Security Architect
Espina IT Solutions
Total years of experience :20 years, 3 Months
PWA - Information Systems Dept, Dec 2016 - Till date
Client: ISD ~ Company: Ashghal PWA
Consulting and Solution architect, evaluation of project requirement, providing consulting services to internal projects, executing and implementation of critical changes in production environment.
Active member of Risk Assessment and Business Impact Analysis for ISD services.
Member in providing security solutions, design and consultancy, validating RFP, and coordinating with vendors for information security enhancement.
Service Roll out: Coordinate with various IT departments within Ashghal for requirement mapping, sizing of solution, cost estimation, vendor coordination, use cases definition, etc.
Cisco ASA, Firepower and Fortigate firewall administration and maintenance.
Implementation of detective and preventive controls based on the anomalies picked up by the SIEM operations team.
Member of Change Management Process for all business critical IT related changes for Ashghal Services.
Champion for IT infrastructure Risk Management Team.
F5 LTM, ASM and APM (Kerberos / SAML / AD / oauth / HTTP Form based proxy authentication) administrational and operational activities.
Involved in the perimeter design and implementation as per the management directions.
IT and OT (SCADA network) data security review, analysis and design.
Involved in ISO 27001/22301 process documentation and implementation.
CMMI Assessment Team Member for CMMI L3 implementation.
Microsoft PKI roll-outs, Gemalto HSM administration, Signing Hub Digital Signature implementation, Access management implementation and administration (SSO, SAML, OTP, Radius) using Gemalto Safenet solutions, Xceedium PAM administration.
Micosoft Azure Cloud infrastructure and security planning, design and implementation.
Imperva Database Security Firewall administration.
PWA - Information Systems Dept, Nov 2014 - Present
Client: Ashghal ~ Company: Paramount Computer Systems
Consulting and Solution Architect, Migration of internet users to new Proxy Services (Websense to Bluecoat migration), Successful migration of Cisco ACE to F5 LTM load balancer migration, evaluation of project requirement, providing consulting services to internal projects, executing and implementation of the critical changes in production environment.
Member in providing security solutions design and consultancy, validating RFP, and coordinating with Vendors for better security solutions enhancement.
SSO implementation using F5 APM (Access Policy Manager) for Ashghal web services.
Service Roll out: Coordinate with various IT Departments within Ashghal for requirement mapping, sizing of solution, cost estimation, vendor coordination, Use cases definition, etc.
Solution Architecture: Develop RSA SIEM technical architecture; setup the SIEM infrastructure and its administration, which includes installation of SIEM Components, Integration of event sources and their logs, software and hardware upgrades, patch management, etc.
SIEM Engineering: Develop SIEM Use cases, and derive Correlation Rules, Alerts, Reports, etc., identify new attack vectors, vulnerabilities and exploits and work with various security groups within the company to implement detection and prevention controls for them proactively, enhance Intrusion Detection capabilities in Fireeye, Tipping Point, and F5 ASM, take-up Level 2 & 3 advanced Incident Investigations for anomalies picked up by the SIEM Operations Team.
Develop Incident Management Processes & Procedures (Work Instructions) to covering four major categories - Business, Technology, Operational and Analytical.
Project Name: Disney DCLAN, Apr 2013 - Nov 2014
Client: Walt Disney ~ Company: ACS Xerox
Key Responsibilities:
Managed a team of 5 offshore members and reporting to the SBU Director- Network Service Delivery. Worked extensively on Cisco Nexus Switches, Routers, Cisco CSS and F5 load balancers, and PIX/ASA/Checkpoint/SRX firewalls.
Managed the Network & Security Administration involving design of network layouts, maintenance of configuration. Co-ordinated with the peer teams for problem resolution under the scheduled timelines. Involvement in KPI reporting, analysis and remediation plans.
Followed the ITIL framework for Network Services with the HP Service Manager being the ticketing tool, and scheduled the activities based on the Service, Incident and Change Management categories.
Experience in administering Windows Terminal Server, Group Policy management and Active Directory environment
I&A Provisioning Team, Feb 2012 - Dec 2012
Client: IaaS Delivery ~ Company: Thomson Reuters
Key Responsibilities:
Worked as a contractor with Thomson Reuters from Feb’12 to July’12 under the payrolls of Atlas Systems Pvt Ltd, and was offered a permanent role from Thomson Reuters from Aug’12.
Analyzed business needs and spearheading IT infrastructure establishment initiatives; maintaining documentation for current & proposed future installations and modifications to current environment. Worked extensively on Cisco Switches, Routers, ACE and F5 load balancers, and Pix/ASA/Checkpoint firewalls.
Managing the Network & Security Administration involving design of network layouts, maintenance of configuration. Co-ordination and implementation of Project works involving Network Build activities.
Managing Active Directory Users and Computers, and Assigning Network Drive Access Permission.
Configuring and managing users’ administration at domain level, and creating group policies and defining access rights.
Managing Groups and domain changes and Administration and maintenance of Windows 2000/XP/Vista
Follow the ITIL framework for Network Services with the HP Service Manager being the ticketing tool, and schedule the activities based on the Service, Incident and Change Management categories.
Sony GDC West, Dec 2010 - Dec 2011
Client: Sony ~ Company: Tata Consultancy Services
Key Responsibilities:
Accountable for the remote repair/maintenance of data services and associated circuitry per specifications and operational procedures in a 24x7 remote test center environment. Additionally supports local operations resource control functions.
Contributed as Network Tower Lead, managed a team of 12 to provide 24 x 7 Network maintenance, monitoring and support for Sony’s US and Europe Datacenters.
Handled Client meetings on Team SLA, performance, challenges & Improvement Plans.
Drove the Change and Incident management teams for effective issue resolution. Contributed extensively on Cisco 6500 series switches, FWSM modules, F5 LTM/ ASM/ GTM, Sourcefire IDS, Checkpoint firewall (R70), Riverbed, Bluecoat Proxies, DNS, DHCP and AAA servers.
Creating user accounts, modifying user accounts and disabling user accounts on server 2003, Intel, UNIX, AS400 platforms.
Working on security groups, distribution lists, email IDs and Active Directory on server 2003 to do OU based functions.
Remote Operation Centre, Apr 2009 - Nov 2010
Client: RAM ~ Company: Verizon Business
Key Responsibilities:
Entrusted with remote repair and maintenance of data services and associated circuitry per specifications and operational procedures in a 24x7 remote test center environment. Additionally supports local operations resource control functions.
Performed testing & diagnostic procedures on new and existing circuits according to published standards for IP services, PIP/MPLS services & data services. With assistance and direction, works on extended time tickets, chronic issues, repeat failure & particularly challenging tickets.
Interface with external resources (partner, PTT, carrier, and other access providers) and internal resources (e.g. field ops) for the isolation and repair of customer production network.
Works on routine work assignments with some direction. Requires instruction and guidance on new or more complex assignments. The developing leadership qualities of a Network Engineer includes assisting fellow technicians on general issues, directing external resources (e.g. PTTs) and internal resources (e.g. Field Ops) on what is required of them in addressing customer issues.
Performed technical duties that are usually necessary to conduct test and repair activities, primarily following standard procedures. Able to work outside of the standard process when it is appropriate with direction in order to resolve difficult issues. Able to escalate tickets when necessary.
COVAD NOC, Jan 2008 - Mar 2009
Client: COVAD ~ Company: Sify Technologies Ltd
Key Responsibilities:
Giving level-2 service for Covad Communications’ ATM Network. Maintaining the ATM Trunks core Backbone network topologies.
Configuring, troubleshooting and maintaining the Cisco BPX 8600 series switches. Monitoring the Nokia D50 DSLAM, Samsung Acemap DSLAM from remote terminal server
Provisioning and De-Provisioning of End users and Troubleshoot network related issues.
LAN Implementation and Maintenance, Nov 2003 - Dec 2007
Client: “ABS Capital”, Chennai ~ Company: “ABS Capital”, India
Key Responsibilities:
Supporting and Maintaining its server availability in the Internet
Managing Firewalls employed in the server network
Overseeing and routine checks of the Load Balancer operations.
Responsible for maintaining IP-Sec VPN connectivity to the Offshore support team
Provided support and maintenance to “ABS Capital” Core and Edge Switches including LAN networks. Co-ordination with the ISP for network related issues and resolving it.
Creating user accounts, modifying user accounts and disabling user accounts on server 2003, Intel, UNIX, AS400 platforms.
Working on security groups, distribution lists, email IDs and Active Directory on server 2003 to do OU based functions.
Experience in administering Windows Terminal Server, Group Policy management and Active Directory environment.