|
|
|
|
Security Analyst, IT Auditor, Business Continuity, Disaster Recovery Resume
|
| Desired Industry: Information Technology |
SpiderID: 10102 |
| Desired Job Location: Chicago, Illinois |
Date Posted: 12/1/2006 |
| Type of Position: Contractor |
Availability Date: Immediately |
| Desired Wage: |
|
|
U.S. Work Authorization: Yes |
| Job Level: Management (Manager, Director) |
Willing to Travel: Yes, More Than 75% |
| Highest Degree Attained: Bachelors |
Willing to Relocate: Undecided |
Objective:
Looking to perform in Vulnerability Assessment & Penetration Testing of wired & wireless networks, server farms & network infrastructure using known / custom tools & scripts, Business Continuity Planning (BCP) Advisory & Audits, Hardening of Server based Operating Systems & Systems / Network infrastructure, Implementation and audits as per ISO27001 /BS7799 & ISO20000 /BS15000 requirements.
Experience:
Ernst & Young March 05 Nov 06
Business Continuity Planning
SAP For operations spread across different countries
A Software Services Organization for operations spread across different countries
BCP Audits for outsourced vendors of Xerox
BCP audits against PAS56 for a Software Services organization
BCP Gap Assessment audit for a Software Services organization with operations across different countries
Facilitated discussions at the leadership level to arrive at consensus while developing business continuity strategies.
Interacted with the heads of service delivery units and support functions to understand the business, identify needs for business continuity and developing strategies to provision for the identified needs.
Carried out Business Impact Analysis (BIA) and Risk Assessment (RA); and co-developed the Corporate BCM strategy as well as the Process Level BCM strategy.
Developed business continuity plan to recover critical level of service delivery and support operations when there is disruption due to a disaster.
Developed testing schedules for the mitigation strategies, facilitated BCP testing including paper testing, system technical testing, and full testing.
Analysed the test results to modify the strategy where required.
Vendor Risk Management Information Security Audits
Sixteen vendors for Bear Stearns & Co.
Two vendors for British Telecom
Created a vendor risk management framework based on client business requirements.
Led a six-member team and conducted technology audits of clients vendors.
Security audits included network architecture security evaluation, vulnerability assessment, segregation of duties assessments etc.
Penetration Testing (PT) & Vulnerability Assessment (VA)
PT & VA for several clients as separate engagement or as part of another engagement
Clients were across different industries viz. Financial Services, Information Technology Enabled Services (ITES) / BPO (Business Process Outsourcing), Telecom & Manufacturing.
Client names cannot be revealed due to sensitive nature of the engagement
Led four-member teams in conducting PT and VA of technological infrastructure across several locations which included server farms (Windows, *nix, Solaris), Routers, Firewalls & Switches. Assessment methodology included programming scripts (NASL) and exploits where required.
Provided proof-of-concepts (where applicable) and issued findings & recommendation report.
Implementation advisory - Payment Card Industry(PCI) Data Security Standard(DSS)
BPO clients servicing Financial Services Organizations (E.g. Washington Mutual)
Mapped existing policies / procedures of the service provider with those required by PCI DSS.
Reviewed and audited network infrastructure, and lead three-member team to conduct VA.
Created policies & procedures and implementation plans.
BS 7799 & BS 15000 Certification Advisory & ISO 27001 / BS7799 and ISO20000 / BS15000 Pre-certification Audit
ISO 27001 / BS 7799 and ISO2000 / BS15000 certification advisory & pre-certification audits; and VA for several clients in industries such as IT, Telecom, ITES/BPO (E.g. AXA BS & AXA Tech, Bank of America subsidiary, Accenture, TATA SerWizSol etc.)
Led four-member teams and was responsible for planning, regular monitoring, execution and supervision & overall service quality for engagements.
For BS15000, created policies and procedures (for service delivery & service support processes).
For BS7799, performed information security risk assessment and created ISMS policies & procedures.
Performed pre-certification audits for compliance towards ISO 27001 / BS7799 and ISO20000 / BS15000.
Created implementation plans and supported the client till certification.
Network Architecture assessment & System Hardening
Software Services & Banking clients
Client names cannot be revealed due to sensitive nature of the engagement
Assessed network architecture of the client; assessment methodology included testing effectiveness of security devices such as Intrusion Detection Systems (IDS) etc. Provided findings & recommendation report.
Reviewed system hardening parameters for operating systems (such as Linux, Windows, Routers, Switches etc.) for standard and embedded environments and provided suitable recommendations.
Network Security Solutions October 03 March 05
Source Code Audit & Platform Hardening
Nevis Networks A Network Security product-based client
Successfully found security vulnerabilities in the implementation of OSI layer protocol developed in C
Successfully implemented MAC (Mandatory Access Control) to achieve platform hardening of network device based on the Linux kernel, with special emphasis on safety assessment for embedded environments.
Penetration Testing(PT), Vulnerability Assessment(VA) and System Hardening
IT & Telecom clients
Client names cannot be revealed due to sensitive nature of the engagement
Carried out external & internal penetration test(s) and VA of standard & custom network devices, Windows/*nix/Solaris based server farms and workstations.
Successfully penetrated Windows / Linux servers & workstation(s) and provided applicable proof-of-concept(s) where applicable.
Provided findings and recommendations reports for PT & VA.
BS7799 Risk Assessment, IT Security Policy Review
Virtusa A Software Services client
Performed BS7799 information security risk assessment.
Reviewed IT security policies against industry best practices / ISO 17799. Found deficiencies in the existing policies / procedures & provided suitable recommendations.
Digital Forensics
Software Services client
A Fortune 500 Hardware, Software, Services and Supplies provider
Client names cannot be revealed due to sensitive nature of the engagement
Spearheaded an e-forensics team in the investigation of employee misconduct and successfully obtained evidence to prove the case.
Carried out Search & Seizure of e-forensic evidence as part of incident response
Executed crime-scene freezing, digital evidence preservation and maintenance of Chain-of-Custody
Successfully carried out digital forensic investigations using Encase
Design and Development of Tuxecure
Premier research institute at Mumbai, India
Team member in carrying out design, development & testing of a secure Linux based wizard-driven customizable distribution using BASH scripts, C, QT and Python.
The wizard provides several security templates as well as options for selecting the components required. The result is customized hardened Linux-based ISO images.
Education:
Bachelor of Engineering in Electronics & Telecommunication from Army Institute of Technology
Affiliations:
CISA (Certified Information Systems Auditor)
BS7799 Implementer
Skills:
Operating Systems: UNIX (Linux RedHat, Suse, Debian, Solaris, FreeBSD), Windows Server/XP/NT/2000
Programming Languages: C, Assembler (WIN32 ASM, *NIX ASM), Python (elementary), UNIX Scripting (e.g. BASH)
Networking Protocols: TCP/IP, Wireless, VoIP, VLAN etc. Routing protocols (e.g., OSPF, BGP, IGRP)
Networking Systems: Cisco Routers & Switches (configuration, security, management), TACACS+, RADIUS, UNIX Services (DNS, SMTP, SNMP) etc., Remote Access, VPNs
Tools: Nessus, Nmap, GFI Langaurd, Retina, Traceroute, Netcat, Nikto, Hydra etc. Ethereal, Snort, Snot, AirSnort, Netstumbler etc. Nessus Attack Scripting Language (NASL), Metaspoilt Framework, Encase
Additional Information:
Please send me an email for full version of my word format resume and i will send it right away.
Candidate Contact Information:
This candidate has chosen not to make contact information available on this page.
Click "Contact Candidate" to send this candidate a response. |
|
|
|
|
|