Solution Architect
Qatar Airways
Total years of experience :17 years, 9 Months
As a Subject Matter Expert, responsible for design and implementation of QA Network and Security architecture, providing support to the infrastructure managed by security operations at senior level and delivering network and security solutions as required.
Managing large scale Network and Security architecture comprises of diverse network and endpoint security products advancing layered defense.
Responsible for periodic architecture review, Security Gap Assessment and proposing design changes.
Assisted in formulating and maintaining system and issue-specific security policies.
Designed network security infrastructure comprises of Cisco ASA/FTD, Checkpoint gateways, Firepower IDPS and bluecoat web proxies.
Designed secure VPN connectivity solution for business partners/vendors and employees.
Enforced Web application security for the webservers hosted in DMZ using F5 Application Security Manager.
Implemented Server Load Balancing using F5 LTM, DNS load balancing using GTM.
Involved in consulting and design of endpoint security solutions: Cisco Secure Endpoint and Force point DLP.
Involved in design and implementation of Canary Honeypots for proactive detection of intrusions and zero-day attacks.
Security Incident Management: Managing escalated security incidents, effective incident response, mitigation and remediation.
Reviewing Security Assessment, Vulnerability Assessment & Penetration testing reports, performing risk assessment and proposing safeguards/controls for mitigation.
Change management: As a member of Change Advisory Board (CAB), assessing and approving operational and project change requests from security perspective to ensure security/business processes are not negatively affected.
Problem Management: Performing route cause analysis for high severity security incidents, propose prevention steps/controls and document the lessons learned.
Periodic review of security system configuration to ensure the effectiveness of change management and configuration management processes.
Effectively participated in cyber security red teaming exercises to overhaul security and process controls.
Maintaining IS risk register to document and mitigate IT risks as per organization’s risk appetite.
Developed business continuity and service availability procedures for the security infrastructure.
Participating in periodic internal and external audits such as ISO 27000 and PCI-DSS representing security domain, document and address audit findings.
Periodic review of privileged user accounts, user entitlement audits.
Demonstrated Proof of Concepts to evaluate the Network and Security product/solution is meeting the project requirements.
Preparing RFP’s and SOW’s ensuring the project and user requirements are incorporated.
Developed and maintaining SOP’s, configuration templates and system configuration baseline checklists.
As a Level3 Lead Engineer, responsible for providing support to the infrastructure managed by security operations at senior level, as well as maintaining the infrastructure and deliver changes as required.
Provided effective technical support for the security function within Network Management to enable effective service provision to the customer, primarily by managing the security incident queue.
Managed large scale security architecture comprises of Cisco ASA, Fortigate and Checkpoint/Nokia firewalls.
Change management: Risk Assessment, planning and execution of periodic change requests as per the network requirements.
Active participation in CAB meetings representing changes for security infrastructure.
Problem Management: Performed Root Cause Analysis for high severity/recurrent incidents in networks and taking measures to prevent the incidents in future.
Centralized management of large-scale Cisco ASA Firewall architecture using CSM.
Enforced Web application security for the webservers hosted in DMZ using F5 Application Security Manager.
Implemented Reverse Proxy, access policies and federated identity for applications using F5 Access Policy Manager.
Implemented and managed Bluecoat Web proxies in WCCP cluster group.
Deployed Site to Site VPN Connectivity to Business Partners using Cisco ASA/Routers.
Deployed Remote access SSL VPN solutions using Pulse Secure SA.
Participated in Security Audits: Identified security vulnerabilities, implemented audit findings ensuring compliance.
Worked closely with SOC team in optimizing firewall policies and rule base.
Bridged with other Cross functional domains for critical issues and contribute towards resolution.
Project Name : GAP Inc.
Name of the Role: L2/L3 Network Operations
Role & Responsibility:
* 4 Member team which handling incident management, Change management and
Problem management.
* Final escalation point for the incidents and problems in offshore.
* Network infrastructure includes
& Responsibility:
* Responsible for the installation and configuration of the network devices.
* Field support for Modem Installation.
* Installing and configuring windows XP and 2003 Sever
Formal Education *