Security Customer Service
Resume:
Harsh Verma,
Mobile: +1-248-***-****
Home: +1-248-***-****
Email: acft6j@r.postjobfree.com
**** ****** **** **. ********* No. 904
Rochester Hills, Michigan. 48309, United States
OBJECTIVE
● Provide networks, systems, and security experience, knowledge, and solutions in a system and network-
diverse environment.
● Protect confidentiality, integrity, and availability of information and information systems.
● Advise, architect and engineer secure solutions for business opportunities.
● Learn and experience, mentor and share.
SUMMARY
Information security professional with around 10 years of experience in complex IT environments and
driving value in IT security projects.
Broad knowledge in various information security areas:
● Information security architecture & engineering
● Drafting technology security standards & baselines based upon NIST & CIS
● Information security risk management
● Managed security services
● Vulnerability management
● Security incident handling
● Network security design & implementation
● Security event monitoring & SIEM Implementations.
● PCI-DSS & ISO 27001 Implementation
● Information security audits and assessments
● Technology Evaluation and Research for security OEM’s
WORK EXPERIENCE
(February 2013 – Till Date)
Employer: OpTech LLC, Michigan USA
Client: Comerica Bank Inc.
Security Engineer: Security Architecture & Engineering (Information Security & Risk Services Group)
As a part of information security architecture team my responsibility is to ensure all the IT
(infrastructure, application & hosted services) initiatives and changes meet Comerica Banks information
security standards and baselines to fulfill compliance, regulatory and operational requirements.
In this role my main responsibilities are:
● Review, validate and approve (as a security architecture subject matter expert) Technical Architecture
Documents and System Integration Designs for new information systems (Infra, application or cloud
based services) projects in the bank.
● Take consultative approach, provide recommendations, suggest security best practices and advocate
corporate information security requirements while projects work towards meeting business objectives of
the bank.
● Work as single point of contact for information security requirements of new projects to ensure all
aspects of Corporate Information Security Program (Security event logging & monitoring, Intrusion
detection and prevention, Defense in depth, Application and web security review, Vulnerability scanning
and reporting, anti-virus and endpoint security) are fulfilled before going into production.
● Provide Corporate IT Risk team timely feedback on IT security risks in projects so that appropriate risk
management can be performed. Evaluate any technical controls to gauge effectiveness.
● Evaluate new technology adoptions in the bank from security perspective ( mainly architecture driven
assessment ) For eg:
Next generation Web Banking Platform
Adaptive authentication for retail and business banking customers
Web Services Oriented Architecture with IBM Datapower
Enterprise presence, communication and Instant messaging platform.
Internal private cloud management and provisioning system.
DDoS Mitigation and Advanced Anti Malware Solution.
● Review and assess security reports (like SSAE 16, penetration testing, security audit reports) of ASP’s
(Application Service Providers) to the bank to ensure banks information security requirements are met
while application services are provided by ASP’s.
● Review Vulnerability scanning and compliance scanning reports before production certification.
● Customizing and creating security monitoring requirements and implement them using SIEM tools.
● Ensure security requirements are imbibed during projects initiation and RFP stage and are traced
through project lifecycle.
(November 2009 – February 2013)
Employer: HCL America Inc. (New York, USA) & HCL Technologies Ltd (Noida, India)
Designation at joining: Security Consultant
Designation at leaving organization: Senior Manager, Information Security
Working as security consultant in global information security services team where I was helping out
HCL clients to achieve better information security landscape in their respective organizations by
providing managed security services and information security consulting services
Time Period: Feb 2012 - Feb 2013
Client: Warner Music Group
Location: New York, NY
Role: Managed Security Services Lead (Designation: Senior Manager: Information Security)
● Lead Managed Security Services operations for Warner Music Group.
● Solution design, architecture and pilot implementation of Juniper SSL VPN gateway.
● Review and approval of firewall rulebases for more than 50 firewalls (Juniper SRX & Cisco ASA)
across the globe.
● Oversee MS Patch Compliance programme and provide metrics based reporting with MS SCCM
reports. Track and remediate non-compliant servers and Workstations and drive them to patch
compliance.
● Security Incident response to malwares, virus outbreaks,Spam attacks and systems compromises
● Web security gateway policy management.
● Intrusion prevention and monitoring with Tipping Point IPS .
● APT attacks prevention and monitoring with Damballa DNS based detection and response gateway.
Time Period: Nov 2009 - Feb 2013
Client: Various (Banking & Finance)
Location: Noida, India
Role: Security Consultant
● Information Security Consulting Services to HCL clients for achieving ISO 27001, PCI Compliance or
IS Compliance.
● Implementation of Compliance driven Information/Network security solutions such as Data Leakage
Prevention, Network Access Control, and Security Event Management.
● Vulnerability Scanning and mitigation as required by PCI-DSS.
● Security Consultancy related to Information Security policy & procedure preparation and review.
● Performing Network Security Architecture reviews.
● Providing analysis and directions on issues related to all aspects of information security like security
incidents to various clients.
● Pre Sales & RFP Response for HCL’s Managed Security Services & Consulting Services opportunities.
● Identifying new security services opportunities along with market research firms like Gartner & IDC to
build security services for HCL.
Highlights
● Designed and Managed Implementation of remote access solution for New York based media giant with
various aspects of security, availability and performance (Load Balancing, Strong Authentication & Web
Traffic Optimization)
● Designed security for Web Banking Solution for a leading Retail bank in USA utilizing latest
technologies in banking security like RSA Adaptive Authentication & Fraud Intelligence.
● Implementing Vulnerability Management Programe for a Gas & Energy customer in US
● Developed and nurtured Data security services in HCL Portfolio offering comprehensive security
services in Database security, Web Application Security & DLP solution.
● ISO 27001:2005 Certification for two Banks including Head Office, DC & DR
● ISO 27001:2005 Certification for a USA based financial services company for its centers in India &
Philippines
● Successful completion of Information security audit project for a PSU bank including 1500 branches
across India
● Implementation of GRC tool for IT Department of one of the largest stock exchange in Asia
● Enterprise Firewall rule base review of US major retail chain to reduce risks.
April 2009 – Nov 2009
BA Continuum Solutions (Fully Owned Captive Centre of Bank of America)
Assistant Manager - Enterprise Information Management
Location: Gurgaon, India
Summary of Work
Working as technical consultant for remediation of enterprise wide network based vulnerabilities. My
profile also includes evaluating the compliance of Bank's network infrastructure and works to correct
baseline deviations in order to reduce risk.
● Evaluation of Banks Baselines for Enterprise Wide Network and System Implementations
● Vendor and Supplier Audit based on Banks Standards
● Ownership of Security Baselines.
● Rating Vulnerabilities as per there impact on Bank’s Infrastructure.
● Reporting Metrics dashboard for Networks and Systems Compliance.
(November 2007 – March 2009)
Datacraft India Ltd. (Dimension Data)
Okhla, New Delhi
Professional Services Consultant- Security
Professional Services team in Datacraft is responsible for niche solution implementation and taking a
consultative approach towards client’s requirements. My profiles include solution designing,
implementation and doing standalone consulting work.
Highlights
● Web and Content Security Solution for BPO/KPO customer across 5 global sites which included
migration from legacy SQUID servers to new generation proxy servers.
● Internet Gateway solution for a MNC bank for securing users access to Internet and client applications.
Multi-Tier design for securing BFSI applications and as per PCI Compliance.
● Network and Security Assessment for an International Airport covering Vulnerability Assessment,
Network Security Architecture review, Network Architecture review, GAP Analysis based upon ISO
27001.
● Consolidation of VPN Infrastructure for a BPO where existing IPSec Mobile users are shifted to SSL
based VPN Solution.
● WAN Optimization solution for consolidating Datacenter resources for Global MLM Company.
Designed WAN optimization solution for Mobile users, 15 Branch offices and DC-DR locations.
● Network Access Control for end point security for a Global MLM client. Designed NAC solution for
Remote Offices and VPN users.
● Multiple Firewall and IPS Solution designing for clients across the verticals.
● Wireless security assessment for new Campus WLAN for a IT/ITES Client
● Security Information Management solution for a BPO client
(June 2005 – November 2007)
HCL Comnet Services Ltd,
Noida, India
Senior Specialist-Security
HCL GSOC (Global Security Operations Centre)
At HCL Global Security Operations Centre I was responsible for managing Security Infrastructure for
global clients. My profile included end to end management of security infrastructure for multiple clients.
It included management of various security devices such as Firewalls, VPN, IDS, Antispam and
Antivirus Servers, Authentication servers, Proxy Servers.
Highlights
● Implementation of IPSec based VPNs. Also, integration with PKI and two factor authentication
● Configuring site-to-site and host-to-site tunnels (IPSec) using Nortel Contivity
● Change Management of Firewalls like Cisco PIX, Checkpoint NGX on Nortel Alteon, Cisco ASA
● Configuration of RealSecure Network Intrusion Detection System, Signature update and analysis, IDS
log analysis, Configuring IDSs for responding to attacks.
● Web access control and URL Filtering using Surfcontrol
● Mail Gateway Security solutions like Symantec Mail security devices and Ciphertrust for Antispam,
Antivirus and PGP mail encryption systems.
● Managed and Implemented RSA Ace server for two factor authentication using RSA soft Id tokens.
● Worked on Improving Network and Data Security to attain PCI-DSS certificate along with external PCI-
DSS Consultant ( Essential Network and System Requirements)
R Systems Ltd, Noida, India
July 2004- October 2005
Support Engineer – Network Security
As Technical Support Representative I (TSR I) I provided first level support to WatchGuard’s customers,
authorized resellers, distributors, internet service providers, end-users, prospects, and internal
employees.
Highlights or Profile:
• Technical troubleshooting of Watchguard Firewalls ( Both Enterprise ad SOHO)
• Management and Implementation of Branch Office VPN’s and Mobile User VPN Using IPSec
for Companies Mobile Users
• SPAM filtering and Gateway Antivirus Solutions for SMTP Mail Servers
• Controlling Access to Internet using Web-Sense / Surf Control Database through the Firewall
• Implementation of Firewalls in "High Availability" Mode for Business Continuity.
• Auditing the Firewalls for system vulnerabilities using Audit-Scan. Review logs, and executing
historical reports for logging.
• Provide superior customer service and support to all customers by telephone, web, email, fax and
chat
• Ensure that all customer issues assigned to them are properly administered
• Answer or distribute incoming customer support issues via telephone, web, email, fax, and chat.
EDUCATION & CERTIFICATIONS
● BSS (Bachelor in Software Systems) 4 Years degree from Dr. B.R. Ambedkar formally Agra University
(2000-2004)
● CISSP® - Certified Information Systems Security Professional
● Cisco Certified Security Professional (Expired)
● Checkpoint Certified Security Administrator ( Expired)
● Cisco Certified Network Administrator (Expired)
Contact this candidate