PROFESSIONAL SUMMARY:

• IT Security Professional with over fifteen years of professional experience and proven ability to manage & implement enterprise level projects including Information
• Security Strategy Design, Security Process Framework and Policies Development, Information Security Awareness Programs, Information Security Risk Assessments, Implementation and Design of IT & Security Systems, based on organizations requirements

TECHNICAL SKILLS:

Security Architecture: frameworks based on NIST, COBIT, ISO27001/2 standards

Firewalls: Juniper, Cisco ASA, Checkpoint, Fortinet, Palo Alto, WatchGuard, Sonicwall

WAF: F5 ASM

Proxies: BlueCoat

Cloud: AWS, Azure, CASB

Load balancers: F5 BigIP LTM and GTM, Radware

SIEM: Splunk, LogRhythm, Industrial Defender ASM

Web Access Management: CA Siteminder

Intrusion Detection and Prevention: Cisco IDS, Juniper IPS, Sourcefire, ISS SiteProtector with ProventiaDescktop, McAfee HIPSDLP Symantec, McAfee

File integrity: CarbonBlack Bit9

Malware Protection: Symantec SCEP, FireEye

Vulnerability Assessment/Penetration Testing: ISS Scanner, Qualys, Nessus

VPN: Cisco VPN Concentrators and ASA, SSL VPN, Juniper V PN, IPSec clients

Access Controls: Cisco ACS (TACACS+, RADIUS), RSA ACE Server (two factor authentication)

TCP/IP:

Cisco routers and switches (install and configure):

Routing protocols: RIP, EIGRP, OSPF, BGP

WAN: HDLC, PPP, Frame - Relay, ISDN

Monitoring: SNMP, SYSLOG, PRTGOther Protocols DNS, DHCP, SMTP, NTP, WINS, LDAP, FTP, SSH, POP3 Unix Sun Solaris, Linux Windows Microsoft Office Microsoft Visio Microsoft SQL Server

PROFESSIONAL EXPERIENCE:

Confidential, Chicago, IL

Senior Information Security Engineer/Architect

Responsibilities:

• Provide expertise in security architecture, maintain and monitor existing infrastructure, including Malware, IDS, DLP, SIEM, APT, vulnerability management, firewalls and NAC.
• Successfully remediated connectivity issues with B2B VPN tunnels on their VPN gateway
• Successfully completed an enterprise wide security posture assessment based on the NIST security framework
• Work closely with the security team to identify weak links in the company s security state and plan for improvements and remediation.
• Assist with remediation efforts following security incidents
• Provide network and security support and expertise for a large cyber security project.
• Design and implement a new redundant firewall infrastructure.
• IDS/IPS design and implementation, along with a new SIEM solution
• Design and implement new log management solution
• Design and implement new switching and routing networks
• Document solutions, configurations and implementation processes (Microsoft Visio, Office).
• Provide network and security support and expertise for a large scale VPN and Firewall technology refresh. Firewall security policy conversions from one firewall technology to another.
• Design and implement a new firewall management infrastructure.
• Firewall and VPN design in a high availability, redundant multi datacenter implementation.
• Work with external business partners for VPN migrations.
• Load balancing solutions for applications, services and also for multiple firewalls clusters, using F5 LTM and GTM and Radware technologies.
• Logs management and firewall policies management solutions ( Splunk and SecureTrack Tuffin)
• Design and deploy B2B VPN solutions based on IPsec tunnels in route mode, BGP over GRE or BGP over IPsec Configurations.
• Document solutions, configurations and implementation processes (Microsoft Visio, Office).
• Provided network and security support and expertise for a network rebuilt project, a large financial company outsourcing to AT&T, actively supporting the firewall infrastructure and the load - balancing infrastructure.
• Supported new firewall implementations, using Juniper, Cisco ASA and Fortinet firewall technologies; new installs/upgrades, firewall rules management using device specific management software like Cisco ASDM, Juniper NSM and Fortinet FortiManager, troubleshooting traffic flows, using log management tools such as Splunk, and firewalls rules management using Tufin SecureTrack.
• Supported the load-balancing infrastructure using F5 LTMs and GTMs: new installs/upgrades, implemented new VIPs for various applications, in an HA and multiple datacenters configurations, troubleshooting incidents or outstanding issues in the Test/Dev environments, SSL offloading.
• Worked with change management tools such as ServiceNow to follow company's strict procedures when it comes to infrastructure changes.
• Provided network and security support and expertise for a large scale LAN standardization project, bringing the client s old LAN configuration to a new PCI compliant standard, including new managed firewall, IPS, VPN and web filtering technologies.
• Supported new firewall implementations, using Juniper firewall technologies, including security zones design, NAT solutions, and traffic screening.
• VPN implementations: site to site VPNs in a hub and spokes scheme using dynamic VPN technologies, remote user VPN using SSL VPN solutions.
• Web filtering solutions using the cloud based Websense services.
• Host based IPS and network IPS, with local data collectors and remote SEIM integration.
• Firewall policies management using Tuffin SecureTrack.
• Logs management using Splunk.
• Created remote access policies, including role based access on the VPN gateways, using the existing client s AD infrastructure.
• Two factors authentication and authorization solutions.
• Documented solutions, configurations and implementation processes (Microsoft Visio, Office).

Confidential

Senior Information Security Engineer/Architect

Responsibilities:

• Provided technical leadership to the enterprise for the information security program.
• Designed, implemented and maintained security solutions around infrastructure and applications, in a mission critical, highly available and highly regulated financial environment.
• Designed, implemented and supported network firewalls solutions for complex multi - tiered network, using highly available firewall clusters.
• Successfully migrated from a Checkpoint based infrastructure to Juniper firewalls ISG 2000s, with integrated IDP, managed using Juniper NSM.
• Designed, implemented and supported network IPS solutions and host based IPS solutions, using Juniper IPS, Sourcefire, IBM ISS SiteProtector (with ProventiaDesktop agents) and McAfee HIPS.
• Designed, implemented and supported web access management solutions, SSO, higher level of authorization (based on two factor authentication mechanisms), load balancing, using CA Siteminder suite (including Siteminder agent for WebSphere and web agent for Apache), integrated with RSA ACE Server, and load balancing using F5 Big-IPs.
• Designed, implemented and supported remote access solutions based on Cisco IPSec clients and VPN 3000 concentrators Designed, implemented and supported network device management solutions using Cisco IOS, Cisco ACS, SNMP, Cisco Works Worked with the compliance group to keep up to date security procedures and standards documents and policy documents.
• Drafted enterprise security standards and guidelines for systems configuration.
• Developed scripts to maintain and backup key security systems.
• Assisted with testing of installed systems and applications to ensure protection strategies are properly implemented and working as intended Recommend preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
• Performed and create procedures for system security audits, penetration-tests, and vulnerability assessments, using IBM ISS Scanner, and Qualys.

Confidential

Network Engineer

Responsibilities:

• Worked as a Network Engineer for this IT consulting company, being involved in multiple projects for multiple clients.
• Developed and implemented security policies including: perimeter security, OS security, antivirus, backup and disaster recovery.
• Deployed and configured firewalls (Cisco PIX, Cisco IOS CBAC, Checkpoint, Watchguard).
• Set up site - to-site and also remote user VPN using IPSec (DES, 3DES, IKE, ESP, AH).
• Implemented authentication solutions (RADIUS, TACACS+, PKI).
• Perform vulnerability assessments using Cisco Secure Scanner and ISS Internet Scanner.
• Installed and configured networking hardware: switches (L3 switching, VLANs), routers (RIP, IGRP, EIGRP, OSPF, BGP, IP, IPX, SNA, DLSW, Frame Relay, PPP, ISDN).
• Compaq, HP and IBM server installation, configuration and management (RAID, clusters).
• Set up and supported network services: www, FTP, DNS, DHCP, WINS, RAS.
• Planned and rolled out Windows 2000 migration. Experienced with Windows 2000 Active Directory.
• Installed, configured and supported application servers: Exchange 5.5 and 2000, SQL Server 7 and 2000, IIS.

Confidential

LAN Administrator

Responsibilities:

• Worked for this medium size ISP company, being in charge with the LAN and WAN set up, configuration and maintenance.
• Maintained and troubleshot company network, implemented on Windows NT 4.0.
• Set up and configured IIS web servers, FTP, DNS, WINS, DHCP, and RAS services, database servers using SQL Server 7, messaging systems using Exchange 5.5.
• Deployed, configured and troubleshoot networking hardware including Cisco routers, switches, hubs.
• Worked with routing protocols RIP, IGRP, EIGRP, OSPF and BGP 4.
• Set up WAN connections using PPP, Frame Relay, xDSL, ISDN, VPN.
• Responsible for backup and disaster recovery (Veritas BackupExec, CA ArcServe).