Description

Helping Swiss and European enterprises secure complex hybrid networks and applications by combining 20+ years in network engineering with deep firewall, WAF and cloud automation expertise. As an HR reviewer, this profile reads as a senior Cloud & Network Security Engineer/Architect who can own design, implementation and lifecycle of security controls rather than just operating them.

Experience spans:

- Network security orchestration with AlgoSec/Tufin for Fortinet, Check Point, Palo Alto and F5, including AppViz, NetFlow auto-discovery, Nessus integration and Infoblox-driven risk automation to support SOC and audit requirements.

- Advanced routing/switching with Cisco CCNP R&S/SP and Juniper JNCIP‑SP, large scale migrations (e.g. Enterasys to Cisco Nexus FEX), and high‑availability troubleshooting suited to Swiss enterprise environments.

- Application delivery and protection with F5 BIG-IP (LTM, WAF, APM, SSLO, BigIQ, rSeries/F5OS) and Airlock WAF, delivering PCI/DSS/compliant architectures, PROD/TEST segregation, performance tuning and 2nd/3rd level plus architectural ownership.

- Cloud and DevOps: GitLab CI/CD, Terraform, AWS and Azure for secure migrations and landing zones; refactoring Airlock WAF and Skyhigh Web Gateway to AWS with autoscaling and multi‑region setups; ExpressRoute and Swisscom EnterpriseConnect, Private Link, hub-and-spoke designs with native FortiGate.

Languages

Spanish
Native or bilingual
English
Fluent
German
Fluent
French
Conversational

Workplace preferences

Can work on-site

Zurich (up to 50km)

Natwest Services
Senior Web Application Security Engineer / SecDevOps Cloud Engineer
BANKING AND INSURANCE
August 2025 - Today (10 months)
Zurich, Switzerland
- Re-platforming and Migration of on-prem Airlock WAF and Skyhigh Web Gateway to AWS involving in defining the network architecture of the subscription and adherence to the existing UK strategy (public cloud first/everything as code), adapting on-prem Apps to AWS cloud.
-Technologies: GitLab, Terraform/TFE/HCP Terraform, AWS, Python, Airlock WAF, SkyhHigh Web Gateway.
Airlock AWS Infra as Code Security Web Gateway Terraform
Natwest Services
Senior Web Application Security Engineer / SecDevOps Cloud Engineer
BANKING AND INSURANCE
August 2025 - Today (10 months)
Zurich, Switzerland
Role: Senior Web Application Security Engineer / SecDevOps Cloud Engineer (Zurich, Switzerland)
Sector: Network Security - Banking

Tasks/projects:
- Re-platforming and migrating the on-premises Airlock WAF and Skyhigh Web Gateway, along with their respective workloads, to AWS. This involves planning, designing, and implementing the network security architecture of the AWS ingress subscription in alignment with the existing UK group infrastructure.
- Continuously improving the on-premises and AWS solutions in accordance with the six pillars of the AWS Well-Architected Framework, ensuring a state-of-the-art hybrid infrastructure.
- Supporting and coaching stakeholders in onboarding new applications, conducting vulnerability analyses, and managing remediation activities.

Keywords: AWS, Cloud Security, WAF, Airlock, Skyhigh Web Gateway, Terraform, GitLab (CI/CD), Vulnerability Management, Application Security, Cloud Migration, Network Security, Infrastructure as Code, Secure Architecture
AWS Cloud Engineer Airlock WAF Security Web Gateway
UBS Card Center
Senior Network Security Engineer/Architect
BANKING AND INSURANCE
January 2021 - Today (5 years and 5 months)
Zürich, Switzerland
-SME in charge of the architecture, project management and implementation of new infrastructure and application projects keeping a PCI/DSS compliancy
-Quality management of the operations
-L3 Technical support for network and network security escalations
-Most relevant projects:
-Led the design, deployment, and configuration of network and security infrastructure for a new branch office
-Migration of network infrastructure between UCC and UBS, re-engineering the communication applying NAT, VPN, BGP and HA
-Migration of Skype for Busines to MS Teams, establishing a ExpressRoute and designing the communication through Swisscom to Azure and all relevant network aspects
-Detection and migration of non-compliant direct Internet accesses and proxying them
-Migration of a complex L2 SPT mess of different vendors (Extreme, Enterasys and Cisco) to a new design with Cisco Nexus 5000 and FEXs 3000.
-Implementation of AlgoSec as network orchestration and audit tool for the management of Firewall Changes and AppViz as visual tool for applications owner and applications architects.
-Standardization of the network by migrating old legacy switches and reducing the switching landscape in a 30%, saving as well a lot of space in the Data Center by consolidating racks
-Performance analysis and solution of several historical network problems detecting so far unidentified problems in F5 Load Balancer, HSMs and other devices
-Implementation IDS/IPS on the Firewalls and refinement with the SOC team
-Vulnerability management and PCI/DSS audits
-Redesign of Cisco ISE policies
-Implementation of Infoblox DDI: migration of Windows DNS and DHCP and SolarWinds IPAM
-PoC of an Azure Landing Zone and different subscriptions with FortiGates and Azure Load Balancers deployed with Terraform
-Design of a Global concept and naming convention for the future migration of the network to a Software Defined Network
-Definition of templates and documentation for many technical procedures
AlgoSec Cisco Fortinet Infoblox Azure DevOps