Download a beautiful PDF version

of this resume on kickresume.com

Ali Touseef
ali.touseef08@gmail.com ▪ +923475344335 ¦
+233548035341

Address
House # 922, Street 32, I-14/1
Pakistan

Profile
Information Security Engineer with over a decade of expertise in
securing enterprise IT infrastructures and ensuring compliance with
NIST, ISO 27001, and CIS Benchmarks. Proficient in identity and
access management (IAM), endpoint security, cloud security, and
vulnerability management. Skilled in deploying security tools like
Tenable Nessus, ArcSight SIEM, and Next-Generation Firewalls.
Strong background in automating workflows using PowerShell, Bash,
and Terraform to enhance operational efficiency. Adept at integrating
DevSecOps practices, securing Azure environments, and implementing
Zero Trust Ar Experienced chitecture to mitigate risks and support
business continuity

Skills
Cloud Security
Azure Security Center ■■■■■
Azure Key Vault ■■■■■
Azure Policy ■■■■■
Microsoft Defender ■■■■□
Azure WAF ■■■■■
Azure Application Gateway ■■■■■

Identity and Access Management

Active Directory (AD DS) ■■■□□
 Download a beautiful PDF version
of this resume on kickresume.com

Entra ID ■■■■■
RBAC configuration ■■■■■
Privileged Access Management (PAM) ■■■□□
Multi-factor Authentication (MFA) ■■■■■
Identity Lifecycle Management ■■■□□

Endpoint Security
EDR ■■■□□
XDR (Symantec Endpoint Security, Microsoft Defender, CrowdStrike,
TrendMicro) ■■■□□
Automatic Threat Analytics ■■■□□

Network Security
Next-Generation Firewalls (Sophos, Azure WAF, AWS Application
Gateway, FortiWeb) ■■■□□
Site-to-Site VPN ■■■□□
Remote Access VPN ■■■□□

Security Frameworks & Compliance

NIST ■■■□□
ISO 27001 ■■■■□
CIS Benchmarks ■■■■■
GDPR ■■■□□

Vulnerability Management
Tenable Nessus (Scanning, Tracking) ■■■□□
Remediation of vulnerabilities across OS, Web Servers, Databases,
and Network equipment ■■■□□

Encryption & Data Protection

SSL/TLS Certificates ■■■□□
Disk Encryption (BitLocker, D-Crypt) ■■■□□
DLP Policy ■■■□□
Zero Trust Solutions ■■■□□
 Download a beautiful PDF version
of this resume on kickresume.com

Cloud Platforms & Architecture

Azure ■■■■■
AWS ■■■□□
GCP ■□□□□
Cloud Security Architecture ■■■□□
Cloud Workload Protection ■■■□□
Cloud Infrastructure Management ■■■■□

Security Operations
SIEM (ArcSight) ■■■■□
Intrusion Detection & Prevention Systems (IDS/IPS) ■■■■■
Security Incident Response ■■■■□
Incident Management ■■■■□

Automation & Scripting

PowerShell ■■■■■
Bash ■■■□□
Terraform ■■■■■
Ansible ■■■■□
Automation of Security Workflows ■■■■□

Container Security
Kubernetes ■■■□□
Docker ■■■■■
Helm ■■■■□
Container Orchestration Security ■■■■□
Managing Kubernetes Clusters ■■■□□

Monitoring & Logging

Prometheus ■■■■□
Grafana ■■■■□
Azure Log Analytics Workspace ■■■■■
 Download a beautiful PDF version
of this resume on kickresume.com

Azure Monitor ■■■■■

Web Application Security

Web Application Firewall (WAF) ■■■□□
Azure WAF ■■■□□
Sophos WAF ■■■□□
Application Layer Security ■■■□□

Incident Management & Problem Resolution

Incident Detection ■■■□□
Root Cause Analysis ■■■□□
Problem Management ■■■□□
SLA Management ■■■□□
ServiceNow ■■■□□

Experience
TechSurge Africa Ltd. ▪ Ghana
Cloud Security Engineer
01/2019 – present
 Implemented Azure Security Center and Azure Policy, achieving
a 90% compliance rate with organizational security standards
and reducing configuration drift by 35%.
 Automated vulnerability scanning using Tenable Nessus and
Azure DevOps pipelines, identifying and resolving 95% of critical
vulnerabilities across cloud workloads within SLA.
 Deployed and managed Azure Key Vault to secure application
secrets and encryption keys, reducing unauthorized access
incidents by 40%.
 Integrated Azure Active Directory (Entra ID) with multi-factor
authentication (MFA) and Conditional Access policies, enhancing
identity security and improving login success rates by 25%.
 Established CI/CD pipelines in Azure DevOps with integrated
security scans (SAST/DAST) and code analysis tools,
decreasing deployment risks by 30% and accelerating release
cycles.
 Download a beautiful PDF version
of this resume on kickresume.com

 Configured Azure Application Gateway with WAF policies,

mitigating web-based attacks and improving application uptime to
99.9%.
 Developed infrastructure as code (IaC) templates using
Terraform and Azure Bicep, ensuring consistent deployment of
secure and compliant cloud resources.
 Monitored cloud environments using Azure Monitor, Log
Analytics Workspace, and KQL, reducing mean time to detect
(MTTD) and mean time to resolve (MTTR) incidents by 40%.
 Designed and implemented Zero Trust architecture for cloud
applications, improving secure access and reducing lateral
movement risks by 50%.
 Conducted regular cloud security assessments, applying CIS
Azure Benchmarks, and remediate findings to achieve a 100%
compliance score during audits.
 Collaborated with DevOps teams to integrate Azure Defender
and Microsoft Sentinel, enabling real-time threat detection and
reducing false positives by 20%.
 Optimized cloud cost governance by automating usage alerts
and implementing tagging strategies, saving 15% in overall
Azure spend.
 Facilitated data encryption at rest and in transit for cloud storage
accounts, using Azure-managed keys and ensuring compliance
with regulatory requirements.

Kalsoft ▪ Pakistan/Ghana
Security Analyst
11/2011 – 12/2018
 Monitored and analyzed security events using ArcSight SIEM,
resolving 95% of incidents within SLA and improving threat
detection accuracy by 30%.
 Managed and maintained Active Directory (AD DS) and Entra ID,
implementing RBAC and PAM solutions to reduce unauthorized
access incidents by 40%.
 Configured and optimized Next-Generation Firewalls (Sophos,
Fortinet, Azure WAF) and VPN solutions, enhancing network
security and achieving 99.9% uptime for secure connectivity.
 Deployed and administered Endpoint Detection and Response
(EDR) solutions such as Microsoft Defender and CrowdStrike,
reducing endpoint vulnerabilities by 35%.
 Conducted vulnerability scans with Tenable Nessus, remediating
over 95% of identified risks across OS, web servers, databases,
and network equipment within set timelines.
 Download a beautiful PDF version
of this resume on kickresume.com

 Aligned IT security processes with NIST, ISO 27001, and CIS

Benchmarks, achieving 100% compliance during internal and
external audits.
 Implemented Zero Trust architecture with Federated Identity,
securing remote access, Wi-Fi networks, and branch offices,
improving overall security posture.
 Designed and enforced DLP policies across systems to
safeguard sensitive data, reducing data loss incidents by 25%.
 Automated routine security tasks using PowerShell and Bash,
increasing operational efficiency by 20% and reducing manual
effort.
 Deployed and maintained SSL/TLS certificates, ensuring 100%
secure data transmission for all applications and services.
 Documented and reported on security incidents, audits, and
compliance, providing actionable insights to stakeholders and
improving incident response strategies.
 Collaborated with IT and DevOps teams to integrate security
controls into hybrid cloud environments, resulting in enhanced
scalability and security.

Projects
 Designed and implemented a secure, scalable AKS cluster for
microservices-based e-commerce applications.
 Configured Azure Security Center, Key Vault, and Entra ID to
enforce security policies and manage secrets.
 Automated infrastructure provisioning and deployments using
Terraform and Azure DevOps pipelines with integrated security
scans (SAST/DAST).
 Deployed Azure Application Gateway with WAF policies to
protect against OWASP Top 10 vulnerabilities.
 Integrated Microsoft Defender for Kubernetes and Microsoft
Sentinel for threat detection and incident response.
 Applied Zero Trust principles, ensuring workload segmentation,
RBAC, and data encryption in transit and at rest.
 Conducted vulnerability scans with Tenable Nessus and
remediated security risks to maintain compliance with CIS Azure
Benchmarks.
 Implemented centralized monitoring with Azure Monitor, Log
Analytics, and Prometheus for real-time performance and
security tracking.
 Collaborated with development teams to adopt secure
deployment practices and improve security posture.
 Download a beautiful PDF version
of this resume on kickresume.com

 Deployed and configured Sophos XG Firewall with Web

Application Firewall (WAF) to secure MTN Ghana's web
applications and external-facing services.
 Implemented and customized WAF policies to protect against
SQL injection, XSS, and DDoS attacks.
 Created and configured custom WAF rules to meet security
requirements for specific web applications and services.
 Integrated Sophos XG Firewall with existing network
infrastructure for centralized security management.
 Tuned and optimized WAF rulesets to reduce false positives and
improve threat detection accuracy.
 Monitored and analyzed WAF logs for proactive threat detection
and response.
 Collaborated with application teams to implement tailored WAF
rules addressing critical vulnerabilities.
 Tested WAF configurations in staging to ensure performance and
security requirements were met before production deployment.
 Provided training and knowledge transfer to internal teams on
WAF management and maintenance.
 Documented WAF deployment process, including configurations,
rulesets, and best practices for ongoing management.
 Deployed Cisco ISE Appliance in the MTN Ghana Network.
 Defined Security policies and Access Controls.
 Configured Cisco ISE personas.
 Integrated with MTN Ghana Active Directory for Identity store.
 Configured Access Based policies.
 Integrated with MTN Ghana Wireless network to implement
Network Access control and Posture assessment.
 Integrated with SCCM to perform Posture assessment and
automatic remediation.
 Packaged and pushed the Cisco ISE clients with all necessary
modules to all staff endpoints.
 Deployed and configured Symantec DLP Enforce Platform and
Endpoint Manager to secure data in motion, at rest, and in use
across the organization.
 Integrated DLP Network Protect with the Internet Gateway to
monitor and prevent unauthorized data transfers through web
traffic.
 Configured DLP policies and rules in collaboration with
stakeholders to identify and safeguard sensitive data, aligning
with organizational security and compliance requirements.
 Integrated Symantec DLP with on-premises Exchange Server to
monitor and protect sensitive email communications.
 Download a beautiful PDF version
of this resume on kickresume.com

 Connected Bluecoat Proxy with DLP Network Protect for

enhanced visibility and control over internet traffic, ensuring data
security at the gateway.
 Conducted testing and fine-tuning of DLP rules to minimize false
positives and improve detection accuracy.
 Provided technical support and training to internal teams on the
proper use and management of the DLP platform.
 Documented policies, configurations, and operational procedures
to ensure consistent management and scalability of the DLP
solution.
 Performed regular audits and reviews to validate the
effectiveness of DLP policies and ensure alignment with
regulatory standards.

Education
Ghulam Ishaq Khan Institute of Engineering Science ▪
Swabi ▪ Pakistan
Engineering Sciences
2010