Summary
Overview
Work History
Education
Skills
Certification
Previous Experience
Timeline
Generic

SURINDER CHUGH

Montreal,QC

Summary

Around 10+ years of experience in the field of IT with a focus on Bridging Security, Governance, and Robust Web Protection | Security GRC & WAF Engineer.

My passion lies at the intersection of ensuring robust security measures and fostering governance, risk management, and compliance (GRC) strategies. With a seasoned background in Security GRC and a specialized focus on Web Application Firewall (WAF) engineering, I bring a unique blend of skills and expertise to the cybersecurity landscape.

In my role, I champion the fusion of security best practices with regulatory compliance frameworks, seamlessly aligning organizational objectives with stringent security protocols. I excel in orchestrating comprehensive GRC assessments and meticulously analyzing security controls, risk landscapes, and compliance requirements to fortify systems while ensuring adherence to industry standards and regulations.

Simultaneously, my proficiency extends to WAF engineering—an area where I engineer, configure, and maintain WAF solutions with precision and finesse. Leveraging in-depth knowledge of various WAF technologies, I navigate complex on-premise and cloud-based deployments, optimizing web protection across diverse landscapes. My expertise encompasses configuring WAF settings, conducting traffic analysis, and continuously refining WAF rules and signatures to mitigate evolving threats effectively.

My holistic view of security extends beyond technical aspects—I understand the pivotal role of GRC in fortifying an organization's resilience against cyber threats. This insight, coupled with superior communication and presentation skills, empowers me to engage and collaborate effectively with cross-functional teams, translating complex security strategies into actionable plans.

Thorough knowledge of risk assessment using enterprise risk management principles and concepts.

Good knowledge of Security Operations Centre (SOC) working processes, change management, Incident Management, Identity Access Management, conducting Audits, IT Security Governance, Disaster Recovery and Business Continuity Planning.

Comprehensive understanding of TCP/IP, Firewalls, Cryptography, Digital Forensics, Project Management, Security Policies, Disaster Recovery and Risk Management.

Hands on experience with SIEM tool, IDS / IPS tool, email security, Antivirus solution.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Information Security – WAF Engineer

Morgan Stanley
09.2022 - Current
  • Orchestrating a spectrum of Akamai technology features including Web Application Firewall (WAF), DDoS mitigation, Bot Manager, Network List Management, Luna Portal User Access Management, Account Protector, Client Reputation, and other Kona site defender settings
  • Engineer, configure, deploy, and maintain Web Application Firewall solutions on the cloud Akamai
  • Configure new sites and applications for WAF protection and perform analysis of traffic to remove false positives
  • Perform technical reviews and onboarding, collaborating closely with Akamai and application teams to surmount challenges seamlessly
  • Develop, maintain, test, and troubleshoot WAF rules/signatures to mitigate threats and implement best practices
  • I'm adept at reviewing Akamai portal data to pinpoint security-related events, swiftly handling incidents related to application layer attacks, abnormal traffic, DDOS assaults, and bot intrusions
  • A core aspect of my responsibilities includes crafting and developing new reports, empowering teams with actionable insights derived from Akamai alerts
  • I meticulously ensure adherence to application tuning requirements, maintaining a regular cadence to gather, document, and track the progress of Akamai tuning requisites, fostering a secure and optimized digital environment
  • Perform root cause analysis on incidents, issues, and determine the proper course of action
  • Create and update documentation including security diagrams, policies, procedures, playbooks, and run books
  • Develop automation for security tools management and workflow integration using Python, or other automation languages
  • Supports and ensures the stability of the WAF platforms
  • Evaluate applications and determine if applications are in scope for WAF.

Security Consultant

NTT Data Inc. (Contracting with Morgan Stanley - Financial Institution)
05.2017 - 09.2022
  • Reviewing system and infrastructure related material including specifications, diagrams, requirements and test plans to ensure security standards are followed
  • Performing detailed assessment on third party vendor/clients' web applications, infrastructure, and security controls
  • Conducting gap analysis, and recommending mitigation controls aligning with client's current security standards
  • Creating comprehensive security architecture assessment reports that clearly articulate key security elements including Access control (AAA), network connectivity, cryptography, and firewall rules
  • Evaluating new and emerging products and technologies while making recommendations concerning the introduction of new technologies
  • Updating client's global security standards and processes in support of the team as and when required
  • Securing client's E-trading platform which is most critical low latency infrastructure, e-trading engine(s), application(s), host(s) configuration, and firewall connectivity.

Advisory System Analyst

IBM
02.2015 - 02.2017
  • Project: Prudential – Back office Operate Team - OMNIPLUS(US Pension plan Administrator)
  • Technical Environment: COBOL, JCL, VSAM, OMNIPLUS 5.95, DB2, REXX, Change Man, Jobtrac, Xpeditor, Fileaid, IBM Debugger
  • The goal of the project is to provide ongoing support to Prudential Retirement Services, Produce adhoc reports for senior management, MIPS reduction initiative via performance optimization, system stability, hygiene & automation.

Assistant Consultant

Tata Consultancy Services
04.2014 - 01.2015
  • Project: Prudential – Scandinavian Airlines, Biggles II – A migration program, datacenter move project
  • Technical Environment: Enterprise COBOL, JCL, DB2, IMS, Microfocus Enterprise server, Indesca, TWS, REXX, ENDEVOR, IBM Debugger, IBM z/OS
  • It was datacenter move for SAS from CSC to TCS, we are at client location for knowledge transfer of all mainframe applications
  • Document of understand was prepared with concurrence of application SME's and after the move the applications were supported by TCS.

Assistant Consultant

Tata Consultancy Services
04.2011 - 03.2014
  • Project: Reverse Engineering and Data Synchronization of an ongoing legacy system for US based shipping client Matson
  • Technical Environment: Enterprise COBOL, JCL, DB2, Changeman, Panvalet, MYSQL, Triggers and Stored procedure, Unix shell script
  • The goal of the project was to implement the Data Sync for legacy transformation project which was planned to decommissioned and move to Java in phases
  • Also the Data Migration process was designed and developed.

System Development Specialist

ACS – A Xerox Company
01.2009 - 04.2011
  • Project: Re-engineering, Enhancement and Maintenance engagement for the Participant Record Keeping System (RKS) of ACS using Sungard Product OMNIPLUS
  • Technical Environment: Enterprise COBOL, JCL, DB2, Endevor, Omniplus 5.45.

Education

Bachelor of Science - Electronics And Computer Engineering Technology

Guru Gobind Singh Indraprastha University
India
08.2006

Skills

  • Applications/Tools: Akamai & RADWARE WAF, IDS/IPS (Snort), Vulnerability Scanners (Qualys, OWASP, Nessus), SIEM (Splunk), Wireshark
  • Networking and Hardware: TCP/IP, Ethernet, Servers, Hubs, Routers, Switches, VPN, PCs
  • Cloud Platform: Amazon AWS
  • Frameworks: ISO 27000 and ISO 31000 series, COBIT, PCI DSS, ITIL, NIST, SOX, TOGAF, SABSA
  • Domain Knowledge: Software Engineering and Information Security
  • Languages: C, C, Python, Legacy languages (COBOL, JCL, etc )

Certification

Pursuing Certified Information Systems Security Professional (CISSP)

Previous Experience

IT Application Developer, Strong US Pension plan industry experience, like 401K plans and defined benefits plans. Strong experience in the development and documentation of business and user requirements from diverse groups of stakeholders in the form of Use case specifications, functional and non-functional requirements, and the creation of Business Requirements Documents (BRD). Extensive Experience with SunGard Product OmniPlus 5.95 and US pension plans for North American clients.

Timeline

Information Security – WAF Engineer

Morgan Stanley
09.2022 - Current

Security Consultant

NTT Data Inc. (Contracting with Morgan Stanley - Financial Institution)
05.2017 - 09.2022

Advisory System Analyst

IBM
02.2015 - 02.2017

Assistant Consultant

Tata Consultancy Services
04.2014 - 01.2015

Assistant Consultant

Tata Consultancy Services
04.2011 - 03.2014

System Development Specialist

ACS – A Xerox Company
01.2009 - 04.2011

Bachelor of Science - Electronics And Computer Engineering Technology

Guru Gobind Singh Indraprastha University

Pursuing Certified Information Systems Security Professional (CISSP)

Similar Profiles

CREATE PROFILE
SURINDER CHUGH