Cyber Security Engineer
T-Mobile
Total years of experience :14 years, 10 Months
Agile/DevOps Security
Provide active guidance on implementing security user stories as per organizational policies, risk/threat profile, privacy & regulatory requirements. Review API security requirements and deploy controls for ensuring secure authentication, communication and logging. Perform risk based functional security testing for agile based security projects
•Threat Modeling
Analyze application security, enumerate, quantify and address security risks. Define countermeasures and recommend risk mitigating controls. Ensure security of telecommunication related customer information and review compliance to CPNI requirements.
•PCI DSS Compliance
Analyze impact to PCI DSS requirements on enterprise systems and recommend security controls to ensure ongoing compliance.
•Cloud Security Governance
Architect security requirements for applications on AWS and Azure cloud environments and recommend security controls to protect customer information
•Third Party Security Review
Conduct third party vendor security assessment and review the risk of sharing business information.
Projects Handled:
•Architect the Authentication, Authorization and Accountability framework for SaaS based cloud application model.
•Tokenization of payment card data on enterprise systems
•Threat Modelling and Architecture review of retail applications that store and process customer sensitive information.
•Review of application logging status and ensuring compliance to enterprise logging standards.
•Security design review for business customer self-service portal including creating user access control matrix, multi-factor authentication, data security of customer PII and CPNI information
Manage Corporate Security Governance, Information Security Assurance and Threat Management & Advisory function and ensure bank operates within the pre-defined risk appetite.
RESPONSIBILITES:
•Security Architecture Revie
Evaluation of technical risks, design, architecture and feasibility study, vendor review and security controls of infrastructure technologies and business systems implemented in the bank. Design, develop and implement technical information security frameworks.
•Regulatory Compliance:
Managing regulatory compliance program including PCI DSS, ISO 27001, PDRA, PCI PIN Security and ESCA for the bank. Subject matter expertise in Payment Card and PIN Security and in-depth knowledge of COBIT Framework.
•Privacy Revie
Performed evaluation of security controls for GDPR compliance for the banking operations performed in Europe region. Identify critical business process and the assess the data security of customer personal and banking transactions. Perform operational risk assessment and initiate remediation of risk items. Enumerate the responsibilities of data controllers and processors for enforcing data protection. Provide data protection and privacy awareness training to stakeholders.
•Vulnerability Assessment and Baseline Security:
Manage and implement vulnerability assessment lifecycle to ensure banks systems are continuously protected against threats. Conduct periodic vulnerability assessment on bank’s internal and external facing systems and take steps to mitigate vulnerabilities on time. Develop and ensure technical baselines for secure management of systems across multiple platforms and applications.
•Log Monitoring and Incident Handling:
Manage operational security monitoring for bank critical systems through SIEM solution. Point of contact for SOC related escalations. Detection, analysis and reporting of system intrusion and malicious behavior. Assess and prioritize security events depending upon the criticality. Provide incident response to security events and alerts.
•Information Security Policy:
Developing Information Security policies and coordinating the activities required for implementing them. Creating a compliance review plan and conduct periodic review to evaluate the compliance level.
•Risk Assessment:
Conduct periodic risk assessments of Banking systems based on criticality (include systems such as Core Banking, Internet Banking, Mobile Banking and Middleware). Collate risk status and related information periodically in order to generate KRI/KPI reports. Clearly articulate and summarize the risk reports and technical vulnerabilities such that a wide range of Business can understand the risk posture easily. Continuously assess the gaps between the actual implemented security controls and those established at a policy level thus highlighting deficiencies for remedial action.
•User Access Recertification:
Review application roles and their privileges in order to validate the principles of least privilege and dual control. Design Access Control Matrix for critical applications and periodically validate the user roles to mapped to job profiles.
•Asset Classification:
Identify and evaluate the criticality of information assets. Ensure that the assets are classified and added to Asset Register. Coordinate with the business owners and ensure implementation of appropriate security controls.
•Information Security Awareness:
Managing Information Security Awareness program for the bank. Impart security awareness through various mediums such as Email, Learning Management System and conduct mock Phishing Assessments. Measure and evaluate the Information Security awareness quotient.
•Key Management:
Manage encryption keys used in HSM such as LMK, ZPK, TPK for security of ATM PIN, Internet Banking, Mobile banking platform.
•Data Leakage Prevention:
Plan, implement and manage DLP solution in the bank. Review data leakage incidents and define policies for effective identification and mitigation of data exfiltration.
•Physical Security Assurance:
Recertification of staff physical access permissions. Review of branch and ATM security and provide recommendation to secure the location
Member of the Information Security Level-3 team and primarily responsible for the administration and management of user identities across multiple platforms and applications.
RESPONSIBILITIES:
•Identity Management:
Administration of IDM solution to securely and efficiently manage end-to-end lifecycle of user identities across multiple enterprise systems. Manage the process of identity creation, maintenance of identity source data and provisioning of access. Ensure automatic termination of identity
•Access Revie
Perform periodic review of logical access of employees and ensure that access is provided on a need to know basis.
•Unstructured data project:
Actively involved in identifying and analysis of access control lists on servers. Analyzing and modifying NTFS permissions to conform to security standards using Varonis.
•Role Based Access and Entitlement Management:
Plan, implement and manage Role Based Access to applications and domains. Manage access rights and privileges.
•Digital identity management:
Creating and managing digital identities of users for remote access and encryption using Entrust-Security Manager Administration. Performing Key recovery and revocation of user certificates.
•RSA Token management:
Administering remote access through RSA-ACE Console. Configuring and issuing hard token for users and managing access to network resources.
•Spam and malicious mail control:
Analyzing and monitoring of spam mails through Positini.
•Radius administration: Administering remote access services for VPN clients
•ISO 27001 Initiative: Implementing ISO 27001 compliance for the security team. Preparation of service catalog and gap analysis of the security process.
•Incident Handling:
Managing user access issues and other incidents on HP Service Center application. Troubleshooting and routing of incident tickets.
I was part of the IT-Services team, primarily responsible for system administration, server support and network management.
RESPONSIBILITIES: -
•Server Management and Network Support:
Installation, configuration, administration and troubleshooting of Windows-2003 and Windows-2000 Advanced server for File/Print services and Database. Monitoring the performance of the servers and patch management.
Managing LAN for desktops and servers using CISCO switches in HUB rooms and server rooms. Configuring and managing VPN server for remote access.
•Antivirus Support and Security patch management:
Administering Norton Antivirus server and ensuring the download of daily SAV updates. Periodic scanning on desktops, laptops and servers and ensuring the latest updates.
Downloading and installing the Microsoft security updates using WSUS for security compliance.
•User Account and E-Mail Management:
Creating and administering user accounts in Active Directory. Providing e-mail access to users in MS-Exchange environment and managing the access to group mailboxes and distribution lists
•Access Management:
Managing user access to project shares based on the access template and ensuring least privilege. Administering and monitoring access to printers. Managing access on Microsoft VSS and IBM ClearCase for versioning.
•Desktop Support:
Software and hardware troubleshooting on Windows XP desktops and laptops.
•BCP and Disaster Recovery: Involved in planning and executing a Disaster recovery and Business Continuity plan. Actively involved in setting up infrastructure at the disaster recovery center. Coordinated the disaster recovery drills for various projects and tested the effectiveness of the plan.
•BS 7799 Initiative:
Actively participated in the BS 7799 initiative in the company. Training users on basic security principles and ensuring audit compliance. Maintaining the BS 7799 control documents for IT Services team
•IBM QuickPlace:
Single Point of Contact for the installation and configuration of IBM QuickPlace-6.5.4 for the client AEGON. Upgraded to Domino 7.0 and performance tuning and monitoring of the server.
SECURITY TOOLS
•Identity & Access Management - SUN Identity Manager (Oracle IDM)
•Security Governance - RSA Archer, ServiceNow
•Digital Identity Management - Entrust Security Manager
•Identity Governance - Sailpoint
•Remote Access - RSA ACE Server
•SIEM Solution - IBM QRadar, Splunk
•Cyber Threat Protection and APT - FireEye
•Data Leakage Prevention - Forcepoint DLP and Symantec
•Database Activity Monitoring - IBM Security Guardium
•Vulnerability Assessment - Nessus, Qualys
•Firewall Rule Monitoring - Firemon, Algosec
for the CISO team and successfully manage Data Leakage Prevention, Vulnerability Assessment and Security Awareness program.
RESPONSIBILITES:
•Data Leakage Prevention:
Coordinating the implementation of Data Leakage Prevention system in bank and maintenance activities. Identify critical data and classify them on the DLP system. Creating policies to audit critical data outflow from various information systems.
•Database Activity Monitoring:
Conduct Proof of Concept and creating a product evaluation matrix. Deploying the infrastructure for the implementation of DAM system. Identification and classification of critical databases. Creating policies to audit actions performed on the databases. Creating valuable reports for management review.
•Manage SOC Alerts and SIEM Solution:
Manage SIEM solution for effective security monitoring of bank systems. Optimize the performance of log collection and correlation rules. Review SOC alerts and respond to security incidents.
•Vulnerability Assessment:
Performing periodic vulnerability assessment on the IT infrastructure of the bank. Generating reports and raising incidents for risk mitigation. Fine tuning the assessment process and provide accurate information about the existing vulnerabilities to senior management
•Information Security Awareness:
Creating information security awareness content for bank employees. Measuring and evaluating the users on the key aspects for information security.
•Intrusion Prevention System:
Regular monitoring of the Intrusion Prevention System logs and reporting to the IT team for remediation. Analyze the rules and advice IT to enable rules depending upon the threat factors.
•Security Baselines:
Develop Operating System and application baseline standards for the bank. Coordinate with IT to implement the standards.
Royal Bank of Scotland From Jan ’10 - Mar ‘10
Chennai, India
Analyst - System Access Management
Leading the access management team involved in the provisioning of system access on critical banking applications and incident management.
RESPONSIBILITIES:
•Train and setup System Access Management team for effective handling of logical access requests on critical applications
•Review the access roles and ensure compliance to RBAC rules
•SPOC for the business teams to liaise with IT on access related issues
courses: Certified Information Systems and Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control Certified in the Governance of Enterprise IT (CGEIT)