Cyber Security Architect
PageGroup
Total years of experience :17 years, 3 Months
Provide security services across the Company global liaising with external partners, clients and candidates.
Be seen as a primary point of contact and source of security expertise.
Working as SME to design, deploy and manage Sourcefire IPS, Splunk Enterprise and Enterprise Security solutions.
Oversee incident response planning. Investigate security breaches and assist with the resulting actions taken, including customer notification and interface.
Participate in forensic investigations, pen tests and vulnerability assessments providing appropriate reports.
To engage with IT and business people on security issues and drive to successful closure.
Design and document solutions delivering enhanced security stance.
To mentor team members and other IT teams in Security best practices and approaches.
Assist in migration of email, web and mobile security controls to cloud based environment.
Play active and key role within the Global Security Services team delivering Information security services for client (WPP Group) worldwide.
Design and implementation of SIEM (Qradar) solution.
Creating and managing vulnerability management program using Qualys product.
Enhance and manage Sophos end point security control system.
Design, Implement, Management and maintenance of Security information and Event Management (LogRhythm) solution.
Research into latest threats and reporting
To promote security awareness and the handling of security risks from threat to resolution.
Enhancing internal vulnerability scanning programme.
Providing technical leadership and guidance to risk management team.
As a Security Consultant within the Technical Consultancy Group (TCG) Professional Services practice for NTT Com Security, I was responsible for delivering spectrum of Cyber Security capabilities including SIEM (LogRhythm, RSA Security Analytics, IBM QRadar and Splunk ), Firewalls and Sourcefire IPS/IDS, Building Security Operation Service (SOC) from ground up, enhancing the existing SOC services and DDOS mitigation solutions to NTT com Security’s clients across all business sectors.
Project planning Technical requirement gathering, Designing and deploying security solutions to meet industry best practices, standards and policies, documentation and post installation customer support and training were all integral part of my role.
Identify the appropriate number of applicable use/misuse cases for the SOC and prioritise their implementation
Design a use case management plan
Define appropriate and applicable SOC processes for SOC and prioritise their implementation
Implementing network security solutions including firewalls, IDS, IPS, HIPS
SME for all phases of SIEM (Splunk, LogRhythm) implementation including advance correlation rules, fine tuning, health check and reporting.
Implement new security services and promote improvements to the existing services
Providing expert advice on enterprise network security architect
Provide incident response services
Actively participate in the implementation of Security Operation Centre (SOC) services to ensure the client’s estate is effectively monitored, assessed and protected to the highest standard.
Monitoring all technical security incidents and managing controls and mechanisms to prevent and minimise risks.
Research the latest information technology (IT) security trends.
Identify, prioritize, and respond to various security events, compliance violations, policy breaches, cyber security attacks, and insider threats.
Managing and overlooking Incident Response.
Provide training to new team members within the SOC across all Security monitoring tools.
Support the delivery of information security awareness program
Management of IDS and IPS ( Sourcefire 3D, toplayer IPS 5500)
Configuration and management of Crossbeam (X40 and X80 series) systems
Prevention of digital attack from internal and external sources against the business
Routine management of a Vulnerability database
PCI compliance and vulnerabilities check using Qualys devices Nessus and Nmap.
Configuration and management of SSL VPN (F5 Firepass 1200) and RSA devices.
Day to day management of Checkpoint-1, Cisco PIX/ASA Firewalls
Bluecoat proxy and DISKnet-Pro management.
EIQ NSA Security Analyser management.
Assist with technical design of security architecture
Management of compliance issues for BS7799 and PCI
Managing, coordinating and monitoring the information collection activities from a variety of public and private sources (for example, mailing lists, web sites, Rss feeds), performing surface analysis, and then redistributing this information to interested parties
Managing and coordinating responses to incoming email sent to the CERT Coordination Centre
Leading internal tool specifications and development
Representing and presenting material to relevant authorities as required
Provide a central point of expertise in relation to security incidents
Manage the use of common cryptographic protocols (e.g., PGP)