Post Job Free
Sign in

Network Security Architect & Compliance Engineer

Location:
Ballston Spa, NY, 12020
Posted:
July 15, 2026

Contact this candidate

Resume:

OREDOLA OLASUNKANMI BAYO, CCNA, CCNP, CCSA, CCSE, CISA, PSM1, CITN, GCSA,

CCIE v6 SECURITY IN VIEW

***********@*****.***

404-***-****

VISA STATUS – US CITIZEN

www.maroof.world

Summary of Skills With 16 years of experience in Information Technology, including 10 years in network security engineering, I specialize in designing, implementing, and securing IT infrastructures across multiple industries. My expertise includes firewall management, cloud security, threat modeling, and regulatory compliance. I have worked on several high-impact projects, ensuring robust cybersecurity measures for enterprise-level networks.

Personal Projects: Network Security Engineer with hands-on experience building and securing enterprise lab environments using EVE-NG and GNS3, simulating real-world attack scenarios, firewall policy tuning, and multi-vendor security architectures.

Designed and deployed multiple enterprise-grade network security labs using EVE-NG and GNS3, simulating real-world environments with Palo Alto, Cisco ASA, Fortinet, and Check Point firewalls.

Built and tested multi-vendor security architectures, implementing segmentation, NAT, ACLs, VPNs (IPSec/GRE), and traffic inspection policies across distributed network topologies.

Simulated web application traffic flows and attack scenarios (including OWASP Top 10 concepts such as SQL Injection, XSS, and DoS patterns) to understand detection and mitigation strategies using firewall policies and security controls.

Built end-to-end enterprise labs with services such as DNS, DHCP, Email, Syslog, and NTP, and applied layered security controls to protect application and infrastructure traffic.

Created and delivered hands-on cybersecurity training labs through Maroof Infotech Ltd, mentoring students on real-world network security engineering practices and troubleshooting techniques.

Implemented micro-segmentation concepts using Guardicore, focusing on application dependency mapping, east-west traffic control, and threat containment strategies.

FortiGate Firewall Migration and HA Deployment – BHMC Datacenter

Deployed and configured FortiGate 901G firewalls, replacing legacy 2201E devices in a datacenter environment

Implemented Active-Passive HA cluster with full configuration synchronization and failover testing

Migrated network configurations including VLANs, DHCP, routing, and firewall policies

Configured LACP (802.3ad) uplinks to core switches using 10Gb interfaces

Integrated FortiLink for FortiSwitch management and access layer connectivity

Ensured continuous network monitoring via SolarWinds and XMC using SNMP

Troubleshot and resolved connectivity issues related to port speeds, SFP modules, and interface mapping

Documented full network topology and created migration plan for multi-site deployment

Designed BGP and OSPF-based enterprise networks with security overlays, including route control, redundancy, and secure WAN connectivity across simulated global sites.

TECHNICAL SKILLS

Firewalls:

Checkpoint, Cisco ASA, Palo Alto, Fortigate, Guardicore Micro-Segmentation, Citrix, Cisco ISE

Virtualization Skills:

GNS3, VMware, Virtual Box

Languages:

HTML5, DHTML, CSS, SQL, Chrome Developer Tools, jQuery, JavaScript, GitHub, Python, Ansible, JSON, REST API

Controls

NIST, CIS, DORA, BPA, PCI, HIPAA,MITRE AT&CK Framework and NGFW Governance

Routers:

Cisco 7600, 3600

Load Balancer

F5

Communication Protocols:

TCP/IP, UDP, DHCP, DNS, ICMP, SNMP.

Routing Protocols:

OSPF, BGP, EIGRP, RIP, SDWAN, MPLS and Static Routing.

Switching Protocols:

LAN, VTP, and STP.

Switch

L2 AND L3 SWITCH

LAN Technologies:

Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, F5

Ethical hacking

NMAP, WhatWeb, Nessus, Msfconsole, Metasploit

Cloud

Microsoft Azure Administrator, Prisma Access

Network Security:

ACL, SSL, IPsec VPN, GRE VPN., Cisco ISE, SDWAN

Network Management, SIEMS and Packet Analyzers:

Wire shark, StableNet, Tcpdump, Info Blox, Zscaler, Putty, Splunk, Playbook, Tufin, Logic Monitor, Cyber Ark, DigiCert

Operating Systems:

Windows XP / 7 / 8/10, Windows Server 2003 / 2008, Mac OS, PowerShell and Linux.

Applications:

Microsoft Word, Outlook, Excel, PowerPoint, Visio, teams, Confidential, Adobe Photoshop, and Illustrator.

PROFESSIONAL EXPERIENCE

Palo Alto September 2025 – June 2026

Hybrid, (NY, USA)

Role: Senior Network Security Analyst

Network Security Governance & Compliance

Lead CIS v8 and NIST CSF mapping for NGFW controls, ensuring compliance alignment with enterprise risk and governance frameworks.

Perform BPA (Best Practice Assessment) validation and interpret alignment with policy, control maturity, and technical enforcement.

Develop compliance evidence matrices linking NGFW security features to NIST, CIS, and CRI requirements.

Coordinate vulnerability remediation tracking, segmentation enforcement, and access control implementation via BPA benchmarks.

Policy & Process Development

Draft and maintain security procedures aligning with CIS, NIST 800-53, and organizational risk appetite.

Develop change management and secure configuration standards for network assets.

Maintain version-controlled documentation for firewall baselines, backups, and audit trails.

Participate in internal reviews ensuring policy effectiveness and alignment with BPA compliance indicators.

Security Operations & Risk Management

Conduct periodic risk assessments, configuration audits, and BPA reviews to identify deviations and propose remediation.

Evaluate third-party and supply chain security alignment with organizational risk management strategy.

Support continuous monitoring initiatives and anomaly detection through log analytics and alert correlation.

Tata Consultancy Services (TCS) Jan 2023 – August 2025

Consulting for Novartis (Remote, USA) & GlobalFoundries (NY, USA)

Role: Senior Network Security Engineer

Designed and implemented Guardicore micro-segmentation for enhanced network security.

Developed Zero Trust security architecture integrating Guardicore and Palo Alto NGFW.

Managed and optimized firewall policies for compliance with HIPAA and NIST standards.

Design microsegmentation policies to protect data centers and prevent lateral movement.

Integrate Guardicore with SIEM tools and third-party platforms.

Policy audit of Guardicore

Monitor and analyze East-West traffic for suspicious activity.

Certificate Management tasks and activities through DigiCert

Monitoring network through StableNet

Conducted vulnerability assessments and applied security patches.

Designed segmentation policies to protect critical business applications.

Led a team to deploy Prisma Access for secure remote work solutions.

Integrated firewalls with Tufin for automated policy enforcement.

Strengthened cloud security measures using Cortex Data Lake.

Enforce security policies that align with industry standards such as ISO 27001, NIST, or GDPR.

Provided incident response and forensic analysis for security breaches.

perform End to End monitoring of the entire Network infrastructure suing tools and working under supervision to resolve the issues

Understanding & troubleshooting the issues raised by customer and resolving issues within the SLA.

Solid understanding of Linux environments for managing firewall and network security configurations.

Creating a change request for the new policy creation/deletion/modification in Palo alto firewall and getting it approved through the CAB.

Proficiency in Python and PowerShell for automating firewall policies, log analysis, and security rule enforcement.

Configured and managed Fortigate firewalls for additional security layers.

Implement FortiGate firewalls in enterprise environments, ensuring secure network segmentation and traffic control.

Conducted firewall rule audits and optimizations to enhance security posture.

Deployed and configured Checkpoint R80.40 firewalls with centralized management.

Integrated Identity Awareness for user-based firewall policies.

Configured Site-to-Site and Remote Access VPNs using Checkpoint.

Managed security policies, NAT, and application control to prevent cyber threats.

Integrated Fortigate with existing firewall infrastructure for enhanced threat detection.

Manage Firewall Policies and VPNs: Design and enforce security policies, configure IPSec/SSL VPNs, and optimize firewall rules for improved security and performance.

Configured, managed, and maintained Cisco ASA firewalls for enterprise environments.

Implemented advanced firewall features such as threat defense and botnet traffic filtering.

Designed and deployed secure VPN solutions including AnyConnect and IPSec.

Developed and enforced firewall security policies based on organizational needs.

Troubleshot firewall connectivity issues and optimized rule sets

Perform routine Linux administration tasks including shell scripting, package management, and system monitoring.

Troubleshoot and manage services such as SSH, cron jobs, syslog, and iptables for security and automation purposes.

Develop automation scripts to streamline operations, deployment, and firewall rule audits.

Set up scans to check our systems for security problems.

Keep our Qualys tools running smoothly.

Help install and configure our Qualys security tools.

Knowledge of coding languages for scripting (e.g Python, Perl).

Key Projects:

1.Deployment of Zero Trust Architecture for Novartis using Guardicore and NGFWs in operational mode

2.Firewall migration and policy optimization for GlobalFoundries.

3.Upgrading Palo Alto and Panorama OS to 10.2.4-h4

4.Patching Cisco ISE nodes and attaching the certificates to the services.

5.Creating new Tunnel on Palo Alto firewall.

6.Integration of Tufin for automated firewall compliance.

7.Vulnerability management and patching for critical IT assets.

8.Experience with network diagnostic, monitoring and analysis tools

9.Configure and optimize BGP, MPLS, and enterprise routing for high performance and reliability.

Q3 Technologies Dec 2022 – Jan 2023

Consulting for Clients in Austin, Texas

Role: Network Security Engineer

Implemented network security solutions across hybrid cloud environments.

Managed firewall configurations and policy enforcement.

Conducted security audits to identify and mitigate vulnerabilities.

Developed firewall automation scripts to streamline security operations.

Optimized VPN and remote access solutions.

Provided incident response support for security breaches.

Deployed Azure Container Instances for secure application hosting.

Configured network segmentation to isolate critical workloads.

Ensured compliance with ISO 27001 and SOC 2 standards.

Leverage Linux-based tools to perform network diagnostics and system performance tuning.

Assist in maintaining secure, stable Linux environments used for firewall and monitoring infrastructure.

Maintained network uptime and performance monitoring.

Conduct firewall rule base audits, cleanups, and optimizations to improve performance and reduce risk exposure.

Perform packet capture and traffic analysis to investigate incidents and validate firewall rules and NAT behavior.

Implement and troubleshoot VPNs (site-to-site and remote access) across diverse platforms and encryption standards.

Coordinate firmware upgrades, migrations, and hardware refreshes in production environments with minimal downtime.

Integrate firewalls with SIEM tools and network monitoring systems for real-time alerting and visibility.

Configure, manage, and troubleshoot next-generation firewalls, specifically Cisco Firepower (FTD/FMC) and Check Point appliances.

Implement and maintain advanced security policies, NAT rules, and threat prevention features across multiple firewall platforms.

Monitor firewall performance and security logs, ensuring optimal uptime and rapid incident response.

Participate in firewall migrations, upgrades, and integration projects across enterprise environments.

Collaborate with security architects to design firewall solutions aligned with business and compliance requirements.

Key Projects: Firewall policy automation using Python scripts.

1.Maintenance of Server in the Data Center

2.Security hardening on Prisma

3.Deployment of an enterprise-wide intrusion detection system.

Capgemini March 2022 – Nov 2022

Consulting for Schneider Electric (Remote, USA)

Role: Network Engineer

Led firewall migration project for Schneider Electric, ensuring minimal downtime.

Implemented policy optimization for Check Point and Palo Alto firewalls.

Performed regular security assessments and firewall rule reviews.

Integrated ASA firewalls with Cisco ISE for advanced network access control.

Automated firewall backup and configuration management.

Integrated Zscaler for secure web access control.

Configured and managed Cisco ISE for network access security.

Conducted security assessments for application migrations.

Deployed VPN solutions for remote workforce security.

Implemented intrusion prevention (IPS) and anti-bot protections.

Provided firewall log analysis and incident response support.

Automated firewall rule validation using Python and Ansible.

Automated firewall policy management using Ansible.

Provided documentation and training for network security best practices.

Managed Layer 2 and Layer 3 network configurations.

Integrated Cisco Nexus switches with ACI (Application Centric Infrastructure) for automated and policy-driven networking.

Configure, deploy, and maintain enterprise-grade firewalls including Cisco Firepower Threat Defense (FTD/FMC) and Check Point NGFWs.

Create and optimize access control policies, intrusion policies, and security profiles to enforce compliance and mitigate threats.

Design and implement high availability (HA) firewall configurations to ensure service continuity and failover readiness.

Implemented QoS (Quality of Service) policies on Nexus platforms to ensure traffic prioritization and network efficiency.

Conducted OS upgrades, configuration backups, and performance tuning for Cisco Nexus environments.

Troubleshot high-latency and network congestion issues using Nexus features like ERSPAN, NetFlow, and SPAN.

In depth knowledge with deploying and configuring Palo Alto Firewalls PA3200

Working on Info Blox to create new Subnets, DNS, IPAM and DHCP addressed etc.

Using Zscaler during the migration process

Experience developing scripts to streamline firewall operations, including backup automation, rule auditing, and compliance reporting.

Ability to analyze firewall logs using scripting for threat detection, anomaly identification, and forensic investigations.

Strong knowledge of access control lists (ACLs), NAT, VPN configurations, and intrusion prevention systems (IPS) within Cisco and CheckPoint firewalls

IPAM experience (Infoblox)

Provide advanced troubleshooting for network and security incidents.

Work with cross-functional teams to resolve complex technical issues.

Optimize network performance and ensure security compliance.

Initial Palo Alto (PA-850) set up and Deploying to Panorama

Automated security audits using Ansible for firewall configurations

Ensured regulatory compliance with industrial control systems.

Key Projects:

1.Large-scale firewall migration and security hardening for Schneider Electric.

2.Designed and implemented VLAN-based OT/IT network segmentation within a Schneider Electric industrial environment, using REID and REIP zoning to secure ICS infrastructure while maintaining operational uptimeVPN security enhancement project for remote workers.

3.Firewall rule optimization and compliance enforcement.

4.Develop high-level and low-level network designs (HLD & LLD) based on project requirements using infrastructure using MSVISIO

5.Implementation of high-availability Checkpoint clusters for business continuity.

6.Implement LDAP through active directory on Palo Alto to authenticate User IDs

7.Create documentation and network diagrams of the network

8.Migration of Checkpoint to Palo Alto using Expedition Server

9.Manage firewall implementations through Expedition Server and Panorama applications.

Comet Apr 2017 – Feb 2022

Consulting for Calpine (GA), Tistatech (GA), Black Matrix (NY)

Role: Network Security Engineer

Configured and managed high-availability firewall clusters.

Implemented security hardening strategies for corporate networks.

Designed VPN solutions for secure site-to-site connectivity.

Integrated Active Directory authentication with network security policies.

Performed traffic analysis and incident response using Wireshark.

Led a network segmentation project for improved security controls.

Provided support for Palo Alto and Cisco ASA firewalls.

Configured and managed Cisco Nexus 9000, 7000, 5000, and 3000 series switches in enterprise data center environments.

Implemented VXLAN with EVPN on Cisco Nexus switches for enhanced network segmentation and scalability.

Deployed F5 load balancers for application traffic management.

Automated firewall rule validation and compliance checks.

Conducted penetration testing and remediation planning.

Configuration of firewall (Palo Alto) security policies, Global Protect VPN, URL filtering, Data filtering and file blocking Profiles

Set Up Panorama Managed Prisma Access

Troubleshoot, Conduct Scans and Access Network issues, then patch Vulnerabilities and Mitigate DDoS attacks on Palo Alto Firewall

Use App-ID and URL Filtering for allowing or denying the Web Traffic and also prevent Hosts from accessing Malicious Websites

Configured ADS (Active Directory Sever) and LDAP with Palo Alto Firewall to authenticate User IDs

Configured TACACS+, LDAP, IPsec and RADIUS for Palo Alto firewalls

Expertise in Conducting security policy rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup

Configure & monitor Global Protect and Gateways to create IPsec and SSL VPN's Tunnels with Users & Customers on Palo Alto Firewall

Key Projects:

1.Implementation of network segmentation strategy for Calpine.

2.SD-WAN rollout for improved branch office connectivity.

3.Active Directory integration with firewall authentication policies.

4.Implement the Global Protect VPN, IPsec VPNs, and SSL VPNs through IKE and PKI on firewalls for site-to-site VPN Connectivity.

5.Administered Cisco catalyst (6500, 4500) switches, enabled all L2 critical configurations like 802.1Q encapsulation, Port channels, VTP, VLAN, inter VLAN routing, etc.

6.Implementation of wireless access over LAN. Reallocated Cisco Routers and Access-Points when needed

7.Firewall log analysis and threat detection automation.

Techspecialist Consulting Ltd Feb 2014 – Mar 2017

Consulting for Clients in Abuja, Nigeria

Role: Network Security Analyst

Managed network infrastructure, including routers, switches, and firewalls.

Implemented security policies to safeguard enterprise data.

Provided troubleshooting and support for network connectivity issues.

Assisted in planning and deploying WAN/LAN solutions.

Performed network monitoring and incident resolution.

Developed security awareness training for employees.

Assisted in cloud security integration for oil and gas operations.

Configured firewall rules to protect against external threats.

Provided 24/7 support for critical network operations.

Ensured compliance with oil and gas cybersecurity regulations.

Consulting for Clients in Abuja, Nigeria

Key Projects:

1.Security assessment and firewall deployment for Ola Lakes Oil & Gas.

2.Network segmentation for industrial control systems.

3.Deployment of an intrusion prevention system.

4.Secure remote access implementation.

Lagos State Internal Revenue Service (LIRS) Mar 2007 – Nov 2013

Role: Auditor / Desktop Engineer

Conducted internal audits for compliance with tax regulations.

Investigated and resolved security violations and risks.

Managed network infrastructure to support tax data processing.

Provided IT support for tax auditing and collection systems.

Developed security policies for taxpayer data protection.

Ensured IT infrastructure compliance with Nigerian regulatory standards.

Provided training for IT staff on security best practices.

Conducted forensic analysis of cybersecurity incidents.

Assisted in the migration of tax systems to a secure cloud environment.

Designed and implemented secure access controls for tax processing applications.

Key Projects:

1.IT security enhancement for Lagos State Internal Revenue Service.

2.Secure data migration for taxpayer records.

3.Implementation of multi-factor authentication.

4.Firewall deployment for data protection.

5.Incident response and forensic analysis framework.

EDUCATION

Bachelor of Science, Human Anatomy – University of Ilorin, Nigeria

Diploma, Front-End Development – Aptech Computer Education, Mumbai, India

Certifications:

CCNA, CCNP, CCSA, CCSE, CISA, PCNSA, PSM1, CITN

Google Cybersecurity Professional Certificate

CISSP in view



Contact this candidate