Solutions Architect Pre-Sales
Resume:
RASHID WASI
• Email: *******@*******.***
• Tel: 201-***-****
• LinkedIn: https://www.linkedin.com/in/rashidwasiuddin
• Preferences: Tampa, FL; Atlanta, GA; Dallas & Houston, TX; Remote/ Hybrid, Open to relocations.
• Status: US Citizen
OBJECTIVE
Seeking a senior-level role in Security Architecture, Risk & Compliance, or SOC Services, with an openness to positions in Security Solutions Sales/Pre-Sales as well.
PROFILE
• With over 25 years of experience in the IT industry, I have served diverse clients across the US, Canada, and Europe. Throughout my career, I have held various senior roles, like Senior Director, Senior Enterprise Security Consultant/Architect, Threat Management Practice Head, Security Operations Center (SOC) Lead, Pre-Sales Enterprise Security Solutions Architect, and vCISO.
• As the Practice Head, I spearheaded initiatives for portfolio expansion, delivery management, resource optimization, technology evaluation, and strategic partnerships. This included creating new security service offerings such as Cloud Security Services and formalizing Managed SOC Services at Lemongrass.
• As a Security Architect, I designed and deployed secure cloud networks for various customers by leveraging native and third-party cloud security tools and ensuring adherence to Azure and AWS security best practices. I applied key security principles such as ZERO TRUST, Least Privilege, Defense in Depth to enhance overall security posture.
• Served as a Trusted Security Advisor to CISOs & CIOs, assisting them in transforming business ideas into secure IT services.
• Developed and managed Cybersecurity Programs, employing best-in-class tools and techniques aligned with industry standards such as NIST, ISO27002, HITRUST, CSA, CIS
• Assisted customers across diverse industries in achieving compliance with regulatory frameworks like PCI DSS, GDPR, HIPAA, FISMA, and TOGAF by conducting readiness assessments and providing actionable recommendations.
• As a Security Operations Center (SOC) Lead I have experience in overseeing SOC Services such as real-time threat monitoring, incident response services, and managing SOC team (SOC analysts, engineers, incident responders etc.)
• Authored and enhanced critical security documents including policies, standards, guidelines, risk registers, security training materials, SSPs, SARs, and POA&Ms, strengthening clients’ Information Security Management Systems (ISMS).
• Conducted over 50 + security assessments for global Fortune 500 companies, including Vulnerability Assessments, Penetration Testing, DAST, Security Architecture Reviews, Security Hardening, and Threat Modeling using MITRE ATT&CK.
• As a Pre-Sales Security Solutions Architect, led solutioning efforts and supported sales initiatives for Managed Security Services and large ITO deals across multiple industry verticals, responding to over 300 + RFP/RFI inquiries EXPERTISE
• Practice Management and Business Development
• Security Architectures (Hybrid: On-Prem and Cloud)
• Security Risk Assessments and Compliance Management
• DevSecOps Security - CI/CD Lifecycle Security
• Security Testing (SAST,DAST), Vulnerability Assessments
• SOC Services Leader Expertise
• Threat Management (EDR, NDR, Firewall, IDS/IPS, etc.)
• Data Security (Data Classification, CASB, Encryption) SKILLSETS, TOOLS & FRAMEWORKS
• Security Assessment Types: Compliance & Risk Assessment, Security Maturity Assessments, Vendor/third-party risks Assessment, Tool Rationalization Assessment, Vulnerability Assessment, Penetration Testing, Security Architecture Reviews Page 2 of 4
• Security Assessment Tools: Kali Linux, QualysGuard, Rapid 7, Nessus, AWS Inspector, Nucleus. Metasploit Framework, Cenzic Hailstorm, Nmap, Fortify SCA, WebInspects, Wireshark, Aircrack NG, Firewall Assurance & Network Audit Tools
• Threat Protection: SIEM, EDR/NDR DLP, firewalls and IPS using vendors’ products like Stellar Cyber, Symantec, McAfee, Checkpoint, Microsoft etc.
• Cloud Security: CSA Cloud Controls Matrix (CCM) Framework, AWS Well Architected Network Framework, Azure Well Architected Network Framework, various Azure and AWS foundational Cloud tools like Azure Key Vault, Azure Firewall, Microsoft Entra ID (Azure AD), Azure Privilege Identity Management (PIM), Microsoft Sentinel, Azure Policy, Azure Security Center, Microsoft Defender, Amazon EC2, Amazon S3, Amazon Lambda, Amazon CloudWatch etc.
• Data Security and Encryption: Data Classification & Data Handling, DLP (e.g McAfee DLP, Microsoft Purview), CASB (e.g., MS Defender for cloud apps), CSPM (WIZ, Microsoft Defender for Cloud, AWS Security HUB), Azure Information Protection, BitLocker, McAfee Encryption Solutions, Device Control.
• Governance, Risk, Compliance: Zero Trust Security Principles, NIST 800-53, NIST CSF, NIST 800-171, Various NIST SP 1800 Series Publications, ISO 27000 series, SOC2, CIS TOP 20, CSA Cloud Controls Matrix (CCM), CMMC v 2.0 (Cybersecurity Maturity Model Certification), FISMA, PCI DSS, HIPAA, TOGAF, COBIT, HITRUST, OWASP Top 10, Threat Modeling Frameworks like STRIDE/DREAD, MITRE ATT&CK
• Misc: Third-party risk management Tool ( like OneTrust), Security Awareness Training and Phishing Tool ( like KnowB4), IAM Standards and techniques like MFA (Multifactor Authentication), Privileged Access, JIT Conditional Access, Ouath 2.0, SAML, FIDO2/WebAuthn, OpenID
DEGREES, CERTIFICATIONS, TRAINING
• University Degrees: Southeast Missouri State U, Cape Girardeau, MO – BSc
• Technical Certification: Microsoft Azure Security Technologies Certifications, Certified Ethical Hacker & Pen Tester (CEH), CCNA (Cisco Certified Network Associate), MCSE (from Microsoft), CISSP (in progress)
• Training: ITIL & Six Sigma Green Belt, Ethical Hacking Boot Camp, Zero Trust, Breaches/Ransomware Attacks, and several topics on Regulatory Compliances, Industry Standards and more. EXPERIENCE:
LEMONGRASS CLOUD
Senior Enterprise Security Solutions Architect and SOC Services Lead; New Jersey, London, Remote; 10/2023-7/2024
• Led the development of Lemongrass Managed SOC services in collaboration with the CISO, encompassing various SOC service models tailored to meet diverse client needs across industries. Activities included crafting pricing structures, service descriptions, SOWs, customer onboarding materials, and sales collateral, as well as coaching sales teams.
• Led the pre-sales cycle for Managed SecOps & SOC Services, including solutioning, pricing and client presentations.
• As the SOC lead, managed delivery of Lemongrass Managed SOC Services to multiple Lemongrass customers. This included SOC team (consisting of SOC Managers, Engineers, Analysts, Threat Hunters, and Incident Responders) and overseeing SOC functions like overseeing Device on-boarding and integrations, and daily SOC operations such as security event monitoring, threat hunting, reporting, incident response, SOC tool management, and SIEM rules development.
• Actively participated in solution meetings, status calls, forecasting discussions, and strategy meetings to provide insights, share updates, and collaborate on sales strategies and solutions. NTT DATA SERVICES
Senior Director and Enterprise Security Architect; NTT DATA Services; Plano, TX, Remote; 04/2020-8/2023
• As Senior Director, led practice development, growth, and sales efforts for Cybersecurity Consulting & Advisory Services
• As Senior Security Architect, executed several types of projects in the US. Here are some notable projects: o Conducted security, risk, and maturity assessments for multiple customers, leveraging well-established industry security standards and frameworks like NIST 800-53, NIST CSF, NIST 800-171, ISO 27000 series, CIS, CSA, OWASP, HITRUST. o Assisted multiple customers in compliance with various compliances like PCI DSS, GDPR, HIPAA, FISMA, TOGAF etc. o Assisted a luxury home builder in transitioning their cybersecurity program from COBIT to NIST CSF, presenting a NIST CSF- based assessment to the board for budgeting and program enhancement. Page 3 of 4
o For an advanced battery solutions leader conducted series of Security Architecture Assessments of their 20 critical applications. It involved architecture review, security controls review, SIG and SOC 2 reviews, and vulnerability scanning. o Performed multiple third-party/vendor risk assessments using tools like OneTrust to evaluate security posture, compliance, and control effectiveness. Reviewed certifications (e.g., SOC 2, ISO 27001), assessed responses, identified gaps, and recommended remediation.
o Designed and implemented security awareness programs for various customers with onboarding training, annual certification, and periodic phishing simulations using tools like KnowBe4. Integrated policies, procedures, and training modules related to password security, email security and data security/privacy to enhance user vigilance. o Performed multiple security gap assessments using NIST 800-171 rev 2 with a road map for CMMC 2.0 certification for manufacturing companies who handled CUI data and operated as federal contractors. WIPRO TECHNOLOGIES LTD
Senior Pre-Sales Enterprise Security Solutions Architect; East Brunswick, NJ, Remote; 02/2016- 10/2019 Started as a Pre-Sales Architect, later transitioning to Security Architect for Cyber Security and Risk Consulting (CRS) Services.
• As Senior Pre-Sales Security Architect, supported sales efforts for large managed Security Services (MSS) deals. o Collaborated with internal IT teams, vendors, and cloud service providers to solve the customer requirements . o Drove end-to-end RFI/RFP response process, including RFP analysis, solution conceptualization, and development, devising the winning strategy, client presentations, workshops, ROM/BOM creation, pricing, SOW/SLA drafting, and participated in transition management for deals won.
• As Senior Security Architect, executed various types of projects in the US. Here are some notable projects: o Developed and deployed Data Security Programs for major automotive, healthcare, and retail companies, protecting sensitive data (PII, PHI, credit card data). Implemented tools like DLP, CASB, device control, certificates, and encryption to mitigate risks such as Shadow IT, Data Leakages, and Malware Threats. o Led security architecture projects for a healthcare product company, implementing global e-commerce platforms, which was aligned to standards such as NIST, CSA, CIS, and OWASP standards. o Developed and managed application security-centric programs using DevSecOps methodologies, OWASP standard, and utilizing open-source and commercial tools (Rapid 7, Nmap, Fortify SCA, Web Inspect for CI/CD phases (e.g., Plan, Code, Build, Test, Release, and Deploy). Additionally, I performed threat modeling using MITRE ATT&CK frameworks. o Conducted security, risk and maturity assessments for multiple customers’ global environments and programs, leveraging security standards and frameworks like NIST 800-53, NIST CSF, ISO 27000 series, CIS, CSA, OWASP, HITRUST o Performed numerous third-party/vendor risk assessments for multiple clients, leveraging tools like OneTrust and reviewing certification reports such as SOC 2 Type II and ISO 27001 to evaluate service providers' security controls and environments handling customer data.
FORSYTHE TECHNOLOGY INC.
Senior Enterprise Security Consultant; Chicago, IL; 01/2015- 11/2015
• As a Senior Security Consultant, drove security engagements such as vulnerability assessment, penetration testing, DAST, threat modelling, wireless security surveys and security architecture reviews for US-Based Clients across diverse sectors.
• Developed documentation to assist clients to comply with regulatory compliance such as HIPAA, and PCI DSS. COGNIZANT TECHNOLOGIES
Head of Threat Management Practice and Security Architect; Teaneck, NJ; 12/2008 –12/2014 Started as Security Consultant & later promoted to Threat Management Practice Head within Risk & Security Services practice.
• As Threat Management Practice Head, drove practice growth to achieve multimillion-dollar revenue targets. o Managed a 35-member security team delivering security projects across US and Canada. o Developed new security offering services to expand the security service portfolio such as Cloud Security Services, Threat Management Services, DLP Services, Application Security & Vulnerability Management Services and PCI Readiness Services
• As Security Architect, executed various projects in the US and abroad. Below are notable projects: o For multiple clients, Cognizant SIEM and SOC services program. o Conducted risk assessments and maturity assessments using standards such as NIST with CMM Maturity Models. Page 4 of 4
o Performed technical security assessments/testing in enterprise environments e.g., DAST, penetration testing, vulnerability assessments, and wireless security surveys using blend of security tools. o Led post-merger security assessments for the largest U.S. tools and hardware company across the U.S., Europe, and Canada. o For the largest Cable TV/ISP conducted a series of ISO-27002 centric security assessments o Led a data security project, developing data classification schemes and procedures, and deploying DLP, encryption, device controls, and information protection.
SOLUTIONARY (now part of NTT Data Services)
Principal Enterprise Security Architect; Omaha, NB: Remote; 08/2007 –09/2008
• Drove several types of security engagements, e.g., vulnerability assessment, penetration testing, DAST, wireless security assessments, security architecture reviews, threat modeling, and NIST, and ISO 27002 security assessments. INTERNATIONAL NETWORK SERVICES (now part of British Telecom) Senior Enterprise Security Architect; Wayne, PA; 08/2005 –06/2007
• Part of a multi-year contract at Glaxo Smith Kline, executed several IT assignments as a security architect.
• Assisted in designing security controls for GSK's infrastructure services for B2B/third-party connectivity and secure access.
• Performed changes and diagnostics on Checkpoint firewalls, Cisco routers, and switches and developed documentation. NOAA/OFA (National Oceanic and Atmospheric Association) Security Operations Manager; Silver Spring, MD; 01/2005- 04/2005
• In a government contractor capacity, served as a security advisor to the director of IT services of the OFA office.
• As a security operations manager, led a team of six core security consultants managing the OFA/NOAA environment.
• To comply with NSA directives, managing all aspects of security programs, e.g., patch and vulnerability management. CITIGROUP
Global SOC Lead; New York; 05/2003 –06/2004
• SOC Operations: SOC leader at Citigroup Threat Assessment Center (CTAC), which is a 24 X 7 basis Global Security Incidents and Forensics Response Unit that monitors, responds, and assesses threats posed to Citigroup’s technology infrastructure.
• Security Incident Response: Led Level 1 & 2- security incident response for malware, phishing, and network attacks.
• IDS Event Monitoring: 24 X7 monitoring and assessment of alerts on Intrusion Detection System Portals.
• Antivirus Management: Assisted in setting up policies and procedures for a global malware program.
• Vulnerability Management: Actively conduct vulnerability scanning of approx. 150K endpoints globally daily.
• Compliance and Audits Support: Assist with creating, coordinating, and maintaining Citigroup’s IT policies. REDWOOD PARTNERS INT.
Director of Information Technology; NY and Euro locations; 09/2000 – 2/2003
• As a Director of IT Services, managed global network and IT operations with offices in NY, Chicago, LA, and London. COMPUTER PROFESSIONALS INC.
Senior Network Consultant; New York; 06/1997– 07/2000
• Designed, deployed, and supported small-midsized networks for clients in the NY Metro area and responded to RFPs. DISTRICT ATTORNEY OF BRONX
Network Administrator; Bronx, NY; 05/1998 –03/1999
• Managed and maintained all aspects of hybrid Ethernet/Token Ring networks comprised of NetWare/Windows Servers.
Contact this candidate