Infrastructure Security Specialist
Standard Chartered Bank
Total years of experience :16 years, 6 Months
Technology Used: Checkpoint R81.x, Palo Alto Firewalls, Prisma Access, F5 ASM, APM, LTM & DNS, Bluecoat Proxy, FortiGate Firewalls, Juniper firewalls, VPN, Skybox, Qualys, CMDB
• Led the migration of 10, 000+ network devices across 62 diverse technologies from Skybox Network Assurance to Qualys cloud Policy Compliance, slashing maintenance costs by over 35%.
• Spearheaded the migration of 15 BIG-IP i2800 devices to vCMP i5800, optimising performance and enhancing network scalability.
• Managed firewall configuration implementations and policy installations across multiple platforms, including Juniper, Check Point, and Fortinet, ensuring alignment with industry standards and best practices.
• Developed end-to-end network segments with robust firewall and access policies to ensure PCI compliance for payment card systems, mitigating potential security risks.
• Collaborated closely with the Vice President of Information Security to design and implement network infrastructure in alignment with the Zero Trust Network Security Framework, enhancing overall security posture.
• Conducted comprehensive risk and compliance assessments, presenting findings to the CIO forum and providing actionable insights for strategic decision-making.
• Reviewed system logs to identify usage levels, bandwidth, and system security inefficiencies, implementing appropriate solutions to enhance network performance and security.
• Proposed and implemented network upgrades to maximise ROI on hardware and service expenditures, leveraging in-depth analysis of performance data to drive informed decision-making.
Technology Used: Skybox, Qualys, NIST
• Conducted proactive compliance analysis on over 10, 000 assets, achieving a high scan completion rate and significantly reducing exposure to potential security threats.
• Directed the successful adoption of three new technologies within one quarter, piloting a technology identification program to ensure compliance with governance frameworks and minimise risk exposure.
• Developed individualised remediation plans for high-risk vulnerabilities, resulting in substantial improvement in infrastructure security posture.
• Assessed all infra-assets to establish hardening standards and govern non-compliance controls, ensuring robust security measures were in place to safeguard organisational assets.
Technology Used: Checkpoint R80.30, Juniper NetSRX, F5 ASM, AWS, LTM & GTM, Bluecoat Proxy, VPN, FortiGate, Cisco Firepower, Algosec
• Delivered Business-As-Usual (BAU) support and services, promptly resolving daily network security-related issues in both R&M and project phases, ensuring uninterrupted operational continuity.
• Ensured optimal functionality of all security devices, providing actionable recommendations for enhancements to maintain peak performance and strict adherence to network security protocols.
• Conducted regular security devices policy installations and configurations, alongside periodic backups, ensuring data integrity and swift recovery in case of system failures.
• Provided comprehensive firewall capacity assessments, sizing evaluations, and utilisation analyses, ensuring all network devices operated at peak performance levels and met availability targets.
• Led multiple firewall projects, overseeing end-to-end execution, from planning and implementation to documentation and audit compliance, ensuring seamless integration of network and security solutions.
Technology Used: Checkpoint Gaia/SPLAT/R75/R77, Juniper NetSRX, F5 LTM & GTM, BC Proxy, Cisco ASA, VPN, FortiGate, WAF, Cisco ASA
Client: TedBaker, UK Jun 2016 - Sep 2016
• Orchestrated the seamless implementation of cutting-edge F5 load balancing technology to optimise the performance of the MS Dynamics CRM solution, ensuring enhanced user experience and system efficiency.
• Developed meticulous Low-Level Documentation aligned with High-Level Documentation standards, providing a detailed blueprint for the successful execution of complex IT projects.
• Facilitated effective collaboration among diverse teams to enable the integration of the new F5 solution, leveraging interdisciplinary expertise to streamline deployment processes and minimise implementation timelines.
Client: APL-NOL, Singapore / US May 2016 - Sep 2016
• Conducted thorough analysis of incoming firewall change requests documented within the Service Manager, ensuring meticulous scrutiny to assess potential impacts and security implications.
• Strategized and developed comprehensive firewall implementation plans tailored to specific requirements, orchestrating flawless deployment processes for optimal firewall performance and network protection.
Client: Bank Of Queensland, Australia Sep 2016 - Mar 2019
• Supervised the implementation of a new Anti-Money Laundering system, leveraging Bluecoat Proxy, F5 LTM, and GTM technologies, ensuring smooth integration and robust security measures.
• Designed and executed a comprehensive solution for the Deposit Analytics system, incorporating F5 load balancers and firewall infrastructure, facilitating smooth operations in both UAT and Production environments.
• Played a pivotal role in project meetings, offering expert guidance and recommendations to stakeholders, optimising configurations, and enhancing network security measures for firewall, proxy, and F5 load balancer-related projects.
Client: Rothschild, UK Nov 2016 - Dec 2019
• Acted as the primary liaison for project and change requests concerning firewall and F5 LTM load balancer, ensuring prompt resolution and effective communication between stakeholders.
• Executed strategic plans for the implementation of a new F5 and firewall solution tailored to the Arrowline application, leading transitions between UAT and Production environments to optimise performance and security.
Client: Aviva Insurance, UK Sep 2017 - Sep 2019
• Conducted thorough analysis of firewall change requests managed through Service Manager, ensuring meticulous attention to detail and adherence to established protocols for flawless integration.
• Developed comprehensive firewall implementation plans tailored to specific requirements, meticulously outlining deployment strategies and configurations to optimise firewall performance and security effectiveness.
Technology Used: Checkpoint R75/R65/R70, BIG IP LTM/GTM, FortiGate 1000C, Bluecoat, ISA Proxy, Smartview Monitor, Smartview tracker, BMC Remedy, VPN Edges, Scansafe, Wireshark, TCPdump, FW monitor, CURL, TCPDUMP, HTTPwatch, SSLdump, qkview, HBGary FireEye, RSA NetWitness
• Within first 4 months successfully transformed 10 Checkpoint R65 to R75 and 5 ISA Reverse Proxy 2006 to Bluecoat SG Proxy and confugured Fortinet firewalls from scratch for new sites.
• Designed and Implemented IPSEC based VPN using peers, 3DES encryption and Pre-shared key systems.
• Configured VIP (virtual servers), pools, nodes, members, SNAT, iRules and administering LTM 4200v/3900/3600 and GTM 4200v/7200v for ISA 2006 and Bluecoat Proxies for Houston and Amsterdam Datacenters and Upgraded TMOS versions by coordinating with local IT support and IP management team.
• Responsibilities include rule implementations, VPN setups, upgrades, new builds in checkpoint firewall and Fortinet firewalls.
• Involved in configuration of access lists (ACL) on checkpoint firewall for the proper network routing.
• Configuring Winsock Proxy rules and renewing SSL certificates in ISA 2006 and Bluecoat Proxy.
• Evaluated new threats and patched security devices from vulnerability.
• Draft technical manuals, installation manuals and installation progress updates in order to enhance system security documentation.
• Decommission of old firewalls and proxies.
• Create ArcSight channels/reports for APT specific threats and analyzed cyber intelligence threats.
• Developed procedure manuals and patched security devices from Heartbleed and Shellshock vulnerability.
• Assisted in the design of key Managed Services, to further the goals of the company.
• Implemented changes that involve more than $5 Million.
• Upgraded Multi-Domain Security Management (Provider-1) to higher version.
• Hands on experience with the diagnosis tools for analyzing the real time statistics during the packet flow.
• Daily responsibilities include design, implementation, support and administration of multiple security products.
Won second prize on paper titled on Internet hacking