Senior IT Security Officer - Tufin & Firewall
- Verfügbarkeit einsehen
- 0 Referenzen
- 99€/Stunde
- Deutschland
- Weltweit
- de | en
- 17.09.2024
Kurzvorstellung
Qualifikationen
Projekt‐ & Berufserfahrung
10/2019 – offen
Tätigkeitsbeschreibung
• Project: The end customer is a leading global automotive manufacturer trying to achieve a global managed automated Security Infrastructure.
• Project Work: As a Senior IT Security Officer provided automated Security solutions and built Security Infrastructure, further details are followed:
1. SecureTrack:
i. created automated Security changes, that all security requests and Group requests deployed automatically.
ii. Built Security zones Architecture (Segmentation for 900+ Security zones) and their subnet added to relevant Security zone and built zone membership.
iii. Prepared 80+ major Unified Security Matrixes (USP) (400K+ combinations) for worldwide Security Instances to prevent unauthorized access according to strict Security policies with only with authorized approvals (Security Exceptions).
iv. Devices management for 400+ devices including Firewalls, Routers and switches.
v. Generated various reports according to demand of departments, Compliance Audit and added ownership Meta Data, analysis of revision to troubleshoot network issues and Object/Rule Analysis.
vi. Build Topology and Network & Security troubleshooting
2. SecureChange:
vii. Development of various workflows (e.g., access request, server cloning, group legalization, server and access decommissioning/deactivation, recertification, etc.) according to the needs of the departments and departments working with dynamic functions.
viii. Enabled RISK analysis capability specifically designed to help information security officers and implementers prevent unauthorized access to a corporate network.
ix. Added 30,000+ users (global) and allocated different security roles for different departments.
3. SecureApp:
x. designed and developed a high-level application architecture (100+ applications) built by instances, security zones and services (proxy, active directory, etc.). The purpose was to simplify the security requirements system for internal, external, partners and third parties. (Nearly 30,000+ rules and 100,000 objects/groups migrated) Complex rules simplified and packaged into applications so the customer can take a ready-made rule set and use those rules instead of creating new rules and new authorizations.
xi. Provided SecureApp training and usage of connections, application interfaces and Application-Packs.
4. API / Script– Development and Bug management
xii. REST API Development for 3rd party to open access requests.
xiii. REST API development that tufin and BlueCat do communication (data synchronization)
xiv. Created PowerShell scripts for SecureChange to Import subnets and added into group, a further script prepared for SecureApp to upload groups taken by firewall export.
5. IPAMs Sync App:
xv. Integrated tufin IPAMs Sync App to sync BlueCat IPAM data with tufin Security Zones in SecureTrack.
6. Additional Responsibilities
i. Assisting and training the firewall cleaning team and preparing workflows for decommissioning/group legalization and daily Tufin queries.
ii. updated business owner information (metadata) and daily business issue ticket editing/creation.
iii. First point of contact for solving tufin problems for internal and external employees.
iv. Conducting bi-weekly improvement meetings, remote technical meetings with vendors and with internal departments to improve security and resolve security issues.
v. Fix various issues daily, e.g., B. Designer, topology and other security issues.
vi. Creation of technical documentation for requesters, security departments and implementers.
vii. Part of the Information Security (ISO27001) team to develop part of the security areas.
7. tufin Upgrade (Classic to Classic)
i. Tufin Test and Prod (including Distribution Servers) environment successfully upgraded from
TufinOS r 2.21/TOS-20.1 HF4.2 (classic) to TufinOS r 3.6 / TOS R 21.2 (classic).
8. tufin Aurora clean installation
i. created Tufin Aurora LAB with clean installation including USP builder, Reporting Pack and vulnerability mitigation app.
Devices: CheckPoint, Palo Alto and Cisco ASA.
Tools: SecureTrack, SecureChange, SecureApp, BlueCat, CyberArc, Remedy, Jira, POSTMAN, PowerShell and Python
Corporate Security
3/2019 – 9/2019
Tätigkeitsbeschreibung
1. To establish Workflows (Local and Cloud) with tufin for their Network and security infrastructure that they can easily manage centrally.
2. Firewall migration from Juniper devices to Fortinet devices in an existing infrastructure.
Corporate Security
7/2018 – 3/2019
TätigkeitsbeschreibungAs a Project Manager / FortiGate Consultant, my responsibilities are to centralize and deploy FortiGate firewalls based on MPLS and Internet connected locations around the Globe.
Eingesetzte QualifikationenFortigate Firewalls
2/2017 – offen
TätigkeitsbeschreibungAs a Project Solution Engineer my responsibilities are to provide connectivity and security solution services throw-out from client`s network to cloud and/or third-party network. Important part of every Project is to deliver Security per ISMS and Connectivity on promised time with in allocated budget. Every single Project demands deep architectural study to deliver clear Network connectivity and Stabil Security.
Eingesetzte QualifikationenNetzwerk-Sicherheit
8/2013 – 12/2016
Tätigkeitsbeschreibung
• Project 1: MPLS-WAN Network and Security Engineer (Project Management)
• Project 2: Migration from R71.30 to R77.20 on appliance 12400
• Project 3: Virtualization of Firewall appliance 13500
• Project 4: WLAN Centralization
• Project 5: Project Manager for Network Maintenance
• Project 6: Administration and Design of SharePoint and Documentation Management
Cisco Router
8/2012 – 10/2012
Tätigkeitsbeschreibung
• Project: End client was a bank, where my responsibility as a Fortigate Firewall Specialist to deploy three Zone Security (Cisco ASA & Fortigate firewalls). This is a new Installation on four different locations, two locations are in Germany and two locations are two different countries. Germany is centre of Security Zone, where Fortigate 600C devices are deployed as a cluster (Active-Passive) and replaced instead of Checkpoint Firewall.
• Project Work:
i) Responsibilities included: Firewall Management, Software /- Patches update, Deployment Planning, Designing, Network security solutions, architectures, Devises licensing and registration, quality assurance, Internal Staff Training, Project meetings with End Client and Project Manager to resolve technical Issues and provide solutions.
ii) Prepared and deployed new Configs, policies and conversion of policies from Checkpoint to FortiGate.
iii) Physically installation, deployment, connectivity test and failover test on FortiGate Firewall Devices.
iv) Onsite installation, deployment, and configuration of FortiAnalyser for all types of log and installation of FortiManager for FortiGate devices management.
v) Administration of devices & Monitoring logs, Calls & trouble tickets handling and troubleshooting.
vi) staff training, presentation and technical documentation.
vii) Proxy: Configured Web filtering, Explicit Proxy, Transparent Proxy, Anti Virus, IDS, IPS, VPN, remote access and Traffic Shaping.
viii) Configuring FSSO for single sign-on user access in a Windows AD environment using NTLM.
x) Demo Installation for FortiAuthenticator for Username/password authentication via 802.1X over external RADIUS Server.
• Devices: FortiGate100D, FortiGate 600C, FortiAnalyser 100C and FortiManager 100C
Netzwerk-Sicherheit
Ausbildung
Cardiff
Über mich
Weitere Kenntnisse
• Tufin Certified Security Expert (TCSE-3- Aurora TOS Administration) Feb-2022
• Feb-2022Tufin Certified Security Expert (TCSE-2_Aurora) April-2021
• FireMon Solutions Expert Certification (FMSE) April-2021
• Tufin Certified Security Expert (TCSE-2_Classic) Feb-2021
• Tufin Certified Security Expert (Automation) Oct-2019
• ISO 27001:2013 ISMS Certified Lead Auditor Jan-2017
• SharePoint for Administrators Jul-2016
• Enterprise Privacy Accredited Engineer (ProofPoint) Jul-2015
• Tufin Certified Security Expert (TCSE) Feb-2015
• Implementing Cisco IOS Network Security (IINS) (CCNA Security) Feb-2013
• Configuring and Deploying a Private Cloud with System Center 2012 (SCCM) Jul-2012
• Monitoring and Operating a Private Cloud with System Center 2012 (SCCM) Jul-2012
• Fortinet Certified Network and Security Associate (FCNSA) Apr-2012
• Fortinet Certified Network and Security Professional (FCNSP) Apr-2012
• Cisco Certified Network Professional (CCNP) Jan-2005
• Cisco Certified Network Associate (CCNA) Jul-2004
• Microsoft Certified System Engineer (MCSE) Mar-2004
• Microsoft Certified Database Administrator (MCDBA) Apr-2004
• Microsoft Certified Database Administrator (MCDBA) Apr-2004
Persönliche Daten
- Deutsch (Muttersprache)
- Englisch (Fließend)
- Europäische Union
- Schweiz
- Vereinigte Staaten von Amerika
Kontaktdaten
Nur registrierte PREMIUM-Mitglieder von freelance.de können Kontaktdaten einsehen.
Jetzt Mitglied werden