SUMMARY

• 7 Years of IT experience on the field of computer security, computer networks, cyber security and system administration.
• Experience with identity and access management strategies, architectures and implementation plans.
• Experience with active directory administrations.
• Experience with identity management/SSO/MFA solutions.
• Experience with Identity Federation (SAML) configuration and integration across multiple trusted third parties, applications and systems.
• Experience integrating provisioning and account management functions for a variety of disparate systems including but not limited to database systems, email systems, web application systems, operating system directories and other systems.
• Experience with Microsoft Azure/0365 EOP, ATP, identity management, behavioral analysis, conditional access rules, DLP and threat detection toolsets.
• Experience with firewall technologies - Palo Alto, Cisco ASA and Meraki.
• Understanding of various regulatory requirements, i.e. PCI, SOX, GDPR, CCPA.
• Understanding of change management and ITIL toolsets to work on incident, problem and change.
• Experience in configuration and maintenance of router and switches.
• Extensive understanding of networking concepts, i.e. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, content filtering, VLANs and routing in LAN/WAN, ethernet port, patch panel and wireless networks.
• Experience in configuring layer 2 technology including VLANs, Trunking, STP, PVST, MST, VTP.
• Possesses proficient knowledge of layer 2 switching and layer 3 routing protocols, encryption protocols, communication protocols. Examples include but not limited to TLS/SSL, IPsec, SSH, PGP, VLAN, LLDP, LACP, ARP, 802.1x, DNS, AES, etc
• Extensive knowledge in TCP/IP and OSI models.
• Strong troubleshooting skills on Cisco LAN switch environments including WAN infrastructure.
• Experience in implementing and troubleshooting OSPF, EIGRP, BGP routing protocols and policy-based routing.
• Experience on use of SSH, SYSLOG, SNMP, NTP, NAT, PAT and dealt with DDOS attacks and flooding attacks.
• Maintaining IT process and procedure documentation.
• Monitor SIEM and IDP/IPS feeds to identify possible enterprise threats. Actively investigate, respond to and remediate security incidents.
• Experience with DNS/DFS/DHCP/WINS standardizations and implementations.
• Experience with encryption technologies DRM, PKI and secure coding techniques.
• Strong understanding of virtualizations.
• PowerShell, Python and Bash Scripting.
• Excellent understanding of the software development life cycles.

TECHNICAL SKILLS

• Log Management and SIEM - Splunk, IBM QRadar.
• Wireshark.
• Endpoint Security.
• WSUS, SCCM, Active Directory, Group Policy Objects.
• Nexpose, Tenable Nessus.
• Metasploit, Backtrack, Kali, Burp Suite.
• Cisco 3600, 7200, 7600.
• Cisco catalyst 2960, 3560, 6500
• Windows Server 2008/2012/2016.
• Exchange, SharePoint.
• PowerShell, Python and Bash.
• C, C++, Java, Matlab

PROFESSIONAL EXPERIENCE

Network Security Engineer/Analyst

Confidential

Responsibilities:

• Administer Active Directory, including Group Policy and NTFS security to create, deploy and maintain GPOs and network shares.
• Administer Microsoft AX environments, Softeon, Microsoft Exchange, Clutch Portal, Counterpoint, Interaction administrator, Salesforce commerce cloud and Atlas client.
• Okta Management
• Create and configure user accounts within Okta for data access and administration.
• SAML Integration with different applications like Adobe Creative Cloud, Dynatrace, Service-now for Single Sign-On.
• Create and manage groups for efficient user and application association and provisioning.
• Configure applications for secure employee access to corporate data.
• Configure controls, such as password policies and multifactor authentication, for increased data security.
• Troubleshooting various errors to resolve access issues.
• Okta Mobile Setup and Administration
• Setting of users in VPN client GlobalProtect.
• Responsible for LDAP user and group creation, maintenance, and removal.
• Responsible for modifying file server permissions as needed for user access.
• Responsible for email distribution lists and shared mailbox creations.
• Acknowledge and respond to security incidents reported or identified by MSS team.
• Identifying phishing email and blocking it.
• Conducting phishing awareness campaign on monthly basis using Cofense LMS .
• Review the Nessus scan report and perform necessary action based on result.
• Understand vulnerability management tools that perform internal and external vulnerability assessments.
• Monitoring logs from various system, looking for security breaches indicated by abnormal patterns and alerts.
• Deploy, manage and monitor IDS/IPS and WAF, to identify and assess network and application layer threats.
• Responsible for granting, modifying, and removing user access for all enterprise applications.
• Responsible for Identity Management/SSO solutions, Mobile Device Management solutions.
• User access review for different applications on Quarterly/Monthly basis.
• Maintains records of security events investigated and incident response activities, utilizing case management and ticketing systems.
• Management of different applications like WhiteHat, Fastpath, Instart Bot Management, Prisma, Varonis and web monitoring tools like Dynatrace.
• Administration and support of various operating systems.
• Participate in various security audits, prepare necessary security documentation, SOPs and evidence during security audits.
• Participate in an on-call rotation, respond to emergency calls during non-business hours.

Security Engineer

Confidential, Long Beach, CA

Responsibilities:

• Managing Microsoft active directory, ADFS, Azure AD.
• User provisioning/deprovisioning.
• Support and implement firewall security policies like firewall, windows firewall.
• Configuring and managing SSO solutions using Okta.
• Deploy, manage and monitor IPS, WAF, DLP, behavioral analysis, phishing email filters to identify and assess network and application layer threats.
• Managing enterprise password vaults, vulnerability scanning and management, application whitelisting, network micro-segmentation and virtualization.
• Monitor systems and network for security-related anomalies.
• Security Operations responsibilities like vulnerability scanning and patch management, access control governance and oversight, exceptions tracking, security tool management, tuning and configuration.
• Manage VPN solution.
• Manages, monitors, and analyzes several security technologies to include defensive and offensive security solutions on the perimeter and internal networks such as firewalls, intrusion detection/prevention systems (IDS/IPS), data loss prevention.
• Assist to network team to improve efficiency of network security operations.
• Work with network team to perform tests and uncover network vulnerabilities.
• Implement security policies to identify and blocking phishing emails, conducting campaign for phishing email awareness.
• Responding to security incidents, reviewing logs and security alerts, handling security tickets and performing the incident response.
• Participate in various security audits, prepare security documentation, SOPs and evidence during security audits.
• Duties assigned by manager.

Network Security Engineer

Confidential

Responsibilities:

• Responsible for implementing, engineering & level 2 support of existing network technologies / services & integration of new network technologies / services.
• Building large scale network environment using routing protocols like OSPF, EIGRP, and BGP.
• Configuring route redistribution between EIGRP and OSPF.
• Involved in network designing, routing, DNS, IP subnetting, TCP/IP protocol.
• Performing route filtering and route manipulation by applying distribute-lists, route-maps & offset lists.
• Diagnose MPLS protocol problems including VRF and COS issues to full resolution.
• Providing Layer-3 redundancy by implementing HSRP in the network.
• Hands-on experience in implementation and troubleshooting of BGP version 4, OSPF, IPV4 and Ethernet Protocols.
• Managing various VLANs, IP addressing for various subnets, VLAN trunking between various access-switches.
• Used load balancers F5 Big-IP6900 and 3900 between the servers inside the network and in the server.
• Performance fine tuning and maintaining customer network devices to provide high availability for the applications, proper bandwidth utilization and to avoid network congestion.
• Configuring standard and extended access control Lists (ACLs) and firewalls.
• Designing and implementing VPN and remote access support.
• Worked on Cisco ASA 5580 and 5585 VPN Firewall for site to site VPN from Cisco ASA to Palo Alto.
• Implemented Port Security - MAC limiting, DHCP Snooping and IP source guard on EX series switches to make the network invulnerable to attacks
• Implemented static NAT and PAT for internet users.
• Designed and implemented DMZ for FTP, web and mail servers with CISCO PIX 525 and PIX515E.
• Supported remote location with site-to-site VPN, Remote access VPN such as IPSEC.

Network Engineer

Confidential

Responsibilities:

• Configuring routers and sending it to technical Consultants for new site activations and giving online support at the time of activation.
• Experience installing/troubleshooting VOIP phones for branch office.
• Supporting Development team for the access to corporate network and outside world.
• Providing access to specific IP, Port filter and port access.
• Experience conducting desktop support and inventory control over different sites.
• Experience in Cisco 2800 3700 series switches: physical cabling, IP addressing, WAN configurations (Frame-relay and ATM).
• Conducting technical site surveys different branch and main office.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications.
• Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
• Installing/troubleshooting PCs and Printers and Servers.
• Configured the Cisco router as IP Firewall and for NATting.
• Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Responsible for implementing QOS prioritizing voice traffic over a data.
• Implemented SNMP on Cisco routes to allow for network management.
• Completed the installation and configuration of T1, T3 & OC3 circuits.
• Experience installing/troubleshooting with data cable and data communications equipment.
• Troubleshoot TCP/IP problems, troubleshoot connectivity issues.