Security Engineer
Resume:
Wasif Khan
Villa Park, IL ***81
*******@*****.***
Summary
I have an extensive experience spreading over 15 years in various IT disciplines such as IT
Management, Administration, Engineering, IT Security, and deploying and implementing various
technologies. My experience also includes the implementation of compliance standards and performing
internal audits for NIST, SOX, PCI DSS, SAS70 and other national/international standards. My
infrastructure experience includes, but is not limited to, Data Center Virtualization, Cloud Computing,
SaaS, and implementation of multiple Network technologies. My areas of expertise include:
Implementation of IT Security, IT risk mitigation, regulatory compliance, IT governance, Business
Continuity Planning and Disaster recovery, defensive network design & implementation.
In addition to competent technical skills, I also possess strong communication, leadership, project
management and interpersonal skills. I have developed training materials, standard Operating
Procedures, and Escalation lists for many companies to allow them to meet SLAs.
Some of my Soft-Skills include outstanding mentoring skills, exceptional technical-to-business
communication skills, strong analytical and problem solving skills utilizing logical and systematic
approaches, ability to work as a team member or individually, excellent presentation skills and
capability of making critical decisions under pressure and assuming responsibility for results.
Security Clearance:
USCIS Security Clearance (Department of Homeland Security)
Professional Certifications and Affiliations:
Certified Information Systems Security Professional (CISSP) (2010)
CompTIA Security+
Microsoft Certified Professional (NT and 2003)
MCSA with Exchange Server MCP on Microsoft Windows Server 2003
LAN Program, DePaul University
Cisco Certified Network Associate (CCNA)
Certified Citrix Enterprise Administrator 4.0
Citrix Certified Administrator for Advanced Access Gateway with Access Control 4.2
Member of ISACA, Chicago Chapter
Education:
Master of Science: University of Phoenix
Major: Management Information System
Graduation: Currently Enrolled
Employment:
08/13 – Present
Enova Financials
Chicago, IL
Technology Manager
Run the team of Operational SREs that manage responsibility, availability, latency, scalability
and efficiency of Enova services by engineering reliability into software and systems
Review and influence new and evolving design, architecture, standards, and methods for
operating services and systems implemented by Engineering/Architect teams
Participate in software and system performance monitoring, alerting, analysis and tuning,
service capacity planning and demand forecasting
Perform periodic on-call duty as part of Operations team to support 24X7X365 shop
Maintain In-House SLAs to support end clients/customers
07/13 – 08/13
Department of VA
Hines, IL
IT Security Architect, Cybersecurity Division
Responsible for implementing various government IT Security directives to implemented
technologies
Supporting the team in an effort of unified Identity Access Management implementation
Certifying security settings in all of MS AD environment based on NIST standards
Auditing and implementing proper PIV (Personal Identity Verification certificate card)
infrastructure
11/12 - 06/13
National Commercial Bank – Bank Al-Ahli,
Jeddah, Saudi Arabia
Sr. Infrastructure & Security Manager
Responsible for Program & Project delivery for Business and Technology Projects across
Treasury, Compliance & Regulatory, Retail Banking, and Corporate Services for the bank.
Led complex, multidisciplinary, multi-stream projects for PCI-DSS Program through full
project life cycle and managing third parties
Worked extensively at the executive level to guide and deliver some of the most complex
business change programs around
Led a team of 60 Infrastructure & Security Engineers and administrators for the implementation
of various technologies such as DLP, Application FW, IPS/IDS, Virtualization, HW Load-
balancing, LAN/WAN, VoIP and etc.
Designed, configured, and implemented a high speed, high availability dependable Disaster
recovery sites with specific focus on Data Encryption and all encompassing IT Security
controls
Developed, implemented and managed Business Continuity environment/policies & procedures
Upgraded Active Directory Infrastructure to Windows 2008 Server Platform with special
emphisis on Security control based on NIST Standards
Designed, managed, and configured VLANs for voice, data, and virtual technologies on Cisco
POE switches (for addressing various IT security requirements)
Wrote SOPs, Project Plans, Deliverables Lists, Processes and Procedures to document the
network
Performed regular Semi-Annual Penetration tests and Vulnerability Assessment test on
Windows infrastructure to validate implementation of all required controls as per NIST
guidelines such as, Access Control, security assessment and authorization, auditing of security
logs, physical and logical security of HW, media protection and ecryption of sensitive data on
SAN servers, and testing DR infrastructure on annual basis.
Instituted a training program, wrote training papers, provided training materials, mentored, IT
staff, and trained personnel to establish a solid IT team to handle Banks WAN and LAN
Hired and trained additional personnel to staff the growing network IT & Security teams
Visited remote sites, researched and approved POs for purchases of new equipment for large
scale projects throughout Saudi Arabia after performing extensive gap analysis
09/11 – 09/12
NYSE-Euronext
Chicago, IL
IT Manager - Systems Administration & Engineering
Responsible for managing, acquisition, planning, implementation & support of the
organization’s IT Infrastructure including Telecomm, LAN/WAN, and Server infrastructure
Assisted and oversaw development and initiation of BCP/DR plan, DR recovery plan & tests
annually as required by FINRA and NIST guidelines for sensitive financial and government
designated classified information
Performed quarterly and semi-annual controlled gap analysis for each software release,
parameter devices (such as firewalls, routers, and App FWs), AD system users access, data
retention services, and PII data
Performed annual IT audits (internally and externally) for current state assessment activities
throughout the department through regularly scheduled surveys, and system auditing as per
NIST guidelines
Managed the IT team providing Level 1 - 3 support
Regularly conducted impact analysis of globally-based IT Infrastructure systems, upgrades, and
changes for department/functional areas, and evaluated systems and business processes
Oversaw Change Management system and assessed/approved change requests and provided
weekly approved changes list to Sr. Management. As per NIST Special Publication 800-53
Provide monthly KSS (Knowledge Sharing Sessions) to various IT and company staff
regarding current and upcoming technologies, to satisfy the government requirements of
continuous education and training of the employees
Drove the development and implementation of appropriate IT Security policy for all IT assets
within the firm to ensure multi-layer security for the organization as a whole
Initiated and developed the “Follow the Sun” support model to be implemented throughout the
IT organization
Led the efforts of compliance for various government and industry standards, such as NIST,
SAS 70 and various other internal audit requirements instituted by FINRA
06/08 - 09/11
JP Morgan Chase
Chicago, IL
Asst. Vice President - Government Lockbox
Managed and Lead the Security compliance team for a Government Lockbox with multiple
geographic locations utilizing core Microsoft, Linux, Cisco, and Citrix technologies
Oversaw the implementation of current state assessment activities throughout the department
through regularly scheduled interviews, surveys, and system auditing as directed by DHS
(Dept. of Homeland Security) by following NIST standards
Designed and implemented a secure server environment to meet Government’s requirements
for NIST, PCI, SAS70, and PII data protection. The efforts included the implementation of SSL
Certificates, Firewall configuration and IPS/IDS installation, and DLP technology usage
Led the effort of Server Virtualization using VMware technology, which resulted in reduced
Hardware footprint from six geographically separated Datacenters to two
Implemented and managed IT Risk policies and IT Risk Management best practices per
JPMC’s and Department of Homeland Security’s guidelines
Performed quarterly and semi-annual controlled gap analysis for each software release,
parameter devices (such as firewalls, routers, and App FWs), system users access, data
retention services, and PII data and shared the findings with DHS
Incorporated remediation planning part of each software release cycle through, thorough SW
scanning, credential masking tests, penetration testing, and regularly scheduled internal audits
Assisted in designing and maintaining highly secure network that communicates with Bank’s
internal network and DHS’s network over the WAN with special emphasis on Sensitive and PII
Data protection and multi-tiered security
Coordinated efforts between various Off Shore IT groups within the bank (EMEA, ASIAPAC,
and etc) to upgrade, maintain, and support current network and AD infrastructure using
“RBAC” access control through the use of AD Group Policies and 3rd party applications
Performed annual Hardware/Software upgrade analysis and advise Senior Management on new
technologies investment and adoption including Windows Servers, Cisco Networking devices,
Internet/web Content Filtering technologies, and Intrusion detection and prevention systems
Ran weekly and monthly reports and discuss findings with Internal/External Auditors to
maintain NIST, PCI DSS, SAS70, ISO 27001/2, and NIST compliance and certification yearly
Worked as a liaison between the Lockbox and Internal/external Auditors
Performed monthly security Audits for proactive detection of security violations at hardware
and application levels, which includes performing an internal controls testing, gap analysis, and
remediation recommendations for MS AD, and Cisco infrastructure specifically
Addressed the various regulatory laws by following NIST Special Publication 800-53, which
mandated the privacy and protection of sensitive customer data. Efforts included developing
business & technical requirements, performing gaps assessment, developing remediation
alternatives, remote access to virtual applications and remediation implementation
Assisted in development and initiation of BCP/DR plan for the Lockbox by following NIST
guidelines. The project steps included Business Impact Analysis/Risk Assessment, development
of the BCP document, and BCP validation for a Hot-Site to support the Maximum Allowable
Downtime of 4 hours and 15 minutes data loss SLA
Performed yearly tests to validate efficiency of the system and perform quarterly reviews to
keep the DR site updated
06/07 - 06/08
Citrix Systems, Inc.
Downers Grove, IL
Senior Consultant - IT Security & Compliance Division
Designed and Implemented Citrix Application Delivery systems and Secured Networking
Environments for different clients encompassing Multi-Million Dollars efforts in private and
government sectors with specific focus on establishing NIST, HIPAA, SAS70, IT SOX, and
PCI compliances. The Clients included PNC Bank, Inova Healthcare System, US Military
Department of Personnel Affairs, Sprint Wireless, and etc
Designed and implemented highly secure Data Center solutions using NIST/FIPS approved and
certified network equipment for various government, and financial institutes
Wrote various technical documents and white-papers regarding Security benefits of various
Citrix products for customer education, system implementation, and Citrix Support team
Assisted various clients in performing NIST, PCI DSS, SOX, GLBA, HIPAA, NERC controls
testing, gap analysis, and remediation planning/roadmap
Established working relationships with key client technical, business, and third party vendor
counterparts
Conducted interviews with key management personnel to gain an understanding of the current
perceived risks to client’s overall IT environment. Developed an IT Risk Assessment strategy
and assisted clients in evaluating overall risk and mitigating controls, threats, and the
probability and likelihood of threats, and suggested appropriate Citrix Products to protect their
assets using technologies as multi-factor authentication, RBAC user access controls, NIST
compliant hardware devices, and etc
Assisted various clients in the design and implementation of Data Center Virtualization with
different Citrix technologies. The projects included systems analysis and assessment, system
design and architecture, OS (Windows, Linux, Unix) & applications virtualization, and
implementation of Remote Access and DR Access process for highly secure networks and
working with highly sensitive data. Some of the clients included United Nations, US Army,
Department of Defense, NewAlta, Texas Children’s Hospital, and Blue Cross Blue Shield of
South Carolina, Inova Health System, Iowa Air Force National Guard, Spectra Energy, Sprint,
and etc.
5/06 - 05/07
Ryerson Inc.
Westmont, IL
Sr. Network Engineer
Designed and Implemented Citrix infrastructure with Presentation Server 4.0 and 4.5 Farm with
100+ servers in first North American 64-bit Citrix Environment for the company with special
focus on ensuring SAS70, Six Sigma, and SOX compliance
Researched, purchased, Installed, Configured and Clustered MS Windows Server 2003 for
different roles
Implemented secure SSL/VPN solution for remote users utilizing Citrix Advanced Access
Gateway integrated with RSA tokens for secure authentication
Maintained and Supported Active Directory in Windows 2003 environment
Liaison on between the External Auditors and company to Certify the company’s accreditation
for SAS70 and SOX compliancy
Troubleshoot various systems, such as MS Exchange, MS Servers, and Network Connectivity,
vulnerability, and infrastructure related issues.
05/05 - 05-06
John Drake and Associates
Oakbrook Terrace IL
Senior Consultant - Systems Suppport & Compliance Team
Assisted the development of a scalable Vulnerability and Risk Management strategy for IT
infrastructure at different clients such as Healthcare providers and Investment firms. The
projects included development of Risk Management business and functional requirements, and
a implementation strategies with emphesis on IT SOX, HIPAA (for Healthcare client) and PCI
compliance (for financial institutes)
Designed and Implemented Secure Network infrastructure and Windows 2003 AD environment
for small and medium size clients
Provided asset protection for client’s infrastructure by recommending and implementing
security technologies such as Firewalls, Web Content filtering devices, Proxy Servers, email
protection software, and anti-virus solutions
Designed and Implemented secured Wireless Network infrastructure, Backup Schemes and
remote access strategies for clients with specific
Clients included: Central DuPage Hospital, HEREIU Funds Inc., Calmos Financial
Investments, and Merchandise Mart Property Inc. (MMPI)
05/00-02/05
American Hospital Association
Chicago IL - Sr. Network Analyst
As Network Analyst assisted the internal group of organization (NAIT) to establish and realign
proper IT guidelines in the creation of HIPAA Policy
Worked with different national and international organizations like Interpol and FBI to
safeguard internal network due to network breach by hackers. To remediate all vulnerabilities
and risks, I devised a plan and ran miscellaneous penetration and vulnerability scans against the
network from inside and outside using multiple applications and tools
Led the team to redesign and implement network infrastructure with new Microsoft, Cisco,
Citrix, and Network Associates security technologies
Designed and installed Group Policies after Active Directory migration to secure all objects
based on users’ Roles, Responsibilities and Group memberships, PC’s built, physical location,
and Printers’ access. To accomplish complete network overhaul with proper security
designations, for which we used the RBAC model to baseline all users access within internal
network
Led the project for Change Management implementation with ITIL focus for IS&T department
Assisted in email migration from Novell’s GroupWise to MS Exchange 5.5 and later
administered, maintained, and configured MS Exchange 5.5 servers and secured the server
from external and internal security threats
Administered, troubleshoot, and optimized WAN communications, VPN solutions, and
Datacenter communications
Additional Professional Experience:
09/98 - 02/2000
Worked at various clients such as AllState Insurance, MCI-Worldcomm, & Teradyne Telecom, in
various capacities such as Network Engineer, Sr. Consultant, and Field Engineer responsible for:
LAN/WAN design and configuration.
Implemented Cisco Load Balancers
Configured and Deployed Symantec IDS, Cisco VPN solutions
Rolled out approved desktop and laptop images to the corporate wide network.
Configured an administered corporate file, print and email servers
Designed IT infrastructure and carried out installation and maintenance of Windows NT based
network.
Developed, implemented and serviced Excel based accounting program for the firm.
Developed Access based warehouse inventory tracking system.
Contact this candidate