Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
PROJECTS
Certifications & Trainings
Generic

Zaigham Ali

Lahore

Summary

Professional system administrator with expertise in managing complex IT environments. Adept at ensuring system availability, performance, and security while supporting team collaboration and achieving results. Skilled in network management, server maintenance, and troubleshooting. Reliable, adaptable, and focused on delivering impactful solutions.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Senior System Administrator

vFairs
07.2023 - Current
  • Google Workspace & Office 365 Management: Administered user accounts and licenses, configured security settings, and provided technical support to ensure seamless operation and compliance. Implement Google MDM and create automated powershell script to retrieve the bitlocker key and send through Email. Create device security rules.
  • Microsoft Intune: Deployed and managed device compliance policies, applications, and configurations, enhancing security and ensuring compliance with company policies. Successfully integrated Intune with existing infrastructure, improving device management efficiency.
  • Inventory Management & Procurement: Streamlined the procurement process by implementing an inventory management system, Maintained accurate inventory records and ensured timely availability of IT resources.
  • Infrastructure Monitoring: Implemented monitoring tools to oversee LAN, wireless, and CCTV infrastructure, Conducted regular maintenance and updates to ensure optimal performance and security
  • Jira Administration: Utilized Jira for project management and issue tracking, improving workflow efficiency and collaboration within the team. Created and managed Jira projects, configured boards and workflows, and provided training to team members.
  • Firewall (WatchGuard): Configured and managed firewall settings, VPN connections, and network interfaces to ensure secure and efficient network operations.
  • License Management: Managed and maintained licenses for Adobe Creative Cloud, sketchup pro and Autodesk software, ensuring compliance with licensing agreements.
  • Top Performer Award: Recognized as the 2023 Top Performer in the Infrastructure and DevOps Department at Vfairs for exceptional contributions and performance.
  • GitLab: Manage users in gitlab, create repositories and user based merge and pull access rules created. Create pipelines and test them.
  • AWSCloud: Manage Ec2 instances, manage domains in Route53, RDS point in time recovery.

System Administrator

PureLogics
Lahore
07.2022 - 06.2023
  • LAN & Wireless Infrastructure Implementation: Designed and implemented scalable network solutions, enhancing connectivity and reducing latency. Conducted site surveys and developed network plans to ensure optimal coverage and performance.
  • Firewall Management (Pfsense): Configured and managed Pfsense firewalls, including rule sets, VPNs, and network address translation (NAT). Improved network security and reduced unauthorized access.
  • Hardware Procurement & Vendor Management: Negotiated with vendors to secure cost-effective deals. Managed the end-to-end procurement process, ensuring timely delivery and installation of IT equipment.
  • LAMP & LEMP Stack Configuration: Installed, configured, and optimized LAMP (Linux, Apache, MySQL, PHP) and LEMP (Linux, Nginx, MySQL, PHP) stacks for web hosting environments.
  • Shared Web Hosting Management: Administered shared hosting environments on DreamHost, ensuring high availability and security.
  • VPN Management: Set up and managed VPN connections for secure remote access. Trained staff on VPN usage and best practices, enhancing overall security awareness.
  • ISO27001 Audit: Prepare for the audit of ISO27001 and maintain all the records for the audit which were needed.

IT Executive

Ahead Brands PVT LTD
Lahore
06.2021 - 07.2022
  • LAN & Wireless Infrastructure Management: Maintained and optimized network infrastructure, ensuring consistent connectivity and performance. Troubleshot and resolved network issues
  • Hardware & Software Support: Provided comprehensive technical support for Windows and Mac users, resolving hardware and software issues efficiently. Implemented a ticketing system to streamline support requests, improving response times.
  • Email & SMB Server Management: Administered email server and SMB file servers, ensuring secure and efficient communication and file sharing. Configured user accounts, permissions, and security settings.
  • IT Inventory Management: work on asset management system to track IT assets and manage inventory levels. Coordinated with suppliers for procurement, ensuring timely availability of resources.
  • CCTV & Attendance Systems: Installed, configured, and monitored CCTV and attendance systems, ensuring security and accurate timekeeping. Conducted regular maintenance and troubleshooting to ensure system reliability.
  • ManageEngine Usage: Utilized ManageEngine for assigning daily tickets to the team and managing IT inventory, improving service delivery and asset tracking efficiency.
  • Virtualization: Install the hypervisor on servers and create VM's through them.

Education

Bachelor of Science - Computer Science

Virtual University of Pakistan
Lahore
10-2021

Skills

  • Prometheus
  • Grafana
  • Gitlab
  • Python
  • Jira
  • AWS
  • Azure Devops
  • Virtualization
  • Active Directory management
  • Windows administration
  • System upgrades
  • Program installations
  • IP addressing and subnetting
  • Wireless networking
  • Network configuration
  • Active listening
  • Team collaboration
  • Organizational skills
  • Multitasking Abilities
  • Problem-solving abilities
  • Attention to detail
  • Time management
  • Problem-solving
  • Teamwork and collaboration
  • Quick learner
  • Infrastructure upgrading
  • Firewall configuration
  • Storage management
  • Linux certification
  • Virtualization
  • Offboarding and onboarding
  • End point configurations
  • Hardware and software installation
  • Performance tuning
  • Mobile device management
  • Server management
  • Equipment management
  • Help desk software
  • Vendor coordination
  • Device configuration
  • System monitoring
  • Network troubleshooting
  • Hardware expertise
  • Linux administration
  • Scripting languages
  • Network administration
  • Patch management
  • User support
  • Incident management

Certification

  • Docker Level 1 Kode Kloud 2025-12-24 – 2026-02-26
  • AZ-400: Designing and Implementing Microsoft DevOps Solutions Microsoft. – Present
  • Certificate in Cyber Security National Vocational and Technical Training Commission NAVTTC 2022-02-12 – Present
  • Docker Certified Associate National Vocational and Technical Training Commission NAVTTC 2025-03-03 – Present
  • Certified Associate in Python PCAP 2025-06-12 – Present
  • AWS Security Best Practices: Network Infrastructure AWS – Present

Languages

URDU Native
English Very Good Command

Timeline

Senior System Administrator

vFairs
07.2023 - Current

System Administrator

PureLogics
07.2022 - 06.2023

IT Executive

Ahead Brands PVT LTD
06.2021 - 07.2022

Bachelor of Science - Computer Science

Virtual University of Pakistan

PROJECTS

  • Automated Incident Response & On-Call Lifecycle Management (Squadcast)
I architected a centralized incident orchestration platform using Squadcast, streamlining the transition from "Alert" to "Resolution." By automating on-call scheduling and multi-layer escalation, I ensured 24/7 system reliability with zero missed critical events.  Key Contributions: On-Call Schedule Engineering: Designed complex, rotating On-Call Schedules (Daily/Weekly/Custom) for global engineering teams, incorporating "Fairness" logic to prevent burnout and ensure 24/7 coverage.  Intelligent Routing & Tagging: Created logic-based tagging to route specific alerts (e.g., "Database Down" vs. "Latency Spike") to the correct functional teams, reducing Mean Time to Acknowledge (MTTA).  Tiered Escalation Policies: Configured multi-stage Escalation Rules (e.g., Primary → Secondary → Manager) with automated triggers via SMS, Push Notification, and Phone Call to guarantee incident ownership.  Service-Based Automation: Integrated Squadcast with monitoring tools to trigger automated "Sloppy" or "Critical" incidents based on predefined threshold breach policies.
  • Developer Environment Provisioning & Orchestration Automation
Developed a Python-based automation suite to standardize and accelerate the local development environment setup. This tool eliminated manual configuration errors and reduced developer onboarding time from hours to seconds.  Key Contributions: System Orchestration: Leveraged Python’s os, shutil, and subprocess modules to automate Linux user creation, directory structuring, and filesystem hierarchies.  Infrastructure as Code (IaC) Concepts: Automated the generation and deployment of Nginx configuration files, ensuring consistent web server environments across all developer machines.  Security & Permissions Management: Programmatically managed UID/GID assignments and recursive permission settings (chmod/chown) to enforce the Principle of Least Privilege.  Process Standardization: Created a repeatable deployment script that handles environment variables, dependency paths, and localized service restarts.
  • Enterprise Endpoint Security & Threat Defense (Microsoft Defender for Endpoint)

I engineered a comprehensive security posture for the Windows device fleet by integrating Microsoft Defender for Endpoint (MDE) with Intune. This project focused on shifting from traditional antivirus to an advanced EDR (Endpoint Detection and Response) model with automated threat remediation.  Key Contributions: MDE Onboarding & Deployment: Orchestrated the seamless onboarding of Windows 10/11 devices into the Defender portal using Intune EDR Onboarding policies, ensuring 100% visibility into the endpoint estate.  Attack Surface Reduction (ASR): Researched and implemented ASR rules (e.g., blocking Office communication apps from creating child processes) to proactively neutralize common malware entry points.  Next-Generation Protection: Configured real-time, cloud-delivered protection policies including Tamper Protection, Network Protection, and PUA (Potentially Unwanted Application) blocking.  Compliance Integration: Created Device Compliance policies that monitor the health of the Defender sensor and "Risk Score." Integrated these with Conditional Access to block compromised devices from accessing corporate data (M365/Azure).  Automated Investigation & Remediation (AIR): Enabled and tuned automation levels to allow MDE to self-heal infected endpoints, significantly reducing the "Time to Remediate" for the security operations team.

  • High-Capacity Wireless Backhaul Implementation (UniFi AirFiber)

Deployed a high-performance Point-to-Point (PtP) wireless bridge using Ubiquiti AirFiber technology to establish multi-gigabit connectivity between two separate buildings, eliminating the need for costly trenching or leased lines.  Key Contributions: Link Planning & Path Analysis: Conducted site surveys and link budget calculations to ensure clear Line of Sight (LoS) and optimal Fresnel zone clearance, achieving 99.9% link availability.  Hardware Deployment: Physical installation and precision alignment of AirFiber radios, utilizing sub-degree adjustment for maximum signal strength and throughput.  Network Integration: Configured VLAN tagging and management interfaces to seamlessly extend the core corporate network to the remote site.  Performance Tuning: Optimized frequency selection and channel width (MHz) to avoid interference in high-density RF environments, resulting in low-latency, full-duplex data transmission.

  • Secure Remote Access & Network Hardening Infrastructure

I designed and deployed a perimeter security solution centered on pfSense, integrating multi-layered defense mechanisms to secure remote traffic and automate threat mitigation.  Centralized Authentication: Integrated OpenVPN with a RADIUS server to enforce centralized AAA (Authentication, Authorization, and Accounting), ensuring secure and scalable user management.  Automated Threat Intelligence: Implemented pfBlockerNG to provide DNSBL (DNS Blacklisting) and Geo-IP filtering, successfully reducing the network's attack surface by blocking known malicious IP ranges and top-level domains.  Vulnerability Mitigation: Configured firewall rulesets and NAT policies to adhere to the Principle of Least Privilege, minimizing internal network exposure.  Secure Tunneling: Deployed SSL/TLS VPN tunnels with hardware-accelerated encryption to provide high-performance, secure remote access for distributed users

  • Zero-Touch macOS Fleet Management (Intune & Apple Business Manager)

I architected and implemented a modern endpoint management lifecycle for macOS, integrating Apple Business Manager (ABM) with Microsoft Intune to enable seamless, over-the-air deployment and automated security compliance.  Key Contributions: Automated Enrollment (ADE): Established the trust relationship between ABM and Intune using Apple MDM Push Certificates and Server Tokens, enabling "Zero-Touch" provisioning for new hardware.  Identity & Authentication: Integrated Company Portal and Modern Authentication (Entra ID) into the macOS Setup Assistant, ensuring devices are strictly bound to corporate identities upon first boot.  Policy Orchestration: Developed and deployed Configuration Profiles to enforce security standards, including FileVault encryption, password complexity, and system preferences.  Security & Compliance: Configured Compliance Policies and Conditional Access rules to ensure only healthy, encrypted, and updated Macs can access corporate resources (M365/Teams/SharePoint).  Automated Updates: Implemented macOS Update Policies to manage OS versioning and security patches across the fleet without user intervention.

  • Zero-Trust WireGuard VPN with Multi-Factor Authentication (Defguard & AWS)

I designed and deployed a high-performance, secure remote access solution using Defguard on AWS EC2. By utilizing WireGuard as the core protocol, I implemented a Zero-Trust architecture that enforces mandatory 2FA/MFA for every connection, significantly hardening the cloud infrastructure against unauthorized access.  Key Contributions: Cloud Infrastructure Engineering: Provisioned and hardened AWS EC2 instances using Amazon Linux/Ubuntu, configuring VPC Security Groups and Elastic IPs to facilitate stable, high-speed VPN backhaul.  Protocol-Level MFA: Implemented Defguard’s native 2FA (TOTP), ensuring that authentication is verified at the handshake level rather than just a web-login layer.  Identity Management: Configured the Defguard Core as a centralized Identity Provider (IdP), managing user enrollment and device provisioning through a secure, self-service portal.  Network Segmentation: Defined Access Control Lists (ACLs) and firewall rules to restrict VPN traffic to specific internal subnets, adhering to the Principle of Least Privilege.  Performance Optimization: Tuned WireGuard parameters to achieve low-latency, multi-gigabit throughput while maintaining a significantly lower CPU footprint compared to traditional IPsec or OpenVPN solutions.

Certifications & Trainings

  • AZ-400: Designing and Implementing Microsoft DevOps Solutions

     Microsoft - 2025

  • Certificate in Cyber Security

     National Vocational and Technical Training Commission NAVTTC - 2022

  • Docker Certified Associate

      National Vocational and Technical Training Commission NAVTTC -2025

  • Certified Associate in Python

      PCAP - 2025

  • CCNA (Routing & switching) Training
  • RHCSA Training

Similar Profiles

  • ELTON LAICEELTON LAICE

    Senior Linux System Administrator at Standard Bank MozambiqueSenior Linux System Administrator at Standard Bank Mozambique

  • Andrew PaziukAndrew Paziuk

    System Administrator at Ukrainian Academy of CybersecuritySystem Administrator at Ukrainian Academy of Cybersecurity

  • ABDULKARIM MSANGIABDULKARIM MSANGI

    System Administrator at Office of the Treasury Registrar (OTR)System Administrator at Office of the Treasury Registrar (OTR)

  • Cemal AytekinCemal Aytekin

    DevOps Engineer | Linux System Administrator at Veribox TechnologyDevOps Engineer | Linux System Administrator at Veribox Technology

CREATE PROFILE
Zaigham Ali