Network Security Engineer
Ministry Of Health and Prevention - UAE
Total years of experience :13 years, 7 Months
• Implementing bi-directional Security policies for WAN and Internet layers.
• Responsible for provisioning network devices.
• Responsible for providing MPLS connectivity with UAE hospitals to access DC hosted applications.
• Responsible for implementing new MPLS connection and establish connectivity between DC to Spokes.
• Responsible for implementing secured IGP config for DC communcation.
• Responsible for configuring new VS and applying ASM policies for publishing web services.
• Monitoring attack signatures, security events and provide detailed report to IT operation Head to update security policy.
• Interface with business to resolve network security Policy issues in both Core and perimeter.
• Creating and managing VPC consistency throughout data center.
• Managing all access policies are inspected by recommended intrusion policy.
• Responsible to check sandboxing event at DMZ layer and update in process.
• Daily responsibility to check the health environment of all network devices..
• Implemented ERSPAN for FortiDB.
• Integrated CISCO ISE with AD and provided two factor SSL VPN authentication.
• Hands on work experience in creation in SVI interface, VSS, VPC and security intrusion policies.
• Network change management - Based upon the business requirement, creating/amending internal network routing policy in PaloAlto, Perimeter firewall - CISCO FTD.
• Creating F5 security profiles with separate route domains for Secured NAT between the external network and DMZ server farm (WAF).
• Categorizing network traffic and event logs, and amend the security policy with CR.
• Providing weekly report on Incident and TT to IT management.
• Performs verifications on incoming certificate requests to ensure they were in compliance with baseline requirements for SSL certificates.
• Responsible for creation, review, and update of current security policies, process, and procedures in PaloAlto, F5 and Fortinet 1500D.
• Daily responsibility to check the health environment of all network devices including 75 branches.
• Scheduling periodic network packet capture to assure all vulnerable signatures blocked at network layer.
• Experience in creation of Site-to-Site VPN with well-defined security policies as per business requirements.
• Review and modify access control lists (ACLs) on CISCO Switches, network core firewall, switching and routing equipment as needed to maintain security standards
• Network change management - Based upon the business requirement, creating/amending internal network routing policy in PaloAlto, Perimeter firewall - Fortinet.
• Responsible for the support, installation, maintenance of: CISCO Switches and Routers, Fortinet 1500D at Hub & 310B box at multiple Spokes with HA, Palo Alto L3 technology, F5 - Reverse proxy and LTM, ASM.
• Periodic reviews on WSA access logs and actively implement malware protection to ensure secured browsing for business.
• Troubleshoot and diagnose all network systems to identify and correct malfunctions and other operational difficulties.
• Implements and maintains policies and procedures for network administration, usage, and disaster recovery, documentation.
• Predict future Out Comes and Proactive Maintenance of Network devices.
• Performing Preventive Maintenance for multiple network devices at Client location.
• Conducting ISO 20001 IT audit in process for every Six Months for improvement activities.
• Monitoring all Cisco equipment’s using OP Manager.
• Implements data and network security through firewalls and DMVPN (IPSec).
• Handles and manages daily requests from other business and technical units on routine activities related to the network infrastructure.
• Highly Experienced in High Availability protocols - VSS Catalyst 6500 Switches and Gateway Load balancing Protocols.
• Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP.
• Configure intranet VPN solution using Cisco 2621 and IPsec Tunneling and Router to Router VPN.
• Change Management - Settings up networking devices co-coordinating with IT team on Implementation.
• Developed and maintained access control, security and back up procedures and programs for business applications and file Share Servers.
• Providing “on call” and “off hour” resources and support to Business areas and user groups.
• Monitoring all Cisco equipment’s using OP Manager.
• Monitors and tests network performance and provides network performance statistics and reports.
• Implements and maintains policies and procedures for network administration, usage, and disaster recovery.
• Investigates and installs enhancements and develops operating procedures that enhance network availability.
• Handling of Daily incident, Service Requests and Activities
• Network File Share storage management.
• Trouble Shooting Knowledge in IGP Protocol (OSPF) and ensuring Proper IP Packet Encapsulation at CE Router (MPLS).
• Configure routing using OSPF and policy routing using route maps.
• Providing “on call” and “off hour” resources and support to Business areas and user groups.
• Implementing traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
• Building and maintaining Visio documentations for Clients.
• Troubleshooting problems in regards to: all the server range, SAN boxes, tape backup units, switches, KVM.
• Troubleshooting and solving networking issues - TCP/IP, DNS, DHCP, Layer 2/3 network devices.
Academic Project: 1. Inter college project: office robot (carried out in institute): It is based on micro controller 89c52.Any body comes inside the room it sense and intimate to the manager that someone comes in the office, same time it will further tell to visitors that please be seated. If the manager presses the key to the robotics then the robotics will announce to the visitors to go inside the room. If the manager presses the key to the robotics not to send visitor inside the room, then the robotics will announce to the visitors to wait for some time. RF transmitter and receiver are used for conversation in between the manager and robotics. The IR transmitter and receiver is used to detect the visitor from the entrance suitable for office reception. It can intimate manager until 5feet. Electromagnetic relay is used for switching the audio. Easy programming, the project is very small in size & Efficient in working. 2. Science project: Health monitoring via zigbee in smart homes (carried out in NAL): We present a framework for a wireless health monitoring system using wireless networks such as ZigBee. Vital signals are collected and processed using a 3-tiered architecture. The first stage is the mobile device carried on the body that runs a number of wired and wireless probes. This device is also designed to perform some basic processing such as the heart rate and fatal failure detection. At the second stage, further processing is performed by a local server using the raw data transmitted by the mobile device continuously. The raw data is also stored at this server. The processed data as well as the analysis results are then transmitted to the service provider center for diagnostic reviews as well as storage.
Secured first prize in Programming on FPGA kit to communicate with other Host machine Using Zigbee protocols . ( IEEE Certified. )