Network Security Architect Resume
5.00/5 (Submit Your Rating)
Westwood Village, CA
OBJECTIVE:
- Implementing, managing, securing and troubleshooting public/hybrid/private cloud architectures Designing, configuring secure networks which conform to PCI - DSS, HIPAA/HITRUST Frameworks
PROFESSIONAL EXPERIENCE
Confidential
Network Security Architect
Responsibilities:
- Maintaining an organization-wide view of current and future IT security architectures in support of company goals and objectives that meets governance, risk and compliance (GRC)
- Leading and mentoring a virtual team of security engineers across US and Asia to establish the Security Architecture/Engineering discipline for IT.
- Assisting the compliance team in obtaining ISO 27001:2013 certification for Confidential
- Developing and implementing SDLC and SecDevOps methodologies for the company
- Leading the design and development of security architectures for Cloud SaaS/IaaS infrastructure using CASBs such as Palo Alto Prisma CASB, McAfee Skyhigh CASB and Palo Alto VM-Series Firewalls
- Leading the design and development of security architectures for on-prem network infrastructure using SIEMs such as AlienVault USM and firewalls such as Palo Alto Firewalls
- Designing Security Domains with Service Providers (SP) and Identity Providers (idP) for SaaS Applications
- Leading InfoSec training and representing Confidential at technical forums where possible
- Performing proof of concept (PoC) research of third-party technologies, tools, and applications that are introduced during the presales process for Confidential ’s business clients
- Evaluating emerging technologies, conduct PoC’s and pilots to ensure best of class tools are utilized, with a view to developing strategies for upgrade paths
- Leading the effort to protect the company from internal data theft, financial loss due to a breach or an external attack on its information systems.
- Maintaining awareness of trends in state-of-the-art technologies in the information security industry.
- Leading the collaborative effort with management to form and execute technology strategies, and provide technical expertise and recommendations for Information Security projects and initiatives.
- Strengthening client relationships by coordinating security solutions and functions to address complex business problems that strengthen Confidential ’ position with clients.
Confidential, Westwood Village, CA
Network Security Consultant
Responsibilities:
- Designed, implemented and assisted in the troubleshooting of Client based SSL solutions such as Cisco Anyconnect and Palo Alto GlobalProtect
- Configuration and support PCI-DSS/HIPAA compliant data centers in Southern California
- Integration/troubleshooting of VPN solutions with Duo Security Multi-Factor Authentication solutions
- Routing/switching configuration and troubleshooting on Nexus switch platforms such as 5548, 7000 series
- Designed and implemented user access/authorization via AAA using Aruba ClearPass Manager
- Implemented Cloud network security zones using Cisco ASA and Palo Alto firewalls
- Performed quarterly HIPAA security audit with 3rd party PCI-DSS approved auditors
- Assisted in the troubleshooting network security tickets within ServiceNow ticketing system
- Assisted in the rollout of Network Access Controls (NAC) throughout the UCLA enterprise
Confidential, CA
Sr. Network Security Engineer
Responsibilities:
- Implemented PCI-DSS compliant multi-site cloud architecture supporting 24/7/365 SAAS environment for a payment processor vendor
- Configured and supported a PCI-DSS compliant data center
- Designed and configured of Internet ISP links using BGP multi-homing with multiple ISPs for WAN redundancy
- Controlling user access/authorization via AAA using Cisco ISE 2.0.0 and ACS 5.5
- Configured Multi Factor Authentication for remote user access using Cisco ISE and RSA authentication manager 8.1
- Led the Migration of Cloud services from private cloud to Azure Cloud services
- Implemented an enterprise PKI with Windows Server 2012 R2 AD certificate services for the encryption data and securing customer POS transactions
- Performed quarterly PCIDSS security audit with 3rd party PCI-DSS approved auditors
- Penetration testing on internal and perimeter networks using Tenable’s Nessus Vulnerability Scanner
- Penetration testing on internal and perimeter networks using Rapid 7’s Nexpose and Metasploit
- Discovered vulnerability analysis (CVE) based on NIST’s national vulnerability database (NVD)
- Scheduled port scanning using NMAP
- SIEM log reviews using Solarwinds Log and Event Manager
- Led the effort to maintain security procedures and policies for PCI-DSS compliance
Confidential
Network Security Architect
Responsibilities:
- Implementation/support of HIPAA compliant multi-tenant, multi-site cloud architecture supporting IaaS/PaaS/SaaS
- Design and configuration of Internet ISP links using BGP multi-homing
- Familiarity with Cloud workload capacity planning and billing models
- Providing rapid and agile deployment of health care customer environments or applications
- Configured Nexus 7K/5K switches for multi-tenant support and hosting
- Led the effort to make Nantcloud/AAAH HIPAA/HITRUST compliant for hosting of PHI data
- Performed DMVPN WAN setup, implementation and troubleshooting for all regional and local offices
- Implemented enterprise network security controls using Cisco ASA,Palo Alto firewalls and Cisco ISE
- Implemented cloud security architecture and design with CASBs
- Collaborated in the design and implementation of Identity and Access Management (ADFS/SAML/SSO) with the server team
- Contributed to the effort to implement security policies adhering to HITRUST/HIPAA Frameworks
- Heavily involved in the continuous review of cloud/SaaS data review to determine sensitive data elements which should be encrypted at rest with public/private clouds
- SIEM log reviews using Splunk Enterprise
- Used CIS security benchmarks to ensure systems/services/device hardening within the cloud
- Design and implementation DLP and DRM solutions.