Kanwaljeet Singh, Developer in Delhi, India
Kanwaljeet is available for hire
Hire Kanwaljeet

Kanwaljeet Singh

Verified Expert  in Engineering

Cloud Security Architect and Developer

Location
Delhi, India
Toptal Member Since
January 31, 2023

Kanwal是一名云安全架构师,拥有超过十年的Azure经验, IT security operations, security information and event management (SIEM), information security, and vulnerability management. 他的专业知识得到了ISC2等供应商的各种网络安全认证的支持, Microsoft, Cisco, and Palo Alto Networks. 坎瓦尔目前正在从事与云和网络安全相关的项目.

Cloud ArchitectureCloud SecuritySecurityNetwork SecurityApplication SecurityDatabase SecurityPenetration TestingFirewallsVulnerability ManagementCiscoCheck PointSonicWallFortinet Firewall ConfigurationBurp SuiteCybersecurityCertified Information Systems Security Professional (CISSP)Cisco RoutersQualysguardAzure SecurityBGP

Availability

Full-time

Preferred Environment

云安全,网络安全,安全,基础设施,IT安全,漏洞管理

The most amazing...

...projects I've delivered include building a design, developing a strategy, 以及将关键业务工作负载从本地数据中心迁移到云.

Work Experience

Chief Cloud Security Architect

2004 - PRESENT
A Company in the Electronics Field
  • Designed a secure defense-in-depth, 零信任云架构,将关键业务应用程序从本地迁移到云. 在云基础设施实现和应用程序迁移期间支持实现团队.
  • Migrated a gateway stack in the US, Europe, 和亚洲的数据中心转移到一个高可用的、基于帕洛阿尔托的零信任网络架构.
  • 领导全球所有网关栈的安全评估,以确保安全进入组织网络.
  • 开发云安全合规工具,确保云架构符合行业法规.
  • 根据业务需求开发高级设计(HLD)和低级设计(LLD),并与法国的体系结构和安全团队联系以实现新设计.
  • 根据公认的标准和最佳实践,为工程网络安全解决方案提供设计和专家技术支持.
  • 准备安全基础设施的关键合规性和操作指标报告.
  • Performed periodic security assessments of firewalls, routers, switches, VPNs, SSL concentrators, and other network security configurations.
  • Analyzed client requests (RFP, RFQ, RFI, etc.)了解项目的技术要求、进度和其他事项.
  • 与欧洲其他中小企业就技术服务相关事宜进行合作, product, compliance, and legal agreements.
Technologies: Cloud Security, Cloud Architecture, Application Security, Security, Azure, IDS/IPS, IPsec, Palo Alto Networks, Cisco Routers, Burp Suite, QualysGuard, Prisma, Border Gateway Protocol (BGP), Architecture, Azure Network Security Groups

Senior System Administrator

2002 - 2004
Emind Learning Software Services Private Limited
  • 在加州数据中心实施了IDS/IPS系统,以监控和阻止黑客和网络攻击企图.
  • 跟踪和微调IDS签名,以确保误报的数量最少.
  • 与合规性经理合作,确保成功进行数据中心审计.
  • Performed security reviews to mitigate security issues.
Technologies: IDS/IPS, Cisco, ASA, Penetration Testing, Antivirus Software

Network Engineer

2001 - 2002
HCL Infinet
  • 为客户交付一个项目,使用由Cisco路由器组成的安全基础设施将100个分支机构连接到总部, Sonicwall firewalls.
  • 为Bose交付了一个项目,该项目使用安全的基础设施实现从其分支机构到美国总部的安全连接.
  • 领导一个项目,建立一个海外呼叫中心,为客户提供支持电话.
  • 成功执行了从Cisco ASA到SonicWall防火墙的网关堆栈的技术刷新.
Technologies: 思科,边界网关协议(BGP),开放最短路径优先(OSPF),网络, Monitoring, Network Engineering, VPN

Network Engineer

2000 - 2001
Primenet Global
  • 为ISP基础设施实现开发HLD和LLD,为各种客户提供安全连接.
  • Participated in implementing the ISP infrastructure from scratch, including border gateway protocol (BGP) that was peered with multiple ISPs.
  • 准备交通监控解决方案,为客户和企业提供交通利用率的可见性.
  • 从亚太网络信息中心(APNIC)获得自治系统号和IP地址空间.
Technologies: Cisco, Check Point, IDS/IPS

Secure Cloud Infrastructure

设计安全的云基础架构,将本地工作负载迁移到云. As a cloud security architect, 我为从内部数据中心到云的连接创建了一个安全的设计. 协助项目经理和核心技术团队制定迁移策略. 此外,我还制定了一个计划,允许合作伙伴和客户安全地访问web应用程序.

Migrated 35000 Remote Access Users to a One-time Password Solution

我的任务是集成远程访问配置文件与企业目录和一次性密码解决方案. 我联络了不同的团队,无缝地将远程访问用户迁移到云中的一次性密码解决方案,零停机时间. 这涉及到在远程访问设备上创建各种配置文件和别名,然后进行网络级配置,以确保OTP服务器可以从全球多个位置访问,以便在一个地理区域出现问题时用户不会被阻止.

Integration of Remote Access Service with Azure MFA

I was responsible for the migration of MFA from MobilePASS to Azure MFA, leveraging the Azure infrastructure which we use. 这包括在测试平台上进行概念验证,并与业务共享结果. 在全球9个地点有远程访问网关,我将其转移到使用Azure MFA.

Integration of On-Prem AD with Azure AD

我成功地将本地AD与Azure AD集成在一起,还创建了几个条件访问配置文件,以实现安全稳健性,并使用基于风险的策略确保身份保护. 我还参与了联邦身份的开发,允许微软团队与多个合作伙伴进行协作.

Technology Refresh of an Internet Gateway Stack

As a routing, switching, and security expert, I developed a migration plan. 它包含低级和高级设计,以及使用SonicWall防火墙取代面向互联网的ASA防火墙的操作手册. It moved internet-exposed services behind a DMZ.

Tools

VPN, IBM QRadar, Sentinel, Azure Network Security Groups, Prisma, Terraform

Platforms

Azure, Burp Suite, QualysGuard, Amazon Web Services (AWS)

Industry Expertise

Network Security, Cybersecurity

Other

Certified Information Systems Security Professional, Palo Alto Networks, Cloud Architecture, Cloud Security, IPsec, Web Application Firewall (WAF), Security, Architecture, Network Engineering, Antivirus Software, Application Security, Routing, IDS/IPS, Border Gateway Protocol (BGP), Infrastructure, IT Security, Azure Cloud Security, Monitoring, Cisco Routers, Cisco, Open Shortest Path First (OSPF), Check Point, Vulnerability Management, Web Security, Data Loss Prevention (DLP), ASA, Networks, Dynamic Routing, SAML-auth, SonicWall, Fortinet Firewall Configuration, ASA Firewalls, Networking, Firewalls

Paradigms

Penetration Testing

Storage

Database Security, Azure Active Directory

Languages

Python

Frameworks

Windows PowerShell, WebApp

NOVEMBER 2021 - PRESENT

Microsoft Azure Security Engineer Associate (AZ-500)

Microsoft

OCTOBER 2021 - PRESENT

Palo Alto Certified Network Security Engineer (PCNSE)

Palo Alto Networks

MARCH 2019 - PRESENT

Certified Information Systems Security Professional (CISSP)

ISC2

MAY 2008 - PRESENT

Cisco Certified Network Professional (CCNP) – Security

Cisco

Collaboration That Works

How to Work with Toptal

在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.

1

Share your needs

在与Toptal领域专家的电话中讨论您的需求并细化您的范围.
2

Choose your talent

在24小时内获得专业匹配人才的简短列表,以进行审查,面试和选择.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring