Senior Engineer-Network Security-CISSP
ZAK Solutions For Computer Systems
Total years of experience :12 years, 11 Months
-- Handling the entire security infrastructure from endpoint to perimeter based on regulations, procedures, policies and threat centered security based on business function.
-- Analyzing outputs from penetration tests that have been carried out, verifying them and implementing recommendations.
-- Checking for risks and loopholes in network security and bringing changes to lower risk to acceptable levels.
-- Performing qualitative risk analysis and raising it to management so as to provide insights into vulnerabilities and threats.
-- Handling the corporate AV, Email gateway, SIEM, perimeter firewall and performing correlation to narrow down incidents.
Resident Security Engineer for Kuwait National Petroleum Company.
I manage the following devices: Fortigate 3700D firewall, FireEye WPS(Sandbox), Bluecoat ProxySG(Web-proxy), Bluecoat PacketShaper(Traffic shaping), McAfee IPS, F5 Load Balancer, F5 Web Application firewall and F5 Access Policy Manager(VPN gateway).
Significant exposure to new technologies. Responsible for handling SIEM POC's for KNPC which included IBM QRADAR, McAfee ESM.
Writing executive/technical reports for understanding value received from various security solutions to deliver a road map for security portfolio and understand any weak areas prone to attacks or exploitation.
Working with INFORMATION SECURITY team to analyze events, incidents, red flags. Getting involved in analysis from Endpoint to Network Perimeter.
Analyzing logs/packet captures from various security devices to troubleshoot incidents and making sure of any weak links at the same time simultaneously.
Participant in technology related discussions to make the network secure from the day to day threats of the present day world. Discussions related to NextGEN Firewalls, correlation, Anti-Virus, Proxies, Endpoints, IPS, Malware Detection devices.
Handling Managed Security Services from the customer end. Checking incidents raised and validating whether they are true or false positives.
Coordinating with different teams within the IT department and raising security concerns wherever applicable, either user, protocol or design related.
Promoting security awareness among normal users so that they understand if they are in danger of a network threat or loss of personal information.
Foreseeing design of various networks and suggesting various security solutions to secure the perimeter, data center networks..
After getting promoted became Network Specialist/Escalation engineer for Cisco Technical assistance center in New-Delhi, India.
Assisting new joining engineers to understand customer network setup and provide guiding steps to make them confident in customer facing and in building customer rapport.
During this role, I cleared CISCO HIGH TOUCH TECHNICAL SUPPORT (HTTS) interview( 2 hour long technical interview), which is meant for team of engineers for handling network issues for premier Cisco customers.
The day to day job requirement needed me to resolve complex issues related to VPN’s of customers in the US/CANADA region.
Handling Severity-1(Production Network down), Severity-2(Partial network down), Severity-3 (Troubleshooting assistance) for customers in US/CANADA region.
The job profile also included recommendations for designing customer networks in different geographical locations of the Americas.
Worked on a case involving latency over VPN for McDonalds in Europe which involved some top individuals from Cisco and McDonalds.
Worked with Cisco platinum, gold and silver partners like: Presidio, Datavox, Accudatasystems placed in the United States of America.
TAC engineer for Cisco.
TOP GUN FOR THE MONTH OF MARCH 2012.
The daily work schedule needed me to pick up live customer support cases from the US/CANADA region and assist customers via live Web-ex sessions or Email Support.
Part of the VPN team in the Security domain.
Handled US/CANADA primarily but also EMEA region customers and assisted them with trouble-shooting Priority-1, 2 and 3 issues, which sometimes included network design scenarios as well.
Worked on ASA-5500's, PIX515, Cisco (1800/2600/2800/3600/7200) series routers.
Setting up NAT/PAT, Policy-NAT, Policy-PAT rule on the ASA/Router(Pre and Post 8.3 code).
Setting up site-to-site, Remote access VPN's on ASA, s and Routers.Establishing Anyconnect VPN on the ASA'S. SSL-Webvpn setup.
Using endpoint checking software like Cisco CSD, Hostscan and Dynamic Access policies to allow and deny remote connection to users.
Setting up single-sign on for remote VPN users. Two factor authentication.
Authentication of Remote access users based on LDAP, RADIUS TACACS.
Capturing and analyzing traffic on the ASA/Router and end host machines and verify issues based on the same.
Deep knowledge of SSL, Certificates, PKI and their application to demanding customers scenarios.
Completed by Bachelor of Engineering in Electronics and Communication from India. Subject Interest: Computer networks Analog Communication Part of College Football Team.
High School Subjects Physics Chemistry Mathematics English
Senior School Subjects English Mathematics Science Social Science