Security Architecture & Engineering
• Defined network security architecture standards, principles, and reference patterns for cloud and hybrid environments.
• Led security design reviews for network, connectivity, and infrastructure changes using AWS-native and Fortinet controls.
• Produced reusable blueprints, engineering guardrails, and risk recommendations for infrastructure designs.
Cloud Infrastructure Security (AWS)
• Designed secure VPC architecture with public/private subnets, Route Tables, NAT Gateway, Internet Gateway, Security
Groups, and NACLs.
• Implemented IAM-based access control following least privilege principles; enforced MFA and role-based policies.
• Enabled CloudWatch, CloudTrail, GuardDuty, and AWS Security Hub for continuous visibility and threat detection.
• Implemented security controls across cloud infrastructure including identity, network security, encryption, and logging.
Network Segmentation, Firewall & Perimeter Security
• Architected secure segmentation models across enterprise and data centre environments using VLAN strategy, east
west/north-south traffic controls, and NAC policy enforcement.
• Designed and maintained FortiGate firewall policy standards, rule lifecycle governance, and review processes.
• Implemented IDS/IPS, proxy, and SWG preventative controls; engineered ingress, egress, and inter-network filtering
standards.
• Configured F5 BIG-IP LTM for secure load balancing, TLS inspection, certificate handling, and high-availability application
delivery.
DevSecOps, IaC & Automation
• Embedded security into CI/CD pipelines using DevSecOps tooling — SAST, SCA, secrets scanning, and IaC scanning.
• Built and managed secure infrastructure using Terraform, including EC2, VPC, subnets, and Security Groups; used
reusable modules for scalable deployments.
• Secured containerised environments and Kubernetes workloads including runtime and image controls; applied Pod
security policies.
• Automated network security configuration validation, compliance checks, and control assurance — reducing manual effort
by 35%.
Monitoring, SIEM & Incident Response
• Integrated firewalls, IDS/IPS, and load balancers with SIEM/SOC processes; improved network flow visibility and
anomalous traffic detection.
• Developed and improved monitoring and alerting across systems including SIEM detection pipelines and logging
frameworks.
• Contributed to incident response, root cause analysis, and implementation of preventative measures across cloud
environments.
• Defined infrastructure security logging and telemetry requirements across network platforms; enriched network security
events for detection engineering.
- مجال الشركة:
- أمن المعلومات و الشبكات