OBJECTIVE:

• Implementing, managing, securing and troubleshooting public/hybrid/private cloud architectures Designing, configuring secure networks which conform to PCI - DSS, HIPAA/HITRUST Frameworks

PROFESSIONAL EXPERIENCE

Confidential

Network Security Architect

Responsibilities:

• Maintaining an organization-wide view of current and future IT security architectures in support of company goals and objectives that meets governance, risk and compliance (GRC)
• Leading and mentoring a virtual team of security engineers across US and Asia to establish the Security Architecture/Engineering discipline for IT.
• Assisting the compliance team in obtaining ISO 27001:2013 certification for Confidential
• Developing and implementing SDLC and SecDevOps methodologies for the company
• Leading the design and development of security architectures for Cloud SaaS/IaaS infrastructure using CASBs such as Palo Alto Prisma CASB, McAfee Skyhigh CASB and Palo Alto VM-Series Firewalls
• Leading the design and development of security architectures for on-prem network infrastructure using SIEMs such as AlienVault USM and firewalls such as Palo Alto Firewalls
• Designing Security Domains with Service Providers (SP) and Identity Providers (idP) for SaaS Applications
• Leading InfoSec training and representing Confidential at technical forums where possible
• Performing proof of concept (PoC) research of third-party technologies, tools, and applications that are introduced during the presales process for Confidential ’s business clients
• Evaluating emerging technologies, conduct PoC’s and pilots to ensure best of class tools are utilized, with a view to developing strategies for upgrade paths
• Leading the effort to protect the company from internal data theft, financial loss due to a breach or an external attack on its information systems.
• Maintaining awareness of trends in state-of-the-art technologies in the information security industry.
• Leading the collaborative effort with management to form and execute technology strategies, and provide technical expertise and recommendations for Information Security projects and initiatives.
• Strengthening client relationships by coordinating security solutions and functions to address complex business problems that strengthen Confidential ’ position with clients.

Confidential, Westwood Village, CA

Network Security Consultant

Responsibilities:

• Designed, implemented and assisted in the troubleshooting of Client based SSL solutions such as Cisco Anyconnect and Palo Alto GlobalProtect
• Configuration and support PCI-DSS/HIPAA compliant data centers in Southern California
• Integration/troubleshooting of VPN solutions with Duo Security Multi-Factor Authentication solutions
• Routing/switching configuration and troubleshooting on Nexus switch platforms such as 5548, 7000 series
• Designed and implemented user access/authorization via AAA using Aruba ClearPass Manager
• Implemented Cloud network security zones using Cisco ASA and Palo Alto firewalls
• Performed quarterly HIPAA security audit with 3rd party PCI-DSS approved auditors
• Assisted in the troubleshooting network security tickets within ServiceNow ticketing system
• Assisted in the rollout of Network Access Controls (NAC) throughout the UCLA enterprise

Confidential, CA

Sr. Network Security Engineer

Responsibilities:

• Implemented PCI-DSS compliant multi-site cloud architecture supporting 24/7/365 SAAS environment for a payment processor vendor
• Configured and supported a PCI-DSS compliant data center
• Designed and configured of Internet ISP links using BGP multi-homing with multiple ISPs for WAN redundancy
• Controlling user access/authorization via AAA using Cisco ISE 2.0.0 and ACS 5.5
• Configured Multi Factor Authentication for remote user access using Cisco ISE and RSA authentication manager 8.1
• Led the Migration of Cloud services from private cloud to Azure Cloud services
• Implemented an enterprise PKI with Windows Server 2012 R2 AD certificate services for the encryption data and securing customer POS transactions
• Performed quarterly PCIDSS security audit with 3rd party PCI-DSS approved auditors
• Penetration testing on internal and perimeter networks using Tenable’s Nessus Vulnerability Scanner
• Penetration testing on internal and perimeter networks using Rapid 7’s Nexpose and Metasploit
• Discovered vulnerability analysis (CVE) based on NIST’s national vulnerability database (NVD)
• Scheduled port scanning using NMAP
• SIEM log reviews using Solarwinds Log and Event Manager
• Led the effort to maintain security procedures and policies for PCI-DSS compliance

Confidential

Network Security Architect

Responsibilities:

• Implementation/support of HIPAA compliant multi-tenant, multi-site cloud architecture supporting IaaS/PaaS/SaaS
• Design and configuration of Internet ISP links using BGP multi-homing
• Familiarity with Cloud workload capacity planning and billing models
• Providing rapid and agile deployment of health care customer environments or applications
• Configured Nexus 7K/5K switches for multi-tenant support and hosting
• Led the effort to make Nantcloud/AAAH HIPAA/HITRUST compliant for hosting of PHI data
• Performed DMVPN WAN setup, implementation and troubleshooting for all regional and local offices
• Implemented enterprise network security controls using Cisco ASA,Palo Alto firewalls and Cisco ISE
• Implemented cloud security architecture and design with CASBs
• Collaborated in the design and implementation of Identity and Access Management (ADFS/SAML/SSO) with the server team
• Contributed to the effort to implement security policies adhering to HITRUST/HIPAA Frameworks
• Heavily involved in the continuous review of cloud/SaaS data review to determine sensitive data elements which should be encrypted at rest with public/private clouds
• SIEM log reviews using Splunk Enterprise
• Used CIS security benchmarks to ensure systems/services/device hardening within the cloud
• Design and implementation DLP and DRM solutions.