Senior Cyber Security Engineer
Bank Al Fransi
Total years of experience :13 years, 1 Months
Responsibilities and Work Details: Responsible to consultant planning and handling the security devices as per the bank policy and managing the devices on daily basis
Security platform:
Fortinet firewall & IPS, Centrify, IBM APP SCAN, Force Point Proxy, Safe net 2FA, Fidelis Meta DATA, Tipping Point IPS, Aruba NAC, Arcsight, Tenable scanner, Citrix WAF, F5 ASM, Fire Eye APT, AWS, Cisco AMP, Cisco ISE
Responsibilities and Work Details:
Successfully completed mobily telecom project with operationally handling and Installation, Configuration implementation, Integration, Penetration testing and managing team with great operation experience in SOC
Security platform:
Cisco Firewall- 5500x, Sourcefire, Firepower Services, Defense Center, ISE 2.1, Fortinet 1500D|30D|50D, Palo Alto 5050, Aruba AAA, Blue Coat proxy SG, MDM mobile iron, IPS, Arbor APS, Fire Eye APT
• Configuration of Cisco ISE for the wired solution using Dot1x and preparing the authorization policies for different active directory groups
• Creating security firewall rules as per the mobily security policy.
• Work on source fire IPS cisco in which creating profile and rules, managing the devices 3D sensors through FMC working on the certificates
• Hands on experience with Palo Alto security features Wild Fire, AV, Application control
• Configure and managing Palo Alto devices from Panorama for daily basis troubleshooting task
• Planning and design Fortinet firewall with routing configuration of (OSPF)
• Configuration of WAN optimization in Fortinet 100D
• Hand-on experience with DOS policy in Fortinet and Palo alto
• Configure different IPS profile for each DC users in Fortinet firewall, Palo alto and Source Fire
• Configure all fortinet firewall with forti manager
• Doing daily basis task on fortimail 400E
• Maintain an in-depth knowledge of security products and provides expert advice regarding their application and supervise the team members
• Performs troubleshooting if required. As such, leads problem-solving efforts often involving outside vendors
• Document the cyber security events as per the industry best practices and submit to management weekly basis
• Hand-on experience with Arbor APS to control the low volume attack
• Hand-on experience with FireEye APT (Web-Email) working on yaara rules to implement
• Performing activities for the heath check of the devices
• Working on the vulnerabilities to fix all the technologies
Responsibilities and Work Details:
security platform: Planning, Analyzing, Installation, Configuration implementation, Integration, Penetration testing, Technical project lead.
Security Platform: Sourcefire, Firepower Services, Defense Center, Palo Alto 5050-5020s, ISE, Fortinet 3500|3700D, WSA, Blue Coat proxy SG, Firewall- 5500x, WAF, IPS, DLP, CEH, WSA, Arbor APS
• Migration of Zain Tier 2 critical services as per Ex tranet firewalls (ASA 5585x) zones
• Migration of Zain Tier 3 critical services in Data Center firewalls (ASA 5585x) zones
• Configuration of Cisco ISE for the wired and wireless solution as per below
Wired Solution
• Configuration of policies for the Dot1x authentication and authorization based on the user group and posture assessment based on Antivirus application, Antivirus up to date, Windows operating system with appropriate service pack, Windows up to date things, Microsoft office with appropriate versions using agent based solution (NAC Agent)
Wireless Solution
• Configuration of policies for the dot1x authentication and authorization based on the user group as per the appropriate SSID for the VIP, corporate and Guest Configuration of guest policies with self-service enabled integration of the entire solution to work together including wireless solution with Cisco ISE and diverting the wireless traffic transparently controlled by Web Security Appliance
• Planning and implementation of Fortinet, Cisco ASA, ISE, Palo Alto
• POC Fortinet for the enterprise firewall 3500 Fortigate
• Migration from Fortigate to Palo alto
• Implement Cisco ASA and migrate from Fortinet 500E
• Design routing between Fortinet firewall and N7K through OSPF
• Configure BGP in fortinet firewall with AS number of small shop routers
• Deploying and implement arbor APS for low volume attacks DDOS
• Pen testing the network monthly basis and provide the report to senior manager
• Working on different attacks from linux base OS to verify the network security vulnerabilities.
• Working as acting manager during the absence of SOC manager
• Managing process and producers to get the proper time for SOC activities with the change management team
• Palo Alto Rule changes PA-2000/PA-4000, templates, object creation, planning, configuration changes, OS upgrades, CLI troubleshooting, audits all single managed
• Having ability to perform vulnerability assessments and penetration testing, utilizing tools
• Perform, review and analyze security vulnerability data to identify applicability and false positives
• Research and develop testing tools, techniques, and process improvements
• Hands on experience in Palo alto 5050, 5020
• Configuration HA in Palo alto 5050s through ASR9k with BVI solution
• Good working experience in profiling in Palo alto with IPS, AV, Web filtering, Application control
• Penetration testing with different tools for Trojan, worms, syn flood packet to make sure network security
Responsibilities and Work Details:
On Network platform: Planning, Analyzing, Designing, Development, Testing, Quality assurance, Installation, Configuration implementation, Integration, and Maintenance
Security Platform: Fortinet 60D|100D|800C|1500D|3700D|3040B, 1000D Analyzer, 300D Manager, 900D, 600C, Fortiwaf 400C
Cisco: ASA 5500s, IPS, WSA, ISE, Routers, Switch, Firesight, AMP
IPS: MCAFEE, Source Fire, Fire power, Palo alto, ISE, WSA
Proxy: Blue Coat Proxy- SG510s
• In-depth knowledge and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls such as Fortinet UTM.
• Designing implementation for the FortiWeb application firewall and configuration, fix the related issues.
• Making pools troubleshooting in F5 LTM and link controller
• Nodes and testing verification in F5 LTM for internet link controller
• Coordinated activities by change management, business continuation, vendor management and problem management for return to service and problem mitigation and assure 24/7 service availability.
• hands-on experience with firewalls and a comprehensive knowledge of IP networking and network security including Intrusion Detection, DMZ, encryption, IPSec, PKI, VPNs in Fortigate
• Design network for implement Security Firewall and AV, IPS
• Prepared the LLD and HLD for the client and give them excellent solution for their network and security.
• Implementation for 42 firewalls Fortigate for ADA project connectivity through VPN HUB and SPOKE.
• Deploy and configure Fortimanager 100D and Fortianalyzer 1000D for the management
• Migration ASA firewall into fortigate 1500D, 3500D
• Weekly backup and analyze reports from Fortianalyzer
• Making web filtering profiling from internet firewall Fortigate 1500D
• User based policy for Management in Fortigate 3700D
• IPS filtering from Fortigate 1500D
• Troubleshooting on daily basis
• Tuning policy from firewall analyzer ALGOSEC
• Migration Palo Alto firewall into fortigate 800C
• Implementation for Macfee IPS with SMS server configuration
• Planning design for DATA CENTER Firewall Fortigate 3500D
• Proxy configuration for end user in Fortigate internet firewall 1500D
• Enable authentication for OSPF routing protocol in fortigate firewall
• ISE implementation and design for endpoint security both wired and wireless users,
• AD authentication configures in Fortigate firewall through LDAP and SSO
• Migrating Proxy from bluecoat to fortigate appliance
• Handling threat analyzer from fortianalyzer and different tools
• Giving solution for the network update and for network management
• Working on the F5 GTM for mobily data center
• Managing 42 firewalls from Fortimanager
Project PMAH (Princess mohammad bin abdulaziz Hospital)
● Configure OSPF in two HP core and distribution switches A10500 combine three areas of OSPF.
● Implement and configure LACP on 48 access switches in all floors
● Configure IRF between all core, access and distribution switches for back connection
● Configure and implement MSM760 Access controller for access points and configure each AP in the controller and also in the ports of access switches.
● Configure SSIDs for the AP and broadcast them.
● Configure Fortinet firewall policy or SSIDs to allow the user connect with the network.
● Configure RF manager for sensors and Rouge AP( Access Points) and put the configuration also in the access switches ports.
● Configure VPN between hospital and MOH (Ministry of Health)
● Configure IPsec VPN for client users in FORTIGATE FIREWALL 3040B
● Configure VDOM (Virtual Domain) in the fortinet firewall for two different areas.
● Implement the PBX and put inside network with new subnet and vlan.
● Handling all security issues and troubleshoots with network team.
● Configure IPS Tipping Point to inspect and prevent the traffic which is coming from outside.
● Configure NAT/PAT from inside to out from cisco router with STC.
● Handling BLUE COAT PROXY SG adding rules and policies for the web filtering and bandwidth management.
● Handling F5 Big IP load balancer for servers and creating pools and group for the servers
● Configure Vlans for different areas and different servers
● Implement ASCOM server in the network for voice communication inside the hospital and configure ACL in the router to allow the calls which is coming from outside directly go to ASCOM deceives
● Work with sales team to develop opportunities with new and existing clients
● Lead technical sessions with clients to discover requirements and develop solutions
● Present solutions to clients
● Prepare technical write-up
● Make HLD (High level design) and LLD (low level design) for the projects
FSF (Ministry of Interior), Project
● Configure extreme switch (460 Series) and juniper router (J6350) in eastern area of Saudi Arabia (KSA)
● Configure vlans, interface of vlan and vlan tag in extreme switch
● Configure security zones, interfaces, BGP to remote site in juniper router
● Configure Zone in Juniper firewall to allow the traffic between extreme switch, firewall and to the remote side
Sabic, Project
● Implement Internet edge firewalls ASA5540
● Configure core switch vlans, routing on stick
● Configuration of Cisco firewalls at DMZ area
● Implement two data center firewalls ASA5585X
● Design and implement two data center Active/Standby firewalls ASA5585X with AIP-SSM IPS module. Isolating entire server farm on production from the network through the firewalls and securing more than 200 servers by closing all the unused ports and forwarding all the traffic to up to date IPS module.
● Prepared and approved Cisco ISE high level design from cisco to make the delivery of security appliances successful.
● Implementation of Cisco Identity service engine (NAC solution), configuring two ISE appliances as an HA pair
● Primary/Secondary, configuration of policies & guest network.
● Co-ordination with application department to distribute a standard criteria end user applications, windows and antivirus
● Distributing NAC Agent throughout 800 users, applied the posture policies on end users for Antivirus must be
● installed, antivirus up-to-date, standard windows 7 and guest management solution. Configure EBGP for remote site
Al-JAZEERA PAINTS, Project
● Providing Technical support (Routing, Security) to Enterprise network
● Troubleshoot OSPF Network.
● Configuring Cisco, HSRP, & STP.
● Troubleshoot wan related problems including OSPF, EIGRP, BGP and RIP routing and design.
● Configure and setup Cisco Firewall 5540s
● Configuring and installing client and server network software for upgrading and
● Maintaining network.
● Troubleshooting malfunctions of network hardware and software applications,
● Taking backup from the servers on daily basis.
● Good knowledge to troubleshoot Peachtree accounting software and ERP FOCUS
● Responsible for setting up user accounts, permissions and passwords.
● Assists with installing, supporting and maintaining new hardware and software.
● Troubleshoot computer, scanner & printers
● Troubleshoot Security cameras CCTV.
● Configure new polices in Firewall for the Security purpose.
● Providing Technical support (Routing, Security) to Enterprise network
● Troubleshoot OSPF Network.
● Configuring Cisco, HSRP, & STP.
● Troubleshoot wan related problems including OSPF, EIGRP, BGP and RIP routing and design.
Having bachelor degree of B.com from karachi univesity with B Grade
Succesfull done my school studies from pakistan international school of riyadh in 2007.
URL removed due to policy violation. Please contact support for further information.