Sarra Kouki

ISO 27001 Lead Implementer (End-to-End): Designing & implementing a 27001:2022 ISMS for a financial firm. Governance & Risk: Leading Gap Analysis, SoA, Risk Treatment, and Policy Development (BCP/DRP). Technical Stack: Architecting security via OpenVAS, Kibana, Velociraptor, Restic, and SpiderFoot for continuous monitoring and audit readiness. Compliance: Delivering staff awareness training and producing audit-ready documentation for final certification.

Zero-Trust Access Framework: Architected & deployed a production-ready framework to secure critical infrastructure. Identity & Isolation: Engineered SSH CA using HashiCorp Vault, replacing static keys with short-lived certificates. Architected a Hardened Bastion Host for audited RDP/SSH entry. Connectivity & Control: Configured JIT access and RBAC. Used ZeroTier (SD-WAN) for encrypted P2P and NGINX for SSL/TLS termination.

SIEM/SOC Engineering: Deployed Wazuh SIEM with custom rules/LDAP for 23 multi-OS endpoints (Win/Linux/SAP). Integrated Suricata NIDS with Threat Intel (URLHaus) for proactive analysis. SOAR & Automation: Implemented TheHive & Cortex for automated IR and case management. ITAM & Infra: Deployed GLPI/FusionInventory for 100% asset discovery. Integrated Fortigate, OSQuery EDR, and VirusTotal. Resolved critical PKI and network issues.

Software Quality & Automation: Developed proficiency in Java for automation scripting and utilized Maven for project management and build automation. Testing & Quality Assurance: Conducted functional and web application testing using Selenium. Managed version control and collaborative workflows via Bitbucket and Git. Algorithmic Problem Solving: Solved complex daily technical challenges using Java and MySQL to maintain high-level coding standards.

DevOps & Infrastructure: Designed and implemented a Kubernetes (KaaS) cluster using Juju and Charmed K8s. Automated deployment and service orchestration for high availability. Unified Communications: Developed a custom Java/containerized call taxation solution for Cisco (CUCM). Integrated full CUCM environment (IP phones/NTP) with automated reporting. Monitoring & Agile: Deployed Prometheus, Grafana, and Alertmanager for real-time observability. Managed via Agile/Scrum.

Full-Stack Banking Project (End-to-End): Developed a secure web application for client account management and financial historical reporting for a banking client. Technical Execution: Led the full development lifecycle using the MEAN stack (MongoDB, Express, Angular, Node.js). Engineered secure modules for printing and data export while ensuring high data integrity. Methodology: Implemented SCRUM for iterative delivery and strict code quality standards.

Network & Infrastructure: Hands-on introductory role focused on networking fundamentals and telecommunication systems. Core Skills: Managed Network Switches and assisted in Network Administration tasks to ensure uptime and connectivity. Developed a deep understanding of the TCP/IP stack and enterprise communication flows. Collaboration: Worked within the technical team to troubleshoot hardware and configuration issues in a large-scale carrier environment.