Information Security Consultant Resume
SUMMARY:
- A Solutions - oriented Information Security Specialist with 15+ years experience in directing and managing broad range of IT projects while participating in planning, analysis, implementation and support of complex network and designing security policies.
- Hands-on experience on leading security technologies Firewalls, IPS, VPN, Log Analysis and Directory services, including requirement definition, design, testing, troubleshooting and support.
TECHNICAL SKILLS:
Hardware: Palo Alto Firewalls (5060, 3020, 500), Panorama M - 100, Nokia(Check point), Check Point 21K, VSX-9070 & 3070, NetScreen, Sidewinder, ASA and PIX Firewalls Check Point SmartEvent, Netscreen IDP, Mecafee Intrushield, Tippingpoint and Proventia IDS/IPS.
Cisco Routers and switches: Bluecoat proxy 8100Sun Sparc and Ultra, IBM XseriesHP Prolient and Dell Power edge
Servers: SIEM - Trustwave SAN - EMC Clarion CX 500Tape Library - StorageTek F5-8950, Cisco ACE20/30. Citix SDX 11515.
Operating Systems: Microsoft Windows 2000 & 2003, Red Hat Linux 6.x & 7.x and Solaris 7, 8
Software: PAN OS, Check Point Provider-1, VSX NGX R75/65, MS ISA server and Astro software firewalls
WORK EXPERIENCE:
Confidential
Information Security Consultant
Responsibilities:
- Working as Information Security Analyst on teh projects, understanding business requirements and assist in defining and driving security architecture design and technical strategies that align with corporate security vision.
- Developing and documenting information security policies, strategies, guidelines and procedures for network and application firewalls, proxies and gateway security.
- Represent in PCI DSS Compliance and Reporting.
- Work on Internal Audit for access to data and computer resource.
- Providing consulting services to business areas. Understanding key concepts related to TCP/IP, traffic analysis, Stateful Inspection, heuristic pattern matching, aggregation/reporting of intrusion events, event correlation and anomaly detection.
- Working as level-3 engineer to design and implement firewalls, IPS, and proxy technologies to secure networks within teh company and from vendors.
- Designed and Implemented Palo Alto firewalls (5060, 3020) and Panorama architecture.
- Implemented SSL decryption and security profiles on Palo Alto firewalls to inspect and protect network from malicious traffic.
- Migrated security policies and traffic from Check Point and Cisco firewalls to Palo Alto firewalls.
- Designed, installed and configured Tippingpoint IPS(S5200NX, S6200NX) to prevent network attacks.
- Monitor day to day alerts and tune Tippingpoint IPS profile.
- Designed and implemented Citrix Netscaler gateway with SSL VPN and VDI infrastructure solution for vendor desktop solution (BYOD).
- Involved in designing and implementation of SIEM (Qradar, Trustwave) centralized logging architecture for analysis, correlation of events, to generate reports and integrating with ticketing system to generate alerts.
- Designed and implemented Provider-1 management station on secure platform to manage multiple Check Point VSX clusters. Configured 50 CMAs to manage multiple virtual firewalls.
- Designed and implemented 5 different VSX clusters with 4 Secure Platform 9070 firewall members in each cluster.
- Migrated 50 different firewalled environments from individual firewalls to Check Point VSX cluster virtual firewalls.
- Designed and implemented ASA 5580 firewalls in active/active mode and configured multiple contexts. Moved different EDZ environments to virtual contexts in 4 different data centers.
- Implemented Cisco ASA Distribution Layer Isolation firewalls for isolating vendor traffic from corporate network. Isolated different vendor networks behind these firewalls.
- Built VPN tunnels between ASA firewalls and Cisco 7200 routers to vendor devices.
- Working on standards and emerging technologies for wireless security.
- Analyzing and reviewing access-controls lists and firewall changes.
- Working on Network Security devices issues/problems escalated by Security operations team
- Providing mentoring and guidance to team members on network security areas of expertise
- Communicating lessons learned or best practices to team members
- Submitting lessons learned or best practices for publishing within noledge repository when teh potential for reuse in other areas exists
- Creating any documentation necessary to support, sustain, or reinforce noledge sharing activities and ensuring it is stored where teh team can access it. (ex: job aids, process and procedure, documentation, contact lists, background on strategy decisions, etc.)
Confidential
Information security Engineer
Responsibilities:
- Worked as security engineer in firewall engineering team for MSS group.
- Provisioned Check Point (Nokia, Secure Platform, Solaris), PIX, Netscreen and ISS-Proventia firewalls remotely and onsite.
- Installed and configured different firewalls with stand-alone and high availability configuration based on environment and customer requirements.
- Configured site-site and site-client VPN on different firewall platforms.
- Worked on firmware and hardware upgrades of different firewalls.
- Resolving problems escalated by SOC analysts to engineering team
- Preparing documents and noledge tips to help SOC analysts to resolve problems quickly.
- and guiding SOC analysts to provide better support to clients.
Confidential
Security Engineer
Responsibilities:
- Installation and Configuration of NetScreen and PIX firewalls with high availability. Checking teh logs regularly for any attacks and doing day to day activities on teh firewalls.
- Installed and configured Tipping Point IPS for improving network security.
- Installed and configured Security Event Management system to collect logs from all servers, network devices, security devices and application for log analysis.
- Keep update with patches for all teh servers and applications. Testing teh newly released patches in teh test environment. And making sure that all teh servers updated.
- Hardening all windows 2003 servers, Domain controllers, web servers, database servers and Exchange servers based on teh role of teh server.
- Implemented Trend Micro enterprise solution (office scan, server protect, IMSS, emanager, mailscan) for protecting from virus at gateway level and server/desktop level. Looking after day to day problems with virus in teh organization.
- Implemented gateway to client VPN solution using NetScreen firewall and remote VPN client.
- Implemented two factor authentication for MicroClear application using RSA ACE server.
- Installed and configured Netscaler for web application acceleration and SSL offloading.
- Conducted network performance assessment and vulnerability assessment for Kuwait General Administration and Customs.
- Designed and Implemented internal Authority solution using MS windows 2003 server for issuing server and client s to access various services through out organization.
- Implemented change management and request management process for entire organization.
- Developed Information Security policies, standards and procedures and drafted process flow diagrams.
- Implemented developed policies and procedures in coordination with various departments in teh organization.
- Developed and organized security awareness across teh enterprise.
Confidential
Systems Engineer
Responsibilities:
- Installation and configuration of wide varieties of Network equipments such as Cisco Routers, Switches (Cisco & Motorola), RAS servers, Terminal servers, etc. according to client requirements.
- Designed and Implemented Complete setup for online telephone bill payment system, which includes gathering requirements, designing servers and network architecture.
- Implemented secured network setup for BSNL Portal using Check Point & MS ISA Firewall, VPN and Norton Antivirus enterprise solution.
- Implemented secured messaging solution for BSNL Portal.
- Performed technical sales, installation, configuration, and post sales support.
- Supervised team of five engineers overseeing daily operations of teh IS/WAN operations.
- Installed and managed local and wide area networks for various clients.
- Implemented Intrusion Detection or Prevention system solutions for various clients using Juniper IDP, Tipping Point Unity one IPS, Mcafee Intrushield or Snort.
- Support IT Infrastructure for various banks, financial institutions, FMCG companies and supply chains.
- Conducted network performance assessments and vulnerability assessments for various clients.
- Deliver teh SLA commitments as per teh principles of ITIL.
- Implemented various backup solutions for clients.
- Interact with customer and meet their expectations beyond teh SLA.
- Manage teh Team Members’ deliverables/expectations.
- Manage escalated issues related to Day-to-day operations.
Confidential
Information Security Engineer
Responsibilities:
- Design and implementation of various state-of-art security projects at client locations.
- Designed and Implemented internal Authority solution using MS windows 2000 server for issuing server and client s to access various services through out organization.
- Designed and Implemented RSA keon CA for various clients for secure access to web services and messaging solutions.
- Provided VPN solutions for various clients.
- Implemented gateway to gateway and gateway to client VPN solutions using check point, Netscreen and PIX firewalls.
- Implemented SSL which uses asymmetric cryptography for handshake and symmetric cryptography for encryption on MS IIS and apache web servers.
- Implemented Secure mail access solutions using PGP for various clients.
- Implemented wireless security solutions for various clients.
- Member of teh SUN Knowledge Management Team, Access Control System Knowledge Management Team and Penetration Testing Knowledge Management Team.
- Keep abreast with teh latest hacker exploits and teh incident response measures taken by teh receiving end & contribute teh same to Knowledge Management repository.
- Constantly getting updated about teh latest emerging technologies and ongoing trends around teh world in teh field of security.
Confidential
Customer Support Engineer
Responsibilities:
- Maintaining and administering teh network.
- Monitoring teh network access and performance for various clients.
- Configured access control using Windows NT authentication systems, windows 2000 Active directory or Linux for various clients.
- Implemented single sign on solutions using Kerberos, Microsoft Identity management and e-trust single sign on solutions.
- Configured Kerberos cross realm authentication between windows 2000 AD and Linux.
- Configured access control to network devices like switches and routers using internal authentication database and RADIUS server database.
- Provided dial-in remote access solutions for various clients using Cisco remote access server and Cistron and Windows 2000 RADIUS servers.
- Configured remote access authentication, authorization and accounting using various RADIUS servers.
- Configured two factor authentication for accessing secure applications using RSA secure ID tokens integrated with windows 2000 AD.
- Configured two factor authentication for accessing network devices remotely using RSA secure ID tokens.
- Installed and configured web servers like MS IIS, Apache, and IPlanet.
- Designed, implemented, and supported local area networks
- Designed, implemented, and supported disaster recovery procedures
- Testing, Planning and Implementation of new technologies.
- Implemented software/hardware based RAID solutions for various clients based on teh requirements.
- Managing Network Security and infrastructure solutions including Firewall, VPN and Anti-Virus.
- Assist clients on various network design and security queries pertaining to teh organization.