Resume

Engineer Network Cyber Security

Location:

Katy, TX

Salary:

220000

Posted:

March 22, 2023

Contact this candidate

Resume:

SYED ATIF SHAMIM-

Executive Master of Science in Information Systems Security.

(University of the Cumberland’s, KY, USA)

Mobile: +1-617-***-****, Email: adv2ui@r.postjobfree.com LinkedIn: http://www.linkedin.com/pub/syed-atif-shamim/91/220/77 PROFILE:

• Well Trained, experienced, and qualified Sr. Network Cyber Security Architect involved in Designing, Implementing both HLD & LLD. With POC (Proof of Concept) for both IT/OT Environments.

• Security Analyst-Team Lead, Service Now, Service next Change management, Cyber Forensics, Reverse Engineering with Cyber Security Test Lab.

• Information Security policies, procedures, and guidelines with respective compliance like as Service Now, Service Next, Change Management Processes, Compliances CIA TRIAD, HIPPA, ISO-27002, GDPR, SOX, NIST SP 800-82, NIST SP 800-53, NIST 800-207, CMMC NIST 800-171, Fed Ramp Compliance standards, FISMA, CIPPA, COPPA, ISA 99, IEC 62443, etc.

• IAM, PAM, SSO (single-Sign), SAML, Oauth, OpenID Connect, Agile practices CD/CI pipeline, Multi-Factor Authentication, on- premises, and cloud solutions.

SKILLS&EXPERTISE:

• Telecom/Fiber Optics: SDH/ Huawei OSN 1800V, Sonet, Fast Ethernet, Alcatel E1-MUX, New Bridge MUX, Loop Telecom, ZTE, Tainet Mux, Mercury Multiplexers. DSLAM (ADSL/DSL/HDSL modems), BRI, PRI, Digital Cross-Connect Nodes (DXX), DWDM/CWDM Muxes, PL-1000T, etc.

• RF Optimization: PCOM, REDLINE, AIRLINK, AIRAYA, Huawei, RTN 600 and 900 series.

• BTS: Huawei BTS 3900 & 3900L (LTE).

• Data Centre/ Backhaul Connectivity: Huawei OSN 1800V, Fast Ethernet Electrical Cards, Fiber Optic-Optical Cards, PL-2000DC, PL-2000AD, PL- 1000T Metro Ethernet Mux, MPLS Mux for Backhauls connectivity over fiber 1gbps to 100 Gbps. Connecting Single Mode, Double, and Multi- Mode Fiber. End to End Fiber testing with Loop Technologies using OTDR.

• Network Devices: Cisco 3845 Router, Cisco Switches 4500 Series, Juniper-MX960s, Ex8200s, EX4200, SRX Cluster, and Secure Access cluster.

• Network Management: IP NBAR, Net Flow, Wireshark, Solar winds, Kiwis slog, Cacti, MRTG, Port SPAN, RSPAN, Juniper-NSM, Observium, Cisco Prime, AVAYA -9620 C Management Tool, Wireless Network Management through ARUBA, Cisco ASA- Fire Work, Source Fire, ASDM, and CCP

(Cisco Configuration Professional).

• Routing Skills: RIP, OSPF, OSPFv3, EIGRP, BGP, Redistribution, IPSLA, and IS-IS.VRF. MPLSL3VPN, DOCSIS 2.0, CMTS (Cable Modem Termination Systems).

• Switching Skills: STP, RSTP, VLAN, VTP, LAGP, Port security, MPLSL2VPN, Virtual Circuits, Frame Relay, HSRP, VRRP.HSRP, stack wise, Sub Netting, ACL, NAT/PAT, PPP, Port forwarding, Port Authentication, DHCP ARP Inspection, DHCP Snooping, IP Source Guard, Private VLAN, SVI, CEF (Cisco Express Forwarding), Brocade Switch ICX 7250, 6430.

• Security Skills: Cisco ASA-5500, Source Fire, Fire Power FTD, VPN Technologies-IPsec-SSL-VPN, IDS, IPS-Cisco 4200 Series, IPS-MacAfee (M-8000, M-4050), IOS Firewall ASA, Cisco ACS Server, Juniper SRX, Checkpoint 6500, Solar Winds, Splunk, Tacacs+, Radius, LDAP, etc.

• Security Standards: PCI(DSS), Gram-Beach-Lilley ACT, HIPAA (Health Insurance Portability and Accountability Act), FERPA, COPA, CIPA, FISMA, SOX, ISO-27002, OMB, DHS, COBIT-5, GAIT, NIST Compliance with FIPS, SP Standards, Cyber/Computer Security Forensic, COBIT, ISO-27002

• IP Telephony/ Voice: Avaya 9620, Cisco CUCM 9. X, CUCM 10.X. BRI, PRI, SIP, SCCP, AND MGCP. RTP, SRTP, Bulk Administrator Tool (BAT).

• QoS Skills: RSVP, RSTP, Policing, Shaping, Rate Limiting, Prioritizing, etc.

• Cloud Computing Skills: IAAS, PAA, AWS, GCP, AZURE.

• Project Skills: Project Management & Planning, IT Service Management (ITSM), Managed Services Delivery.

• Microsoft Skills: Windows XP/7/8. RADIUS server.

• Surveillance system: CCTV, DVR, NVR, IP Camera.

• Wireless: Linksys/D-Link/TP-Link/Net Gear, Aruba 3600, Cisco 2500, Cisco 555 Series.

• Backups: MS windows backup, Genie Backup, WinZip.

• UPS: APC Online/smart UPS, Emerson, Saltec, Systek. EXPERIENCE:

Senior Engineer Network & Security June/2022- Till Now Jera Americas

• Working on his Subject Matter expert for all Cyber /Network Security related projects in IT/OT Environments.

• HLD with Proof of Concept implementing at LLD low-level design and Detail Design Document.

• Managing the Firewalls / IPS/ IDS/SIEM /ISE Solutions, Router ISR, ASR, IOS XE, F5 Load Balancers, and Datacenter Nexus/Catalyst switches, PXE Environment for the project with implementing both WAN/LAN Solutions.

• Pro-Types and Pilot Network Lab Testing environment.

• Security policies, procedures, and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, Infoblox, Endpoint Protections, NSX Architecture Datacenter, IP fabric environment, VXrail, NAS, SAN Solutions, SDWAN, etc.

• Change management (CASB) for configuration changes made with Impact Analysis, Risk Analysis, Rollout, and Back-out plan using Service Next and Service Now platforms.

1 Page

• Managing IPS Trend Micro, Proxy MacAfee Web security gateways ICAP Solutions, Vormetric, Imperva, PGP Security, Zscalar deployment and reviews, Bluecoat.

• Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.

• VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN, and DMVPN.

• Supporting Azure cloud instance for Vnet, Express Route, and Azure SQL Database and also AWS EC-2 Instances.

• Azure and multi-tenant cloud implementation, SOC-2, ISO-27002 Controls implementation, HIPAA, PCI0DSS, GLBA, GDPR.

• End point Security Microsoft Defender and Zscalar for External Web access.

• Drafting Security policies, procedures and Guidelines for the company.

- Acceptable Use Policy – Access Control policy - Account Creation/Termination Policy

- Audit Logging and Monitoring Policy - Business Continuity Plan(BCP) - Clean Desk Policy

- Data Protection Policy - Disaster Recovery Plan - Email Policy - Encryption Policy

- Employee Internet Use Monitoring and Filtering Policy - Incident Response Plan(IRP)

- Information Classification Policy - Internal Control Assessment Policy - Internet Usage Policy

- Intrusion Detection Security Monitoring Policy - Malicious Code/Spam/Spyware Protection Policy

- Mobile Employee Endpoint Responsibility Policy - Password Policy - Remote Access Policy

- Removable Media Policy - Risk Assessment Policy - Server Security Policy

- Software Installation Policy - Technology Equipment Disposal Policy - Vulnerability Assessment Policy

- Web Application Security Policy - Written Information Security Policy (WISP) Senior Security Engineer September/2021- June/2022 DISH TV, Denver, Colorado

• Working on his Subject Matter expert for all Cyber /Network Security related projects.

• HLD with Proof of Concept implementing at LLD low-level design and Detail Design Document.

• Pro-Types and Pilot Network Lab Testing environment.

• Change management (CASB) for configuration changes made with Impact Analysis, Risk Analysis, Rollout, and Back-out plan using Service Next and Service Now platforms.

• Managing IPS Trend Micro, Proxy MacAfee Web security gateways ICAP Solutions, Vormetric, Imperva, PGP Security, Zscalar deployment and reviews, Bluecoat.

• Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.

• VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN, and DMVPN. Senior Network Security Architect – Cyber Security Division June/2020- Aug/2021 Halvik Corp, Washington, DC (Federal Government- USPTO)

• Performed analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards.

• Performed assessment of systems and networks within the networking environment and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.

• Supporting the development of cybersecurity requirements, design & architecture artifacts, plans, and policies. Also vendor management.

• Risk analysis and zero-day mitigation approach.

• Support the development of RMF documents and controls validation testing for Authority to Operate (ATO) accreditations.

• Implementing and designing network infrastructure solutions for SD-WAN using Viptela and multiple service providers.

• Develop Server Risk Assessments for new technology implementations and presents analyzed findings to Government ISSM for acceptance.

• Assess and Integrate cloud migrations and cloud-native applications leveraging AWS. Participate with other branches of the OCIO to deploy Zero Trust Infrastructure and Multi-tenant compliance.

• Implementing Zero Trust Infrastructure (ZTA NIST 800-207) implementation via Palo Alto VM series high availability Firewalls solution on PRISMA Platform, NIST (800-53), CMMC NIST 800-171, Fed Ramp Compliance standards, DMZ, Segmentation, Micro-Segmentation, Security group, Security policies, Host-based isolations, NSX Architecture Datacenter, Cyber Security Framework, Security capabilities & Controls, CDM Agency Dashboard– Continuous Diagnostic and Monitoring, ISCM Information Security Continuous Monitoring, SSO (single-Sign on), SAML, Oauth, OpenID Connect, Agile practices CD/CI pipeline, Multi-Factor Authentication, on-premises and cloud solutions, New Elastic Stack, etc.

• Guidance for both NOC & SOC services and managing the Firewalls / IPS/ IDS/SIEM /ISE Solutions, Router ISR, ASR, IOS XE, Load Balancers, and Nexus/Catalyst switches for the project with implementing both WAN/LAN Solutions.

• Pro-Types and Pilot Network Lab Testing environment.

• Security policies, procedures, and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, Infoblox, Endpoint Protections, etc. Configuration level activities with SIEM, IPS, IDS, and Cisco ASA 5500-X, IPS, Firepower, Palto Alto Prisma and Panorama solutions, Checkpoint 6500, Data Loss Techniques (DLP) and ISE 2.2, etc.

• Change management (CASB) for configuration changes made with Impact Analysis, Risk Analysis, Rollout, and Back-out plan using Service Next and Service Now platforms.

• Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.

• VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN, and DMVPN.

• Information Security policies, procedures, and guidelines with respective compliance like ISO-27002, ISA99, IEC 62443, NIST 800-53, NIST 800-82 GDPR, SOX, NIST, FISMA, CIPPA, COPPA, COBIT-5, etc.

• Sanitizing the firewalls for Audit and processes with Endpoint security products.

• Migrating on-premises legacy networks to multiple cloud environments including AWS, GCP, and Azure cloud solutions. 2 Page

• Good hands-on practice on network and security tools and designing tools like Microsoft Visio, Cisco Prime, Splunk, Alian-Vault, Network Management Tools, ASDM, FMC, Palo Alto GUI, DWDM deployments, etc.

• Reporting to CISO/CIO.

Lead Network Cyber Security Architect August/2018- May/2020 BHP Billiton, Houston, TX

• Working on his own as Project Owner and Subject Matter expert for all Cyber /Network Security related projects.

• HLD with Proof of Concept implementing at LLD low-level design and Detail Design Document. Threat Modeling Like as STRIDE etc. for Web and Software applications.

• Pro-Types and Pilot Network Lab Testing environment.

• Internet circuit migration to SD-WAN Viptela.

• Configuration level activities with SIEM, IPS, IDS, and Cisco ASA 5500-X, IPS, Firepower, Checkpoint 6500, and ISE 2.2, etc.

• Change management (CASB) for configuration changes made with Impact Analysis, Risk Analysis, Rollout, and Back-out plan using Service Next and Service Now platforms.

• Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.

• VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN, and DMVPN.

• Information Security policies, procedures, and guidelines with respective compliance like ISO-27002, ISA99, IEC 62443, NIST 800-53, NIST 800- 82 GDPR, SOX, NIST, FISMA, DLP, HIPAA, PCI-DSS, CIPPA, COPPA, COBIT-5, etc.

• Good hands-on practice on network and security tools and designing tools like Microsoft Visio, Cisco Prime, Splunk, Alian-Vault, Network Management Tools, ASDM, FMC, Palo Alto GUI, etc.

• Reporting to Program Managers/Head of Technical Projects Lead. PROJECTS:

1. Managed File Transfer: A solution to facilitate the secure, fast and simple transfer of files for users within BHP. For both internal transfer and transfer of files to external stakeholders.

2. ISE 2.2 Migration: Migrating all Guest users to Authenticate and Authorize from ISE 2.2 over Tacacs+ with IAR’s management, policing, NAD (Network Address Devices), web services, vulnerability assessment. 3. Cyber Security Test Lab: Construction of lab environment for Cyber Security for multiple locations responsible for Cyber Forensics and reverse engineering etc. with ISA99, IEC 62443 standards. 4. Data Loss and Monitoring: Setting up Splunk heavy Forwarders in Zone 1, 3, and OT. 5. Anomaly Detection Analysis: Setting up an Anomaly Detection Solution that would integrate with our current Splunk environment. 6. Selbaie SCADA Project: SCADA refresh and network gears upgrade. 7. BHP Documentum Hardware Refresh: Network component of deployment of the new Flex pod solution that we will be deploying into BHP to replace the current vBlock environments in both the USA and Australia. 8. Santiago Gateway Shutdown: Removal of legacy OBS-managed Santiago Internet gateway. 9. Secure Hosting Gateway: Choice and installation of new secure hosting solution for incoming Internet-based connections to BHP. 10. Cyber Analysis and Detection Support: Detecting, Analysis of anomaly behaviors of cyber security devices. 11. GOM LAB: Developing an isolated Lab for OT Network with ISA99, IEC 62443 standards. 12. Cisco ASA 5500 To PA-3200 Migrations: Developing strategy and migrating from Cisco ASA to PA-3200 series for 15 sites using PA migration tool both in TP modes, Trunk Modes, and Layer-3 HA’s. Network & Security Consultant (Service Delivery) July/2016-August/2018 Relig Staffing, Inc.

• High Level and Low-Level Designing HLD $ LLD for Different networks including Core, Distribution and Access Layer for Financial Institutes.

• Configuring Routers, Switches, Firewalls, ASR, ISR, Security policies, procedures, and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, Infoblox, Endpoint Protections, NSX Architecture Datacenter, IP fabric environment, PXE Environment, VXrail, NAS, SAN Solutions, etc.

• Cisco PPDIO Mythology Prepare, Plan, Design, Implement, Operate and Optimize.

• Pro-Types and Pilot Network Testing Network protocols RIP, EIGRP, OSPF, BGP L2 Encapsulation STP, RSTP, VRRP, HSRP, etc.

• Tier-3 and Tier-4 Datacenter Designing by TIA-942 Standards DR-Sites as HOT SIDE, WARM SIDE, COLD SIDE N+N Redundancy.

• Managed Services Implementation like L3MPLPS, L2MPLS, IPSEC VPN, DMVPN, Easy VPN, RDP, Voice, and Wireless Network designing, configuration, and optimization.

• Security Devises IPS, IDS, Cisco ASA, FTD, Juniper SRX, SA-4500, Cisco ACS, Cisco ISE.

• SOP, Security policies, procedures, and guidelines implementation in compliance with NIST, PCI-DSS, Social Engineering, and COBIT-5 Framework.

Lead Network & Security Engineer, IT Infrastructure Section May/2015- June/2016 Statistic Center, Abu Dhabi- Cloud technologies LLC

• Managing IT Secured Services Delivery & Operations including Health Performance, Incident Management, and Change Management in WAN, LAN Network, Wireless, IP Telephony, and Data Center Operations.

• Cisco Router 3845, Catalyst Switch 6500, 4509, 4503, Core Switch 6509, Cisco ACS. Cisco ASA 5000 Series. (Configuration, Installation, Maintenance, Monitoring) for Enterprise Network using OSPF, BGP, STP, RSTP, ACL, NAT, PAT, VRRP, HSRP, Port Security Protocols & ETC.)

• Juniper SRX3400, SRX240. (Easy VPN, GRE-Tunnel, Dynamic Multipoint VPN, IPsec, SSL, S2S- Connectivity, Zoning, Trust, Un-trust, DMZ, MD5, SHA-1,2,3).

3 Page

• SA-4500, MacAfee IPS (M-8000 & M-4050), Cisco 4200 series IPS. (Authentication, Security Deployed at Application Layer, Malware, Spyware, Logic Bombs, Web Beacon, Virus Protection, Patches Updates, DLP, etc.), GRE-VPN Tunnel, IPsec, SSL, DMVPN Commissioning and troubleshooting.

• Cisco ASA-5560 Troubleshooting, Configuration, and Monitoring.

• Avaya 9620 IP-Telephony, CUCM 9. X, CUCM 10.X. (QoS with RTSP).

• Wireless Connectivity of Aruba 3600. Access Point through Radius Server, Domain Controller, (Installation, Configuration of Access points and Controller).

• Network Tools Cisco Prime, Aruba Wireless Controller, GUI/NSM (Xpress) for Juniper SRX-3400, SRX-120h, SA-4500, Cisco ASA Source Fire.

• LLD &HLD Implementation.

• Supervision of Help-desk Team via Footprints by implementing ITIL/ITSM/ISO-27002 Processes.

• Reporting to Head of IT & Manager IT Infrastructure Section. Assistant Manager Datacenter (TIA942)-NOC Operations Lead Jan/2011-April/2015 Pakistan Telecommunication Company Limited (ETISALAT) Karachi, Pakistan

• Managed Services Delivery Specialist Network Operation Center (NOC) issues a Total of 150 Rack (TIER-3/ TIER-4).

• Ensure availability of NOC operation 24X7. E1 /T1 /PRI /BRI /FE Connectivity.

• Configuring NSM for monitoring of MX-960, EX-8200, EX-4200, SA-4500, SRX-3600 and integrating with Observium, MRTG.

• Cisco ASR 9010, IOS, IOS-XE, IOS, XR Configuration, and troubleshooting.

• Commissioning MPLSL2, MPLSL3, Metro Ethernet, Leased Lines, P2P. P2MP, Digital Cross-Connect Cross Connect Circuits, Frame Relay, WAN Networks over Lit Fiber end to end.

• (Router, Switch, VPN Concentrator, IPsec, SSL, Access Server, and IDS/IPS) with LLD & HLD Implementation.

• The incumbent is responsible for the installation, modification, upgrade, troubleshooting, and repair process for network-related hardware including Routers, Switches, and firewalls.

• Configure the MPLSL2VPN and MPLSL3VPN for clients, Configuration Management, Change Management, Logs Management, and Incident.

• Configuration of Core/PE/CE Routers, L2/3switches and firewalls at Datacenter, and DR.

• Reporting to Manager, Datacenter.

Services Engineer – NOC April/2007–Dec/2010

Pak Datacom Limited (Subsidiary of Telecom Foundation)

• Services Delivery Engineer by Planning Project Installation, Maintenance, Troubleshooting &Fault Restoration of Network and observing the whole network through NMS (Network Management System).

• Hand-on experience of Installation, Operation, and troubleshooting of Fiber Optics, Cross Connect &Drop Insert BRI, PRI, and PABX networks.

• Multiplexes on E1 optical fiber using TDM&FDM Technologies and End-to-End BERT Testing, OTDR Fiber Testing, VSWR Testing.

• Outdoor& Indoor Installation Testing, Maintenance, and Troubleshooting of long-distance Fiber Circuit (WAN) associated with New Bridge, Tainet equipment by using Optical Fiber (SDH/PDH) Transmission media & SONET. EDUCATION:

Executive Master of Science CGPA= 3.83 August 2016-May2018

(Information Security Systems)

University of The Cumberland’s, KY, USA.

Master of Science in Electronics Engineering

Specialization in Telecommunication & Networks

CGPA=3.1 (1st Division) August2008-April2014

(Accredited from ECE-Educational Credentials Evaluator, USA). Sir Syed University of Engineering & Technology, Karachi. BS Electronics Engineering CGPA=3.92 (1st Division) January2003-March2007

(Accredited from ECE-Educational Credentials Evaluator, USA). Sir Syed University of Engineering & Technology, Karachi. CERTIFICATIONS:

• Fortinet NSE 7 Enterprise Firewall 7.0

• Cisco Certified Internetwork Expert-Security (CCIE-SEC 400-251).

• Cisco Certified Internetwork Expert- Routing and Switching (CCIE-R&S 400-101).

• Certified Ethical Hacker version 9 (CEHv9).

• Juniper Networks Certified Associate (JNCIA-Junos).

• Implementing Cisco Network Security (CCNA-SEC 210-260).

• Cisco Certified Network Associate (CCNA-200-120).

• PR2P PRINCE2® Foundation Certificate in Project Management.

• PR2P PRINCE2® Practitioner Certificate in Project Management.

• Certified Integrator in Secure Cloud Services (CI-SCS).

• CLOUDF-EXIN Cloud Computing Foundation.

• ITILv3® Foundation Certification in IT Service Management (EX0-117).

• Information Security Foundation based on ISO/IEC 27002 (ISFS).

• ITSM20F IT Service Management Foundation based on ISO IEC 20000.

Contact this candidate