| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
CCIE-Security # Street Address
Contact # PHONE NUMBER AVAILABLEDallas, TXE-mail: EMAIL AVAILABLEProfile SummaryProfessional with extensive skills and around 13 years of experience in technologies that impact levels of enterprise organizations, including: network security, network design and implementation. I am skilled in implementing various network security products, operations and management, and intend to obtain a position in the competitive IT arena that will provide me the opportunity to utilize my immense technical skills in order to contribute to the technical growth both personal and of the organization.Technical CertificationsCCIE Security # 66949CCNP (CSCO11719471)Implementing and Configuring Cisco ISE (SISE 3.0 Cert# 130118)PCNSE (Palo Alto Network Security Engineer)Academic QualificationB.E (Telecom Engineering)2008PAF KIET, Karachi- PakistanTechnical ExpertiseFirewalls Hands-on Cisco ASA-X series, Cisco FMC-FTD, Palo Alto-3000, 3200, Check Point, Fortinet 600C, 1500D, Juniper SRX-1500. Policy based routing, IPS & IDS, Stateful Packet Inspection, AAA, Access lists, 802.1x/NAC, NPS, Port Security, Static NAT, NAT overload, PAT, QoS, ToS, Traffic Shaping & Policing, WRED, LLQ.SDN Hands on experience of Cisco ACI which includes APIC operations with spine and leaf setup, also experience in implementing Cisco DNAC with Cisco ISE and switches by pushing SGTs and SGACLs.VPN IPsec VPN, SSL VPN, Site to Site and Remote Access VPN, SDWAN, MPLS VPN, DMVPN, GRE, AH, ESP, IKE, 3DES, AES, MD5, SHA, DH, RSA, PKI, Authentication, Integrity, Confidentiality, Symmetric & Asymmetric Encryption, Hashing, Digital Certificate, Tunnel and Transport mode.Forti-EMS Experience in deploying Forti-EMS with Fortinet ZTNA module, pushed policy checks for the compliance with end user Forti-clients which contains Anti-virus and windows patch updates.Cloud Security - In depth knowledge of Azure Security including RBAC, Azure Security Center and Azure Monitor. Implemented Cloud security controls in SecOps including Encryption, Tagging, Container security, Golden AMI policy, IDS/IPS, NSG management, Service Endpoints, DDoS, Integrating 3rd party services such as QRadar, Qualys, Redlock. Implemented Azure site to site VPNs and Azur load balancer services as wellLoad balancer/WAF F5 LTM/GTM/ASM/APM/SWG and Citrix Netscaler (ADC). Configuring GSLB, SSL offloading and WAF. Configuring secure web gateway on F5 with SWG module for forward proxy.IPS Tipping point & Cisco FMC. Configuration & optimization.Switching Series 2960-Series, 3560, Series 3750, Series 4500, Series 6500, 9300, 9500, Nexus 2K, 5K, 7K, 9K. Which includes VLAN, VRRP, HSRP, Cisco VSS, VPC, HP-VSF, DHCP Snooping, LACP, EtherChannel, Spanning tree RSTP, MSTP, PVST, BPDU Guard, BPDU filter, DNS, DHCP, CDP, LLDP, SNMP, NetFlow, sFlow.Routing Cisco 2800, 3845, Cisco 7500, ASR 9000, ASR 1000, XR Routers series.Static, BGP, OSPF, EIGRP, Multicast Routing PIM Sparse & Dense mode, Unicast, Broadcast, Multicast, IGMP, Prefix lists, Route-maps.Web Proxy- Cisco WSA and Blue Coat Web security, hands on experience by implementing access policies, group policies, NTLM authentication and white listing the content.NAC Cisco ISE deployment with authentication, authorization and posturing. Aruba Clear pass configurations and operations.Vulnerability Assessment Hands on experience in operating VA tools like tenable.sc with Nessus scanners, running VA scans on network IP subnets, prepare VA reports and fixing vulnerabilities on network devices like weak ciphers, self-sign certificates, old TLS versions or weak hashing algorithms.Network Management and Monitoring Tools SolarWinds, Skybox, Splunk, HP PCM+, Infoblox (IPAM), PRTG, Trapeze Ringmaster OSI Model, TCP/IP Protocol suite, Sniffer tools (Wireshark) & Knowledge on cabling standards.Cisco Umbrella - Deployed and configured cisco Umbrella with VA model in order to control DNS resolutions of different sets of servers & users. Configured identities, destination lists, domains and configured policies as per different user and server requirements.Projects :Cisco ACI Implementation: Configured APIC on UCS, integrated Cisco Nexus 9k switches in leaf and spine topology. Integrated APIC with leaf switches, migrated existing infrastructure to ACI (vlans, gateways etc). Deployed multiple tenants with BDs and EPGs, configured access contracts between EPGs in order to enable micro-segmentations.Cisco ASA migration to Palo Alto: Configured corresponding access and NAT policies, bulk objects imported from ASA in Palo Alto 3250. Configured corresponding zones like DMZ, Untrust etc and assigned interfaces.Configured Appaware access polices with Next Gen features like App-ID, Content-ID, URL filtering, Anti-virus and anti-spyware profiles, Also rolled out VPN with GP client.F5 Big IP GTM & WAF Operations: Configured and run operations with Big IP GTM(DNS) module to setup GSLB for Dubai department of economic and tourism services. Implemented WAF for each service using F5 ASM module by enabling security checks like SQL injections, cross site scripting and Start URLs. Also optimized attack signatures as per the backend application technology.VPN Rollout project: POC for DTCM VPN rollout projects for 600 + hotels in Dubai. Designed and configured VPN parameters on DTCM firewalls (Palo Alto and Fortinet). Established site to site IPSEC tunnels with different hospitality groups in order to connect them with DTCM E-services.Cisco DNAC Implementation: Configured Cisco DNAC, integrated with Cisco ISE as authentication server, implemented access contracts between end points by pushing SGACLs to corresponding switches via ISE authorization policies.Azure Cloud Implementation: Implemented Azure Security including RBAC, Azure Security Center and Azure Monitor. Implemented Cloud security controls in SecOps including Encryption, Tagging, Container security, Golden AMI policy, IDS/IPS, NSG management, Service Endpoints, DDoS, Integrating 3rd party services such as QRadar, Qualys, Redlock. Implemented Azure site to site VPNs and Azur load balancer services as wellNAC-Cisco ISE Deployment: Responsible for deployment and implementation of authentication, authorization policies as per business requirement. Configured and rolled out NAC via Cisco ISE to control certain prerequisites like Windows patches, Antivirus and DLP client to be required in order for a user/server to join enterprise network of organization.Cisco Umbrella Deployment: Deployed and configured Cisco Umbrella with VA model in order to control DNS resolutions of different sets of servers & users. Configured identities, destination lists, domains and configured policies as per different user and server requirements.Multifactor Authentication (Cisco DUO): Deployed and configured Cisco DUO to add an extra layer of security by requiring users to verify their identity through a second factor, such as a mobile app, phone call, or hardware token. Also did integration with VPN solution like Cisco Anyconnect.Work ExperienceFeDex, Dallas TX, USARole: Network and Security consultant (Aug2023- till date)Responsible for managing the network and security infrastructure including Security firewalls, F5 LTM/GTM, ACI Infra, WSA proxy and Blue Coat proxy SG.Responsible for running operations, doing troubleshooting of Cisco ACI solutions and Nexus 5k,7k switches in both L2 and L3 modes with Vlans, VPCs, VRF and stacking configurations.Responsible for configuring and deploying NG-Firewalls of all the prominent vendors for multiple clients by configuring appaware access policies, NAT rules, QoS, URL filtering, sandboxing and enabling IPS.Responsible for rolling out and managing SD-WAN in order to establish connectivity between main and remote sites using Fortinet firewalls and Forti-manager.Responsible for configuring and managing Cisco WSA proxy with decryption and access policies and integration with AD.Configuring and troubleshooting site to site VPNs for different clients which includes multiple flavors of firewalls including ASA, FortiGate and Palo Alto.Configuring and rolling out SSL remote access VPNs as per the client requirements with multiple technologies like FortiGate, Palo Alto, Cisco ASA.Responsible for configuring Cisco Catalyst and Nexus 5k,7k switches in both L2 and L3 modes with Vlans, VPCs, VRF and stacking configurations.Emircom LLC, Dubai UAERole: Network and Security lead (Mar2016- July 2023)Leading IT infrastructure team of Emircom deployed in DTCM consists of 6 members of different fields including Network & security, DB, Systems and UC. Responsible for providing 24X7 support of whole IT infrastructure by managing roles of team members, assigning and mitigating tickets and optimizing the technical work among team members to get best output.Responsible for managing the network infrastructure of whole Dubai Tourism department including Security firewalls, Cisco Switches, Routers, Wireless Controller and Cisco ISE.Managing DTCM Security network, responsible for managing DTCM firewalls (PaloAlto, Cisco ASA, Cisco FTD Juniper SRX1500 & Fortigate). Configuring security policies on firewalls, publishing Dubai Tourism websites, URLs and different Dubai Government services publicly via firewalls and load balancers.Responsible for managing Citrix Netscaler load balancer, applying different load balancing mechanisms as per the business requirements of Dubai Tourism.Responsible for applying and configuring WAF for different applications over Netscaler and applying SSL offloading for different applications as per the requirements.Responsible for managing and implementing VPNs for all the hotels in Dubai with DTCM. Implementing different ways to provide VPNs to hotels i.e Site-to-Site VPN tunnels, client based VPNs and SSL VPNs to accomplish the business need of Dubai Tourism.Responsible for administrating and configuring Cisco NEXUS switches 3000 & 5000 for VRF, port channel and trunks as per the requirementsResponsible for administrating the Cisco WSA web proxy and Blue Coat proxy, it includes configuring different access policies for different user groups. Allowing and blocking different web URLs as per the business requirements. Creating and configuring protocol-based policies for different user groups.Rolling out firewall rules as per the application requirements.Adding/modifying routes between 3 sites on perimeter and core firewalls.Rolling out remote access VPNs for all the hotels in Dubai.Configuring and troubleshooting site to site VPNs with different establishments on different flavor of firewalls including ASA, Fortigate and PaloAlto.Configuring services, vServers, certificates and GSLBs on Citrix load balancers.Preparing UAT environment for different applications as per the requirements which includes provisioning of IPs, routing and firewall configurations.Publishing websites and portals on internet while configuring NAT and ACLs on firewalls.Taking backup of network devices, checking logs on daily basis of network devices to perform health check activities.Checking and analyzing IPS logs and take actions as per the requirements.Advertising routes over MPLS as per the requirements and as per the coordination with ISP.Managing Cisco ISE and implementing necessary authorization polices, managing guest network and analyzing logs as per the requirements.Applying required access policies on Cisco proxy WSA, white listing URLs, analyzing the traffic and allowing custom ports as per the requirements.Saudi Emircom LLC, Jeddah KSARole: Network & UC Engineer (Mar2012- Feb2016)Responsible for smooth operation of Saudi GSM company Mobily IP Contact Center which provides intelligent contact routing, call treatment, network-to-desktop computer telephony integration (CTI) and multi-channel contact management over an IP infrastructure.Responsible for administrating and configuring Cisco NEXUS switches 3000 & 5000 for VRF, port channel and trunks as per the requirements.Responsible for administrating the Cisco WSA web proxy, it includes configuring different access policies for different user groups. Allowing and blocking different web URLs as per the business requirements. Creating and configuring protocol based policies for different user groups.Implementing QoS policies such as traffic shaping and policing on MPLS routers as per requirements.Rolling out firewall rules on Cisco ASA 5500 series as per the application requirements.Responsible for flawless operation of IPT CUCM (9.0) clusters of Mobily for their Contact Centre, branch offices and Business centers connectivity.Wateen Telecom (Pakistan)Role: Network Engineer (Advance services) (Oct 2008 Dec 2011) Monitoring and troubleshooting of DS3, E1 & Channelized E1 Configuring and Troubleshooting of Cisco UCM and Cisco Enterprise solution Support NOC Operations Co-ordinate with Tier1 providers and Internal teams for the resolution of connectivity related problems Leased Line commissioning, in co-ordination with Basic Service Operators Interact and resolve with the Help Desk on problems or issues related to client networks. Manage smooth roll out and maintenance of Enterprise connectivity |
