• Sr. Security Engineer

    at Saudi Investment Bank

    July 2018 - at Present

    Minţaqat ar Riyāḑ

    I am currently working at Saudi investment bank as Sr. Security Engineer. Responsible for bank's network security infrastructure design , operations , implementation and migrations.  I have redesigned the security infrastructure of bank and enhanced the east west and north south traffic flows between the primary and DR data centers.  Migrating the virtual workloads from physical firewalls to NSX distributed firewall and layer-4 to layer-7 inspection via FortiGate-VMX service manager.  Configurations and troubleshooting of routing protocols BGP and OSPF on VMware NSX software routers ESGs, DLRs and UDLRs and their integration with Cisco ACI switches.  Configurations of Vmware NSX logical switches , Security Tags and VLAN to VxLAN layer-2 bridging.

  • Team Lead Network & Security

    at International Turnkey Systems

    November 2010 - at Present

    Minţaqat ar Riyāḑ

    I have worked at international turnkey systems as team lead network and security on Zain Telecom managed services project. Configure and design BGP and OSPF routing protocols between data centers and WAN circuits for site resiliency and across campus branches. Design and configure BGP on internet edge routers of primary and secondary data centers for resiliency for internet traffic. Configure MPLS traffic engineering one hope tunnels for traffic load sharing between WAN circuits and configure FRR (fast re-route) for links and nodes protection and inter VRF routing via firewalls. Provisioning new services and troubleshooting of VCE Vblock, Cisco UCS 6248, and Nexus 1000 V switches. Replacement of the faulty devices (Cisco / Palo Alto / F5) with new devices. Open cases for RMA and configuration of new devices from scratch restoration of licenses, restoration of backed up configuration on the new device. Software up gradations on Cisco / Palo Alto and HOT FIX up gradation on F5 boxes.

  • Team Lead IP/MPLS & Security

    at Motorola

    January 2009 - at Present


    I have worked at Motorola Pakistan as team lead IP/MPLS and security for Wateen Telecom service provider managed services project.  Managed the network operation of IP/MPLS core, metro Ethernet rings, city POPs and data  Performed upgrade and faulty hardware replacement activities including, 7600, 6500, SUP-720, SIP-400, 10G-XENPAK ACE, FWSM modules and ASA 5580-40 firewalls.  Designs and provisioned MPLS L2/L3 VPNs with static and BGP as PE-CE routing protocol for customer sites, configured the transit paths for customer telecom operators.  Configured 32k public IPs natting on ASA 5580-40 and load share their advertisement in BGP over multiple STM-4 links. Troubleshooting and configurations of OSPF, LDP peering, iBGP ipv4 and vpnv4 address-families peering with route reflectors. Configurations of VRF aware static routes, VRF aware BGP, VRF aware NAT, back to back VRF and VRF LITE. Controlling the vpnv4 routes leaking using route target values and import and export maps.

  • Team Lead Network & Security

    at Huawei

    July 2013 - June 2018

    Minţaqat ar Riyāḑ

    worked as team lead network & security at Zain telecom managing service project. I was responsible for 24*7 telecom network and security operations and deployment of new projects.  I worked with vendors during the HLD / LLD phases and involved as operation lead during the roll out, implementation and migration activities, NRFU completions, acceptance tests and handover process.  I completed data center revamp project of replacing Cisco 6500, 7600, 7200VXR, ACE, FWSM series devices with Cisco Nexus 7k, 5k, 2k, ASR9k , ASR1k, F5 LTM , 5585x in primary and secondary data centers and campus revamp of replacing Cisco Catalyst 4500 switches with 6800 VSS and 3850 stackable switches.  Configure VPC for Nexus 2k FEX , F5 load balancers , Firewalls and HPE enclosures.  Configure F5 Big IP LTMs (7000, 4000 and 2000 series) boxes. Configure RHI (route health injection) on F5 for site redundancy of application between primary secondary data centers.


  • CCIE Service Provider

    at Cisco

    2012 - at Present (8 years)

  • CCIE Data Center

    at Cisco

    2006 - at Present (14 years)

Knowledge and keywords

Followers (1)