Network Security Engineer
Taif University
Total des années d'expérience :12 years, 8 Mois
*Working on TU-Network Security Infrastructure like: Palo Alto-5050 Firewall, Juniper Firewall ISG-2000, SRX-3400 MAG-VPN-6611, Bluecoat-Proxy-9000 Appliance, Fire-Eye NX-7400, Proof-Point Appliance, Trend Micro solution like: Office Scan Server
*Configuring Policies in Internal Firewall, Allowing IP-subnets of Multiple VLANs of TU-Campus or Specific IP’s and Application ports from Local LAN to DMZ-Zone in both direction like Trust-Untrust or Untrust-Trust
*Configuring Policies in External Firewall, Allowing Static IP’s of those servers or Clients Machine which are published through Public IP from Trust-To-Untrust or Untrust-To-Trust with Specific Applications
*Configuring NAT Static or Dynamic to translate traffic from Private to Public Network
*Managing & Configuring High Availability between Internal & External Firewall using Active/Stand by Failover policy
*Troubleshooting the policies of Firewall based on issue arrived in TU-Network
*Managing Bluecoat Proxy Appliance for TU-Domain Users to Filter Internet Browsing & public URLS to block malware and malicious threats and control access to Web application contents
*Managing & Configuring HA(Highly Availability)in Bluecoat-Appliance
*Managing SSL-VPN Appliance for secure remote access to TU-Network over Internet, Assigned limited permissions to specific TU Key users as per policy
*Managing & Configuring PA-5050 Global Protect VPN Users
*Managing Fire-Eye Appliance to block Web exploits and outbound multi-protocol callbacks. Network confirms zero-day attacks, creates real-time threat intelligence, and captures dynamic callback destinations
*Managing Proof-Point Appliance for E-mail Gateway security Inbound & Outbound traffic of MS-Exchange Server
*Managing Office Scan for Scanning Virus, Malwares and threats of TU-Domain Client & Servers Machine Like: HP-Blade & V-Block Hosts
*Managing All Security Appliance Configurations Backup before performing any Upgrade & updates
*Managing All Network Security Infrastructure with latest patches of Operating System
*Making Network Single Line Design & Network Diagram by using Microsoft-Visio Application
*Making Documentation of TU-Security Infrastructure & Follow the TU-Policies for Coming projects
*Co-Ordinate with System Admin, Network Admin & Management to solve the Security related issues in network and Configuring new policies or enhancing exiting policies in Network Security Domain.
*Gone through the Projects in FutureTech like : Jeddah Technical Vocational Telecommunication College/DARA Abdul Aziz Muraba, Al-Bustan and NITI Saudi Aramco.
*Implementation of Cisco Access layer Switches 2960s, Distribution Layer switches 3750x &Core-Layer switches like: E6500 and E4500 services
*Configuration of Switches like Making VLAN, VTP Modes & Inter- VLAN Routing
*Configuring security on Cisco IOS based devices like Routers & Switches
*Configuring Layer 2 security (BPDU Guard, Root Guard & spanning-tree Portfast)
*Accessing the Router & ASA Firewall by using SSH, & HTTPS (SDM, ASDM)
*Implementing IOS based IPSec site to site vpn and Remote access vpn
*Implementing ASA firewall like 5505, 5510, 5520, 5540 and 5515X series
*Creating the policies in Firewalls by using NAT, ACL, Static routes & Default routes
*Configuring and managing statefull Failover like Active/Standby and Active/Active Failover
*Inspecting the traffic by using MPF for certain TCP protocol handling like application layer protocols http, https, FTP, DNS, SMTP by using MPF
*Configuration of IPSec site to site vpn on ASA Firewall
*Configuration of Cisco Wireless Access point like 2600 series & 3600 series
*Making Single Line Design for Client Networks in Microsoft Visio-2013
*Making Documentation of Configuration to hand over the projects to Clients
The main Responsibilities including of LAN&WAN Support for Mobily and Bank Alinma on IP/MPLS Project
* Implementation of Cisco Routers like 3900, 3800, 2800&1800
series in Bank Alima DC
*Configuration of Routing protocols like RIP, EIGRP and OSPF
*mplementation of Cisco Switches like 3750 PoE, 3400, 2950 & 2960S Series
*Configuration of Switches VLAN, VTP modes & Inter-VLANRouting
*Providing Site support to Mobily DC Core-Routers MX-480, MX-240
*Installing Juniper Router Engine & SFP modules on chassis MX-480, MX-240
*Implementation & Configuration of Aruba WiFi Access points
*Making Configuration Backup file of Routers & Switches by using Secure Crt Application & TFTP Server
*Giving technical Support to Mobily Customers:
(ABHA, KHAMIS, NAJRAN & JIZAAN)
*Troubleshooting all Sites issues by contacting Mobily & Bank Alinma NOC