Portfolio Details

Senior Network Security Architect / Engineer                                                                                         Jun 2021   -        To Date

CACI LTD (London) UK

Working on multiple Network Security related Projects here I am dedicated to enhancing the overall security and functionality of the network to ensure that Customer operations run smoothly and efficiently.

Main responsibilities:

·          Developed high-level and low-level designs along with comprehensive documentation for the Fortinet SD-WAN deployment and migration, which encompassed core/distribution, access layer, and edge connectivity for the Network Rail headquarters and branch offices.

·          Reviewed vendor security designs and assisted in the implementation of Palo Alto Firewalls for the RSIT business unit, Cisco FTD Firewalls in ARK DCs, and Fortinet Fortigate Firewalls within the campus environment.

·          Designed and implemented the Radware Defense Pro DDoS inline solution and authored operational handover guides for the NRT SOC team.

·          Full lifecycle designed and implementation of Cisco Stealthwatch and Cisco Thousand Eyes.

·          Involved in the transition from On-Premises to AWS/Azure Cloud, implemented a comprehensive migration plan to seamlessly transfer existing on-premises infrastructure to Amazon AWS and Microsoft Azure.

·          Enhanced and Secured the Perimeter Infrastructure, Focused on migrating and fortifying perimeter security measures within both public and private cloud environments.

·          Executed the full lifecycle design and implementation of the Cisco ISE NAC environment, incorporating the necessary nodes within a high-availability environment across the trust’s infrastructure for wired, VP, and wireless endpoints.

·          Collaborated with Thales on the design and implementation of the PKI solution for Network Rail, while also supporting the SOC team in deploying TrendMicro SAAS and the Nessus vulnerability management tool across four data centers.

·          Designed and implemented a DMZ in both cloud and on-site environments using Fortinet FortiGate firewalls for Nationwide Building Society.

·          Developed and implemented Splunk SIEM for logging all enterprise infrastructure devices and Infoblox for DNS & IPAM.

·          Gained working knowledge of security frameworks and standards such as NIST 800-53, ISO 27001, OWASP, and CIS Benchmarks, among others.

·          Ensured that products, projects, and programs were secure-by-design and secure-by-code, incorporating Defense-in-Depth and Zero Trust principles.

·          Established a baseline architecture framework for security and collaborated with the CISO to develop new security strategies to manage emerging risks in digital transformation.

·          Scoped Static Security Testing (using tools like Nessus, Qualys, and NAC) and Dynamic Security Testing, including penetration testing for various codes, applications, cloud-based PaaS, IaaS, Docker, Kubernetes, and other APIs.Managed various elements of projects and stakeholders for the overall integration program for each infrastructure and network changes ensuring minimal downtimes and adhering to organization processes, achieving KPI’s and meeting customer SLA’s. Supporting Network Engineers in migrating workload to new Software defined network.