We provide IT Staff Augmentation Services!

Network Security Architect Resume

Westwood Village, CA

OBJECTIVE:

  • Implementing, managing, securing and troubleshooting public/hybrid/private cloud architectures Designing, configuring secure networks which conform to PCI - DSS, HIPAA/HITRUST Frameworks

PROFESSIONAL EXPERIENCE

Confidential

Network Security Architect

Responsibilities:

  • Maintaining an organization-wide view of current and future IT security architectures in support of company goals and objectives that meets governance, risk and compliance (GRC)
  • Leading and mentoring a virtual team of security engineers across US and Asia to establish the Security Architecture/Engineering discipline for IT.
  • Assisting the compliance team in obtaining ISO 27001:2013 certification for Confidential
  • Developing and implementing SDLC and SecDevOps methodologies for the company
  • Leading the design and development of security architectures for Cloud SaaS/IaaS infrastructure using CASBs such as Palo Alto Prisma CASB, McAfee Skyhigh CASB and Palo Alto VM-Series Firewalls
  • Leading the design and development of security architectures for on-prem network infrastructure using SIEMs such as AlienVault USM and firewalls such as Palo Alto Firewalls
  • Designing Security Domains with Service Providers (SP) and Identity Providers (idP) for SaaS Applications
  • Leading InfoSec training and representing Confidential at technical forums where possible
  • Performing proof of concept (PoC) research of third-party technologies, tools, and applications that are introduced during the presales process for Confidential ’s business clients
  • Evaluating emerging technologies, conduct PoC’s and pilots to ensure best of class tools are utilized, with a view to developing strategies for upgrade paths
  • Leading the effort to protect the company from internal data theft, financial loss due to a breach or an external attack on its information systems.
  • Maintaining awareness of trends in state-of-the-art technologies in the information security industry.
  • Leading the collaborative effort with management to form and execute technology strategies, and provide technical expertise and recommendations for Information Security projects and initiatives.
  • Strengthening client relationships by coordinating security solutions and functions to address complex business problems that strengthen Confidential ’ position with clients.

Confidential, Westwood Village, CA

Network Security Consultant

Responsibilities:

  • Designed, implemented and assisted in the troubleshooting of Client based SSL solutions such as Cisco Anyconnect and Palo Alto GlobalProtect
  • Configuration and support PCI-DSS/HIPAA compliant data centers in Southern California
  • Integration/troubleshooting of VPN solutions with Duo Security Multi-Factor Authentication solutions
  • Routing/switching configuration and troubleshooting on Nexus switch platforms such as 5548, 7000 series
  • Designed and implemented user access/authorization via AAA using Aruba ClearPass Manager
  • Implemented Cloud network security zones using Cisco ASA and Palo Alto firewalls
  • Performed quarterly HIPAA security audit with 3rd party PCI-DSS approved auditors
  • Assisted in the troubleshooting network security tickets within ServiceNow ticketing system
  • Assisted in the rollout of Network Access Controls (NAC) throughout the UCLA enterprise

Confidential, CA

Sr. Network Security Engineer

Responsibilities:

  • Implemented PCI-DSS compliant multi-site cloud architecture supporting 24/7/365 SAAS environment for a payment processor vendor
  • Configured and supported a PCI-DSS compliant data center
  • Designed and configured of Internet ISP links using BGP multi-homing with multiple ISPs for WAN redundancy
  • Controlling user access/authorization via AAA using Cisco ISE 2.0.0 and ACS 5.5
  • Configured Multi Factor Authentication for remote user access using Cisco ISE and RSA authentication manager 8.1
  • Led the Migration of Cloud services from private cloud to Azure Cloud services
  • Implemented an enterprise PKI with Windows Server 2012 R2 AD certificate services for the encryption data and securing customer POS transactions
  • Performed quarterly PCIDSS security audit with 3rd party PCI-DSS approved auditors
  • Penetration testing on internal and perimeter networks using Tenable’s Nessus Vulnerability Scanner
  • Penetration testing on internal and perimeter networks using Rapid 7’s Nexpose and Metasploit
  • Discovered vulnerability analysis (CVE) based on NIST’s national vulnerability database (NVD)
  • Scheduled port scanning using NMAP
  • SIEM log reviews using Solarwinds Log and Event Manager
  • Led the effort to maintain security procedures and policies for PCI-DSS compliance

Confidential

Network Security Architect

Responsibilities:

  • Implementation/support of HIPAA compliant multi-tenant, multi-site cloud architecture supporting IaaS/PaaS/SaaS
  • Design and configuration of Internet ISP links using BGP multi-homing
  • Familiarity with Cloud workload capacity planning and billing models
  • Providing rapid and agile deployment of health care customer environments or applications
  • Configured Nexus 7K/5K switches for multi-tenant support and hosting
  • Led the effort to make Nantcloud/AAAH HIPAA/HITRUST compliant for hosting of PHI data
  • Performed DMVPN WAN setup, implementation and troubleshooting for all regional and local offices
  • Implemented enterprise network security controls using Cisco ASA,Palo Alto firewalls and Cisco ISE
  • Implemented cloud security architecture and design with CASBs
  • Collaborated in the design and implementation of Identity and Access Management (ADFS/SAML/SSO) with the server team
  • Contributed to the effort to implement security policies adhering to HITRUST/HIPAA Frameworks
  • Heavily involved in the continuous review of cloud/SaaS data review to determine sensitive data elements which should be encrypted at rest with public/private clouds
  • SIEM log reviews using Splunk Enterprise
  • Used CIS security benchmarks to ensure systems/services/device hardening within the cloud
  • Design and implementation DLP and DRM solutions.

Hire Now