SUMMARY:

• Experienced Leader with over 16+ years in multiple domains and team management of cyber Security and planning at teh local, regional, and enterprise levels.
• Broad technical knowledge and proven application of analytical processes, with hands - on experience beyond teh technical arena, including emergency operations, physical security, and strategic planning. Design security models, specify security functions, and identify components with which to implement and integrate security features into new and existing enterprise technology infrastructure and business applications. Document user and business requirements for system confidentiality, integrity, and availability. Use these requirements to develop high-level security specifications using security models, implementation targets, and protection profiles.
• An experience in teh area of Cyber/Cloud/Perimeter/endpoint/data/Network & Security Engineering with hands-on experience in managing, administering, engineering large Corporate Cyber Security Infrastructure, SOC & IT Enterprise Security Management. Define teh security features required to support security model specifications. Develop security performance specification and security validation plan, to include metrics for verification of correct implementation and validation of security TEMPeffectiveness.
• Develop security performance specification and security validation plan, to include metrics for verification of correct implementation and validation of security TEMPeffectiveness. Identify tasks required to integrate system security features into existing infrastructure and applications without detriment to system performance. Review security performance metrics and make architecture or engineering adjustments as required to maintain security policy compliance. Conduct thorough post-mortems of all security incidents and engage non-security technology teams where appropriate.
• Define teh security features required to support security model specifications. Evaluate enterprise and application security design alternatives, including but not limited to control enforcement capability, ease of use, and cost. Proactively anticipate security threats and identify areas of weakness in enterprise technology infrastructure and business applications., Conduct reviews of security architecture and platform/service designs, and audit source code.Drive open innovation in product security best practices through industry collaboration.Provide product security-related coaching and mentoring to elevate teh security expertise of development teams.
• Develop in-depth security architecture, design, and coding standards across infrastructure, application, and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements. Perform threat modeling.

PROFESSIONAL EXPERIENCE:

Confidential

Cyber and Cloud Security Architect

Responsabilités:

• Establish a strong knowledge of enterprise cloud environments and cloud service provider platforms including Microsoft Azure, AWS, and Google Cloud Platform and their embedded security, as well as multi - cloud security management technologies
• Identify and evaluate complex business and technology risks and remediation methods to mitigate risks
• Plan and execute client engagements focusing on assessment, review, design, and/or implementation of Cloud infrastructure/platform/software security
• Identify improvement opportunities in teh areas of process efficiency and security including role-based security
• Working knowledge of infrastructure technology including network security, endpoint security, data security, and cyber defense Configuration, deploying, and integratingInfrastructure into technology platforms supported globally.
• Provide Security Architecture for Confidential AWS production services and lead best practice creation and implementation around Credentials/Secrets rotation with AWS Key Management Service.
• Design IAM role-based account with least privilege access for 3rd party SaaS reporting services such as FedRAmp Zones in GCP, IBM Cloud for security compliance.
• Examine current cloud security practices and identify key risks, tan execute programs to address them
• Lead Engineer providing operations with AWS hybrid cloud solutions, GCP cloud based services.
• Proven expertise in building a defense in depth infrastructure security architecture that includes security controls across multiple technology stacks.
• Experience with Infrastructure design, provide strategy solutions with teh roadmap.
• Deep knowledge of network security methodologies Risk assessment frameworks DDoS mitigation strategies Vulnerability management Active threat monitoring Audit and compliance.
• Experience with cloud deployments such as GCP and AWS
• Experience with packet analysis and flow monitoring tools
• Experience with scripting in Python or equivalent to automate operational tasks
• Proficiency with multiple hardware platforms such as Juniper, Arista, and Cisco
• Working knowledge of BGP, MPLS, and RSVP configuration and management
• Working knowledge of load balancing, anycast, and traffic resiliency solutions Understanding of transit relationships and global internet connectivity
• A foundationalunderstanding of CDN, DNS, and TLS, Strong documentation and communication skills
• Communicated teh seriousness of threats and made recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.
• Monitored performance on several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.
• Monitored and analyzed network traffic security systems such as Firewalls, Servers, and Databases using tools such as Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, and web proxy for system vulnerability.
• Developed, tracked, and sustained action plans for teh solution of issues discovered during assessments and audits, and delivered necessary assistance with teh implementation of remediation plans.
• Developed an internal systems security plan about how to handle procedures to isolate and investigate potential information system compromises.
• Assisted internal auditors in completing IT components of audits using computer-assisted audit tools and techniques.
• Implemented Assessment and Authorization (A&A) processes under teh NIST /53A Risk Management Framework (RMF) for new and existing information systems, receiving over eight ATOs.
• Upgraded software, patches, and security patches on dev/test and production.
• Participated in developing and implementing various technology selection approaches including RFIs and RFPs security policies and configuration, to teh maintenance of existing systems.
• Provides day-to-day modernIntegrationsupport for required projects within teh R&D Lab so we can build asolution to document RFP and RFI presentation for management and support group.
• Prior experience in monitoring security systems and reviewing logs for vulnerabilities with SIEM solutions
• Designed and Implemented SMIE "Skybox, Splunk" product provides complete visibility, analytics, and automation to quickly map, prioritize and remediate vulnerabilities across teh organization. And intelligently optimizesecuritypolicies, actions, and change process across all corporate networks and cloud environments.
• Implemented multiple firewall Firewalls/VPNs (Checkpoint, juniper, Palo Alto, Fortinet, Fortigate Cisco, etc.) policies rule management with configuration.
• Complex routing and switching solutions Firewalls/VPNs (Checkpoint, Palo Alto,juniper, Fortinet, Fortigate Cisco, etc.)
• Implementation Zsclaer cloud infrastructure for 30+ site including GRE tunnel as well for private access configuration with Zapp.
• Configuring and Implemented Zsclarer cloud firewall, with Inline DLP with access control rules.
• Integration Zsclaer identity management ZAB with local AD setup to pull all identify and support rules as per teh regional location. implementation of skybox security policy management and Vulnerability Management with support for 60+ site
• Implementation, maintenance, and support of identity and access management services, platforms, and systems, including access provisioning, governance, multifactor autantication, privileged access, HRIS integrations, and data protection systems.
• Foster a spirit of teamwork and unity among department members and provide oversight and direction to associates in accordance with teh organization's policies and procedures.
• Identifies risks of non-compliance and recommend appropriate changes/actions through continuous monitoring and analysis of identity systems and alerts.
• Implantation of firemen firewall optimization and cleanup with Audit readiness.
• Assists with audits supporting clients, regulatory bodies, and internal standards. Actively engages in teh greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to halp identify new technologies, regulations/standards, techniques, and partners.

Security Architect

Responsabilités:

• Expert understanding of SaaS, PaaS, IaaS cloud delivery models, differences between them, and coverage along with teh Shared Responsibility Model
• Good understanding of networking technologies and protocols, including a thorough understanding of teh OSI model and comprehensive knowledge of common protocols and services for levels 2 through 7
• Good understanding of teh system and network security principles
• Good understanding of cyber security threats, trends, and technologies
• Good understanding of terminology relating to risk, IT and security controls, compliance, AAA
• Working knowledge Azure security stack, including Security Center, Azure Monitor, DDoS protection, Key Vault, AIP, Intune, and WAF
• Architecting and designing technical solutions for Microsoft - centric solutions based on industry standards using (Azure) IaaS, PaaS and SaaS capabilities.
• Implemented autantication (SAML/OAuth/OIDC), MFA, JIT, and/or RBAC / Ping etc.
• Knowledge of cloud security controls including tenant isolation, encryption at rest, encryption in transit, key management, vulnerability assessments, application firewalls, SIEM, etc.
• Providing expertise and strategic guidance on critical operations that span multiple systems and groups
• Monitoring, evaluating, and remediating any health concerns of global firewalls and network devices
• Proactively identify gaps, risks, and issues and navigates organizational structure to resolve them.
• Identify automation opportunities as well as areas that can be improved to optimize teh operation, such as documentation and monitoring in fractured with risk management.
• Develop and maintain technical specifications, standards, procedures, and systems documentation
• Research and recommend appropriate technical solutions to meet functional requirements.
• Work with Data Center staff, OIT, and users to perform installations, upgrades, and configuration changes match with global standard.
• Implementationknowledge of Tufin orchestration suite with change Management and Network Security Policy Management.
• Experience communicating and working within cross departmental teams and support groups.
• Designed and Implemented, managed rapid7 Insight and Nexpose suits for vulnerability management of server and desktop, Network security devices.
• Migrated Cisco ASA devices to checkpoint R80.10, 20 with policy conversion using Smarts converter tool.
• Configuring URL filtering and SSL inspection policy and implanted across all sites with SIME logs management
• Implementation Zsclaer cloud infrastructure for 40+ site including GRE tunnel as well for internet and private access configuration with Zapp.
• Configuring and Implemented Zsclarer cloud firewall, DNS with SSL inspection & URL filtering with access control rules.
• Integration Zsclaer logs with SMIE toolset within teh organization. implementation of skybox security policy management and Vulnerability Management with support for 20+ site
• Implementation of cloud security policy TEMPhas been tested and Implementation TEMPhas been done 10+ sites
• Implantation of firemon firewall security policy change Management and Network visibility monitoring as well.
• Designed and Implemented CHECKPOINT R80.10/20, Palo Alto, Juniper Zsclarer Internet Access bundled across 30 sites.
• Monitoring, evaluating, and remediating any health concerns of global network security products.
• Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job s.

Confidential

Security Architect

Responsabilités:

• Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
• Enhances security team s and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
• Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices.
• Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting programs.
• Upgrades security systems by monitoring teh security environment; identifying security gaps; evaluating and implementing enhancements. Conducting regular system tests and ensuring continuous monitoring of network security.

Confidential

Technical Leader and Project Leader

Responsabilités:·

• Manage8 resource team which provided global support for Citi global datacenter security infrastructure.
• Implemented multiple firewall solutions, network security, and information security practices with SIME tools.
• An integralpart of planning, designing, implementing, and troubleshooting complex firewalls, Security devices advanced technologies.
• Experience performing infrastructure technical security assessments.
• Review security and vulnerability advisories assess risk, relevance, priority, and communicate findings
• Identify infrastructure - level vulnerabilities and patches across enterprise-wide assets along with validating successful remediation
• Teh document, prioritize and formally report asset and vulnerability state, along with remediation recommendations
• Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds
• Expert in driving vulnerability management reporting and providing guidance to IT teams in patching and solutions to mitigate security threats
• Design Implemented and configuration of Juniper Net Screen Firewall ISG 1000/2000, SSG series, and NSM Administration.

Global Field Services Engineer

Responsabilités:

• Responsible for teh System and Network Management for more TEMPthan 4000 local and remote system and network devices including design, implementation and 24x7 support
• Initial build for network devices such as switch and backbone configuration.
• Managing router and switch config and monitoring with local Evault application
• Worked on checkpoint R65 firewall for migration Linux and Nokia Box.
• Monitoring 28 sites and a total of 3080 devices including with router and switch with servers.
• Installation & Administration of Microsoft Services like DNS, DHCP, WINS, TCP/IP & IIS
• Selected from team to train on Checkpoint firewall R65 gateway.
• Involved in teh project to rebuild and migrate on teh entire checkpoint gateway

Confidential

System Administrator

Responsabilités:

• Installation, Support & Administration of Windows NT Servers Exchange 2k3 & 2k/2k3 Active Directory
• Implemented virus protection analyst using Symantec Anti - Virus 7.x to 9.x Corporate Edition for 20+ servers with 300+ clients. Install, push to NT, 2000 & XP clients, and administer Symantec System Center.
• Administration of Microsoft Windows NT/2000/2003 Server/Advance Server from scratch including un-boxing, rack mounting, loading of Operating Teh system, deploying with MS
• Involved in teh implementation of teh setup of Domain/DSF etc.
• Involved in Data Management Policy, implementing Data Management Policies and Disaster Recovery Plans that define Recovery Point Objective (RPO) and define Recovery Time Objective (RTO).
• Ensured that teh Security Assessment and Authorization process followed teh National Institute of Standards and Technology (NIST) Special Publication (SP) 800.
• Read teh safeguard of Controlled Unclassified Information (CUI) memorandum and understand that information that resides in nonfederal systems and corporations is of vital significance to federal agencies and directly impacts teh capability of teh federal agencies to TEMPeffectively perform its designated operations and business processes.

Confidential

System Administrator

Responsabilités:

• Handling 800 HP/Compaq desktops/Laptops & 20 servers.
• 500 Users are connected to teh Domain from various office locations
• Creating user Id s in Active Directory & Creating Mail ids on Exchange server 2000
• Performing daily backup activities through VERITAS backup software Working for desktop HP Compaq, Dell