Senior IT Infrastructure/Security Engineer
Globe Marine
Total years of experience :26 years, 1 Months
Significant Highlights:
Managing IT Infrastructure/security at Globe Marine.
Establish Network Edge level security by using Cisco Firewalls (FTD 4150) along with Cisco FMC 2500 for centralized management of appliances and seamless deployment of policies across all firewalls, also protection of DMZ resources (all public facing servers) are being handled by FTD.
Managing ASA 5520-x in clustered mode for Remote access VPN, Site to Site VPN (working as backup link) and its integration with MS NAP server for centralized authentication and authorization.
Implementing and managing PALO ALTO NGFW (3020) firewall with multilink feature for serving the internet access for critical business user for the remote sites.
Deployment of Cisco ISE as NAC (Network Admission control) solution for both wireless and wired clients by using MAB and dot1x authentication & authorization, which ensures the restricted access for unauthorized users and guest access.
Implementation of Blue coat technologies (SG, AV) as caching and acceleration engines along with web protection for entire group while TMG for small sites; also using the CYBEROAM for guest and auditors access.
For managing the inside network security, implementation of HP 4500 with cluster along with Aruba 2920 for all sites across the group, while HP IMC is being deployed for proactive monitoring.
Performing the Vulnerability assessment and PENTEST by using Nexpose for public facing resources and inside network IT resources for making sure its compliance with IT requirement.
Performing the PENTEST (Penetration testing) by using the metasploit for checking that existing vulnerabilities can be exploited.
Implementation of internet security by using Cyberoam along with load balancing configuration among major ISP.
Managing and implementation of MS 2012 Hyper-V virtualization platform for various applications along with enabling various features for high availability and fault tolerance
Managing Active Directory 2012 infrastructure with single forest, single domain, and multiple sites across the group.
Managing MS Exchange 2016 as messaging platform for entire group with geographically dispersed DAG for DR scenario.
Implementation of Cisco ESA C370 cluster in DMZ as email gateway and anti-spamming solution for MS Exchange 2016 with KEMP LM 3000 as hardware load balancer for MAPI over HTTP clients.
Managing and implementing Microsoft Office 365 (cloud Exchange online) for ordinary users along with online archiving, online protections and DLP features.
Proactive monitoring of MS Exchange 2016 by using SCOM 2012 for generating email/SMS alerts for critical events.
Implementation of MS SFB (Skype for Business) as primary unified communication for the group covering many features like (IM, VC, PSTN calls, External access, push notification, Lync meeting, outlook voice access, and integration with Avaya aura
Deployment of ManageEngine AD Manager Plus and Exchange Reporter Plus as a primary monitoring and reporting tools, covering core AD 2012 R2 along with MS Exchange 2012 cluster.
Managing Datacenters facilities by using cooling systems (Airedale), kiddle fire alarm & water detection systems, FM 200 fire suppression systems, ATS for automatic switchover between UPS and generator.
Deploy and implement AVAYA Aura for various sites as IP Telephony solutions for the entire group by using its various applications like Sessions manager, communication manager, system manager, conferencing server etc.
Implementation of ManageEngine Service Desk Plus for managing process like change management, problem management, incident management, IT Service catalog, SLA, customized reports etc.
Working as internal IT Security auditor, while responsible for formulating IT policies/procedures, Risk Assessment matrix, giving recommendations for IT security technologies suitable for IT infrastructure.
Handling entire IT Infrastructure/security at Altuwairqi Holding.
Responsible for managing the overall IT security across the group targeting both network, systems and end user nodes.
Managing ASA 5525 in clustered mode for Remote access VPN, Site to Site VPN and its integration with MS NAP server for centralized authentication and authorization.
For maintaining maximum security implementation of 2 Factor authentication for OWA and IPsec VPN clients by using SMSPasscode technology.
For managing the inside network security, implementation of Cisco 6507 with VSS along with FWSM (Firewall switch module) and IDM (Intrusion detection module), in order to make sure critical IT servers can be accessed only by legitimate IT resources.
Establish email security by implementing Cisco Email Gateways (ESA-C370) in pair for maximum protection of email contents by implementing features like SPF, DLP, GTI, and AMP etc.
Implementation of internet security by using Cisco WSA-S170 with features like AVC, DLP and AMP etc.
Implementation of MBSA for scanning and vulnerability assessment for IT servers along with MS Forefront malware protection for maximizing the security.
Managing HP 3 PAR (7400, 7200) along with HP blade (B460, C7000 chassis) as primary hardware platform for mission critical applications like (SAP, Exchange 2010, Lync 2010, SQL 2008 etc.)
Managing and implementation of VMware ESXi 5.5 hypervisor as a base virtualization platform for various applications along with enabling various features like Vmotion, HA, FT, DRS, SVmotion etc.
Managing Active Directory 2012 infrastructure with single forest, single domain, and multiple sites across the group.
Performing the MS RAP (Risk Assessment Program) for AD, Exchange, and SQL in order to make sure these technologies are free from vulnerabilities and having up-to-date security.
Managing MS Exchange 2016 as messaging platform for entire group with geographically dispersed DAG for DR scenario.
Implementation of Cisco ESA C370 cluster in DMZ as email gateway and anti-spamming solution for MS Exchange 2016 with KEMP LM 3000 as hardware load balancer for MAPI over HTTP clients.
Proactive monitoring of MS Exchange 2010/2016 by using SCOM 2012 for generating email/SMS alerts for critical events.
Implementation of MS SFB (Skype for Business) as primary unified communication for the group covering many features like (IM, VC, PSTN calls, External access, push notification, Lync meeting, outlook voice access, and integration with Avaya aura.
For system side monitoring implementation of SCOM 2012 in a clustered environment and its integration with OZEKI SMS gateway for SMS notification for proactive monitoring while for network links monitoring solar winds NPM with various modules like (netflow traffic analyzer, network configuration manger and UDT), also using solar winds ELM as SIEM solution for all network security devices.
Implementation of Blue coat technologies (SG, AV) as caching and acceleration engines along with web protection for entire group while TMG for small sites; also using the CYBEROAM for guest and auditors access.
Implementation of companywide Polycom based VC solution by using HDX7000 encoders along with RMX1500 MCU and its integration with MS Lync 2010.
For physical security implementation of Access control system by using GE Facility commander along with biometrics devices in the form of 4G V-station, 4G V-Flex.
Implementation of Cisco Wireless controller 5508 along with aironet 1260 access points for maintaining the single SSID across the group
Work as internal IT auditor for doing IT security audits with external auditors.
Making RFP, analyzing the vendor proposals for various projects & coordinate with them on all stages of project implementation like (initiation, planning, executing, monitoring, closing) along with implementation of MS Project server for task assignment and approval system.
Working as a senior network administrator for campus wide network covering 30 servers, 1500 nodes, 2 sites LAN/WAN environment. Maintenance, support and technical troubleshooting of Active Directory, Windows 2003 server, Exchange 2000/2003 server, Cisco LAN/WAN.
Administration of Active Directory, i.e. Implement Group Policy, administer User accounts, exchange attributes.
Configured & troubleshoot Cisco router 2800, switches cisco 2600, installation of Antivirus and Firewall Trend Micro Scan. System updating, OS Patch installation.
Designed and implemented the PIX & IOS Firewall at LUMS with features like CBAC, audit-trail, N2H2 server for web-filtering. VPN using IPsec with ESP & AH, crypto map. DOS attack is another issue faced by Networks so in order to eliminate the features like frag-guard, SYN flood-guard and reverse-path forwarding were enabled on PIX.
For email archiving implementation of “Enterprise Vault” for Exchange 2003 resulting in offloading the Exchange server database and reducing the backup/restore time, while PST migration feature enable the outlook users free from handling the PST files locally, henceforth they can access all of their emails from OWA.
Designed and configured the ISA server at LUMS in an array environment with the features like distributed caching, access-policies, content filtering, Secure Nat clients, Firewall services, gateway to gateway VPN, H.323 protocols, transparent proxy and various bandwidth control mechanism.
Network Analyzing, Network health check.
System related issues, Server and Security related issues, logging calls, resolving calls.
Liaised with internal & external agencies during the phase of planning, designing and implementing new projects.
Work with various vendors for timely response in line with business SLAs.
Learn new and emerging technologies as required.
Significant Highlights:
Responsibilities include to manage the network of 300 nodes consisting of Windows NT 4.0 along with Cisco network.
Installation and configuration of windows server 2000, Active directory, exchange server 5.5, exchange 2000 among all branches of company by using DRAS connector over NAT.
Implementation of SQUID, BIND, APACHE and Send mail on Red hat Linux 7.2.
Creating user accounts, implementing user policies as per requirement,
Assist in resolution of hardware, software and system issues
Conduct end user training for technology awareness.
Network management, Server policies implementation.
Analyze performance of the system and ensure the performance objective and availability of the requirements
Managing Firewall Security.