Senior Systems Security Engineer
Qatar Petroleum
مجموع سنوات الخبرة :19 years, 5 أشهر
• The mandate is to ensure a high-quality security posture for company information systems and provide a trusted path for data and information flows between information systems, either internal or external.
• Identify and manage information systems risks in areas that include, but are not limited to, access control, data protection, traffic flows (i.e., web and email), and malicious code prevention, detection, and response.
• Design, plan, and manage the implementation projects of security controls in line with the risk management process, and considering concepts like Zero Trust, Defense in Depth, Least Privilege, Reduce Attack Surface, and Segmentation and Isolation.
• Develop and maintain procedures for applications and software whitelisting and ensure that all new software is deployed according to the approved procedure.
• Design and manage encryption and cryptographic key management solutions for protecting classified information located on-premises or on Cloud.
• Designing and architecting Public Key Infrastructure to provide authentication and access control functions and mitigate impersonation risks.
• Conduct periodic system security assessments based on ISO/IEC 27001, ISO/IEC 27002, NIST Cyber Security Framework, and NIST SP 800-53 standards, while considering new technologies and emerging threats, with the objective of identifying current systems security posture and determining security gaps or improvements and required security controls.
• Involved in incident response procedure, reporting security incidents or breaches, and containment actions.
• Analyze the organization’s systems to identify critical systems, technology risks, and security gaps.
• Develop high/low-Level designs with the vision of security infrastructure accounting for emerging new technologies and other variables, including performance, high availability, proactive/retroactive responses, and secure implementations.
• Design, plan, and implement security controls covering risks mapped to threats and vulnerabilities and impact on assets or business functions.
• Initiate and continuously develop a dependable security program focusing on processes, technology, and personnel.
• Lead risk and vulnerability assessments to identify risks and security controls to reduce or mitigate risks.
• Implement security policies and procedures defining how to preserve confidentiality, integrity, and availability of information.
• Define, design, and deploy security mechanisms and controls in line with security policies and procedures goals and objectives.
• Align business activities with security controls offering a trusted information path with the highest possible level of availability and reliability.
• Applied network infrastructure expertise in leading and supervising up to 10 resources in delivering multiple network projects.
• Advised and consulted on network and information security architecture and designs.
• Developed high/low-Level designs with the vision of security infrastructure accounting for emerging new technologies to achieve enhanced performance, high availability, avoid redundancy, and ensure more secure implementations.
• Conducted risk/vulnerability assessment and performance tests to validate solutions and implementations.
• Contributed Business Continuity Plan by designing and implementing redundant disaster recovery sites.
• Served as Incident Response Team Leader while troubleshooting networking and security incidents.
• Analyzed statistics and monitored network traffic for faults, high utilization, and anomalous behavior.
• Implemented and managed firewalls, site-to-site VPN, SSL VPN, IPS, layer 2, and layer 3 security, as well as access control using Cisco ACS to ensure network operation.
• Established and managed application and server load balancers.
• Implemented and coordinated routers and switches for network infrastructure.
• Secured experience in network management and in monitoring and analyzing solutions.
• Led project team in the implementation of networking and information security solutions.
• Performed routine team administration activities, including scheduling, tasking, allocating, monitoring, and providing feedback.
• Executed, managed, and completed design and implementation network and security solution projects, reporting to the Project Manager.
• Installed, configured, troubleshot, and monitored infrastructure for diverse clients, including American International Contractors Incorporation, Syska Hennessy Group Construction, Inc., Archirodon Construction Overseas SA, and USA Corps of Engineers.
