VINOD JOSEPH                                             

 

PROFILE

IT professional with over 15 years of distinguished experience in the following areas in Banking & Financial Industries:

Network Infrastructure MgmtData Centre OperationsIT operations Mgmt

Network-OperationsSecurity OperationsProject Management

 

·   Network Consultation  & implementation skills  including Datacenter Architectures, Secured Virtualized Multi-tenancy,  Large campus, Service provider & Secured Perimeter and Internet Facing Infrastructure

·   Network Security consultation  & implementation activities for  large campus/Corp setups for Endpoint Security controls , Network/Security threat defenses,  Perimeter & datacenter security controls and designs,  Vulnerability Management and configurations compliances framework design etc.

·   Designed and Implemented Cisco Nexus Platforms ( 7700/5500 ), Cisco UCS & HP Virtual Connect Flex10

·   Designed and Implemented  PaloAltoPA3020, FortGate 1000C, Cisco ASA 5525X-   with IPS, Sourcefire module, Juniper SRX 650 with Chassis Clusters, F5 LTM , Citrix Netscaler MPX-5500 & Sourcefire 3D Sensors with Fire Sight Defense Center

·   Highly Experienced in Cisco Catalyst 6500 Platform and its Service Modules (FWSM,ASA-SM,IPS )

·   Implemented Firewall Security in compliance with PCI on Cisco PIX/ASA, Palo Alto , Juniper SRX,  FWSM & Fortinet, & Checkpoint on Nokia IP330.

·   Datacenter Consulting  & Implementations using next-generation  technologies such as CLOS Fabric, LISP, Fabric Path, DFA, VSS, vPC, VPLS, VDC, LISP, STP, FCoE, OTV, SDN & Cisco ACI

·   IT- Security experiences on leading platforms such as  Cisco/Source Fire, Juniper ScreenOS/JUNOS, Palo Alto, Fortinet, Q-Radar SIEM, Clean Access NAC, Tenable Nessus, Mcafee/Intel Security ePO – VirusScan, Host IPS, DLP, Drive Encryption, Soldifier & NIPS, TrendMicro DLP/ Deep Security, Deep Discovery APT, FireEye WebMPS.2400( APT), Cisco ACE/Citrix Netscaler /F5-LTM, Dell TPAM & Tycotic Secret Server, Riverbed WAN Accelerators , Arbor Peak Flow/TMS and MDM technologies ( Good GFE/Mobile Iron ) etc.

·   Information Security Governance Implementations experiences using ISO/IEC 27001:2005 framework and familiarity to COBIT-5 IT Governance Model.

CERTIFICATIONS/EDUCATION

o MBA (Technology Management) from Karnataka State Open University (KSOU), Mansagangotri, Mysore- Completed during Year 2014.

o BSc. IT from Karnataka State Open University (KSOU), Mansagangotri, Mysore in 2011

o Three Years Higher Diploma in Computer Engineering from State Board of Technical Education, Govt. of Kerala

o CCIE Security (Cisco Certified Internet Expert, CCIE ID # 23130)

o CISM (Certified Information Security Manager – ISACA/CISM)

o CRISC (Certified in Risk & Information Systems Control – ISACA/CRISC)

o CEH (Certified Ethical Hacking & Countermeasures, Version-07 – EC Council)

o ISO 27001-LA (ISO/IEC 27001 Lead Auditor Certification (IRCA) ON ISO/IEC 27001: 2005 Standard)

o CCSP – Cisco Certified Security Professional

o CCNP -Cisco Certified Network Professional

o CCNA – Cisco Certified Network Associate

SUMMARY OF TECHNICAL SKILLS

 

Networking Knowledge

·   Cisco Datacenter Architectures – Nexus 7000, 5000, 2000, 1000V , Catalyst 6500 VSS & ACI

·   Cisco IOS, IOS-XE & NX-OS

·   Nexus: Nexus 7010 / 5548 UP /2248 TP / 1000 V

·   UCS: Fabric Interconnect 6248/6120, IOM 2208, HP VC FLEX-10

·   Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4500 / 3750-X /3850 & 2960 etc.

·   Routers: Cisco Routers ASR 1001 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600 & ISR G2

Routing

·   Static Routing, RIPv1, RIPv2, RIPnG, IGRP, EIGRP, OSPF, BGPv4, GRE, MPLS, IPv6,BFD, FHRP, Traffic Engineering, Policy Based Routing PBR, Route-Filtering & Redistribution,

·   NAT, HA, ISSU, ACE,WAAS, WPA2

Switching & Bridging

·   Catalyst CatOS and IOS based Switches, HP Procurve Switches, Nexus 7000/5000/2000, VTP, STP, RSTP, Trunking, VDC, VPC, Fabric Path, VLANs, Layer 3 Switches, Logical Ether channels, Transparent Bridging, IRB,  HSRP,   NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, HTTP, TFTP and FTP Management, IPv6 test projects, RAS Solutions, Cisco IOS-CA,DNS & DHCP Server

·   Multi-VRF CE, MPLS, VPLS, EoMPLS, L2TP & QoS  

IT -Security

·   NG Firewalls –ASA 5500 with Source Fire, FWSM, Palo Alto PA3020,  FortiGate 1000C, Checkpoint NG-1/Nokia IP-330, Juniper SRX650, Juniper SSG/ISG 500,  Juniper IDP/NSM, Cisco PIX 535/525

·   Intrusion Detection & Prevention suites: Sourcefire 3D Sensors & Firesight MC, Cisco Fire Sight services ASA, McAfee NSP sensors & NSM, Juniper SRX, IDP using Juniper NSM.

·   Application Networking & ADC : Citrix Netscaler MPX 5500 & F5 BIG-IP LTM 3000

·   DLP : McAfee DLP for Endpoints (ePO),  Verdasys Digital Gurdian DLP

·   Vulnerability Management – Rapid7 Nexpose, Tenable Nessus , HP WebInspect & nMAP/ZenMap etc.

·   VPNs – Cisco AnyConnect, IPSEC (IKEV1 & IKEV2 ),  IOS Flex VPN, SSL VPN, DMVPN, GREoIPSEC , DVTI & GET VPN( GDOI), Netmotion VPNs

·   Security Platforms: Cisco IOS/IOS XE, JUNOS, SCREEN OS, PAN OS, FortiOS

·   Cryptography, AAA, Radius, TACACS+, Authentication Proxy, Access Lists, NBAR, IOS Firewall, 802.1x, CBAC, Cisco IDS/IPS, Cisco CSA, PKI, IOS-CA, F5 LTM , Bluecoat Proxy SG, Cisco Secure ACS etc.

·   MacAfee ePO suites – Virus Scan, Drive Encryption, TIE/ATD module, DLP & Solid Core Modules along with  MacAfee IPS (Intrushield) Models- 2850/3000  with NSP sensors and NSM Applications etc.

·   MacAfee Email Gateway (MEG), McAfee ATD ( Adaptive Threat Defenses) , McAfee Quarantine Manager (QM) , McAfee TIE ( Threat Intelligence Exchange)  Server

·   Cisco VPN Concentrator, Bluecoat SSL VA & GigaMon GigaVUE, Cisco PIX / ASA 5516X Firewalls, Cisco VPN Client, Cisco CSM, Cloud Security ( Scan Safe on ASA, Cisco ASA CSC SSM), Cisco ISE, MDM solutions from Mobile Iron/Good etc.

·   Juniper Netscreen Firewalls, Juniper SRX 650, Juniper ISG, Juniper IDP, Juniper NSM, Palo Alto PA2050, Checkpoint / Nokia VPN-1/Firewall-1, Fortinet Firewalls, FortiAnalyzer, FireEye Web MPS, MacAfee ePO for Endpoint Antivirus &Protection, IBM ISS Proventia UTM &IPS, IBM Guardium for Database Activity Monitor, TrendMicro APT/IMS/IWSS, Bluecoat Proxy SG, IOS PKI, Tenable Nessus Scanner, Web inspect, NMAP etc.

Information Security:

·   ISO 27001: 2005, SIEM – IBM QRADAR & CS-MARS, Arbor PeakFlow/TMS, Cisco DDOS Guards/Anomaly Detectors, Cisco NAM and Netscout nGenius, Cisco ACS 4.2, Cisco Clean Access/NAC Servers, Cisco Security Manager, TrendMicro IMS Email Security, TrendMicro IWSS, Microsoft ForeFront Proxy, Cisco ScanSafe Proxy and Cisco Cloud Web Services, Retina /Nessus Scanners, Cisco Identity Service Engine, Cisco Trust Sec & 802.1AE MacSec, etc.

 

WORK EXPERINCES

·   Toronto Hydro, Canada         Continuing since May’2016

Designation: IT- Technical Consultant, Security Operations. Job responsibility includes the plan, implement, administer, maintain and monitor phases IT security controls including:

 

o Firewalls, Network Security (Wired & Wireless), Intrusion Detection/Prevention System,  Malware Protection Systems, Remote Access Systems and VPN, Security Incidents and Event Management Systems, Endpoint Anti-Malware, Endpoint security (laptops, workstations, mobile devices) Management, Data Loss Prevention System & Threat and Risk Assessments.

 

o Participate and contribute to IT projects as a representative of the Security Operations Team.

 

·   Bank Sohar SAOG, Muscat, Sultanate of Oman as Mar’07 – Mar’16 

Chief Manager – Networking & Information Security

 

Designated as Chief Manager, I was managing a direct team of 5 members providing L1 & L2 Support for Network/Security operations and also had indirect reporting of Information Security functions and Security operation Center (over 10 Members). Details of major project handled during this tenure are mentioned as under:

 

·   Infrastructure setup and design Project for Multi-tiered datacenters catering virtualized multi-tenancy & Security

·   Datacenter interconnectivity & Disaster Recovery optimizations using Nexus 7000/5000 Switches - OTV,VDC, MPLS, LISP and VPLS Technologies

·   Datacenter Migration from Hierarchical  3-Tier Model to Unified Fabric using Nexus 7000, 5500 and FEX 2000 

·   Implementation of Cisco UCS, HP Virtual Connect/Flex-10 blade solutions and its network integrations to unified datacenter (vPC, LACP and Fabricpath )

·   Cisco ACI – Design and  Implementation of Cisco’s hybrid SDN solution  using Nexus 9500, 9300 and APIC controllers

·   ISO/IEC 27001:2005 Implementations  & certifications across  the Bank’s IT department

·   QoS (Quality of Services ) implementation  project across the Campus LAN and WAN Infrastructure.

·   Layered IT-Security design for 3-Tier Applications using WAF, Load Balancer, SSL Offload (Cisco ACE), IPS and Firewall Service Modules

·   Securing Bank's LAN, WAN,  Perimeter, Internet & IP-MPLS Infrastructure  ( PCI-DSS & ISO 27001 )

·   Implementations of Cisco  ASA 5516-X Firewalls with Sourcefire Services using NGFW, IPS, AVC and AMP services

·   BGP, VRF-Lite, IPSEC  and UTM implementations for remote branches – Over 100 Locations( Juniper  ISG/SRX )

·   Large Scale VPN implementations ( IKEv1, IKEv2, DMVPN, dVTI, SSL and AnyConnect ) using Cisco ASA Firewalls /ASR 1001, ISR 1941  etc.

·   Firewall Migration for Netscreen SSG to Juniper SRX-650 for the Secured  Perimeter

·   NG Firewall Implementations  at HO & DR – Palo Alto PA 3020, Cisco ASA 5516-X  with Firepower Services and Fortigate 1100C

·   Routing Infrastructure optimizations  using EIGRP, OSPF, BGP & WAN/MPLS Re-engineering for traffic optimizations  (iWAN, SDWAN, PFR, DMVPN, NHRP etc.)

·   Implementation of Group Encrypted Transport VPN  (GDOI ) setup for MPLS Cloud with High-Availability measures

·   Proxy  Server Implementations using Bluecoat SG 200, Fortigate 200, Cisco ScanSafe, TrendMicro IWSS & Microsoft Forefront

·   Converged Access Setup  for Wired and Wireless LAN using Catalyst 3850 Switches and Stackwise-480 Solutions

·   Web Application Security Implementation for Mobile & E-Enabled Services using Citrix WAF, Netscaler ADC, SSL Offloading and Accelerations, Fortigate IPS & NG Firewalls, Forti-Sandbox, Anti-DDoS  using Arbor Prevail, TrendMicro Deep Security, Juniper IPS,  Multi-Factor Authentications & Fraud Monitoring Systems (CA Arcot ), Netflow Aggregations and SIEM using Q1 Labs  etc.

·   Advanced Malware Protection Systems ( FireEye web MPS and TrendMicro Deep Discovery)

·   Layer-2 Security Implementations  across the Campus Network using 802.1x, Private VLANs, CoPP, iACLs, DHCP Snooping, Port Security, DAI, IP Source  Guard, MKA Security and Cisco Trustsec etc.

·   Rollout  of Wan Optimization  Project using Steelhead Riverbed across 100 locations

·   MPLS VPN  Implementations  for remote branches using BGP, OSPF, DMVPN/GET VPN ( 100+ sites )

·   Implementation of Identity Based Network Services  - Cisco ISE, ACS and 802.1x based port based authentications

·   NAC - Cisco Clean Access Implementations for Posture, Guest and Profiling across Guest Segment

·   Security Information and Event Management (SIEM) Implementation using IBM QRadar

·   Implementation of DDOS Mitigation Solution using  Arbor Technologies

·   IPv6 Implementations ( Piolet Project ) for web portals

·   Mobile Device Management (MDM) Implementation – using Mobile Iron and Good GFE

·   Unified Wireless Infrastructure using WPA2 and 802.1X IBNS

·   Vulnerability Management and Configuration Compliance Project – Using Tenable Security Center & Nessus

·   Implementation of HP Switches ( Procurve Series ) and  Nortel Passport (8600 ) for DataCenter & Campus LAN

·   Implementation of Chassis clustering, Routing, Switching, VPN and security services  using Juniper firewalls – SRX and ISG series.

·   Implemented Palo Alto NG Firewall with Global Protect VPN services at Secured Perimeter.

·   Design and implemented privileged access management and session recording using E-DMZ ( Dell TPAM)

·   Extranet and Anyconect VPN setup using ASA CA, IOS CA Server and Microsoft  CA

 

Bank Dhofar SAOG, Muscat, and Sultanate of Oman asMarch’05 – Mar’07
Sr. Network Security Analyst (Grade: EG1)

Role:

·   Executed projects pertaining to setup and streamlining of the Network/Security infrastructure with the state of the art Network/Security techniques and oversaw Datacentre Designs, Campus LAN, Branches, Network Perimeter and Service Provider Edge Segments

·   Installed and configured SRX-650 in Chassis Cluster mode – with JUNOS 12.1X46-D40.2. This includes the firewall in Active/Active or Active/Passive mode 

·   Configured and Administrated SRX  gateways in L2 Gateway (IRB), Bridge/Transparent  mode (BVI) and also as L3 ( inline mode )

·   Experiences in VPN Tunnels, Dynamic VPN, Jun OS Pulse, IKE  Main & Aggressive Mode, IKE Gateway, IKEV2 and Suite-B Algorithm Support, IPSEC/IKE Proposal, Policies, Xauth, Firewall Authentications, Address pool management, Access Profiles, NAT, Policy based VPN & route based VPNs, etc

·   Deployed SRX 650 as  a Datacenter firewall ,  Standalone IDP, L2  Gateway/Bridge Mode,  Perimeter Firewall, VPN gateway  and Internet  Firewall, IRB

·   Experience in Security Features such as - UTM features, PKI & CA, SYN protection, MSS , Key protection,  Screen Options, Security zone, interfaces,  Security policies, Static NAT, Destination NAT, Route Zones, Polices , ALG

·   Strong skills on Routing Options, Routing Instances, Virtual routers, Applications, Addresss-book, Schedules

·   Configured IPS/IDP configuration, importing this to NSM, Exempt Rules, App Firewalls ( AppSecure), UTM features – Antivirus, web Filter, Antispam, and Content filters

PREVIOUS EXPERINCES

·   Aug2004-Feb2005 with Data Craft India Pvt. Ltd Hyderabad as Senior Customer Support Engineer

·   Oct’2002-Aug2004 with Vertex Customer Services India Pvt. Ltd New Delhi as Network Specialist

·   May’01 – Oct’02 with Vcustomer Services India Pvt. Ltd, New Delhi as Network/Security Analyst

·   Feb’99 – Oct’01 with Dorling Kindersley India Pvt. Ltd., New Delhi  as Asst. IT Manager

·   Oct’98 – Feb’99 with RSG InfoTech Pvt. Ltd., New Delhi as Customer Support Engineer