SUMMARY:

• A Solutions - oriented Information Security Specialist with 15+ years experience in directing and managing broad range of IT projects while participating in planning, analysis, implementation and support of complex network and designing security policies.
• Hands-on experience on leading security technologies Firewalls, IPS, VPN, Log Analysis and Directory services, including requirement definition, design, testing, troubleshooting and support.

TECHNICAL SKILLS:

Hardware: Palo Alto Firewalls (5060, 3020, 500), Panorama M - 100, Nokia(Check point), Check Point 21K, VSX-9070 & 3070, NetScreen, Sidewinder, ASA and PIX Firewalls Check Point SmartEvent, Netscreen IDP, Mecafee Intrushield, Tippingpoint and Proventia IDS/IPS.

Cisco Routers and switches: Bluecoat proxy 8100Sun Sparc and Ultra, IBM XseriesHP Prolient and Dell Power edge

Servers: SIEM - Trustwave SAN - EMC Clarion CX 500Tape Library - StorageTek F5-8950, Cisco ACE20/30. Citix SDX 11515.

Operating Systems: Microsoft Windows 2000 & 2003, Red Hat Linux 6.x & 7.x and Solaris 7, 8

Software: PAN OS, Check Point Provider-1, VSX NGX R75/65, MS ISA server and Astro software firewalls

WORK EXPERIENCE:

Confidential

Information Security Consultant

Responsibilities:

• Working as Information Security Analyst on teh projects, understanding business requirements and assist in defining and driving security architecture design and technical strategies that align with corporate security vision.
• Developing and documenting information security policies, strategies, guidelines and procedures for network and application firewalls, proxies and gateway security.
• Represent in PCI DSS Compliance and Reporting.
• Work on Internal Audit for access to data and computer resource.
• Providing consulting services to business areas. Understanding key concepts related to TCP/IP, traffic analysis, Stateful Inspection, heuristic pattern matching, aggregation/reporting of intrusion events, event correlation and anomaly detection.
• Working as level-3 engineer to design and implement firewalls, IPS, and proxy technologies to secure networks within teh company and from vendors.
• Designed and Implemented Palo Alto firewalls (5060, 3020) and Panorama architecture.
• Implemented SSL decryption and security profiles on Palo Alto firewalls to inspect and protect network from malicious traffic.
• Migrated security policies and traffic from Check Point and Cisco firewalls to Palo Alto firewalls.
• Designed, installed and configured Tippingpoint IPS(S5200NX, S6200NX) to prevent network attacks.
• Monitor day to day alerts and tune Tippingpoint IPS profile.
• Designed and implemented Citrix Netscaler gateway with SSL VPN and VDI infrastructure solution for vendor desktop solution (BYOD).
• Involved in designing and implementation of SIEM (Qradar, Trustwave) centralized logging architecture for analysis, correlation of events, to generate reports and integrating with ticketing system to generate alerts.
• Designed and implemented Provider-1 management station on secure platform to manage multiple Check Point VSX clusters. Configured 50 CMAs to manage multiple virtual firewalls.
• Designed and implemented 5 different VSX clusters with 4 Secure Platform 9070 firewall members in each cluster.
• Migrated 50 different firewalled environments from individual firewalls to Check Point VSX cluster virtual firewalls.
• Designed and implemented ASA 5580 firewalls in active/active mode and configured multiple contexts. Moved different EDZ environments to virtual contexts in 4 different data centers.
• Implemented Cisco ASA Distribution Layer Isolation firewalls for isolating vendor traffic from corporate network. Isolated different vendor networks behind these firewalls.
• Built VPN tunnels between ASA firewalls and Cisco 7200 routers to vendor devices.
• Working on standards and emerging technologies for wireless security.
• Analyzing and reviewing access-controls lists and firewall changes.
• Working on Network Security devices issues/problems escalated by Security operations team
• Providing mentoring and guidance to team members on network security areas of expertise
• Communicating lessons learned or best practices to team members
• Submitting lessons learned or best practices for publishing within noledge repository when teh potential for reuse in other areas exists
• Creating any documentation necessary to support, sustain, or reinforce noledge sharing activities and ensuring it is stored where teh team can access it. (ex: job aids, process and procedure, documentation, contact lists, background on strategy decisions, etc.)

Confidential

Information security Engineer

Responsibilities:

• Worked as security engineer in firewall engineering team for MSS group.
• Provisioned Check Point (Nokia, Secure Platform, Solaris), PIX, Netscreen and ISS-Proventia firewalls remotely and onsite.
• Installed and configured different firewalls with stand-alone and high availability configuration based on environment and customer requirements.
• Configured site-site and site-client VPN on different firewall platforms.
• Worked on firmware and hardware upgrades of different firewalls.
• Resolving problems escalated by SOC analysts to engineering team
• Preparing documents and noledge tips to help SOC analysts to resolve problems quickly.
• and guiding SOC analysts to provide better support to clients.

Confidential

Security Engineer

Responsibilities:

• Installation and Configuration of NetScreen and PIX firewalls with high availability. Checking teh logs regularly for any attacks and doing day to day activities on teh firewalls.
• Installed and configured Tipping Point IPS for improving network security.
• Installed and configured Security Event Management system to collect logs from all servers, network devices, security devices and application for log analysis.
• Keep update with patches for all teh servers and applications. Testing teh newly released patches in teh test environment. And making sure that all teh servers updated.
• Hardening all windows 2003 servers, Domain controllers, web servers, database servers and Exchange servers based on teh role of teh server.
• Implemented Trend Micro enterprise solution (office scan, server protect, IMSS, emanager, mailscan) for protecting from virus at gateway level and server/desktop level. Looking after day to day problems with virus in teh organization.
• Implemented gateway to client VPN solution using NetScreen firewall and remote VPN client.
• Implemented two factor authentication for MicroClear application using RSA ACE server.
• Installed and configured Netscaler for web application acceleration and SSL offloading.
• Conducted network performance assessment and vulnerability assessment for Kuwait General Administration and Customs.
• Designed and Implemented internal Authority solution using MS windows 2003 server for issuing server and client s to access various services through out organization.
• Implemented change management and request management process for entire organization.
• Developed Information Security policies, standards and procedures and drafted process flow diagrams.
• Implemented developed policies and procedures in coordination with various departments in teh organization.
• Developed and organized security awareness across teh enterprise.

Confidential

Systems Engineer

Responsibilities:

• Installation and configuration of wide varieties of Network equipments such as Cisco Routers, Switches (Cisco & Motorola), RAS servers, Terminal servers, etc. according to client requirements.
• Designed and Implemented Complete setup for online telephone bill payment system, which includes gathering requirements, designing servers and network architecture.
• Implemented secured network setup for BSNL Portal using Check Point & MS ISA Firewall, VPN and Norton Antivirus enterprise solution.
• Implemented secured messaging solution for BSNL Portal.
• Performed technical sales, installation, configuration, and post sales support.
• Supervised team of five engineers overseeing daily operations of teh IS/WAN operations.
• Installed and managed local and wide area networks for various clients.
• Implemented Intrusion Detection or Prevention system solutions for various clients using Juniper IDP, Tipping Point Unity one IPS, Mcafee Intrushield or Snort.
• Support IT Infrastructure for various banks, financial institutions, FMCG companies and supply chains.
• Conducted network performance assessments and vulnerability assessments for various clients.
• Deliver teh SLA commitments as per teh principles of ITIL.
• Implemented various backup solutions for clients.
• Interact with customer and meet their expectations beyond teh SLA.
• Manage teh Team Members’ deliverables/expectations.
• Manage escalated issues related to Day-to-day operations.

Confidential

Information Security Engineer

Responsibilities:

• Design and implementation of various state-of-art security projects at client locations.
• Designed and Implemented internal Authority solution using MS windows 2000 server for issuing server and client s to access various services through out organization.
• Designed and Implemented RSA keon CA for various clients for secure access to web services and messaging solutions.
• Provided VPN solutions for various clients.
• Implemented gateway to gateway and gateway to client VPN solutions using check point, Netscreen and PIX firewalls.
• Implemented SSL which uses asymmetric cryptography for handshake and symmetric cryptography for encryption on MS IIS and apache web servers.
• Implemented Secure mail access solutions using PGP for various clients.
• Implemented wireless security solutions for various clients.
• Member of teh SUN Knowledge Management Team, Access Control System Knowledge Management Team and Penetration Testing Knowledge Management Team.
• Keep abreast with teh latest hacker exploits and teh incident response measures taken by teh receiving end & contribute teh same to Knowledge Management repository.
• Constantly getting updated about teh latest emerging technologies and ongoing trends around teh world in teh field of security.

Confidential

Customer Support Engineer

Responsibilities:

• Maintaining and administering teh network.
• Monitoring teh network access and performance for various clients.
• Configured access control using Windows NT authentication systems, windows 2000 Active directory or Linux for various clients.
• Implemented single sign on solutions using Kerberos, Microsoft Identity management and e-trust single sign on solutions.
• Configured Kerberos cross realm authentication between windows 2000 AD and Linux.
• Configured access control to network devices like switches and routers using internal authentication database and RADIUS server database.
• Provided dial-in remote access solutions for various clients using Cisco remote access server and Cistron and Windows 2000 RADIUS servers.
• Configured remote access authentication, authorization and accounting using various RADIUS servers.
• Configured two factor authentication for accessing secure applications using RSA secure ID tokens integrated with windows 2000 AD.
• Configured two factor authentication for accessing network devices remotely using RSA secure ID tokens.
• Installed and configured web servers like MS IIS, Apache, and IPlanet.
• Designed, implemented, and supported local area networks
• Designed, implemented, and supported disaster recovery procedures
• Testing, Planning and Implementation of new technologies.
• Implemented software/hardware based RAID solutions for various clients based on teh requirements.
• Managing Network Security and infrastructure solutions including Firewall, VPN and Anti-Virus.
• Assist clients on various network design and security queries pertaining to teh organization.