Detail-oriented and certified IT Security and Infrastructure Engineer with over 11 years of experience in designing, implementing, and managing secure IT environments. Skilled in network security, system hardening, cloud security, risk assessments, and incident response. Certified in CPTE, CEH, and AZ-500, demonstrating dedication to professional growth and adherence to cybersecurity best practices. Proven track record of reducing security incidents by 40% and leading cloud infrastructure transitions while ensuring compliance. Strong analytical, problem-solving, and communication skills, excelling in cross-team collaboration and translating complex technical concepts for diverse stakeholders. Seeking to leverage expertise to strengthen the security posture of a progressive organization.
• Firewall Management: Configuring and maintaining firewalls to control traffic and protect networks from unauthorized access
• Intrusion Detection and Prevention Systems (IDS/IPS): Implementing and managing IDS/IPS to detect and respond to potential security breaches
• Network Segmentation: Designing and implementing network segmentation to limit the spread of threats and enhance security
• Switching : Configuration and maintenance of Cisco switches, including LAN / WAN, vlans, trunk links, L3 switching (OSPF), redundancy protocols like STP, VRRP, HSRP etc..
• Operating System Hardening: Securing operating systems (Windows, Linux) through configuration changes, patch management, and reducing attack surfaces
• Endpoint Protection: Deploying and managing endpoint security solutions, including antivirus, anti-malware, and endpoint detection and response (EDR) tools.
• Vulnerability Management: Using tools like Nessus, Qualys, and OpenVAS to identify vulnerabilities in systems and networks.
• Patch Management: Ensuring timely application of patches and updates to mitigate vulnerabilities and protect against exploits.
• Security Information and Event Management (SIEM): Designing and implementation of SIEM tools (Rapid7,Qualys) to collect, analyze, and correlate security event data for real-time threat detection.
• Log Management: Setting up and managing log collection, storage, and analysis to monitor security events and detect anomalies.
• Penetration Testing: Conducting penetration tests to identify and exploit vulnerabilities, providing actionable remediation advice.
• Ethical Hacking: Applying ethical hacking techniques to assess and improve the security posture of systems and networks.
• Security Audits: Conducting security audits and assessments to ensure adherence to policies, procedures, and regulatory requirements.
• Cloud Security Best Practices: Implementing security best practices for cloud environments (AWS, Azure, Google Cloud).
• Identity and Access Management in Cloud: Managing IAM in cloud platforms to ensure secure access control and user management.
• Data Protection in Cloud: Securing data in cloud environments through encryption, access controls, and regular audits.
• NAC: Managing NAC for controlling the unauthorized access and devices to get into the network.
• SAC: Implementing and managing SAC for controlling the unauthorized access over servers.
• DAC: Implementing and managing SAC for controlling the unauthorized access over database.
• Security solutions : Designing, implementation and manging the different security solutions like EPS , EDR , DLP , Document Security , Proxy etc.
• Server : Configured and managed VMware vSphere environments (vCenter, ESXi hosts, vMotion, HA/DRS. Conducted VM migration, backup/restore, and disaster recovery using VMware tools.
• Storage : Deployed and administered storage solutions (SAN, NAS; vSAN for VM datastores)
• Datacenter : Leading and managing the datacenter infrastructure.
Shah Swapnil B
Email: swapnilshh800@gmail.com | Phone: +91-9510407219 | Pune, Maharashtra
Profile
Professional Experience Highlights