SUMMARY:

• I deploy my expertise as a Security and Network Architect to align the organization’s security program with its goals and objective.
• I work as an SME on various frameworks, projects, technologies and devices to achieve the organizational needs.
• I have a track record of delivering critical project in a timely manner and within budget, strategic planning, business development, design, evaluation, analysis, business continuity and disaster recovery.

PROFESSIONAL EXPERIENCE:

Senior Information Security Architect

Confidential, Parsippany, NJ

Responsibilities:

• Part of the team that designed the company's Information Security program framework and supporting content based on ISO 27000 and MSB.
• Implementing enterprise solutions that align with the business objectives, as well as ensuring confidentially, integrity and availability of data and infrastructure. Understand the business needs, technology solution research, product evaluation, product comparison; develop architectural strategy, design, proof of concept, user acceptance test, implementation, documentation and transition to operation team. Training staffs on newly deployed solution.
• Lead subject matter expert (SME) in design and deployment of Cloud Access Security Broker (CASB) solution for box, O365, service now, sales force; this project includes deployment and management of key management server, tokenization of sensitive data. Integration with onsite MDM, SIEM, KMS and DLP.
• Lead SME of RSA SecurID multifactor authentication, deployment of RSA MFA globally. Support for native and RADIUS agents e.g. Citirix netscaler, critical windows servers, VPN appliance and multifactor authentication for IdP - Okta. Risk based authentication (RBA) and on demand authentication (ODA).
• Lead architect on Symantec DLP across all business units. DLP deployment includes Endpoint, web-prevent and data at rest. DLP web-prevent using HTTP and HTTPS interception on web proxy.
• Network segmentation and perimeter security design- IDS, firewall, web content filtering and DMZ design. RADIUS Authentication, PKI- digital certificates, Microsoft ADFS, DNS and F5 GTM, fundamental knowledge of F5 LTM. Also, extensive knowledge of how SAML, OAuth works and GDPR. Basic knowledge of Unix.
• Network design using Cisco Switches 2900, 3550, 3750, 4 500 and 65 00 series- and Router 1600, 2500, 3600, 7 200 and 75 13. Highly proficient in technologies and protocol such as routing protocol- BGP, EIGRP, OSPF, ISIS, IP addressing, IPv6, summarization, ACL, route redistribution, route filtering, NAT and QoS; switching protocols such as VLAN, STP, ether-channel, stack-wise, VSS, FHRP, port security, 802.1x etc. Firewall/VPN- ASA 550x (FWSM) context based and checkpoint 4100, SSL VPN, IPSec VPN DMVPN and AAA.
• Server virtualization using VM ESXi, deployment of virtual appliances. Understanding of server deployment in AWS, IAM, security group and VPC. SaaS, IdaaS, IaaS and PaaS.
• Understanding of Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies to drive network agility and operational efficiencies.

Technology Assurance, Network Security Engineer

Confidential, Parsippany, NJ

Responsibilities:

• Risk analysis and assessment of existing security solution, identification of gap and vulnerabilities, recommendation of a new design and safeguard. Design, implementation and support of disaster recovery and business continuity.
• Bluecoat web content filtering deployed in transparent and explicit mode across different DC; implementing web authentication, web access and interception, SSL access and interception, integration with DLP and bluecoat reporter.
• PCI DSS categorization and network segmentation, authentication and restricted access with firewall, enforce encryption of data and deployment of Symantec SEP AV.
• Network performance monitoring and evaluation using PRTG, SNMP, IPSLA, Netflow and syslog for proactive identification of network issues rather than reactive. Tufin for compliance and network risk evaluation.
• Deployment of Damballa failsafe APT, an antimalware solution across all data center, out of band deployment using SPAN and gigamon TAP.

Network Engineer

Confidential, Windsor, CT

Responsibilities:

• Layer 2 and 3 device and technology implementation and troubleshooting; provisioning and upgrading Cisco Switches 2900, 3550, 3750, 4 500 and 65 00 series- and Router 1600, 2500, 3600, 7 200 and 75 00. Highly proficient in technologies and protocol such as routing protocol- BGP, EIGRP, OSPF, ISIS, IP addressing, IPv6, summarization, route redistribution, route filtering, ACL, NAT, ISP edge router, class map and QoS; switching protocols such as VLAN, STP, ether-channel, stack-wise, VSS, FHRP, port security, 802.1x etc.
• Deployment of Cisco wireless controller AP 1140 series, configuration of multiple SSID, authentication- WPA2
• Layer 2 Ethernet cabling, stacking and racking of network devices and servers.
• Server installation and virtualization using ESX to reduce hardware and maintenance costs. OS Hardening and sandboxing technology. Basic knowledge of UNIX OS.
• Monitoring network using Solarwind, IP SLA and syslog. Packet capturing using WireShark for network analysis.

Network and Server Administrator

Confidential

Responsibilities:

• Configuration and troubleshooting of Cisco routers, switches and ASA series
• TCP/IP, layer 2 and layer 3 protocol and technology configuration.
• Cisco wireless access point: configuration of SSID, wireless VLAN, authentication etc.
• Server 2003 AD, DNS, DHCP, IIS and exchange.
• Client attendant, help desk, hardware, peripheral devices and software support
• Generating critical decision making report, routine back up, restoration, configuration and installation, update and manipulation of (DBMS) SQL server, ERD den, DDL and procedural SQ
• Training staff in newly deployed software and devices