Mouncef - Chef de projet Infrastructure IT
Ref : 151031S001-
95330 DOMONT
-
Architecte réseaux, Chef de projet, Consultant (48 ans)
-
Freelance
EXPERIENCES PROFESSIONNELLES
Ministère de la justice Juin 2017 à ce jour
Architect Réseau Sécurité SI
Refonte du Datacenter de recette Amiens :
Virtualisation Vmware Vsphere 6.7
Machines ESXi hyerconvergé ( UCP Hitachi)
Introduction des F5 LTM/ASM , FW Pfsense, Fortinet, IPAM Netbox, Gestione DNS
Mise en place de plan d’adressage et architecture en 3 tiers Presentation / Appli / Data
Configuration des switchs HP
Commandes liens WAN SFR
Audit de sécurité des F5 et Firewalls et proposition d’un plan de remédiation de d’upgrade
Réduction de nombre de règles FW
Suppression des configs obselet
Gestion des certificats SSL
Définition de politique de sécurité F5 ASM
Automatisation des config F5, Firewall, IPAM et DNS dans une logic Devops pour le provisionnement des serveurs avec l’outil d’orchestration Ansible
Support Niveau 3 pour le troublshoot des problèmes utilisateurs et applicatif et proposer des optimisation pour la résolution d’incidents
Remédier au vulnérabilités en réalisons des pentest
Rédaction de documents d’architecture, d’audit, de plan de migration
Environnement Firewall Fortinet, Pfsense , F5 LTM/ASM/APM, VPN, Vmware, Vsphere 6.7, Ansible, Gitlab, AWX, python, Netbox, Bind
SecuDium Octobre 2016 à Décembre 217
Buisness Developement Manager
Conduite de projets sécurité chez plusieur Client France / Maroc / Algerie
Formateur, F5 LTM Administering, F5 LTM Config, F5 GTM DNS
AirLiquide Janvier 2016 à Mai 2017
Consultant sécurité sénior
Faire évoluer la politique de sécurité du système d’information
Gestion des infogérants L2
Participation aux comités de changements
Définitions de politique de sécurité en adéquation avec les Normes
Gestion des incidents et escalade
Gestion de Projets Sécurité :
Migration de Datacentre et définition de la stratégie DR
Refonte de l’Archi Internet
Conduite de Projets pour des applications Business sur les WAF F5 ASM/LTM
Migration des Boitiers F5 ASM/LTM/GTM de 3600 vers 4000s
Changement de Firewalls Crossbeam VSX ver Checkpoint VSX 23800
Introduction de nouvelles fonctionnalité URL Filtering / SSL Offload … etc
EUROCLEAR BANK Since July 2010
Consultant / Project Manager and security designer
LAN WAN & SECU Projects :
Many projects was successfully conducted on a high technical environment to setup a Euroclear cloud for critical business applications (eRGV, Fundsettle, Euclid ..)
- Managing projects to setup business applications
o Define process for HLB creation
o Opening Firewalls (Algosec)
o Routing needs
- Upgrading Crossbeam Checkpoint VSX to R77 then R77,20
- Participating on the migration from Cisco catalyst 3750,6500 to Cisco Nexus 2000, 5000, 7000
- Leading the project of ACE to F5 Migration
o Project Management
o Realising POC and Tests
o Design Architecture
o F5 BIG-IP platforms for Internet LTM/GTM/AFM
o F5 Viprion, vCMPs with LTM/GTM for DMZ and Trusted zones
o Security segregation with partitions and Route domains
o Migration Planning
o Developed my own migration perl scipt to parse ACE config and convert to F5 tmsh
o Documentation
- Leading the Project of Migration from Nokia Firewalls to Crossbeam
o Consolidate more than 50 Firewall boxes on 4 Chassis
o Checkpoint VSX Firewall R75,20
o CMAs hosted on Provider one
- Redesign the Internet access
o F5 BIG-IP platforms for Internet LTM/GTM/AFM (iRules,iCloud)
o DNS Infoblox,
o Cisco GSS,
o Linkproof,
o Paketeer,
o Netscreen,
o Proxy Ironport
o IPS
- Managing Datacentre Disaster Recovery (RDR)
- Migrating Internet Provider
- Installing Remote access RAS SSL VPN
- Participating on the VSS migration for Distribution switches
- Migration of Cisco CSM load-balancer to Cisco ACE
- Level 3 Troubleshooting Issues
Environment Firewall Checkpoint VSX , Netscreen, Radius, Tacacs,VPN, RAS, IDS, Antivirus Trend Micro, Bluecoat Proxy, IronPort, CSM, ACE, GSS, ACS, Cisco 7200/6500/3500/3750, OSPF, BGP, Spanning Tree, DWDM, CACTI, Opsware, ANM, Scripting Perl,API,Json,F5 (BIG-IP,Viprion),Infoblox
Crédit du Nord Bank November 2008 à Jun 2010
Network Security Architect
- Design the security of more than 800 ATM on Agencies to migrate from X.25 to IP.
Test and validation of the VPN Tunnels based on Checkpoint secure client NG R60
Project Management and deployment
Renewing the Network address plan of all Agencies
Routing via OBS MPLS Network
Segregating on multiple Vlans
Nortel 2550T PWR Switches
- Design WAN links with Partners, BGP, OSPF routing and Redistribution
- Wanscaller trafic compression
- Studding the replacement of Nokia Firewalls by Juniper or fortigate
Managing deployment team , writing detailed documentation design
Environment Firewall Checkpoint R65 HFA 05, Secur Client R60 HFA03. Nokia(IP350,380,390,690,1220 et IPSO 6.2), Netscreen, , VPN, IDS, Cisco 7200/6500/2800, Nortel 2550T PWR
OSPF, BGP, Spanning Tree, CACTI, Cisco Works, NHM,
EUROCLEAR BANK Mars 2006 à October 2008
Consultant / Chef de Project
Mission on UK, Belgium et France :
LAN WAN Projetcs:
- Define the external partners Access
Many (BRI, PRI, LS) connexions on CISCO 7200.
BGP/OSPF Routing
- Upgrade of Internet links to 100M.
- Inter DMZ OSPF routing over GRE IPSEC tunnel.
- Setup 10G line between Datacentres using DWDM.
Security Project :
Managing more than 50 Firewalls over 5 CMA.
firewalls in transparent mode between offices
Cisco Firewall FWSM between Test and Prod
Load balancing Servers and Firewalls with Cisoc CSM (Cisco Switch Module).
Internet Link : Firewall Netscreen, linkproof, GSS, Proxy Bluecoat, Antivirus, Websens.
RAS Secure Remote :
Remote access based on Nokia/Checkpoint R60.
User Authentication with RSA securID.
Using Checkpoint Integrity to secure Laptops
Infrastructure projects :
Technical design for business applications: eRGV, eTPI, E2ACOM.
Production, homologation and test.
Installing and Managing Nokia Firewalls by NHM
Managing network equipment by Opsware.
Technical Documentation technique and production procedures.
Supports Secu/Lan/Wan level 2,3.
Environment Firewall Checkpoint R60 HFA 05,Nokia(IP350,380,390,690,1220 et IPSO3.9-4.1), Netscreen, Radius, VPN, RAS, IDS, Antivirus Trend Micro, Bluecoat Proxy, Websense, CSM, GSS, ACS, ACE, Cisco 7200/6500/3500/3750, OSPF, BGP, PBR, Spanning Tree, DWDM, CACTI, Cisco Works,NHM, Opsware, QIP
BNPPARIBAS September 2001 à February 2006
Consultant / Project Engineer
DNS/DHCP Migration:
Validation and deployment of centralised IPAM , NetID (170 000 @IP).
Migrate DNS from Bind to NETID DNS de BNP et Paribas.
Centralise DNS/DHCP Management services.
Connecting LS and RNIS clients on Cisco 2610XM routers on dual sites active/standby
OSPF routing and redistribution over eBGP.
Securing access by Firewalls (Nokia Chekpoint ou Secure Platform).
Data encryptions over VPN
Setup Internet access, secur it over new firewalls
Test and validation of Fw NetScreen 5200.
Test solutions.
Coordination between technical, operational and production teams
Test planning and migration.
Install solutions.
Technical Support for encountered issues during the deployment (DNS, Firewall, Routes…).
Environment Firewall Checkpoint R55/R60, Nokia(IP350,IP380,530,1220 et IPSO3,7- 3,8-3,9), Secure Platforms, VPN, Cisco 2600/7200/6500, ACL, Routemap, OSPF, BGP, MPLS, NetID, DNS, DHCP, NETSCREEN, Oracle Application
Z BANK Août à Septembre 2001
Network security Consultant
Technical security recommendations.
Securing accesses Fw Chekpoint 4.1.
Connecting external clients via LS.
Environment Nokia Checkpoint NT
AXA Corporate Solutions Septembre 2000 à Juillet 2001
Managing system and user athentication (ActivCard).
Setup a PKI Solution
Securing internet Access ( Proxy squid, antivirus, filtering ).
Increase network architecture: OSPF routing ,
Defining 3tierS Firewalls.
Environment Windows Checkpoint, CISCO 2600, OSPF
PACIFIC BROADBAND Communications August to September 2000
Installing all the network office infra :
Configuring Internet connection protected by a Cisco PIX 515 Firewall.
Installation of CISCO VPN 5001.
Installation of SUN Entreprise 220R server, Ultra 10S Solaris 7.x.
Configuration of NFS, NIS, DNS, DHCP, Sendmail.
Environment Cisco VPN, Firewall Pix, NFS, NIS, DNS, DHCP, Sendmail
NETSPRIT Mars to July 2000
IBM SecureWay Firewall and Check Point Firewall-1.
setup DMZ for hosting Web sites.
Securing accesses to Oracle databases and LDAP.
Managing user authentication
Internet connection.
Environment Firewall IBM, Checkpoint
Technical Skills
Routing OSPF, BGP4, ISIS, EIGRP, Access-lists, Route Redistribution, HSRP, VRRP, NSRP, PBR, GRE, MPLS
Switching VLAN, VTP, Trunking, Spanning Tree, Multilayer Switching,
Security Crossbeam, Nokia/Chekpoint Fw1, NetScreen , Secure Platform, IPSEC, VPN, Proxy Bluecoat, RSA SecurID, Integrity Checkpoint,ISE, Radius, Tacacs
Wifi Cisco Aironet access point 3600, WLC, Prime
Remote
Access Client VPN, SSLVPN, Frame-Relay, RNIS, PPP, NAT, PAT,
Systems Windows, Linux, Unix, AIX, Solaris, DNS, DHCP, Virtualisation
Materials F5 Big IP, F5 Viprion
Cisco Switches 29xx/35xx, 37xx, 65xx,
Cisco Routeurs 26xx, 36xx, 72xx,
Cisco Nexus 2000, 5000, 7000
CSM, ACE, GSS,
Riverbed, Linkproof, Bluecoat,
Nokia IP350,380,390,690,1220,
Infoblox, Ironport
Software HP Openview, Cisco Works, NHM, Opsware, CACTI, Sniffer Pro, Nmap, Wireshark, Apache, NETID, QIP
Developer Scripting perl, HTML, PHP, Mysql, Java script
PM Jira,Confluance
Training
2019 Cisco ACI
2016 ISO27001 ISO27002
2015 Prince2
2015 CCNP Security 300-208 SISAS
2014 F5 LTM/GTM
2007 Cisco ACE (Application Control Engine)
2005 Firewall Netscreen
2003 Alteon Level 2
2001 Cisco Pix Firewalls
2001 CCSA Checkpoint Firewall
2001 CCNP Routing & Switching
2000 Telecom and Network Engineer - ISPG
Langue
Arabic : fluent
French : fluent
English : fluent