Malik Ammari

Engineering & Architecture (Build)

• Secure Architectures Design and Deployment: Design, configuration, and commissioning of critical foundations including Firewalls, Switching, and Loadbalancing.
• Cloud & SD-WAN Migration Expertise: Technical management of the implementation of Cloud solutions (Private Cloud (80%), Azure (5%), AWS (10%), OVH (5%)) and deployment of VPN/SD-WAN solutions.
• High-Fidelity Engineering Documentation: Production of Technical Architecture Dossiers (DAT) and operational procedures (DEX) to ensure infrastructure sustainability.
• Segmentation & Micro-segmentation: Implementation of complex network segmentation projects and integration of VMware NSX type solutions.

Operational Maintenance (Run) & L3 Expertise

• Last Level Support (L3): In-depth diagnosis and resolution of critical incidents (P1/P2) on parks of +500 equipment (Cisco Nexus, Fortinet, F5).
• Critical Change Management: Technical impact analysis and execution of complex modifications in high-availability production environments (99.99% SLA).
• Cyber-resilience & Hardening: Continuous vulnerability analysis (CVE), application of patching plans, and advanced optimization of filtering rules (Firewalling & Proxy).
• Content Security & ADC Expertise: Administration and optimization of Zscaler, Cisco Ironport, F5 LTM/APM solutions, and Proxy solutions (Bluecoat).

Major Technical Achievements

• Security Standardization: Automation of network equipment hardening to meet security audits.
• Technical Lead: Technical referent for a team of 10 to 15 engineers, ensuring technical arbitration on complex Build projects.

Engineering & Secure Design (Build)

• Trusted Architectures Design: Design and deployment of hardened network foundations (high-security DMZ segmentation, dynamic routing, switching) for the protection of sensitive databases.
• Sovereign Solutions Integration: Expertise in deploying state security technologies (Arkoon/Stormshield Firewalls) within regulated environments.
• Complex Flow Architecture: Implementation and security of partner interconnections and granular management of critical application flows.
• Access Solutions Deployment: Integration and configuration of Bluecoat filtering solutions (Proxy SG) and secure remote SSL VPN Juniper access.

Operational Expertise & MCO (Run)

• Operational Maintenance (MCO): Supervision and administration of a park of +100 critical equipment in a "Secret Defense" environment.
• VPN & Encryption Expertise: Advanced administration of IPsec and SSL VPN tunnels to ensure the integrity and confidentiality of data exchanges.
• High-Level Support (L3): Diagnosis and resolution of complex incidents on dynamic routing and switching infrastructures (Cisco, HP).
• Continuous Optimization: Performance analysis and hardening of security policies to meet the high availability requirements of the Defense sector.

Key Achievements

• Referent Expert: Technical guarantor of network infrastructure compliance with contractual and security requirements on client sites.
• Technical Governance: Technical lead during operational committees to translate business needs into secure network architecture solutions.

• Analysis and treatment of network and security non-compliance issues
• Management of corrective action plans in a production environment
• Management of non-compliant requirements
• Diagnosis, analysis, and troubleshooting of technical incidents
• Implementation of definitive corrective and workaround solutions

• Needs assessment for setting up secure flows to databases and service platforms
• Design of optimized network architectures
• Implementation of fixes on affected equipment
• Unification of employee remote access via a single secure access point

• Update of the firewall park on the SFR perimeter (SFR Fixed, SFR Mobile, DCN, CASE)
• Migration of partner flows to a single entry platform

• Resolution of level 3 network and security incidents
• Validation and implementation of flow openings and routing rules
• Debugging of encrypted flows (IPSEC, SFTP)
• Analysis of security issues: antispoofing, NAT, VRRP, SNMP, tunneling
• Technical support, telephone assistance, and security on-call

• Network equipment: Cisco routers and switches
• Firewalls: FWSM, CheckPoint, PIX, ASA, Fortigate, Juniper
• Proxy and VPN 3000 concentrators