• Drive propagation of security improvements through engineering and enterprise environments, including hands-on technical work as needed.
• Collaborate with engineering leads and IT peers to inventory and document information security controls for critical engineering intellectual property such as software code and hardware designs.
• Create, prioritize, maintain, and report on proactive/reactive improvements for engineering data protection methods, processes, and technologies.
• Lead/manage collaborative teams to improve engineering and IT practices around data protection.
• Lead and assist in incident analysis, post-mortem resolutions, and other risk management activities specifically for large engineering and other enterprise environments.
• Regularly inventory, analyze, and improve relevant data management practices (across entire life-cycle) with a security focus.
• Assist in planning, design, and implementation of enterprise information security systems.
• Work with team members to enhance information security frameworks, requirements and strategy.
• Design, implement, and maintain engineering information security policies, standards, procedures, and guidelines as needed.
• General contribution to the information security risk management program as needed.
• Architect, design, implement, and maintain secure solutions for engineering needs.
• Review ODC Architecture & provide regular inputs on the ODC Security Posture vis a vis QC.
• Participate in Vulnerability management for ODCs.
• Coordinate Major Security Incidents with relevant teams and enable faster investigations & resolutions.
• Coordinate Virus/Malware attack incidents with Global Cyber Security Team to ensure faster forensic investigation & resolution.
Major projects:
• Completed architectural reviews (ISRP - Information Security Review Process) for some of the major projects run by Engineering.
• Disabling Hydra Wireless Network in CDC, India.
• SmallCell DMZ Security review prior to/after implementations. Subsequent ISRM support for continuous project lifecycle requirements.
• SFTP Server setup @ Haifa DMZ for several vendors to access Design documents etc.
• Secure VPN Tunnel creation from Bridgewater to ALU (Murray House). Subsequent similar implementations between Bridgewater to ALU (Bangalore) and Hyderabad to ALU Bangalore.
• Rogue AP Detections throughout Qualcomm India Offices. Disabled several high risk APs during multiple site reviews at all QC Offices.
• Conducted multiple network scanning Tests (using nmap, Wireshark etc) & Application/OS Vulnerability (using Qualys guard), resulting in identification of multiple high risk issues which were driven to closure.
• Acted as a coordinator between ISRM CTA/CIT & India IT to facilitate resolution of very high risk security incidents affecting Qualcomm India/Global.
• SME & Single point of contact for all Wireless setup requests from various Engineering teams across all QC India locations.
• Conducted eMedia policy trainings for over 600+ CWFs/Consultants across all QC India offices & offshore development centers (ODCs).
• Creating a process around standardizing WiFi-over-Qualnet setup that are requested by Engineering teams, in partnership with QC IT.
- مجال الشركة:
- الاتصالات والشبكات
- الدور الوظيفي:
-
تكنولوجيا المعلومات
