sanaullah Ashraf available

sanaullah Ashraf

PKI and Security Architect

Profileimage by sanaullah Ashraf PKI and Security Architect from Karachi
  • 75005 Karachi Freelancer in
  • Graduation: not provided
  • Hourly-/Daily rates:
  • Languages: English (Native or Bilingual)
  • Last update: 16.11.2019

You need an account to view this information.

  • 10+ years of experience in Information Security and Crypto related product
  • PCI (Payment Card Industry) compliance.
  • Solid Experience with security technologies: PKI (CAs, RAs, OCSP, CRLs, X.509, IETF PKI Standards, Certificate Policy), OAUTH, HSMs, SAML, Smart Cards, PKCS11, CAPI, Jar Signing, TLS, OpenSSL, Keytool
  • Hands-on Amazon Web Services (AWS) Cloud such as EC2, RDS and S3, Route53, CloudWatch
  • KMS (Key Management System) Implementation with safenet HSM
  • Deep Packet Inspection and traffic analysis experience on Wimax, GGSN and LTE.
  • Device and Gateway testing Experience of Tellabs 9100 series, Wireshark, tcpdump, traffic generator expertise
Professional Experience
Lead Security Engineer PKI
Unipagos, Mobile Wallet          July 2013 – Present  
  • Implementation of CDE (Card Data Environment), Tokenizer, Hashi Corp Vault with KMS (Key Management System) and safent Luna HSM
  • Design and deployed EJBCA PKI infrastructure along with CloudHSM and Smart Card authentication using pkcs11 (LDAP, RBAC, PKI, SSH over X509, OpenVPN)
  • Configured Centralized OCSP and External RA External RA Server for millions of Mobile wallet users.
  • Experience of working in Agile/Scrum Model and Monitor and participate in workflow tracking (JIRA) and documentation (Confluence)
  • Integrate 2 Factor authentication using Smart Cards/Tokens for all the Employees.
  • Strong working knowledge of OpenSSL, OpenSC, PKCS11 and OpenVPN and Crypto Services.
  • Security SIEM, IDS/IPS, Firewalls, log management and analysis along with Incident Handling experience
  • Design and implement the Security infrastructure from scratch for a startup financial firm.
  • Writing small Shell Scripts (JavaScript, Python and Go) to automate the tasks and can compile C/C++ codes for Linux and also having good understanding of deploying Java Applications and xml understandings.
  • Code Signing and Static code analysis for OWASP top 10 PCI requirement.
  • Ensure PCI Compliance IT controls are operating effectively, and all documentations are available for Internal and External Auditors. 
Project Engineer Information Security
National Radio and Telecom Corporation, Islamabad Pakistan           April 2012 – Jan 2014
  • Leading a team of 6 engineers to develop a secure VOIP solution
  • RSA Crypto Module Integration with Samsung smart Phones
  • Customer Test & Trail, onsite facing role for IP-Encryptor, FAX Encryptor, PSTN Telephone line Encryptor and Secure VOIP Encryptor
  • Develop a solution using ZRTP protocol to secure voip call
  • Embedded device testing
  • Manual and automated testing using IXIA for IPSEC
  • Traffic Analysis using Wireshark, tcpdump, Tshark
  • Managing the KMS and PKI
Senior Engineer DPI (Deep Packet Inspection GGSN, WiMax Gateways)                                                                                                       
Tellabs  (US Fortune 1000 company)   April 2011 – February 2012
  • Perform Deep Packet Inspection Testing on LTE, Wimax and GGSN based Network.
  • L4 to L7 Protocols testing over TCP and UDP based protocols (IMAP, POP, WAP, HTTP, SMTP, VOIP and SIP).
  • Application signature testing (Skype, Bittorrent, youtube,facebook, QQ, gmail, yahoo, kaza……etc)
  • Manual and automated testing using Breaking Point, Mu Dynamics, Spirent avalanche, Mu-Dynamics and many other tools.
  • Test Automation using TCL, Shell and Expect.
  • Analyze the traffic using TCPdump/WireShark, TCPreplay
  • Maintain Test Lab of Client Environments including Linux, Mac, Windows Servers, Sharepoint, Mail Server’s, Torrent Clients MSSQL, MySql, VOIP Server’s and many other tools.
  • Prepared various test plans for project releases
System Integration Engineer (Network Security Lab)                    
Horizon, Pakistan        Feb 2008 – March, 2011
  • Cross compiling the Linux IPSec stack to Cavium octeon Multicore architecture.
  • Cross compilation of minisip soft phone to Nokia N900 MAEMO Debian distribution.
  • Implemented 24x7 Public key infrastructures (PKI) EJBCA servers with OCSP and CRL Publisher on ubuntu Linux Server with LDAP, mail and video conferencing sever integration.
  • Vehicle Access Management Application development with RFID Hardware Integration using VB.NET and MySQL.
  • Prepared multiple test instances and deploy Secured Web Based Video Conferencing to communication between several site offices.
  • Asterisk and OpenSips Server Based Secure VOIP setup with PSTN Gateway Integration.
  • Designed, implemented Intrusion Detection (IDS) and Prevention system with Snort open source software, integrated it with Firewall to become intrusion-prevention systems (IPS).
System Engineer
Bin Dawood Super Stores, Saudi Arabia         Jan 2006 – Feb 2008
  • Regional IT In charge and System Engineer for Linux and Unix and POS (IBM & NCR) systems in highly critical 24/7 environments.
  • AS400 Server Support
  • Provided technical assistance into more than 16 Companies staff and Super/Hyper Market Point of Sales Machines, Weighing Scale, Barcode Printers, assisting with network access, printing, and application software operation.
  • Assisted IT Coordinator with administration of a network of more than 1000 users, spanning several other City Offices.
  • Physically and remotely configured, troubleshot, and administered users, laptops, tablet PCs, and blackberry devices for onsite and mobile users.