Senior IT Security Officer - Tufin & Firewall

10/2019 – offen

• Project: The end customer is a leading global automotive manufacturer trying to achieve a global managed automated Security Infrastructure.
• Project Work: As a Senior IT Security Officer provided automated Security solutions and built Security Infrastructure, further details are followed:

1. SecureTrack:
i. created automated Security changes, that all security requests and Group requests deployed automatically.
ii. Built Security zones Architecture (Segmentation for 900+ Security zones) and their subnet added to relevant Security zone and built zone membership.
iii. Prepared 80+ major Unified Security Matrixes (USP) (400K+ combinations) for worldwide Security Instances to prevent unauthorized access according to strict Security policies with only with authorized approvals (Security Exceptions).
iv. Devices management for 400+ devices including Firewalls, Routers and switches.
v. Generated various reports according to demand of departments, Compliance Audit and added ownership Meta Data, analysis of revision to troubleshoot network issues and Object/Rule Analysis.
vi. Build Topology and Network & Security troubleshooting
2. SecureChange:
vii. Development of various workflows (e.g., access request, server cloning, group legalization, server and access decommissioning/deactivation, recertification, etc.) according to the needs of the departments and departments working with dynamic functions.
viii. Enabled RISK analysis capability specifically designed to help information security officers and implementers prevent unauthorized access to a corporate network.
ix. Added 30,000+ users (global) and allocated different security roles for different departments.
3. SecureApp:
x. designed and developed a high-level application architecture (100+ applications) built by instances, security zones and services (proxy, active directory, etc.). The purpose was to simplify the security requirements system for internal, external, partners and third parties. (Nearly 30,000+ rules and 100,000 objects/groups migrated) Complex rules simplified and packaged into applications so the customer can take a ready-made rule set and use those rules instead of creating new rules and new authorizations.
xi. Provided SecureApp training and usage of connections, application interfaces and Application-Packs.
4. API / Script– Development and Bug management
xii. REST API Development for 3rd party to open access requests.
xiii. REST API development that tufin and BlueCat do communication (data synchronization)
xiv. Created PowerShell scripts for SecureChange to Import subnets and added into group, a further script prepared for SecureApp to upload groups taken by firewall export.
5. IPAMs Sync App:
xv. Integrated tufin IPAMs Sync App to sync BlueCat IPAM data with tufin Security Zones in SecureTrack.
6. Additional Responsibilities
i. Assisting and training the firewall cleaning team and preparing workflows for decommissioning/group legalization and daily Tufin queries.
ii. updated business owner information (metadata) and daily business issue ticket editing/creation.
iii. First point of contact for solving tufin problems for internal and external employees.
iv. Conducting bi-weekly improvement meetings, remote technical meetings with vendors and with internal departments to improve security and resolve security issues.
v. Fix various issues daily, e.g., B. Designer, topology and other security issues.
vi. Creation of technical documentation for requesters, security departments and implementers.
vii. Part of the Information Security (ISO27001) team to develop part of the security areas.
7. tufin Upgrade (Classic to Classic)
i. Tufin Test and Prod (including Distribution Servers) environment successfully upgraded from
TufinOS r 2.21/TOS-20.1 HF4.2 (classic) to TufinOS r 3.6 / TOS R 21.2 (classic).
8. tufin Aurora clean installation
i. created Tufin Aurora LAB with clean installation including USP builder, Reporting Pack and vulnerability mitigation app.

Devices: CheckPoint, Palo Alto and Cisco ASA.
Tools: SecureTrack, SecureChange, SecureApp, BlueCat, CyberArc, Remedy, Jira, POSTMAN, PowerShell and Python

Corporate Security

3/2019 – 9/2019

1. To establish Workflows (Local and Cloud) with tufin for their Network and security infrastructure that they can easily manage centrally.
2. Firewall migration from Juniper devices to Fortinet devices in an existing infrastructure.

Corporate Security

7/2018 – 3/2019

As a Project Manager / FortiGate Consultant, my responsibilities are to centralize and deploy FortiGate firewalls based on MPLS and Internet connected locations around the Globe.

Fortigate Firewalls