Lead-Cyber Security Operations Center
BATELCO
Total years of experience :27 years, 1 Months
- Ensure to plan, coordinate and implement security measures for IT systems and networks to be in compliance and to provide security assurance as per the security policies and best practices.
- Ensure that the security policies, guidelines and standards exist in the
organization along with the acceptable usage policies and they are well
communicated to the users.
- Responsible to implement ITIL Security Management process which is based on the information security management standards defined as per ISO 27001.
- Responsible to implement COBIT 4.1- the IT governance and control framework best practices for aligning IT with business objectives which controls and manage associated risks with in the organization.
- Working as a key member of the Information Security Governance team, which is part of IT Governance body.
-Regulate access to critical resources and prevent unauthorized modification, destruction or disclosure of information.
- Ensure a reliable information security state of the business, which includes vulnerability research, scanning, response, forensics and create security incident reports as per the Incident Management procedures.
- Ensure compatibility of planned security measures with security system software, review violations in critical resources and report them to the management.
- Inputs for developing the organization's information security policies.
- Support the business continuity, disaster recovery, risk management and assurance efforts through out the organization.
-Conduct and initiate periodical self assessments or internal security audits to identify and report the gaps.
-Follow-up with the data owners and data custodians for the corrective actions and closure of identified risks as well as audit observations.
-Manage the audit observation issues effectively with the use of TeamMate Audit Management tool.
-Conduct and co-ordinate information system audits on periodic basis.
ط Worked as a full time Security Consultant for the 24/7 Security Operation as well as with the Monitoring team in handling real-time security event log analysis from various security monitoring detection/prevention tools and Incident Reporting.
ط Responsible for maintaining and enhancing the Confidentiality, Integrity and Availability of the enterprise security posture.
ط Implemented, supported and managed ISS Host based and Network based Intrusion Detection Systems (IDS) infrastructure implemented across the globe in Saudi Aramco. Gained extensive experience in IDS/IPS event analysis, Logs and Audit Trail Management.
ط Handled the design, implementation, customization of policies as well as creating in-depth custom based User Defined Signatures in IPS for the enterprise wide network of Saudi Aramco.
ط Handled the design and customization of security event logs and correlation of the events using e-Security Sentinel-the central security log correlation repository of the enterprise network.
ط Was responsible for Information Gathering, Vulnerability Detections and Attack & Penetration Assessments from inside as well as from outside in the wired and wireless network infrastructure. Produce reports, evidences and presentation of findings to senior management and operation staff with recommended remediation strategies based on appropriate standards and guidelines.
ط Worked as a key member of the Incident Response Team who takes the lead in responding, investigating, documenting, and keeping track of the IT security incidents which helps to minimize information loss and disruption of service.
ط Actively involved with the Change Management Team in the process of reviews, discussions and approvals for the network changes as well as with the back-out plans submitted, to ensure that the security compliance standards have been followed and also to minimize the availability issues, costs, and risks to the production network.
Was working in WIPRO, Bangalore - The No.1 end to end IT integration and solution provider in India - as an IT Security Consultant in Information Security Division.
CONTRIBUTION:
Ø Worked extensively on various Network Security Implementation projects, Security Auditing, Compliance Assessment, Penetration Testing, Security Architecture Design Consulting and Presale activities for corporate customers.
Ø Implemented various types of Firewall - VPN devices Network & Host Based IDS servers, Vulnerability Scanners, Policy Compliance Tools, Access Control & Audit tools, URL filtering Software’s and Gateway Protection device.
CLIENT(s):
Some of the security projects done during this period are :
* Asianet Communications Ltd. - Security Audit, Design & Implementation
* Bharat Electronics Ltd. - Security Architecture Design & Implementation
* Bharat Petroleum Ltd. - Security Architecture Design & Implementation
* CGSmith Ltd.- Security Forensic Analysis
* GE Technology Center (John F. Welch Technology Center) - Security Implementation
* ING Vysya Bank - Security Solution Design & Implementation
* ITC Ltd. - Security Architecture Design & Implementation
* Karnataka Power Corporation Ltd. - Security Forensic Analysis
* Life Insurance Corporation of India - Security Implementation
* Pidilite Industries Ltd.- Security Implementation
* Sharp Software Development - Security Implementation
* South Indian Bank Ltd. - Security Audit
* SRF Ltd.- Security Audit
* Syndicate Bank - Security Audit
* UTI Bank Ltd. - Security Implementation & Forensic Analysis
* Wipro Technologies Ltd. - Security Audit and Implementation
* Macronix Ltd., Taiwan - Penetration Testing
* Thameswater Ltd., U.K - Penetration Testing
* Doha Bank, Qatar - Penetration Testing
Was working in Manipal Control Data eCommerce Ltd., Bangalore, India - a country wide Internet Service Provider (ISP) - as a Senior Network Administrator, responsible for the country wide Network Setup, Configuration, Support and Administration of the Network Security Infrastructure.
CONTRIBUTION:
Ø Primary responsibility was in the Implementation as well as Managing the core network setup for an Internet Service Provider, having Points of Presence (POP) across the country.
Ø Managed effectively the Network Security and Administration of the ISP network as well as for the client network setups.
Ø Implemented WAN as well as RAS setup at Hindustan Lever Ltd. (Indian Subsidiary of UNILEVER Ltd.), Bangalore.
Ø Involved in the migration (CCMAIL to Intrastore) of eMail infrastructure at UNILEVER Ltd. network across the world.
Certified Information Systems Manager (CISM)
CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA)
Intrusion Prevention System (IPS) Certification
Certification in Intrusion Detection & Vulnerability assessment Products.
Certification in Firewall.
Certification in URL Filtering Product.
Duration : 1 Year
Duration : One & Half Year ( 3 semesters)
Duration : 3 Years