Post Job Free
Sign in

Security Customer Service

Location:
Rochester, MI
Posted:
September 08, 2014

Contact this candidate

Resume:

Harsh Verma,

Mobile: +1-248-***-****

Home: +1-248-***-****

Email: ******@*****.***

**** ****** **** **. ********* No. 904

Rochester Hills, Michigan. 48309, United States

OBJECTIVE

● Provide networks, systems, and security experience, knowledge, and solutions in a system and network-

diverse environment.

● Protect confidentiality, integrity, and availability of information and information systems.

● Advise, architect and engineer secure solutions for business opportunities.

● Learn and experience, mentor and share.

SUMMARY

Information security professional with around 10 years of experience in complex IT environments and

driving value in IT security projects.

Broad knowledge in various information security areas:

● Information security architecture & engineering

● Drafting technology security standards & baselines based upon NIST & CIS

● Information security risk management

● Managed security services

● Vulnerability management

● Security incident handling

● Network security design & implementation

● Security event monitoring & SIEM Implementations.

● PCI-DSS & ISO 27001 Implementation

● Information security audits and assessments

● Technology Evaluation and Research for security OEM’s

WORK EXPERIENCE

(February 2013 – Till Date)

Employer: OpTech LLC, Michigan USA

Client: Comerica Bank Inc.

Security Engineer: Security Architecture & Engineering (Information Security & Risk Services Group)

As a part of information security architecture team my responsibility is to ensure all the IT

(infrastructure, application & hosted services) initiatives and changes meet Comerica Banks information

security standards and baselines to fulfill compliance, regulatory and operational requirements.

In this role my main responsibilities are:

● Review, validate and approve (as a security architecture subject matter expert) Technical Architecture

Documents and System Integration Designs for new information systems (Infra, application or cloud

based services) projects in the bank.

● Take consultative approach, provide recommendations, suggest security best practices and advocate

corporate information security requirements while projects work towards meeting business objectives of

the bank.

● Work as single point of contact for information security requirements of new projects to ensure all

aspects of Corporate Information Security Program (Security event logging & monitoring, Intrusion

detection and prevention, Defense in depth, Application and web security review, Vulnerability scanning

and reporting, anti-virus and endpoint security) are fulfilled before going into production.

● Provide Corporate IT Risk team timely feedback on IT security risks in projects so that appropriate risk

management can be performed. Evaluate any technical controls to gauge effectiveness.

● Evaluate new technology adoptions in the bank from security perspective ( mainly architecture driven

assessment ) For eg:

Next generation Web Banking Platform

Adaptive authentication for retail and business banking customers

Web Services Oriented Architecture with IBM Datapower

Enterprise presence, communication and Instant messaging platform.

Internal private cloud management and provisioning system.

DDoS Mitigation and Advanced Anti Malware Solution.

● Review and assess security reports (like SSAE 16, penetration testing, security audit reports) of ASP’s

(Application Service Providers) to the bank to ensure banks information security requirements are met

while application services are provided by ASP’s.

● Review Vulnerability scanning and compliance scanning reports before production certification.

● Customizing and creating security monitoring requirements and implement them using SIEM tools.

● Ensure security requirements are imbibed during projects initiation and RFP stage and are traced

through project lifecycle.

(November 2009 – February 2013)

Employer: HCL America Inc. (New York, USA) & HCL Technologies Ltd (Noida, India)

Designation at joining: Security Consultant

Designation at leaving organization: Senior Manager, Information Security

Working as security consultant in global information security services team where I was helping out

HCL clients to achieve better information security landscape in their respective organizations by

providing managed security services and information security consulting services

Time Period: Feb 2012 - Feb 2013

Client: Warner Music Group

Location: New York, NY

Role: Managed Security Services Lead (Designation: Senior Manager: Information Security)

● Lead Managed Security Services operations for Warner Music Group.

● Solution design, architecture and pilot implementation of Juniper SSL VPN gateway.

● Review and approval of firewall rulebases for more than 50 firewalls (Juniper SRX & Cisco ASA)

across the globe.

● Oversee MS Patch Compliance programme and provide metrics based reporting with MS SCCM

reports. Track and remediate non-compliant servers and Workstations and drive them to patch

compliance.

● Security Incident response to malwares, virus outbreaks,Spam attacks and systems compromises

● Web security gateway policy management.

● Intrusion prevention and monitoring with Tipping Point IPS .

● APT attacks prevention and monitoring with Damballa DNS based detection and response gateway.

Time Period: Nov 2009 - Feb 2013

Client: Various (Banking & Finance)

Location: Noida, India

Role: Security Consultant

● Information Security Consulting Services to HCL clients for achieving ISO 27001, PCI Compliance or

IS Compliance.

● Implementation of Compliance driven Information/Network security solutions such as Data Leakage

Prevention, Network Access Control, and Security Event Management.

● Vulnerability Scanning and mitigation as required by PCI-DSS.

● Security Consultancy related to Information Security policy & procedure preparation and review.

● Performing Network Security Architecture reviews.

● Providing analysis and directions on issues related to all aspects of information security like security

incidents to various clients.

● Pre Sales & RFP Response for HCL’s Managed Security Services & Consulting Services opportunities.

● Identifying new security services opportunities along with market research firms like Gartner & IDC to

build security services for HCL.

Highlights

● Designed and Managed Implementation of remote access solution for New York based media giant with

various aspects of security, availability and performance (Load Balancing, Strong Authentication & Web

Traffic Optimization)

● Designed security for Web Banking Solution for a leading Retail bank in USA utilizing latest

technologies in banking security like RSA Adaptive Authentication & Fraud Intelligence.

● Implementing Vulnerability Management Programe for a Gas & Energy customer in US

● Developed and nurtured Data security services in HCL Portfolio offering comprehensive security

services in Database security, Web Application Security & DLP solution.

● ISO 27001:2005 Certification for two Banks including Head Office, DC & DR

● ISO 27001:2005 Certification for a USA based financial services company for its centers in India &

Philippines

● Successful completion of Information security audit project for a PSU bank including 1500 branches

across India

● Implementation of GRC tool for IT Department of one of the largest stock exchange in Asia

● Enterprise Firewall rule base review of US major retail chain to reduce risks.

April 2009 – Nov 2009

BA Continuum Solutions (Fully Owned Captive Centre of Bank of America)

Assistant Manager - Enterprise Information Management

Location: Gurgaon, India

Summary of Work

Working as technical consultant for remediation of enterprise wide network based vulnerabilities. My

profile also includes evaluating the compliance of Bank's network infrastructure and works to correct

baseline deviations in order to reduce risk.

● Evaluation of Banks Baselines for Enterprise Wide Network and System Implementations

● Vendor and Supplier Audit based on Banks Standards

● Ownership of Security Baselines.

● Rating Vulnerabilities as per there impact on Bank’s Infrastructure.

● Reporting Metrics dashboard for Networks and Systems Compliance.

(November 2007 – March 2009)

Datacraft India Ltd. (Dimension Data)

Okhla, New Delhi

Professional Services Consultant- Security

Professional Services team in Datacraft is responsible for niche solution implementation and taking a

consultative approach towards client’s requirements. My profiles include solution designing,

implementation and doing standalone consulting work.

Highlights

● Web and Content Security Solution for BPO/KPO customer across 5 global sites which included

migration from legacy SQUID servers to new generation proxy servers.

● Internet Gateway solution for a MNC bank for securing users access to Internet and client applications.

Multi-Tier design for securing BFSI applications and as per PCI Compliance.

● Network and Security Assessment for an International Airport covering Vulnerability Assessment,

Network Security Architecture review, Network Architecture review, GAP Analysis based upon ISO

27001.

● Consolidation of VPN Infrastructure for a BPO where existing IPSec Mobile users are shifted to SSL

based VPN Solution.

● WAN Optimization solution for consolidating Datacenter resources for Global MLM Company.

Designed WAN optimization solution for Mobile users, 15 Branch offices and DC-DR locations.

● Network Access Control for end point security for a Global MLM client. Designed NAC solution for

Remote Offices and VPN users.

● Multiple Firewall and IPS Solution designing for clients across the verticals.

● Wireless security assessment for new Campus WLAN for a IT/ITES Client

● Security Information Management solution for a BPO client

(June 2005 – November 2007)

HCL Comnet Services Ltd,

Noida, India

Senior Specialist-Security

HCL GSOC (Global Security Operations Centre)

At HCL Global Security Operations Centre I was responsible for managing Security Infrastructure for

global clients. My profile included end to end management of security infrastructure for multiple clients.

It included management of various security devices such as Firewalls, VPN, IDS, Antispam and

Antivirus Servers, Authentication servers, Proxy Servers.

Highlights

● Implementation of IPSec based VPNs. Also, integration with PKI and two factor authentication

● Configuring site-to-site and host-to-site tunnels (IPSec) using Nortel Contivity

● Change Management of Firewalls like Cisco PIX, Checkpoint NGX on Nortel Alteon, Cisco ASA

● Configuration of RealSecure Network Intrusion Detection System, Signature update and analysis, IDS

log analysis, Configuring IDSs for responding to attacks.

● Web access control and URL Filtering using Surfcontrol

● Mail Gateway Security solutions like Symantec Mail security devices and Ciphertrust for Antispam,

Antivirus and PGP mail encryption systems.

● Managed and Implemented RSA Ace server for two factor authentication using RSA soft Id tokens.

● Worked on Improving Network and Data Security to attain PCI-DSS certificate along with external PCI-

DSS Consultant ( Essential Network and System Requirements)

R Systems Ltd, Noida, India

July 2004- October 2005

Support Engineer – Network Security

As Technical Support Representative I (TSR I) I provided first level support to WatchGuard’s customers,

authorized resellers, distributors, internet service providers, end-users, prospects, and internal

employees.

Highlights or Profile:

• Technical troubleshooting of Watchguard Firewalls ( Both Enterprise ad SOHO)

• Management and Implementation of Branch Office VPN’s and Mobile User VPN Using IPSec

for Companies Mobile Users

• SPAM filtering and Gateway Antivirus Solutions for SMTP Mail Servers

• Controlling Access to Internet using Web-Sense / Surf Control Database through the Firewall

• Implementation of Firewalls in "High Availability" Mode for Business Continuity.

• Auditing the Firewalls for system vulnerabilities using Audit-Scan. Review logs, and executing

historical reports for logging.

• Provide superior customer service and support to all customers by telephone, web, email, fax and

chat

• Ensure that all customer issues assigned to them are properly administered

• Answer or distribute incoming customer support issues via telephone, web, email, fax, and chat.

EDUCATION & CERTIFICATIONS

● BSS (Bachelor in Software Systems) 4 Years degree from Dr. B.R. Ambedkar formally Agra University

(2000-2004)

● CISSP® - Certified Information Systems Security Professional

● Cisco Certified Security Professional (Expired)

● Checkpoint Certified Security Administrator ( Expired)

● Cisco Certified Network Administrator (Expired)



Contact this candidate