Security Manager
Resume:
Jehanzaib Jamil
Driving license: Yes
Nationality: Pakistan
Iqama: Transferable
Canada: Visit Visa
E: *********.*****@*****.***
SUMMARY
I am a highly motivated and ambitious Senior Cyber Security Engineer plus pre-sales with a broad range of experiences in more than 8 years with Different Vendor, Partner, Banking, Telecom industry.
Project management skills, project implementation and delivery skills, hands-on implementation of product solution.
Great experience in pre-sales as a solutions architect supported all aspects of sales activities and sales channels development for the company products and services.
Possess excellent problem solving and leader ship skills, designing and implementation of security expansion projects.
Hands on experience on multi-vendor products Fortinet, Palo alto, Bluecoat, Cisco ASA, Cisco ISE, Source Fire IPS, Juniper net-screen, Algosec Analyzer, Arbor TMS
In depth knowledge and practical experience on enterprise, Cyber security and network security technologies.
Migration and Implementation experience of legacy Palo alto, Fortinet, Cisco ASA firewall, Cisco FTD, ISE, Aruba NAC, HP, Force Point Proxy, ESA, WSA
Strength & Skills
Security Operations / IOS27001 / NIST / Solution Architect / Pre-Sales
DOS / DDOS / WAF / Proxy
Cloud Security / AWS / NSX
NGIPS / Source Fire / Trend Micro
Cisco ISE / ACS / ASA / AMP
Routing / Switching / Nexus
SOC Management / Team Lead / SOC Analyst
NGFW Fortinet / Palo Alto / Cisco FTD / Citrix / Aruba / HP
F5 / LTM / ASM / WSA / Email / Force Point (DLP,WEB,Email)
PROFESSIONAL CERTIFICATION & TRAININGS
CCIE Data Center (CCIE# 51998)
CCIE Security Written
FCNSA Fortinet Certified Network Security Administrator
FCNSP Fortinet Certified Network Security Professional
NSE3 Fortinet Certified (DDOS, Mail, Authenticator, Sandbox)
CISP Certified Information Security Professional
CEH Certified Ethical Hacking Professional
CCNP Certified
CCNA Certified
PCE Palo Alto Certified
Cisco FTD Professional Training
Source fire IPS, Next Generation Firewall Training
ISE Cisco identity service engine Admin Training
Blue Coat Proxy SG Web Security Professional Training
Palo Alto Network Firewall Training
Tenable Nessus Scanner Professional Training
AWS Amazon Web Services Certified
EDUCATION
B.COM in Commerce
Karachi University 2009 - 2011
H.S.S.C in Engineering
Pakistan International School, Riyadh 2006 - 2008
EXPERIENCE
Senior Cyber Security Consultant at Security Matterz
Riyadh, Mar 2018 - Present
Responsibilities and Work Details: Responsible to consultant planning, pre-sales and handling the security devices as per the company policy and managing the devices on daily basis with hands-on experience through security matterz
Met with channels/customers to understand their current technical environment, key business issues/drivers, and future technology requirements.
Worked closely with customers on the technical requirements to provide technical solutions – Identified requirements, including technical details sufficient for product definition.
Developed and established strong relationships with strategic clients and industry partners.
Provided product updates and technical advice to clients – Explained technical capabilities and business benefits of solutions to the customer from engineering level to senior executives.
Presented the company products to clients – Showcased drivers and value that supported the business case for the total cost of ownership to the customer.
Working on the security RFP and support cost managing for the all security products
Technical write-up for the customer and provide HLD design for the approval
Working on LLD design and implementation on multiple project of telcom, Banking, Ministry and private organization
Project: Bank Al Fransi as Senior Security Solution Architect
Security platform:
Fortinet firewall & IPS, Centrify, IBM APP SCAN, Force Point Proxy, Safe net 2FA, Tipping Point IPS, Aruba NAC, Arcsight, Tenable scanner, Citrix WAF, F5 ASM, Fire Eye APT, Cisco AMP, Fedelis, AWS, Cisco ASA, Cisco ACS
Cyber Security Consultant Team Lead at Symantec (7 Month Contractual Project Mobily)
Riyadh, Aug 2017 – Mar 2018
Responsibilities and Work Details:
Successfully completed mobily telecom project with operationally handling and Installation, Configuration implementation, Integration, Penetration testing and managing team with great operation experience in SOC
Security platform:
Cisco Firewall- 5500x, Source fire, Defense Center, ISE 2.1, Fortinet 1500D 30D 50D, Palo Alto 5050, Aruba AAA, Blue Coat proxy SG, MDM mobile iron, IPS, Arbor APS, Fire Eye APT, Cisco N7k, N5K, VXVM, Cisco FTD
Assists in the servicing, updating, installations and/or work related to security equipment
Regularly reviews standard operating procedures and protocols to ensure SOC
Having great static analytical skill to do reverse engineering
Handling upgrade and patches for the all security controls
Configuration and deployment of Cisco ISE for the wired solution using Dot1x and preparing the authorization policies for different active directory groups.
Creating security firewall rules as per the mobily security policy.
Work on source fire IPS cisco in which creating profile and rules, managing the devices 3D sensors through FMC working on the certificates.
Hands on experience with Palo Alto security features Wild Fire, AV, Application control
Configure and managing Palo Alto devices from Panorama for daily basis troubleshooting task
Planning and design Fortinet firewall with routing configuration of (OSPF)
Configuration of WAN optimization in Fortinet 100D
Hand-on experience with DOS policy in Fortinet and Palo alto
Configure different IPS profile for each DC users in Fortinet firewall, Palo alto and Source Fire
Configure all fortinet firewall with forti manager
Doing daily basis task on fortimail 400E
Maintain an in-depth knowledge of security products and provides expert advice regarding their application and supervise the team members
Performs troubleshooting if required. As such, leads problem-solving efforts often involving outside vendors
Document the cyber security events as per the industry best practices and submit to management weekly basis
Hand-on experience with Arbor APS to control the low volume attack
Hand-on experience with FireEye APT (Web) working on yaara rules to implement
Performing activities for the heath check of the devices
Working on the vulnerabilities to fix all the technologies
Infrastructure Senior Security Engineer (Planning & Design) at Zain Telecom
Riyadh, Saudi Arabia --- Oct 2015- August 2017
Responsibilities and Work Details:
security platform: Planning, Analyzing, Installation, Configuration implementation, Integration, Technical project lead.
Security Platform: Source fire, Firepower Services, Defense Center, Palo Alto 5050-5020s, ISE, Fortinet 3500 3700D, WSA, Blue Coat proxy SG, Firewall- 5500x, WAF, IPS, DLP, CEH, WSA, Arbor APS, Cisco FTD
Migration of Zain Tier 2 critical services as per Extranet firewalls (ASA 5585x) zones
Migration of Zain Tier 3 critical services in Data Center firewalls (ASA 5585x) zones
Configuration of Cisco ISE for the wired and wireless solution as per below
Wired Solution
Configuration of policies for the Dot1x authentication and authorization based on the user group and posture assessment based on Antivirus application, Antivirus up to date, Windows operating system with appropriate service pack, Windows up to date things, Microsoft office with appropriate versions using agent based solution (NAC Agent)
Wireless Solution
Configuration of policies for the dot1x authentication and authorization based on the user group as per the appropriate SSID for the VIP, corporate and Guest Configuration of guest policies with self-service enabled integration of the entire solution to work together including wireless solution with Cisco ISE and diverting the wireless traffic transparently controlled by Web Security Appliance
Planning and implementation of Fortinet, Cisco ASA, ISE, Palo Alto
POC Fortinet for the enterprise firewall 3500 Fortigate
Migration from Fortigate to Palo alto
Implement Cisco ASA and migrate from Fortinet 500E
Design routing between Fortinet firewall and N7K through OSPF
Configure BGP in fortinet firewall with AS number of small shop routers
Deploying and implement arbor APS for low volume attacks DDOS
Pen testing the network and provide the report to senior manager
Working on different attacks from linux base OS to verify the network security vulnerabilities.
Working as acting manager during the absence of SOC manager
Managing process and producers to get the proper time for SOC activities with the change management team
Perform, review and analyze security vulnerability data to identify applicability and false positives
Hands on experience in Palo alto 5050,5020
Configuration HA in Palo alto 5050s through ASR9k with BVI solution
Good working experience in profiling in Palo alto with IPS, AV, Web filtering, Application control
Penetration testing with different tools for Trojan, worms, syn flood packet to make sure network security
50-100 changes daily on various firewalls and proxies and scripts over entire Zain infrastructure
Palo Alto Rule changes PA-2000/PA-4000, templates, object creation, planning, configuration changes, OS upgrades, CLI troubleshooting, audits all single managed
Perform, review and analyze security vulnerability data to identify applicability and false positives
Research and develop testing tools, techniques, and process improvements
Managing NOC, SOC team on daily basis planning tasks and reporting to Head of infrastructure
Managing technical meeting with the vendors and partners make plan accordingly
Having good experience in project managing for Active/Active DC Riyadh and Jeddah.
Configuration HA in Palo alto 5050s through ASR9k with BVI solution
Configuration security zones for related to new design and 4000 Policies fine tuning
Cisco 5500x series Firewall configuration for clustering toward server farm in L2 mode
Cisco 5500x series Firewall configuration for active passive mode for DMZ in L3 mode
Penetration testing with different tools for Trojan, worms, syn flood packet to make sure network security
VPC design and configuration for active active data center in 72 fexs
Implement project of active-active DC with working on cisco 7k, 5K, 9K devices.
Senior Security Engineer at Security Matterz
Project ADA (Arriyadh Development Authority)
Riyadh, Saudi Arabia --- August 2014-Oct 2015
Responsibilities and Work Details:
On Network platform: Planning, Analyzing, Designing, Development, Testing, Quality assurance, Installation, Configuration implementation, Integration, and Maintenance
Security Platform: Fortinet 60D 100D 800C 1500D 3700D 3040B, 1000D Analyzer, 300D Manager, 900D, 600C, Fortiwaf 400C
Cisco: ASA 5500s, IPS, WSA, ISE, Routers, Switch, Firesight, AMP
IPS: MCAFEE, Source Fire, Fire power, Palo alto, ISE, WSA
Proxy: Blue Coat Proxy– SG510s, ESA, Sonicwall
In-depth knowledge and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls such as Fortinet UTM.
Design and implement ESA security appliance
Deployment of sonicwall with migration of fortinet
Designing implementation for the FortiWeb application firewall and configuration, fix the related issues.
Making pools troubleshooting in F5 LTM and link controller
Nodes and testing verification in F5 LTM for internet link controller
Coordinated activities by change management, business continuation, vendor management and problem management for return to service and problem mitigation and assure 24/7 service availability.
hands-on experience with firewalls and a comprehensive knowledge of IP networking and network security including Intrusion Detection, DMZ, encryption, IPSec, PKI, VPNs in Fortigate
Design network for implement Security Firewall and AV, IPS
Prepared the LLD and HLD for the client and give them excellent solution for their network and security.
Implementation for 42 firewalls Fortigate for ADA project connectivity through VPN HUB and SPOKE.
Deploy and configure Fortimanager 100D and Fortianalyzer 1000D for the management
Migration ASA firewall into fortigate 1500D, 3500D
Weekly backup and analyze reports from Fortianalyzer
Making web filtering profiling from internet firewall Fortigate 1500D
User based policy for Management in Fortigate 3700D
IPS filtering from Fortigate 1500D
Troubleshooting on daily basis
Tuning policy from firewall analyzer ALGOSEC
Migration Palo Alto firewall into fortigate 800C
Implementation for Macfee IPS with SMS server configuration
Planning design for DATA CENTER Firewall Fortigate 3500D
Proxy configuration for end user in Fortigate internet firewall 1500D
Enable authentication for OSPF routing protocol in fortigate firewall
ISE implementation and design for endpoint security both wired and wireless users,
AD authentication configures in Fortigate firewall through LDAP and SSO
Migrating Proxy from bluecoat to fortigate appliance
Handling threat analyzer from fortianalyzer and different tools
Giving solution for the network update and for network management
Working on the F5 GTM for mobily data center
Managing 42 firewalls from Fortimanager
Senior Network & Security Engineer Al Mommar (MIS)
Project Prince Mohammad Bin Abdulaziz Hospital (PMAH)
Riyadh, Saudi Arabia --- August 2013-August 2014
●Configure OSPF in two HP core and distribution switches A10500 combine three areas of OSPF.
●Implement and configure LACP on 48 access switches in all floors
●Configure IRF between all core, access and distribution switches for back connection
●Configure and implement MSM760 Access controller for access points and configure each AP in the controller and in the ports of access switches.
●Configure SSIDs for the AP and broadcast them.
●Configure Fortinet firewall policy or SSIDs to allow the user connect with the network.
●Configure RF manager for sensors and Rouge AP (Access Points) and put the configuration in the access switches ports.
●Configure VPN between hospital and MOH (Ministry of Health)
●Configure IPsec VPN for client users in FORTIGATE FIREWALL 3040B
●Configure VDOM (Virtual Domain) in the fortinet firewall for two different areas.
●Implement the PBX and put inside network with new subnet and vlan.
●Handling all security issues and troubleshoots with network team.
●Configure IPS Tipping Point to inspect and prevent the traffic which is coming from outside.
●Configure NAT/PAT from inside to out from cisco router with STC.
●Handling BLUE COAT PROXY SG adding rules and policies for the web filtering and bandwidth management.
●Handling F5 Big IP load balancer for servers and creating pools and group for the servers
●Configure Vlans for different areas and different servers
●Implement ASCOM server in the network for voice communication inside the hospital and configure ACL in the router to allow the calls which is coming from outside directly go to ASCOM deceives
Network & Security Pre-Sale Engineer (IDIS)
Riyadh, Saudi Arabia --- March 2011-August 2013
●Work with sales team to develop opportunities with new and existing clients
●Lead technical sessions with clients to discover requirements and develop solutions
●Present solutions to clients
●Prepare technical write-up
●Make HLD (High level design) and LLD (low level design) for the projects
FSF (Ministry of Interior), Project
●Configure extreme switch (460 Series) and juniper router (J6350) in eastern area of Saudi Arabia (KSA)
●Configure vlans, interface of vlan and vlan tag in extreme switch
●Configure security zones, interfaces, BGP to remote site in juniper router
●Configure Zone in Juniper firewall to allow the traffic between extreme switch, firewall and to the remote side
Sabic, Project
●Implement Internet edge firewalls ASA5540
●Configure core switch vlans, routing on stick
●Configuration of Cisco firewalls at DMZ area
●Implement two data center firewalls ASA5585X
●Design and implement two data center Active/Standby firewalls ASA5585X with AIP-SSM IPS module. Isolating entire server farm on production from the network through the firewalls and securing more than 200 servers by closing all the unused ports and forwarding all the traffic to up to date IPS module.
●Prepared and approved Cisco ISE high level design from cisco to make the delivery of security appliances successful.
●Implementation of Cisco Identity service engine (NAC solution), configuring two ISE appliances as an HA pair
●Primary/Secondary, configuration of policies & guest network.
●Co-ordination with application department to distribute a standard criteria end user applications, windows and antivirus
●Distributing NAC Agent throughout 800 users, applied the posture policies on end users for Antivirus must be
●installed, antivirus up-to-date, standard windows 7 and guest management solution. Configure EBGP for remote site
Al-JAZEERA PAINTS, Project
●Providing Technical support (Routing, Security) to Enterprise network
●Troubleshoot OSPF Network.
● Configuring Cisco, HSRP, & STP.
●Troubleshoot wan related problems including OSPF, EIGRP, BGP and RIP routing and design.
.
REFERENCES
Available upon request.
Contact this candidate