PROFESSIONAL SUMMARY:

• IT Security Professional with over fifteen years of professional experience and proven ability to manage & implement enterprise level projects including Information Security
• Strategy Design, Security Process Framework and Policies Development, Information Security Awareness Programs, Information Security Risk Assessments, Implementation and Design of IT & Security Systems, based on organizations requirements

TECHNICAL SKILLS:

Security Architecture: frameworks based on NIST, COBIT, ISO27001/2 standards

Firewalls: Juniper, Cisco ASA, Checkpoint, Fortinet, Palo Alto, WatchGuard, Sonicwall

WAF: F5 ASM

Proxies: BlueCoat

Cloud: AWS, Azure, CASB

Load balancers: F5 BigIP LTM and GTM, Radware

SIEM: Splunk, LogRhythm, Industrial Defender ASM

Web Access Management: CA Siteminder

Intrusion Detection and Prevention: Cisco IDS, Juniper IPS, Sourcefire, ISS SiteProtector with ProventiaDescktop, McAfee HIPSDLP: Symantec, McAfee, Symantec, Varonis

File integrity: CarbonBlack Bit9

Malware Protection: Symantec SEP, FireEye, McAfee EPO

Vulnerability Assessment/Penetration Testing: ISS Scanner, Qualys, Nessus

VPN: Cisco VPN Concentrators and ASA, SSL VPN, Juniper VPN, IPSec clients

Access Controls: Cisco ACS (TACACS+, RADIUS), RSA ACE Server (two factor authentication)IPCisco routers and switches (install and configure)

Routing protocols: RIP, EIGRP, OSPF, BGPWAN: HDLC, PPP, Frame - Relay, ISDN

Monitoring: SNMP, SYSLOG, PRTG

Other Protocols: DNS, DHCP, SMTP, NTP, WINS, LDAP, FTP, SSH, POP3

Unix: Sun Solaris, LinuxWindowsMicrosoft OfficeMicrosoft VisioMicrosoft SQL Server

PROFESSIONAL EXPERIENCE:

Confidential

Senior Network/Security Engineer

Responsibilities:

• Provide expertise in security architecture, maintain and monitor existing infrastructure, including Malware, IDS, DLP, SIEM, APT, vulnerability management, firewalls and NAC.
• Support the firewall infrastructure, including the B2B VPN connectivity
• Help develop operational hand books for existing technologies
• Work closely with the security team to identify weak links in the company s security state and plan for improvments/remediations
• Assist with remediation efforts following security incidents

Confidential

Senior Cyber Security Engineer

Responsibilities:

• Provide network and security support and expertise for a large cyber security project.
• Design and implement a new redundant firewall infrastructure.
• IDS/IPS design and implementation, along with a new SIEM solution
• Design and implement new log management solution
• Design and implement new switching and routing networks
• Document solutions, configurations and implementation processes (Microsoft Visio, Office).

Confidential

Senior Network/Security Engineer

Responsibilities:

• Provide network and security support and expertise for a large scale VPN and Firewall technology refresh. Firewall security policy conversions from one firewall technology to another.
• Design and implement a new firewall management infrastructure.
• Firewall and VPN design in a high availability, redundant multi datacenter implementation.
• Work with external business partners for VPN migrations.
• Load balancing solutions for applications, services and also for multiple firewalls clusters, using F5 LTM and GTM and Radware technologies.
• Logs management and firewall policies management solutions ( Splunk and SecureTrack Tuffin)
• Design and deploy B2B VPN solutions based on IPsec tunnels in route mode, BGP over GRE or BGP over IPsec Configurations.
• Document solutions, configurations and implementation processes (Microsoft Visio, Office).

Confidential

Network/Security Consultant

Responsibilities:

• Provided network and security support and expertise for a network rebuilt project, a large financial company outsourcing to AT&T, actively supporting the firewall infrastructure and the load - balancing infrastructure.
• Supported new firewall implementations, using Juniper, Cisco ASA and Fortinet firewall technologies; new installs/upgrades, firewall rules management using device specific management software like Cisco ASDM, Juniper NSM and Fortinet FortiManager, troubleshooting traffic flows, using log management tools such as Splunk, and firewalls rules management using Tufin SecureTrack.
• Supported the load-balancing infrastructure using F5 LTMs and GTMs: new installs/upgrades, implemented new VIPs for various applications, in an HA and multiple datacenters configurations, troubleshooting incidents or outstanding issues in the Test/Dev environments, SSL offloading.
• Worked with change management tools such as ServiceNow to follow company's strict procedures when it comes to infrastructure changes.

Confidential

Network/Security Consultant

Responsibilities:

• Provided network and security support and expertise for a large scale LAN standardization project, bringing the client s old LAN configuration to a new PCI compliant standard, including new managed firewall, IPS, VPN and web filtering technologies.
• Supported new firewall implementations, using Juniper firewall technologies, including security zones design, NAT solutions, and traffic screening.
• VPN implementations: site to site VPNs in a hub and spokes scheme using dynamic VPN technologies, remote user VPN using SSL VPN solutions.
• Web filtering solutions using the cloud based Websense services.
• Host based IPS and network IPS, with local data collectors and remote SEIM integration.
• Created remote access policies, including role based access on the VPN gateways, using the existing client s AD infrastructure.
• Two factors authentication and authorization solutions.
• Documented solutions, configurations and implementation processes (Microsoft Visio, Office).

Confidential

Network/Security Consultant

Responsibilities:

• Provided network and security support and expertise for new CRM and student portal projects.
• The client had two large projects to replace old CRM and student portal applications with new products. Provided support and expertise for network and security aspects of the projects.
• There were multiple new products and technologies, as well as interaction with multiple outside business partners, and created a challenging environment.
• Designed, implemented and supported load balancing solutions for diverse application using F5 technology (BIGIP LTM). This required an in - depth knowledge of how the web applications work, traffic flows and patterns, working directly with different application support groups and developers to create the optimal load balancing, persistence and security solutions.
• Designed, implemented and supported firewall rules and configurations to support traffic flows, compliance with security policies, using Juniper firewall technologies (ISG/SSG firewalls).
• Designed, implemented and supported IDP/IPS solutions and configurations using Juniper integrated IPS technology.
• Designed, implemented and supported PKI solution for SSL s required by many of the web applications and also user s for custom user authentication solutions.
• Participated in load and functional testing, create baselines for network and security devices.
• Documented solutions, configurations and implementation processes (Microsoft Visio, Office).

Confidential

Senior Information Security Engineer/Architect

Responsibilities:

• Provided technical leadership to the enterprise for the information security program.
• Designed, implemented and maintained security solutions around infrastructure and applications, in a mission critical, highly available and highly regulated financial environment.
• Designed, implemented and supported network firewalls solutions for complex multi - tiered network, using highly available firewall clusters.
• Successfully migrated from a Checkpoint based infrastructure to Juniper firewalls ISG 2000s, with integrated IDP, managed using Juniper NSM.
• Designed, implemented and supported network IPS solutions and host based IPS solutions, using Juniper IPS, Sourcefire, IBM ISS SiteProtector (with ProventiaDesktop agents) and McAfee HIPS.
• Designed, implemented and supported web access management solutions, SSO, higher level of authorization (based on two factor authentication mechanisms), load balancing, using CA Siteminder suite (including Siteminder agent for WebSphere and web agent for Apache), integrated with RSA ACE Server, and load balancing using F5 Big-IPs.
• Designed, implemented and supported remote access solutions based on Cisco IPSec clients and VPN 3000 concentrators Designed, implemented and supported network device management solutions using Cisco IOS, Cisco ACS, SNMP, Cisco Works Worked with the compliance group to keep up to date security procedures and standards documents and policy documents.
• Drafted enterprise security standards and guidelines for systems configuration.
• Developed scripts to maintain and backup key security systems.
• Assisted with testing of installed systems and applications to ensure protection strategies are properly implemented and working as intended Recommend preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
• Performed and create procedures for system security audits, penetration-tests, and vulnerability assessments, using IBM ISS Scanner, and Qualys.

Confidential

Network Engineer

Responsibilities:

• Worked as a Network Engineer for this IT consulting company, being involved in multiple projects for multiple clients.
• Developed and implemented security policies including: perimeter security, OS security, antivirus, backup and disaster recovery.
• Deployed and configured firewalls (Cisco PIX, Cisco IOS CBAC, Checkpoint, Watchguard).
• Set up site - to-site and also remote user VPN using IPSec (DES, 3DES, IKE, ESP, AH).
• Implemented authentication solutions (RADIUS, TACACS+, PKI).
• Perform vulnerability assessments using Cisco Secure Scanner and ISS Internet Scanner.
• Installed and configured networking hardware: switches (L3 switching, VLANs), routers (RIP, IGRP, EIGRP, OSPF, BGP, IP, IPX, SNA, DLSW, Frame Relay, PPP, ISDN).
• Compaq, HP and IBM server installation, configuration and management (RAID, clusters).
• Set up and supported network services: www, FTP, DNS, DHCP, WINS, RAS.
• Planned and rolled out Windows 2000 migration. Experienced with Windows 2000 Active Directory.
• Installed, configured and supported application servers: Exchange 5.5 and 2000, SQL Server 7 and 2000, IIS.

Confidential

LAN Administrator

Responsibilities:

• Worked for this medium size ISP company, being in charge with the LAN and WAN set up, configuration and maintenance.
• Maintained and troubleshot company network, implemented on Windows NT 4.0.
• Set up and configured IIS web servers, FTP, DNS, WINS, DHCP, and RAS services, database servers using SQL Server 7, messaging systems using Exchange 5.5.
• Deployed, configured and troubleshoot networking hardware including Cisco routers, switches, hubs.
• Worked with routing protocols RIP, IGRP, EIGRP, OSPF and BGP 4.
• Set up WAN connections using PPP, Frame Relay, xDSL, ISDN, VPN.