Mouncef - Chef de projet Infrastructure IT

EXPERIENCES PROFESSIONNELLES

Ministère de la justice Juin 2017 à ce jour
Architect Réseau Sécurité SI

Refonte du Datacenter de recette Amiens :
Virtualisation Vmware Vsphere 6.7
Machines ESXi hyerconvergé ( UCP Hitachi)
Introduction des F5 LTM/ASM , FW Pfsense, Fortinet, IPAM Netbox, Gestione DNS
Mise en place de plan d’adressage et architecture en 3 tiers Presentation / Appli / Data
Configuration des switchs HP
Commandes liens WAN SFR

Audit de sécurité des F5 et Firewalls et proposition d’un plan de remédiation de d’upgrade
Réduction de nombre de règles FW
Suppression des configs obselet
Gestion des certificats SSL
Définition de politique de sécurité F5 ASM
Automatisation des config F5, Firewall, IPAM et DNS dans une logic Devops pour le provisionnement des serveurs avec l’outil d’orchestration Ansible

Support Niveau 3 pour le troublshoot des problèmes utilisateurs et applicatif et proposer des optimisation pour la résolution d’incidents
Remédier au vulnérabilités en réalisons des pentest

Rédaction de documents d’architecture, d’audit, de plan de migration

Environnement Firewall Fortinet, Pfsense , F5 LTM/ASM/APM, VPN, Vmware, Vsphere 6.7, Ansible, Gitlab, AWX, python, Netbox, Bind

SecuDium Octobre 2016 à Décembre 217
Buisness Developement Manager

Conduite de projets sécurité chez plusieur Client France / Maroc / Algerie
Formateur, F5 LTM Administering, F5 LTM Config, F5 GTM DNS

AirLiquide Janvier 2016 à Mai 2017
Consultant sécurité sénior

Faire évoluer la politique de sécurité du système d’information
Gestion des infogérants L2
Participation aux comités de changements
Définitions de politique de sécurité en adéquation avec les Normes
Gestion des incidents et escalade

Gestion de Projets Sécurité  :
Migration de Datacentre et définition de la stratégie DR
Refonte de l’Archi Internet
Conduite de Projets pour des applications Business sur les WAF F5 ASM/LTM
Migration des Boitiers F5 ASM/LTM/GTM de 3600 vers 4000s
Changement de Firewalls Crossbeam VSX ver Checkpoint VSX 23800
Introduction de nouvelles fonctionnalité URL Filtering / SSL Offload … etc

EUROCLEAR BANK Since July 2010
Consultant / Project Manager and security designer

LAN WAN & SECU Projects :

Many projects was successfully conducted on a high technical environment to setup a Euroclear cloud for critical business applications (eRGV, Fundsettle, Euclid ..)

- Managing projects to setup business applications
o Define process for HLB creation
o Opening Firewalls (Algosec)
o Routing needs

- Upgrading Crossbeam Checkpoint VSX to R77 then R77,20

- Participating on the migration from Cisco catalyst 3750,6500 to Cisco Nexus 2000, 5000, 7000

- Leading the project of ACE to F5 Migration
o Project Management
o Realising POC and Tests
o Design Architecture
o F5 BIG-IP platforms for Internet LTM/GTM/AFM
o F5 Viprion, vCMPs with LTM/GTM for DMZ and Trusted zones
o Security segregation with partitions and Route domains
o Migration Planning
o Developed my own migration perl scipt to parse ACE config and convert to F5 tmsh
o Documentation

- Leading the Project of Migration from Nokia Firewalls to Crossbeam
o Consolidate more than 50 Firewall boxes on 4 Chassis
o Checkpoint VSX Firewall R75,20
o CMAs hosted on Provider one

- Redesign the Internet access
o F5 BIG-IP platforms for Internet LTM/GTM/AFM (iRules,iCloud)
o DNS Infoblox,
o Cisco GSS,
o Linkproof,
o Paketeer,
o Netscreen,
o Proxy Ironport
o IPS

- Managing Datacentre Disaster Recovery (RDR)

- Migrating Internet Provider

- Installing Remote access RAS SSL VPN

- Participating on the VSS migration for Distribution switches

- Migration of Cisco CSM load-balancer to Cisco ACE

- Level 3 Troubleshooting Issues

Environment Firewall Checkpoint VSX , Netscreen, Radius, Tacacs,VPN, RAS, IDS, Antivirus Trend Micro, Bluecoat Proxy, IronPort, CSM, ACE, GSS, ACS, Cisco 7200/6500/3500/3750, OSPF, BGP, Spanning Tree, DWDM, CACTI, Opsware, ANM, Scripting Perl,API,Json,F5 (BIG-IP,Viprion),Infoblox

Crédit du Nord Bank November 2008 à Jun 2010
Network Security Architect

- Design the security of more than 800 ATM on Agencies to migrate from X.25 to IP.
Test and validation of the VPN Tunnels based on Checkpoint secure client NG R60
Project Management and deployment
Renewing the Network address plan of all Agencies
Routing via OBS MPLS Network
Segregating on multiple Vlans
Nortel 2550T PWR Switches

- Design WAN links with Partners, BGP, OSPF routing and Redistribution

- Wanscaller trafic compression

- Studding the replacement of Nokia Firewalls by Juniper or fortigate

Managing deployment team , writing detailed documentation design

Environment Firewall Checkpoint R65 HFA 05, Secur Client R60 HFA03. Nokia(IP350,380,390,690,1220 et IPSO 6.2), Netscreen, , VPN, IDS, Cisco 7200/6500/2800, Nortel 2550T PWR
OSPF, BGP, Spanning Tree, CACTI, Cisco Works, NHM,

EUROCLEAR BANK Mars 2006 à October 2008
Consultant / Chef de Project
Mission on UK, Belgium et France :
LAN WAN Projetcs:
- Define the external partners Access
Many (BRI, PRI, LS) connexions on CISCO 7200.
BGP/OSPF Routing
- Upgrade of Internet links to 100M.
- Inter DMZ OSPF routing over GRE IPSEC tunnel.
- Setup 10G line between Datacentres using DWDM.

Security Project :
Managing more than 50 Firewalls over 5 CMA.
firewalls in transparent mode between offices
Cisco Firewall FWSM between Test and Prod
Load balancing Servers and Firewalls with Cisoc CSM (Cisco Switch Module).
Internet Link : Firewall Netscreen, linkproof, GSS, Proxy Bluecoat, Antivirus, Websens.

RAS Secure Remote :
Remote access based on Nokia/Checkpoint R60.
User Authentication with RSA securID.
Using Checkpoint Integrity to secure Laptops

Infrastructure projects :
Technical design for business applications: eRGV, eTPI, E2ACOM.
Production, homologation and test.
Installing and Managing Nokia Firewalls by NHM
Managing network equipment by Opsware.
Technical Documentation technique and production procedures.
Supports Secu/Lan/Wan level 2,3.

Environment Firewall Checkpoint R60 HFA 05,Nokia(IP350,380,390,690,1220 et IPSO3.9-4.1), Netscreen, Radius, VPN, RAS, IDS, Antivirus Trend Micro, Bluecoat Proxy, Websense, CSM, GSS, ACS, ACE, Cisco 7200/6500/3500/3750, OSPF, BGP, PBR, Spanning Tree, DWDM, CACTI, Cisco Works,NHM, Opsware, QIP

BNPPARIBAS September 2001 à February 2006
Consultant / Project Engineer

DNS/DHCP Migration:
Validation and deployment of centralised IPAM , NetID (170 000 @IP).
Migrate DNS from Bind to NETID DNS de BNP et Paribas.
Centralise DNS/DHCP Management services.

Connecting LS and RNIS clients on Cisco 2610XM routers on dual sites active/standby
OSPF routing and redistribution over eBGP.
Securing access by Firewalls (Nokia Chekpoint ou Secure Platform).
Data encryptions over VPN

Setup Internet access, secur it over new firewalls
Test and validation of Fw NetScreen 5200.

Test solutions.
Coordination between technical, operational and production teams
Test planning and migration.
Install solutions.
Technical Support for encountered issues during the deployment (DNS, Firewall, Routes…).
Environment Firewall Checkpoint R55/R60, Nokia(IP350,IP380,530,1220 et IPSO3,7- 3,8-3,9), Secure Platforms, VPN, Cisco 2600/7200/6500, ACL, Routemap, OSPF, BGP, MPLS, NetID, DNS, DHCP, NETSCREEN, Oracle Application

Z BANK Août à Septembre 2001
Network security Consultant
Technical security recommendations.
Securing accesses Fw Chekpoint 4.1.
Connecting external clients via LS.
Environment Nokia Checkpoint NT

AXA Corporate Solutions Septembre 2000 à Juillet 2001
Managing system and user athentication (ActivCard).
Setup a PKI Solution
Securing internet Access ( Proxy squid, antivirus, filtering ).
Increase network architecture: OSPF routing ,
Defining 3tierS Firewalls.
Environment Windows Checkpoint, CISCO 2600, OSPF

PACIFIC BROADBAND Communications August to September 2000
Installing all the network office infra :
Configuring Internet connection protected by a Cisco PIX 515 Firewall.
Installation of CISCO VPN 5001.
Installation of SUN Entreprise 220R server, Ultra 10S Solaris 7.x.
Configuration of NFS, NIS, DNS, DHCP, Sendmail.
Environment Cisco VPN, Firewall Pix, NFS, NIS, DNS, DHCP, Sendmail

NETSPRIT Mars to July 2000
IBM SecureWay Firewall and Check Point Firewall-1.
setup DMZ for hosting Web sites.
Securing accesses to Oracle databases and LDAP.
Managing user authentication
Internet connection.
Environment Firewall IBM, Checkpoint