Sr. Network & Security Specialist
Commercial Bank International (CBI)
مجموع سنوات الخبرة :12 years, 11 أشهر
Responsible for design, build, implement, maintain and troubleshoot complex enterprise networking infrastructures. Design, review, implement and support of the core network (Spanning tree, re-design, Trunking, VLANs). Migration and re-design from EIGRP and RIPv2 routing protocols to an OSPF multiple area network design. Interconnect through BGP network design for existing Internet and External Partners. Design, review and 3rd level support for both LAN (Gigabit Ethernet) and WAN mainly consisting of MPLS, Leased Line, Frame-Relay and ATM circuits including complex technologies such as Cisco’s CSS.
Fault finding using latest sniffers such as Ethereal and Packetyzer. Wireshark, tcpdump to locate application specific network problems. Managing Support and Trouble-shooting multiple network objects, services, service groups, NAT translation rules, firewall rules. Design, review, maintain and project rollout of new Kiosks and ATMs for the Bank, connectivity through IPSec VPN over Internet. Performance management for the entire network.
Responsible for the overall Network Security. Maintain and manage border security including Intrusion Prevention and Detection Systems (IPS/IDS), Cisco ASA Firewalls, NGFirewalls, Border Routers, Cisco ACS Servers, SSL VPNs and DMZs. Design, install, configure, manage, and trouble-shoot various Firewalls. Design, review, support, implement and troubleshoot of complex Security networks. Responsible for security event monitoring, management, response and reporting. System administration, management and integration of standard and non-standard log management, event management, event correlation, and threat detection from SIEM, NIPS, HIPS, WAF, Antivirus. Regular assessment of anti-viruses, firewalls, SSL, VPN, and other network components.
Responsible for discovering vulnerabilities and risks in networks, software systems and data centers with ongoing vulnerability scans, monitoring network data, and ensuring hardware and software applications are updated. Regular assessment, incident identification, quantification, mitigation, prioritize threats and risks and monitoring 24x7. Vulnerability reporting for Management. Responsible for designing, implementing, and maintaining IAM, PAM technologies to ensure audit and privacy compliance, driving automation wherever possible. Conduct Network and Security Audits with relevant teams. Plan and coordinate vulnerability assessments and penetration tests (VA) of applications and infrastructures in order to tighten up network security from internal and external threats utilizing toolsets: IPScanner, NMAP, Nessus, Nmap, OWASP, ISS Internet Scanner, Cisco Security Scanner, Linux Live Security CDs such as The Auditor, BackTrack and others.
Design, review and implement all and any Information Security Policies, Standards and Architectural principles. Design, review, implement and maintain of all and any Policies and Procedures aligned to ISO27000 standard with IS Team. Network and Security Asset Management. Review and maintain all and any firmware, patches and Cisco IOS software. Design, review and development of all and any high level and detailed design project documentation for the entire Network, Security, Infrastructure, Data Center, Disaster Recovery \[DR\]. Deployment of primary and secondary appliances for load balancing and high availability. Maintenance and configuration with RSA Authentication Manager v.7.1. Maintenance and Deployment of 17, 000 tokens for end users. Responsible for migration of RSA Authentication Manager from v7.1 to v8.1.
Overall support of the IT department. Sub-netting and IP addressing, spanning tree, re-design, Trunking, VLANs - configuring Cisco Routers, HP Switches, Cisco PIX/ASA & Juniper Firewalls. Design, Maintain, Support and Troubleshooting of the Data Center, Core Network - LAN & WAN.
3rd. level support for the entire network. Managing and trouble-shooting multiple network objects, services, service groups, NAT translation rules, firewall rules. Setup from scratch, Configuration and maintenance of Linux HTTP proxies for internet access using Squid (with traffic shaping, access control lists, cache peers), HTTP servers with high availability and network statistic/monitoring system.
Daily tasks icluded: Maintenance on network components, troubleshooting, user support, call and trouble ticket - Service Desk management as well as on-site field engineer tasks. Build up a centralized management for all networking components involved.
Development of reports for the senior management and performance management.
Design, Administer, Maintain & 2nd/3rd Level of Support of the Core Network, containing Foundry Switches (FX Series), Foundry/Juniper Routers (RX Series/J Series), Network Load Balancer and Cisco/Juniper Firewalls (PIX/ASA/NetScreen). Responsible of re-design of the current Core Network (i.e from a single Flat Network to VLAN(s) and/or Network Segmentation to reduce Broadcast on the Network) both at Corporate office and Group Operations Office.
Successfully upgraded the current Network from L2 ATM to a fully operational L2/L3 MPLS Design, to better manage and monitor performance of the MPLS Link to other Business Subsidiaries (SBUs) and Service Oriented Unit (SSUs). Extensive role also included re-configuring of current existing Network Devices and/or New Network Devices installed.
Responsible for the overall network security including Intrusion Detection Systems (IDS) - IBM ISS Proventia Series/Tipping Point, BlueCoat and Perimeter Firewall(s) (Cisco PIX/ASA), Juniper (NetScreen Series) & Internet Gateways (BlueCoat).
Designed, manage and maintain Policies for User/Site Access, of which Policies include User Policies, Department Policies Right Management, Sites Policies for SBU and SSU. Performing internal and external security audits and penetration tests on entire Core and Remote networks; in order to ensure network security utilizing the various toolsets. i.e. IPScanner, NMAP, ISS Internet Scanner, LANGuard, Ettercap, Etherape.
Other responsibilities included Meeting tight deadlines and taking proactive measures in order to guarantee optimal network performance according to World Class ITIL Standards.
Ensure optimum delivery of services and operation of all Network systems and Data Center (both Group, SBUs and SSUs. Other tasks included attending daily and Monthly IT group meetings, liaising and providing assistance to other internal groups within the company including systems operations, Desktop Support.
Design, implementation and support of the core network (Spanning tree, Trunking, VLAN setup). 2nd/3rd Level support for both LAN (Gigabit Ethernet) and WAN mainly consisting of MPLS and ATM circuits. Fault finding by means of sniffers such as Ethereal and Packetyzer.
Responsible for the overall network security including Intrusion Detection Systems (IDS), Cisco PIX/ASA Firewalls, Cisco MARS, Cisco Anomaly Guard, Cisco ACS and VPNs. Building a Cisco based IDS solution from nothing. Migrating of entire network objects, services, service groups, NAT translation rules, firewall rules etc. to the CSM and Fine tuning the CSM. 2nd/3rd Level support and performance management for the entire network. Design, implementation and rollout of special WLAN hotspot solutions. Securing Wireless LAN with WPA (Wifi Protected Access) and AES.
Internal security audits and penetration tests on entire network in order to tighten up network security utilizing the following toolsets: IPScanner, NMAP, ISS Internet Scanner, LANGuard, Cisco Security Scanner, N-Stealth Scanner, Ettercap, Etherape and Linux Live Security CDs such as "The Auditor", and others.
Responsible for managing and maintaining Corporate offices (TATWEER) and 15+ Remote Sites IT Network infrastructure. Meeting tight deadlines and taking proactive measures in order to guarantee optimal network performance. Time critical network support and troubleshooting under pressure.
Ensure optimum delivery of services and operation of all Network systems and Data Center (both Central and remote sites). Other tasks included attending daily IT group meetings, liaising and providing assistance to other internal groups within the company including systems operations, Desktop Support. Also assisted in the deployment of Exchange 2007 Cluster, SQL Cluster, SMS, NetApp, BlackBerry and served as an administrator for Windows 2003 AD & Exchange 2007, BlackBerry Enterprise (BES).
Maintenance & support of various Microsoft technologies such as the Windows 2000/2003 operating system, File & Print services, SQL 2003, Active Directory, IIS.
Maintain network security for all systems, including firewalls, data integrity, backup and virus protection. Achieved 99.9% uptime through redundant systems and off-hour maintenance.
Direct all technology developments within company, to stay abreast of emerging trends for cutting edge advantage and/or reduction in operational costs. Develop (and/or acquire) applications, tools, and recommend to automate and streamline existing IT processes leading to improving network efficiency. Provided extensive assistance to Network specialist in order to maintain timely response. Supervise and coordinate with vendors for the timely and orderly execution of the work requested.
Attend to and log Help Desk support calls in a timely manner in order to maintain smooth IT operation in DDIA and the Subsidiaries; DHCC, SME, Dubailand & Global Village. Monitor and track IT Hardware/ Software assets in DDIA and its Subsidiaries in order to maintain proper IT resources usage. Conduct user trainings, and develop help materials in order to increase user awareness and productivity.
Managing, Administration and Maintenance of the company’s network infrastructure, running over Microsoft Windows 2000 Server. Managing Dubai head office IT operations and providing technical support to workstations at its sister offices in Abu Dhabi, Tehran and Toronto, via. Internet, e-mail & phone.
Managed, supervised and implemented the migration of the company’s ASP Service, which included Data, Mails and application services. Responsible for developing, managing & updating material on the companies website. Also, developed, maintained & updated Toronto’s office website.
Performing daily and weekly back-ups for disaster recovery plans, maintain server-based security implemented using Microsoft’s ISA 2000 Server, virus-protection using McAfee’s ePolicy Orchestrator and ensuring systems running and provide application services.
Also, responsible for Management and Training of Users on DocuShare “Document Management Portal” and trained users on new applications, updating users on-use of ASP Services, e-mails.
Responsible for managing the yearly allocated budget for IT expenditure, on updating computer and network appliances for the company.
Successfully graduated with high grade
Successfully graduated in 1995
Final exam grade: Good