It Security Engineer
Resume:
Resume
Mr Faheem Tariq Kaleem
Sr. Network & Cyber Security Consultant.
Mobile Number: +61-403******
E-mail: adyeym@r.postjobfree.com
Residency Status: Australian Citizen Holding NV2 Clearance.
Availability: (Negotiable). Preferred Work Mode: Contract/Permanent
Work Experience
November 2022 Till Current ~ Sr. Network & Cyber Security Consultant.
Research Networks Operations/ Defence Science and Technology Group (DST)
More than Fifteen Years of Experience in Network design, Deployment, Implementation, Maintenance, Configuration, Support Testing & Troubleshooting, Documentation, plus IT Governance, Building Network & Security Standards, Developing Processes and Procedures, Risk and Compliance for Small, Medium and large Enterprise and Telecom Infrastructures.
Designing, Building, Implementing, Configuring, Network, Wireless, Network Security and Data Centre Solutions for platforms like Cisco Application Centric Infrastructure ( ACI), SD-Access (SDA), NAC/Cisco ISE (Identity Services Engine) 802.1x Firewalls (Cisco Firepower, Juniper, Palo Alto, FortiGate etc), NGIPS, AMP, Scan Safe/ Cisco Umbrella (Web Security Cloud Based Solution), Lan-cope Stealth Watch, WSA (Web Security Appliance), ESA (Email Security Appliance), Meraki, SolarWinds and SEIM (Splunk, Log Rhythm).
Identity Services Engine (ISE) 802.1x/MAB Solution: End to end design, deployment, implementation, configuration, support, testing and troubleshooting of ISE 802.1x, MAB, Wireless, Guest, BYOD, MDM and VPN device authentication and authorization solution. Device Management TACACS+/RADIUS solution. Design, Implementation, Configuration, Management, Support, Testing & Troubleshooting of Cisco Identity Services Engine (ISE) Solution. Migrated more than 30 Cisco ACS Systems to Cisco ISE Solution. Performed ISE Integration with Active Directory (AD) and LDAP.
Using Network Management Software and Tools like SolarWinds to diagnose and investigate network issues, also collecting performance statistics and creating reports.
Configuring, Troubleshooting and Performing Software & Hardware Major & Minor Upgrades and Installations for Cisco Application Centric Infrastructure (ACI), Cisco DNA Centre (Software Defined Access SDA), Routers, Switches, Firewalls, Cisco ISE etc. Prepared step by step upgrade process and performed software upgrades for ACI, LEAF & SPINE Switches of large APIC Clusters.
Working on ISO27000 IT Security Policies like Access Control, Asset Management, Business Continuity, Risk Management, Physical & Environmental Security, IT Systems & Information’s Security and Incident Management and Response Mechanisms etc.
September 2017 Till October 2022 ~ Sr. Network & Cyber Security Consultant.
(Cisco Systems)
More than Fifteen Years of Experience in Network design, Deployment, Implementation, Maintenance, Configuration, Support Testing & Troubleshooting, Documentation, plus IT Governance, Building Network & Security Standards, Developing Processes and Procedures, Risk and Compliance for Small, Medium and large Enterprise and Telecom Infrastructures.
End to end Designing, Building, Implementing, Configuring, Network, Voice, Wireless, Network Security and Data Centre Solutions for platforms like Cisco Application Centric Infrastructure ( ACI), SD-Access (SDA), NAC/Cisco ISE (Identity Services Engine) 802.1x Firewalls (Cisco Firepower, Juniper, Palo Alto, FortiGate etc), NGIPS, AMP, Scan Safe/ Cisco Umbrella (Web Security Cloud Based Solution), Lan-cope Stealth Watch, WSA (Web Security Appliance), ESA (Email Security Appliance), Meraki and SEIM (Splunk, Log Rhythm).
Configuring, Troubleshooting and Performing Software & Hardware Major & Minor Upgrades and Installations for Cisco Application Centric Infrastructure (ACI), Cisco DNA Centre (Software Defined Access SDA), Routers, Switches, Firewalls, Cisco ISE etc. Prepared step by step upgrade process and performed upgrades for high-end routers and Switches for a large Telecom customer.
Identity Services Engine (ISE) 802.1x/MAB Solution: End to end design, deployment, implementation, configuration, support, testing and troubleshooting of ISE 802.1x, MAB, Wireless, Guest, BYOD, MDM and VPN device authentication and authorization solution. Device Management TACACS+/RADIUS solution. Design, Implementation, Configuration, Management, Support, Testing & Troubleshooting of Cisco Identity Services Engine (ISE) Solution. Migrated more than 30 Cisco ACS Systems to Cisco ISE Solution. Performed ISE Integration with Active Directory (AD) and LDAP.
Completed a large Data Centre Migration Project: Worked as an SME (Subject Matter Expert) of Next Generation Firewalls (NGFW), Next Generation Intrusion Prevention System (NGIPS), NAC/Identity Services Engine (ISE), Routers, Switches, Cisco ACI etc, developed number of detailed Migration & Implementation Plans, including in depth configurations and test plans for ASA to ASA and ASA to FTD migrations using Migration Tool (FMT).
End to end Firepower Design, Deployment, Configuration and Migration: Prepared Firewall LLD, s and Migration Plans. Firewall & NGIPS Rules Tuning and Recommendations, including Intelligent Application Bypass (IAB), Network Analysis and Intrusion Policies, Variable Set and Network Discovery Policies, Geo Location Tracking and Correlation Policies, NGIPS System and Performance Tuning Recommendations and Implementation.
End to end Design (Low Level Design/LLD), Implementation and Configuration of a secure Gateway/ Remote Access Solution (VPN). Also have worked on Proxy solutions like Bluecoat, F5, and Palo Alto etc.
Using Network Management Software and Tools like SolarWinds to diagnose and investigate network issues, also collecting performance statistics and creating reports.
Cloud GCP: Managing Essential GCP Services like GCP Compute, Storage, Network and Identity Management also additional GCP Services like Databases, Data and Analytics, Artificial Intelligence & Machine Learning. Using Tools like DevOps and Developer Tools etc.
Working with multivendor environments like, Cisco, Juniper, HPE, Palo Alto, Citrix NetScaler’s, Microsoft, VMWare, Alcatel, Avaya FortiGate, and Aruba technologies.
Establishing and maintaining excellent relationship with all stakeholders (Technical & Non-Technical) like Team Managers, Vendors, Business Representatives, Project, and Senior Managers. Also making sure that solution implementations, Documentations and projects are proceeding according to the directions of the senior management and organizational business requirements.
Splunk Solution (SEIM): Splunk administration, building use cases, performing incident investigation, on boarding new devices and analysis of different types of incidents and building processes for incident response.
Build incident Response Methodologies for SOC like Worm infection, Windows Intrusion, DDOS, Malicious Network Behavior, Website Defacement, Windows Malware Detection, Smart Phone malware, Information leakage, Insider Abuse, Phishing and scam etc.
Performed impact analysis (Bug-Scrub) of different types of Software related Bugs for Routers, Switches, Firewalls and Identity Services Engine (ISE) etc.
Completed integration of Splunk (SEIM) with ISE solution, also performed incident analysis on Splunk and have built search queries on Splunk using different types of query parameters.
Developed and Implemented Complete IT Strategy & Architecture Security Standards for all IT Domains like Application Domain Standards, System Integration domain Standards, Information Management Domain Standards, Network Domain Standards, Platform Domain Standards, Data Management Standards, Enterprise System Management Domain Standards, Information Security Domain Standards etc. for a large financial organization, s IT and Network infrastructure.
Prepared and implemented ISO27000 IT Security Policies like Access Control, Asset Management, Business Continuity, Risk Management, Physical & Environmental Security, IT Systems & Information’s Security and Incident Management and Response Mechanisms etc.
April 2006 till August 2017 ~ Sr. Network & Cyber Security Consultant.
(Inmar Technology, IBM, Optus Telecom, Telstra Telecom)
Managing, designing, presenting, implementing, testing and troubleshooting major network (LAN & WAN), internet & IT Security Solutions for large Enterprise IT infrastructures.
Managing and Supporting Network security large infrastructure and platforms like Firewalls (ASA), Sourcefire, NGIPS, Scan Safe (Web Security Cloud Based Solution), WSA (Web Security Appliance), ESA (Email Security Appliance), Cisco ISE (Identity Services Engine), AD RMS, Splunk (SEIM) etc.
Complete end to end Deployment of ISE Solution for 802.1x, Wireless and Guest users, including Requirement gathering, Installation, Configuration, Testing & Troubleshooting.
Prepared Complete IT Architecture Security Standards for all IT Domains of a large financial organization extremely critical IT infrastructure.
Prepared and implemented ISO27000 IT Security Policies like Access Control, Asset Management, Business Continuity, Risk Management, Physical & Environmental Security, IT Systems & Information’s Security and Incident Management and Response Mechanisms etc.
Defining and executing penetration tests as part of the review life cycle for infrastructure and applications.
Implementing Identity Management, Role based Access, VPN access, Change Notification, Control plane and Management Plane Security for IT infrastructure.
Carrying out tests and assessments against internal standards as well as industry security policy & Standards (ISO27000).
Management, Support, Testing & Troubleshooting of Cisco Identity Services Engine (ISE) platform / appliance Solution. Troubleshooting ISE Service Issues, Performing Connectivity and Synchronization Tests between ISE Nodes Also Viewing Alarms / Logs.
Creating, Managing & Supporting ISE Monitor and Secure Mode authentication and authorization Policies also profiling and posture policies.
Managing, Testing and Troubleshooting ISE Guest Account Wireless Issues, Guest Login Redirect Issues, Guest and User Authentication and Authorization Issues. Providing ISE Guest Wireless and Sponsor Portal and VPN solution.
SEIM (Splunk) integration with Integrated Services Engine (ISE), Building logs and Reporting collection and incident handling Processes and Procedures.
Have experience working on Proxy solutions like Bluecoat and F5 etc.
Evaluate and recommend new security tools, systems and applications, Develop, establish and enhance SOC relevant processes and procedures. Managing Network and Security Teams.
Contributing into the wider security function through input to IT Security related development of policies, processes, standards, frameworks and awareness, as well as Carry out information risk assessments.
Conducting forensic investigations and forensic analysis also using computer forensic tools like En-Case, Access Data and FTK.
Providing expertise into forensics investigations and incident management as required also coordinating in incident response planning through formal processes and procedures.
Implementation of IDS/IPS Security Solution, F5 products for web security (LTM, GTM and Link Controller), also identifying issues and developing Contingency Plans.
Identify & Mitigate Network Attacks, preventing general attacks and creating inspection policies for security devices.
Performing regular vulnerability assessments using scanning tools to ensure the ongoing security of systems to emerging and known threats.
Organizing Firewall Logs Analysis & Reporting for internet (Web/ Email traffic) and Secure Zones (DMZ, Trusted and Untrusted Domains) traffic using different scanning tools.
Using SIEM (Security Information & Event Management) for identifying, resolving and reporting security related issues, reviewing incident related logs and building response process accordingly.
Assisting to build Network and IT Security Strategy and planning, also providing strategic and tactical directions.
Implementation of IPSEC Tunneling for VPN, DMVPN, SSL VPN and Ezy VPN Secure and Encrypted Solutions.
Complete Implementation Project of MARS: MARS Security Reporting Tool for a large financial organization.
Network WAN Security Major Project: Complete Implementation of “Layered Firewall Solution” for a large Enterprise Network.
Network LAN Security Project: Complete Implementation of “NAC Systems (ISE)” & IPS for a large Corporate Customer.
November 2005 to April 2006 ~ Sr. Network & IT Security Engineer.
“Cadbury/Schweppes Asia Pacific WAN Operations” Melbourne
Senior point of escalation for Data, Security & Voice related problems.
IP/ MPLS Configuration and Troubleshooting.
QoS (Quality of Service) Configuration, Analysis and Troubleshooting.
Performing Expert analysis of Network traffic using Stat Seeker, Nam and Cisco Works 2000.
Configuration & troubleshooting of routing protocols (OSPF, BGP)
IP/ MPLS Provisioning for Core Routers.
SRST Voice routers and Cisco 6500 Switches Configuration and Troubleshooting.
ADSL Network Configuration, Implementation, testing & troubleshooting.
Frame Relay and ISDN links Management, Configuration and Troubleshooting.
Secure AAA Authentication, Authorization and role-based access to network devices.
TACACS Configuration and Troubleshooting.
Voice Soft Switches configuration and Trouble shooting.
I was also a part of number of Network, Security & IP Telephony Projects, for large Asia Pacific Network.
Monitoring, Controlling and leading large Network, Security and Voice Projects.
Jun 2005 to November 2005 ~ Sr. Network & IT Security Consultant.
“Telstra Telecommunications” ISP Melbourne
Configuration, Provisioning & Troubleshooting of Routing & Security Devices.
MPLS Provisioning, Configuration, Support & Troubleshooting.
Implementation, Configuration, Support, Troubleshooting and Management of Secure VPNs.
ATM Interfaces Configuration, testing & troubleshooting.
Configuration, Provisioning & Troubleshooting of routing protocols (OSPF, RIP, EIGRP, BGP)
Fast Ethernet and Gigabit Ethernet Interfaces Configuration, testing & troubleshooting.
Frame Relay Network Configuration, testing & troubleshooting.
ADSL & BDSL Network Configuration, Implementation, testing & troubleshooting.
Juniper Routers, Nortel Switches and Cisco routers configuration. .
Large Network Implementation Project: More than 3500 sites. It included implementation and upgrading of a national network with Data, Security, Voice, MPLS, Frame, ADSL and Wireless Configuration, testing and troubleshooting
July 2004 to November2004 ~ Sr. Network & IT Security Engineer.
“Power Tel Telecommunications” ISP Melbourne
IP/MPLS Provisioning, Configuration, Support & Troubleshooting.
IP/MPLS: Migration of MPLS Core Network from one ISP to other ISP.
ATM Interfaces Configuration, testing & troubleshooting.
Fast Ethernet and Gigabit Ethernet Interfaces Configuration, testing & troubleshooting.
VPDN Tunnels Configuration, testing and troubleshooting.
Addition, deletion, configurations and troubleshooting of VLANs for Access & Trunk ports on different series Cisco Switches for Fast Ethernet and Gigabit interfaces.
Configuration, provisioning, Troubleshooting and IOS Upgrade for different series Switches (Catalyst 1900,2900,3550,3750, 4000, 5000,6000,6509)
Configuration, Provisioning & Troubleshooting of routing protocols (OSPF, RIPV2, BGP)
Remote Access Service. Configuration, Provisioning and troubleshooting of ADSL & SHDSL links.
Performance testing different network devices and Wan Links.
AAA & Radius Authentication, Authorization and Accounting Configurations.
Senior point of escalation for Network, Security & Voice related problems.
Daily, weekly and monthly reporting on data services.
December 2003 to July 2004 ~ Sr. Network & IT Security Engineer.
“Dimension Data” Melbourne
Initiating, Planning and executing multiple Data, Security, Voice & Wireless Network projects.
IPSEC Tunneling Configuration, testing and troubleshooting.
IP/ MPLS Provisioning, Configuration, and troubleshooting.
Installations, Management, Configuration and troubleshooting of Cisco routers & Switches.
Configuration, Provisioning & Troubleshooting of routing protocols (OSPF, RIP, EIGRP, BGP)
IOS upgrading, Configuration, Troubleshooting & Testing of Access, Distribution and Core routers: (800, 1000, 1600, 1700, 2500, 2600, 4000, 7000, 12000).
Using Sniffer Pro (Capturing Data for Expert analysis and troubleshooting).
Configuration, provisioning, Troubleshooting and IOS Upgrade for different series Switches (Catalyst 2900, 3550, 3750, 4000, 5000, 6000, 6500).
Conversion of 6509 720 Sup from Native to Hybrid Mode.
GPRS Training, Provisioning, Configuration and Troubleshooting (SGSN & GGSN).
Cisco Wireless Project. Wireless Network Configuration, Implementation, Testing & Troubleshooting. (350 Wireless Bridges with 800,1700 Routers)
Cisco Wireless Solution: Configuration and Troubleshooting of IP Sec GRE Tunnel providing full security (Encryption) for Wireless network.
Security & IP Telephony Solution: Providing recommendations regarding Security & Voice related Solutions to large Corporate Customers.
Quality of Service Implementation for “GE Finance” and providing expert analyses of network infrastructure.
November 2001 to November 2003 ~ Network & IT Security Engineer.
“Whizz Technologies” Sydney
IP/ MPLS Configuration and troubleshooting.
Providing Network Consulting Services to the clients on day-to-day Basis.
Providing Cisco Network routing, Switching solutions & Presentations.
Addition, Configuration, Provisioning &Troubleshooting of ATM interfaces.
Configuration, Provisioning & Troubleshooting Routing protocols (OSPF, RIP, EIGRP, BGP)
Remote Access Service. Configuration, Provisioning and troubleshooting of ISDN links.
Remote Access Service. Configuration, Provisioning and troubleshooting of ADSL links (SHDSL, Direct DSL, Speed Net Express).
Addition, Configuration, Provisioning & Troubleshooting of Frame Relay interfaces.
Configurations of VLAN’s, parameters for Switch ports.
Configuration of Voice Parameters in routers and Switches. (Voice over Frame Relay, Map Class, Bandwidth, Fair Queue, CIR EIR, Voice Compressions, etc.).
Complete Network Security Projects: Managed Network Security Support Team: Complete implementation of Watch Guard Firewalls and NRF IDS Solutions for a large Financial Organization.
Provided Complete LAN/WAN Security, Internet Security & IDS Solution for King Faisal University, SABBIC, Saudi Aramco and financial organizations.
IDS Implementation Project: Complete implementation for NRFU IDS Security solution for a Large Financial institution.
July 2001 to Oct 2001 ~ Network & IT Security Engineer
“Orange Telecom” ISP Sydney
Senior point of escalation for network related problems especially MPLS, Security, Routing and QoS Solutions.
IP/ MPLS: Configuration, Troubleshooting and Management of MPLS VPNs Networks.
Configuration and provisioning of Access, Distribution and Core layer routers.
Configuration, Provisioning & Troubleshooting of routing protocols (OSPF, RIP, EIGRP, BGP)
Remote Access Service. Configuration, Provisioning and troubleshooting of ISDN links.
Configuration of HSRP and testing of mission critical sites (MCS).
Redistribution of static routes into OSPF and EIGRP.
Configuration of SNMP and CARI access.
AAA & Radius authentication Configurations.
Managing, Provisioning, testing & troubleshooting of different MPLS VPNs links like (Ethiopian Airline, Cisco Systems, Coca Cola, BBC, CNN, United Airline and Bank of Boston extra).
I was Managing and Maintaining Global MPLS VPNs as a full VPN owner Like “Bank of Boston”, ”Ethiopian Airlines” “Same skips” and some other Multinationals. Sita /Equant has MPLS VPNs for almost 1000 Companies in 220 countries around the World. I use to Manage, Provision and support a huge Equant Network. (About 30.000 routers around the Globe).
October 2000 to April 2001 ~ Network Support Engineer LAN/WAN
“Cisco Systems” Sydney
Cisco Routers & Switches Configuration, Support, Installation & Troubleshooting.
Remote Access Service. ISDN Routers Configuration, Support & Troubleshooting.
Creation of new profiles for ISDN Links (Australia, New Zeeland, Korea and Singapore).
Managing, Monitoring & Troubleshooting Cisco Asia Pacific WAN Links.
Catalyst Switches Configuration, Installation & Troubleshooting.
Creating new VLANs, Assigning rights to ports.
Assigning of IP Addresses to Cisco internal users (Australia, New Zeeland, Korea and Singapore). Assigning Static routes, Creating User Profiles.
Level 2 support of problems that were not rectified by first level, supporting on issues and managing escalated issues related to (routers, IP phones, switches, lucent phones, Voice mail, PABX & ISDN Home Users)
Voice over IP, Configuration of IP phones (Using Call Manager) & Troubleshooting.
On call working from home. Maintaining Cisco Internal Labs. Supporting Asia pacific Wan Operations.
June 2000 to October 2000~ “Network Engineer”
“Flow Communications” Telecom ISP Sydney
Supporting Installation and Configuration of ATM switches
Replacements of hardware equipment on site
Remotely verifying the functions of Switches via dialing up connection
Configuring & Trouble shooting WAN links
Managing and monitoring of Web Servers and SQL Servers
Creating new links and sub maps on SNMP
Providing Technical assistance to the customers over the phone
Examining SNMP trap Messages and the monitoring of SNMP Alarms
Utilization of diagnostic software to resolve issues
I was responsible for Monitoring, Maintaining and Trouble Shooting ATM Backbone, Alcatel and Cisco routers + Alcatel Switches.
Education and Training
2022 Cisco Application Centric Infrastructure (ACI) Operations and Troubleshooting
Administrator Training.
2022 Planning and Deploying SD-Access Fundamentals (SDA) Administrator Training.
2022 AWS Cloud Essentials Administrator Training.
2022 ISO 27001- Information Security Management System (ISMS) Training.
2022 Best Practices for Cybersecurity & GRC Professionals Training.
2020 Information Security Risk Assessment Process ISO 27001:2013 Training.
2020 Building Security Incident Response Compliance for GDPR Data Protection.
2020 Splunk (SEIM) Administration & Architecture.
2017 SISE - Implementing and Configuring Cisco Identity Services Engine (ISE)
2017 Cisco Source-Fire, Next Generation Intrusion Prevention System NGIPS Specialization.
2016 Cisco CCIE Security Boot Camp Training.
2015 Cisco CCIE Data Center Boot Camp Training.
2013 CISSP (Certified Information Systems Security Specialist) Training
2013 CompTIA Security+ (Certified)
2012 Cisco CCIE Security (written).
Cisco CCIE Unified Communication Boot Camp Training
Cisco CCIE Routing & Switching Boot Camp Training.
2011 Firewall, IPS, ACS & Internet Security Specialization
2008 PMP (Project Management Professional) Training.
2008 Cisco Rich Media Communication Specialist.
2005 Customer Satisfaction & Services. Online Courses from Howard & Stanford University USA.
2005 WLANFE (Wireless LAN Specialist)
2011 Firewall, IPS, VPN, ACS, LAN/ WAN & Internet Security Specialization
2003 CCDP (Cisco Certified Design Professional Training)
2003 CCNP (Cisco Certified Network Professional) Certified.
2001 IP/ MPLS Specialization Trainings (Orange Telecom)
2000 CCNA (Cisco Certified Network Associate)
1999 MCSE (Microsoft Certified Systems Engineer)
1996 Sales & Distribution (Gold star)
1990 Sales & Training (Combined Insurance Company)
1988 Computer Training Course (Programming)
Attributes
Able to work without supervision
Honest and reliable
Energetic and creative
Excellent communication, project management and presentation skills
Great personality,
Strong customer service skills, Follow schedules and deadlines
Excellent leadership skills and a great team player.
Referees
Available upon request.
Contact this candidate