Kanwaljeet Singh, Developer in Delhi, India
Kanwaljeet is available for hire
Hire Kanwaljeet

Kanwaljeet Singh

Verified Expert  in Engineering

Cloud Security Architect and Developer

Location
Delhi, India
Toptal Member Since
January 31, 2023

Kanwal is a cloud security architect with over a decade of experience with Azure, IT security operations, security information and event management (SIEM), information security, and vulnerability management. His expertise is backed by various cybersecurity certifications from vendors such as ISC2, Microsoft, Cisco, and Palo Alto Networks. Kanwal is currently working on projects related to the cloud and cybersecurity.

Availability

Full-time

Preferred Environment

Cloud Security, Cybersecurity, Security, Infrastructure, IT Security, Vulnerability Management

The most amazing...

...projects I've delivered include building a design, developing a strategy, and migrating business-critical workloads from an on-premise data center to the cloud.

Work Experience

Chief Cloud Security Architect

2004 - PRESENT
A Company in the Electronics Field
  • Designed a secure defense-in-depth, zero-trust cloud architecture to migrate critical business applications from on-premises to the cloud. Supported implementation teams during the cloud infrastructure implementation and application migration.
  • Migrated a gateway stack in the US, Europe, and Asia data centers to a highly available Palo Alto-based zero-trust network architecture.
  • Headed the security assessment of all gateway stacks globally to ensure secure entries into the organization network.
  • Worked on cloud security compliance tools to ensure the cloud architecture conforms to industry regulations.
  • Developed a high-level design (HLD) and low-level design (LLD) based on business requirements and liaised with architecture and security teams based in France to implement the new design.
  • Provided design and expert technical support for engineering network security solutions based on recognized standards and best practices.
  • Prepared reports on key compliance and operational metrics for security infrastructure.
  • Performed periodic security assessments of firewalls, routers, switches, VPNs, SSL concentrators, and other network security configurations.
  • Analyzed client requests (RFP, RFQ, RFI, etc.) to understand technical requirements, schedules, and other matters of the projects.
  • Collaborated with other SMEs in Europe on all matters relating to ST service, product, compliance, and legal agreements.
Technologies: Cloud Security, Cloud Architecture, Application Security, Azure, Security, IDS/IPS, IPsec, Palo Alto Networks, Cisco Routers, Burp Suite, QualysGuard, Prisma, Border Gateway Protocol, Architecture, Azure Network Security Groups

Senior System Administrator

2002 - 2004
Emind Learning Software Services Private Limited
  • Implemented an IDS/IPS system in the California data center to monitor and block hacking and cyberattack attempts.
  • Tracked and fine-tuned the IDS signatures to ensure a minimum number of false positives.
  • Collaborated with a compliance manager to ensure a successful data center audit.
  • Performed security reviews to mitigate security issues.
Technologies: IDS/IPS, ASA, Cisco, Penetration Testing, Antivirus Software

Network Engineer

2001 - 2002
HCL Infinet
  • Delivered a project for a customer to connect 100 branch offices to headquarters using a secure infrastructure comprising of Cisco routers, Sonicwall firewalls.
  • Delivered a project for Bose to allow secure connectivity from their branch offices to their headquarters in the US using a secure infrastructure.
  • Headed a project to set up an offshore call center for customer support calls.
  • Performed a technology refresh of the Gateway stack successfully from Cisco ASA to SonicWall firewalls.
Technologies: Cisco, Border Gateway Protocol, Open Shortest Path First (OSPF), Networks, Monitoring

Network Engineer

2000 - 2001
Primenet Global
  • Developed the HLD and LLD for ISP infrastructure implementation to provide secure connectivity to various customers.
  • Participated in implementing the ISP infrastructure from scratch, including border gateway protocol (BGP) that was peered with multiple ISPs.
  • Prepared a traffic monitoring solution to give visibility to customers and businesses on traffic utilization.
  • Procured an autonomous system number and IP address space from the Asia Pacific Network Information Center (APNIC).
Technologies: Cisco, Check Point, IDS/IPS

Secure Cloud Infrastructure

Designed a secure cloud infrastructure to migrate on-premise workloads to the cloud. As a cloud security architect, I created a safe design for connectivity from an on-premise data center to the cloud. I assisted the project manager and core technical teams in developing migration strategies. Also, I developed a plan to allow secure access to web applications by partners and customers.

Migrated 35000 Remote Access Users to a One-time Password Solution

I was tasked with integrating remote access profiles with the enterprise directory and a one-time password solution. I liaised with different teams to seamlessly migrate remote access users to a one-time password solution in the cloud with zero downtime. This involved creating various profiles and aliases on remote access appliances and then doing network-level configuration to ensure the OTP servers are reachable from multiple locations across the globe so that users don't get blocked in case of an issue in one geographical area.

Integration of Remote Access Service with Azure MFA

I was responsible for the migration of MFA from MobilePASS to Azure MFA, leveraging the Azure infrastructure which we use. This involved doing a proof of concept on a test platform and sharing the results with the business. There were remote access gateways at nine locations worldwide, which I moved to use Azure MFA.

Integration of On-Prem AD with Azure AD

I successfully integrated on-prem AD with Azure AD and also created several conditional access profiles for security robustness and to ensure identity protection using risk-based policies. I also worked on federated identity to allow MS teams to collaborate with several partners.

Technology Refresh of an Internet Gateway Stack

As a routing, switching, and security expert, I developed a migration plan. It contained a low and high-level design and a runbook to replace the internet-facing ASA firewalls with SonicWall firewalls. It moved internet-exposed services behind a DMZ.

Platforms

Azure, Burp Suite, QualysGuard, Amazon Web Services (AWS)

Industry Expertise

Network Security, Cybersecurity

Other

Certified Information Systems Security Professional, Palo Alto Networks, Cloud Architecture, Cloud Security, IPsec, Web Application Firewall (WAF), Security, Architecture, Antivirus Software, Application Security, Routing, IDS/IPS, Border Gateway Protocol, Infrastructure, IT Security, Azure Cloud Security, Monitoring, Cisco Routers, Cisco, Open Shortest Path First (OSPF), Check Point, Vulnerability Management, Web Security, Data Loss Prevention (DLP), ASA, Networks, Dynamic Routing, SAML-auth, SonicWall, Fortinet Firewall Configuration, ASA Firewalls, Networking, Firewalls, Network Engineering

Tools

IBM QRadar, Sentinel, Azure Network Security Groups, Prisma, Terraform, VPN

Paradigms

Penetration Testing

Storage

Database Security, Azure Active Directory

Languages

Python

Frameworks

Windows PowerShell, WebApp

NOVEMBER 2021 - PRESENT

Microsoft Azure Security Engineer Associate (AZ-500)

Microsoft

OCTOBER 2021 - PRESENT

Palo Alto Certified Network Security Engineer (PCNSE)

Palo Alto Networks

MARCH 2019 - PRESENT

Certified Information Systems Security Professional (CISSP)

ISC2

MAY 2008 - PRESENT

Cisco Certified Network Professional (CCNP) – Security

Cisco

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring