Summary
Overview
Work history
Education
Skills
Certification
Custom
Timeline
Generic

Joseph Khalil

Guildford

Summary

A highly skilled Cloud SME with over 10 years of experience in securing, engineering, and managing IT infrastructures for large-scale organizations. With a specialized focus on Microsoft security solutions, including Azure AD, Microsoft Defender, and M365, with extensive experience designing and implementing secure identity management, threat analysis, and compliance strategies. Known for blending technical expertise with effective communication skills, successfully led projects in high-security environments, delivering solutions that comply with industry regulations and ensure operational security. Expertise spans cloud environments, on-premises security, and hybrid infrastructures, always ensuring a seamless integration of security protocols to protect critical assets.

Overview

9
9
years of professional experience
5
5
years of post-secondary education
1
1
Certification

Work history

Cloud SME – Security engineering

Direct Line Group
London
08.2019 - 03.2025
  • Acting as Cloud SME, providing expertise and strategic guidance to CIO and executive leadership team
  • Accountable for designing and engineering cloud security solutions, creating High-Level Architecture (HLA) and Low-Level Design (LLD) documents, and producing knowledge transfer materials to ensure smooth handover to operations and support teams
  • Conducting threat modelling to ensure secure execution and delivery of projects
  • Collaborating with third parties and stakeholders to ensure seamless and efficient delivery of technical solutions
  • Designed and implemented deployment of thin client endpoints, ensuring endpoint and operating system hardening through Intune
  • Designed, configured and optimised Azure Entra protection, such as risky sign in policies, authentication methods, Conditional access policies and Privilege identity management (PIM)
  • Managing Enterprise Applications & App registration onboarding, such as SAML certification renewals, Application registration secret renewal, SCIM configuration, configuring claims, APIs, roles and permissions
  • Configured SAML, OAuth, and OIDC applications for SSO, ensuring robust authentication and authorisation mechanisms for enterprise applications
  • Configuring azure entitlement management with external identities, using access packages and access review policies
  • Also, B2C & B2B guest access
  • Configured Microsoft defender for cloud apps integration with conditional access policies to manage enterprise applications though MS defender
  • Configured safe attachment policies for email in Microsoft Defender for Office 365
  • Configured DMARK, DKIM and SPF for email security and protection
  • Performing annual Entra ID on-demand security assessments
  • Conducted regular seminars, enhancing departmental expertise.
  • Liaised frequently with industry professionals for updated information and insights.

EUC SME

ICBC Standard Bank
08.2016 - 08.2019
  • Working as part of EUC team, managing 16 load balancers and 4 remote access gateways, securing Citrix environment for 1,000+ concurrent users across multiple regions
  • Threat & Vulnerability Management: Conducted Qualys vulnerability scans, mitigating SSL/TLS security risks for external access points
  • Web Application & Endpoint Security: Configured NetScaler WAF and End Point Analysis (EPA) policies, enhancing remote access security
  • SSL Certificate & Lifecycle Management: Led SSL certificate administration, firmware upgrades, and capacity planning for future Citrix & NetScaler infrastructure scalability
  • Proactive Monitoring & Alerts: Implemented SNMP alerts and AppFlow monitoring via Citrix Insight, optimising security performance and ICA/TCP latency analysis

Senior Infrastructure Engineer

Dunnhumby
11.2015 - 08.2016
  • Senior SME for Global Citrix and Wintel environments
  • Responsible for maintaining and upgrading WINTEL and Citrix technologies
  • Handled BAU escalations for applications hosted on Windows Server 2008R2
  • Improved network stability by designing and implementing new infrastructure solutions.
  • Oversaw server maintenance, resulting in improved system reliability.

Education

BSc (Hons) - Computing and Information Technology

University of Derby
Derby

9 GCSEs - A-C, including Maths, English, and Science

Bishop Thomas Grant Roman Catholic School
01.1993 - 01.1998

Skills

    Identity and Access Management (IAM)

    Azure AD/Entra ID

    Active Directory (AD), LDAP

    Conditional Access policies

    Multi-Factor Authentication (MFA), SSPR, authentication & password policies

    Privileged Identity Management (PIM) & Privileged Access Management (PAM)

    Authentication protocols: SAML, OAuth, OIDC, securing application integration with Azure AD


    Cloud Security & Microsoft 365 (M365)

    M365 Purview

    Microsoft Defender XDR Suite

    Microsoft Sentinel

    Exchange Online Protection

    M365 Security: DLP, sensitivity labels, retention policies

    Intune (Endpoint management)

    Microsoft Defender for Endpoint

    CASB (Cloud Access Security Broker) solutions

    Azure AVD & Citrix Cloud (Virtualization platforms


    Scripting & Automation

    PowerShell

    Automation with Intune, Azure Automation


    Endpoint Security & Management

    Intune (Device management and security)

    Citrix Cloud, Azure AVD

    Linux-based endpoint management


    Network Security

    PKI (Public Key Infrastructure)

    Cryptography

    IDS/IPS (Intrusion Detection/Prevention Systems)

    Firewalls, including WAFs (Web Application Firewalls)

    Networking Fundamentals: Load Balancers (F5, NetScaler), VPNs, DNS



Certification

  • CISSP - Certified Information Systems Security Professional
  • SC-300 Microsoft Certified: Identity and Access Administrator Associate
  • MS-102 Microsoft 365 Administrator Expert
  • MITRE ATT&CK Defender (MAD) Cyber Threat Intelligence Certification
  • MITRE ATT&CK Defender (MAD) Fundamentals Badge
  • City & Guilds Level 3 Diploma: CCNA – Essentials in Designing, Building, Installing, Configuring, and Troubleshooting Cisco Networks
  • CISSP

Custom

Available upon request

Timeline

Cloud SME – Security engineering

Direct Line Group
08.2019 - 03.2025

EUC SME

ICBC Standard Bank
08.2016 - 08.2019

Senior Infrastructure Engineer

Dunnhumby
11.2015 - 08.2016

9 GCSEs - A-C, including Maths, English, and Science

Bishop Thomas Grant Roman Catholic School
01.1993 - 01.1998

BSc (Hons) - Computing and Information Technology

University of Derby

Similar Profiles

Create profile
Joseph Khalil