Saqib Rana, Developer in Wellington, New Zealand
Saqib is available for hire
Hire Saqib

Saqib Rana

Verified Expert  in Engineering

Network Security Engineer and Developer

Location
Wellington, New Zealand
Toptal Member Since
April 12, 2023

Saqib is a results-driven professional with 10+ years of experience implementing IT network security solutions. He specializes in firewalls, load balancers, routing and switching, cloud or VPN solutions, web proxies, and automation. Saqib also manages multivendor devices, including Fortinet, Palo Alto, Check Point, FortiGate, Cisco—ASA, ISE, WSA, and Firepower Threat Defense or Management Center—Forcepoint, A10 Networks, Aruba, Splunk, FortiAnalyzer, and F5 BIG-IP web application firewalls.

Check PointCloudCiscoTerraformApplication SecurityFirewallsDNSSecurity Policies & ProceduresTelecommunicationsNetwork SecurityAzure Active DirectoryPythonEnterpriseArubaCisco ISEFiber OpticsCisco SwitchPalo Alto FirewallsProxyCisco ASAJuniper

Portfolio

BNZ Bank
Terraform, Check Point, Cisco Identity Services Engine (ISE)
2Degrees
Compliance
Spark NZ
Check Point, FortiGate, F5 Networks, Palo Alto Networks, Websense, IP Routing...

Experience

Palo Alto Networks - 10 yearsFortiGate - 10 yearsF5 Networks - 10 yearsProxy Servers - 10 yearsNetwork Security - 10 yearsCisco - 5 yearsCloud - 5 yearsTerraform - 1 year

Availability

Full-time

Preferred Environment

Checkpoints, Palo Alto Networks, Cisco, FortiGate, ISE, Cisco Switches, ASA, Aruba, F5 Networks

The most amazing...

...project I've successfully planned and implemented is migrating a Cisco Adaptive Security Appliance (ASA) firewall to a Check Point R80.40 solution.

Work Experience

Senior Security Consultant

2022 - 2023
BNZ Bank
  • Engaged as a senior security consultant for a company with BIG-IP LTM deployed in Azure infrastructure using Terraform as infrastructure as code. The CI/CD pipeline for configuring BIG-IP was established on Bitbucket for users to carry out BAU tasks.
  • Provided technical assistance for migrating the Cisco Identity Services Engine (ISE) from version 2.7 to 3.1, achieving a fully distributed ISE deployment for the policy administration, monitoring, and policy service nodes.
  • Deployed threat emulation on Check Point blades and replaced the legacy McAfee service.
  • Optimized gateway performance during high traffic by deploying Check Point DoS Penalty Box as a defense-in-depth security architecture.
Technologies: Terraform, Check Point, Cisco Identity Services Engine (ISE)

Security Architect

2022 - 2022
2Degrees
  • Performed risk assessments, threat modeling, and vulnerability analyses of 2Degrees' systems and assets, developing risk management plans to mitigate, transfer, or accept risks.
  • Worked with 3rd-party vendors and contractors to ensure they met the organization's information security requirements and complied with ISO 27001 standards.
  • Implemented the ThreatModeler solution to identify potential security threats and vulnerabilities in the 2Degrees cloud environment. This also provided a graphical illustration of the cloud resource topology.
  • Integrated the AlgoSec solution with 2Degrees' existing network security infrastructure, providing a complete on-premises infrastructure topology that was extremely helpful for engineers to resolve incidents quickly.
  • Designed and implemented a secure mobile device management (MDM) solution for a technology company. Selected and configured MDM tools, developed policies, and provided employee training.
Technologies: Compliance

Security Consultant

2019 - 2022
Spark NZ
  • Implemented the Illumio Zero Trust microsegmentation project to restrict the lateral movement of malicious actors.
  • Designed and implemented Fortinet SD-WAN for multiple customers.
  • Executed an AlgoSec solution for a customer to automate network topology, compliance report, and configuration cleanup.
  • Migrated the customer's firewalls from a legacy Cisco ASA to Check Point.
  • Evaluated and implemented multiple cloud landing zone solutions to determine the best fit for the customer's needs.
  • Configured cloud firewalls and proxies, ensuring they met the customer's security and compliance needs.
  • Set up Websense, Cisco Web Security Appliance (WSA), and BIG-IP web application firewall proxies for customers according to the OWASP security framework.
  • Onboarded new customers for BIG-IP LTM, creating isolated route domains and partitions.
Technologies: Check Point, FortiGate, F5 Networks, Palo Alto Networks, Websense, IP Routing, Cisco Switches, Cloud, Frameworks, Application Security, Cisco, Juniper, Security Policies & Procedures

Network Security Engineer

2013 - 2019
Bank Albilad
  • Planned and designed a fully distributed Cisco ISE 3600 solution to enforce 802.1X authentication for all bank users, switches, routers, access points, cameras, printers, and IoT.
  • Ensured better protection against external cyberattacks by migrating the perimeter firewall from Cisco ASA to the next-generation Palo Alto network.
  • Designed network segmentation to isolate the bank's cardholder data environment traffic from the rest of the network, reducing the risk of unauthorized access.
  • Enforced a Palo Alto WildFire sandboxing solution that detects malware in files and URLs.
  • Devised and implemented an open-shortest-path-first (OSPF) network topology suited to the bank's needs and requirements.
  • Created and executed a FortiGate 3950B data center firewall, providing enhanced security measures to protect east-west and north-south data traffic flows.
  • Implemented an Aruba wireless solution for the bank, providing secure and reliable wireless connectivity for all employees and visitors.
Technologies: Aruba, ASA, FortiGate, Palo Alto Networks, Juniper, ISE, Proxies

Network Security Engineer

2009 - 2012
Ministry of Media
  • Migrated switches from legacy Cisco edge, distribution, and core to Alcatel Omni for all Ministry of Media campuses.
  • Moved a large campus's network from static to OSPF routes.
  • Implemented the Intermapper network monitoring software for infrastructure devices.
  • Ensured reliable, high-speed connection by designing and implementing hub-and-spoke fiber optic network connectivity between radio, television, press campuses, and data centers.
  • Designed and implemented a comprehensive network security solution for the Ministry using Juniper ISG firewalls.
  • Optimized network performance and improved application response times by designing and implementing Blue Coat PacketShaper for the Ministry.
Technologies: Cisco Switches, Telecommunications, Firewalls, LAN, WAN, Fiber Optics, ASA, Monitoring, Logging

Cisco ASA to Check Point Firewall Migration

Migrated the firewall from Cisco ASA to the Check Point R80.40 solution. This project emphasizes the importance of careful planning, testing, and monitoring to ensure a seamless transition and a secure network.

I began by understanding the current network topology, evaluating the Check Point firewall, and planning the migration process. Next, I tested the migration plan, set up the new firewall, and proceeded with migrating security policies and the VPN. Finally, I enabled the Check Point Compliance blade, then tested the new environment before fully transitioning.

By following the roadmap with all stakeholders, I successfully migrated the firewall to a Check Point R80.40 solution while maintaining the security posture of the client network.

Zero Trust Implementation

Designed and implemented the zero trust model with Illumio for a trusted east-west network where hosts residing on the same virtual LAN could not communicate with each other.

llumio provides a centralized management console for managing label-based policies and configurations across the network. The project plan was to replace existing FortiGate firewalls with an Illumio microsegmentation solution. To do this, I developed a project team, understood the current network topology, and evaluated the Illumio solution. Next, I planned and tested the migration process, then set up the new Illumio solution and migrated security policies. I also tested the new environment before transitioning and monitored the new solution afterward.

This project emphasizes the importance of careful planning, testing, and monitoring. By following the project plan, the client successfully transitioned to an Illumio microsegmentation solution, resulting in enhanced compliance with regulatory requirements and an improved security posture. Additionally, the migration to Illumio has significantly reduced the required workforce compared to the previous setup that relied on FortiGate firewalls.

DMVPN to SD-WAN Migration

Planned and implemented the migration from a dynamic multipoint VPN (DMVPN) to a FortiGate SD-WAN solution for a retail client. This project emphasizes the importance of implementing the solution to meet the organization's daily operational needs and support remote workers.

The FortiGate SD-WAN solution provided the client with improved redundancy and traffic management and cost savings by eliminating the need for multiprotocol label switching. Implementing the solution also enhanced the organization's security posture. Multiple retail locations can benefit from a secure, reliable, and cost-effective network solution by utilizing intelligent traffic routing, advanced security features, and centralized management of network policies and configurations.
2001 - 2005

Bachelor's Degree in Computer Science

University of South Asia - Lahore, Pakistan

MAY 2021 - PRESENT

F5 Certified! BIG-IP Administrator

F5, Inc.

MAY 2021 - PRESENT

Exam 201—TMOS Administration

F5, Inc.

AUGUST 2020 - AUGUST 2022

Check Point Certified Security Expert (CCSE)

Check Point Software Technologies Ltd

JUNE 2020 - JULY 2022

Palo Alto Networks Certified Network Security Engineer (PCNSE)

Palo Alto Networks

JUNE 2020 - PRESENT

Fortinet NSE 7 – Enterprise Firewall

Fortinet

JUNE 2020 - JUNE 2022

Check Point Certified Security Administrator (CCSA)

Check Point Software Technologies Ltd

JANUARY 2019 - PRESENT

Cisco Certified Internetwork Expert (CCIE) Security Lab

Cisco

MAY 2017 - MAY 2020

NSE 4 Network Security Professional

Fortinet

JANUARY 2011 - JANUARY 2014

Cisco Certified Network Professional (CCNP) Routing & Switching

Cisco

DECEMBER 2010 - DECEMBER 2012

Juniper Networks Certified Internet Specialist, Security (JNCIS-SEC)

Juniper Networks, Inc.

NOVEMBER 2009 - NOVEMBER 2012

Cisco VPN Security Specialist

Cisco

NOVEMBER 2009 - NOVEMBER 2012

Cisco IPS Specialist

Cisco

OCTOBER 2009 - OCTOBER 2011

Juniper Networks Technical Certification Program (JNTCP), Enterprise Routing and Switching

Juniper Networks, Inc.

JULY 2009 - JULY 2012

Cisco Firewall Security Specialist

Cisco

JULY 2009 - JULY 2012

Cisco Certified Network Professional (CCNP) Security

Cisco

DECEMBER 2008 - DECEMBER 2010

Microsoft Certified Professional

Microsoft

Tools

Terraform, Websense, VPN, Logging

Languages

Python

Industry Expertise

Telecommunications, Network Security

Paradigms

Cisco Certified Network Associate Routing & Switching

Storage

Azure Active Directory

Other

Palo Alto Networks, FortiGate, Cisco Switches, ASA, F5 Networks, IT Security, Computer Networking, Check Point, IP Routing, Cloud, Proxies, WAN, Checkpoints, Cisco, LAN, Web Application Firewall (WAF), ISE, Aruba, Cisco Identity Services Engine (ISE), Compliance, Frameworks, Application Security, Juniper, Security Policies & Procedures, Fiber Optics, Monitoring, Routing, Firewalls, Intrusion Prevention Systems (IPS), Proxy Servers, Server Administration, DNS, Enterprise

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring