Security Consulting Engineer
Cisco Systems - Saudi Arabia
Total years of experience :9 years, 2 Months
Working For Cisco MNS Project with Mobily KSA (Etihad Etisalat Company). It is one of the leading ISPs in the Middle East.
• Working is L3 Sytems Consulting Engineer for cloud and Virtualization Department
• Project Implementation and operations duties
• Major Vendors and Technologies working on Palo Alto NGFW, Fortinet NGFW (F5 LTM, WAF, GTM
• Arbor DDOS Solutions, Infoblox, A10, Solarwinds, CGNAT, Linux
• Providing Technical support for mobily on critical escalations
• Responsible for SLA Compliance as Cisco Source
Worked as Network Security Consultant to support achieve GSTAT’s Census 2022 Project. Major Enhancements, Act as subject matter expert for security projects and enhancements following best practices, Involved in designing and deploying, and protecting network & Security infrastructure as below
Migration of Infrastructure Security to Deem Cloud.
Designed and implemented DC and Edge Internet Firewalls.
Palo Alto Firewalls: Implementation of IPS/IDS, QoS, SSL Forward Proxy, DoS Protection, and URL filtering. Threat Protection, User ID, App-id, Remote VPN and Site to Site Global Protect VPNs Solutions.
Migration of all firewall to panorama for management and configured panorama as external log collector.
Completed the Palo Alto Firewalls migration from 3060 Model to 5020 model, Active/Passive Deployment.
Proving Operational Support such, upgrading, patching and creating Firewall Policies to support business.
BIGIP F5 LTM: Deployment of F5 LTM, complete migration of legacy architecture to recommended best practice, design. Active-Passive configuration, one arm and two arm deployment.
Configuration of iRules and Local Traffic Policies.
F5 WAF: Complete Application security Policy Deployment to ensure Protection against top threats, OWASP top 10, custom signatures as well as WAF policy tuning. DDOS mitigation,
Cisco ISE: Deployment and implementation of Cisco ISE NAC solution. Radius and tacacs+, Posture and Compliance BYOD. Wireless and Wired access policies. upgradation
Symantec BlueCoat Proxy: Implementation of Proxy with Bluecoat Proxy Solutions. Domain and URL Filtering with explicit mode deployment.
AlgoSec: Deployed AlgoSec for firewall audit and policy cle+anup.
Working with DLP implementation through Symantec. ccio
Splunk: Implementation of Splunk SIEM solution and integration with all security products.
Responsible for Redesigning complete network security Infrastructure Creating and updating network Security HLD and LLD,
Providing POC to higher management to present the solution.
Up-gradation, patching, installation of all network security products.
Responsible for the definition of a high-level target network security architecture which offers the best solution for risk mitigation, performance, economics and customer experience.
Technical assessments of network security architecture from end devices,
(Servers, hosts, user equipment etc.) Extending to all the transport network touch points.
Lead and take part in trials of innovative technology, based on strategic needs.
New Cyber Security technology awareness, evaluation and selection.
Maintain standards and competitor awareness to identify and support proposals that meet future objectives.
Interaction and communication with vendor support organizations and engineers
Involved in DR planning and hybrid Data center buildup.
Business continuity planning,
Involved in creating connectivity with government connected entities through GSN and NIC.
My daily responsibilities are listed below Responsible for the administration, patching upgrading and enhancement of network security architecture such as, Cisco, Palo Alto & Fortinet Firewalls, Cisco ISE & Pulse Secure as NAC Solution. InfoBlox for DNS Security, F5 LTM/ASM for load balancing and Web Application Security, Network Traffic Analysis and Audit using SPLUNK and Algosec for firewall review.
Implementation of security policies and procedures to Harden network security in compliance with Regulatory Authorities such as SAMA (SCB), NCA and PCI DSS.
Providing Operational Support and Security Policy implementation based on user request to and from the Bank.
Administration and management of IT Security Infrastructure,
Managing Cisco ISE for Network access control, Posturing and Profiling, Device Administration using Radius and Tacacs+, Wireless Guest access and BYOD with CWA.
Providing operation support for LTM and GTM Components to manage external and internal traffic.
Configuring and tuning policies to protect web applications using F5 ASM.
Creating and modification of iRules and Local Traffic Policies to achieve customized application traffic flow as per need.
Creating Site to Site VPNs with third Parties and customers within and outside the kingdom.
Responsible for creating remote site VPN for remote/mobile users,
Responsible for operation of Pulse Secure as NAC solution to provide Wired access for remote branches,
Data traffic Analysis, Reporting and Logging as well as security events audit Using Splunk.
Firewall policy Audit with Algo-Sec.
Responsible for monitoring and protecting DNS security with InfoBlox DDI, Creating Response policy Zones local and integration with Infoblox cloud to protect DNS Infrastructure,
Creating policies to protect against Volumetric (DDOS attacks and Exploits and advance persistent threats,
Incident analysis, investigation and resolution for managed devices.
Configuration scheduled backup and restoration, Patching / software upgrade of all Network Security products.
Complete deployment of SDWAN solution using Velo-Cloud Solution, Connection All bank branches
Involving in Disaster recovery plans to shift Whole Bank traffic from MDC to SDC as part of SAMA DR Drill Plan, providing support and troubleshooting live during Drill activity.
Availability and performance monitoring for network devices using Solar-Winds & Stateseeker.
Daily /weekly/monthly service reporting as applicable.
Ticketing and follow up with different stake holders for the resolution.
Responsible for Development of network security architecture from conceptual work to implementation & supervision with all vendors.
Review technical proposals submitted by different companies/vendors to select best product.
Responsible for the network security documentation with MS Visio.
Network & Security Engineer L3
Projects: 1. DAVITA Health Care USA (Ministry of Health KSA) (www.davita.com). Planning, Designing, deployment and maintenance of Network Security, Voice & Wireless Infrastructure. Connectivity of DaVita Healthcare 76 Sites across Kingdom of Saudi Arabia. Network Security Implementation with Cisco FTD & Sonic Wall Firewalls, Deployment of NAC solution with Cisco ISE for user and devices Authentication, Deployment of BIG IP, F5 Load Balancer LTM, Securing Web Application with F5 Application Firewall. Symantec End Point Security Deployment.
Implementing and administrating common TCP/IP - based services, including DNS, DHCP, HTTP, FTP,
My Daily Routine activity includes L3 Support - Troubleshooting and solving networking issues - TCP/IP, DNS, DHCP, Layer 2/3 network as well as to keep Network Security intact. Inter-Connectivity of Branch Networks with each other via site to site VPNs,
Engage in data network fault investigations & tuning, Interconnectivity Between Sites by implanting routing, VRF and Gateway Redundancy
Wireless Deployment using Cisco WLCs(5500) & APs,
Responsible for Configuring, Maintaining & Troubleshooting Cisco VoIP scope deployed using ISR 4300/4400 Call manager Express, IVR Deployment using Cisco Unity Express.
Monitor network performance and troubleshoot problems and outages.
Secure network systems with policies that define and monitor access. Innovate, Develop and Enhance on the existing network designs. Support and administrate different security devices in line with IT security policy. Leading the technical team by handling their tasks, Distribute the technical task based on their Qualification Support the customer Technically Directly, Attend all awareness, enablement, workshop session.
(Worked as Network Support Engineer) „h My main daily tasks were to troubleshoot L2 issues, monitor network continuity and quality of the network communication.
„h Administration of Application server of Scale Server, Print Server, Database Management Using GIMA,
„h Administering Active Directory Services, Domain user related issues,
„h WDS Deployment, protecting users and department based on group policies
Networking. Grade 3.82 GPA