Security Architect Consultant
Viterra BV
مجموع سنوات الخبرة :30 years, 11 أشهر
Cloud Security Solutions Architect - Team Lead
Projects based cloud consultancy services for SaaS/IaaS Solutions for security and technical provisioning. Within scope -
• ISO27001 - year audit preparation - Policies currency - 2022 Audit findings remediation - Governance Framework and ISO objectives alignment with audit requirements.
• Deliver Cloud security architecture solutions for Azure and AWS Saas/IaaS solutions
• Provide security architecture collaboration to support the developing applications security architecture requirements. (ARIS and PSA frameworks)
• Implement the Cloud based projects SaaS applications security controls as per the ARIS and PSA assessed requirements.
• Manage pen-test findings for application risk management
• Deliver the full AWS security controls for IAAS infrastructure
• Collaborate with MicroSoft 365 security controls implementation.
• Provide the full range of AZURE security controls in ARIS (Enterprise Architecture) forrmat with their security objectives for Cloud services.
• Develop SCIM for Azure centralized IAM
• Implementing security design solutions including - User Authorization Design - Logging and Monitoring design - Network Security Design - Cryptographic Controls (Azure / HSM / CyberArk / Azure KeyVault/ HashiCorp for key management and supporting risk security services (penetration Testing / OWASP/SAST)
• Develop the BIA framework for supporting information classification for project security compliance
• Vendor risk assessment for SaaS service providers
• Develop and Implement the Business Impact Assessment process for SaaS applications.
• Collaborate in providing the ISF security framework for meeting the strategic security objectives.
Frankfurt
IDS/IPS/Malware/Anti-Virus/ Bitlocker/Symantec tools (inc -MDM) - DLP tools - - TLS/SSL - Cryptographic tools - Automated Key management - AWS Migration Planning and Implementation
Role: Enterprise
NIST 800-53, Cyber Security Architecture, PCI-DSS, MAS and SOX, TSLS/SSL - PKI Management
Overview - Applications Security and Risk Management Project delivery
•Projects based solutions consultancy including applications assurance (AppSec controls - encryption, authentication, sensitive data risk assurance, data in transit assurance controls) for a range of financial applications
•Deliver a T3 risk assessment for a program of risk assessed deliverables in relation to a strategic initiative to reduce infrastructure and applications footprint.
•Deliver a SOC capability architecture - architect the SOC - provide the determine the templates, reporting processes and applicable use cases for IDS signature -provide network forensic analysis management - track, analyze and implement appropriate signature less threat management - develop the operational security guidelines (OSG) for SOC event and incident management, incident categorization; malware analysis and threat management - FireEye / Alienvault APT and IPD technology solutions.
•Provide end to end web applications security architecture solutions for on-boarding new applications (includes penetration testing and implementing the supporting security capabilities (OWASP assessment and apply controls for risk mitigation).
ISO27001/2 - NIST 800-53 -PCI-DSS - Geographically Dispersed
Role: Enterprise
ISO27001 - Cloud / Iaas / MSS (Managed Security Services
IT Security and Risk Management - ISO27001 - Arc Sight ETRM -FireEye - Siteminder Cyber Solutions - Risk Methodologies ITIL V3 Compliant OTRS ITSM 3.0 - TOGAF RUP - IAM - COBIT - SSL/TLS - IAM/Akmani - Oauth2 - Symantec MDM / Vontu - DLP - Cloud AWS Implementation
Role: To develop and implement an ISG framework based on ISO 27000. Develop the security architecture and policy framework (including policies, standards and guidelines) Perform business impact and risk assessment for financial applications - implement an IAM solution; provide SME for operations and applications security governance - TVA and risk management planning for financial applications.
Responsibilities include -
•Develop WAF solutions to support a range of applications (based on TrustGuard Web Defend)
•Implement an IT operational risk management culture and governance framework for applications and infrastructure
•Provide a framework to enable secure device and network access controls for provisioning user and third-party access management (Oauth2, IAM, Federation)
•Architect the IAM solution to manage new business web based and online E-business applications in a next generation data center with EIAM (Akmani) (incorporating SSL/TLS; CA certificate management and automated certificate renewal and management controls; MFA, and single sign on (CA - SiteMinder)).
•Develop the supporting governance framework - (security policies, standards and OSGs).
•Implement a DLP (Data leakage and data loss - related to both ex and infiltration) capability based on Symantec Vontu to mitigate insider threat and data leakage / loss risk.
•Deliver an Enterprise Security Architecture based on FireEye, Symantec and Siteminder Solutions; implement SiteMinder Alerting; configure and implement alert codes; develop and test alert monitoring based on filtering controls; collaborate in the delivery of a signature-less (unknown/zero-day threats) with an IDS and false positives reducing capability.
•Risk assess the HSM key management infrastructure for data at rest confidentiality and integrity.
•Collaborate in the implementation of a CA - SiteMinder SSO federation solution
•Plan and risk manage web based and online E-business applications incorporating SSL/TLS; CA certificate management and automated certificate renewal and management controls; two factor authentication, and single sign on (CA - SiteMinder).
•Implement a mobile device (MDM - Symantec) solution with supporting encryption.
•Security Architecture support for applications on-boarding and risk management (code scanning, penetration testing, OWASP top 10 risk management and remediation
Amsterdam
TOGAF / SOA / RUP UML Java ISO27 TOGAF - SOA - IT Security and Operational Risk Modeling - ISO27001 - BS7799 - PCI - ITIL Prince2 -CRAMM - SSL/TLS - IAM
Tools -: IRAM - CMM-I- ITIL- ILM - ISO9001:2000 BISL - Prince2 - ITIL - MS Office - RSA Security - IDS - RUP -PCI / DSS - COBIT -CRAMM
Developing security policies, standards and guidelines based on business modeling approaches to deliver security standards and policies based on third party security tools. Providing a range of security support services including - security architecture modeling initiatives to support IAM, IDS management and Operational Controls.
•Integrate 2 datacenters - Bangkok and Manila with emphasis on Business Recovery (BCP) and High Availability. Implement an operational risk management culture to evaluate, plan and implement security and risk mitigation strategies based on risk assessment modelling and BIA. Incorporate ISO and BS 27 security protocols.
•Develop and implement the Security Solutions Architecture for IDS, IAM and security monitoring (based on CISCO and RSA tools).
•Operational risk analysis - documenting security and operational risk policies and procedures in relation to IDS for network, host and applications-based intrusion prevention.
•Security SME for systems and applications design and architecture board review deliverables in conjunction with security architecture, standards and controls.
•Implement information ownership and Data classification.
•Develop the supporting security policies, controls (Operational Security Guidelines) in support of the security framework, compliancy and risk mitigation objectives based on an ISMS framework.
•Plan BCP and DR for a range of network solutions including - DNS, Proxy and Reverse Proxy, Juniper and Checkpoint Firewalls, and WIFI services.
•Implementing security policies and processes to mitigate user access operational risk (OAUTh2 and IAM tools).
•Delivering, with the assistance of business modeling (incorporating both risk and operational analysis), a security policy to support business drivers.
•Providing risk assessment into systems design and systems architecture prior to implementation.
•Delivering security strategies for - server migration for AIX and Windows, Virtualization for Windows applications under VMware,
•Working with third parties (suppliers, external technology support) to mitigate third party risks within the virtual infrastructures.
Zaventem Belgium /Shell Nederland - Leidschendam / Kuala Lumpur
Environment MS Office - Prince2 -Excel - ITIL -ISO9000 - Oracle Security Developer PKI Web Services Security - CISCO Secure DataCenter
MSOffice - Oracle - SOA, Blackwidow, COBRA, HIPAA - Risk Metrics
Role: New Projects
Environment IBM AIX - Windows - ISO9000 - CMMI - Prince 2 - IBM WebSphere
Role:
Environment IBM Z900/AIX - Windows NT - Lotus Notes - Checkpoint Firewall-1 MVS/Jes2 DB2V6.1 OS390 2.9 VM SP RACF Security Server/ACF2/ ISO9000:2000 - Websphere V3.5 Win2K /WINNT Apache - COBRA - NETFILTER
Prince2 - ITIL - RACF - VM Security Tools
Responsibilities: Managing a team of 5 personnel to deliver mainframe and Internet Security project solutions. These are as follows -
•Tivoli / ADSM storage management - build ADSM IWEB for Windows NT
•Build Visual Info OAM environment
•Install and test Checkpoint Firewall-1for Internet and Intranet
•Develop Tivoli Distributed Monitor tools (V3.)for NT TSM and Oracle
•RACF Systems Security management in developing and distributing VM RACF database security tools.
•Develop IT security best practices for intranet, internal access and role-based access controls
•Plan Install implement and test Websphere V4
Den Haag/DeltaLloyd Amsterdam
Environment OS/390 - 2.6 - MVS - JES2 utilizing IBM 9762 - R54 (225MIPS) processor in Sysplex mode. Windows NT/AIX / Sun Solaris Platform - GroupWise DSFSMS - 1.4.0 RACF - JES2 - DB2V5 - IMS - CICS CA-Software Suite - Windows NT Applications - Candle Software Products - BSA Software Products
Environment OS390/MVS - WINDOWS/NT - AIX /TCP/IP -RACF/ACF2 DB2 CICS Lotus Notes /CRAMM II ITIL
Environment VM Systems - VM/SP/RACF1.9 MVS
Hong Kong / Kuala Lumpur
Environment OS/390 - MVS/JES2 DB2 CICS Windows/NT -MVS/AIX - TCP/IP Lotus Notes ACF/2 RACF 1.9
Environment MVS/ESA - MSV/JES2 - RACF 1.9 - SMS 1.1 Consul/RACF DB2 CICS
Environment MVS - DB2 - CICS - RACF
Environment IBM 4341/81 VM/MVS/JES2 CICS - DFHSM
in computer operations and support - an Operations Analyst in the Storage Management group with general day to day support. Development and testing of OS/MVS disaster recovery processes.
Solid TOGAF/EA Architectural skills in delivering architectural solutions to align with security architecture
Strong interpersonal, leadership and communication skills. Independent work management based on project management disciplines. Excellent stakeholder management and communications skills
Under the Security Architecture requirements for availability, scale AWS network components to ensure sufficient capacity to mitigate risks of inbound traffic flooding (DDoS conditions).
•Defence in Depth - Provide SME for the improvement of defence in depth security controls (DLP and Network Ops Cyber threats) through Cloud and IPS supplier threat intelligence collaboration.
•Cloud Security RoadMap - Delivering the architecture roadmap for a range of strategic security (applications, Hybrid Cloud Implementation, DLP, threat management and authentication controls) projects.
•Technical Security PMO - delivering a Cloud based IDS/IPS Malware solution to include signature-less, behaviour and reputational assessment, sandboxing and threat management; Includes RFP/RTM and PoC deliverables, functional testing analysis and assessment of solutions, selection and IPS solution implementation;
•Chef Orchestration - Deploy Hosted Chef Infrastructure (Master Server, Workstations and Client Nodes) for application (VPC Deployment) infrastructure management with automated procedures and deploy mandated security controls.
•Authentication and Federation Controls - Stakeholder collaboration to formalise Cloud policies and OSGs, supported with open source and in house security technologies, controls and protocols (e.g. TLS, Kerberos and SAML) for authentication and federation.
•Ensure that mandated security controls/counter-measures mitigate, minimise, or treat discovered risks are pragmatic, appropriate and cost effective for a hybrid AWS Cloud solution
•AWS - KMS Crypto Solutions - Collaborate in the design and implementation of an automated PKI solution - cryptographic authentication over encrypted channels.
•AWS Inspector Automated Security Assessment Service - Provide Security Architecture Assurance (for formal approval) for solutions designs to ensure compliance with architecture security design principles in the form of - AWS Cloud platform security (Inspector).
•AWS Audit and Compliance - Leveraging Scout2 to inspect and scan configurations.
•CloudTrail - API Trail Logging - for access rights management, operational issues and (possible) unauthorised data access.
•CloudWatch - defence in depth data exfiltration threat management.
for design approval) deliverables design solutions presentations supported by the applicable security architecture controls -.e.g. - SIEM; Enhanced security monitoring; Automated certificate renewal and management; Technical access management controls; Data leakage prevention (DLP) on supplier managed endpoints; Database activity event monitoring; Security compliance and state monitoring; Threat monitoring and prevention capabilities; Unrestricted access rights scanning risk management.
courses: Languages: Dutch, French, Italian (spoken)
courses: Languages: Dutch, French, Italian (spoken)
-