Senior Systems Engineer
Qatar Petroleum
Total des années d'expérience :22 years, 6 Mois
Infrastructure Security
Infrastructure security operations and handling major projects and initiatives in Cyber Security, and DR Automation.
Design and implementation of secured Wireless and Wired access network with identity-based authentication and internal PKI certificate integration. Flexible and secure Guest, BYOD and MDM access through the wireless network.
Worked on contracts for security solutions like DDOS, Network Sandboxing from tendering till awarding.
The rollout of Wired access switches (900+) with complete control and seamless operations with dot1x authentication, mab authentication with restrictions for endpoints more than 18000. Scripts developed for auditing of SWs for ISE enforcement.
Arbor denial of service protection (DDOS) implementation on-premise and cloud as mitigation with signaling. Out of band cloud setup and auto mitigation and recovery. A new contract with ISPs setup from the same country.
Security Analytics monitoring with RSA, VSS, and integration of all security infrastructure with LogRhythm SIEM.
DR automation with overlay transport VLAN, F5 GTM, and LTM.
F5 upgrade to Viprion host with multiple guests serving external and internal hosting with DR availability automated.
Web application firewall implementation for all hosted applications with AV scan/APM layer and multi-factor authentication.
Integration of cloud services authentication with f5 IDP SAML services and SP Connector.
Multi-tenant Cisco ISE set up to accommodate all tenants with complete virtual segregation.
Safenet multi-factor authentication setup for all critical systems login and for all internet services.
Riverbed steelhead server and client setup for remote access optimization especially for work from the home requirement.
Coordinating for effective SIEM solution by correlation rules and fine-tuning to address critical alarm avoiding false positives.
Currently on going POC for PAM, IAM, Cisco Umbrella, and designing and deployment for IPv6.
Evaluation of Cisco software-defined Access (SDA) integration with ISE, VMWare NSX-T technology micro-segmentation (east-west firewall) based on characteristics of servers for easy management.
Information and Network Security Operations
Managing the IT & network security operations team and information and network security infrastructure of entire Mashreqbank globally consisting of 6000+ endpoints, 12+ internal firewalls, 15+ perimeter boundaries with intrusion prevention, malware & APT protection, web and email security systems.
Secure design of systems and procedures that ensure the effective connectivity for LAN, WAN that serve the business needs.
Implement security practice that best fits different business needs. Use our expertise in IT security and product engineering coupled with the most comprehensive range of security solutions boost our business momentum.
Review, design, implement and upgrade the network security systems, policies, processes, procedures, architectural changes, and projects. Review of any changes in Information technology as part of the change board, asses the risk and impact of the change in order to approve or not.
Managing application security/PCI compliance practices have extensively interacted with clients (management and technical) and managed vendor and client relationships.
Assist projects with the required deliverables and ensure that these are fit for purpose. Sign off on these deliverables. Work with the project teams to validate that security requirements are met.
Reviewing project solutions from a security perspective, identifying discrepancies between solutions and Mandatory Policies and Standards and recommending and prioritizing remedies to meet the Company’s Mandatory Policies and Standards. Tracking identified high-security issues and project team’s remediation.
Conduct the assessment activities while introducing a new Company office or asset (temporary or permanent), introducing new application or service, giving a third-party access to Company premises, Company System or other information processing systems, using a third-party to store or process Company Data, including technical/operational assessments of the third party’s proposed technical measures for the purposes of the Data Protection Directive, making significant upgrades to an existing application, conducting an internal or third-party software application development activities.
Reviewing current standards & policies on an annual basis and providing recommendations for updates. Review and analyze the requests to determine the level of risk associated with each request and any implications on existing firewall rules. Publishing updated standards & policies and notification of updates.
Decision making for major security and network projects with proper POC and negotiation with vendors which played a significant role in a total reduction of OPEX.
Implemented network segregation for administrative access to the critical production systems and introduced the monitoring of privileged access usage to mitigate the risks from the latest security threats like APT.
Information security user awareness training/programs, policy & baseline preparation, testing, and enforcement.
Configuration, administration, and monitoring of all end to end security devices which are mentioned in ‘Technical Skills Set’ from perimeter till endpoints.
Streamlined the IT audit issue tracking process which brought the outstanding IT audit issues to zero.
Upgrade of core datacentre firewalls from 5 multi-context architecture FWSM modules on Cisco catalyst to ASA 3385 SP40 systems with Nexus 9K backbone with minimal downtime of services.
Migration of Cisco ACE to F5 7K Viprion boxes with multiple virtual machines with proper load balancing.
Deployment of malware protection and APT protection including Fireeye, email cloud security URL & Attachment defense.
Cisco ISE deployment replacing the SNMP based Cisco NAC deployed in 2008. Both of these are one of the biggest deployments of cisco NAC in UAE consisting of 11 countries, 72 offices, 180 switches, and 9000 ports.
Enterprise monitoring and alerting solutions including ArcSight, Guardium, PRTG.
User-friendly remote access solution without any security compromises for users from multiple locations using Juniper SSL VPN, Citrix MDM, Nokia NSA, Checkpoint SecureRemote.
Design of security compliance dashboard for Senior management reporting, a completely integrated dashboard was developed which logs, alerts, and reports about all security-related strategies and device status.
Building security infrastructure in DR Datacentre and disaster recovery and BCP drills of network & security infrastructure by shifting all the services to the DR site with proper controls and testing.
Perimeter firewalls and IPS upgrade 2 times with hardware/software replacement including overseas countries with minimum downtime. Upgrade of legacy file transfer to the most secured business vault.
Online banking applications deployed with application firewall security using F5 and policy fine-tuning on demand.
Email and Web filter solution and workflow system for web site access. Effective DLP for business using built-in dictionaries.
With Emirates Bank as an external resource supporting environment with more than 10000 users and 100 branch servers and also in government projects with Dubai Municipality and Emirates Airlines.
•Installation, configuration and administration of domain controllers, file servers and branch servers.
•Administration and troubleshooting entire Windows Domain, Active directory, Backup/Recovery.
•Migration from Windows NT domain to 2000 with Exchange as well.
•Installation of cluster servers with DHCP, Printer, HP MS100 Storage Area Network and VPN connectivity.
Installation, maintenance and troubleshooting of critical IT system as a team and providing technical support to end-users. Setting Active Directory Group Policy, profiles, shares and permissions.
Installation and configuration of Exchange Server 2000, MSSQL 2000 IIS, Veritas and NT backup & PWS web servers
Managing Users, Groups, Active Directory, Printing, Backup/Recovery, RAS, Terminal, IIS, and DNS.
TECHNICAL SKILL SETS
Network Security: Checkpoint Firewalls, F5 LTM, GTM and ASM, Cisco ASA & FWSM, Arbor, RSA, VSS, IBM ISS, McAfee NIPS, Cisco IPS, Fireeye, Websense Web & Email Filters with DLP, SurfControl, Riverbed, Proofpoint, MS ISA.
End point security: Cisco ISE and NAC, Juniper SSL box, Checkpoint Pointsec, Nokia, McAfee Epo.
Identity Management and Authentication: Imprivata Single Sign On, Cisco ISE, MS IAS, Vasco, Crypto card, Blackshield, Cyberark, Cisco ACS, AAA, F5 APM, Safenet.
Encryption: Tumbleweed, Proofpoint, PGP, IPSEC, Cyberark EBV, WRMS.
Monitoring: ArcSight, Guardium, Syslog, PRTG, Cacti, Whatsup, RSA, VSS, LogRhythm.
Microsoft Technologies: SMTP, Windows domain & AD, SMS, SQL, DNS, FTP, MSSQL, DHCP, IIS.
in
courses: CCNA, MCSA certified. Training on F5 ASM, Guardium, Checkpoint, Cisco ISE, LogRhythm