISE)

Confidential

Network Architect/ 3rd line support

Responsibilities:

• Designed and implemented IGP routing using OSPF on the NX-OS
• Designed and implemented physical and layer 3 segregation using VDCs and VRFs
• Designed and implemented Bi directional Fault Detection (BFD) for dynamic routing protocols and LACP
• Designed and implemented inter-data centre bridging using OTV on the NX-OS
• Designed and implemented Virtual Port Channels (vPC) and Fibre Channel over Ethernet (FCoE) on NX-OS
• Designed and integrated FEX 2148T to extend the 1G port capacity of the Nexus switches
• Designed and implemented high availability features such as NSF, Graceful Restart,,First Hop Redundancy Protocols and vPC+
• Designed and implemented low latency switching using Confidential Nexus switches and Confidential 4500 series
• Citrix Netscaler design for intelligent routing of traffic to Data Centres
• Designed and implemented traffic load balance with Confidential ACE module
• Created iRules on F5 BIG-IP LTMs
• Designed and implemented segregation of services using multiple contexts on Confidential ASA5585
• Designed and implemented security rule base on Check Point Firewalls
• Migrated VPN users from Confidential VPN concentrator to Confidential ASA firewall
• Configured GRE and DMVPN tunnels for site to site VPNs
• Configured Checkpoint firewall rules to allow VoIP packets
• Configure SSL VPN for clientless VPN connection
• Configured Unicast Reverse Path Forwarding (uRPF) to mitigate address spoofing attack from the Internet.
• Designed and implemented segregation of services using multiple contexts on Confidential ASA5585
• Designed and implemented security level and rule base design and management on Confidential ASA
• Designed and implemented Active/Active failover on ASA5540 & ASA5580
• Designed and implemented Active/standby failover on ASA5540
• Layer 7 inspection using Modular Policy framework on Confidential ASA
• Designing and implementing Intrusion Prevention Systems using Confidential IPS
• Designed and implemented Confidential ACS databases in high availability mode
• Designed and migrated devices to uses TACACS authentication using Confidential ACS
• Layer 7 inspection of packet payload using Check Point firewalls
• Designed and implemented security rule base on Check Point Firewalls
• Cluster management and VPN termination on Check point firewalls
• Designing and configuring Check Point appliances (using R75) as the first layer of defense for internet facing resources
• Deploying Check Point firewalls as Unified Threat Management Gateways to secure the perimeter against ping sweeps and port scans.
• Use of Check Point firewalls to prevent network attacks such as IP spoofing by using Unicast Reverse Path Forwarding (uRPF)
• Terminating IPSec VPN on Check Point firewalls using encryption domains
• RFC 1918 and RFC 2827 filtering using Juniper SRX and Check Point firewalls
• Design and implementation of NAT and PAT pools to protect trusted hosts behind Check Point and Juniper firewalls.
• Designed and implemented connection to BP extranet using Juniper SRX 550 firewalls
• Set up of Juniper Network Security Manager (NSM) as administrative point of the Juniper firewalls
• Routing protocol design around the internet and extranet (DMZ) using OSPF and BGP
• Migrated VPN users from Confidential VPN concentrator to Confidential ASA firewall
• Configured GRE and DMVPN tunnels for site to site VPNs
• Configured Checkpoint firewall rules to allow VoIP packets
• Configure SSL VPN for clientless VPN connection
• Configured Unicast Reverse Path Forwarding (uRPF) to mitigate address spoofing attack from the Internet
• Troubleshooting IPSEC VPN LAN to LAN issues between multi vendor VPN headend
• Designing and implementing IPSEC VPN using certificate based authentication (PKI)
• EzVPN configuration using both client and network extension mode.
• 3rd line and 4th line network and security operations support.
• Designed, implemented and supported PIM sparse mode multicast routing
• Designed and implemented PIM version 2, Bootstrap Router, and Rendezvous Point (RP)
• Designed and implemented RP resilience using Anycast RP address and MSDP
• Designed and implemented Source Specific Multicast (SSM) routing around the customer edge
• Support PE-P-PE customer core made up of Confidential ASRs, GSRs, CRS and Juniper MX 960 routers
• Understand customer requirements and implement solutions meeting those requirements, communicating consequences on costs and timescales, and delivering cost-effective, elegant designs into Operations.
• Troubleshooting of BGP peering’s between customer sites (CEs).
• Troubleshooting and manipulation of BGP attributes on internet PE ASR 9k routers
• Troubleshooting of ISIS CLNS neighbor failures on the IP core
• Troubleshooting MPLS L2 and L3 VPNs with multiple VRFs in a MPLS core serving 10 million customers.
• Troubleshooting MPLS TE tunnels and backup tunnels (FRR).
• Troubleshooting and configuration of BGP PE-CE neighbor relationships
• Troubleshooting VDC and routing issues on the Nexus 7k platform used as the Aggregation Layer
• Troubleshooting connectivity failure on the the Confidential 6500, 7600 and Nexus platforms
• Client engagement and knowledge transfer of service outages with root cause analysis(RCA)
• Design and troubleshooting of Confidential VSS
• QoS design and implementation
• Work with vendors to ensure that equipment deployed in customer networks’ is fit for purpose.
• Responsible for design and implementation of IP Routing, Switching and Security solutions to fulfill the requirements of particular customer or a particular domain.
• Write or review and approve Impact Assessments, HLDs, LLDs, implementation plan, and Transition to Operations documents.
• Proficient use of MS-Visio to produce easy to understand network designs
• Preparing and submitting change requests and work orders using change management tools e.g. Remedy
• Familiar with ITILv3 change and incident management procedures

Confidential

Network Architect/ 3rd line support

Responsibilities:

• Designed and implemented the use of Confidential GSS Confidential the Internet edge and Citrix Netscaler on the enterprise edge for Confidential and intelligent routing between the Data Centres.
• Designed and integrated FEX 2148T to extend the 1G port capacity of the Nexus switches using vPCs
• VDC and VRF design on Confidential Nexus switches for traffic segregation between different business streams
• Server load balancing using virtualized Confidential ACE module and Confidential ACE appliance for traffic segregation between different business streams
• SSL termination and session persistence configuration using ACE load balancer
• Fibre Channel over Ethernet design using Confidential Nexus 5k
• High availability design and implementation using routing protocols (OSPF) and HSRP
• Produced HLD and detailed low level documents for the project
• Low latency and Multicast design trading for Confidential Bank trading floor
• Market data services design and implementation
• Installation of Juniper ISG firewalls.
• Installation of the Smart Centre server(standalone and distributed) and setting up Secure Internal communication
• Check Point rule base design and security policy configuration using Smart Centre dashboard
• Checkpoint Security rule construction using best practices
• Setting up Database revision and policy packages
• Multicast and Anti-spoof configuration using smart dashboard on Checkpoint Provider-1
• VOIP security using Checkpoint
• Check Point monitoring, logging and troubleshooting using smartview tracker and smartview monitor
• Navigating checkpoint directories for troubleshooting
• User management and authentication using Checkpoint provider1
• Disaster recovery and backup processes using CP backup, snapshot and upgrade tools on Checkpoint provider 1
• Troubleshooting using FW monitor and tcpdump
• VLAN, VTP, PVSTP, LACP design and implementation
• Design and implementation of First Hop Redundancy Protocols such as HSRP
• Designed and integrated OSPF and EIGRP routing domains by mutual redistribution
• Designed and implemented secure wireless solution using Confidential 4400 series wireless LAN controller
• Configured and installed Confidential Light weight Access Points
• Designed and implemented Wireless Service Module (WiSM) on Confidential 6500
• Configuration of Confidential ACS to support AAA of the enterprise network
• Designed and implemented 802.1x wireless security

Confidential

Principal Consultant

Responsibilities:

• Designed and implemented “active-active” disaster recovery centres
• Designed and implemented Virtual Routing and Forwarding (VRF) and VPNV4 BGP peering between disaster recovery centres to create end-to-end virtual unique routing table for each segment.
• Designed and implemented pseudowires with guaranteed bandwidth using Resource Reservation Protocol (RSVP) and MPLS Traffic Engineering Tunnels.
• Designed and implemented explicit and dynamic MPLS Traffic Engineering Tunnels with RSVP to distribute MPLS labels across non-MPLS LDP/TDP core
• Designed and implemented dynamic load balancing between the sites using BGP and OSPF conditional routes advertisement.
• Designed and implemented resilient and transparent failover between the sites using IP SLA monitor.
• Provided detailed technical documentation
• Manages the planning, configuration, installation, systems management, and coordination of enterprise LANs/MANs/WANs.
• Pre-sales and Post-sales customer meetings
• Network infrastructure consulting services.
• OSPF, BGP, MPLS design, deployment and Support.
• Multicast design, deployment and support
• Network and application visibility for capacity planning using Riverbed and Confidential technologies( Confidential NAM-2)
• Network Admission control using Confidential NAC appliances
• Data Centre virtualization design and implementation using Confidential Nexus(N5K and N7K),6500,ACE and GSS
• Deploying Juniper EX-series series switches and M/ Confidential series routers
• Enterprise routing and switching using Confidential 6500s,4900s, 3750-10G as platforms and OSPF, BGP, EIGRP as routing protocols
• DMVPN deployment and support using OSPF and EIGRP as routing protocols
• Data Centre security using ASA5580-40, 5520, FWSM, Check Point NGX, IPS, ACS for AAA and RSA for two-factor authentication
• Enterprise wireless network design and deployment using Confidential WLCs, WiSM and lightweight access points
• Enterprise wireless network security using WPAv2 with EAP-TLS as standards; Confidential ACS and Microsoft Certificate Authority authenticating against a Domain to achieve a Single Sign On (SSO) network access.
• Data Centre application acceleration and WAN optimization using Riverbed Steelhead appliances and Confidential WAE appliances
• Data Centre application load balancing using Confidential ACE and GSS
• Generates Architecture Guidance, Engineering Plans and Platform selection of core network technologies.
• Network Design and Architect: This involve the top level design of the network and security infrastructure based on Confidential and Checkpoint Security products..
• Deployment of Remote access VPNs: Remote access VPNs are terminated on Confidential Routers, Confidential ASA Firewalls, Confidential VPN Concentrator and Checkpoint Firewalls. The various remote access technology deployed are IPSEC VPN, SSL VPN and PPTP.
• Responsible for understanding the business requirements of clients and recommending appropriate solution to enable the organization achieve it goals
• Packet capture and analysis using wireshark, snoop, tcp dump etc.

Confidential

Network Architect

Responsibilities:

• Pre-sales for the network solutions team
• Provide network consulting services- Analyze, Plan, Architect and document network infrastructure and processes.
• Evaluate and benchmark application performance to enhance IT operational efficiencies.
• Plan new infrastructure integration using zero-down time approach.
• Respond to Request For Proposals (RFP).
• Co-ordinate and Control all technical output from engineering department
• Present business inclined technical presentations for customers, partners and prospects.
• Deployment of cutting edge and high profile technologies; minimizing business impact of such technologies during implementation..
• Conducting classroom training on variety of Confidential technologies, including enterprise networking and security (ASA, ACS, CS-MARS, NAC, Confidential VSS and FCoE implementations).
• Technical sales and reviewing of customers security postures.
• Mentoring of other Confidential and junior engineers

Confidential

Network Engineer

Responsibilities:

• Provide technical and sales support.
• Enterprise IP telephony and VoIP deployments
• Troubleshooting High end network issues
• End to End Quality of Service
• Implementation of IPSEC VPN using pre-share Keys and Certificate Authority.
• Remote VPN implementations
• Design Implementation and Support of all Enterprise Security Solutions.
• Implement Checkpoint and Netscreen firewalls
• Design Implementation and Support of all Enterprise Switching and Routing Solutions.
• Implementation of Confidential Unified wireless solutions.
• Implementation of Application Acceleration and Optimization Solutions
• Performance Tuning for Wide Area Networks and Campus Networks
• Design Implementation and Support of Highly Available Networks especially Confidential the Campus and Internet edge.
• Design Implementation and Support of all Confidential Network Admission Control Solutions; including centralized L3 Confidential Real IP Gateway deployment for Complex Internetworks.
• In charge of Proof of Concept deployments