Professional Summary
Proactive and results-oriented IT professional with 2 years of specialized experience in Network Administration, System Administration, and Linux Administration. Expertise in architecting, deploying, and managing secure, scalable, and high-performing IT infrastructures for multi-site operations. Proficient in configuring and maintaining Ubuntu servers, Nginx web servers, and file servers, with a strong command of Active Directory, VPN/IPSec tunnels, and advanced network security protocols such as ACLs/MAC Filtering/Blocking Hotspot, port forwarding, and failover mechanisms. Skilled in managing email server environments, leveraging SPF, DKIM, DMARC, and SSL/TLS configurations to ensure secure, spam-free, and reliable communication. Adept at automation through custom Bash scripting to monitor device health, streamline workflows, and optimize system efficiency, significantly reducing manual intervention. Experienced in implementing advanced security measures, including Fail2Ban to protect against brute-force attacks, MikroTik firewalls, and social media/hotspot access restrictions to enforce organizational policies. Successfully developed and executed robust disaster recovery strategies, external backups, and real-time monitoring solutions, ensuring minimal downtime and uninterrupted business operations. Demonstrated expertise in LAN/WAN network design, VLAN configuration, and deploying wireless access points to maintain seamless connectivity and operational efficiency. Committed to delivering innovative IT solutions aligned with organizational objectives while enhancing reliability, scalability, and security across all systems.
Core Competencies
- Network Security & Architecture: MikroTik Router Configuration LAN, WAN, VPN, IPSec Tunnels, Firewall Management, MAC Filtering, Role-Based Access Control (RBAC)
- System & Linux Administration: Ubuntu Server Management, Nginx Configuration, Active Directory, Failover Techniques, High Availability
- Disaster Recovery & Backup: Data Protection, Offsite Backup Solutions, Business Continuity, Recovery Planning, System Redundancy
- Email Server Management: SPF, DKIM, DMARC, SSL Encryption, SMTP Configuration, MX Records, DNS Configuration
- Automation & Monitoring: Proficient in creating custom shell scripts for automating system monitoring, backups, and other administrative tasks, reducing manual intervention and enhancing operational efficiency.
- Cloud Technologies: Cloud Infrastructure Management, Data Security & Compliance, Local Cloud Environments, Cloud-Based Storage
- Technical Support & Troubleshooting: Remote IT Support (SSH, VNC, RDP), Incident Management, Network & System Troubleshooting
- Vendor & Procurement Management: Hardware/Software Procurement, Contract Negotiations, Vendor Relations
Professional Experience IT Executive GoldFin Limited – Lahore, Pakistan July 2023 - Present
Network Infrastructure & Security:
- Configured and managed LAN, WAN, and VPN connections, ensuring secure and reliable network infrastructure.
- Defined DHCP lease time, static IP bindings, and IP pool ranges for specific device groups.
- Applied LAN-side firewall rules to restrict unwanted traffic and enhance internal network security.
- Used Address Lists to allow or deny traffic based on device IPs or MAC addresses.
- Created bridges to combine multiple interfaces into a single logical network segment.
- Applied filtering rules on bridges to control inter-VLAN or inter-device communication.
- Enabled DNS caching to reduce latency and improve access speeds for frequently visited websites.
- Redirected internal DNS queries to custom DNS servers for faster resolution and ad blocking.
- Implemented MAC filtering to restrict device access based on hardware addresses.
- Enabled Port Security to prevent unauthorized device connections.
- Defined role-based access controls (RBAC) to regulate device and user permissions.
- Deployed Hotspot services for guest networks with customized login and authentication options.
- Set up secure wireless LANs with WPA2/WPA3 encryption and enabled Client Isolation for public networks.
- Configured WAN interfaces to obtain public IPs using PPPoE, Static IP, or DHCP Client.
- Set up source NAT (Masquerading) for outbound internet access from LAN devices.
- Configured destination NAT (port forwarding) for external access to internal servers.
- Implemented WAN failover using multiple ISP connections for uninterrupted connectivity.
- Established secure site-to-site IPSec VPN tunnels for interoffice communication.
- Set up L2TP/IPSec and OpenVPN for secure remote user access to internal resources.
- Applied input chain firewall rules to block unauthorized access to the router's public interfaces.
- Enabled bandwidth caps for WAN connections to prevent excessive usage by single applications or users.
- Configured Dynamic DNS (DDNS) for consistent remote access with dynamic public IPs.
- Used mangle rules for traffic marking to enable advanced routing and load balancing.
- Adjusted MTU (Maximum Transmission Unit) settings for optimized packet transmission.
- Applied firewall bridging to filter and shape traffic between LAN and WAN interfaces.
- Automated tasks such as router reboots and rule updates using scheduler configurations.
- Implemented IPSec tunnels to securely connect head office and branch offices.
- Configured NAT and port forwarding to allow external clients access to hosted applications.
- Set up backup systems and applied disaster recovery strategies to ensure minimal downtime during failures.
- Configured and managed D-Link POE switches for optimized network performance and resource allocation across multiple sites.
- Integrated D-Link Access Points to improve wireless coverage, incorporating security measures such as MAC filtering and role-based access control (RBAC) for enhanced network access policies.
- Managed the deployment and configuration of VPN tunnels (IPSec) for secure remote access, ensuring encrypted communication between branch offices and headquarters.
- Developed and maintained firewall rules using MikroTik and other security appliances to monitor and control network traffic, reducing vulnerability to external threats and unauthorized access.
System Administration
- Administered Ubuntu-based Linux servers to maintain maximum uptime by fine-tuning system settings for optimized resource allocation and performance.
- Configured and managed Nginx web servers for load balancing, reverse proxying, and securing web traffic with SSL/TLS encryption.
- Applied security best practices for Nginx, including rate limiting, IP whitelisting, and protection against DoS attacks.
- Managed IP addressing schemes, ensuring efficient subnetting and IP allocation across internal and external networks.
- Configured DNS servers for name resolution, ensuring low latency and high availability with failover mechanisms.
- Set up and administered DHCP servers for automatic IP address assignment and management, optimizing lease durations and reserved addresses.
- Integrated and managed Active Directory services for centralized user authentication, access control, and single sign-on (SSO) capabilities.
- Applied Group Policy Objects (GPOs) in Active Directory to enforce security protocols, restrict unauthorized actions, and standardize configurations across user machines.
- Implemented and tested high-availability configurations for DNS and DHCP servers to ensure minimal downtime during failures.
- Automated common administrative tasks using Bash scripts and PowerShell, reducing manual intervention and increasing operational efficiency.
- Maintained system security by applying regular updates, patches, and hardening measures such as disabling unused services and restricting root access.
- Configured and tested failover mechanisms for critical services to maintain system resilience during outages or maintenance.
- Implemented secure file transfer protocols (SFTP) for data sharing and backups, ensuring compliance with security standards.
- Ensured system compliance with organizational and industry security standards through regular audits and monitoring.
Linux Email Server Management
- Designed and managed a robust email infrastructure on Ubuntu Linux, leveraging Nginx for efficient handling of incoming and outgoing mail traffic.
- Ensured compliance with industry standards by configuring email authentication protocols such as SPF, DKIM, and DMARC, preventing spoofing, spam, and email forgery.
- Deployed and fine-tuned Postfix as the mail transfer agent and Dovecot for secure IMAP/POP3 services, ensuring seamless and reliable email delivery across multiple domains.
- Regularly monitored server logs to troubleshoot delivery issues and improve mail queue performance.
- Implemented SSL/TLS certificates for all email transmissions, securing communication between the mail server and client systems.
- Conducted periodic certificate renewals and automated the process to minimize manual intervention.
- Regularly applied security patches and updates to maintain the integrity and security of all systems and network infrastructure.
- Utilized tools such as Fail2Ban and Snort for intrusion detection and prevention.
- Utilized monitoring tools to oversee server health, email queue statuses, and blacklisting status in real-time.
- Conducted comprehensive security audits to identify vulnerabilities and address misconfigurations, ensuring the email server remained compliant with the latest security standards.
- Managed user mailboxes, aliases, and forwarding rules, ensuring high availability for all email accounts.
- Provided technical support to end-users for mail client configurations, password resets, and troubleshooting issues.
- Applied industry best practices to combat phishing and spoofing attempts.
- Regularly updated blacklists to prevent unauthorized access or abuse of the email system.
- Designed a scalable and redundant mail server environment with backup MX records and automated failover mechanisms, ensuring uninterrupted email service during server downtimes or maintenance periods.
- Established email archiving solutions to retain critical email data for organizational compliance and future reference.
- Configured retention policies based on organizational requirements and legal regulations.
- Installed and configured Jenkins for CI/CD processes.
- Set up forward and reverse proxies using Nginx to route traffic.
- Installed the LAMP stack for hosting web applications.
- Hosted HTML and Node.js applications on Linux servers.
- Configured self-signed SSL certificates to secure web traffic.
- Managed file permissions and performed drive mounts for efficient file handling.
- Hands-on experience with systemd services:
- Managed services using systemctl (start, stop, restart, mask).
- Created and managed soft links and hard links.
- Scheduled automated tasks using cron jobs.
- Installed Docker and executed basic Docker commands for container management.
- Deployed and managed Docker containers for hosting applications.
- Pulled various images from Docker Hub using Docker Desktop.
- Hosted and tested small projects inside Docker environments.
- Integrated Docker with GitHub for seamless version control and deployment workflows.
- Created and managed various Jenkins pipelines:
- Declarative pipelines, freestyle and multibranch pipelines.
- Built a complete project workflow and pushed data from Docker containers to GitHub repositories.
- Automated deployments using Jenkins pipelines.
- Configured Jenkins Identity Access Management (IAM) for secure access control.
- Hosted small projects on Jenkins with automated builds and deployments.
- Hands-on experience with Git and GitHub for version control and collaboration.
- Cloned repositories, including private GitHub directories, using SSH keys and tokens.
- Integrated Jenkins with GitHub for automated builds and data management.
- Managed code commits and workflows for hosting complete projects.
- Comprehensive knowledge of system services and processes on Linux.
- Implemented file and service management using system utilities like systemd and systemctl.
- Hands-on experience with identity and permission management on Linux systems.
Vendor & Procurement Management:
- Led IT procurement initiatives, negotiating contracts and managing vendor relations for hardware and software purchases, ensuring cost-effective solutions while meeting organizational requirements.
- Oversaw vendor performance, ensuring timely delivery of products and services in compliance with established contractual terms and conditions.
Key Projects & Contributions
- GoldFin Network Overhaul: Spearheaded the redesign and implementation of GoldFin's network infrastructure, integrating advanced security protocols and creating a scalable architecture to support multi-location operations.
- Automated System Monitoring: Developed and deployed custom scripts to automate system health checks, reducing downtime and enabling proactive issue resolution.
- Business Continuity & Disaster Recovery: Led the development and execution of a comprehensive disaster recovery strategy, ensuring minimal data loss and rapid recovery of systems and applications in case of failure.
- GoldFin Website Project (www.goldfin.com.pk): Managed the outsourcing and project monitoring of the website development for GoldFin Limited. Ensured successful delivery by overseeing the project's progress, quality, and adherence to deadlines, while maintaining communication between the external team and internal stakeholders. Additionally, monitored and managed running social media advertising campaigns to drive traffic and engagement, ensuring alignment with marketing goals and optimizing campaign performance.
- Active Directory Implementation & File Server Automation: Led the implementation of Active Directory for centralized user management across all branches and set up an automated backup system for the file servers at all locations. This ensured consistent and timely backups, improving disaster recovery readiness and operational continuity.
Technical Skills
- Operating Systems: Proficient in Ubuntu Linux and Windows Server administration, including system configuration, updates, and security hardening.
- Networking & Security: Expertise in configuring VPN and IPSec tunnels for secure communication, as well as managing MikroTik routers, firewall settings, and MAC filtering for network security.
- Implemented role-based access control (RBAC) and network security protocols to ensure secure access and prevent unauthorized use.
- Web Servers: Strong experience with Nginx for web hosting, load balancing, and performance optimization.
- Email Security & Management: Skilled in SMTP server management, with expertise in implementing SPF, DKIM, DMARC, and SSL/TLS for email security and reliable communication.
- Scripting & Automation: Proficient in Bash and Shell scripting for automating system administration tasks, including backups, system health checks, and log management.
- System Monitoring & Management: Created custom Bash scripts for real-time system and network monitoring, ensuring proactive issue resolution and minimal downtime.
- Cloud Infrastructure: Knowledge of local cloud environments and data storage solutions, with a focus on security and scalability.
- Disaster Recovery & Backup: Expertise in designing and implementing backup strategies and disaster recovery plans, ensuring minimal data loss and fast recovery.
- Identity & Access Management: Extensive experience with Active Directory for user management and Role-Based Access Control (RBAC) for secure system access.
- Procurement & Vendor Management: Skilled in managing IT procurement and vendor relations to ensure cost-effective solutions for hardware, software, and network infrastructure.