Network Security Engineer
Ministry of Communications and Information Technology
Total des années d'expérience :9 years, 3 Mois
• Diagnose connectivity problems by analyzing firewall logs, capturing network packets, and employing debug commands for deeper investigation.
• Implements comprehensive firewall policies, defining traffic parameters such as source, destination, port, and application to protect sensitive data and resources.
• Implementing SNAT and DNAT profiles in firewall policies enables efficient network resource utilization, enhanced security by hiding internal IP addresses, and improved flexibility for managing diverse network configurations.
• Opens up firewall ports and configures security policies for new services, balancing accessibility with network protection.
• Applying security and log profiles refines firewall policies, leading to more robust network security postures and streamlined incident response.
• Firewalls securely connect two geographically separated networks by establishing robust IPsec tunnels, enabling encrypted and authenticated communication.
• Implements a rigorous patch management program for the firewall OS, ensuring timely application of security updates and bug fixes.
• Troubleshooting and monitoring NAC logs for the end user's connectivity issue.
• Troubleshooting and monitoring NAC logs for the end user's connectivity issue
• Investigating network access issues for devices by analyzing and monitoring NAC logs
• Verifying and adjusting NAC service profile settings to ensure optimal network access for users and devices.
• Endpoint protection management involves checking the groups and policies applied to each group.
• Define and implement robust WAF policies to safeguard against malicious traffic, and analyze blocked requests to identify potential security threats or user errors.
• Following successful completion of cyber security approval procedures, the Mail Security Gateway releases quarantined emails to their intended recipients.
• Implements granular email content filtering rules to prevent unauthorized data loss, protect sensitive information, and ensure compliance with regulations.
• Switches dynamically create and manage isolated Layer 2 VLANs (Virtual LANs) for improved network segmentation and security.
• Actively resolving user access issues by identifying and analyzing the user's MAC address and port number on network switches.
• Implement the 802.1X configuration on network devices for secure network access using port-based authentication.
• Utilizing the LACP protocol, a port-channel was created on the network switch port, bundling multiple physical links for enhanced network performance and failover capabilities.
• A VLAN and its corresponding SVI (Switched Virtual Interface) were configured on the switch port, enabling traffic isolation and routing between logical network segments.
• Multiple virtual servers (VIPs) were configured in the Application Delivery System (ADS) to distribute traffic across real servers for optimal performance and scalability.
• Successfully applied critical security and performance updates to the load balancer's operating system, ensuring optimal functionality and protection against vulnerabilities.
• Utilizing built-in configuration management tools, the wireless controllers dynamically generated SSID profiles for each access point, tailoring network settings to specific requirements.
• Utilizing DHCP server configuration tools, I defined and established dedicated DHCP scopes for various VLANs or network segments, ensuring efficient and secure IP address assignment.
• An A record, mapping a domain name to a specific IP address, was created within a designated DNS zone for improved name resolution and website accessibility.
• Leveraging CMS, I developed and deployed customized phone profiles for diverse user needs within the organization, streamlining communication setup and enhancing collaboration.
• Collaborated with users and IT teams to effectively configure and troubleshoot user devices, fostering a positive support environment and resolving technical challenges efficiently.
• Collaborated with users and IT teams to identify and address challenges within software configuration and installation procedures, leading to a more user-friendly and reliable experience for all.
• Managed all aspects of user ID creation, maintenance, and deletion within the Active Directory system, ensuring accurate and secure user access.
• Streamlined user email ID creation through automation and standardized naming conventions, ensuring timely access and efficient communication within the organization.
• Implemented and optimized tape library-based backup processes, minimizing downtime, ensuring data integrity, and guaranteeing rapid recovery in case of server failure.
• Monitored and maintained network devices, optimizing performance, resolving outages proactively, and minimizing downtime for optimal network efficiency.
• Oversaw the implementation and ongoing maintenance of robust technical security controls, ensuring comprehensive protection for the organization's sensitive information assets.