freiberufler Senior IT Security Officer - Tufin & Firewall auf freelance.de

Senior IT Security Officer - Tufin & Firewall

zuletzt online vor 3 Tagen
  • 99€/Stunde
  • Deutschland
  • Weltweit
  • de  |  en
  • 17.09.2024

Kurzvorstellung

I am an experienced and motivated “Senior IT Security Officer / Consultant / Project Manager and analyst” with management, auditing skills and accomplished in delivering secure resilient systems on time and budget to meet business needs.

Qualifikationen

  • Check Point (allg.)
  • Corporate Security5 J.
  • Enterprise project management (EPM)
  • Fortigate Firewalls
  • keycloak
  • Lead Auditor ISO27001
  • Netzwerk-Sicherheit8 J.
  • paloAlto stonegate
  • SAML
  • tufin

Projekt‐ & Berufserfahrung

Senior IT Security Officer - Tufen & Firewall
Kundenname anonymisiert, Stuttgart
10/2019 – offen (5 Jahre, 2 Monate)
Automobilindustrie
Tätigkeitszeitraum

10/2019 – offen

Tätigkeitsbeschreibung

• Project: The end customer is a leading global automotive manufacturer trying to achieve a global managed automated Security Infrastructure.
• Project Work: As a Senior IT Security Officer provided automated Security solutions and built Security Infrastructure, further details are followed:

1. SecureTrack:
i. created automated Security changes, that all security requests and Group requests deployed automatically.
ii. Built Security zones Architecture (Segmentation for 900+ Security zones) and their subnet added to relevant Security zone and built zone membership.
iii. Prepared 80+ major Unified Security Matrixes (USP) (400K+ combinations) for worldwide Security Instances to prevent unauthorized access according to strict Security policies with only with authorized approvals (Security Exceptions).
iv. Devices management for 400+ devices including Firewalls, Routers and switches.
v. Generated various reports according to demand of departments, Compliance Audit and added ownership Meta Data, analysis of revision to troubleshoot network issues and Object/Rule Analysis.
vi. Build Topology and Network & Security troubleshooting
2. SecureChange:
vii. Development of various workflows (e.g., access request, server cloning, group legalization, server and access decommissioning/deactivation, recertification, etc.) according to the needs of the departments and departments working with dynamic functions.
viii. Enabled RISK analysis capability specifically designed to help information security officers and implementers prevent unauthorized access to a corporate network.
ix. Added 30,000+ users (global) and allocated different security roles for different departments.
3. SecureApp:
x. designed and developed a high-level application architecture (100+ applications) built by instances, security zones and services (proxy, active directory, etc.). The purpose was to simplify the security requirements system for internal, external, partners and third parties. (Nearly 30,000+ rules and 100,000 objects/groups migrated) Complex rules simplified and packaged into applications so the customer can take a ready-made rule set and use those rules instead of creating new rules and new authorizations.
xi. Provided SecureApp training and usage of connections, application interfaces and Application-Packs.
4. API / Script– Development and Bug management
xii. REST API Development for 3rd party to open access requests.
xiii. REST API development that tufin and BlueCat do communication (data synchronization)
xiv. Created PowerShell scripts for SecureChange to Import subnets and added into group, a further script prepared for SecureApp to upload groups taken by firewall export.
5. IPAMs Sync App:
xv. Integrated tufin IPAMs Sync App to sync BlueCat IPAM data with tufin Security Zones in SecureTrack.
6. Additional Responsibilities
i. Assisting and training the firewall cleaning team and preparing workflows for decommissioning/group legalization and daily Tufin queries.
ii. updated business owner information (metadata) and daily business issue ticket editing/creation.
iii. First point of contact for solving tufin problems for internal and external employees.
iv. Conducting bi-weekly improvement meetings, remote technical meetings with vendors and with internal departments to improve security and resolve security issues.
v. Fix various issues daily, e.g., B. Designer, topology and other security issues.
vi. Creation of technical documentation for requesters, security departments and implementers.
vii. Part of the Information Security (ISO27001) team to develop part of the security areas.
7. tufin Upgrade (Classic to Classic)
i. Tufin Test and Prod (including Distribution Servers) environment successfully upgraded from
TufinOS r 2.21/TOS-20.1 HF4.2 (classic) to TufinOS r 3.6 / TOS R 21.2 (classic).
8. tufin Aurora clean installation
i. created Tufin Aurora LAB with clean installation including USP builder, Reporting Pack and vulnerability mitigation app.

Devices: CheckPoint, Palo Alto and Cisco ASA.
Tools: SecureTrack, SecureChange, SecureApp, BlueCat, CyberArc, Remedy, Jira, POSTMAN, PowerShell and Python

Eingesetzte Qualifikationen

Corporate Security

Senior IT Security Consultant (Tufin / Fortigate)
Kundenname anonymisiert, Munich
3/2019 – 9/2019 (7 Monate)
Finance
Tätigkeitszeitraum

3/2019 – 9/2019

Tätigkeitsbeschreibung

1. To establish Workflows (Local and Cloud) with tufin for their Network and security infrastructure that they can easily manage centrally.
2. Firewall migration from Juniper devices to Fortinet devices in an existing infrastructure.

Eingesetzte Qualifikationen

Corporate Security

Project Manager / Consultant for Network and Security Centralization and Deploym
Kundenname anonymisiert, Bielefeld
7/2018 – 3/2019 (9 Monate)
Telekommunikation
Tätigkeitszeitraum

7/2018 – 3/2019

Tätigkeitsbeschreibung

As a Project Manager / FortiGate Consultant, my responsibilities are to centralize and deploy FortiGate firewalls based on MPLS and Internet connected locations around the Globe.

Eingesetzte Qualifikationen

Fortigate Firewalls

Senior Project Solution Engineer for Network Connectivity and Security (cloud)
Kundenname anonymisiert, zurich
2/2017 – offen (7 Jahre, 10 Monate)
Telekommunikation
Tätigkeitszeitraum

2/2017 – offen

Tätigkeitsbeschreibung

As a Project Solution Engineer my responsibilities are to provide connectivity and security solution services throw-out from client`s network to cloud and/or third-party network. Important part of every Project is to deliver Security per ISMS and Connectivity on promised time with in allocated budget. Every single Project demands deep architectural study to deliver clear Network connectivity and Stabil Security.

Eingesetzte Qualifikationen

Netzwerk-Sicherheit

MPLS-WAN Network and Security Engineer
Kundenname anonymisiert, Nürnberg
8/2013 – 12/2016 (3 Jahre, 5 Monate)
Großhandel
Tätigkeitszeitraum

8/2013 – 12/2016

Tätigkeitsbeschreibung

• Project 1: MPLS-WAN Network and Security Engineer (Project Management)
• Project 2: Migration from R71.30 to R77.20 on appliance 12400
• Project 3: Virtualization of Firewall appliance 13500
• Project 4: WLAN Centralization
• Project 5: Project Manager for Network Maintenance
• Project 6: Administration and Design of SharePoint and Documentation Management

Eingesetzte Qualifikationen

Cisco Router

Security Consultant and Fortinet Firewalls Specialist
Kundenname anonymisiert, Frankfurt
8/2012 – 10/2012 (3 Monate)
Telekommunikation
Tätigkeitszeitraum

8/2012 – 10/2012

Tätigkeitsbeschreibung

• Project: End client was a bank, where my responsibility as a Fortigate Firewall Specialist to deploy three Zone Security (Cisco ASA & Fortigate firewalls). This is a new Installation on four different locations, two locations are in Germany and two locations are two different countries. Germany is centre of Security Zone, where Fortigate 600C devices are deployed as a cluster (Active-Passive) and replaced instead of Checkpoint Firewall.
• Project Work:
i) Responsibilities included: Firewall Management, Software /- Patches update, Deployment Planning, Designing, Network security solutions, architectures, Devises licensing and registration, quality assurance, Internal Staff Training, Project meetings with End Client and Project Manager to resolve technical Issues and provide solutions.
ii) Prepared and deployed new Configs, policies and conversion of policies from Checkpoint to FortiGate.
iii) Physically installation, deployment, connectivity test and failover test on FortiGate Firewall Devices.
iv) Onsite installation, deployment, and configuration of FortiAnalyser for all types of log and installation of FortiManager for FortiGate devices management.
v) Administration of devices & Monitoring logs, Calls & trouble tickets handling and troubleshooting.
vi) staff training, presentation and technical documentation.
vii) Proxy: Configured Web filtering, Explicit Proxy, Transparent Proxy, Anti Virus, IDS, IPS, VPN, remote access and Traffic Shaping.
viii) Configuring FSSO for single sign-on user access in a Windows AD environment using NTLM.
x) Demo Installation for FortiAuthenticator for Username/password authentication via 802.1X over external RADIUS Server.
• Devices: FortiGate100D, FortiGate 600C, FortiAnalyser 100C and FortiManager 100C

Eingesetzte Qualifikationen

Netzwerk-Sicherheit

Ausbildung

MS.c. In Computer Systems Security
MS.c. In Computer Systems Security

Cardiff

Über mich

I am an experienced and motivated “Senior IT Security Officer / Consultant / Project Manager and analyst” with management, auditing skills and accomplished in delivering secure resilient systems on time and budget to meet business needs. I am an adaptable and efficient team player / team leader with excellent communication skills at all levels and experienced in multi-vendor, third party global Network and Security Management, Implementation and Configuration.

Weitere Kenntnisse

• Tufin Certified Security Expert (TCSE-4- Aurora TOS Troubleshooting) Feb-2022
• Tufin Certified Security Expert (TCSE-3- Aurora TOS Administration) Feb-2022
• Feb-2022Tufin Certified Security Expert (TCSE-2_Aurora) April-2021
• FireMon Solutions Expert Certification (FMSE) April-2021
• Tufin Certified Security Expert (TCSE-2_Classic) Feb-2021
• Tufin Certified Security Expert (Automation) Oct-2019
• ISO 27001:2013 ISMS Certified Lead Auditor Jan-2017
• SharePoint for Administrators Jul-2016
• Enterprise Privacy Accredited Engineer (ProofPoint) Jul-2015
• Tufin Certified Security Expert (TCSE) Feb-2015
• Implementing Cisco IOS Network Security (IINS) (CCNA Security) Feb-2013
• Configuring and Deploying a Private Cloud with System Center 2012 (SCCM) Jul-2012
• Monitoring and Operating a Private Cloud with System Center 2012 (SCCM) Jul-2012
• Fortinet Certified Network and Security Associate (FCNSA) Apr-2012
• Fortinet Certified Network and Security Professional (FCNSP) Apr-2012
• Cisco Certified Network Professional (CCNP) Jan-2005
• Cisco Certified Network Associate (CCNA) Jul-2004
• Microsoft Certified System Engineer (MCSE) Mar-2004
• Microsoft Certified Database Administrator (MCDBA) Apr-2004
• Microsoft Certified Database Administrator (MCDBA) Apr-2004

Persönliche Daten

Sprache
  • Deutsch (Muttersprache)
  • Englisch (Fließend)
Reisebereitschaft
Weltweit
Arbeitserlaubnis
  • Europäische Union
  • Schweiz
  • Vereinigte Staaten von Amerika
Profilaufrufe
6179
Alter
47
Berufserfahrung
29 Jahre und 7 Monate (seit 04/1995)
Projektleitung
10 Jahre

Kontaktdaten

Nur registrierte PREMIUM-Mitglieder von freelance.de können Kontaktdaten einsehen.

Jetzt Mitglied werden