SUMMARY:

• Expertise in Security, Application delivery solution and design, with a customer/industry focus.
• Provide leadership and technical guidance for global engineering and solutions teams.
• Ethical practice and confidentiality in handling employers and client’s transactions.
• Solid understanding of various Security software applications and identifying threats.
• In - depth knowledge of design, implementation and management of Public Cloud (AWS), DNS, Web application Firewalls, Reverse proxy, Policy Managers, VPNs, IDS/IPS, NAC, DLP, Secure Web Gateways(web proxies), Next Gen Firewalls, Active Directory-GPO’s and SIEMS.
• Experience with Cloud security Engineering (IaaS/PaaS/ Saas), Containers (Dockers) and API
• Experience with writing Custom Signature developing security polices for WAF and Security Testing (DAST) OWASP TOP 10 vulnerabilities and SANS 25.
• Adept at preparing detailed training procedures, Architectural Design Documents and Operations Guides.
• Adoption of Security best Practices, Corporate compliance compiling with SOX and PCI
• Working Knowledge with OAuth2.0 and SAML(IAM)
• Scripting using Bash, JavaScript, Python and developing CLI tools using python.
• Working Knowledge with Web API Gateway, Secret Vaults, SAST (Static Code) and PKI.
• Experience with DevOps tools Terraform, Ansible, Jenkins, SCM (GIT) and Docker Container
• Experience with Security Vulnerability assessment tools, SIEMs for Log Correlation and threat Monitoring.
• Experience in Evaluating and test security architectures, including third party products, services, and locally developed toolsets.
• Ability to communicate effectively, both in oral and written medium.
• Able to work diligently on my own or as a supportive member of a team.

PROFESSIONAL EXPERIENCE:

Confidential, Lansing, MI

Consultant

• Design and Provide AWS Cloud Security Solutions.
• Designed and Deployed Web application firewalls to protect Legacy, Payment and Research Applications.
• Baseline WAF Template Rules and tune the rule sets.
• Conducted Web Application Security scans, analyzing results for false positives, prioritized vulnerabilities, research and propose remediation steps.
• Integrating all logging facilities to HUMIO SIEMS Solution and Create Dashboards for Threat and App Monitors.
• Migrated VPN from Pulse secure to F5 BIGIP APM.
• Security testing native AWS services (S3, API, ECS, RDS, EC2, ECR, IAM, CloudFront) to identify any misconfiguration, weakness in Security policies.
• Wrote Ansible scripts for load balancer Builds and onboarding.
• Forked and Contributed to Internal Config Generator and Certificate Procurement tool. (Nodejs, JavaScript, Jquery, Gitlab).

Confidential, Wakefield, MA

Security Engineer

• Architect, Design, Provide Cost Effective Application delivery and Security solutions for services both on perm and Public Cloud.
• Subject matter Expert on Web Application Firewall’s (F5 ASM, Cloud AWS WAF), Web secure Gateway (Forcepoint), NAC (Fore scout), Next Gen Firewalls (Palo Alto-IDS/IPS), Dynamic DNS (F5 GTM), Load Balancers ( F5, A10,Nginx) and Public Cloud AWS .
• Acted as a liaison between various departmental groups on information security related topics Collaborated in teams of technical and nontechnical experts.
• Participated in designing and managing IT Security strategy including both infrastructure and applications.
• Actively Assessed existing and new cloud implementations, identifying security issues and prioritizing fixes.
• Implemented and maintained AWS Cloud Security utilizing Native Tools Cloud Watch, Cloud Trial, Config, Advisor, Inspector, SNS and Lambda for Services VPC,R53,IAM, EC2, S3, RDS, API Gateway, EBS,CloudFront.
• Identified and remediated security vulnerabilities.
• Talk to auditors and provide information for PCI, SOX and making deviations if required for business-critical applications.
• Author and Identified highly permissive IAM Role Base policies to enforce privilege access and Federated AWS authentication with ADFS and DUO Multifactor authentication.
• Involved in various architectural and design solutions for applications such as Active Directory, MFT/EFT, oracle EBS, Kana messaging, Xml gateways, ADFS, oracle DB, collaboration tools - Jira, Confluence and Employee time management portal etc.
• Provided technical leadership, solution design, and hands-on support for consistent security controls for cloud infrastructure and Microservices.
• Provided guidance throughout the software development lifecycle (SDLC) through active engagement and assist QA team with test plan development.
• Wrote Python CLI tools for AWS Security reporting and AWS lambda scripts for monitoring and alerts.
• Conducted web scans and Infrastructure scan and remediate for any known vulnerabilities and mis configurations utilizing security tools Nessus Scanner, Evident.io (AWS) and Qualys Scan.
• Worked with Devops Integrating Security tooling in CI/CD Pipeline SonarQube and Snyk for Static Code analysis and identify Vulnerabilities in Library Dependencies.
• Lead a team of 6 and SME overseeing Design, architect and peer review changes for ADC, Next Gen firewalls, Cloud Infrastructure and serve as escalation point for critical incidents and Participated in tier 2/3 for Global Network and Security Operations.
• Worked with Ansible Playbooks, Terraform for Cloud deployment.
• Documented design and operations guide for smooth operations.

Confidential, Charlotte, NC

Systems Engineer

• Engineered F5 LTM /GTM and Infoblox DNS solutions in accordance to client’s specifications, meeting project goals and deadlines.
• Served as F5 SME and Maintained enterprise F5 LTM/ASM/GTM and Infoblox DNS infrastructure.
• Escalation point for all major incidents and provided Tier 3 support for the Confidential Service and various global subsidiaries.
• Document existing and new deployments, risks and engineering solutions.
• Conducted web application security scans, analyzed results for false positives, prioritized vulnerabilities, and research and propose remediation steps.
• Performed product evaluations, recommended and implemented products/services for network security. Validated and tested security and design solutions to produce detailed engineering specifications with recommended vendor technologies.
• Participated in security compliance efforts (PCIDSS) .
• Developed custom WAF Policy rules implemented on ASM in learning mode to identify False Positive rules and Fine-tuned before enforcing into block mode.
• Implemented VPN and Portal access using APM for 3rd Party and offshore QA users for testing internal apps.
• Wrote Custom signatures on ASM-WAF and policies for APM.
• Created Dashboard using Splunk Plugins for Highly Visible Apps for threats and Performance stats.
• Member of internal peer review board at Confidential Service for F5 (LTM, GTM, ASM) and Infoblox-DNS configurations.
• Integrated CDN (Akamai) solutions With F5 for Advance security and High availability with low latency.
• Redesigned Complex Irules for auto and Finance LOBs for better performance and smoother operations.

Confidential, Bay Area, CA

Technology Specialist

• Served as Load Balancer SME, Designed and engineered Load balancing solutions for multitiered applications deployed across multiple data centers and DMZ security constructs including Microsoft Exchange Server 2010 (incl CAS), SharePoint portal, IBM Web sphere, BEA Web logic, and Web Services framework for Global banking and markets business.
• Created and maintained high quality installation guides, standards documents, diagrams, run books and other engineering documentation.
• Provided Tier 3 Support being the primary responsibility, participated directly as well as taken escalations from the team members as and when required.
• Day to day responsibilities included providing IT network application delivery engineering associated with load balancing with F5 devices for new innovations or project designs and standards development.
• Adhering to defined network engineering processes, influenced platform strategic direction in coordination with business users needs and direction, within enterprise load balancing design for integrating Lines of Business for Application Delivery.
• Wrote Multiple iRules like SSL Mutual Auth, allow host from CDNS(Akamai), Auto Splash page during Maintenance utilizing I-Files and other HTTP based iRules includes JSession, cookie Insert, redirects and rewrites.
• Provided IPAM solutions and DNS using Alcatel-Lucent QIP.
• Integrated AppviewX for GTM and LTM operations and reporting, Worked on Venafi Cert manager automating SSL cert deployment on LTMs.

TECHNICAL SKILLS

Networking Protocols: TCP/UDP/IP/IPSEC, OSPF and Switching Technologies.

Operating Systems: Windows, Linux, Unix, Free BSD.

Services: SMTP, SNMP,DHCP, DNS, Active Directory, PKI, SSO,SAML and Web Technologies.

Scripting: Python, TCL, Java Script, bash.

Web Technologies: HTML, Java Script, PHP,Node.js.

Web Frameworks: JQuery,ReactJs,Express

Databases: MySQL.MongoDB

Tools: Burp suite, Metasploit, Kali tools.

Others: XML, YAML, Ansible, Jenkins, GIT, SIEMSContainers (Dockers), Public Cloud(AWS)