Patrick Bahizi
Perwez
Summary
Skilled Security Specialist with experience in Azure Active Directory, cloud security, and automated CI/CD pipelines. Adept at threat detection, incident response, and infrastructure-as-code for effective security management. Dedicated to compliance, governance, and application security using Azure tools and best practices.
Overview
17
17
years of professional experience
Work History
Azure Cloud Architect
IBZ - Tek System
10.2024 - Current
- Designed and implemented cloud architecture solutions to enhance operational efficiency.
- Led migration of on-premise applications to cloud environments, optimizing resource utilization.
- Developed cloud security frameworks ensuring compliance with industry standards.
- Collaborated with cross-functional teams to establish best practices for cloud deployment.
- Implemented Microsoft Defender for Cloud across 500+ Azure resources, reducing security vulnerabilities by 40% through automated remediation and continuous compliance monitoring.
- Configured Privileged Identity Management (PIM) for 200+ administrative accounts, implementing just-in-time access and reducing standing privileges by 85%
- Managed Entra ID Protection policies for 5,000+ users, implementing risk-based conditional access that blocked 95% of suspicious sign-in attempts.
- Developed custom threat hunting queries in Microsoft Sentinel using KQL, uncovering advanced persistent threats and improving detection capabilities by 30%
- Implemented Microsoft Defender XDR integration with Sentinel, creating unified incident investigation workflows across endpoint, email, and identity attack vectors
Cloud DevOPS/Security
Brussels Airport Company
01.2024 - 09.2024
- Integrated the latest features from Microsoft Azure into existing business applications;
- Designed, implemented, and validated moving workflows from desktop to Azure Cloud on ARM;
- Created, implemented, and presented to the team the tools that were used to work with Azure DevOps;
- Used a stock image gallery where we stored the generated images and developed Azure pipelines in Azure DevOps to implement these Azure services;
- Created and maintained cross-environment CI using VSTS, enabling code to be deployed securely to Azure Kubernetes (AKS) using YAML scripting;
- Designed and implemented a scalable and secure Azure Landing Zone: Followed best practices and the Microsoft Cloud Adoption Framework
- Azure Security Center and Sentinel: Utilized for real-time monitoring and threat detection, ensuring a secure cloud environment
- Azure Repos for source code management: Set up and managed, ensuring best practices in version control
- CI/CD pipelines: Designed and maintained using Azure Pipelines, enabling automated build, test, and deployment processes
- Continuous code quality checks: Integrated SonarQube into the CI/CD pipeline for vulnerability assessments
- Reusable Terraform modules: Created to standardize resource deployment and promote consistency across environments
Cloud Security Engineer
Toyota Motors Europe
09.2018 - 02.2024
- Automated infrastructure deployment: Reduced manual efforts and minimized errors in the provisioning process
- Migration planning and execution: Migrated on-premises databases to Azure SQL Database, ensuring minimal downtime and data integrity
- Azure Data Migration Service: Used to streamline the migration process and resolve potential issues
- Administration and optimization: Managed Microsoft 365 services, including Exchange Online, SharePoint, Teams, and OneDrive
- User accounts, licenses, and permissions management: Ensured efficient and secure collaboration across the organization
- Security features: Implemented Multi-Factor Authentication (MFA) and Conditional Access Policies to protect user identities and data
- Azure Entra ID configuration: Set up for single sign-on (SSO) and multi-factor authentication (MFA) to enhance security and user experience
- Application management: Managed application registrations, API permissions, and role assignments in Azure Entra ID
- Third-party applications integration: Streamlined authentication and authorization processes by integrating with Azure Entra ID
- Responsibilities:
- Administration of Azure DevOps Services virtual machines, SQL databases, Azure Active Directory, and storage.
- Experience in monitoring, autoscaling, PowerShell automation.
- Refinement of subnets and virtual networks to fully comply with the requirements of the project.
- Implementations of PowerShell scripts used to patch, image, and deploy to Azure.
- Worked with deletions and updates of Azure resources.
- Azure development, deployment, cloud services.
- Developed, optimized, and enforced cloud security policies and procedures to bolster the security posture and reduce the risk of data breaches
- Conducted vulnerability management and regular security assessments
- Implemented and managed web application firewalls to prevent unauthorized data access.
- Integrated Azure AD with on-premises Active Directory for seamless user authentication and access management.
- Implemented Single Sign-On (SSO) solutions using Azure AD to simplify user access to cloud and on-premises applications
- Conducted periodic access reviews and audits to ensure compliance with security policies and regulatory requirements
- Implemented Privileged Access Management (PAM) solutions within Azure environments
- Designed role-based access controls (RBAC) for privileged accounts and implemented just-in-time (JIT) access for elevated privileges
- Configured Azure Privileged Identity Management (PIM) to streamline the process of granting and revoking privileged access
- Conducted periodic access reviews for privileged accounts and enforced separation of duties.
- Integrated Azure AD Identity Protection to detect and respond to suspicious user activities and potential security threats.
- Collaborated with DevOps teams to integrate security into CI/CD pipelines, promoting a security-first culture within the organization.
System Engineer
Sibelga
04.2017 - 09.2018
- Working knowledge in deploying CI/CD system using Azure DevOps on Kubernetes container environment, and for the runtime environment of CI/CD system to build, test and deploy there we utilized Kubernetes and Docker.
- Built Terraform code and ARM templates for resources to be provisioned in Azure cloud
- Used Terraform to reliably version and create infrastructure on Azure.
- Created resources using Azure Terraform modules and automated infrastructure management.
- Structured cluster AutoScale for Azure Kubernetes Service (AKS) by using Terraform and worked with scheduling, deploying, managing pods and replicas in AKS.
- Terraform was used along with Packer to create custom machine images, and Ansible was to install the software dependencies once the infrastructure was provided.
- Developed and maintained Continuous Integration (CI) using tools in GitHub/Azure DevOps (VSTS) spanning multiple environments, enabling teams to safely deploy code in Azure Kubernetes Services (AKS) using Yaml scripts.
- Managing the Azure Kubernetes Services (AKS) policies, providing access to different Azure resources and developing and improving the workflows that govern access.
- VMware Administration:
- Extensive experience managing and maintaining VMware vSphere environments
- Proficient in deploying, configuring, and optimizing VMware ESXi hosts and vCenter Server
- Expertise in VM provisioning, resource allocation, performance tuning, and troubleshooting
- Skilled in creating and managing VMware clusters, DRS, HA, and VMotion for high availability and resource optimization
- Strong understanding of storage and network configurations within VMware environments
- Comprehensive knowledge in deploying and managing Citrix Virtual Apps and Desktops (formerly XenApp and XenDesktop)
- Skilled in configuring and optimizing Citrix Delivery Controllers, StoreFront, and Citrix Receiver
- Experience in managing Citrix Workspace and Citrix Cloud environments
- Proficient in setting up and maintaining Citrix Provisioning Services (PVS) and Machine Creation Services (MCS)
- Expertise in user profile management and application layering
- Hands-on experience configuring and managing Citrix NetScaler for load balancing, gateway, and security
- Proficient in setting up NetScaler Gateway for secure remote access to applications and desktops
- Strong skills in configuring SSL VPNs, HTTP compression, content switching, and traffic management
- Experience in monitoring and troubleshooting NetScaler performance and network issues
- Work with business and solution owners to identify and maintain user role definitions
IAM Engineer
EUROCLEAR Bank
10.2015 - 02.2017
- Build partnerships with business units to ensure that business requirements continually inform Role Based Access Control program
- Serve as internal liaison for RBAC/IAM issues with representatives from application solution owners and Information Security
- Manage and engage change network and conduct change impact assessment
- Work with stakeholders to understand their access needs and design access roles accordingly
- Define roles and resource groups for standardization as per client security standards
- Review active privileges in the system and conclude on creation/modification of roles
- Communicate requirements to stakeholders, manage conflicts, issues, and challenges to ensure that stakeholders and project team members remain in agreement on solution scope
- Plan and monitor to determine which activities are necessary to identify relevant stakeholders
- Involved in Provisioning RBAC Resource Groups in Active Directory and CyberArk Safe
- Work with business and solution owners to identify and maintain user role definitions
- Build partnerships with business units to ensure that business requirements continually inform Role Based Access Control program
- Serve as internal liaison for RBAC/IAM issues with representatives from application solution owners and Information Security
- Manage and engage change network and conduct change impact assessment
- Work with stakeholders to understand their access needs and design access roles accordingly
- Define roles and resource groups for standardization as per client security standards
- Review active privileges in the system and conclude on creation/modification of roles
- Communicate requirements to stakeholders, manage conflicts, issues, and challenges to ensure that stakeholders and project team members remain in agreement on solution scope
- Plan and monitor to determine which activities are necessary to identify relevant stakeholders
- Provisioned Roles in Net IQ
- Involved in Provisioning RBAC Resource Groups in Active Directory and CyberArk Safe
- Involved in Provisioned RBAC Resource Groups in the server Local Groups
- Analyze data pull (Service accounts, Sudo commands, Shares, Services etc.) from the platform team and clean up user access
Security System Administrator
CSB Consulting - CRONOS ITS at the European commission
02.2012 - 08.2015
- Installing and maintaining security networks
- Analyzing existing systems to identify areas for improvement
- Conducting maintenance checks and upgrades to optimize services and functions
- Monitoring systems for suspicious activities or breaches
- Developing IT solutions that adhere to company policies and regulations
- Managing updates and creation of intranet files
- Creating, managing, and maintaining corporate Local Area Networks (LAN)
- Managing and monitoring tools related to security and encryption
- Handling network objects such as computers, users, and TCP/IP resources
- Utilizing scripts to automate system administrative tasks and managing command-line interface administration with Linux and Unix
- Resolving security clearance issues and updating security clearance information
- Implementing in-house PBX systems and developing the company’s Intranet
- Deleting access to mainframe systems and performing risk analysis and management on controls
- Reviewing security logs and violation reports
- Configuring hardware and network communications
- Periodically perform internal assessment to assure compliance with controls
- Monitoring and performance tuning for both Active Directory and Windows operating systems including connectivity, synchronization, replication, netlogon, time services, FSMO roles, schema, NTDS database partitions, DNS settings, SRV records, certificate authorities and trust relationships
- Provide operational guidance and serve as a central escalation point for all Microsoft server related technologies such as, but not limited to: Active Directory, Group Policy, AD Trusts, AD Sites and Services, Microsoft Identity Manager, PowerShell DSC, Puppet for Windows, Time Synchronization, DNS, DHCP, and DFS
- Documentation of system configuration and standard operating procedures
System Security
STEFANINI - Essilor
08.2010 - 02.2012
- Producing documentation on operational, system and user procedures & guidelines
- Obtaining quotes for supply of goods and services from suppliers
- Implementing, and monitoring security measures for the protection of systems and information
- Identifying and defining system security requirements
- Designing computer security architecture and developing detailed cybersecurity designs
- Documenting standard operating procedures and protocols
- Configuring and troubleshooting security infrastructure devices
- Developing technical solutions and security tools to mitigate vulnerabilities and automate tasks
- Reporting on security incidents and proposing enhancements for system security
Telecom Engineer
VRD Engineering
04.2009 - 12.2009
- Experienced in working with ASTERISK software (DIGIUM CARD), installing LINUX OPERATING SYSTEM (FEDORA, REDHAT and CENTOS, TRIXBOX), Installing and configuring ASTERISK PBX in ISDN, SS7 Signaling
- Network protocols used SIP, IAX, H323, MGCP
- I have also configured sip phones (soft & hard) using ASTERISK PBX
- Management of Groups and Users accounts in asterisk
- Maintain the infrastructure of Asterisk Server, Elatix, IP phones and Softphones
- Configuring VoIP routers and Switches for Clients
- Technical Customer support service
PC Support Technician
ATT (Atelier TIC de Tanneur)
08.2008 - 12.2008
- Provide network administration to include LAN troubleshooting and resolution
- Manage the configuration and performance management of all PC systems and telecommunication
- Maintains passwords, data integrity and file system security for the desktop environment
- Install, configure, and maintain back-end and front-end systems
- Recommend hardware and software solutions and upgrades using established procurement processes
- Establish, review, approve and process quotes, requisitions, and purchase order for capital equipment
- Installation and updating of software, as well as the setup and troubleshooting of all equipment
- Expertly installed, configured, monitored, and troubleshoot PC’s and related hardware and all OS platforms
Education
Economics
FUSL-Saint Louis-Brussels
Network & Telecommunication
HE2B
08.2009
Skills
- Azure cloud management
- Infrastructure development tools expertise
- Ansible automation
- CI/CD tool proficiency
- Container orchestration: Docker, Kubernetes
- Version control proficiency: Git and GitHub
- System logging and monitoring
- Proficient in Python and PowerShell scripting
- Database management
- Web server management: Apache Tomcat, NGINX, IIS
- Operating systems: Linux and Windows
- Virtualization technologies expertise
Languages
French: First Language
English: C1
Advanced (C1)
Timeline
Azure Cloud Architect
IBZ - Tek System
10.2024 - Current
Cloud DevOPS/Security
Brussels Airport Company
01.2024 - 09.2024
Cloud Security Engineer
Toyota Motors Europe
09.2018 - 02.2024
System Engineer
Sibelga
04.2017 - 09.2018
IAM Engineer
EUROCLEAR Bank
10.2015 - 02.2017
Security System Administrator
CSB Consulting - CRONOS ITS at the European commission
02.2012 - 08.2015
System Security
STEFANINI - Essilor
08.2010 - 02.2012
Telecom Engineer
VRD Engineering
04.2009 - 12.2009
PC Support Technician
ATT (Atelier TIC de Tanneur)
08.2008 - 12.2008
Network & Telecommunication
HE2B
Economics
FUSL-Saint Louis-Brussels
Similar Profiles
Lulu Joseph Vattamakkal JosephLulu Joseph Vattamakkal Joseph
Credit card advisor at Tek systemCredit card advisor at Tek system
ABDUL AGUNBIADEABDUL AGUNBIADE
Administrative Assistant at TEK SYSTEMAdministrative Assistant at TEK SYSTEM
ABDUL AGUNBIADEABDUL AGUNBIADE
Administrative Assistant at TEK SYSTEMAdministrative Assistant at TEK SYSTEM
Amélie DammanAmélie Damman
Déléguée Médicale at Kela PharmaDéléguée Médicale at Kela Pharma
Patrick BahiziPatrick Bahizi
Cloud Security Engineer at Toyota Motors EuropeCloud Security Engineer at Toyota Motors Europe