
Security Architect
zuletzt online vor wenigen Tagen- Verfügbarkeit einsehen
- 0 Referenzen
- 100€/Stunde
- 68307 Mannheim
- auf Anfrage
- de | en
- 25.03.2021
Kurzvorstellung
Ich biete
Projekt‐ & Berufserfahrung
2/2020 – offen
TätigkeitsbeschreibungFirewall risk management
Eingesetzte QualifikationenCheck Point (allg.)
8/2019 – 2/2020
Tätigkeitsbeschreibung
Industrial 4.0 Security, Evaluation and Documentation of a VPN Firewall solution to obtain ISO 27001 compliance
Migration of a Firewall management server hosting over 900 VPN Firewalls and implementation of a high availability solution within a cloud provider
VPN Firewall Developments for Remote Engine Management, migrations, new installations and troubleshooting
Information security policy documentation updates for internal and customers
Business as usual tasks
Firewalls, DIN ISO/IEC 27001, Cloud Computing, Migration, VPN (Virtual Private Network)
9/2018 – 5/2019
Tätigkeitsbeschreibung
Cisco ASA firewall cleanup project, rule base optimization, removal of unused rule of a worldwide firewall estate
Upgrade of Cisco ASA firewall to Cisco Firepower firewalls
Installation of a an ESXi Server to serve a Zscaler VZEN proxy solution
Performed configuration work to optimize Network Access controls for large scale enterprise network
Documentation updates for customers
Cisco Firewalls, Cyber Security, Cisco (allg.)
3/2018 – 8/2018
Tätigkeitsbeschreibung
Checkpoint and Cisco ASA firewall migrations
F5 Consulting
Check Point (allg.), Cisco Firewalls, Load Balancing / Lastverteilung
1/2018 – 3/2018
Tätigkeitsbeschreibung
◾Development of external connections documentation, worked on ING DiBa security policies
◾Consulted on security architecture, liaison with stakeholders to gather information for documentation
Cyber Security, Dokumentation (IT)
12/2017 – 12/2017
Tätigkeitsbeschreibung
Project manager for urgent replacement of 20 Palo Alto firewalls
Coordinated, and managed all aspects of the projects. Oversaw delivery of firewalls, coordinated with onsite staff to get the devices racked and stacked
Configuration of Palo Alto firewalls, synchronized downtimes for migration worldwide out of business hours
Firewalls, Projektmanagement (IT), Cisco Router
6/2017 – 11/2017
Tätigkeitsbeschreibung
Data Centre consolation, Technologies: Checkpoint VSX, Cisco Nexus, BlueCoat Proxy
Self-sufficiently project managed medium and large-scale projects that align towards service and departmental goals
Coordinated, and managed all aspects of the projects, investigated internal process and obeyed to them. Oversaw the direction, development, and implementation of Allianz projects
Coordination of 3rd party Vendors, Cloud providers, managed escalations, tracked progress and reported to customers, maintained the line of communication to avoid misunderstandings and proactively addressed issues
Client project requirements gathering, liaison with customers as a project manager to translate the requirements into designs
Cyber Security, Check Point (allg.), Firewalls, Projektmanagement (IT), Enterprise Architect (EA), Cisco Router
11/2016 – 6/2017
TätigkeitsbeschreibungF5 LTM, GTM and ASM
Eingesetzte QualifikationenLoad Balancing / Lastverteilung, Enterprise Architect (EA), System Architektur
7/2016 – 11/2016
Tätigkeitsbeschreibung
On site as resident engineer for the Customer Amadeus
Migration from Cisco to Palo Alto networks firewalls
Implementation additional VSYS on production firewalls, Dynamic blocking list, URL Filtering + Reporting, Panorama Templates stacks, User Based policies, Zone protection profiles and Wildfire implementation
Network troubleshooting and operations support, Network and configuration analysis
Acting as customer technical liaison for Palo Alto Networks support and development teams
Deployment guidance to ensure that implementation is consistent with design specifications
Weekly updates on work in progress and current issues, if required
Reporting, Cisco Firewalls, Firewalls, IT-Support (allg.), Migration, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.)
3/2016 – 5/2016
Tätigkeitsbeschreibung
Trustwave, UTM’s, SIEM, Cisco Firewalls and Switching, Cyberark Enterprise Password Vault
PCI-DSS audit. Scope of work, liaison of Pen test with Trustwave. Communication with all teams to maintain PCI compliance
Projects: PCI-DSS SSL migration, lead the project to replace all certificates which supported SSL, allocated resources. Trustwave UTM Firewall audit for PCI audit
Guided as sole Security resource on various other projects, BAU for non PCI related security concerns
SSL / TLS, PCI-DSS, Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Qualitätsmanagement / QS / QA (IT), Enterprise Architect (EA), Architektur (allg.), Auditor, Kommunikation (allg.)
1/2016 – 3/2016
Tätigkeitsbeschreibung
Palo Alto Network Firewalls, HP switches, F5 load balancers.
Firewall audit and improvement. Added DOS protection profile and SSL decryption policy
Server and Desktop Endpoint protection evaluation, Vendor shortlisting, Budget, Stakeholder approvals, Resource management and technical oversight of the project
Cisco PIX to ASA firewall upgrade
Critical Incident management document and ISO 27k audit
Incident Management, Netzwerk-Sicherheit, Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Enterprise Architect (EA), System Design, Telekommunikation / Netzwerke (allg.), IT-Beratung (allg.), Auditor
10/2015 – 12/2015
Tätigkeitsbeschreibung
Cisco ASA firewalls with IPS, Checkpoint Firewalls with IPS, Threat Prevention, Antibot & Mobile Access, F5 LTM, Cisco Nexus routing and switching, Cisco Identity Services Engine, Qualys
Projects: F5 code update and GTM integration - HLD and LLD, Cisco IPS migration to Sourcefire IPS –HLD & LLD,
IPS tuning and review, Firewall audit and improvement
Daily BAU task and implementation of changes and support
Netzwerk-Sicherheit, Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), IPS (Intrusion Prevention System), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Migration, System Design, Telekommunikation / Netzwerke (allg.)
2/2015 – 10/2015
Tätigkeitsbeschreibung
Palo Alto Network Firewalls using Global Protect with client certificates, Juniper Junos OS SRX firewalls and EX Switches using OSPF routing, Cisco Switches, F5 LTM Load Balancers used as SAML service provider and F5 APM LTM network access
Rollout of the Cabinet Office IT into the cloud. Consulting within Cloud deployments of network and security devices and service
Network and Security audit to comply with PSN Code of Connection (Public Services Network) and ISO 27k audit of the entire enterprise network
Consultancy for risk assessment and establishment of Information Security and Business Continuity plan
Documentation of an Incident response plan to protect the government data and improved general network security
Lead F5 architect on several service migration projects, including the design and implementation of 3rd party SSL VPN access through F5 LTM, F5 reverse proxy and architected and deployed a government wide F5 APM/SAML user authentication to several business critical applications
Acted as 3rd line to investigate network and security issues
Netzwerk-Sicherheit, IT Sicherheit (allg.), Informationssicherheit, Firewalls, Qualitätsmanagement / QS / QA (IT), Load Balancing / Lastverteilung, Enterprise Architect (EA), Migration, Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network), IT-Beratung (allg.), Rollout, Design (allg.)
12/2014 – 1/2015
Tätigkeitsbeschreibung
Response to the GOP Sony hack, consulted on security issues for the Palo Alto firewalls.
Vulnerability assessment, Security configuration Audit, Firewall rule-base audit.
Deployment of a Decryption Profile and Custom URL Category protection. Configuration of Security Profile Groups and adding Application awareness to the security rule-base on the Palo Alto Networks firewalls.
IT Sicherheit (allg.), Firewalls, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.), Technisches Qualitätsmanagement / QS / QA, Sicherheitstechnik (allg.), Auditor
11/2014 – 12/2014
Tätigkeitsbeschreibung
Build of a new active-active cloud based data centre for the South West Grid for Learning
Low Level Designs of the following technologies: Internal Checkpoint VSX firewalls including IPS, F5 LTM and GTM load balancers, TippingPoint NGFW including IPS
Creation of Network Diagrams and review of High and Low Level Designs from other domains
Configuration of devices and configuration of firewall policies and IPS rules
Check Point (allg.), IT Sicherheit (allg.), IPS (Intrusion Prevention System), Firewalls, Load Balancing / Lastverteilung, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.), Architektur (allg.), Design (allg.)
10/2013 – 8/2014
Tätigkeitsbeschreibung
Technologies: IBM Security Network Intrusion Prevention System, McAfee Network Security Platform, Checkpoint VSX and Palo Alto Network Firewalls, Cisco Nexus Switches, Citrix NetScaler Load Balancers
Architected, scoped and budgeted an enterprise £1M+ Network and Host Intrusion Prevention refresh project including an audit of the existing Network and HIDS solution
Provided architectural guidance to stakeholders and independently managed and coordinated the approved project to align towards service and departmental goals and consulted within other overlapping projects as like the Malware & DDOS projects
Collaborated with business units to identify company assets and conducted a technical risk evaluation of hardware, software, installed systems and networks to classify data and systems Host Intrusion Prevention protection
Designed and developed a proof-of-concept for the new IPS solution which will send system and intrusion logs to the Security Incident Event Management (SIEM)
Created several strategy documents to sell stakeholders the value and benefits of the Intrusion Prevention solution which included a design option pack - a mix between different Vendor and Open source NIPS/HIPS, a rough order of magnitude (ROM) estimate of the different NIPS and HIPS combinations and a High-Level Design of the chosen solution
Worked closely with project managers, system owners, and stakeholders to avoid redundancy, minimize expenditures, and improve overall strategies within organization and performed design reviews across the company
Hardware Entwicklung, Netzwerk-Sicherheit, McAfee (allg.), Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), IPS (Intrusion Prevention System), Firewalls, Qualitätsmanagement / QS / QA (IT), Load Balancing / Lastverteilung, Enterprise Architect (EA), System Design, Telekommunikation / Netzwerke (allg.), IT-Beratung (allg.)
9/2012 – 10/2013
Tätigkeitsbeschreibung
Technologies: Checkpoint VSX managed by Provider1, Palo Alto Network and Juniper firewalls, F5 BIG-IP LTM
Independently managed and coordinated approved medium and large scale projects that align towards service and departmental goals
Acted as design and architect authority and provided high level IT Security briefing to management
Lead, coordinated, and managed all aspects of Security implementation, managed design sessions within areas of specialization. Oversaw the direction, development, and implementation of Security solutions, participated in design of new Network Security and strategies.
Client project requirements gathering, liaison with customers and project managers to translate the requirements into design documents.
Review of High Level Design documents for each project. Carried out security assessments and provided recommendations. Ensured that IP connectivity, topology, design and security settings are in line with customer security policy
Working with formal Change Control. Design and review of configuration changes for secured environments
Design and implementation F5 load balancing solutions
Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
Liaised with company's Operations team for prompt rectification of any problems or emergencies.
Hardware Entwicklung, Netzwerk-Sicherheit, Check Point (allg.), IT Sicherheit (allg.), Informationssicherheit, Firewalls, Load Balancing / Lastverteilung, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.), Architektur (allg.), Management (allg.)
7/2012 – 8/2012
Tätigkeitsbeschreibung
Technologies: Checkpoint managed by Provider1, Blue Coat Proxy and McAfee Web gateway, F5 BIG-IP (LTM)
Design and integration of network and security solutions on a project basis in the Network Services and Production Security team
Implementation of BAU security appliance changes, including OSPF and BGP route redistribution, policy based routing
Installation, configuration, and maintenance of F5 BIG-IP Local Traffic Manager (LTM) load balancers in a high availability environment.
Carried out day to day support activities of the enterprise network and the data centre sign and integration of network and security solutions on a project basis in the Network Services and Production Security team
Provided guidance and support to the enterprise; acted as single point of contact for Security Incidents and related issues.
McAfee (allg.), Check Point (allg.), IT Sicherheit (allg.), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Konfiguration, Router / Gateways, System Design, Telekommunikation / Netzwerke (allg.)
7/2011 – 6/2012
Tätigkeitsbeschreibung
Technologies: Check Point NGX r54 – r70 running on Splat with VSX, SecureXL, ClusterXL, managed by Provider-1, Juniper and Cisco PIX and ASA firewalls on different platforms and F5 BIG-IP (LTM)
Executed proof of concept tactical plans. Consulted end-users, clients, or business owners to define business requirements for complex systems and infrastructure development.
Recommended and executed modifications to System, Network & System infrastructure in order to improve efficiency, reliability, and performance.
Designed and configured Cisco networking devices, on different platforms with VRF routing topologies, added Ace modules and CSS Load Balancers
F5 BIG-IP Local Traffic Manager (LTM) project design guidance, change coordination and implementation
Assigned to several projects as the sole network and firewall resource to deliver projects in time which included large projects with up to 450 data flows, medium and small project requests
Peer reviewed, advised and signed off network and firewall data flows for project related High Level designs
Writing change templates which bound to global naming standards and network security standards, peer review of team member’s changes
Implementation of Network and Firewall, Provider 1 Global policy implementation and management
Adhering to a strict change management process as changes are made on financial high critical firewalls
Analysed data traffic patterns within the network infrastructure, proactively identified symptoms and instabilities in a timely and accurate manner
Build of new firewalls in a physical and virtual environment, OAT testing of newly commissioned firewalls member of the Network and Security delivery team designing projects in a large Enterprise environment
Developed and executed test plans to check infrastructure and systems technical performance. Report on findings and make recommendations for improvement.
Hardware Entwicklung, Netzwerk-Sicherheit, Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Load Balancing / Lastverteilung, System Design, Telekommunikation / Netzwerke (allg.)
8/2010 – 5/2011
Tätigkeitsbeschreibung
Architected and coordinated the migration of 150 VPN’s from a Cisco ASA firewall to a Juniper Firewall, including the creation of a VPN policy procedure document, a detailed Juniper VPN deployment guide, 3rd Party VPN request form and ensuring that a suitable support process exists for the new VPN’s
Creation of a “Future Mode of Operations” data centre documentation, a firewall operability - change and maintenance guide and security device policy and naming standards guide, updated all existing documentation
Network stream lead of the “Datacentre migration project” - project, risk and issue management, ensuring that projects are efficient and delivered on time
Involved in the architecture discussions and agreements for the shaping of the new data centre environment, including the approval of High Level Designs, review of firewall changes and approval as a CAB member, supported the Network and Security Architect within daily duties
Juniper Firewall security policy review to ensure that insecure or unnecessary firewall rules are removed and a general policy improvement (firewall rule base clean-up)
Cisco Firewalls, Juniper Netscreen, IT Sicherheit (allg.), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Migration, System Design, Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network), IT-Beratung (allg.)
3/2010 – 8/2010
Tätigkeitsbeschreibung
Employed as Security Designer within the Network and Security design team, to design and deploy new security infrastructures, ensuring a timely and quality delivery of platforms which meets current standards which included the migration of 280 Checkpoint Firewalls to Juniper Firewalls, a worldwide enterprise Websense with Blue Coat ProxySG integration and an enterprise Tipping Point 10GB IPS solution
Responsible for the design of new firewall deployments for the worldwide offices of the Enterprise client, end to end IPSEC and GRE VPN’s
Performing vendor assessments and technical proof of concepts to help the Enterprise client to select fit-for-purpose solution(s), engaged with the technical part of the documentation for the “Request for proposals” and “Statement of Requirements”, Created technical definitions at a detailed level of the architecture and design
Analysed business needs and requirements in terms of technical solutions, defining the technical requirements, integration issues and dependencies, identifying the architectures best suited to client needs
Liaised with product vendors, technical specialists, colleagues and other information sources to define product sets capable of fulfilling the client requirements
Developed detailed implementation plans to accommodate network growth, security, and enhancements by maximizing functionality of network security equipment
Drafting functional requirement descriptions, carrying out feasibility studies and liaising with external security specialists
Hardware Entwicklung, Netzwerk-Sicherheit, Check Point (allg.), Bluecoat (allg.), Juniper Netscreen, IT Sicherheit (allg.), IPSec, Firewalls, Load Balancing / Lastverteilung, Migration, System Design, Telekommunikation / Netzwerke (allg.), Architektur (allg.), Technische Konzeption
8/2008 – 2/2010
Tätigkeitsbeschreibung
Designing, implementing, maintaining and supporting internal networks in an E-Commerce environment
Troubleshooting routing and firewall issues, followed by technical design meetings and workshops
Overseeing the upgrade and deployment of new Crossbeam &, Nokia Firewall clusters, new Toplayer IPS clusters, Sourcefire IDS running RNA and RUA, RSA Secure ID clusters, Blue Coat ProxySG and F5 Firepass clusters, migration of the company wide Firewall estate from Checkpoint on Crossbeam appliances to Juniper 5400 running Virtual Systems (VSYS), creating accurate documentation
Implementing several internal and 3rd party VPN’s on Checkpoint, Juniper and Cisco ASA firewalls
Analysing and implementing firewall changes, developing firewall polices including removal of unused objects and policies and creating change documentation including documentation of firewall rules
Sole F5 BIG-IP Local Traffic Manager (LTM) change implementer – mentored other team colleagues
Managing and implementing changes within strict timescales and controls whilst maintaining live services at all times, responding rapidly on high priority incidents during on call rota
Proactively involved in quality resolution of complex technical issues, responding with an appropriate sense of urgency to problems escalated; coordinated with the appropriate departments to determine positive solutions that increased end user satisfaction
Carrying out daily housekeeping tasks – firewall requests, proxy management, system checks, IPS management, log checks, appliances maintenance, ensuring that system patches are applied
Monitoring of all security devices including Firewall and Intrusion Detection Systems
Upgrading existing security systems to appropriate current hardware and Software levels
Hardware Entwicklung, Check Point (allg.), Cisco Firewalls, Bluecoat (allg.), Juniper Netscreen, IT Sicherheit (allg.), IPS (Intrusion Prevention System), IDS (Intrusion Detection System), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Migration, System Design, Telekommunikation / Netzwerke (allg.)
9/2007 – 8/2008
Tätigkeitsbeschreibung
Provided proactive 2nd Level technical security application support in English and German
Manage/Configure/Troubleshooting Check Point VPN-1 NG(X) Firewalls, Splat, Crossbeam Firewalls, Nokia Firewalls, F5 BIG-IP LTM, F5 BIG-IP GTM, F5 BIG-IP ASM, FirePass, Bluecoat, AAA, Sourcefire IDS/IPS and ISS.
Adhering to escalation and call management processes and procedures
Attended training courses covering products and technologies
Network protocol analysing, troubleshooting with log files, basic Linux administration
Netzwerk-Sicherheit, Check Point (allg.), Bluecoat (allg.), IT Sicherheit (allg.), IPS (Intrusion Prevention System), IDS (Intrusion Detection System), Firewalls, 2nd & 3rd Level Support, IT-Support (allg.), Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network)
6/2005 – 10/2006
Tätigkeitsbeschreibung
Support Engineer (Contract) October 2006 – August 2007
AIRPRODUCTS PLC, Hersham, England
IT Systems Technician (Contract) June 2006 – September 2006
SIEMENS BUSINESS SERVICES, Munich, Germany
IT Systems Technician September 2005 – May 2006
COMPUSAFE DATA SYSTEMS AG, Munich, Germany
IT Support Technician December 2004 – June 2005
BRITISH TELECOM, Munich, Germany
2nd & 3rd Level Support, IT-Support (allg.)
Zertifikate
Ausbildung
(Ausbildung)
Ort: München
Qualifikationen
Cisco PIX & ASA (Multiple context) & FWSM
Checkpoint Firewall on all Platforms GAIA, Splat, Nokia & Crossbeam
Juniper SRX Junos OS
Juniper EX Switches Junos OS
Juniper Firewalls ScreenOS,
Palo Alto Networks Firewalls
Palo Alto Networks Panorama
F5 Big-IP LTM
F5 Big-IP GTM
F5 Big-IP ASM
McAfee Network IPS & Host IPS
Toplayer IPS
Sourcefire IDS/IPS
TippingPoint IPS
IBM Network IPS & Host IPS
Checkpoint IPS
Palo Alto Threat Protection
Bluecoat Proxy
McAfee Enterprise Security Manager
Splunk
HP Arcsight
IBM Security QRadar
Trustwave SIEM
Juniper SSL VPN
Checkpoint Secure Client
Palo Alto Global Protect
F5 Firepass SSL with RSA & AAA authentication
F5 APM Network Access
Cisco anyconnect
Solarwinds
Nagios
Zabbix
TCP/IP, GRE, RIP, OSPF, EIGRP, BGP, DWDM/CWDM,
Checkpoint Provider1
Juniper NSM
Palo Alto Panorama
Skybox, Algosec
HP SMS
WireShark
Nmap
tcpdump
HTMLWatch
Fiddler
Cisco ACE
Citrix NetScaler
RSA
Über mich
Authored and implemented new data network security processes and device hardening features
Designed, project managed and implemented several large enterprise data centre migrations
Planned, project managed and installed large LAN/WAN infrastructures on dozens of occasions
Created and implemented a resilient and secure VPN based RAS solution for over 1000 users
Strong understanding of IT infrastructure concepts and architectures, and good understanding of project management methodologies and Solution Delivery, taking ownership of risks, assumptions, issues and dependencies
High and Low Level designs, Risk management, PCI and ISO auditing
Many more.....
Persönliche Daten
- Deutsch (Muttersprache)
- Englisch (Muttersprache)
- Europäische Union
Kontaktdaten
Nur registrierte PREMIUM-Mitglieder von freelance.de können Kontaktdaten einsehen.
Jetzt Mitglied werden