Network Security engineer

SUMMARY:

 I am a Network Security specialist with +10 years of hands-on experience in large-scale infrastructure with
deep knowledge in design, implementation, maintenance, and troubleshooting high-performance secure
networks on datacenter.
 Deep knowledge and hands-on experience with Fortinet solutions like FortiGate 3000 and 1000 series,
Fortiweb 1000 series. Firewalling, NAT, Intrusion prevention, application control and DOS policies. Logging
threats and traffic to SIEM. Trouble shooting, upgrading and fine-tuning chassis.
 Deep knowledge and hands-on experience with F5 BIGIP devices and working with LTM to load balancing,
caching and managing traffics, ASM as Web Application Firewall to protect HTTP websites and API
security, AFM for firewalling and L3/4 DDOS protection, GTM for DNS handling globally, on i5800, i7800
and VE series. Trouble shooting, maintaining and upgrading, resource provisioning and renewing license
etc.
 Having deep knowledge and experience with Cisco Firepower and Firepower Management Center. Threat
prevention with Intrusion prevention, AMP and URL filtering.
 Experienced working with Checkpoint next generation firewall and threat prevention. Application control,
URL filtering, logging and reporting.
 Experienced working with Palo alto Next generation Firewall 5000 series, threat prevention and
application layer firewalling, DNS security and zone protection.
 Hands-on experience with Imperva SecureSphere, both MX and Gateway chassis to securing web
application. DDoS protection, Regex and custom signature for unknown attacks.
 Experienced working with Bluecoat ProxySG as a central HTTP forward proxy for clients traffics. Working
with both explicit and transparent proxy mode.
 Experienced working with McAfee security appliance. Application visibility and Control, Antivirus and
Antispyware.
 Experienced working with Juniper ISG and SRX series, routing and firewalling, IDP configuring.
 Experienced working with Cisco solutions like ISR routers, Catalyst and Nexus 9K switches, Leaf-and-Spine
configuration with VXLAN, EVPN, Anycast gateway many other technologies.
 Deep knowledge on network attacks like all type of DDoS, MITN, VLAN hoping, DNS spoofing etc.
alongside knowledge on networking protocols and technologies like BGP, OSPF, EIGRP, CDN, DNS, VXLAN-
EVPN, ARP, DHCP etc.
 Deep knowledge on HTTP protocols like HTTP2, Socks, WebSocket etc. to understanding L7 attacks like
Injections, Brute force, encoding, CSRF, XSS etc. and also mitigating them with well-known WAFs like
Imperva SecureSphere, F5 ASM/AWAF and Fortiweb.
 Threat prevention, traffic analysis and anomaly detection with many commercial or open-source tools.
 Knowledge and experience on Splunk multi-site cluster to handle huge log traffic, also leveraging to
detect attacks and intrusions using Splunk Enterprise Security as SIEM.
 Automation with Ansible and Python script. Working Cisco REST API toolkit and F5 iControl.
 Worked on Infoblox capabilities for centralized management of IP address, subnetting, and IP address
tracking. Alongside using as DHCP and DNS.
 Monitoring assets working with Zabbix, Grafana, SolarWinds.

AREAS OF EXPERTISE:
 Network Security  Threat prevention  Network Design
 AWS Security  Web Application Firewall  Next-Generation Firewall
 SIEM  Network Pentest  Python scripting

Updated: September 2023 Page 1

EXPERIENCES
 Network and Network Security Tech lead 2023-Present
Snapp! Group, Iran (The biggest Startup Group in Iran) [Link to website]
Managing Network and Security department contains five teams named Network, Network Security, SOC/Blue
Team, Pentest/Red Team, and Secure Development.

 Designing enterprise-scale secure datacenter and Service Architecture to scale 20X traffic and users
using multiple solutions.
 Working with F5 BIGIP AWAF and LTM as Web Application Firewall and SSL Orchestrator,
integrating with Kubernetes ingress, auto-scaling on VE series to managing handling peak traffic.
 Worked on Checkpoint designing and installation of features like Application and URL
filtering. NAT for North-to-South traffics.
 Worked on FortiGate3000 to monitor and track the state of network connections and created
predefined rule policies to filter traffic source and destination IP addresses and application types.
 Established a site-to-site VPNs as well as client-to-site VPNs using various protocols like IPsec
and SSL VPN in FortiGate.
 Implemented secure connectivity solutions, including site-to-site VPNs and remote access VPNs
with the Checkpoint and FTDv for remote access VPN integrated with Cisco ISE.
 Maintaining Bluecoat SG as forward proxy on the corporate. Filtering HTTP traffics based on
various condition on HTTP protocols. Application filtering.
 Designing and implementing datacenter using Cisco Nexus 9K switches and Routers. Leaf-
and- Spine configuration with VXLAN, EVPN, Anycast gateway. Integrating all network security
and network solution with each other to act automatically.
 Migrated Catalyst switches to Nexus 9k switches with new network design along with
existing data such as configuration files and network policies.
 Monitoring traffics and threats from generated logs on Splunk SIEM to identify and detect
anomalies.
 Configured and integrated Cisco ISE with various identity sources along with Active Directory
and LDAP for user and device authentication.
 Worked on Netmiko to establish SSH connections with network devices and perform
configuration tasks, such as pushing configuration templates, managing VLANs, or
updating access control lists (ACLs).
 Worked on Infoblox IPAM capabilities for centralized management of IP address, subnetting,
and IP address tracking.
 Monitoring all assets with Zabbix and Grafana.

 Senior Security and Infrastructure Consultant 2021-Present

Tabdeal, Iran (One of the top-notch Online Cryptocurrency Exchange in Iran) [Link to website]
Responsible for making solutions in Network Security projects as a Network Security Consultant.

 Scaling up to 10x, as a result of significant increasing number of online users.

 Containerizing Apps and migrating to Kubernetes cluster integrating with security solutions.
 Redesigning Network, Applications and services based on security best practices and standards.
 Web and API security using F5 WAF and Cisco Firepower NGFW.
 Conducted regular security audits and vulnerability assessments using Cisco Firepower
appliances to identify and remediate security risks.
 Implementing and tuning Splunk Enterprise security to receive logs and event from all assets.
 Developing and configuring deep monitoring with Prometheus, Zabbix and Grafana. And also
automating first level action with Ansible and python.

Updated: September 2023 Page 2

  Network and Defensive Security Tech Lead 2018-2023
Alibaba Travels co, Iran (The biggest travels and tourism company in Iran) [Link to website]
Led two teams in terms of network and defensive Security, which are responsible for availability and Security
in all layers.

 Traffic and API Security, and Exploit detection by integration between the Palo alto Next-Gen Firewall,
F5-ASM, Imperva SecureSphere and Kubernetes cluster in case of threat detection into the SSL
traffics without any adversely-effect on performance.
 Design, Implementation and maintaining a DDoS Protection solution using CDN, BGP Anycast,
FastNetMon and F5 DDoS protection solution in multi-Layer design to prevent every type of DDoS
attacks reactively and proactively.
 AWS networking and building hybrid cloud between AWS and on-premise private cloud.
 Working with most of AWS security features such as IAM, CloudTrail, Artifact, GuardDuty, etc.
 Installing and maintaining Palo alto Nex-Generation Firewall. Implementing Threat prevention feature,
DNS security and Global protect on palo alto.
 Working with FortiGate firewalls like 300 and 1000 series. Integrating with Kubernetes Calico SDN
module with BGP to moving Intra-pods traffic to FortiGate Chassis. Application monitoring and pre-
defined policies. URL filtering and DNS filtering.
 Migrating old Cisco ASA firewall to Cisco FTD and managing them with Firepower Management Center.
 Implementing EStreamer configuration on Cisco FTDs and FMC to sending real-time connections and
states to SIEM.
 Automating and integrating many tasks in Network, DevOps and Security with Python and Ansible.
 Implementation Splunk SIEM in large-scale multi-site cluster which can index and correlate more than
50,000 EPS from all sensors.
 Integrating EDR, IPS, NGFW, Mail Gateway, WAF and many other security solutions with SIEM and
collecting logs and events according to attack detection and response.
 Implementing and working with Splunk Enterprise security and User Behavior Analysis.
 Attack analysis, threat hunting and blue teaming in Linux, Windows and network.
 Network and endpoint threat hunting based on MITRE ATT&CK framework using Splunk.
 Automating Vulnerability assessments using Nessus, OpenVAS, Acunetix, Burp Suite and other tools
integrating into DevSecOps processes.
 Risk Management and providing Business continuity and Disaster Recovery plan.
 Design and Implementation of Multi-site Datacenter using Cisco DC technologies like VXLAN, EVPN,
Anycast Gateway via Cisco Nexus 9K series.
 Design and implementation secure campus network and secure remote access solution based on Cisco
solutions such as FTD, Cisco ISE, dot1x, profiling, posturing with AnyConnect to manage each
Windows, Linux and MacOS clients.

 Network Security Consultant 2018-2020

Negin Pardazesh Farda, Iran (Security solution provider company) [Link to website]
Responsible for making solutions in Network Security projects as a Network Security Consultant.

 I researched on security products named Vulnerability Management System and SandBox using
open-source technologies.
 Penetration testing in Network and Operating system in many banking systems project.

Updated: September 2023 Page 3

  Senior Information Security Specialist
2015-2018
Saba Pardazesh co, Iran (Ranked 1st in banking systems and data security companies in Iran) [Link to website]
Saba Pardazesh is one of the top ranks of banking and data security solution providers in the Iran that
have many projects on various banks and payment companies.
 Participating on many large-scale network security projects in banking systems.
 Working with FortiGate 60E for more than 100 Branches managing with Forti-Manager and Forti
Analyzer.
 Maintaining and Upgrading FortiGate 200D series to 1000E. Configuring Active/Passive HA,
monitoring and fine-tuning.
 Configuring and maintaining Fortiweb 1000 series and doing daily task like analyzing daily logs
and attacks, tuning signatures, investigating alerts to leveraging issues or omitting false-positives.
 Experienced working with McAfee security appliance. Application visibility and Control, Antivirus
and Antispyware.
 Implementing F5 BIGIP and configuring ASM, LTM, GTM, AFM in many projects.
 Working with Juniper ISG and SRX series, routing and firewalling, IDP configuring.
 Working with Checkpoint firewall to manage Edge traffics of the Datacenter an enabling feature
like NAT, DNS security and DOS policies.
 Working with Bluecoat as a proxy for clients. Configuring policies and rules for HTTP traffics.
 Integrated Python scripts with network monitoring tools and APIs to gather network
performance metrics and proactively identify and resolve issues.
 Configured SSL/TLS certificates and encryption on F5 Load Balancers to secure
communication between clients and servers.
 Configured and fine-tuned firewall policies and security profiles in Cisco ASA and Firepower
appliances to enforce granular access controls and threat prevention.
 Established a site-to-site VPNs as well as client-to-site VPNs using various protocols like IPsec,
SSL VPN and L2TP.
 Configured and integrated Cisco ISE with various identity sources along with Active Directory
and LDAP for user and device authentication.
 Troubleshoot LAN/WAN infrastructure including routing protocols like EIGRP, OSPF, HSRP
and VRRP.
 Monitoring network and network security solutions with SolarWinds and PRTG.
 Working with endpoint protection solutions like McAfee, Symantec, Kaspersky and ESET.

 Network and Security Administrator

2012-2014
Ghasedak co, Iran
 Worked with Cisco routers, switches and firewall and also Microsoft Active directory.
 Maintained and monitored routers, switches bandwidth control through VLAN configuration
and routed network with the use of routing protocol.
 Managed and troubleshoot connectivity problems using the understanding of TCP/IP and
OSI model, Routing Protocols, Switching and NAT.
 Configured, maintained and analyzed firewall logs using various monitoring features such as
traffic log.


OFFICIAL CERTIFICATES
 CERTIFIED INFORMATION SECURITY MANAGER (CISM) [VERIFICATION LINK]

Updated: September 2023 Page 4

  CCIE – ROUTING AND SWITCHING (WRITTEN)
CiscoID: CSCO13586180

 FORTINET NSE 2 NETWORK SECURITY ASSOCIATE

Certification Number: MB1UL5mfWe

 FORTINET FORTIGATE ESSENTIALS 6.2

SKILLS
 Deep knowledge in TCP/IP, Routing and Switching. BGP, OSPF, EIGRP, VXLAN, EVPN etc.
 Paloalto: Deep Knowledge and experience, Threat prevention, Traffic inspection, App Control,
DNS security and URL filtering.
 F5: Deep knowledge and experience on: LTM, ASM, AWAF, iRules. Integration with Kubernetes
for ingress traffics. API protection and proactive bot defense.
 IMPERVA: On-premise and Incapsula, Configuring and tunning, Custom signature writing for
mitigating sophisticated layer 7 attacks.
 CISCO FIREPOWER: AMP, Application Visibility and Control, NGIPS and URL Filtering.
 FORTINET: Deep knowledge and experience with FortiGate and FortiWeb.
 CHECKPOINT: Next Generation Firewall and Next Generation Threat Prevention.
 SECURE ACCESS SOLUTION: Cisco ISE, 802dot1x, MAB, WebAuth, SGA, SGT propagate.
 SIEM: Splunk multi-site cluster with separated indexers, forwarders and search-heads for handle
high-rate EPS. Incident response and threat hunting. Integration with many solutions in network
and end-point. Enterprise Security and User Behavior Analysis.
 OPEN-SOURCE: Hands-on experience on Linux servers, Nginx, Elastic, and many solutions related
to Security and network.
 MONITORING AND AUTOMATION: Zabbix and Grafana. Ansible, Terraform. Familiar with Cisco
DCNM, Cisco Prime, Solarwinds.
 PENTEST AND VA: Kali Linux, Metasploit, Burpe suite, Nessus, Maltego, Nmap, and many others.
 SCRIPTING: Experience with PowerShell, python, bash. Working with Scrapy, Scapy, requests,
Paramiko, Netmiko, beautiful SOAP.

CONFERENCES AND MEMBERSHIP

 Member Of RIPE NCC [Link to website]
Tech-c and Admin-c of AS-34947 [Query on RIPE database]

 Member Of Honeynet community [Link to website]

In Iranian chapter

 Member Of SANS Digital Forensics and Incident Response Summit (2020 and 2021) [Link to website]
With Certificate of completion

 Member Of SANS Threat Hunting Summit (2020) [Link to website]

With Certificate of completion

Updated: September 2023 Page 5

  Member Of Iranian Society of Cryptology
Major member since 2014

TRAINING COURSES
 CCIE Security  SANS SEC504: Hacker Tools, Techniques
 F5 (101, 201, 301, 303) and Incident Handling
 PCNSE  SANS SEC503: Intrusion Detection In-Depth
 CEH  SANS SEC554: Blockchain and
Smart Contract Security
 SANS SEC560: Network Pen testing and Ethical Hacking
 AWS Certified Cloud Practitioner

TEACHING EXPERIENCES
 Cisco Routing Switching and Security CCNA, CCNP, CDigit Academy 2018- 2020

 Network+ and Security+ Tehran Institute of Technology 2013-2015

EDUCATION
 B.Sc. in Information Technology Engineering 2011-2015
Semnan University, Iran [Link to website]

LANGUAGES
 English (professional working proficiency)  Persian (Native)

HOBBIES
 Table Tennis  Football
 Watching Movies  Watching and Following Formula1

Updated: September 2023 Page 6

Updated: September 2023 Page 7
Updated: September 2023 Page 8
Updated: September 2023 Page 9
Updated: September 2023 Page 10
Updated: September 2023 Page 11