Security Consultant
Schlagwörter
Skills
Cloud platforms
Cloud Security Principles
ISO 27001 - ISO 27K
Checkpoint
Palo Alto
Cisco
F5 Networks
Firewalls
Firewall cleanup expert
Routing
Networking
IDS & IPS Expert
Technical skills
Project management skills
Documentation skills
Network & Security Architecture
Security Audit specialist
Low Level & High Level Design
VPN Expert
Application Delivery Controllers (ADC)
• Azure Network and Security
• Amazon AWS Network and Security
• Palo Alto Firewalls & Panorama
• Cisco ASA Firewalls - Firepower
• Check Point Firewalls all versions.
• Check Point VSX
• F5 LTM, GTM, ASM, WAF and BIG-IQ management
• Cisco Routing and Switching, Nexus
• Junos Routing and Switching
• Juniper Networks SRX Firewalls Junos OS
• Juniper Networks EX Switches Junos OS
• Juniper Networks SSG Firewalls
• Juniper Network and Security Manager (NSM)
• Juniper Secure Access SSL VPN
• Blue Coat ProxySG
• Toplayer IPS
• Tipping Point IPS
• Sourcefire IPS
• McAfee IPS & HIPS & EPO
• Cisco NIPS
• IBM NIPS & Host IPS
• SIEM - Arcsight, Qradar, LogRhythm, McAfee ESM, Trustwave
• Skybox, Algosec, Tufin
Cloud Security Principles
ISO 27001 - ISO 27K
Checkpoint
Palo Alto
Cisco
F5 Networks
Firewalls
Firewall cleanup expert
Routing
Networking
IDS & IPS Expert
Technical skills
Project management skills
Documentation skills
Network & Security Architecture
Security Audit specialist
Low Level & High Level Design
VPN Expert
Application Delivery Controllers (ADC)
• Azure Network and Security
• Amazon AWS Network and Security
• Palo Alto Firewalls & Panorama
• Cisco ASA Firewalls - Firepower
• Check Point Firewalls all versions.
• Check Point VSX
• F5 LTM, GTM, ASM, WAF and BIG-IQ management
• Cisco Routing and Switching, Nexus
• Junos Routing and Switching
• Juniper Networks SRX Firewalls Junos OS
• Juniper Networks EX Switches Junos OS
• Juniper Networks SSG Firewalls
• Juniper Network and Security Manager (NSM)
• Juniper Secure Access SSL VPN
• Blue Coat ProxySG
• Toplayer IPS
• Tipping Point IPS
• Sourcefire IPS
• McAfee IPS & HIPS & EPO
• Cisco NIPS
• IBM NIPS & Host IPS
• SIEM - Arcsight, Qradar, LogRhythm, McAfee ESM, Trustwave
• Skybox, Algosec, Tufin
Projekthistorie
09/2023
-
03/2024
- Beratung und Review der High Level und Low Level Network Security Architekturen im Umfeld Palo Alto Firewalls
- Analyse der Firewall-Systemlandschaft und Unterstützung bei Design & Implementierung und Migration zu Cortex
05/2022
-
06/2023
Cloud Security Consultant
Vattenfall
(Energie, Wasser und Umwelt, 1000-5000 Mitarbeiter)
Betrieb und Incident Management von Tickets, Azure Security, Palo Alto Firewalls, Fortinet Firewalls, F5 Networks und Cisco Routing und Switching.
Migration von Palo Alto Firewalls und F5 Load Balancer unter Verwendung des OT-Netzwerktrennungsmodells
Verwaltung von Azure-Sicherheitsregeln und F5 LTM, Palo Alto Firewalls & Panorama und Cortex XDR
Unterstützung bei mehreren Sicherheitsprojekten, Begleitung der Migration von Applikation
Entwurf eines operativen Übergabeleitfadens und Unterstützung in anderen Bereichen des Netzwerkdesigns
Migration von F5 Networks Load Balancer und der Einrichtung der F5 WAF-Funktionalität
Migration von Palo Alto Firewalls und F5 Load Balancer unter Verwendung des OT-Netzwerktrennungsmodells
Verwaltung von Azure-Sicherheitsregeln und F5 LTM, Palo Alto Firewalls & Panorama und Cortex XDR
Unterstützung bei mehreren Sicherheitsprojekten, Begleitung der Migration von Applikation
Entwurf eines operativen Übergabeleitfadens und Unterstützung in anderen Bereichen des Netzwerkdesigns
Migration von F5 Networks Load Balancer und der Einrichtung der F5 WAF-Funktionalität
11/2021
-
04/2022
Security Consultant
Messer
Messer, Mühltal, Germany
* Upgrade of 12 Palo Alto network firewall from Software version 8 to 10
Coordinated the migration calls with different teams and 3rd parties
* Upgrade of 12 Palo Alto network firewall from Software version 8 to 10
Coordinated the migration calls with different teams and 3rd parties
07/2021
-
10/2021
Security Consultant
Kubus-IT
Kubus-IT, Bayreuth, Germany
* Checkpoint GAIA and Tufin daily management and rule base improvement
* Architected and coordinated the upgrade of a legacy Checkpoint VPN Firewall
* Installation, configuration, commissioning, administration, and monitoring of the IT Security
infrastructure considering the current security aspects
* Security and Compliance of the Enterprise Firewall estate, determined technical, business
impact and likelihood of identified security issues and provided remediation guidance
* Checkpoint GAIA and Tufin daily management and rule base improvement
* Architected and coordinated the upgrade of a legacy Checkpoint VPN Firewall
* Installation, configuration, commissioning, administration, and monitoring of the IT Security
infrastructure considering the current security aspects
* Security and Compliance of the Enterprise Firewall estate, determined technical, business
impact and likelihood of identified security issues and provided remediation guidance
02/2020
-
03/2021
Risk and Compliance Security Consultant
BASF
BASF, Ludwigshafen, Germany
* Checkpoint GAIA, Tufin and RSA Archer IT and Security Risk Management
* Security and Compliance of the Enterprise Firewall estate, determined technical, business
impact and likelihood of identified security issues and provided remediation guidance
* Identified and evaluated complex business and technology risks, controls which mitigate risks,
and the related opportunities for control improvements
* Checkpoint GAIA, Tufin and RSA Archer IT and Security Risk Management
* Security and Compliance of the Enterprise Firewall estate, determined technical, business
impact and likelihood of identified security issues and provided remediation guidance
* Identified and evaluated complex business and technology risks, controls which mitigate risks,
and the related opportunities for control improvements
08/2019
-
02/2020
Senior Security Consultant
Caterpillar Energy Solutions GmbH
Caterpillar Energy Solutions GmbH, Mannheim, Germany
* Industrial 4.0 Security, Evaluation and Documentation of a VPN Firewall solution to obtain ISO
27001 compliance
* Migration of a Firewall management server hosting over 900 VPN Firewalls and implementation of
a high availability solution within a cloud provider
* VPN Firewall Developments for Remote Engine Management, migrations, new installations, and
troubleshooting
* Information security policy documentation updates for internal and customers
* Business as usual tasks
* Industrial 4.0 Security, Evaluation and Documentation of a VPN Firewall solution to obtain ISO
27001 compliance
* Migration of a Firewall management server hosting over 900 VPN Firewalls and implementation of
a high availability solution within a cloud provider
* VPN Firewall Developments for Remote Engine Management, migrations, new installations, and
troubleshooting
* Information security policy documentation updates for internal and customers
* Business as usual tasks
09/2018
-
05/2019
Senior Security Consultant
Orange Business Services
Orange Business Services, Eschborn, Germany
* Cisco ASA firewall cleanup project, rule base optimization, removal of unused rule of a
worldwide firewall estate
* Upgrade of Cisco ASA firewall to Cisco Firepower firewalls
* Installation of a an ESXi Server to serve a Zscaler VZEN proxy solution
* Implemented an access control policy to optimize Network Access controls for large scale
CyberArk deployment
* Information security policy documentation updates for customers
* Cisco ASA firewall cleanup project, rule base optimization, removal of unused rule of a
worldwide firewall estate
* Upgrade of Cisco ASA firewall to Cisco Firepower firewalls
* Installation of a an ESXi Server to serve a Zscaler VZEN proxy solution
* Implemented an access control policy to optimize Network Access controls for large scale
CyberArk deployment
* Information security policy documentation updates for customers
03/2018
-
08/2018
Senior Checkpoint Consultant
Porsche AG
Porsche AG, Stuttgart, Germany
* Installation, configuration, commissioning, administration, and monitoring of the IT Security
infrastructure considering the current security aspects
* Elaboration and execution of migrations from legacy systems to new devices of Checkpoint and
Cisco ASA firewalls and F5 Load balancers, including the creation and updating of company
documentations
* Performed configuration work to optimize the system and maintain the availability of the
firewall systems
* Installation, configuration, commissioning, administration, and monitoring of the IT Security
infrastructure considering the current security aspects
* Elaboration and execution of migrations from legacy systems to new devices of Checkpoint and
Cisco ASA firewalls and F5 Load balancers, including the creation and updating of company
documentations
* Performed configuration work to optimize the system and maintain the availability of the
firewall systems
01/2018
-
03/2018
Security Architect
ING DiBa AG
ING DiBa AG, Frankfurt am Main, Germany
* Development of external connections documentation, worked on ING DiBa security policies,
including documents for Acceptable use of services, Security roles and responsibilities
* Consulted on security architecture, liaison with stakeholders to gather information for
documentation
* Development of external connections documentation, worked on ING DiBa security policies,
including documents for Acceptable use of services, Security roles and responsibilities
* Consulted on security architecture, liaison with stakeholders to gather information for
documentation
12/2017
-
12/2017
Security Project Manager
Klöckner Pentaplast
Klöckner Pentaplast, Germany
* Project manager for urgent replacement of 20 Palo Alto firewalls
* Coordinated, and managed all aspects of the projects. Oversaw delivery of firewalls,
coordinated with onsite staff to get the devices racked and stacked
* Configuration of Palo Alto firewalls, synchronized downtimes for migration worldwide out of
business hours
* Project manager for urgent replacement of 20 Palo Alto firewalls
* Coordinated, and managed all aspects of the projects. Oversaw delivery of firewalls,
coordinated with onsite staff to get the devices racked and stacked
* Configuration of Palo Alto firewalls, synchronized downtimes for migration worldwide out of
business hours
06/2017
-
11/2017
Network Security Architect
Allianz
Allianz, Frankfurt am Main, Germany
* Data Centre consolation, Technologies: Check Point VSX, Cisco Nexus, BlueCoat Proxy
* Self-sufficiently project managed medium and large-scale projects that align towards service
and departmental goals
* Coordinated, and managed all aspects of the projects, investigated internal process, and
obeyed to them. Oversaw the direction, development, and implementation of Allianz projects
* Coordination of 3rd party Vendors, Cloud providers, managed escalations, tracked progress and
reported to customers, maintained the line of communication to avoid misunderstandings and
proactively addressed issues
* Client project requirements gathering, liaison with customers as a project manager to
translate the requirements into designs, CyberArk administration
* Data Centre consolation, Technologies: Check Point VSX, Cisco Nexus, BlueCoat Proxy
* Self-sufficiently project managed medium and large-scale projects that align towards service
and departmental goals
* Coordinated, and managed all aspects of the projects, investigated internal process, and
obeyed to them. Oversaw the direction, development, and implementation of Allianz projects
* Coordination of 3rd party Vendors, Cloud providers, managed escalations, tracked progress and
reported to customers, maintained the line of communication to avoid misunderstandings and
proactively addressed issues
* Client project requirements gathering, liaison with customers as a project manager to
translate the requirements into designs, CyberArk administration
11/2016
-
06/2017
Senior F5 consultant
SAP AG
SAP AG, Germany
* Migration of legacy F5 devices to new hardware or F5 VCMP guests
* F5 audit and improvement, conducted a F5 landscape review over several business units and
created from the information collected an installation checklist, Load balancing Guidelines
and operational handover documentation
* General F5 System configuration, initial setup, software upgrades, troubleshooting
* Networking: documentation and implementation of VLANs, Route Domains, Routes
* Migration of legacy F5 devices to new hardware or F5 VCMP guests
* F5 audit and improvement, conducted a F5 landscape review over several business units and
created from the information collected an installation checklist, Load balancing Guidelines
and operational handover documentation
* General F5 System configuration, initial setup, software upgrades, troubleshooting
* Networking: documentation and implementation of VLANs, Route Domains, Routes
07/2016
-
11/2016
Resident Engineer
Palo Alto Networks Professional Services
Palo Alto Networks Professional Services, Eschborn, Germany
* On site, as resident engineer for the Customer Amadeus, supporting migrations from Cisco ASA
to Palo Alto networks firewalls
* Implementation of additional VSYS on firewalls, Layer 3 to Layer 7 migration, Dynamic blocking
list, URL Filtering & Reporting, Panorama Templates stacks, User Based policies, Zone
protection profiles and Zone based security polices, Data Filtering and Wildfire
implementation
* Deployment guidance to ensure that implementation is consistent with design specifications
* Network troubleshooting and operations support, Network, and configuration analysis
* Acted as customer technical liaison for Palo Alto Networks support and development teams
* On site, as resident engineer for the Customer Amadeus, supporting migrations from Cisco ASA
to Palo Alto networks firewalls
* Implementation of additional VSYS on firewalls, Layer 3 to Layer 7 migration, Dynamic blocking
list, URL Filtering & Reporting, Panorama Templates stacks, User Based policies, Zone
protection profiles and Zone based security polices, Data Filtering and Wildfire
implementation
* Deployment guidance to ensure that implementation is consistent with design specifications
* Network troubleshooting and operations support, Network, and configuration analysis
* Acted as customer technical liaison for Palo Alto Networks support and development teams
03/2016
-
06/2016
Security Architect
Merlin Entertainments Group
Merlin Entertainments Group, Chessington
* Trustwave, UTM's, SIEM, Cisco Firewalls and Switching, CyberArk Enterprise Password Vault
* PCI-DSS and ISO 27k audit. Scope of work, liaison of Pen test with Trustwave. Communication
with all teams to maintain PCI compliance
* Architected an enterprise EMEA and AMER CyberArk solution
* Projects: PCI-DSS SSL migration, lead the project to replace all certificates which supported
SSL, allocated resources. Trustwave UTM Firewall audit for PCI audit
* Trustwave, UTM's, SIEM, Cisco Firewalls and Switching, CyberArk Enterprise Password Vault
* PCI-DSS and ISO 27k audit. Scope of work, liaison of Pen test with Trustwave. Communication
with all teams to maintain PCI compliance
* Architected an enterprise EMEA and AMER CyberArk solution
* Projects: PCI-DSS SSL migration, lead the project to replace all certificates which supported
SSL, allocated resources. Trustwave UTM Firewall audit for PCI audit
01/2016
-
03/2016
Network & Security Consultant
Grosvenor Estate
Grosvenor Estate, London
* Palo Alto Network Firewalls, HP switches, F5 load balancers.
* Firewall audit and improvement. Added DOS protection profile and SSL decryption policy on Palo
Alto firewalls
* Server and Desktop Endpoint protection evaluation, Vendor shortlisting, Budget, Stakeholder
approvals, Resource management and technical oversight of the project
* Cisco PIX to ASA firewall upgrade
* Creation of Critical Incident management document and an ISO 27k audit
* Palo Alto Network Firewalls, HP switches, F5 load balancers.
* Firewall audit and improvement. Added DOS protection profile and SSL decryption policy on Palo
Alto firewalls
* Server and Desktop Endpoint protection evaluation, Vendor shortlisting, Budget, Stakeholder
approvals, Resource management and technical oversight of the project
* Cisco PIX to ASA firewall upgrade
* Creation of Critical Incident management document and an ISO 27k audit
10/2015
-
12/2015
Network & Security Developer
Financial Ombudsman
Financial Ombudsman, London
* Cisco ASA firewalls with IPS, Check Point Firewalls with IPS, Threat Prevention, Antibot &
Mobile Access, F5 LTM, Cisco Nexus routing and switching, Cisco Identity Services Engine,
Qualys
* Projects: F5 code update and GTM integration - HLD and LLD, Cisco IPS migration to Sourcefire
IPS -HLD & LLD
* IPS tuning and review, Firewall audit and improvement
* Daily BAU task and implementation of changes and support
* Cisco ASA firewalls with IPS, Check Point Firewalls with IPS, Threat Prevention, Antibot &
Mobile Access, F5 LTM, Cisco Nexus routing and switching, Cisco Identity Services Engine,
Qualys
* Projects: F5 code update and GTM integration - HLD and LLD, Cisco IPS migration to Sourcefire
IPS -HLD & LLD
* IPS tuning and review, Firewall audit and improvement
* Daily BAU task and implementation of changes and support
02/2015
-
10/2015
Network & Security Architect
Cabinet Office
Cabinet Office, London
* Palo Alto Network Firewalls using Global Protect with client certificates, Juniper Junos OS
SRX firewalls and EX Switches using OSPF routing, Cisco Switches, F5 LTM Load Balancers used
as SAML service provider and F5 APM LTM network access
* Rollout of the Cabinet Office IT into google cloud. Consulting within Cloud deployments of
network and security devices and service
* Network and Security audit to comply with PSN Code of Connection (Public Services Network) and
ISO 27k audit of the entire enterprise network services and creation of a supplier security
policy adhering to legal, regulatory, and contractual requirements
* Consultancy for risk assessment and establishment of Information Security and Business
Continuity plan
* Documentation of an Incident response plan to protect the government data and improved general
network security
* Lead F5 architect on several service migration projects, including the design and
implementation of 3rd party SSL VPN access through F5 LTM, F5 reverse proxy and architected
and deployed a government wide F5 APM/SAML user authentication to several business-critical
applications, acted as 3rd line to investigate F5 network and security issues
* Palo Alto Network Firewalls using Global Protect with client certificates, Juniper Junos OS
SRX firewalls and EX Switches using OSPF routing, Cisco Switches, F5 LTM Load Balancers used
as SAML service provider and F5 APM LTM network access
* Rollout of the Cabinet Office IT into google cloud. Consulting within Cloud deployments of
network and security devices and service
* Network and Security audit to comply with PSN Code of Connection (Public Services Network) and
ISO 27k audit of the entire enterprise network services and creation of a supplier security
policy adhering to legal, regulatory, and contractual requirements
* Consultancy for risk assessment and establishment of Information Security and Business
Continuity plan
* Documentation of an Incident response plan to protect the government data and improved general
network security
* Lead F5 architect on several service migration projects, including the design and
implementation of 3rd party SSL VPN access through F5 LTM, F5 reverse proxy and architected
and deployed a government wide F5 APM/SAML user authentication to several business-critical
applications, acted as 3rd line to investigate F5 network and security issues
12/2014
-
01/2015
Security Engineer
Palo Alto; Sony
Sony, London
* Response to the GOP Sony hack, consulted on security issues for the Palo Alto firewalls.
* Vulnerability assessment, Security configuration Audit, Firewall rule-base audit.
Deployment of a Decryption Profile and Custom URL Category protection. Configuration of
Security Profile Groups and adding Application awareness to the security rule-based on the
Palo Alto Networks firewalls.
* Response to the GOP Sony hack, consulted on security issues for the Palo Alto firewalls.
* Vulnerability assessment, Security configuration Audit, Firewall rule-base audit.
Deployment of a Decryption Profile and Custom URL Category protection. Configuration of
Security Profile Groups and adding Application awareness to the security rule-based on the
Palo Alto Networks firewalls.
11/2014
-
12/2014
Network and Security Technical Design Architect
BT
BT, London and Sheffield, England
* Build of a new active-active cloud-based data centre for the Southwest Grid for Learning
* Low Level Designs of the following technologies: Internal Check Point VSX firewalls including
IPS, F5 LTM and GTM load balancers, TippingPoint NGFW including IPS
* Creation of Network Diagrams and review of High and Low-Level Designs from other domains
* Configuration of devices and configuration of firewall policies and IPS rules
* Build of a new active-active cloud-based data centre for the Southwest Grid for Learning
* Low Level Designs of the following technologies: Internal Check Point VSX firewalls including
IPS, F5 LTM and GTM load balancers, TippingPoint NGFW including IPS
* Creation of Network Diagrams and review of High and Low-Level Designs from other domains
* Configuration of devices and configuration of firewall policies and IPS rules
10/2014
-
10/2014
Network and Security Architect
City and Guilds
City and Guilds, London, England
* Migration from a legacy HP TippingPoint NIPS managed by HP TippingPoint security management
system
* Completed High Level and Low-Level Design, Configuration of devices and IPS rules, Stakeholder
and team handover including mentoring of the team
* Migration from a legacy HP TippingPoint NIPS managed by HP TippingPoint security management
system
* Completed High Level and Low-Level Design, Configuration of devices and IPS rules, Stakeholder
and team handover including mentoring of the team
10/2013
-
09/2014
Senior Network Security Consultant
Travelling; Prudential
Prudential, London, England
* Technologies: IBM Security Network Intrusion Prevention System, McAfee Network Security
Platform, Check Point VSX and Palo Alto Network Firewalls, Cisco Nexus Switches, Citrix
NetScaler Load Balancers
* Architected, scoped, and budgeted an enterprise £1M+ Network and Host Intrusion Prevention
refresh project including an audit of the existing Network and HIDS solution
* Provided architectural guidance to stakeholders and independently managed and coordinated the
approved project to align towards service and departmental goals and consulted within other
overlapping projects as like the Malware & DDOS projects
* Collaborated with business units to identify company assets and conducted a technical risk
evaluation of hardware, software, installed systems and networks to classify data and systems
Host Intrusion Prevention protection
* Designed and developed a proof-of-concept for the new IPS solution which will send system and
intrusion logs to the Security Incident Event Management (SIEM)
* Created several strategy documents to sell stakeholders the value and benefits of the
Intrusion Prevention solution which included a design option pack - a mix between different
Vendor and Open-source NIPS/HIPS, a rough order of magnitude (ROM) estimates of the different
NIPS and HIPS combinations and a High-Level Design of the chosen solution
* Worked closely with project managers, system owners, and stakeholders to avoid redundancy,
minimize expenditures, and improve overall strategies within organization and performed design
reviews across the company
* Technologies: IBM Security Network Intrusion Prevention System, McAfee Network Security
Platform, Check Point VSX and Palo Alto Network Firewalls, Cisco Nexus Switches, Citrix
NetScaler Load Balancers
* Architected, scoped, and budgeted an enterprise £1M+ Network and Host Intrusion Prevention
refresh project including an audit of the existing Network and HIDS solution
* Provided architectural guidance to stakeholders and independently managed and coordinated the
approved project to align towards service and departmental goals and consulted within other
overlapping projects as like the Malware & DDOS projects
* Collaborated with business units to identify company assets and conducted a technical risk
evaluation of hardware, software, installed systems and networks to classify data and systems
Host Intrusion Prevention protection
* Designed and developed a proof-of-concept for the new IPS solution which will send system and
intrusion logs to the Security Incident Event Management (SIEM)
* Created several strategy documents to sell stakeholders the value and benefits of the
Intrusion Prevention solution which included a design option pack - a mix between different
Vendor and Open-source NIPS/HIPS, a rough order of magnitude (ROM) estimates of the different
NIPS and HIPS combinations and a High-Level Design of the chosen solution
* Worked closely with project managers, system owners, and stakeholders to avoid redundancy,
minimize expenditures, and improve overall strategies within organization and performed design
reviews across the company
09/2012
-
10/2013
Principal Security Engineer
Everything Everywhere
Everything Everywhere, Hatfield, England
* Technologies: Check Point VSX managed by Provider1, Palo Alto Network and Juniper firewalls,
F5 BIG-IP LTM
* Independently managed and coordinated approved medium and large-scale projects that align
towards service and departmental goals
* Acted as design and architect authority and provided high level IT Security briefing to
management
* Lead, coordinated, and managed all aspects of Security implementation, managed design sessions
within areas of specialization. Oversaw the direction, development, and implementation of
Security solutions, participated in design of new Network Security and strategies.
* Client project requirements gathering, liaison with customers and project managers to
translate the requirements into design documents.
* Review of High-Level Design documents for each project. Carried out security assessments and
provided recommendations. Ensured that IP connectivity, topology, design and security settings
are in line with customer security policy
* Working with formal Change Control. Design and review of configuration changes for secured
environments
* Design and implementation F5 load balancing solutions
* Recommended preventive, mitigating, and compensating controls to ensure the appropriate level
of protection and adherence to the goals of the overall information security strategy
* Liaised with company's Operations team for prompt rectification of any problems or
emergencies.
* Technologies: Check Point VSX managed by Provider1, Palo Alto Network and Juniper firewalls,
F5 BIG-IP LTM
* Independently managed and coordinated approved medium and large-scale projects that align
towards service and departmental goals
* Acted as design and architect authority and provided high level IT Security briefing to
management
* Lead, coordinated, and managed all aspects of Security implementation, managed design sessions
within areas of specialization. Oversaw the direction, development, and implementation of
Security solutions, participated in design of new Network Security and strategies.
* Client project requirements gathering, liaison with customers and project managers to
translate the requirements into design documents.
* Review of High-Level Design documents for each project. Carried out security assessments and
provided recommendations. Ensured that IP connectivity, topology, design and security settings
are in line with customer security policy
* Working with formal Change Control. Design and review of configuration changes for secured
environments
* Design and implementation F5 load balancing solutions
* Recommended preventive, mitigating, and compensating controls to ensure the appropriate level
of protection and adherence to the goals of the overall information security strategy
* Liaised with company's Operations team for prompt rectification of any problems or
emergencies.
07/2012
-
08/2012
Firewall Engineer
Deutsche Bank
Deutsche Bank, London, England
* Technologies: Check Point managed by Provider1, Blue Coat Proxy and McAfee Web gateway, F5
BIG-IP (LTM)
* Design and integration of network and security solutions on a project basis in the Network
Services and Production Security team
* Implementation of BAU security appliance changes, including OSPF and BGP route redistribution,
policy-based routing
* Installation, configuration, and maintenance of F5 BIG-IP Local Traffic Manager (LTM) load
balancers in a high availability environment.
* Carried out day to day support activities of the enterprise network and the data centre sign
and integration of network and security solutions on a project basis in the Network Services
and Production Security team
* Provided guidance and support to the enterprise; acted as single point of contact for Security
Incidents and related issues.
* Technologies: Check Point managed by Provider1, Blue Coat Proxy and McAfee Web gateway, F5
BIG-IP (LTM)
* Design and integration of network and security solutions on a project basis in the Network
Services and Production Security team
* Implementation of BAU security appliance changes, including OSPF and BGP route redistribution,
policy-based routing
* Installation, configuration, and maintenance of F5 BIG-IP Local Traffic Manager (LTM) load
balancers in a high availability environment.
* Carried out day to day support activities of the enterprise network and the data centre sign
and integration of network and security solutions on a project basis in the Network Services
and Production Security team
* Provided guidance and support to the enterprise; acted as single point of contact for Security
Incidents and related issues.
07/2011
-
06/2012
Network and Security Engineer
Thomson Reuters
Thomson Reuters, London, England
* Technologies: Check Point NGX r54 - r70 running on Splat with VSX, SecureXL, ClusterXL,
managed by Provider-1, Juniper and Cisco PIX and ASA firewalls on different platforms and F5
BIG-IP (LTM)
* Executed proof of concept tactical plans. Consulted end-users, clients, or business owners to
define business requirements for complex systems and infrastructure development.
* Recommended and executed modifications to System, Network & System infrastructure to improve
efficiency, reliability, and performance.
* Designed and configured Cisco networking devices, on different platforms with VRF routing
topologies, added Ace modules and CSS Load Balancers
* F5 BIG-IP Local Traffic Manager (LTM) project design guidance, change coordination and
implementation
* Assigned to several projects as the sole network and firewall resource to deliver projects in
time which included large projects with up to 450 data flows, medium and small project
requests
* Peer reviewed, advised and signed off network and firewall data flows for project related High
Level designs
* Writing change templates which bound to global naming standards and network security
standards, peer review of team member's changes
* Implementation of Network and Firewall, Provider 1 Global policy implementation and management
* Adhering to a strict change management process as changes are made on financial high critical
firewalls
* Analysed data traffic patterns within the network infrastructure, proactively identified
symptoms and instabilities in a timely and accurate manner
* Build of new firewalls in a physical and virtual environment, OAT testing of newly
commissioned firewalls member of the Network and Security delivery team designing projects in
a large Enterprise environment
* Developed and executed test plans to check infrastructure and systems technical performance.
Report on findings and make recommendations for improvement.
* Technologies: Check Point NGX r54 - r70 running on Splat with VSX, SecureXL, ClusterXL,
managed by Provider-1, Juniper and Cisco PIX and ASA firewalls on different platforms and F5
BIG-IP (LTM)
* Executed proof of concept tactical plans. Consulted end-users, clients, or business owners to
define business requirements for complex systems and infrastructure development.
* Recommended and executed modifications to System, Network & System infrastructure to improve
efficiency, reliability, and performance.
* Designed and configured Cisco networking devices, on different platforms with VRF routing
topologies, added Ace modules and CSS Load Balancers
* F5 BIG-IP Local Traffic Manager (LTM) project design guidance, change coordination and
implementation
* Assigned to several projects as the sole network and firewall resource to deliver projects in
time which included large projects with up to 450 data flows, medium and small project
requests
* Peer reviewed, advised and signed off network and firewall data flows for project related High
Level designs
* Writing change templates which bound to global naming standards and network security
standards, peer review of team member's changes
* Implementation of Network and Firewall, Provider 1 Global policy implementation and management
* Adhering to a strict change management process as changes are made on financial high critical
firewalls
* Analysed data traffic patterns within the network infrastructure, proactively identified
symptoms and instabilities in a timely and accurate manner
* Build of new firewalls in a physical and virtual environment, OAT testing of newly
commissioned firewalls member of the Network and Security delivery team designing projects in
a large Enterprise environment
* Developed and executed test plans to check infrastructure and systems technical performance.
Report on findings and make recommendations for improvement.
08/2010
-
06/2011
Network and Security Consultant
LINDE GASES
LINDE GASES, Guildford, England
* Architected and coordinated the migration of 150 VPNs from a Cisco ASA firewall to a Juniper
Firewall, including the creation of a VPN policy procedure document, a detailed Juniper VPN
deployment guide, 3rd Party VPN request form and ensuring that a suitable support process
exists for the new VPN's
* Creation of a "Future Mode of Operations" data centre documentation, a firewall operability -
change and maintenance guide and security device policy and naming standards guide, updated
all existing documentation
* Network stream lead of the "Datacentre migration project" - project, risk and issue
management, ensuring that projects are efficient and delivered on time
* Involved in the architecture discussions and agreements for the shaping of the new data centre
environment, including the approval of High-Level Designs, review of firewall changes and
approval as a CAB member, supported the Network and Security Architect within daily duties
* Juniper Firewall security policy review to ensure that insecure or unnecessary firewall rules
are removed and a general policy improvement (firewall rule base clean-up)
* Architected and coordinated the migration of 150 VPNs from a Cisco ASA firewall to a Juniper
Firewall, including the creation of a VPN policy procedure document, a detailed Juniper VPN
deployment guide, 3rd Party VPN request form and ensuring that a suitable support process
exists for the new VPN's
* Creation of a "Future Mode of Operations" data centre documentation, a firewall operability -
change and maintenance guide and security device policy and naming standards guide, updated
all existing documentation
* Network stream lead of the "Datacentre migration project" - project, risk and issue
management, ensuring that projects are efficient and delivered on time
* Involved in the architecture discussions and agreements for the shaping of the new data centre
environment, including the approval of High-Level Designs, review of firewall changes and
approval as a CAB member, supported the Network and Security Architect within daily duties
* Juniper Firewall security policy review to ensure that insecure or unnecessary firewall rules
are removed and a general policy improvement (firewall rule base clean-up)
03/2010
-
08/2010
Security Solution Designer
BT
BT, London, England
* Employed as Security Designer within the Network and Security design team, to design and
deploy new security infrastructures, ensuring a timely and quality delivery of platforms which
meets current standards which included the migration of 280 Check Point Firewalls to Juniper
Firewalls, a worldwide enterprise Websense with Blue Coat ProxySG integration and an
enterprise Tipping Point 10GB IPS solution
* Responsible for the design of new firewall deployments for the worldwide offices of the
Enterprise client, end to end IPSEC and GRE VPN's
* Performing vendor assessments and technical proof of concepts to help the Enterprise client to
select fit-for-purpose solution(s), engaged with the technical part of the documentation for
the "Request for proposals" and "Statement of Requirements", Created technical definitions at
a detailed level of the architecture and design
* Analysed business needs and requirements in terms of technical solutions, defining the
technical requirements, integration issues and dependencies, identifying the architectures
best suited to client needs
* Liaised with product vendors, technical specialists, colleagues, and other information sources
to define product sets capable of fulfilling the client requirements
* Developed detailed implementation plans to accommodate network growth, security, and
enhancements by maximizing functionality of network security equipment
* Drafting functional requirement descriptions, carrying out feasibility studies and liaising
with external security specialists
* Employed as Security Designer within the Network and Security design team, to design and
deploy new security infrastructures, ensuring a timely and quality delivery of platforms which
meets current standards which included the migration of 280 Check Point Firewalls to Juniper
Firewalls, a worldwide enterprise Websense with Blue Coat ProxySG integration and an
enterprise Tipping Point 10GB IPS solution
* Responsible for the design of new firewall deployments for the worldwide offices of the
Enterprise client, end to end IPSEC and GRE VPN's
* Performing vendor assessments and technical proof of concepts to help the Enterprise client to
select fit-for-purpose solution(s), engaged with the technical part of the documentation for
the "Request for proposals" and "Statement of Requirements", Created technical definitions at
a detailed level of the architecture and design
* Analysed business needs and requirements in terms of technical solutions, defining the
technical requirements, integration issues and dependencies, identifying the architectures
best suited to client needs
* Liaised with product vendors, technical specialists, colleagues, and other information sources
to define product sets capable of fulfilling the client requirements
* Developed detailed implementation plans to accommodate network growth, security, and
enhancements by maximizing functionality of network security equipment
* Drafting functional requirement descriptions, carrying out feasibility studies and liaising
with external security specialists
08/2008
-
02/2010
Security Analyst
GALA CORAL GROUP
GALA CORAL GROUP, Woking, England
* Designing, implementing, maintaining, and supporting internal networks in an E-Commerce
environment
* Troubleshooting routing and firewall issues, followed by technical design meetings and
workshops
* Overseeing the upgrade and deployment of new Crossbeam &, Nokia Firewall clusters, new
Toplayer IPS clusters, Sourcefire IDS running RNA and RUA, RSA Secure ID clusters, Blue Coat
ProxySG and F5 Firepass clusters, migration of the company wide Firewall estate from Check
Point on Crossbeam appliances to Juniper 5400 running Virtual Systems (VSYS), creating
accurate documentation
* Implementing several internal and 3rd parties' VPNs on Check Point, Juniper and Cisco ASA
firewalls
* Analysing and implementing firewall changes, developing firewall polices including removal of
unused objects and policies and creating change documentation including documentation of
firewall rules
* Sole F5 BIG-IP Local Traffic Manager (LTM) change implementer - mentored other team colleagues
* Managing and implementing changes within strict timescales and controls whilst maintaining
live services always, responding rapidly on high priority incidents during on call rota
* Proactively involved in quality resolution of complex technical issues, responding with an
appropriate sense of urgency to problems escalated; coordinated with the appropriate
departments to determine positive solutions that increased end user satisfaction
* Carrying out daily housekeeping tasks - firewall requests, proxy management, system checks,
IPS management, log checks, appliances maintenance, ensuring that system patches are applied
* Monitoring of all security devices including Firewall and Intrusion Detection Systems
Upgrading existing security systems to appropriate current hardware and Software levels
* Designing, implementing, maintaining, and supporting internal networks in an E-Commerce
environment
* Troubleshooting routing and firewall issues, followed by technical design meetings and
workshops
* Overseeing the upgrade and deployment of new Crossbeam &, Nokia Firewall clusters, new
Toplayer IPS clusters, Sourcefire IDS running RNA and RUA, RSA Secure ID clusters, Blue Coat
ProxySG and F5 Firepass clusters, migration of the company wide Firewall estate from Check
Point on Crossbeam appliances to Juniper 5400 running Virtual Systems (VSYS), creating
accurate documentation
* Implementing several internal and 3rd parties' VPNs on Check Point, Juniper and Cisco ASA
firewalls
* Analysing and implementing firewall changes, developing firewall polices including removal of
unused objects and policies and creating change documentation including documentation of
firewall rules
* Sole F5 BIG-IP Local Traffic Manager (LTM) change implementer - mentored other team colleagues
* Managing and implementing changes within strict timescales and controls whilst maintaining
live services always, responding rapidly on high priority incidents during on call rota
* Proactively involved in quality resolution of complex technical issues, responding with an
appropriate sense of urgency to problems escalated; coordinated with the appropriate
departments to determine positive solutions that increased end user satisfaction
* Carrying out daily housekeeping tasks - firewall requests, proxy management, system checks,
IPS management, log checks, appliances maintenance, ensuring that system patches are applied
* Monitoring of all security devices including Firewall and Intrusion Detection Systems
Upgrading existing security systems to appropriate current hardware and Software levels
09/2007
-
08/2008
Network Security Support Engineer
INTEGRALIS
INTEGRALIS, Theale, England
* Provided proactive 2nd Level technical security application support in English and German
* Manage/Configure/Troubleshooting Check Point VPN-1 NG(X) Firewalls, Splat, Crossbeam
Firewalls, Nokia Firewalls, F5 BIG-IP LTM, F5 BIG-IP GTM, F5 BIG-IP ASM, Firepass, Bluecoat,
AAA, Sourcefire IDS/IPS and ISS.
* Adhering to escalation and call management processes and procedures
* Attended training courses covering products and technologies
Network protocol analysing, troubleshooting with log files
* Provided proactive 2nd Level technical security application support in English and German
* Manage/Configure/Troubleshooting Check Point VPN-1 NG(X) Firewalls, Splat, Crossbeam
Firewalls, Nokia Firewalls, F5 BIG-IP LTM, F5 BIG-IP GTM, F5 BIG-IP ASM, Firepass, Bluecoat,
AAA, Sourcefire IDS/IPS and ISS.
* Adhering to escalation and call management processes and procedures
* Attended training courses covering products and technologies
Network protocol analysing, troubleshooting with log files
Reisebereitschaft
Weltweit verfügbar
