Palo Alto Resident Consultant
Palo Alto Contracted
Total years of experience :18 years, 4 Months
Perform full assessment for the PANW Panorama and NGFW deployment design and configuration.
- Handled centralized web filtering project for applying a unified Internet applications control, URL filtering, file blocking, outbound decryption, full security profiles, user identification and reporting, for all MOMRAH users everywhere in KSA.
- Provide and apply the recommended design changes for enhancing performance, availability and provide more restriction on the traffic flow to minimize the attack surfaces.
- Provide and apply best practice recommendations for enhancing Panorama, log collector and different layers of PANW NGFWs performance, from internal DC to Internet firewalls in multiple Momrah DCs.
- Redesign the Panorama setup at MOMARH by deploying new dedicated log collectors to offload the huge incoming log rate of the PA firewalls to the current Panorama which extremely enhanced its performance.
- Assess how threat prevention is applied and apply the best practice recommendations on PANW NGFWs security profiles.
- Handling restriction, optimization and cleanup project for all PANW firewalls full configuration in all MOMRAH Data Centers.
- Handling MOMRAH Migration projects for merging multiple municipalities
using multi-vendors firewalls to the main DC PANW firewall using PA Expedition tool.
- Handling complex firewalls design changes.
- Assess the hardening of Panorama and PANW firewalls, then apply the best practice recommendations.
- Support the operation team in troubleshooting complex cases. - Build standard procedures for the operation team to follow in handling
operational requests in an optimal way.
- Provide upskilling knowledge transfer sessions for the operation team. - Assess traffic flow then provide security advisory and recommendations for the operation team to follow.
As a Network Security Consultant, working both independently and in
partnership with consultants from other regions. Engaged in performing or
assisting in the following activities:
Ownership or support in creation of deliverables (Low Level Design, Acceptance
Test Plan, Migration scenario).
Ownership or support in creation of projects consulting blueprints and
boilerplates.
Liaise directly with customer to obtain all relevant technical information for
successful design, order validation & project delivery.
Support on site or remote migration for complex security
solutions/environments, as required.
Position and/or deliver billable consulting work to a partner or end-customer,
especially when it facilitates the progression towards, or closure of, a deeper
partner relationship or a significant end-customer contract.
Acting as pre-sales security consultant for some of the organic growth activities
as needed.
Consistently deliver high quality billable technical service to existing and new
clients ensuring that customer satisfaction is maintained or improved.
Stay abreast of technical, issues, options and advancements within the
internetworking industry relevant to the Orange services portfolio.
Be recognized as an authority on Orange products and services both internally
and externally.
Maintain and develop technical specialization and certifications to accommodate
growth in Orange services, as well as personal requirements.
Contribute to knowledge management through documentation of completed
assignments in the form of case studies, author white papers or presentations on
technical solutions and services offered by Orange.
Participates in projects as part of a project organization respecting cost, quality
and time constraints.
Provide consulting assessments for new and existing customers if needed.
Ownership of the technical solution from concept to subsequent implementation.
Present technical solutions to partners and their end-customers, both formally
and informally, as required.
- Leading the network security team who is responsible on all network security controls applied in HO data center and remote sites (Firewalls, Web gateways, Threat prevention systems, Site-to-site and Remote access VPN, AAA, Network load balancing for HA, etc....)
- Developing, continuously reviewing and updating the organization’s security strategies and policies for securing confidential data through applying security standards.
- Use Network Load balancing to ensure the High availability of all Data Center services in high performance and secure manner targeting a full high available and secured environment.
- Leading POCs for any new security technology or product can improve the security of the environment.
- Performing periodic Configuration Assessment for all security devices.
- Provide security recommendations for other IT system owners in different team based on periodic vulnerability assessment results.
- Generate different periodic reports from different security devices to have full visibility about the environment.
- Design and Implement Network Security solutions using different security technologies from multiple vendors.
- Configure and manage different security products for applying stateful and next generation firewall features, Threat prevention, web filtering, SSL decryption, AAA, Network Load balancing, VPN, IPS, network antispyware and antivirus.
- Working on security products from multiple vendors like Cisco, Palo alto, Citrix Netscaler, HP, Bluecoat, Forti gate and SonicWALL.
- Design, implement and manage Network load balancing solution using Citrix NetScaler for load balancing different applications like Citrix Xenapp enviroment, MS Exchange, MS Lync and Oracle application.
- Troubleshoot and solve any security issues existing in production environment.
- Working on logging system for collecting logs from different security devices and report any warning or critical issues for necessary actions. For achieving the best network traffic visibility and fast response against incidents.
- Working on monitoring system to monitor the availability of all existing network and security devices.
- Responsible on investigating and taking proper immediate actions against security incidents and reporting them.
- Evaluating the organization’s applied network security, then recommends and develops the necessary modifications on policies, procedures and standards.
- Validate that appropriate controls are in place for daily operations.
- Schedule periodic reports to be generated automatically from security devices.
- Review periodically generated reports and give recommendations to be applied for enhancing security strategies.
- Review newly appeared vulnerabilities or attacks and develop remediation plans to avoid its impact.
- Fine tuning new IPS signatures before being applied in order to apply actions suitable for environment running services.
- Develop detailed designs using best network security solutions for the Head office, subsidiaries and projects.
- Provide consultation, recommendations and configurations of the network security part for new or existing projects to achieve all services availability in a secure manner.
- Document security implementations (designs, configurations and changes) in clear and professional format.
- Perform proof of concept for testing and evaluating any new network security technologies.
- Continuously searching about new security trends and technologies that will enhance network security architectures.
- Review Security device’s OS caveats and recommended upgrades.
- Perform a daily health check for all Security appliances and servers.
Was working as a Senior Info/Network Security Engineer in the following fields:
Implementation, configuration and troubleshooting of network security solutions using Cisco ASA firewall, Cisco IPS, FWSM and IDSM modules to achieve security purposes like:
- Securing the internal network.
- Securing the publishing of Web-servers, Mail servers, FTP servers & etc... through the internet.
- VPN Termination.
- High-Availability between more than one security appliance.
- Giving secure internet access for internal users.
- Implementation, configuration and troubleshooting of LAN and WAN using different models of Cisco switches and routers. In the LAN level, configuring Vlans, VTP and securing Cisco switches using modules like FWSM and IDSM. Also, configuring different types of routing protocols like RIP, IGRP, EIGRP and OSPF on Cisco routers. Also configuring Frame-relay and making security configuration on different models of Cisco routers using ACLs.
Banking security systems regarding to the Implementation, configuration and troubleshooting of the following solutions:
- Project manager of the EMV solution for smart cards production (VISA and MasterCard) in many banks using Thales, Verisoft softwares and Thales p3cm (crypto module).
- Thales HSM (Hardware security Module) for Key management, PIN generation, PIN verification and PIN mailer.
- Thales datacryptors various models for encryption of different types of traffic (data, voice and video) transferred between remote sites.
Performing Network Implementation, configuration and troubleshooting of LANs and WANs using Cisco devices (switches & routers).
Implementing and troubleshooting Network security setups using Secure-Computing security appliances like sidewinder firewall, Snap-Gear & web washer for achieving security purposes like URL-filtering, Web filtering, IPS, Network-Antivirus, and VPN termination.
B = Good
