Nayab Khan
Agawam,MA
Summary
Self-motivated, proactive technical expert with 14+ years of multilingual experience IT professional with in-depth expertise in managing Azure, Office 365, on-premises Active Directory, and Microsoft Defender solutions. Skilled in implementing, configuring, and optimizing these platforms to enhance security, efficiency, and compliance within organizations. Proven track record of successfully deploying and managing cloud and on-premises environments, protecting against cyber threats, and ensuring seamless operations. Adept at collaborating with cross-functional teams to deliver high-quality IT solutions and support. Looking to leverage my technical skills and industry knowledge to contribute to a dynamic organization.
Overview
16
16
years of professional experience
1
1
Certification
Work History
Cyber Defense Engineer
Ahold Delhaize (Contract Apex)
Remote
06.2024 - Current
- Azure Sentinel, PowerApps, Azure AD, Jira, Jira Confluence, GitHub, Json, Visual Code, Migration to Sentinel, Azure B2X, Zscaler Firewall, Palto Alto, Net Witness, Log Stash.
Sr. ITS Consultant
Boston Medical Center
Remote
08.2023 - 05.2024
- O365, Office configuration, Exchange Online, Recipients, Mailbox Resources, Groups, Resources, Mail Flow, Rules, Exchange connectors, Roles, SharePoint, Teams
Sr. IAM/ PAM Security Engineer
Insight Enterprise
Remote
06.2021 - 08.2023
- SIEM using Microsoft Defenders for identity, and Defender for endpoints, Compliance, Endpoint Manager, Microsoft Defender ATP, Security Microsoft Dynamic 365 fraud protection, O365 Tenant isolation, Data integration, Microsoft 365 Integrations, Exchange, SharePoint, Teams, Yammer, M365 Apps, Sentinel, Lighthouse, Kusto, powerApps, power automation, Slack, Azure AD, SecureWorks, AWS Cloud portal, Google Cloud, ServiceNow
IAM/ PAM Technical Advisor/ Team Lead
Microsoft - Contract
Remote
01.2018 - 06.2021
- Leading the 12-member team performing as a trusted technical advisor, Deploying and Networking for Servers, Hyper-V, VMWare, and infrastructure management, Active directory integration in Azure AD, Installing AD role on servers, promoting the servers do DC, Installing and configuring Group policies, DNS set, joining the machine to DC in AD, creating user, groups, OU's adding forests in AD, Active Directory Certificate Services, Integration with various RADIUS/LDAP Clients with Azure Multi-Factor Authentication, Active Directory Trusts & Federation, Domain Secure Channels, Securing RDP session, Troubleshooting Active Directory Certificate Services, HSMs, Certificate Enrollment Web Services, Certificate Enrollment Policy Web Service, and Internet Information Services (IIS), Developed the strategies plans for Public Key Infrastructure (PKI) and assisted with the implementation & installation of PKI and SSL certificate-related technologies, Install Network Policy server role in AD, by installing and setting up security/ MFA on the VPNs, and remote desktop servers, triggering Multi-Factor Authentication on the user's logons, Active Directory FSMO, Active Directory Lightweight Directory Services (AD LDS), Active Directory Application Mode, Active Directory Migration Tool, Active Directory replication, Active Directory topology (sites, subnets, and connection objects), DC Promo and the installation of domain controllers, Domain controller scalability, performance (including LDAP), Domain join issues, LDAP configuration on-prem interoperability, Installation for on-prem applications hosted on IIS servers, having cloud users authenticating to on-prem applications, Resolved Syncing issues of Active Directory to Azure Active Directory, Application proxy setup and installation for on-prem applications hosted on IIS servers, having cloud users authenticating to on-prem applications, Completed training courses and skill assessments related to the Azure Identity platform, and utilized tools: Fiddler, Logs Miner, and Wireshark, to troubleshoot authentication issues, Deploying ADFS 2012 R2, 2016, 2019 for Office federating users to experience the Single-sign-On for their Applications, Configure ADFS AD FS 2.0, 3.0, and 4.0 Servers and the Web application Proxy Servers in their Environment, Web Application proxy setup web Application Proxy Trust, Fixing DNS-related issues related to Hybrid Azure AD joined issues and working with DHCP, Renew and assign Token signing certificates, Token Decryption Certificates, and SSL (cryptography), Worked on Modern Authentication, ADAL, OAuth, OpenID Connect, Oath, SAML 2.0, and WSFed, Worked with Azure AD App Management Roles configuration with the Clients, Setting up SAML 2.0, based, and Linked SSO on Enterprise applications with Windows, and servers' VM setups with AWS, and Azure cloud services, RBAC, MFA, on 3rd party apps in OKTA access gateway, Google, AWS cloud portal, etc., IAM, PAM, PIM, IGA Identity Governance access configurations in cloud service providers Microsoft Azure, Google Cloud Platform & Amazon Web Services cross-forest, CyberArk, OKTA, One Identity, OneLogin, SailPoint, IBM, Avatier, Ping Identity federation, Saviynt, Radiant Logic and SailPoint, Helping customers and troubleshooting API Permissions and Microsoft Graph API, Apply MFA on AWS cloud to Secure Loggings and provide PAM solutions, RSA SecureID, YubiKeys, and other MFA products for the entire organization, Also, Configure the Workday Provisioning Connector if using Azure to allow for automated user account management, Enable SSO for users to access Workday and other integrated applications using their AD credentials, enhancing security and user convenience, Deployed and owned AADConnect Sync servers, Seamless SSO with either Password Hash Synchronization (PHS) or pass-through Authentication (PTA), Management of Sync engines, MIM (Microsoft Identity Manager), and FIM (Forefront Identity Manager) focusing on identity synchronization, Azure Key Vaults to store the encrypted keys for the apps and certificates, Implementation and configuration of Single Sign On (SSO) for gallery and non-gallery apps, Configuration and Management of Device Registration with Intune via PowerShell scripts, Deploying the MFA for security, by using Azure CLI, Consulting Azure Active Directory Conditional Access Policies, Secure MFA Registration, compliant devices, required domain Joined (Hybrid Azure AD), SSPR - Self-service password reset, Self-service group management, Password management issues related to the applications added to the Azure cloud, Create APIs for Azure Analysis Services and troubleshoot APIs for the customers in Azure for their applications, Azure B2B, B2C TLS, OAuth, LDAP, JWT, and authorization models such as ABAC, RBAC, and Risk-based Access Control, Provided support to customers to add API which can help their encryption framework to protect communication between end-users and the Azure environment, Enterprise applications, client base authentication, configure Azure Active Directory Application Proxy for remote access to applications hosted on-premises to leverage Azure Active Directory for Pre-Authentication and support several Authentication methods to the On-Premises applications, Develop Security automation and APIs and test the APIs via the Postman tool in the Azure portal Enterprise applications
System Security Engineer III
SAP Concur Contract (Randstad)
Bellevue
11.2016 - 12.2017
- Manage and support desktop and laptop, hardware, network, operating systems, and end-user software applications, Worked on CASD tool, Deploy and monitor servers, migrate, reimage, and Deploy machines using SCCM, changing bios settings, Windows 7 & Mac installation issues, Configure client base Authentication, Implement, and change requests in the CASD environment, Assist with transferring Files from old to new machines through File Transfer Protocol (FTP), Install and configure applications on Windows, Mac, Tablets, iPads, and phones, Troubleshooting and fixing Outlook connectivity issues with O365 post-migration and OWA, One Drive syncing, Skype for Business, and One Not syncing, Office 365, Google Suite applications (Google Workspace), Dropbox, and Tableau, Install and configure Visio and Project, Cisco Jabber, Webex, Tableau, Cisco IP phones, and VPN connections, Resolved issues during or after release installations and SOPs and policies, Work on all O356 products, admin portal with admin access
Sr. SharePoint Administrator
Microsoft (Contract)
Remote
09.2015 - 10.2016
- SharePoint site setup, permissions, creating active sites, team sites, and communication sites with suggesting different templates, Helped recover deleted sites, or files from their current sites via PowerShell commands, Adding users, controlling access to document libraries, and setting permissions, Performing maintenance of the SharePoint platform, servers, and intranet, Troubleshooting and resolving SharePoint issues or malfunctions, SharePoint support and end-user training, SharePoint policies, manage users
Sr. System Engineer
AT&T - Contract/ IDC Tech & Wipro
Redmond, WA
10.2013 - 03.2015
- Operating System Deployment (OSD) and Microsoft Deployment Toolkit (MDT), SCCM, Active directory, create accounts for Linux servers and troubleshoot Linux login issues, Created Unix accounts for Quality Center accounts, and Quality Center projects, Access-Windows and Access QC, RT Ticketing system, Resolve remote desktop, projector, provisioning SIMs, Security Controls, UEM, Scripting deployment of Security controls, Monitor, Office 365 Policies, Anti-phishing, Safe, Attachments, and Links
System Engineer
Samsung
Remote
02.2011 - 10.2013
- Local active directory, Remote access tools, printers, windows 7, Operating System Deployment (OSD) and Microsoft Deployment Toolkit (MDT), SCCM, and Microsoft Office, Security, firewalls, policies, security tools, TCP/IP, Microsoft Windows 8, PC/Laptop imaging, VPN, Active Directory exchange, Distribution Lists, Security Groups in Active Directory, Mac, windows 2007 Office Suit, PowerPoint, Visio, Exchange, SharePoint, PowerShell, DNS, DHCP, Windows Server Administration, VMware, SCCM and Active Directory
Desktop Support Intern
AWKU
09.2008 - 01.2010
- Windows Server 2003, 2005, 2008, 2008 R2 2012 R2, Active Directory, Active Directory, Roles, ADFS, ADDS, CA, DNS, DHCP, NPS, RDG, macOS, MS Windows 1998, 2000, XP, Vista, Visio, Office 365 SSL VPN, Azure, WDS, CLI, SQL Database
Education
Bachelors in computer science -
Abdul Wali Khan University
Skills
- Windows
- Servers
- SCCM
- Operating System Deployment (OSD)
- Microsoft Deployment Toolkit (MDT)
- WAN
- LAN
- VPN
- Firewalls
- Routers
- Wireshark
- Fiddler
- Logs Miner
- KQL
- PowerShell
- SQL
- Python
- PKI & SSO
- Azure SSO
- ADFS
- Group Policy
- Azure CLI
- Bash
- Microsoft Defenders for identity
- Cross Forest IAM cloud apps security
- O365
- Defender for endpoints
- Sentinel
- Azure AD
- AADConnect
- Microsoft O365
- Compliance
- Endpoint Manager
- Exchange
- Microsoft Defender ATP
- Office
- SharePoint
- Dynamic 365 Apps
- Networking security
- Lighthouse
- Logic apps
- Taegis Cloud
- Aviatrix
- SecureWorks
- AWS Cloud
- Google Cloud
- SailPoint
- OKTA OAG
- Keycloak
- Skype for Business
- Teams
- Slack
- Outlook
- Yammer
- One Drive
- ServiceNow
- System Troubleshooting
- Root Cause Analysis
Certification
- SC-100 Cyber Security Architect
- SC-200 Security Operations Analyst Associate
- SC-300 Identity and Access Administrator Associate
- SC-400 Information Protection Administrator Associate
- MS-500 Security Administrator Associate
- AZ-500 Azure Security Engineer Associate
- AZ-305-Designing Microsoft Azure Infrastructure Solutions
- AWS Cloud practitioner
- SC-900 Security Compliance & Identity Fundamentals
- MS-900 Microsoft 365 Certified: Fundamentals
- AZ-900 Azure Fundamentals
- MTA-Database Fundamentals
- MTA-Security Fundamentals
Languages
- English: Native
- Urdu - Native
- Pushto - Native
- Punjabi - Advanced
References
- Burhan Uddin, Microsoft, 2018, (609) 257-8695, nomadic786@gmail.com
- Rohina Ramzan, Insight Enterprises, 2021-2023, (206) 984-0117, Rohina.8@outlook.com
- Beral Francis, Microsoft, 2018 to 2021, (850)980-4314, beralfrancis2020@gmail.com
Timeline
Cyber Defense Engineer
Ahold Delhaize (Contract Apex)
06.2024 - Current
Sr. ITS Consultant
Boston Medical Center
08.2023 - 05.2024
Sr. IAM/ PAM Security Engineer
Insight Enterprise
06.2021 - 08.2023
IAM/ PAM Technical Advisor/ Team Lead
Microsoft - Contract
01.2018 - 06.2021
System Security Engineer III
SAP Concur Contract (Randstad)
11.2016 - 12.2017
Sr. SharePoint Administrator
Microsoft (Contract)
09.2015 - 10.2016
Sr. System Engineer
AT&T - Contract/ IDC Tech & Wipro
10.2013 - 03.2015
System Engineer
Samsung
02.2011 - 10.2013
Desktop Support Intern
AWKU
09.2008 - 01.2010
Bachelors in computer science -
Abdul Wali Khan University
Similar Profiles
Cherrelle Henley WilliamsCherrelle Henley Williams
Data Quality Analyst at Apex for Ahold DelhaizeData Quality Analyst at Apex for Ahold Delhaize
Joshua FoxJoshua Fox
Mobility Support Engineer L3 at Ahold Delhaize RBS (Contract)Mobility Support Engineer L3 at Ahold Delhaize RBS (Contract)
Katerina VamvouriKaterina Vamvouri
Ecommerce assortment supervisor at Ahold Delhaize AB VassilopoulosEcommerce assortment supervisor at Ahold Delhaize AB Vassilopoulos
Nathan FoxNathan Fox
Laborer at MHI ContractingLaborer at MHI Contracting
Dawnett MinzieDawnett Minzie
Certified Nursing Assistant at Prosper at Monastery HeightsCertified Nursing Assistant at Prosper at Monastery Heights