Resume

Sign in

Engineer Security

Location:
Phoenix, AZ
Posted:
February 28, 2020

Contact this candidate

Resume:

MONTASIR AZAD

Location: Gilbert, AZ Contact: 408-***-**** Email: adb1ql@r.postjobfree.com

ROLES

Chief Security Architect

InfoSec Engineering Lead

Principal Security Architect

Principal Engineer

Project coordinator

Network Engineer

Network Consultant

Team Leader

CERTIFICATIONS

CCNA

CCNP

INDUSTRY APPLICATION

Utility Company

Hospitality Industry

Financial Institute

Education System

Mining Corporation

Super Store

Mobile Phone Company

Medical Institutes

EDUCATION

Bachelor of Science in Electrical Engineering (Minnesota State University)

Master of Science in Electrical Engineering (University of Texas - Pan American)

LEADERSHIP

Engineering team lead

Senior Lead Engineer

Project coordinator

Project Manager

SUMMARY

Information Security professional with 15 years of experience in Security architecture and design, implementation, support, monitoring and troubleshooting, assessment and framework audit, policies and procedures defining, implementation and validation. Have hands-on experience managing security tools and devices. Experience working with globally-dispersed teams with diverse backgrounds. Also have experience in team and project management and lead.

SKILLS INVENTORY

Leadership: InfoSec Engineering team lead at Choice Hotels, Lead engineer for OpenSky engineering team engagement and client relations, Project manager for OpenSky in Charles Schwab DLP implementation, Lead engineer for IBM RPOS migration project for Circuit City, Project coordinator for 3S Networking.

Cloud Technologies: AWS EC2 Security Groups and policies configuration, Azure Security Center, Application and VPN Gateway and Threat protection configuration.

Security Devices: Qualys, Nessus, Tripwire/nCircle Vulnerability Management, Cisco FMC IDS/IPS management (SourceFire Defence Center), Cisco IDS/IPS 8000 Series (3D8130 & 3D8140) Sensors, McAfee IntruShield NSS 3000 (Network Security Sensor IPS/Firewall), Cisco ASA 5500 Series (5505, 5512, 5545, 5555 & 5585), CheckPoint R75 Firewall, Firemon Firewall Compliance Management, F5 ASM WAFs, Gigamon Visibility Appliance GigaVUE-HC1, Cisco ISE & Secure Network Server (SNS 3615), Symantec Vontu & McAfee ePO DLP, Cisco IronPort ESA (Email Security Appliance) & WSA (Web Security Appliance), BlueCoat ProxySG, Netscaler and F5 LTM Load Balancers

Security Tools: QIP & InfoBlox IP management, SolarWind and Splunk monitor, IxExplorer, Network Observer, CSM, IDM, SDM and Cisco Works for Cisco device monitoring, Akamai, SNORT, WireShark, Nmap, Norton Ghost, Antivirus, Antispyware

Security Standards and Controls: PCI DSS 3.2.1, ISO 27000, NIST, COBIT, FFIEC, CIS Benchmark

Network Devices: Cisco Nexus 7010, 5010/5020, 2148, Cisco Router 871, 1600, 1700, 2600, 3200, 3400, 6400 & 7200 Series, ASR 1004, Cisco Switch 1900, 2950, 3750, 4500, 6500 series, Symbol Switch 3000 & 5100, DataCom 3000 Multi-Link Aggregator, WTI Power Management and consol, Cisco AIRONET 1210, 1310 and 1410

Network Tools: Flow Control for DataCom aggregator, Motorola MSP (Mobile Security Platform)

Other Tools: IBM Remedy, My Services ServiceNow, GCARS and USD Change Management/Control and Ticketing System, HP Open view and Service manager, Visio Design

CHRONOLOGICAL SUMMARY OF EXPERIENCE

Client : Power Company

Location : Rosemead, CA

Duration : August 2019 - Present

Project : GRID Security Implementation

Responsibilities

Design and prepare architectural and test document for new tool implementation, which includes: ThreatConnect (TC), Palo Alto vWire Firewalls, Imperva WAF, ForeScount/CounterAct NAC, IXIA Out of Band packet broker, UDP Director, FireMon, Attivo Deception Technology, ForcePoint Proxy, Tanium End-Point Security and Response and Tenable vulnerability scanner

Create process and procedure for GRID network and security implementation

Setup controls and compliances for GRID network

Establish security standards

Prepare technical documents and presentations for executives

Client : Health Intrustry

Location : Roseville, CA

Duration : March 2019 – October 2019

Project : Security Environment Assessment and Architecture

Responsibilities

Assess Sutter Health security environment

Identify security gaps and recommend improvements

Architect environment for different security tools; which includes FireMon, BlueCoat, Symantec DLP, Tripwire, Stealthwatch, Rapid 7 and PCI

Prepare architectural document

Provide baseline, industry standards and best practices

Prepare process and procedure documents

Establish security standards for new environments

Set up controls and compliance zones for PCI-DSS, HIPPA and ISO-27000 in FireMon; and automate the reporting for non-compliant.

Client : Insurance Company

Location : Phoenix, AZ

Duration : Oct 2017 – Nov 2017

Project : Nessus Scanner Architecture & Deployment

Responsibilities

Provide architectural design for internal Nessus scanner implementation

Identify the scope of the implementation, coverage and licenses required

Configure scanners for vulnerability, credential and agent scanning for end devices

Create and implement test plan

Configure scanner manager

Schedule and run initial scan and generate report

Based on the output data from the report, reconfigure reporting

Client : Natural Cosmetic Product Company

Location : Scottsdale, AZ

Duration : Aug 2017 – Sept 2017

Project : FirePower Implementation

Responsibilities

Provide architectural design for Firepower and FMC implementation

Provide architectural design for Cisco 3850 to migrate from Cisco 4507

Create implementation and migration plan

Configure Cisco 3850 as core in a stack

Configure Cisco 2960 as edge in a stack

Configure Firepower 2110, 2130 and FMC 100

Migration of core switch from 4507 to 3850

Migration of policies from existing ASA 5500-X to Firepower 2110 and 2130

Client : Health Research Institute

Location : Houston, TX (Remote Work)

Duration : Jul 2017 – Aug 2017

Project : SolarWinds Redesign and Architecture

Responsibilities

Assessment of BMC existing network for network/security components, application/ database server components, and storage components

Ran in-depth discovery and analysis of the network

Designed the SolarWinds network to cover 2 campuses of BMC

Provided architectural document of the design

Provided report on the necessary modules, features, implementation & configuration methods, cost benefits, 5-year forecasting and recommendations,

Responsibilities

Assist in leading the InfoSec team in the design and implementation of security solutions to ensure the appropriate guidelines, policies and procedures are in place to adequately address threats and vulnerabilities

Partners with various technology and business teams to serve as a security expert and trusted advisor in providing security designs, requirements, risk monitoring and mitigation guidance in alignment with industry best practices and regulatory requirements

Serve as an assessor of networks and systems to identify, report on, and provide guidance in the remediation of the security gaps

Respond to InfoSec threats, ensuring that Choice information assets remain secure

Perform incident response activities as necessary

Manage and perform product evaluations, recommends and implements products/ services for InfoSec that support strategic operational needs and security requirements

Trains other team members on new security solutions and transitions ownership upon successful implementation.

Assess the environment on an on-going basis to ensure that it remains compliant with external regulations and Choice Hotels InfoSec policies and standards

Assists Director with security strategy development and risk prioritization

Client : Health Intrustry

Location : Pittsfield, MA

Duration : March 2017 – July 2017

Project : PCI and ISE Network Segment Design and Firewall Migration

Responsibilities

Design and configure Cisco ISE segment to work as a RADIUS authentication

Design test environment for ISE segment to work with SSID, wired and Active Directory servers

Design PCI segment of the network

Configure switches and routers for the PCI network segment

Test the network in dev environment

Implement policies

Firewall policy audit for FortiNet pair to ASA pair migration

Migrate policies

Configure test traffic routing to test the new ASA pair

Implement ASA pair to replace Fortinet

Client : Health Intrustry

Location : San Antonio, TX

Duration : August 2016 – March, 2017

Project : Network Redesign and Security Implementation

Responsibilities

Network assessment and recommendation

Redesigned the whole network based on the recommendation

Redesigned VLAN schema, IP Schema and standardized naming convention

Configured Netgear M5300, GS752TP, GS718, Fortigate 500D, Firebox M300 and UniFi AP pro

Configured VPN tunnels for various locations and Azure cloud communication

Setup cloud environments and migration of physical/VM servers to cloud

Create and implement Azure cloud firewall policies

Audit and recreate existing on-prem firewall policies.

Installed and configured AllWorx phone systems and phone system manages

Installed and configured Wireless controllers and coverages

Installed and configured network monitoring tool (SolarWind)

Provided price comparison and functionality overview on various networking tools and products required for the network

Configured windows based radius server for authentication

Provided deliverable documents, regarding design, plan, configuration and troubleshooting methodologies, which included Visio diagrams, excel spreadsheet with inventories, word documents explaining processes and procedures and power point presentations.

Client : Law Firm

Location : Detroit, MI

Duration : July 2016 – August 2016

Project : Data Center Migration

Responsibilities

Developed overall planning and architecture for data center migration

Worked with the STTAS and BDO infrastructure team to identify the key components for network and security migration

Provided detail security mapping to implement at the net location

Helped understand the detailed requirements for the migration

Provided deliverable documents, regarding design, plan, configuration and troubleshooting methodologies.

Client : Health Industry

Location : Pittsfield, MA

Duration : January 2016 – July 2016

Project : Network Malicious Attack Detection

Responsibilities

Identify network wide devices that are part of this attack

Identify medical equipment and isolate them

Recommend a plan to remediate current attack and block from any future incidents like that

Recommend new VLAN and firewall schema

Client : Financial Organization

Location : Phoenix, AZ

Duration : December 2015 – January 2016

Project : Risk and Compliance Remediation

Responsibilities

Developed mapping of different federal security standards to compare the compatibility and compliance of financial institutions security setup

Identify potential remediation solutions and present them to Schwab management following the NIST, FFIEC, COBIT and ISO standard for cyber security

Develop Project Charter Document

Gather technical and business requirements

Conduct interviews with key stake holders

Review and analyze the current environment based on industry best practices

Manage the coordination of related project objectives

Manage communications as required

Perform knowledge transfer to Schwab management and staff

Client : School Systems

Location : Phoenix, AZ

Duration : December 2015 – December 2015

Project : Network and Security Implementation Review

Responsibilities

Verification of network implementation of 5 Diocese of Phoenix Catholic Schools

Review network documentation

GAP analysis on layer 1 through layer 3 implementations on network and security infrastructure

Wireless and wired network evaluation

Provide recommendation based on the GAP analysis.

Client : Financial Organization

Location : Phoenix, AZ

Duration : September 2015 – November 2015

Project : Risk and Compliance Remediation

Responsibilities

Developed mapping of different federal security standards to compare the compatibility and compliance of financial institutions security setup

Identify potential remediation solutions and present them to Schwab management following the NIST, FFIEC, COBIT and ISO standard for cyber security

Develop Project Charter Document

Gather technical and business requirements

Conduct interviews with key stake holders

Review and analyze the current environment based on industry best practices

Manage the coordination of related project objectives

Manage communications as required

Perform knowledge transfer to Schwab management and staff

Client : Financial Organization

Location : Scottsdale, AZ

Duration : February 2015 – August 2015

Project : Vulnerability Management Audit and Risk Assessment

Responsibilities

Risk assessment analysis for network security team

Identifying internal and external subnet/IP and VLAN schema

Audit Tripwire/nCircle IP 360 scanners for internal and Qualys external scanners to make sure it complies with the company network coverage policy

Estimation of total internal and external network scanning coverage and identify the subnet loop-holes and issues

Complete GAP analysis of the network

Prepare process documentation for scanner policy implementation and annual vulnerability assessment audit

Audit asset repository for PayPal to make sure that those comply with the company asset policy requirement

Preparing PayPal standard audit compliance

Gather evidences

Client : Financial Organization

Location : Phoenix, AZ

Duration : January 2014 – February 2015

Project : Internal Audit and Risk Assessment

Responsibilities

Risk assessment analysis for network security team

Identifying internal firewall policies for compliance

Identifying external firewall policies and vendor connections for compliance

Preparing Schwab standard audit compliance

Gather evidences

Preparing process documents

Setup internal and external annual review for the policies and connections to make sure they have proper attestation every year

Client : Insurance Company

Location : Portland, OR

Duration : November 2014 – December 2014

Project : Internal Audit and Risk Assessment

Responsibilities

Risk assessment analysis for the internal HealthSparq/Combia network

Identify administrative, technical, physical and compliance risks in regards to data handling and storage

Identify key issues

Advised on remediation and proposed plans to on how to do that

Client : Financial Organization

Location : Phoenix, AZ

Duration : August 2014 – November 2014

Project : Web DLP Implementation

Responsibilities

Project Management and Project Planning

Stakeholder liaison and weekly project status update

Implementation of Vontu Web DLP

Redesigning the current architecture

Project timeline allocation

Resource allocation

Budget fixing

Go Live documentation.

Weekly management reporting on progress.

Client : Financial Organization

Location : Phoenix, AZ

Duration : February 2013 – August 2014

Project : BlueCoat to IronPort Migration

Responsibilities

Audit and assessment of current BlueCoat proxy setup and configuration

Consolidation of the current BlueCoat proxy

Train Schwab employees on Cisco IronPort proxy, setup, configuration, maintenance and troubleshooting

Network audit for Cisco IronPort proxy

Prepared Bill of Materials (BOM) and Purchase Order (PO) for IronPort

Rack, stack and setup of IronPort WSA and Managers

Configuration, testing and implementation

Policies and rule-set migration from BlueCoat to IronPort

Client : Computer Hardware Manufacturer

Location : Roy, UT

Duration : November 2012 – January 2013

Project : EMC-JV Migration Project

Responsibilities

Install and configuration of Cisco IronPort web (Async OS 7.1 for web - WSA) and email (Async OS 7.1 for Email - ESA C170) security appliance

Install and configuration of Virtual RSA DLP Network ICAP Servers (on Virtual Red Hat Linux 5)

Install and configuration of Virtual RSA DLP Enterprise Manager (on Virtual Windows Server 2008 R2 64-bit)

Install and configuration of Virtual RSA DLP Network Controller (on Virtual Red Hat Linux 5)

Install and configuration of Virtual RSA DLP Ace Server (on Virtual Windows Server 2008 R2 64-bit)

Install, configuration and test of RSA SecureID Web Agent on IIS Server (on Virtual Windows Server 2008 R2 64-bit)

Install and configuration of Virtual Checkpoint R75.141 Management and Log Server (Secure Platform on Virtual Red Hat Linux 5)

Install and configuration of Virtual SourceFire Defense Center for IPS and IDS management (on Virtual Red Hat Linux 5)

Install and configuration of McAfee Active Virus Scan Enterprise (VSE8.8) DAT Server and ePolicy Orchestrator 4.6.0 (on Virtual Windows Server 2008 R2 64-bit)

Install and configuration of Nessus 5.0 Network Scanner (on Virtual Red Hat Linux 5)

Install and configuration of Virtual Splunk 5.0 App for Enterprise Security (on Virtual Red Hat Linux 5) and Forwarding Agent on all the above virtual machines.

Client : Mining Company

Location : Phoenix, AZ

Duration : May 2012 – November 2012

Project : Network Remediation and SolaWind Implementation

Responsibilities

Remediation of Freeport's global network

Redesign mine site and corporate network to meet the company standards

Standardization of naming convention, configuration, routing, IP schema and VLAN assignments

Upgrade device hardware, software and firmware based on the remediation need

Implementation of SolarWind servers

Configuration of SolarWind servers for monitoring, device discovery, push out configuration, and troubleshooting

Client : Educational Institute

Location : Phoenix, AZ

Duration : Aug 2010 – May 2012

Project : Elwood Data Center Migration and New Las Vegas Data Center Project

Responsibilities

Manage Network Engineering team as a lead

Coordinate project planning, designing, testing, implementation and verification.

Layer 1-2 and 3 (network portion) design and architecture of Las Vegas Data Center

Layer 1-2 and 3 (network portion) design and architecture of Riverpoint 2 Data Center

Layer 1-2 and 3 (network portion) design and architecture of Riverpoint Dev 1.0 Data Center

Prepared Visio for layer1/2 and 3 of the networks of all the data center designs

Provided detailed drawing of different segment of the networks

Prepared cut-sheet of inter-device connectivity

Prepared rack elevation of the data centers

Assigned host names, IP and subnet schemes, VLANs of the devices

10G fiber, 1G fiber and copper port assignment of Cisco Nexus 7010, 5020, 2148, ASR 1004, ASA 5580 and Cisco 6509 devices

Defined OSPF routing protocol on the core devices (7010 and 6509)

Defined static and dynamic routing on access routers

IP management and DNS validation using Alcatel-Lucent QIP

Coordinating architecture and planning of the network migration for Elwoood migration project (Migration of the network gears, servers and application)

Helping coordination of the developers on the network engineering side of P2V and V2V migration

Client : Financial Organization

Location : Fort Pierce, Florida

Duration : Jul 2010 – Aug 2010

Project : Riverside/TD Bank Network Discovery Project

Responsibilities

Total network discovery of Riverside Bank network gears, servers, workstations and printers

Using Solar Winds network tool to map switch ports of the network gears

Prepared VISIO diagram of the total network after discovery

Created a master spreadsheet along with the categorized device inventory

Finalized word report for the client with findings, problems and concerns, and future recommendations

Provided an online presentation of the final report.

Client : Data Center Provider

Location : Piscataway, New Jersey

Duration : Jun 2010 – Jul 2010

Project : Eclipsys Data Center Expansion Project

Responsibilities

Project initiation and design establishment of the Eclipsys new data center expansion project

Design and architect the management network for the data center

Configuration of Cisco Nexus 7010 management core switch

Configuration of Cisco 2960 as data aggregator

Nexus 5020 standard configuration for fiber patch run

1GB fiber and copper cabling for Nexus 7010, 5020 and Cisco 2960

Documentation (including detailed VISIO, inter-connectivity cut-sheet, and word version report) of the management network.

Client : Mining Company

Location : Elko, NV

Duration : Nov 2009 – June 2010

Project : Newmont Remediation Project/Network maintenance

Responsibilities

Managing and leading network team for Nevada Network.

Infrastructure design for new mine sites

Standardization of the Newmont Nevada network.

Redesigning IP scheme for the whole Newmont Nevada network

Standardizing naming conventions for the Newmont Nevada network

Design and troubleshooting microwave link networks

New configuration and design for devices (routers/switches) in the mine site

Configuration of AAA, TACACS and maintaining user accounts in ACS servers

Monitoring whole Nevada network for outages and issues.

Troubleshooting Switches and routers, and wireless networks

Configuring wireless access points and implementation.

Fiber connections, DS3 and T1 set up.

Avaya VoIP phone configuration and troubleshooting

USD and GCARS ticketing system

Monitor network gears using Cisco works, Cisco Network Assistant and Solarwinds monitoring system

Using VISIO to design and maintain network infrastructure diagrams.

Client : Financial Organization

Location : Ashburn, VA

Duration : Feb 2009 – Nov 2009

Project : OCX Migration Project

Responsibilities

Develop and manage IT vulnerability management model for VISA, which includes determining the scope, identifying various sources, remediation and plan

Implementation of rules and signatures for McAfee IntruShield IDS/IPS sensors and firewalls

Configuration and physical implementation of DataCom Multi-Link Aggregator

WTI Remote Management Console and Power Management Console configuration and implementation

nCircle Remote Monitoring System implementation and configuration

Configuring vulnerability management tool, such as nCircle IP360, the sensors and managers

Physical connectivity testing and troubleshooting

Upgrade devices to comply with the current rules and signature sets.

Using VISIO to design and maintain network infrastructure diagrams.

Client : Retail Organization

Location : Richmond, VA

Duration : May 2007 - Feb 2009

Project : RPOS Migration Project for Circuit City

Responsibilities

IBM Technical lead for Circuit Citys RPOS Migration project, leading a team of 6

Data migration from windows 2003 servers to ISG (In store Gateway) servers (Linux based)

Testing the functionality of Linux based POS (Point of Sale) systems

Work with the VMWare support group in backing up store local data from ISG Servers and Windows Server 2003 based servers.

VLAN and VTP Setup.

Using Cisco works, and occasionally IDM (IDS management) and SDM (security device management) for monitoring security issues and configuration

Configuration and Implementation of STP/OSPF in MPLS routers

Technical Troubleshooting RIP and frame relay protocols in the small office network of Circuit City GO (Grand Opening) stores.

Configured Cisco Wireless Access Points (WAP) and wireless network

Configuration of AAA and TACACS

Using Motorola MSP (Mobile Security Platform) to configure and troubleshoot mobile PDAs

Performed Physical network infrastructure implementations using wiring installation, hardware setup and testing.

Configuration, deployment and layer 1 wiring of Cisco products and technologies

Cisco 2950 and Symbol ES3000 and ES5000 switch configuration

Symbol CB3000 handheld scanners, SurePOS (Point of sale System - POS), DigiPOS (Point of sale System - POS), DCP and magellan terminal setup.

Network printer and server setup and support.

Troubleshooting support for enterprise networks utilizing Cisco routing and switching, firewall configuration building and testing(Cisco PIX and checkpoint).

Remote Desktop Assistance to RPOS and Legacy network

Maintenance and troubleshooting ISG (In Store Gateway UNIX) and Legacy (Windows NT) server

Monitoring overall network setup and configuration for Circuit City store all over USA

Used HP Open View and IBM Service Center to track of and troubleshoot of opened tickets

Monitor network gears using Cisco works and Network Observer monitoring system

Using VISIO to design and maintain network infrastructure diagrams.

Using netscout for network performance monitoring.

Client : Telecommunication Company

Location : New York City, NY

Duration : July 2006 - May 2007

Project : Eastern Regional Data Migration Project

Responsibilities

Technical coordinator for 3S network team and Cingular Wireless

Coordinated a team of 16 engineers, managed their schedule, assign tasks for deployment, plan testing requirement and processes, report daily progress, update and results to Cingular project lead

Network survey for pre-design network estimation.

Cisco network design for small to mid size offices

Configured Cisco Connectivity Adapters.

Performed Physical network infrastructure implementations using wiring installation, hardware setup and testing.

Configuration of the network for OSPF protocol

Implementation of IDS and PIX firewalls.

Troubleshooting support for enterprise networks utilizing Cisco routing and switching, firewall configuration building and testing (PIX).

Testing the network for security and other vulnerability.

Finally have the network up and running.

Coordinate with other team members and also the system administrator regarding the specification of the design.

Client : Telecommunication Company

Location : Houston, TX

Duration : June 2003 - Aug 2004

Project : Implementation of Broadband Internet Products for SBC

Responsibilities

Configured Cisco Connectivity Adapters.

Performed Physical network infrastructure implementations using wiring installation, hardware setup and testing.

Preparation of Complete Solution and implementation of all Broadband and Data Comm. products for Internet Access in field post sales

Routers and L3/L2 Switches etc

Completed Project for 7000 DSL customers spread across Houston single handedly

Core team member for DataOne (2000 Routers and L3 switches network) - statewide DSL service of SBC (South-Western Bell Corporation)

Responsibilities

Installation and configuration of Cisco and Juniper routers for local and regional offices

Firewall setup for the network

Troubleshoot LAN setup problems for regional offices

Provide recommendations on network related problem

Provide basic training for new comers

Employer : Palette Technologies

Duration : July 2017 – Feb 2018, Mar 2019 - Present

Role : Principal Network Security Architect

Employer : Choice Hotels International

Location : Phoenix, AZ

Duration : Feb 2018 – March 2019

Role : Sr. Information Security Lead

Employer : OpenSky Corporation

Duration : June 2010 – Jul 2017

Role : Principal Network Security Architect

Employer : Computer Sciences Corporation (CSC)

Duration : Feb 2009 – Jun 2010

Role : Sr. Network Engineer

Employer : IBM Corporation

Duration : May 2007 - Feb 2009

Role : Lead Engineer/Network Engineer

Employer : 3S Network Inc

Duration : July 2006 - May 2007

Role : Project Coordinator/Network Engineer

Went to graduate school for Masters in Electrical Engineering from Aug 2004 to July 2006

Employer : JDR Consulting

Duration : June 2003 - Aug 2004

Role : Network Engineer

Went to undergraduate school for Bachelors in Electrical Engineering from Aug 1999 to May 2003

Employer : Grameen Telecom Network

Location : Dhaka, Bangladesh

Duration : Jan 1996 - Aug 1999

Role : Team Leader/Field Engineer



Contact this candidate