Senior Network & Security Ops Engineer - AVP-M-II
HBL Bank Limited
Total years of experience :17 years, 11 Months
Investigating, diagnosing network problem and making recommendations for improving the company's network and carrying out routine configuration and implementation of network and security solutions. Support technical teams in 24 X 7 operations of 1700+ branches.
o Responsible for operations, configurations and troubleshooting day-by-day network and security related issues and connectivity issues in branches and in Campus infrastructure (LAN).
o Pro-active Monitoring and reporting on network & security performance by using NMS & analyzer.
o Managing Azure Network and Security UAT environment in accordance with bank’s IT security.
o Managing Fortigate Firewalls 1200D, FortiAnalyzer 200D for international branch segments.
o Responsible for managing SSL VPN (Global Protect Client) for remote workforce with 2FA and IPSec VPNs with Azure, AWS and Oracle Cloud.
o Managing Cisco ISE 2.4 to streamline security policy management integrated with RSA Secure ID.
o Managing Cisco ASA 5585, Cisco FTD, Firepower NGFW 9300 with Cisco Firepower Management Center-FMC 2600 as Data Center NGFWs.
o Managing Cisco StealthWatch for gaining network visibility and reporting purposes.
o Managing Palo Alto 5200 NGFWs with full features to align security with business policies.
o Working with TAC support of multi-vendor to identify & resolve technical issues regarding the hardware and license. Maintaining and managing all service contracts, maintenance contracts, SLAs and technical agreements with different international and local clients and service providers.
o Coordinates with other departments and lay out each expectation for delivering services.
o Implementing regulatory systems in accordance with Information security.
Working for Cisco and Fortinet Gold Partner to participate in new deployments as well as to provide support to the existing customers.
•Deployed and Configured Fortigate Firewalls 800C, 1000D, FortiAuthenticator 200D, Fortiweb (WAF) 400D, FortiAnalyzer 200D.
•Deployed and Configured Palo Alto 850, 3220 with Wildfire & Traps in High Availability.
•Deployed and Configured Cisco ASA 5540 in HA with AIP-SSM 40 IPS module with high availability.
•Deployed and configured Cisco NGFW FTD 2130 with Cisco Firepower Management Center.
•Deployed and configured Cisco ISE 2.4 in HA with RSA Secure ID integration for 2-Factor authentication in a leading banks in Pakistan.
•Working with TAC support of Fortinet, Palo Alto and Cisco to identify & resolve technical issues regarding the hardware and license.
•Planning, engineering, and monitoring the security arrangements for the protection of the clients network systems.
•Identifying, monitoring, and defining the requirements of the overall network security.
•Maintaining and managing all service contracts, maintenance contracts, SLAs and technical agreements with different international and local clients and service providers.
•Maintaining firewalls, virtual private networks, web protocols, and email security.
•Determining latest technologies and processes that improve the overall network security.
Designing and testing network plans to meet organizational needs.
•Managing more than 2000 nodes NWD. Analyze network security breaches and strengthen system against these breaches.
Network Revamp projects (Campus, LAN, WAN).
•Migration of 100 Branches from Static routing to OSPF routing protocol over MPLS network
•Campus network Resilience. Deployed Cisco VSS
•BGP Multi-homing deployment for internet connectivity.
•NMS Deployment. Modules include NPM and NTA.
•Palo Alto 5020 deployment as Data Center Firewall with HA
•Fortinet 800c & 300c deployment with HA.
•Cisco ASA 5540 deployment with HA
•DR (Disaster Recovery) site designing and deployment for branch connectivity and for real time replication of core applications.
•GETVPN deployment with DR to secure branch connectivity in 100+ branches all over Pakistan.
•Deployed DMVPN (hub-and-spoke, spoke-to-spoke topologies) using OSPF routing protocol for 300 + branches.
Investigating, diagnosing network problem and writing HLD and LLD documents, making recommendations for improving the company's network and carrying out routine configuration and implementation of network solutions.
•Responsible for installation, Configuring and troubleshooting day-by-day network related issues and connectivity issues in branches and in Campus infrastructure (LAN).
•LAN, WAN and CAN monitoring of KASB Bank Infrastructure by using Solorwinds NMS.
•Management and administration of Cisco UCM 8.5 and Cisco Unified IP Phones 7821, 7911, 7912
•Responsible for managing the DR site at IBM Datacenter for 24/7 business continuity and availability of ADC channels.
•Responsible for managing IPSec VPN (site-to-site) from different customers and vendors like 1-link, Express money, Tameer bank, Bill Select, SMS AKNMTech, UAEXchange
•New branch commissioning in terms of network (WAN) and maintaining IP schemes.
•Deployed GETVPN (next-generation WAN VPN solution) technology to secure private WAN connections and to encrypt data over MPLS network.
•Currently involved in revamping WAN infrastructure of 120 branches.
•Revamping branches and core sites from static routing to OSPF and EIGRP routing protocols.
•Coordinating with PTCL regarding MPLS FIBER, MPLS DXX and E-1 connectivity problems and other bandwidth related issues to ensure minimum down time and reduce service delay.
•Configured Cisco 6509-E as a Core Switch for Inter-Vlan routing for Campus LAN.
•Configured 48 ports Cisco 3560 as distribution switch for floors aggregation and OSPF is used on this segment for layer 3 connectivity.
•Configured 48 ports Cisco 3560 as distribution switch for Servers aggregation
•Configured 48 ports Cisco 3560 as distribution switch for DMZ
•Configured FWSM in the routed mode running with single firewall context.
•Assigned VLANs to FWSM, session/log into FWSM, setting security levels for each VLAN and configured extended ACL
•Designed and implemented BGP Routing protocol with three different service providers to provide link redundancy.
•Configured route maps using AS path pre-pending attribute for multiple public ip pools to be advertised to each service provider.
•Designed and configured Cisco 3845 Router using MPLS and OSFP Routing Protocol for 120 branches connectivity.
•Maintaining and managing all service contracts, maintenance contracts, SLAs and technical agreements with different international and local vendors and service providers.
Korangi Industrial Area, Karachi Pakistan
•Maintenance of all hardware and appurtenances
•Maintenance of LAN networks.
•Taking daily backup of database
•Run anti-virus software and ensure systems are free of viruses
•Keep inventory of all hardware equipment and appurtenances
•Troubleshooting of problems arising
•Assist users in any problems they face with the software / hardware
•Train users how to use the in-house software
•Finance (accounting, payroll etc.)
•Sales ordering and invoicing software
•Machinery stocktaking
•Poultry management
Organization
Working with Call Centre's computers, printers, PABX system and other appurtenances
•Ensuring all equipment is fully functional and backup service is available in the event of a system break down
•so that call centre agent on the phone can give prompt and complete information to the caller
•Providing full PC support, software / hardware requirements as needed
•responding to assigned work orders
•Identifying problems, troubleshooting, providing advice, resolving problems
•Providing professional service within the parameters specified
Organization
Technical Certifications& Trainings Year Discipline Narration Institute
Technical Certifications& Trainings Year Discipline Narration Institute
Technical Certifications& Trainings Year Discipline Narration Institute
Discipline
Discipline