Security Architect
National Grid
مجموع سنوات الخبرة :21 years, 4 أشهر
Role:
Currently I am working as a Security Architect (Contractor) in Security Services Design & Architecture team for National Grid which is part of the wider Digital Risk & Security Group. Part of my responsibilities include, being involved in multiple projects that are taking place, across our corporate environment. I ensure that solutions which is designed and implemented is also following the security standards and polices put in place by National Grid. This also includes providing information assurance based on ISO 27001 and NIST and NCSC guideless for projects. During the life cycle of the project I identify potential risks and provide solutions on how to mitigate those risks. This requires me to have a good understanding of the National Grid IT infrastructure. I also need to be aware of the security aspects of multiple technologies to achieve the goals put in place by the project deliverables.
Responsibilities:
Technical and Advisory
• Delivering cyber secure solutions for critical national infrastructure.
• Keeping corporate security policies and procedures updated with changing security landscape.
• Creation of various security and project related documents including High level design (HLD’s), Low level design (LLD’s), Technical design model (TDM’s), Conceptual design model (CDM’s) and Reference architecture etc. during the project life cycle.
• Evaluating systems for inherent and systematic vulnerabilities, methods of exploitation, and potential impacts.
• Helping to develop new industry shaping digital trust solutions using modern cryptographic techniques.
• Developing innovative solutions to challenging environments and lead technical solution design and deployment.
• Use risk management methodologies to manage the cyber-security risk.
• Creation of Security checklist for specific projects which contains potential threats, vulnerabilities and risk associated with that project.
• Documenting and ensuring that remediation for the issues as highlighted in Security checklists are performed during the life cycle of the projects.
• Use Information Assurance and Risk Management methodologies (e.g. ISO 27000, NIST 800, HMG IS1/2) for projects.
• Scoping of Penetration test for a designed solution and then remediation of any findings to secure the environment.
• Provide information security advisory to multiple projects running across the business, this includes applications and services which are being transferred to cloud platform (AWS and Azure).
• Hold technical meeting during system integration, to ensure smooth implementation of multiple technologies.
Budgetary
• Ensuring appropriate sanctioning for the security tower in project proposals.
• Provide an estimated time and effort required to complete the project.
• Effectively keep budgets under control where appropriate.
Training
• Assist with mentoring and training of junior staff where required.
Recent projects include:
• Design and implementation of Bluecoat Reverse Proxy project for internally hosted Websites and Web applications.
• Design and implementation of collection of varies IT assets across the corporate including SCADA systems and preparing a baseline for various O/S running on these systems and taking appropriate action to harden the O/S and applications running on these systems.
• Ensured compliance and implemented security vectors for a Video conferencing solution for NG internal project.
• Designed and implemented security for internal Wireless Access point upgrade project.
• Designed and implemented security measures for new Call Manager install across the NG infrastructure this involved around 5, 000 users.
• Security review of implementation of reporting analysis software, for legacy Service Desk data.
• Security implementations of front end Website (i.e. NG.com) while its transfer to AWS cloud platform.
Role:
Currently I am working as a Senior Information Security specialist for ATOS System Integration Security; we provide bespoke, product based information security solution to our customers. This includes but not limited to implementing secure customer networks, Advance persistent threat, Malware analysis, PKI Security, SIEM log analysis, Storage security, Email scanning & Web filtering etc. I also lead projects and provide mentoring to the junior staff where required.
Responsibilities:
Technical and advisory
• Ensure documentation and procedures are kept up to date and adhered to
• Technical lead on deployment of portfolio technologies and manage deployment efforts
• Provide information security advisory services to clients and internal stakeholders
• Hold technical governance responsibility for key accounts
• Lead with proof of value testing for prospective clients
• Assist with transition into operational service
• Represent the operation and portfolio where required to project/sales teams and clients
• Identify opportunities or new business where appropriate
Budgetary
• Effectively keep budgets under control where appropriate
• Provide technical input to bids when required
Security Breaches and investigations
• Manage escalation process and ensure investigations and remediation actions are taken in accordance with existing policies
Training
• Ensure appropriate level of training is provided to all security operations staff on new and existing products and services
• Assist with mentoring and training of junior staff where required
• Occasional out of hours or extended working may be required to achieve delivery against tight deadlines
Role:
Currently I am working as a 3rd line network security specialist with BT Cyber Defense (SOC). Here I am responsible for designing, managing, maintaining and securing network for a large enterprise. I actively monitor security incidents, review threats & risks related to client’s infrastructure. I also design, configure, install, troubleshoot, analyze, monitor and implement policy changes on multi-vendor devices. These include Checkpoint firewalls, Bluecoat proxies, Juniper SRX/SSG/ISG & SSL (VPN device), Cisco ASA/PIX/NAC, Cisco Iron Port, Cisco Router & Switches, Sourcefire Intrusion detection system (IDS), MacAfee Sidewinders and RSA servers.
Responsibilities:
• Responsible for architecting secure customer networks and devices.
• Responsible for management and delivery of overall security services and consultancy for our customers.
• Identification of emerging security risks and threats to influence the Customer's Security strategy and policies, particularly in the areas of personnel, physical, information, procedural and products.
• Responsible for managing and maintaining relationships/partnership with specific customers, suppliers and stakeholders ensuring the cost effective provision of a professional Security service.
• Contribute to the security relationships with in-scope major customers, suppliers and stakeholders ensuring the cost effective provision of a professional Security service.
• Provide leadership for a team of Security professionals to build high performing and well-motivated team.
• Responsible for the implementation and operational end to end delivery of Security Services in to end clients.
• Incident Management decision maker within a defined scope responsible for ensuring that mitigation controls and incident response.
• Provide security advice and direction to customer, according to their Line of business.
• To manage the delivery of the security infrastructure and services to secure network infrastructure for customers.
• Identify resource within team to assist in high priority incident and change completion when requested.
• Eliminate single point of failure within your teams, both in terms of clients and vendor technologies.
• Coordinate and support team to meet KPI / SLA delivery Metrics as agreed with customer.
I was working with Symantec Information Security Group (ISG) at Security operation center (SOC) Reading UK; as an Incident Manager/Senior Security Analyst, I was required to perform the following tasks:
• Monitoring of security logs and alerts from multiple platforms.
• Monitor the global security threats and its effects on customers.
• Manage and maintain SIEM system by creating, reviewing and maintaining detection & correlation rules for multiple platforms monitored by SIEM.
• Manage, modify and review IDS/IPS Signatures.
• Generating and analyzing reports and recommending remediation of security threats as identified in these reports.
• Participate and conduct training sessions on current & upcoming projects.
• As a team lead, responsible to ensure that high level of customer satisfaction is achieved by providing exceptional quality of service and low turnaround time.
• Analyzing and understanding of how attackers could gain access to company’s information or jeopardize systems and operations like e-banking or e-commerce.
• Providing information to the customer management regarding the value at risk of their business from threats to networks, infrastructure, applications and databases.
• Understanding cyber threats that particular companies can face due to nature of their business like financial and government sectors.
• Keeping abreast with general information security trends and their economic significance on business.
• Mining Symantec’s resources (Symantec Deepsight Threat Management System, Security Response and Global Intelligence Network) and external sources for threats to the customers’ information security posture and analyzing such threats to provide actionable intelligence to the customers.
• Establishing and delivering intelligence tools, interfaces, and processes which provide value to the organization by reducing risks.
• Continually adapting to changing threat landscape both internally and externally and show value in proposing new ideas of combating threats and exposures.
• Training new recruits, writing/updating Service Operation Procedures (SOPs), training documents and knowledge base articles.
• Providing support in relation to the Vulnerability Management and Threat Monitoring teams.
• Providing general advice and guidance on Information Security related matters as and when required.
• Assisting senior analysts and Service Managers in preparing and presenting client’s monthly and quarterly service reviews.
• Auditing security incidents and associated remedy tickets on regular basis to confirm high standard of incident handling and service delivery.
• Auditing incident handling rate and time to confirm all the service level agreements are adhered to.
I was working with Symantec Information Security Group(ISG) at Security operation center (SOC) Reading UK; as a network security engineer. Here we provided monitoring and managing services for enterprise customers including the likes of British Petroleum, General Motors and Adidas. Most of the customers we managed are multinational and have 3000+ users at particular locations. My main responsibilities included:
• Installation of Network devices
• Security Policy translation and configuration
• Implementing policies on multi platform devices
• Implementing Network address translations
• Enforcing lower layer filters
• Enforcing content filtering by URL rating
• Enforcing Anti virus to Web traffic
• Enforcing Anti spam
• Enforcing Intrusion Detection /Intrusion Prevention onto Network
• Setting up Gateway to Gateway VPN’s
• Configuring Client to Gateway VPN’s
• Troubleshooting and analyzing network traffic
• Troubleshooting communication issues
• Monitoring device and network Logs
• Supporting Monitored only customers with multi platform logging application
• Troubleshooting multi platform logging issues
• Logging and Escalating critical events
• Recording steps taken during installation and configuring devices
• Recording steps taken during troubleshooting problems
As most of the devices we managed are Linux based I used multiple Linux tools to carry out day to day tasks. During troubleshooting we used applications like TCPDUMP & TRACEROUTE to pinpoint traffic issues. Configuring firewall security policies required knowledge of large variety of TCP/IP protocols such as HTTP/HTTPs, FTP, SMTP and Telnet as well as UDP traffic like DNS and SNMP. As Symantec SOC manages wide range of customers there is a whole range of vendor devices we have experience working with this included CheckPoint FW-1/VPN-1 on Solaris and IPSO platforms, Juniper SSG & ISG Netscreen Firewalls, Cisco PIX/ASA & IDS, NetApp Netcaches, Bluecoat Proxies and Symantec Endpoint protection.
I also performed audits for devices which come under our management. Part of my responsibility was training and teaching newly hired Level 1 Network Security Engineers; this is a 6 week induction program for all new starters. This program introduces them to network security concepts, starting from basic and building up to advance. Various concepts were taught from Unix/Linux file systems, Shell scripting, Information Security, Encryption, Stateful Firewalls, Proxy Firewalls, Packet Filtering, Security Policies, VPNs, TCP/IP, UDP, OSI Layers, Network Intrusions & Prevention Systems, System Security and Log Analysis. I occasionally wrote internal how to documents which detail step-by-step process involved in carrying out complex technical tasks.
I worked as a network Administrator at Max Online an Internet Services Provider. My assignments included:
• Web hosting
• Network monitoring and maintenances
• Infrastructure Router and Switch configurations
• Configuration and provisioning of PVCs and traffic types for ADSL subscribers
• Telephone service configuration
• Testing and troubleshooting of telephone and ADSL problems
• Generating Environment Reports on daily basis
• Bandwidth Utilization Report on monthly basis
• Generating detailed reports for downtimes and service outages
• Maintaining the track record of our existing customer
• Handling complaints using service centre ticket tracking system
I was also responsible for supporting users on phone in case they have issues with their internet connection.
MSc in Advance Network Centered Computing Specializing in High Performance computing and communication University of Reading, United Kingdom.
BSc in Computer Information Systems Engineering N.W.F.P University of Engineering & Technology, Pakistan.