Sadath Mirza
Riyadh,Saudi Arabia
Summary
Dynamic Network Security Engineer with extensive experience at SMSA Express, specializing in firewall configuration and cloud security. Proven track record in optimizing security policies and implementing robust PAM solutions. Adept at leveraging advanced threat detection tools while fostering collaboration across teams to enhance network resilience and protect sensitive data.
Overview
18
18
years of professional experience
1
1
Certification
Work History
Network Security Engineer
SMSA Express
01.2015 - Current
- Configured, managed, and maintained Checkpoint Next Generation Firewall R81.20 for enterprise-level network security.
- Implemented and optimized firewall rules and security policies on Checkpoint R81.20 to ensure robust perimeter defense.
- Deployed and managed Threat Prevention blades (IPS, Anti-Bot,Anti-Virus, URL Filtering, and Application Control) on CheckpointR81.20.
- Utilized Smart Console and Smart Event for real-time monitoring,policy management, and threat intelligence analysis.
- Designed and implemented site-to-site and remote access VPNs (IPSec / SSL) on Checkpoint R81.20, ensuring secure communication across geographically dispersed locations.
- Managed High Availability (HA) firewall clusters using ClusterXL, ensuring redundancy, failover, and uninterrupted service.
- Integrated Checkpoint R81.20 with public cloud environments(e.g., Huawei) for hybrid network protection and policy enforcement.
- Designed and implemented secure VPC architectures on Huawei Cloud, including subnets, route tables, NAT gateways, VPNs, and security groups to enforce network segmentation and access control.
- Configured and maintained firewall policies and ACLs to protect cloud workloads from internal and external threats.
- Integrated Cloud Firewall (CFW) and Traffic Inspection Services for centralized threat detection and policy enforcement across multiple cloud resources.
- Enforced IAM policies, key management (KMS), and multi-factor authentication (MFA) to control access to cloud resources and sensitive data.
- Implemented logging, monitoring, and alerting using Huawei Cloud Cloud Eye and Log Tank Service (LTS) to support incident detection and forensic analysis.
- Deployed and managed Huawei Cloud CBH (Cloud Bastion Host)to provide secure, auditable access to ECS instances, databases,and internal systems.
- Implemented centralized access control and session management via CBH, reducing lateral movement risk and strengthening zero-trust access models.
- Integrated CBH with LDAP/RADIUS for SSO and identity federation, enabling seamless and secure access authentication.
- Configured role-based access policies (RBAC) and approval workflows to enforce least-privilege access to cloud resources.
- Monitored and audited administrator and user sessions via CBH session recording, keystroke logging, and real-time alerts for suspicious activity.
- Used CBH to enforce MFA and time-limited access tokens,ensuring temporary and controlled access to sensitive systems.
- Hardened CBH configurations, updated access policies, and conducted regular access reviews as part of cloud security best practices.
- Administered Darktrace Network Detection and Response platform to continuously monitor network behavior, detect anomalies, and prevent potential threats using AI-driven models.
- Conducted investigations based on Darktrace alerts, correlated findings with SIEM and endpoint data, and escalated incidents based on severity and impact.
- Tuned detection thresholds and worked with Darktrace’s Antigena module for automated threat mitigation and policy enforcement.
- Provided insights and recommendations to improve network security posture based on trends and behavioral analysis.
- Responded to Darktrace alerts and autonomous investigations,coordinating with IR teams to contain threats and enhance detection strategies based on evolving attack patterns.
- Performed regular analysis of email threat reports, identifying trends in spam and malware attacks, and adjusting Barracuda Email Gateway filters for improved protection.
- Maintained quarantine and archiving policies, resolved end-user email delivery issues, and collaborated with the security team to ensure compliance with data protection standards.
- Provided regular reporting and insights on email threats and policy effectiveness to senior IT leadership.
- Managed and monitored Trend Micro Vision One platform for centralized threat detection, investigation, and response across endpoints, email, servers, and cloud workloads.
- Utilized Trend Micro Vision One for advanced threat detection and correlation, enabling rapid investigation and response to incidents across multiple security layers (XDR).
- Performed threat hunting and incident response using VisionOne’s XDR analytics, MITRE ATT&CK mapping, and telemetry data from integrated endpoints and network sensors.
- Monitored security events and alerts via Trend Micro Vision One dashboard, fine-tuning detection rules and playbooks to reduce false positives and enhance SOC efficiency.
- Tuned detection rules, threat intelligence feeds, and response workflows to align with organizational risk posture and compliance requirements.
IT Specialist
FedEx
08.2009 - 12.2014
- Implemented and managed PRTG Network Monitoring Tool to ensure continuous monitoring of network performance, providing real-time insights into bandwidth usage, uptime, and device health.
- Generated detailed reports using PRTG to track network trends,support capacity planning, and ensure adherence to service level agreements (SLAs).
- Firewall Rules Create appropriate firewall rules that permit for restrict access between branch networks over the VPN.
- IPsec Connection Settings: Set up IPsec tunnels
between firewalls of different sites using strong encryption (AES, SHA) and authentication mechanisms (shared secrets or certificates). - Barracuda firewalls are designed for IBU Connectivity, robust threat protection, and high performance. Their Barracuda Cloud Gen Firewall series is used for multi-branch connectivity and provides built-in VPN support.
- Barracuda provides application-level inspection and filtering of encrypted traffic.
- Managed and optimized Barracuda Email Security Gateway
to ensure effective protection against phishing, spam, malware, and other email-borne threats, reducing unwanted email by 90%. - Installed, configured, and maintained LAN/WAN infrastructure
,ensuring secure and stable connectivity across multiple office locations. - Provided technical support for wired and wireless networks
,including troubleshooting connectivity issues, DHCP/DNS problems, and access point failures. - Monitored and optimized Wi-Fi performance , including signal strength analysis, channel planning, and firmware updates on wireless controllers and APs.
- Collaborated with ISPs for WAN link provisioning, maintenance,and SLA management , minimizing service disruptions.
- Led the design, implementation, and maintenance of enterprise LAN/WAN infrastructure, ensuring high availability,scalability, and secure connectivity across multiple branches and data centers.
- Led network migration and upgrade projects
, including switch refreshes, bandwidth upgrades, and wireless expansions with minimal service interruption. - Managed and maintained over 2900 Cisco switches
across enterprise LAN environments, ensuring high availability,performance, and compliance with network standards. - Deployed, configured, and maintained Synology NAS systems
for enterprise file storage, user access control, and backup across Windows environments. - Integrated Synology NAS with Active Directory (AD)
for centralized user authentication, group policy enforcement, and role-based access. - Managed and administered Active Directory (AD)
environments, including user accounts, security groups, OUs, and
Group Policy Objects (GPOs) across multiple domains. - Created, modified, and deprovisioned user and computer accounts
, ensuring access control policies aligned with organizational standards.
System Administrator
Mawad International
06.2007 - 07.2009
- Managed and maintained Windows Server 2003 environments,ensuring system stability, security, and performance across the enterprise network.
- Administered Active Directory (AD) and Group Policy on Windows Server 2003,including user account management, permissions,and security settings for a large user base.
- Implemented and configured Windows Server 2003 DNS and DHCP services,ensuring seamless network operations and address resolution for local and remote users.
- Troubleshot and resolved hardware, software, and networking issues in a Windows Server 2003 environment, providing timely support to minimize downtime.
- Provided tier 1 and tier 2 network support for end users, ensuring swift resolution of connectivity issues, network performance problems, and hardware/software conflicts.
- Managed IP addressing and subnetting for the network infrastructure, ensuring proper segmentation and addressing for large-scale corporate networks.
- Coordinated with vendors and third-party service providers for troubleshooting,warranty claims, and support of network hardware and software components.
- Configured and maintained Cyberoam firewalls and security settings,troubleshooting security incidents, and ensuring the network is protected against unauthorized access.
- Installing and Configuring ISA Server 2004 for facilitating Network security, for better utilization of Internet bandwidth Troubleshooting various LAN and WAN Problems.
- Configuring and troubleshooting CISCO routers and multilayer switches as per there qeuirement Installations & Configurations.
- Configuration and troubleshooting of Microsoft Outlook for End-Users.
Education
Bachelor of Computer Application -
Osmania University
Hyderabad, India06-2003
Skills
- PAM - CBH
- Active Directory & Group Policy Management
- Virtualization (VMware and Hyper - V)
- Backup & Disaster Recovery (Commvault)
- Cloud Platforms ( Huawei Cloud)
- Email Security Gateways (Barracuda Email Gateway)
- Endpoint Protection ( Trend Micro)
- Firewall Configuration (Checkpoint, Barracuda and Sophos)
- Identity Access Management (IAM)
- LAN/ WAN Design &Management TCP/ IP
- Network Detection and Response ( NDR)
- Network Monitoring &Troubleshooting ( Wireshark and PRTG)
- Routing
- SIEM Provider Management ( Splunk)
- Storage Systems ( Synology, NAS, SAN)
- VPN ( IPSec, SSL)
- Windows Server Administration ( 2003-2019)
Certification
- Commvault Professional and Advanced ILT (Germany)
- Check Point Certified Security Administrator (CCSA - R81)
- Certified Trend Vision One XDR Professional
- Microsoft Certified Professional (MCP)
- Palo Alto Security and Network
- Fortinet NSE 1,2,3
Timeline
Network Security Engineer
SMSA Express
01.2015 - Current
IT Specialist
FedEx
08.2009 - 12.2014
System Administrator
Mawad International
06.2007 - 07.2009
Bachelor of Computer Application -
Osmania University
Similar Profiles
Azvi AsathAzvi Asath
Assistant accountant at Smsa ExpressAssistant accountant at Smsa Express
Prinu KurianPrinu Kurian
Key Account Manager at SMSA ExpressKey Account Manager at SMSA Express
DIAALHAG MAHMOUDDIAALHAG MAHMOUD
Acting manager at SMSA EXPRESSActing manager at SMSA EXPRESS
Mahmoud Ahmed Abd EllatiefMahmoud Ahmed Abd Ellatief
Environmental and sustainability consultant at Aloula Company for Environmental consultsEnvironmental and sustainability consultant at Aloula Company for Environmental consults
Azzam AlbadiaAzzam Albadia
Integration Engineer at Ericsson ABIntegration Engineer at Ericsson AB