SUMMARY:

• Over 10+ years of experience in Information Security, Network and Security design, Development and Implementation of various Information and Infrastructure procedures
• Excel at designing enterprise - wide networking and security solutions that substantially enhance performance with minimal investment
• Highly skilled in implementation, configuration and support of security solutions like Firewall, Intrusion detection/prevention and Security Information Management solutions
• Extensively worked on Cisco Router and Switches, switch in LAN and WAN environment
• Extensively worked in Infrastructure Management Services in 24/7 production environment and Data center Engineering and Operations
• Extensively worked on different firewalls (Checkpoint NGX, ISA and Cisco ASA/PIX), IDS technologies (Cisco IDS, Real Secure IDS, and Snort), Cisco Security Agent, Cisco UNITY, Bluecoat proxy, RSA Secure ID, enVision, Juniper, FWSM, Netoptics, F5 GTM

TECHNICAL SKILLS:

Security technologies\ Firewalls: Intrusion Detection Systems, Firewalls, VPN's,Checkpoint FW-1/VPN-1 NGX, ISA, IOS, security policies, compliance, controls, PCI-DSS\ Alteon, PIX/ASA, Nokia, Cisco FWSM\ Vulnerability Management, application security, PKI

WAN Technologies\ Monitoring Tool: CDP, Frame-relay, PPP, Access Control Lis, Net Forensics, Solar Winds\net scout, Netoptics, CiscoWorks, (ACL), Network Address Translation (NAT)\ Port Address Translation (PAT), Redistribution\OSPF Virtual links and GRE Tunnel, Cisco ACE Cisco Voip

LAN Technologies\ Log Analyzer: Windows NT/2000/2003 Server, Norton, WebTrends Firewall Suite,Logrithem, Antivirus, Semantic, ISA firewall, Terminal, Server, SQL 2000/2005, Active Directory, DNS, DHCP Remote Desktop

Vulnerability Assessment\ Intrusion Detection System: TCPDump, Ethereal & Nessus, metaspolit, Cisco and ISS Real Secure, Snort, Cisco IPS, Imperva, Patch management

Endpoint Security\ Security Tools: ISS RealSecure Desktop Protector, Qualys Guard Ncircle, RSA Foundstone, Appscan

Internet Access Management\ Operating Systems: Trend Micro, IWSS & Websense URL Filtering, Windows 2000/XP, MS-DOS, Win-2003,Websense, Bluecoat Proxy, F5\ Windows NT, Linux, Ubuntu

Local Area Network\ Firewall Auditing: ROUTING & Switching Remote access, TCP/IP, Nipper, Firemon, Basic knowledge of mailing system, Active, Directory

Encryption Technologies\ Web application security: Ipsec, IKE, DES, 3DES, AES, SSL, SSH\ WebInspect, Wikto, Winspy, Acunetix, N-Stealth, Gateways

Security frameworks\ Load balancers:: ISO27001:2005 (ISMS), familiarity with PCI-DSS\ Citrix, F5 (LTM/GTM/ASM, Viprion), Cisco-ACE

Training Programs: MSS (Managed Security Services), Project Consulting & Delivery, Checkpoint Installation and Administration,ISMS Lead Auditor, PCI-DSS ( ASV training)

PROFESSIONAL EXPERIENCE:

Confidential, Plano, TX

Security Engineer

• Work with infrastructure network/security technologies including f5/bigip, dns, firewalls, proxy.

• Vulnerability Management, FIPS compliance implementation.
• Checkpoint firewall support for Datacenter migration, auditing using Tufin
• Analysis, design, migration support, submitting designs/requirements
• Provide solutions and support to disaster recovery plans of various sites
• Creating technical design documents for different vendor support environments.
• Implementation of LTM, GTM, ASM and APM/ f5 devices.
• Decommission/clean-up of legacy configurations on various datacenters.
• Participating in change advisory board meetings, submitting change request for technical deployments.
• On-call duties for business support during the migration/cut-over of infrastructure and applications
• Support of Incidents/outages and validate root cause to minimize business disruptions

Confidential, Plano, TX

Security Engineer

Responsibilities:

• Datacenter, LAN, WAN network support/upgrade and implementations of next generation network equipment

• Migrated legacy 3DNS environment to new 8900 BIG IP LTM’s ( v4.X/v9.X/V11.x )
• Deployment and upgrades of F5 GTM/LTM/ASM devices on remote datacenters
• Configuration, monitoring and troubleshooting of ASM module
• Monitoring of application firewalls ( WAF, Citrix)
• ISO, FIPS compliance standards
• Custom iRule configurations ( context, content and redirection of URI’s), Topology design
• Migrating L2 network to L3 network infrastructure using CISCO 6500
• PIX and ASA, migration of ACL’s and troubleshooting of VPN clients
• Network monitoring and SEPM deployments project
• Datacenter operations, perimeter support-
• DNS record configurations and support
• Packet analysis using Netoptics, wirehark and netscout’s
• Routing and Switching configurations, Route map, WAN, MPLS support, RAS,AD
• Installation, policy deployment& Troubleshooting of remote applications/Devices/modules
• Responsible for working with infrastructure network/security technologies including, firewalls, proxy (http/https)

Confidential, Eagan, MN

Network Engineer

Responsibilities:

• F5 GTM/LTM migration, deployed ASM and policies

• Custom iRule design and deployments, ASM policy configurations
• Configuration of Topology and DNS definitions as per client requirements
• Configuration of iRules to redirect the content information access for accounting
• Deployment and up gradation of existing code to new code on F5 devices
• Datacenter, LAN, WAN network upgrade and implementations of next generation network equipment
• Deployment of RSA Secure ID, upgrade and Replica configuration
• Implemented Network monitoring over different Datacenters using Directors, Sniffers
• Datacenter operations, perimeter support- RAS, FWSM, VPN-3000, SSL, RSA, IDS, IPS environment
• CiscoWorks upgradation and configuration of modules
• NetScout's Infinistream Sniffers upgrade, monitoring of DATA/VOICE networks, traffic analysis
• Packet analysis using Netoptics, wirehark and netscout’s for QOS and SIME implementions
• Monitoring and configuration of rules on proxy to allow internet and content management
• Identify problems and learn specific input and output requirements on ASM, such as rich content of data input, how content is to be summarized and formatted for reports.
• Responsible for working with infrastructure security technologies including, remote access (VPN), firewalls, proxy (http/https) servers, IPS/IDS's, HIPPA, PCI security auditing and compliance reporting.

Environment: BIGIP-GTM/LTM/ASM, Cisco IPS/IDS/VPN, CiscoWorks, Netoptics, FWSM, Juniper, RSA Secure ID, ATS, RPC’s.

Confidential

Security Consultant

Responsibilities:

• Managed audit projects of financial applications for the following audits; ISO27001:2005 and PCI. During the audits, I managed the interfaced between the audit team and the IT application team in gathering audit evidence.

• Implementation of PCI standards to provide secure transactions from the network
• Administer and configure networks (i.e., Active Directory, Exchange, IIS, Citrix, security policies, PKI s, including emerging operating systems for based authentication (network clients and web), digital signature, email encryption and decryption.
• Conduct functional, regression, feasibility and testing vulnerability, risk assessment, gap analysis, in relation to the evaluation PKI, documents including evaluation procedures, and user instructions.
• Designed and implemented Role-base access control lists and access rights on need-to-know basis
• Administration and Configuration changes as per ITIL process
• Firewall rule auditing (NIPPER, FIREMON) to meet with Security standards
• Vulnerability scanning and mitigation by Appscan and winspy, Imperva
• Monitoring/analysis of network traffic using Logarithms and Infinistream sniffers.

Confidential, SA

Security Consultant

Responsibilities:

• Managed the deployment of security and compliance solutions to current and new centers requiring either Payment Card Industry Data Security Standard (PCI) and/or ISMS. Worked directly with new business teams to develop security solutions offering in the following; Identity Management, Intrusion Detection, Antivirus & Spyware protection, Vulnerability Management, Strong Authentication (RSA), Encryption Solution, Access Event Management, Penetration Testing, Risk Assessment, Risk Mitigation, Ongoing Risk Management.

• Control policies created by global team using COBIT, COSO and ISO standards.
• Developed and delivered SOP for systems administrators for enterprise level PKI, included digital s, based authentication, validation services and product configuration, installation and administration
• Institutionalized the defined processes and procedures to ensure compliance with control policies
• Performing a gap analyst between the current operation and the PCI requirements
• Developed SOP and Policies to as per client requirements in different business environments
• Instrumental in the development of a sound information security program that identifies, measures, monitors, and manages potential risk exposure of customer personal information.
• Consult external service providers on security issues. Recommend implementation of appropriate security and access controls. Conduct on- site Information security audits of all third party suppliers for all lines of business across the bank to ensure the security of information systems and protection of customer personal information.
• Implementing site to site VPN with Checkpoint and Cisco Pix firewalls
• Configuring an IPSEC Tunnel between Cisco Pix and Check Point firewalls
• Performed IIS, BIG-IP administration, scale, and load testing
• Installed and configured BIG-IP WebAccelerator and Enterprise Manager products over multiple environments
• Implementing Content security Virus scanning for http, ftp and SMTP by configuring Web sense and Trend Micro
• Implementation &Maintenance of Cisco 3600,2600,1841,1700 series routers
• Implementation & Administration of Symantec SGS and NIDS &HIDS, Qualys Guard
• Incident analysis and monitoring of network packets using snort IDS and sniffers
• Implementation of Internet Policies Using Microsoft ISA & Trend Micro Interscan Security Suite. such as blocking & allowing protocols as per request, patch updates, generating monthly report
• Configuration & Maintenance of Cisco Routers and Switches
• Configuration, Backup etc
• Establishing &Managing 2 mbps leased line between Datacenter and Distribution Points
• IP Access list configuration in WAN Router to restrict unauthorized access
• Guardian of all production systems, ensuring all change is managed pro-actively through
• Defined Change Management Processes
• Day to day running of IT Systems (Applications, Infrastructure, Networks, Telephony)
• Systems Monitoring (Software, Hardware, Telephony) - including the provision of tools to facilitate
• Asset Management (Software Licensing, Hardware, Telephony) - including provision of tools to facilitate
• Documentation, Communication and Enforcement of relevant Support Processes
• Project & Vendor Management
• Ensuring Network SLA complain

Environment: Cisco IPS 5.1, Cisco IDS 4.0, ISS sensor, Net Forensics, Snort IDS, NMAP, IMSS, IWSS, SMS

Confidential

L2 Support Engineer

Responsibilities:

• Developed and implemented the Security Program, including recommending and implementing security policies and procedures. Established and managed the security awareness program and training for staff

• Supervise project teams during all phases of application upgrades and coordinate activities with Network Cabling technicians to ensure connectivity
• Manage the high traffic website with the application load balancer using F5 Big-IP and Alteon
• Installation and Commissioning of Cisco Catalyst Switches 2900, 2950 AND 3500
• Installing, configuring and troubleshooting firewalls like Checkpoint, Cisco Pix
• Configuring VPN’s in site to site and client to site environments
• DMZ and related implementations with Check Point Firewall, Bluecoat proxy
• Computer virus detection and eradication procedures
• Technical Support for Cisco and other Network products include design, implementation and Project management for their Local Area Network / Wide Area Network
• Configuration and troubleshooting of LAN's and WAN's under various protocols including TCP/IP, DNS, DHCP, PPP, NETBEIU, RIP, IGRP, EIGRP, OSPF
• Designed a Hacker’s free network by implementing Checkpoint firewall NG
• Communicate all known security weaknesses to the Management Group, together with recommendations for corrective action

Environment: Check Point NG, NMAP, GFI LAN guard,, Websense 4.0, Cisco Switches 2900, 6500 series, Windows 2003 Server, Windows 2000 Server & Professional, IIS 5.0, SQL Server 2000, IMSS Trend Micro, F5 Load balancer

Confidential

Network Specialist

Responsibilities:

• Provide quality support and maintenance services to ensure maximum uptime of the network consisting of Cisco Routers

• Designing and Deployment of Network Security with Checkpoint, Cisco Pix and Watch Dog in major corporate networks
• Implementation, designing Network Security technologies (AAA, IDS, PKI, IKE, VPN’S)
• Implementation and maintenance of TCP/IP, Switching, Routing, DNS, SNMP, SYS LOG, NTP, RADIUS
• V-LAN Design and Implementation
• LINK Management
• Implementation & Maintenance of Internet policies using Microsoft ISA and Trend Micro
• Configured Active directories, DNS, DHCP in a multi-domain server environment
• Developing and deploying processes, procedures and SLAs to attain the defined quality standards
• Measuring and controlling the impact of IT on business processes and organization structure and optimizing Network / link uptime and traffic
• Identifying and developing vendors to procure equipment ensuring cost efficiency and long-term post sales support
• Provides designs, procedures, analysis, documentation and technical advice with respective implementation, testing, maintenance and support of the Network Management System
• Designing, implementation and maintenance of LAN and WAN
• IP Access list configured in WAN router to restrict unauthorized access
• Configuration of Cisco 3600, 2600,2500,1700,1600 series routers which were used for WAN design
• Configured LAN with Multiple segments, Configured Routers and supported the network
• Implemented Network Address Translation (NAT / PAT) for Private IP networks
• Implementation and configuration of point-to-point protocols (PPP)
• Protecting network against Anti spoofing and Syn Flooding attacks
• Direct all facets of local area Network/Server administration, Software installation, TCP/IP configuration
• Maintain up-to-date documentation of Network design, operation and procedure manuals.

Environment: Cisco routers 2600, 1700 series, Cisco Switches 2900, 6500 series, Windows 2003 Server, Windows 2000 Server & Professional, Windows XP, IIS 5.0, SQL Server 2000, User Application support, VPN support, Remote desktop support, Network printer, FTP, MS Office, Lotus Notes