Resume

Sign in

Security Architect Analyst

Location:
Houston, TX
Posted:
January 01, 2022

Contact this candidate

Resume:

SYED ATIF SHAMIM-

Executive Master of Science in Information Systems Security.

(University of the Cumberland’s, KY, USA)

Mobile: +1-617-***-****, Email: adpsi6@r.postjobfree.com LinkedIn: http://www.linkedin.com/pub/syed-atif-shamim/91/220/77

PROFILE:

Well Trained, experienced and qualified Sr. Network Cyber Security Architect involved in Designing, Implementing both HLD & LLD. With POC (Proof of Concept) for both IT/OT Environments.

Security Analyst-Team Lead, Service Now, Service next Change management, Cyber Forensics, Reverse Engineering with Cyber Security Test Lab.

Information Security policies, procedures and guidelines with respective compliance like as Service Now, Service Next, Change Management Processes, Compliances CIA TRIAD, HIPPA, ISO-27002, GDPR, SOX, NIST SP 800-82, NIST SP 800-53, NIST 800-207, CMMC NIST 800-171, Fed Ramp Compliance standards, FISMA, CIPPA, COPPA, ISA 99, IEC 62443 etc.

IAM, PAM, SSO (single-Sign on), SAML, Oauth, OpenID Connect, Agile practices CD/CI pipeline, Multi-Factor Authentication, on premises and cloud solutions.

SKILLS&EXPERTISE:

•Telecom/Fiber Optics: SDH/ Huawei OSN 1800V, Sonet, Fast Ethernet, Alcatel E1-MUX, New Bridge MUX, Loop Telecom, ZTE, Tainet Mux, Mercury Multiplexers. DSLAM (ADSL/DSL/HDSL modems), BRI, PRI, Digital Cross Connect Nodes (DXX), DWDM/CWDM Muxes, PL-1000T etc.

•RF Optimization: PCOM, REDLINE, AIRLINK, AIRAYA, Huawei, RTN 600 and 900 series.

•BTS: Huawei BTS 3900 & 3900L (LTE).

•Data Centre/ Backhaul Connectivity: Huawei OSN 1800V, Fast Ethernet Electrical Cards, Fiber Optic-Optical Cards, PL-2000DC, PL-2000AD, PL-1000T Metro Ethernet Mux, MPLS Mux for Backhauls connectivity over fiber 1gbps to 100 Gbps. Connecting Single Mode, Double and Multi-Mode Fiber. End to End Fiber testing with Loop Technologies using OTDR.

•Network Devices: Cisco 3845 Router, Cisco Switches 4500 Series, Juniper-MX960s, Ex8200s, EX4200, SRX Cluster, and Secure Access cluster.

•Network Management: IP NBAR, Net Flow, Wireshark, Solar winds, Kiwis slog, Cacti, MRTG, Port SPAN, RSPAN, Juniper-NSM, Observium, Cisco Prime, AVAYA -9620 C Management Tool, Wireless Network Management through ARUBA, Cisco ASA- Fire Work, Source Fire, ASDM, and CCP (Cisco Configuration Professional).

•Routing Skills: RIP, OSPF, OSPFv3, EIGRP, BGP, Redistribution, IPSLA, and IS-IS.VRF. MPLSL3VPN, DOCSIS 2.0, CMTS (Cable Modem Termination Systems).

•Switching Skills: STP, RSTP, VLAN, VTP, LAGP, Port security, MPLSL2VPN, Virtual Circuits, Frame Relay, HSRP, VRRP.HSRP, stack wise, Sub Netting, ACL, NAT/PAT, PPP, Port forwarding, Port Authentication, DHCP ARP Inspection, DHCP Snooping, IP Source Guard, Private VLAN, SVI, CEF (Cisco Express Forwarding), Brocade Switch ICX 7250, 6430.

•Security Skills: Cisco ASA-5500, Source Fire, Fire Power FTD, VPN Technologies-IPsec-SSL-VPN, IDS, IPS-Cisco 4200 Series, IPS-MacAfee (M-8000, M-4050), IOS Firewall ASA, Cisco ACS Server, Juniper SRX, Checkpoint 6500, Solar Winds, Splunk, Tacacs+, Radius, LDAP etc.

•Security Standards: PCI(DSS), Gram-Beach-Lilley ACT, HIPAA (Health Insurance Portability and Accountability ACT), FERPA, COPA, CIPA, FISMA, SOX, ISO-27002, OMB, DHS, COBIT-5, GAIT, NIST Compliance with FIPS, SP Standards, Cyber/Computer Security Forensic, COBIT, ISO-27002

•IP Telephony/ Voice: Avaya 9620, Cisco CUCM 9.X, CUCM 10.X. BRI, PRI, SIP, SCCP, MGCP. RTP, SRTP, Bulk Administrator Tool (BAT).

•QoS Skills: RSVP, RSTP, Policing, Shaping, Rate Limiting, Prioritizing, etc.

•Cloud Computing Skills: IAAS, PAA, AWS, GCP, AZURE.

•Project Skills: Project Management & Planning, IT service Management (ITSM), Managed Services Delivery.

•Microsoft Skills: Windows XP/7/8. RADIUS server.

•Surveillance system: CCTV, DVR, NVR, IP Camera.

•Wireless: Linksys/D-Link/TP-Link/Net Gear, Aruba 3600, Cisco 2500, Cisco 555 Series.

•Backups: MS windows backup, Genie Backup, WinZip.

•UPS: APC Online/smart UPS, Emerson, Saltec, Systek.

EXPERIENCE:

Senior Security Architect

September/2021- Till Now

DISH TV, Denver, Colorado

Working on his own Subject Matter expert for all Cyber /Network Security related projects.

HLD with Proof of Concept implementing at LLD low-level design and Detail Design Document.

Managing the Firewalls / IPS/ IDS/SIEM /ISE Solutions, Router ISR, ASR, IOS XE, F5 Load Balancers, and Data center Nexus/Catalyst switches, PXE Environment for the project with implementing both WAN/LAN Solutions.

Pro-Types and Pilot Network Lab Testing environment.

Security policies, procedures and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, Infoblox, End point Protections, NSX Architecture Data center, IP fabric environment, VXrail, NAS, SAN Solutions, SDWAN etc.

Change management (CASB) for configuration changes made with Impact analysis, Risk Analysis, Rollout and Back-out plan using Service Next and Service Now platforms.

Managing IPS Trend Micro, Proxy MacAfee Web security gateways, PGP Security, Zscaler deployment and reviews, Bluecoat.

Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.

VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN and DMVPN.

Senior Network Security Architect – Cyber Security Division

June/2020- Aug/2021

Halvik Corp, Washington, DC (Federal Government- USPTO)

Performed analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards.

Performed assessment of systems and networks within the networking environment and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.

Supporting the development of cybersecurity requirements, design & architecture artifacts, plans and policies. Also vendor management.

Risk analysis and zero-day mitigation approach.

Support the development of RMF documents and controls validation testing for Authority to Operate (ATO) accreditations.

Implementing and designing network infrastructure solutions for SD-WAN using Viptela and multiple service providers.

Develop Server Risk Assessments for new technology implementations and presents analyzed findings to Government ISSM for acceptance.

Assess and Integrate cloud migrations and cloud-native applications leveraging AWS. Participate with other branches of the OCIO to deploy Zero Trust Infrastructure and Multi-tenant compliance.

Implementing Zero Trust Infrastructure (ZTA NIST 800-207) implementation via Palo Alto VM series high availability Firewalls solution on PRISMA Platform, NIST (800-53), CMMC NIST 800-171, Fed Ramp Compliance standards, DMZ, Segmentation, Micro-Segmentation, Security group, Security policies, Host based isolations, NSX Architecture Data center, Cyber Security Framework, Security capabilities & Controls, CDM Agency Dashboard– Continuous Diagnostic and Monitoring, ISCM Information Security Continuous Monitoring, SSO (single-Sign on), SAML, Oauth, OpenID Connect, Agile practices CD/CI pipeline, Multi-Factor Authentication, on premises and cloud solutions, New Elastic Stack etc.

Guidance for both NOC & SOC services and managing the Firewalls / IPS/ IDS/SIEM /ISE Solutions, Router ISR, ASR, IOS XE, Load Balancers, and Nexus/Catalyst switches for the project with implementing both WAN/LAN Solutions.

Pro-Types and Pilot Network Lab Testing environment.

Security policies, procedures and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, Infoblox, End point Protections, etc. Configuration level activities with SIEM, IPS, IDS, and Cisco ASA 5500-X, IPS, Firepower, Palto Alto Prisma and Panorama solutions, Checkpoint 6500, Data Loss Techniques (DLP) and ISE 2.2 etc.

Change management (CASB) for configuration changes made with Impact analysis, Risk Analysis, Rollout and Back-out plan using Service Next and Service Now platforms.

Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.

VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN and DMVPN.

Information Security policies, procedures and guidelines with respective compliance like as ISO-27002, ISA99, IEC 62443, NIST 800-53, NIST 800-82 GDPR, SOX, NIST, FISMA, CIPPA, COPPA, COBIT-5 etc.

Sanitizing the firewalls for Audit and processes with Endpoint security products.

Migrating on-premises legacy network to multiple cloud environment including AWS, GCP and Azure cloud solutions.

Good hands-on practice on network and security tools and designing tools like as Microsoft Visio, Cisco Prime, Splunk, Alian-Vault, Network Management Tools, ASDM, FMC, Palo Alto GUI, DWDM deployments etc.

Reporting to CISO/CIO.

Lead Network Cyber Security Architect

August/2018- May/2020

BHP Billiton, Houston, TX

Working on his own as Project Owner and Subject Matter expert for all Cyber /Network Security related projects.

HLD with Proof of Concept implementing at LLD low-level design and Detail Design Document. Threat Modeling Like as STRIDE etc. for Web and Software applications.

Managing the Firewalls / IPS/ IDS/SIEM /ISE Solutions, Router ISR, ASR, IOS XE, F5 Load Balancers, and Data center Nexus/Catalyst switches, PXE Environment for the project with implementing both WAN/LAN, DWDM, SONET, SDWAN,SDN, Optical Fiber Solutions.

Pro-Types and Pilot Network Lab Testing environment.

Security policies, procedures and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, Infoblox, End point Protections, NSX Architecture Data center, IP fabric environment, VXrail, NAS, SAN Solutions etc.

Internet circuit migration to SD-WAN Viptela.

Configuration level activities with SIEM, IPS, IDS, and Cisco ASA 5500-X, IPS, Firepower, Checkpoint 6500 and ISE 2.2 etc.

Change management (CASB) for configuration changes made with Impact analysis, Risk Analysis, Rollout and Back-out plan using Service Next and Service Now platforms.

Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.

VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN and DMVPN.

Information Security policies, procedures and guidelines with respective compliance like as ISO-27002, ISA99, IEC 62443, NIST 800-53, NIST 800-82 GDPR, SOX, NIST, FISMA, DLP, HIPAA, PCI-DSS, CIPPA, COPPA, COBIT-5 etc.

Good hands-on practice on network and security tools and designing tools like as Microsoft Visio, Cisco Prime, Splunk, Alian-Vault, Network Management Tools, ASDM, FMC, Palo Alto GUI etc.

Reporting to Program Managers/Head of Technical Projects Lead.

PROJECTS:

1.Managed File Transfer: A solution to facilitate secure, fast and simple transfer of files for users within BHP. For both internal transfer and transfer of files to external stakeholders.

2.ISE 2.2 Migration: Migrating all Guest users to Authenticate and Authorized from ISE 2.2 over tacacs+ with IAR’s management, policing, NAD (Network Address Devices), web services, vulnerability assessment.

3.Cyber Security Test Lab: Construction of lab environment for Cyber Security for multiple locations responsible for Cyber Forensics and reverse engineering etc. with ISA99, IEC 62443 standards.

4.Data Loss and Monitoring: Setting up Splunk heavy Forwarders in Zone 1, 3 and OT.

5.Anomaly Detection Analysis: Setting up an Anomaly Detection Solution that would integrate with our current Splunk environment.

6.Selbaie SCADA Project: SCADA refresh and network gears upgrade.

7.BHP Documentum Hardware Refresh: Network component of deployment of the new Flex pod solution that we will be deploying in to BHP to replace the current vBlock environments in both USA and Australia.

8.Santiago Gateway Shutdown: Removal of legacy OBS-managed Santiago Internet gateway.

9.Secure Hosting Gateway: Choice and installation of new secure hosting solution for incoming Internet-based connections to BHP.

10.Cyber Analysis and Detection Support: Detecting, Analysis of anomaly behaviors of cyber security devices.

11.GOM LAB: Developing an isolated Lab for OT Network with ISA99, IEC 62443 standards.

12.Cisco ASA 5500 To PA-3200 Migrations: Developing strategy and doing migration from Cisco ASA to PA-3200 series for 15 sites using PA migration tool both in TP modes, Trunk Modes and Layer-3 HA’s.

Network & Security Consultant (Service Delivery)

July/2016-August/2018

Relig Staffing, Inc.

High Level and Low Level Designing HLD $ LLD for Different networks including Core, Distribution and Access Layer for Financial Institutes.

Configuring Routers, Switches, Firewalls, ASR, ISR, Security policies, procedures and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, Infoblox, End point Protections, NSX Architecture Data center, IP fabric environment, PXE Environment, VXrail, NAS, SAN Solutions etc.

Cisco PPDIO Mythology Prepare, Plan, Design, Implement, Operate and Optimize.

Pro-Types and Pilot Network Testing Network protocols RIP, EIGRP, OSPF, BGP L2 Encapsulation STP, RSTP, VRRP, HSRP etc.

Tier-3 and Tier-4 Data center Designing in accordance with TIA-942 Standards DR-Sites as HOT SIDE, WARM SIDE, COLD SIDE N+N Redundancy.

Managed Services Implementation likes as L3MPLPS, L2MPLS, IPSEC VPN, DMVPN, Easy VPN, RDP, Voice and Wireless Network designing, configuration and optimization.

Security Devices IPS, IDS, Cisco ASA, FTD, Juniper SRX, SA-4500, Cisco ACS, Cisco ISE.

SOP, Security policies, procedure and guidelines implementation in compliance with NIST, PCI-DSS, Social Engineering, COBIT-5 Frame work.

Lead Network & Security Engineer, IT Infrastructure Section

May/2015- June/2016

Statistic Center, Abu Dhabi- Cloud technologies LLC

•Managing IT Secured Services Delivery & Operations including Health Performance, Incident Management, and Change Management in WAN, LAN Network, Wireless, IP Telephony and Data Center Operations.

•Cisco Router 3845, Catalyst Switch 6500, 4509, 4503, Core Switch 6509, Cisco ACS. Cisco ASA 5000 Series. (Configuration, Installation, Maintenance, Monitoring) for Enterprise Network using OSPF, BGP, STP, RSTP, ACL, NAT, PAT, VRRP, HSRP, Port Security Protocols & ETC.)

•Juniper SRX3400, SRX240. (Easy VPN, GRE-Tunnel, Dynamic Multipoint VPN, IPsec, SSL, S2S- Connectivity, Zoning, Trust, Un-trust, DMZ, MD5, SHA-1,2,3).

•SA-4500, MacAfee IPS (M-8000 & M-4050), Cisco 4200 series IPS. (Authentication, Security Deployed at Application Layer, Malware, Spyware, Logic Bombs, Web Beacon, Virus Protection, Patches Updates, DLP etc.), GRE-VPN Tunnel, IPsec, SSL, DMVPN Commissioning and troubleshooting.

•Cisco ASA-5560 Troubleshooting, Configuration and Monitoring.

•Avaya 9620 IP-Telephony, CUCM 9.X, CUCM 10.X. (QoS with RTSP).

•Wireless Connectivity of Aruba 3600. Access Point through Radius Server, Domain Controller, (Installation, Configuration of Access points and Controller).

•Network Tools Cisco Prime, Aruba Wireless Controller, GUI/NSM (Xpress) for Juniper SRX-3400, SRX-120h, SA-4500, Cisco ASA Source Fire.

•LLD &HLD Implementation.

•Supervision of Help-desk Team via Foot prints by implementing ITIL/ITSM/ISO-27002 Processes.

•Reporting to Head of IT & Manager IT Infrastructure Section.

Assistant Manager Datacenter (TIA942)-NOC Operations Lead

Jan/2011-April/2015

Pakistan Telecommunication Company Limited (ETISILAT) Karachi, Pakistan

Managed Services Delivery Specialist Network Operation Center (NOC) issues Total 150 Rack (TIER-3/ TIER-4).

Ensure availability of NOC operation 24X7. E1 /T1 /PRI /BRI /FE Connectivity.

Configuring NSM for monitoring of MX-960, EX-8200, EX-4200, SA-4500, SRX-3600 and integrating with Observium, MRTG.

Cisco ASR 9010, IOS, IOS-XE, IOS, XR Configuration and trouble shooting.

Commissioning MPLSL2, MPLSL3, Metro Ethernet, Leased Lines, P2P. P2MP, Digital Cross Connect Cross Connect Circuits, Frame Relay, WAN Networks over Lit Fiber end to end.

(Router, Switch, VPN Concentrator, IPsec, SSL, Access Server, and IDS/IPS) with LLD & HLD Implementation.

The incumbent is responsible for the installation, modification, upgrade, troubleshooting, and repair process for network related hardware including Routers, Switches and firewall.

Configure the MPLSL2VPN and MPLSL3VPN for clients, Configuration Management, Change Management, Logs Management, and Incident.

Configuration of Core/PE/CE Routers, L2/3switches and firewalls at Datacenter, and DR.

Reporting to Manager, Data center.

Services Engineer – NOC

April/2007–Dec/2010

Pak Datacom Limited (Subsidiary of Telecom Foundation)

Services Delivery Engineer by Planning Project Installation, Maintenance, Troubleshooting &Fault Restoration of Network and observing whole network through NMS (Network Management System).

Hand on experience of Installation, Operation and troubleshooting of Fiber Optics, Cross Connect &Drop Insert BRI, PRI, PaBX networks.

Multiplexes on E1 optical fiber using TDM&FDM Technologies and End-to-End BERT Testing, OTDR Fiber Testing, VSWR Testing.

Outdoor& Indoor Installation Testing, Maintenance and Troubleshooting of long-distance Fiber Circuit (WAN) associated with New Bridge, Tainet equipment by using Optical Fiber (SDH/PDH) Transmission media & SONET.

EDUCATION:

Executive Master of Science

CGPA= 3.83

August 2016-May2018

(Information Security Systems)

University of The Cumberland’s, KY, USA.

Master of Science in Electronics Engineering

Specialization in Telecommunication & Networks

CGPA=3.1 (1st Division)

August2008-April2014

(Accredited from ECE-Educational Credentials Evaluator, USA).

Sir Syed University of Engineering & Technology, Karachi.

BS Electronics Engineering

CGPA=3.92 (1st Division)

January2003-March2007

(Accredited from ECE-Educational Credentials Evaluator, USA).

Sir Syed University of Engineering & Technology, Karachi.

CERTIFICATIONS:

•Cisco Certified Internetwork Expert-Security (CCIE-SEC 400-251).

•Cisco Certified Internetwork Expert- Routing and Switching (CCIE-R&S 400-101).

•Certified Ethical Hacker version 9 (CEHv9).

•Juniper Networks Certified Associate (JNCIA-Junos).

•Implementing Cisco Network Security (CCNA-SEC 210-260).

•Cisco Certified Network Associate (CCNA-200-120).

•PR2P PRINCE2® Foundation Certificate in Project Management.

•PR2P PRINCE2® Practitioner Certificate in Project Management. FORM

•Certified Integrator in Secure Cloud Services (CI-SCS).

•CLOUDF-EXIN Cloud Computing Foundation.

•ITILv3® Foundation Certification in IT Service Management (EX0-117).

•Information Security Foundation based on ISO/IEC 27002 (ISFS).

•ITSM20F IT Service Management Foundation based on ISO IEC 20000.



Contact this candidate