SUMMARY:

• Significant professional experience in building highly scalable, secure, distributed Cloud/On - Prem/ Hybrid systems on JVM/Java platforms.
• Built SIEM product o Secure design principles
• Database security REST/SAML/OAuth based integration
• Security monitoring and management systems
• Secure virtual desktop infrastructure management
• Network layer and Webapp layer security o FIPS, PCI, HIPAA compliance
• Well versed with Algorithms/Data structures, different Concurrency models, Java Memory Model, Ar­chitectures for various problem domains referenced below.
• Getting Things Done with no excuse attributable to these equally weighted solid skill set: Leadership, Architecture/Design/Code, Building teams, Executive functions, Customer acquisition, Solid focus with big picture in mind, Simplify the complexity, Teamwork, Project management, Analytical and Com­munication skills, Understand behavioral psychology.
• Product management, Program management and Security vulnerability management functions in addi­tion to Engineering responsibility at different startups detailed below.
• Intermediate level expertise with on-going learning to master these: Spark, Flink, Erlang/OTP plat­form, Machine Learning, Android development, Blockchain, IoT Security model.

TECHNICAL SKILLS

Languages: Java, Scala, C++/C, Linux Shell scripting, Python, PERL, Expect, Assembly languages of var­ious processors.

Operating Systems: Linux, Solaris, Windows NT, VRTX, VxWorks, Cisco IOS

Database: Riak, Cassandra, MongoDb, Oracle, MySql, Informix, Sybase

Protocols, Standards, and Frameworks: Play, Akka, Kafka, AWS/S3/EMR, Apache Modules, Tomcat, Spring, Hibernate, Secure design principles (Cryptography, HMAC, Certificates, Signatures, and more), jMs, RESTful/SOAP web services, Drools, SVG, CoRbA, SNMP, Syslog, SAML, OAuth, JBoss, Telecom standards {GSM, SS7, ISUP, T.4, T.30, Voice/Data/Fax AT commands, G.726, G.165, Supplementary ser­vices}

Tools/Libraries: ElasticSearch, Solr, Docker, Kubernetes, Nginx, Apache Httpd, Intellij/Eclipse, Splunk, AppDynamics, Curl, GWT, Guava, libSVM, netty, haproxy, Junit, TestNg, ant, maven, easymock, mockito, tcpdump, HP Openview, ACE, Roguewave library, STL, purify, Cisco device CLIs, SQLDeveloper, Git, Jira, InstallShield.

Software Process: Scrum, SEI Capability Maturity Model, ISO 9001, ISO 14001, TL9000

BRIEF EXPERIENCE OVERVIEW:

Confidential, Cupertino, CA

Cisco Wan Manager

Platform: Java /Oracle/MongoDB/Linux

Responsibilities:

• Build collaboration platform for millions of Confidential product owners around the globe, Confidential Distinguished Educator platform for collaboration within education community, LDA based Topic Modeling (Machine learning) on a half-terabyte size dataset, Implement Disaster Recovery: server clusters including VMs and BMs, data replication and file sync, storage and networking, load-balancing, secure perimeter, InfoSec compliance.

Confidential, San Mateo, CA

Platform: Java/Scala, AWS, Hadoop

Responsibilities:

• SSO and REST integration with business partners, Security, Log management and integration with Splunk, Scaling across data centers, CRM/SFDC/Billing/Invoice/Reporting integration, Cross-functional leadership across product architecture, security, devOps, networking, product management, legal and business devel­opment/strategic planning teams.

Confidential, San Jose, CA

Security Manager

Platform: Java 6, JEE, Linux, Spring, Tomcat, Jboss, XML, Oracle, MySQL, Sybase, C/C++.

Responsibilities:

• Workflow enabled device management and device grouping features for this web based unified network security management solution.
• Both a lead (lead 6 engineers including Tech leads) and individual contributor for this effort.
• CS-MARS (Cisco Security Monitoring, Analysis and Response System)
• Helped define requirements, lead, scoped, designed, and implemented- RFC 3164 compliant syslog relay, standalone module to pull Windows event logs and IPS/IDS events, SVG based topology graph generation, XML based Device Support Framework(DSF) - for this web based SIEM product deployed on a Linux appliance. DSF fea­ture was instrumental in transitioning CS-MARS product into the Leaders quadrant of Gartner MQ, 2008.
• When the DSF concept was just conceived, it was a real challenge to simplify the whole complex big picture and be able to see the end-to-end functionality from day 1. This ability leads me to start extensive research on the best XML technology to use. Found that XmlBeans is the only technology that offered complete support of W3C XSD constraint validation, Marshalling/Unmarshalling, and Schema compilation. This turned out to be a very smart choice at the end.
• Advanced XML schema design with Key/KeyRef constraints to accommodate some complex data models: inspection rules, reports, and parsers.
• AES-256 encryption with CBC cipher mode, IV, and Salt.
• SHA-256 for password hashing and integrity check
• Use Java byte array instead of String to store password in-memory
• Immune to SQL injection and Cross Site Scripting
• Intellectual property protection using password based encryption which uses composite key symmetric cryptography
• Thread safe servlet design (e.g. Synchronizing the Session object)
• Extremely high-quality software in the very first release without breaking any legacy code
• All the known corner cases handled in the very first release
• In summary, this feature accomplishment signifies my ability to foresee the technology complexity and satisfy nearly all the product design requirements efficiently in the very first attempt which is a rare phenomenon.
• Samba based Windows event log pull module.
• Worked on core business logic, DB schema, and hibernate infrastructure. Used Castor based XML message processing for network alerts and reports.
• Found a unique way to use Hibernate in a productive way back in 2005 when this ORM technology was relatively unknown and there was no expertise in the team. Being new to this technology, I started bottom-up where I first designed and instantiated the DB schema. Researched and found Middlegen plug-in for eclipse IDE which I configured to connect to my DB.
• This plug-in reads the SQL tables and generates all the required files needed for Hibernate: POJOs, Mapping file, Properties file.
• This whole effort took only 4 days while still being new to Hibernate. The inspiration behind this effort was that there was already a 3-month effort from a different team which was trying to accomplish the same feat manually but unsuccessful.
• This shows my ability to attack the problem in a unique way and solve it using existing tools and technologies without reinventing the wheel in a speedy manner.
• Developed DNS mapped smart login, advanced Linux customiza­tion, and session based device authentication features.
• Needed to accomplish these complex tasks to achieve the goal: develop PAM module to intercept SSH/telnet login, configure multihoming on Linux, forward the intercepted IP address and credentials to Java process for on-demand device authentication.
• Modeled various IOS subsystems (VRF, BGP, ACL, OSPF, etc.) to provide IOS-native programmatic XML interface to NMS/EMS clients. As part of External PI project, involved in the architecture, design, and development of external programmatic XML interface (run­ning on Solaris/Linux) to Cisco devices.
• Implemented topology discovery and provisioning for this NMS which man­ages Cisco IOS based H.323 voip network and PGW/BTS (call agents) based MGCP network. Tibco protocol is used in H.323 topology discovery. Provisioning is performed on PGW-IOS and BTS- MGX8xxx networks.
• Responsible for the development of auto discovery, performance man­agement, multiple device MIB version support, fault management, performance benchmarking, and Solaris packaging for this EMS which is used to manage MGX8260, a high-end media gateway switch.
• This is an SNMP V1 based NMS for managing Cisco WAN switches/routers (BPX/IGX/MGX88xx series). Specific areas of work include- network topology, DB schema design, interface with HP Openview, and fault management.