Managing Consultant - Information Security
NetSol Technologies Limited
Total years of experience :20 years, 9 Months
Projects & Responsibilities:
• Project Manager for Enterprise Network Security Audit project - PMCL (Mobilink) Pakistan
• Identify security requirements and develop plan for securing information processing facilities
• Perform information security risk assessment using ISO 27005 guidelines and develop mitigation strategy
• Develop information security policies, procedures, guidelines and standards using International standards and best practices
• Investigation of security threats or attacks on information assets
• Conduct web application vulnerability assessment and penetration testing
• Conduct network vulnerability assessment and penetration testing
• Conduct Enterprise wide network security audits
• Designing solutions to preserve the confidentiality, integrity and availability of information and resources
• Technical proposal writing in the areas of ISO 27001 (ISMS), ISO 27005 (IT risk management), ISO 20000 (ITSM), penetration testing and IT Security Audit/Assessment
Roles & Responsibilities:
• Design, implement, and administer security structures and appliances to support the information and data security needs of internal and external networks and systems
• Communicate network security exposures, misuse, etc. situations to management, and execute appropriate incident response procedures approved by the management
• Implementing information security, access control policies and procedures
• Implementing network security policy addressed server/client security issues and applied appropriate security patches and upgrades
• Installation, configuration, and administration of hardware and software systems that provide appropriate network security functionality
• Review operation logs and event console activity to identify potential security-related events, determine cause of such events, and recommend respective counter measures
• Configuration and administration of proxy and remote access solutions for different locations using Microsoft ISA 2006/2004/2000 Server and Microsoft TMG
• Network administration, VLAN, Access Control Lists and Switch configurations
• Creation and implementation of Active Directory/LDAP security policies for users/groups
• Creation and implementation of SPNEGO (SSO technology) with AIX and Windows Server 2003/2000
• Performing incident/problem resolution and related processes including route cause analysis
• Assisting in maintaining and testing business continuity/disaster recovery plans, processes and procedures necessary to recover services in the event of a declared disaster
• Contingency plan documentation for equipment/links/sites failure
• Administration of servers, storage and virtualization infrastructure VMware and MS Virtual Server
• Monitoring network devices/systems/applications using PRTG application
• Server administration of Redhat Linux, Windows 2008/2003/2000 Server, Sun Solaris Server & AIX Server