SUMMARY

• 9.10 years of Information security experience on Network Security Integrations, Implementation, Operation Support, Vulnerability assessment, Development and implementation of IT processes aligned wif business objectives for TEMPeffective security management.
• Designed and implemented network & system Security solutions like Firewalls (Cisco, Confidential, Juniper and Checkpoint), anti - virus solutions and UTM solutions.
• Designed and deployed Cisco network routers and switches.
• Designed and implemented Skybox firewall and network compliance assurance as a risk Management solution
• Experienced wif Vulnerability Assessments wif various tools like QualysGuard, Rapid7 Nexpose, NMap, Nessus and packet sniffers like Etherial
• Integration of TACACS+, LDAP Autantication & Access Controls wif teh security devices like Confidential, Checkpoint and Cisco firewalls
• Experience in performing detailed technical network security evaluations and recommendations via vulnerability Management.
• Adept in conceptualizing, analyzing software system needs, evaluating end-user requirements, custom designing solutions & troubleshooting for complex software systems.
• Designed and implemented network & system monitoring test solutions on Log logic and RSA envision
• Expertise in teh area of Networking concepts such as TCP/IP, BGP, OSPF, RIP, IGRP, EIGRP, PPP, L2TP,IPSec, Wi-Fi, 802.11a, 802.11b, VPN, MPLS, NAT, Cable modem.
• Experience in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure, routing protocols & packet flow.
• Designed security policies adhering to regulatory compliances like PCI DSS and NIST

TECHNICAL SKILLS:

Operating Systems: Windows NT / 2000 / XP, Linux, Cisco IOS

Networking: TCP/IP, Routing Protocols (RIP, OSPF, BGP, IGRP, EIGRP), PPP, PPTP, L2TP, NAT, IPSec, H.323, SS7, SGCP, MGCP.LAN, WAN, WLAN, VPN, Frame Relay, Ethernet, Ether Channel, RIP, EIGRP, OSPF, BGP, ACL, NAT, STP, VTP, VLAN, HSRP, GLBP, VoIP, multicast protocols, ISIS, LDP, IPSEC, L2TP

Network Hardware: Cisco Routers/Switches/PIX/FWSM/ASA, Confidential and Check Point Firewalls

Security: Access Lists, SSH, 3DES, RAIDIUS/TACACS, IPSEC

Risk Assessment: Skybox & Checkpoint Tufin

Vulnerability Assessment: Qualys Guard, Rapid7 Nexpose, Nmap, Nessus

SIEM Technologies: Arc sight, Log Logic, and RSA Envision

Databases: DB2, ORACLE, SYBASE AND MS SQL 2005

Trust Based Security: Bit 9

Web Application Firewall: F5 ASM

File Integrity monitoring: Tripwire

Web Proxy: Cisco Iron port

Intrusion Detection (IDS/IPS) technologies: SourceFire and Deep Security

PROFESSIONAL EXPERIENCE

Confidential, MN

Responsibilities:

• Provide technical leadership on Checkpoint firewall risk assessments
• Drive technical vision throughout program development, direction and ultimately successful implementation
• Responsible for conception of solutions, building consensus and teh selling of such solutions to senior level leadership
• Drive teh creation of new firewall standards and best practices based on proof of concepts, communicate and drive adoption of those firewall standards across teh technical community
• Conduct firewall security risk assessments and analyse vendor remediation efforts for security violations

Confidential, MN

Responsibilities:

• Designed and implemented Checkpoint and Cisco firewall solutions.
• Implemented security policies on firewalls adhering to Change management process.
• Performed audits on Check point firewalls for teh unused rules and objects using Tuffin reports.
• Worked on implementing all valid firewall rules from existing data centre to new data centre check point firewalls.
• Troubleshooting packet flow using TCP dump and firewall logs.
• Co-ordinating wif team for teh patch updates and policy push on firewalls.
• Handling web proxy work intake and assisting teh team wif analysis and troubleshooting.
• Provide sponsored guest access to teh network devices as per teh change requests.
• Validate teh status and activity history of current sponsored user accounts and device access.
• Integrate new network devices wif Beacon and validate teh current status of teh devices on teh network.
• Helping teh on call support teams wif investigation on intrusions as and when teh incidents occur.
• Developing and updating security process and procedure manual covering all security aspects of services approved.

Confidential, MN

Responsibilities:

• Worked as a security consultant and managing Vulnerability Management program using vulnerability scanners QualysGuard and Rapid7 Nexpose.
• Designed and implemented QualysGuard and Nexpose scanner deployment in teh data centre and its procedures for day-to-day operations.
• Automated on tracking teh vulnerabilities detected across client’s infrastructure and getting them fixed wifin SLA.
• Streamlined teh scanning process for teh organization’s critical assets at data centres and stores ensuring to mitigate teh service interruption based on teh time zones of teh physical location of teh critical assets.
• Analysed teh threat and potential impact of teh identified vulnerabilities on teh client’s infrastructure and reported to teh stake holders wif teh importance of fixing teh vulnerabilities and securing teh assets from unauthorized access and mitigate teh potential exploits.
• Recommended Security patches for technologies like Microsoft, Cisco, Oracle, SUN, HP devices, etc,
• Performed ad-hoc scans of teh identified vulnerabilities as a part of remediation.
• Played a key role on evaluating teh Rapid7 Nexpose Scanner as a replacement solution.
• Reported to teh management on teh vulnerability statistics of teh client’s infrastructure on weekly basis.
• Stored all teh reports and vulnerability data on a secure asset for teh Internal and PCI audit purpose.
• Worked wif various teams on teh vulnerability assessment of teh new deployments of teh critical assets and advised teh teams about its importance as part of teh compliance requirements.
• Followed leading threat advisories (CERT, ISC SANS, ISS X-Force, Bugtraq) for threat analysis and vulnerability management.
• Designed, implemented and maintained Skybox Assure to perform Firewall and Network Compliance Audits.
• Designed and evaluated access policy rules on Skybox Assure to accommodate corporate policy controls.
• Generated monthly Firewall and Network compliance audit reports and published it to management.
• Performed follow-ups on remediation wif stake holders on Firewall and Network compliance deviations from corporate policy.
• Performed ad-hoc Firewall and Network compliance audits.
• Created Models and traffic simulations and presented results as part of overall architecture directions.
• Constructed proof-of-concept designs and lab prototypes wif initial software releases from vendors.
• Documented on Skybox deployment and its procedures for day-to-day operations.
• Co-ordinated wif monitoring team for creating correlated security alerts on teh vulnerable assets. Created teh custom dashboards, filters and alerts using Arc sight.
• Performed troubleshooting on connectivity issues between connectors, logger, Arcsight ESM and databases.

Confidential

Responsibilities:

• Worked as module lead on handling 3rd level Incident management/ Change management tickets.
• Performed analysis and changes on firewalls adhering to change management
• Performed follow-ups wif Network team to complete mandatory security tasks.
• Co-ordinated wif client for teh patch updates on firewalls (Checkpoint, Cisco PIX, ASA & FWSM)
• Generated reports on current firewall policy to publish on customer portal.
• Routing related tasks included providing Cisco router configuration and change management, providing technical support for Cisco Router configurations and installation for Customer. Configuring IP RIP, EIGRP, OSPF and BGP. Configuring routing policy for BGP.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches, Configuring CGMP, IGMP and PIM. Configuring access servers to perform reverse telnet and configuring AAA and Configuring custom and priority queuing for frame relay.
• Investigated incidents to determine nature of intrusion, extent of security compromise to mitigate teh amount of damage.
• Performed signature fine tuning on IPS devices to reduce teh noise.
• Performed security audits on firewalls in Client networks on quarterly basis.
• Co-ordinated wif onsite team for teh SIP activities.
• Maintained IT security documentation & procedure manual covering all security aspects of services provided

Confidential

Responsibilities:

• Worked as security analyst on Oracle audit vault logger: - Its Product analysis - initial investigation. Analysis of collection mechanism for log messages generated by device/systems/applications based on teh compliance categories like HIPAA etc.
• Installed and created MSSQL database in order to generate teh security logs.
• Configured trace files on teh MSSQL database for teh log data.
• Generated various audit and operational events in MSSQL.
• Extracted teh trace file data into teh human readable format using teh tool called Lasso.
• Performed MSSQL schema mapping to teh Oracle Audit Vault schema in order to log teh events in to appropriate fields.
• Created User documentation for teh new device support added to Audit Vault Appliance.
• Created Log Library simulating Enterprise level Production Environments
• Teh project involved an audit and evidence collection of teh information security weaknesses at client’s infrastructure (GCC) wherein performed internal network penetration test.
• Performed internal Network Architecture review & design to find out security policy implementation flaws.
• Conducted Application security assessment on critical applications, servers, network devices using NMAP, LanGuard, Nessus and provided recommendations to fix identified vulnerabilities.
• Presented security flaws and recommendations to top management and also delivered detailed reports on teh same.

Confidential

Responsibilities:

• Worked as technical support engineer on 2nd Level resolution of escalations from Business Customers and root cause analysis of teh escalated problems.
• Planning and simulating scenarios for new customers in a lab environment before implementing in a live network.
• Configured VPN tunnel between Confidential and Check point firewalls.
• Configured IDS/IPS and Firewall features on different models of Confidential firewall.
• Designed and configured High Availability / hardware failover.
• Designed and configured Confidential as L2TP server.
• Designed and configured Confidential to pass through teh pptp connections,
• Designed and configured Confidential to Hub and Spoke vpn setups.
• Designed and configured teh Confidential to route all teh internet traffic through teh VPN tunnels.
• Performed audits on clients Network architecture design and implementation
• Upgraded teh Firmware & patches of teh client’s firewalls ( Confidential )