Hamza Ayat

• Managed the complete deployment of the Tufin SecureTrack and SecureChange solution (TOS Aurora) in a multi-site environment

◦ Integrated Palo, Forti, Cisco, F5, and generic devices into Tufin.

◦ Maintenance in operational condition (MCO) of the Tufin solution

◦ Audited security rules (Identify, trace, and qualify security policy violations)

◦ Managed incidents with the editor

◦ Coordinated remediation of non-compliant rules.

◦ Maintained a high level of compliance with internal standards (ISO 27001, etc.)

◦ Defined Unified Security Policies (USP)

◦ Implemented SecureChange workflows to automate rule management

◦ Refined overly permissive rules using APG (Automated Policy Generator)

• Provided L3 escalation for network and security incident management

• Infrastructure MCO: Palo Alto, Fortigate, Cisco, F5, Prisma Access

• Incident tracking with manufacturers.

• Updated architecture diagrams.

• Wrote technical documentation: DEX, DAT.

• Technological watch.

Private cloud hybridization project. Migration to Azure

Deployed Wireless Controller 9800 and integrated APs, modified option 43 in DHCP. Created Flex Connect profiles configuration in WLC

Migrated and updated WLC

Deployed Catalyst 9300 and 9200 series cores and user switches via DNA

Deployed NAC solution (Cisco ISE) Studied and migrated from MPLS to SDWAN Defined network standards.

Implemented network evolutions

Migrated Fortigate firewalls Implemented FortiManager and FortiAnalyzer

Upgraded Checkpoint and Forti firewalls

Implemented VPN between legacy and cloud.

Configured Syslog Provided L3 escalation for network and security incident management.

Implemented access rules and policies. (Implemented firewall rules by script)

Configured F5 and Netscaler VIPs

Virtualization via VMWare ESXI

Technological watch.

Frontline > L2 user diagnostics > F5, Checkpoint, Forti infrastructure MCO > Patching and upgrades > Incident tracking with manufacturer, troubleshooting - Integration - Replacement of FW in production - Checkpoint

• Coordination - Partner/ISP internet line replacement

• Integration - Replacement of FW in production - Checkpoint

• FW equipment supervision (Shinken/Splunk)

• L2 Security Frontline / L2 Security On-call

• Partner VPN configuration

• Checkpoint/Juniper/Fortigate FW operation

• Network analysis, logs, routing (traffic tracing)

• Production Change Management (HNO)

.

Tufin Automation

• Topology analysis

• Integrated devices and generics into Tufin

• Updated interface configurations

• Updated network diagrams

Responsibilities:

◦ Incident resolution and L2 Security request processing

◦ Configuration, integration, and MCO of security equipment

◦ L2 incident troubleshooting (Entire connection chain)

◦ Checkpoint, Fortinet, F5, Cisco)

◦ Coded traffic rules on Checkpoint, Netasq, Squid Firewalls

◦ F5 LTM Module: Coded VIPs, Implemented iRules, certificates

◦ Created/Moved DMZ on F5

◦ Created/Moved DMZ on Checkpoint

◦ Upgraded F5 Reinstalled / Integrated F5

◦ Upgraded / Reinstalled / Firewall

◦ Wrote technical documentation