Summary

• Results driven, dynamic, and business-savvy certified security professional with deep hands-on IT expertise in system design and integration, IT security architectures, risk mitigation, and system/network administration. A respected senior security engineer, and yet a humble and highly motivated team-player who's an intelligent self-starter with the ability to produce bottom line results irrespective of impediments or challenges. Highly trustworthy, confident and gracefully poised in interactions with individuals and/or groups at any level. A swift learner and a dedicated perfectionist. Meticulously completes projects, and is able to multi-task effectively. An invaluable asset to any company or organization, and the definition of Excellence without excuse .
• 15 years of extensive experience in designing, engineering and managing systems, technical operations, and project management.
• Consistently increasing scope and responsibility in Financial Services, Government, and I/T Services/Consulting, with additional sector-specific experience in the scientific research and energy firms.
• Recipient of Lehman Brother's exceed expectations employee rating for outstanding performance.

KEY STRENGTHS:

TECHNICAL SKILLS STRONG KNOWLEDGE:

• Operating Systems: Red Hat Linux,Solaris, Cisco IOS, Windows Vista, XP, 2000, Me, NT, 98, 95, WFW 3.11, and MS DOS,
• Protocols/Services: TCP/IP, UDP, NetBIOS, ARP, FTP, HTTP, HTTPS, NNTP, ICMP, DHCP, Telnet, SNMP, SMTP, X.25, SNMP, RPC, NFS, IMAP, POP, CVP, UFP, IPSec, SSH, SSL, Kerberos, 802.1X, 802.11
• Programming: UNIX Shell script, SQL
• Software: MS-Office, Visio Professional, Microsoft Active Directory, VMware, Sharepoint , Microsoft SQL, Oracle, Wireshark
• Security Technologies/Tools: eTrust Access Control, Check Point FireWall VPN, Dragon IDS, Symantec SEP, AlgoSec, Websense Web Filter, BlueCoat, Vontu DLP, Sourcefire and TippingPoint IPS, RSA SecureID, QualysGuard, GFI LANguard, SAINT, SATAN, AppScan, Nessus, SuperScan, eEye Retina, Fortify, Archer, Arcsight, Cisco PIX, Cisco ASA, Tripwire, Snort, ISS Internet Scanner, EnCase, Linux Firewalls iptables, ipchains , Fortify, Metasploit Framework, Kismet, Tcpdump, Paros Proxy
• Standards and Regulations: ISO 27002, Sarbanes-Oxley SOX , PCI, FISMA, NIST 800 Series, OWASP
• Hardware: IBM compatible PC's and Laptops, IBM Netfinity Servers, Cisco Routers and Switches, Linksys Routers, SUN Workstations, Enterasys Dragon Sensors and Servers

EXPERIENCE:

Confidenital

Senior Security Engineer

• Hands-on role in applying security engineering principles related to building, maintaining, and monitoring secure infrastructure using various technologies including firewalls, networking products, VPN, intrusion detection prevention, access control products, anti-virus, and security operating system or application tools and protocols. Communicate with the Business sponsors, IT systems administrators, and application developers to identify security risks, ensure policies are consistently applied and provide general support on information security related issues.
• Recommended and assisted network services team to upgrade existing CISCO ASA 5510 from version 7.2 to 8.0 to leverage its Web based SSL VPN clientless feature to provide secure access for the vendors on the isolated network, which resulted in substantial savings to the firm by avoiding a potential buy-in.
• Identified the existence of data leakage through personal storage sites which resulted in thorough research and evaluation of content filtering solutions and recommended Websense Web filter to the senior management as a leading choice. Documented Websense network design options: Pass-by and Pass-through technologies and presented to the IT infrastructure team.
• Prepared Security Requirements documents and participated in Security Architecture reviews. Worked with Network services and deployment team to ensure compliance with stated security requirements.
• Documented technical security standards, guidelines, and procedures required to reinforce information security policies. Conducted necessary research to ensure these standards, guidelines and procedures adhere to current best practice guidelines and information security industry standards such as ISO17799.
• Conducted numerous 3rd party security reviews to determine the security posture of companies that host/store on behalf of Time Warner. The following aspects are reviewed : Security Policy, Organizational Security, Asset Management, Human Resource Security, Physical and Environmental, Communications and Ops Mgmt, Access Control, Info Sys AD M, Info Security Incident Mgmt, Business Continuity and Compliance.
• Performed over 100 vulnerability assessments/penetration testing on the systems, networks and applications using tools such as QualysGuard, nmap, IBM AppScan, Nessus. Efforts led to the development of an infrastructure that enhanced information security posture, and advanced the division's mission towards VISA/MasterCard PCI and SOX compliance.
• Advised on current and emerging application security threats such as SQL injection and Cross Site Scripting XSS to the developers provided recommendations to mitigate security vulnerabilities on their IT infrastructure Efforts led to the development of secure code review practice using Static application security testing SAST offerings from Fortify software.
• Succeeded in preventing a possible infection by Conficker worm which some researchers estimate that millions of computers have been infected with, since January 2009. Accomplished this by drafting a risk mitigation plan including confirming that Symantec End Point protection 11.0 has the latest release definitions for protection and drafted a plan to scan the systems using a newly created QualysGuard scan policy for detecting the presence of worm.
• Presented quarterly metrics to the senior management related to Check Point firewall and Dragon IDS security threat events gathered through Symantec portal, and also provided metrics for vulnerabilities based upon severities gathered through Qualys scan results.
• Documented incident response procedure for the operations team to support after hours and day-to-day activities.

Confidenital

Security Engineering, Americas

• Serve as a subject matter and hands-on expert on information security related services across all business units within Global Investment Banking, North America and Asia. Work closely with developers, IT staff, compliance and audit in ensuring that the infrastructure: system, network and applications are secure, and meet the needs of the business, security policies, standards, and regulations. Key Achievements:
• Part of security engineering team to design, implement and manage access control on 4,000 Unix and Linux servers across Americas, Europe and Asia
• Established an excellent rapport with the developers and the application owners to investigate, analyze and rectify permission issues. Efforts led to the development of an infrastructure that enhanced information security posture, and advanced the division's mission towards Sarbanes-Oxley SOX regulatory compliance
• Worked on weekends for critical security changes such as enforcing restriction on services such as SSH, FTP and RSH on the production environment and locked down login access on mission-critical and production environment such as NFS, DNS, and FTP servers based upon initial data log reviews, and analysis
• Provided high level of expertise for all aspects of systems security, including standards and hardening of Checkpoint firewalls and reviewed firewall port and change requests from the business owners.
• Performed security system configuration and policy database changes, provided training to IT security operations team, know-how, and documented a technical run-book thereby eliminating the need for recruiting additional consultants which resulted in annual savings of more than 250,000 to the firm.
• Deployed and configured Unix Sudo configuration across the global enterprise comprising of 18,000 Unix servers in 3 geographic regions, which improved system turn-around time by more than 50 for developers, database system administrators
• Wrote Shell Scripts for routine works such as policy creation updates, user account management, log analysis and technical troubleshooting thereby accomplishing the work previously required of two full-time employees.
• Reduced maintenance costs on security technology 50 annually by successfully limiting the scope of access control implementation to business critical servers, centralizing all applications and reducing client problems.
• Integrated UNIX log daemon with ArcSight to monitor critical binaries and executables belonging to 100 applications spread across 3 geographic regions, which facilitated log management.

Confidenital

Senior Security Consultant

• Performed vulnerability and application-level security testing on applications, infrastructure which included scoping and coordinating assessments, in addition to performing both high-level assessment analyses, translating technical vulnerabilities into business risks, and low-level assessment activities such as, worked with vulnerability assessment tools and conducted ethical hacking.
• Conducted vulnerability testing and application security reviews with minimal impact to business operations for Union Bank of California UBOC as an On-site security consultant for their networks and systems using technical examination techniques, including network foot printing, OS fingerprinting, password sniffing, log review, and vulnerability scanning. Tools used include Nessus, AppScan, eEye Retina, nmap and other open source tools. Analyzed test results and provided mitigation recommendations for known security threats to enhance security posture
• Personally selected by the director from among 20 strong security staff to participate in the division's first infrastructure security assessment onsite assignment
• Developed and documented vulnerability testing guidance and procedures as per the ISECOM and NIST methodologies for the client engagements

Confidenital

Government Agency On-site Senior Security Consultant

• Designed and implemented network security solutions as per the customer's requirements and made appropriate recommendations to them as needed. Helped customers to effectively govern, manage and secure their infrastructure in the most efficient manner. Developed and delivered high quality presentations, product demonstrations, and proof of concept exercises.
• Challenge: To protect Government Agencies' IT environment including more than 300 PCs and 15 servers from potential threats originating from the public internet. Prohibiting access to inappropriate materials and preventing employees' unintentional opening of security holes in the network, bringing viruses and malicious codes into the IT environment
• Action: Designed, installed and configured eTrust Firewall to meet the Agencies' requirements in the shortest possible timeframe. Precisely defined which applications should be allowed to pass the firewall and established policies for traffic across the network. Implemented eTrust Intrusion Detection System IDS and configured the system to send an email alert to the appropriate people when someone had accessed an inappropriate website and blocked access to inappropriate sites, and monitor and record users' attempts to access the sites
• Result: We are very pleased with the results that CA and Vasan were able to achieve using eTrust Firewall and IDS, and we look forward to working closely with them to address our other information security challenges. Senior Manager IT, Government Agency.

Confidenital

Information Assurance Engineer

• Performed OS hardening, vulnerability assessment and penetration testing analyzed the security posture of customer's IT infrastructure and assisted in remediation of vulnerabilities found within the infrastructure to meet security compliance
• Research analyzed into new information security technologies, such as vulnerability scanning and benchmark configuration tools, with a focus on the introduction of relevant technology to meet client's requirements.

TOPICS OF INTEREST:

Microsoft Windows, UNIX, Redhat Linux, Solaris, AIX, IIS, SQL Server, SharePoint, Exchange, Oracle, SAP, PeopleSoft, Active Directory, RACF, Mac OX, GOTS, COTS, OS400, Apache, OpenStack Compute, Storage, Swift, Cinder, Amazon AWS/EC2, Azure, REST APIs, Hypervisors, KVM, VMware, vCloud, Xen, HyperV, vSphere, CloudFoundry, Cloudify, OpenShift, Hadoop, Puppet, Chef, Salesforce, SAS,Cloud Security Alliance CSA , NIST, HIPAA, FISMA, SAS-70, FEDRAMP, PCI-DSS, EU Data Protection Directive, Safe harbor, APEC, FFIEC, SSAE16, ISO27001, SOX, NERC CIP, SCADA, NEI 08-09, CDA, FIPS, FDA, DHS,USGCB, SABSA, Balanced Score Card, COBIT, DIACAP, HITECH, GLBA, DISA, OSTMM, ISO 31000, SAML, XACML, Kerberos, RBAC, OpenID, OAuth, ACLs, LDAP/SSO integration, identity federation, Central Authentication Service CAS , JAAS, Java crypto API, Public/Hybrid/Private Cloud, SaaS, PaaS, IaaS, C/C , Java, .NET, Python, Perl, Shell,HP WebInspect, Fortify , IBM AppScan, WireShark, SecurID, RSA Archer, Imperva, CA Control Minder, Nessus, Rapid7, Nexpose, Encase, EnCe, Core Impact, Metasploit, Symantec, Vontu, Websense, FireEye, Aircrack, Nikto, Qualys, BurpSuite, Checkmarx, Nmap, Paros, ZAP,ACLs, Stateful firewalls, VPNs tunneling, IPsec, PPTP, IPv4, IPv6, Router, Switch, Blue Coat Proxy, Juniper Netscreen, CheckPoint, Algosec, Redseal, Skybox, Checkpoint NG, Cisco PIX, Cisco ASA,WAN, MAN, LAN,CISSP, CISM, CISA, SANS, Security , CCSK, CEH, SANS, GSEC, GCIH, CCNA, CCNP, VCP, MCSE, CCIE, CIPP, ISC2, ISACA, GAIC, CRISC, CGEIT, CCSA, CCSE, GWAPT, GPEN, PMP, ITIL, CISSP-ISSAP, CISSP-ISSEP, MCSE, RHSE, CSSLP, CRISC, CBCP,FTP, SMTP, DNS, DHCP, NIS, LDAP, TCP/IP, SSL/TLS, ADFS, RADIUS, SSO, SSH,GRC, SIEM, IPS/IDS, PKI, SSL, Digital Certificates, DLP, SDLC, eGRC, CSAT, C A, SOPs, CIRT, DDoS, WAF, VPN, IAM, DMZ,NetApp, ArcSight, Splunk, Top Secret, TS/SCI, DoD, Poly