Senior Network Engineer
Injazat Data Systems
Total years of experience :24 years, 7 Months
Level 2/3 Network/Security Specialist responsible for Network/Security Operation of enterprise network security infrastructure including Firewall IPS/IDS, Content Filtering, Load balancer, Proxy, WAFs, VPN, Data Center/Core Routing/Switching, 2FA, Advanced Threat Prevention, Vulnerability Management, Wireless Infrastructure for Abu Dhabi Sewerage Services Company (ADSSC) to support 750+ users with 20 remote sites. INJAZAT deputed me in ADSSC to support their core infrastructure.
Lead the network/security team to manage the company’s network and security infrastructure
Excellent knowledge of core network services (DNS, SNMP, SMTP, NTP, syslog, HTTP, SSL) Experience working with systems from vendors: Cisco, Fortinet, Citrix, F5, EMC RSA, Tripwire
Responsible for the compliance, hardening and security of all systems working in conjunction with IT System/App Teams to enforce the CIS, NESA, NIST standards
Work with the Abu Dhabi Government SOC/NOC Teams for network and security incident response Demonstrable experience of deep troubleshooting skills to analyze/interpret system, security & app logs to diagnose faults using the Wireshark, Fiddler, Burp Suite tools
Manage Fortinet ATP products (sandboxing, FortiMail, Fortinet EMS, WAF, IPS/AV/Web filtering) to protect company’s IT assets
Manage the NetScaler Load Balancers/WAFs to protect the company's public and corporate services
Manage the Cisco IronPort Proxy Servers to block the unauthorized traffic as per ADSSC IT policy
Monitor for emerging threat patterns/vulnerabilities provided by TripWire, IP360, Acunetix, Fortinet tools Assisted in the migration of EXADATA/VBLOCK project with Network and security provisioning
Recommended SD-WAN/SIEM/PAM/EDR solutions to the ADSSC client for security improvement
Lead in new network/security solutions evaluation, design, and implementation
Prepare Technical RFPs of new network/security solutions to meet business requirements
Projects Delivered:
Successful migration from DMZ/DC NetScaler MPX load balancers to new boxes with no downtime
Successful migration of DC Firewall Cisco FirePower ASA to Cisco FTD with minimal downtime
Successful migration of Perimeter Firewall Fortigate to new Fortigate firewall
Secured Email Gateways using the SPF, DKIM, and DMARC
Deployed the proactive monitoring/alerting mechanism to notify alerts to the application team owners of any service going down and up using Citrix ADM tool
As per the Regulations in Abu Dhabi State, the IT Departments in the Government Sector including ADWEA and its subsidiaries (ADDC, AADC, TRANSCO, ADWEC, ADSSC) were outsourced to INJAZAT DATA SYSTEM. My services were outsourced as part of the agreement for the high profile Injazat government clients. My primary responsibilities were as follows to support 4000 users:
Level 2/3 Network Routing/Switching/Security Specialist responsible for Network and Security Operations of ADWEAG companies
Coordinate with Government ADNET to provide the Internet connectivity or G2G services to the ADWEAG public services
Coordinate with the Government ADDA SOC Team for forensic investigation of the incidents reported by SOC team and close the security gaps and vulnerabilities reported by them
Managed the Bluecoat/Websense Proxy Servers to block the unauthorized traffic as per ADWEAG IT approved policy
Managed the DMZ F5 Load Balancers 3900 and DC Cisco Content Switches 11500 to optimize/ secure 40+ public facing and 50+ corporate business critical applications like e-payment systems of Billing systems, ERP, Maximo, e-registration, GIS, Email, SharePoint
Managed F5 WAF ASM solution to secure the ADWEAG public facing apps against malicious attacks
Managed the Network L2/L3 MPLS links of the ADWEA Group of companies (TRANSCO/ADDC/AADC/ ADWEC/ADSSC)
Planning and designing of the Network Disaster Recovery
Managed multiple Fortinet Firewalls (8 firewalls) in the Perimeter, Core, Remote Sites Managed the Cisco SSLVPN Gateway with integration of RSA 2FA authentication Projects Delivered:
Planning, designing, and deployment of the Websense Proxy servers in ADWEA group of companies
Successful migration of old Fortigate Core Firewalls to new Fortigate boxes
Successful migration of DC Firewall FWSM to Cisco ASA Firewalls
-Responsible for Network, Security, Voice, and Enterprise Video Conference Operations of the Global DC and entire TAQA Group of Companies comprising 65 remote sites belonging to 8 different companies with a total of 2800 users
-Responsible for the strategy, implementation, procurement and maintenance of the company's global network, telecommunication, and video infrastructure which has continued to remain robust and reliable.
-Integrating acquired assets network-infrastructure, and support-mechanisms into unified architecture. This involved IP restructuring, VoIP Dial-Plan Unification, Global-Service Design, and Unified Hierarchical Network Management, and Monitoring
-Responsible for the provision of local and Global Telecom Connectivity amongst the TAQA entities in coordination with International Service Providers such as VERIZON, BT, KPN, SingTel, INTEROUTE, ETISALAT, and du
-Conduct the Global POCs for the Enterprise Instant Messaging solution
-Conduct the capacity planning of the Enterprise WAN links
-Providing the recommendation to the management for communication over satellite link via satellite phones for HSSE department for Group Crisis meetings
Brief Summary of Major Projects Completed:
-Data Center Migration from Fujitsu Netherlands to KPN hosted Data Center
-Implemented Global Tele-Presence Solution in Netherlands, Calgary & UAE
-Integrated the Cisco IP Telephony in all the entities with the Global VOIP and POLYCOM environment
-Project delivered that allowed the TAQA entities to failover automatically to backup links ensuring no business disruption
-Project delivered ensuring all the TAQA’s Internet-based Services for TAQA dutch company will continue to work as normal even if one of the two Internet links fails thereby reducing the downtime from hours to few seconds.
-Played a major role in the mailbox migration from UAE to Netherlands. With this approach, TAQA saved 100, 000/- AED per month for the duration of 2-month project.
•Level 3 Network Specialist responsible for Network and Security Operations of the Entire ADWEA Group of Companies (ADDC, Transco, BPC, AMPC, ADWEC, TAQA, ADSSC) comprising 80 remote sites belonging to 8 different companies with a total of 4000 users
•Consult Injazat on LAN/WAN design, plan, security, VPN, capacity planning and architecture, best practices, and network management in an enterprise environment.
•Designed, planned and implemented secure and high availability enterprise networks for Injazat clients including high profile government agencies and departments. The design includes Cisco Catalyst 6513 with Sup720, FWSM with failover capabilities
•Designed and planned Voice over IP networks for two Injazat clients.
•Analyzes metrics, statistics, and packet dumps to resolve illusive problems.
•Utilizes Cisco IP accounting, Ethereal, sniffers, NAM, Network Flow Analyzer to troubleshoot problems and verify network connectivity and performance.
Projects delivered in high Profile Government Clients:
Abu Dhabi Food Control Authority
•Re-designed ADFCA Network and Security
•Connected 16 ADFCA Remote Sites through Leased lines with ISDN Failover
•Prepared Migration Strategy from E1 ATM connection to EoATM / IPVPN connection between Al-Ain and Abu Dhabi ADFCA HQ offices
•Deployed high availability and secure network in Abu Dhabi HQ office
Abu Dhabi Authority Cultural Heritage
•Completed the Designing and Planning of the Entire ADACH Data, Security and IP Telephony Network.
Abu Dhabi Sewerage Services Company (ADSSC)
-Designed, planned and Implemented High Availability network for ADSSC, ADWEC, TAQA
-The design includes Core Switches (Cisco 6513), FWSM blades, WAN Routers - Cisco 7613
Abu Dhabi Distribution Company - SPL Billing System Project
-Installed, and Configured the Cisco Content Switches 11503 for load balancing among the Web Server Farm
The network comprised of 1200+ users distributed across 28 remotes sites connected to the Head Quarters. They have 24*7 operations and network connectivity is very much critical to the business operations. My job responsibilities were as follows:
•Responsible for Network, and Security Operations of the ADDC Network Infrastructure
•Design fault-tolerant network for ADDC company
•Communicate with Etisalat for Data Communication interlinks
•Use Vulnerability Assessment tools to determine security loopholes in the networking devices
•Managed High End Cisco Routers and switches (7500, 6500, 5500)
•Configured critical sales sites with ISDN failover.
•Configured DDR on Alain Router to connect to ADDC Billing Server when billing application is launched. This reduced the cost from average 3000 AED to 148 AED per month.
•Deployed Cisco PIX 525 Firewall for Internet web browsing, and SMTP traffic
•Planning, Configuration, and Deployment of Cisco IDS/IPS
•Managed the ISS RealSecure Network Sensor, Server Sensor, Internet Scanner
•Constantly monitoring the Internet, and network traffic for any malicious activity through IDS /IPS using Cisco Works 2000 VMS Server, ISS Site Protector Console, Syslog Logging
•Deployed MRTG and PRTG applications to monitor the network and Internet volume traffic as a capacity planning tool.
•Deployed Network Analysis Module on the Cisco Switch 6513.
•Deployed Cisco Works 2000 Server LMS & RWAN, VMS Server, WhatsUP Gold, Cisco Secure ACS 3.x, ISS RealSecure Network Sensor, Server Sensors, Internet Scanner, Site Protector, KiwiCatTools, SolarWinds, Network Security Analyzer
•Configured WhatsUP Gold to send SMS to mobile if the critical device or link goes down.
•Configured Gateway Load Balancing on the two Internet Routers to load -balance Internet traffic on the two leased lines.
•Automated the Backup of the Cisco configuration of all devices through KiwiCatTools.
• Completed a Global BP TBoP project to migrate from NT 4.0 to Windows 2000 infrastructure, SMS 1.2 to SMS 2.0 with Altiris, Exchange 5.5 to Exchange 2000, and NT 4.0 RAS to Windows 2000 RAS Server totally transparent to all 450 + site users.
• Primary Exchange, and Secondary Windows NT, SMS, RTR Site Administrator
• Managed DNS, DHCP, WINS, IIS and other services on Servers.
• Maintained Antivirus updates on all servers using NetShield, and Groupshield for all sites.
• Applied Security Patches for NT/2000, IIS 4.0/5.0, and Internet Explorer 5.x.
• Deployed COE 3.x (desktop standards) roll out across the sites through SMS 1.2/2.0.
• Implemented and Deployed Proxy Server as a Cache server with Websense as URL filtering.
• Deployed Pakistan Intranet Server hosting Health, Safety, & Environment, IT & HR websites.
• Deployed EXMERGE utility to remove undetectable viruses from the Exchange 5.5 mailboxes.
• Server Disaster Recovery Planning, Documentation, and Implementation of Exchange Server 5.5, SMS, Intranet, Proxy, and Application Servers. Tested the restoration of these servers successfully less than 1 Hour.
• Installed and Configured Compaq Rack Mount Proliant 1850, 2500, 3000, 5500, 6000, ML350, ML570 (RAID1/RAID5) with NT and Novell OS.
• Server Disaster Recovery Planning (ArcServeIT DR Option and Replication Option)
• Managed Lotus Notes, NT, Proxy, Web, Printing, and Backup services.
• Installed, configured, and managed System Management Server 2.0 across 3 sites
• Tested System Policy successfully on desktops for standardization as per BP policy.
• Deployed Windows NT Terminal Server with Citrix Metaframe as a pilot project
• Migrated applications from Novell to NT without a single minute of downtime
• Installed, Configured, and Maintained Norton Antivirus on NT and Novell Compaq Servers
• Managed Cisco 4500, 3600, 2500, 1750 routers and PIX firewall.
• Deployed 3COM Core Builder 7000HD and Super Stack II 1000, and 3000 series switches
• Planned, and designed Gigabit Ethernet involving fiber backbone across 5 floors
• Managed the nationwide IP addresses distribution among 3 sites, 3 branches, and 12 remote facilities from a pool of four class C IP addresses using VLSM techniques.
Central Depository Company of Pakistan Limited (CDC) manages and operates the Central Depository System (CDS). CDS is an electronic book entry system to record and transfer securities. It comprises three sites connecting Stock Exchange Markets with 200+ users.
• Managed Windows NT, Exchange 5.0/5.5, WINS, DNS, and proxy servers for all sites.
• Planning, designing, and implementation of the projects related to Office Automation
• Installed, configured and implemented Exchange Server as SMTP Server for the company wide users through cost effective dialup solution for Internet Emailing using Mail Essentials
• Centralized backup of Emergency Repair Diskettes of all Windows NT Workstation 4.0 in a central location through scripting.
• Installation, configuration, and troubleshooting of HP Laser Jet and Printronix Line Printers
• Dealing with vendors for the purchasing of hardware and software
• Planning, configuration, and deployment of McAfee Total Virus Defence suite on the network.
• Centralized Alert Management, Automatic Updates of Virus Definition Files
• Extensively supported various high-end Compaq servers such as Proliant 6000, 5500, 2500, 1600, 1500, 800 series servers.
• Migrated users from Novell to NT without a single minute downtime.
• Installed DHCP, WINS and DNS on NT boxes.
• Installed Oracle 7.3 on NT machine to run Genie software - Data Warehouse application.
• Configured SCO UNIX on Compaq Servers to run Aviation Business application.
• Installation, configuration, and administration of networking products such as Seagate Backup Exec, McAfee NetShield Antivirus, Symantec Expose, Quota Server
• Installation and Configuration of an additional post office in MS-Mail Server 3.2a in NT 4.0
• Integration of two Post Offices in MS-Mail Server 3.2a for PC Networks in mixed environment of Novell Server 3.12 and Windows NT Server 4.0
• Configured and managed Cisco routers for Shell Pakistan sites running OSPF.
• Successfully migrated from RIP to OSPF.
• Deployed Symantec Expose to monitor devices including Cisco, 3Com, Compaq, AS/400.
• Managed the nationwide IP addresses distribution from a pool of eight class C IP addresses
• Imparted Training in Windows Operating Systems, Novell 3.12, Microsoft Office 95
• Setup a Lab consisting of Windows NT, Novell Netware, Lotus Notes, and UNIX
• A lab instructor for MCSE classes introduced first time in Pakistan
Imparted training in Advanced DOS, Windows, Office, Lotus SmartSuite, Word Perfect, Novell