Network & Security Engineer

Building Secure, Reliable Networks

Based in Nairobi, Kenya — Available for enterprise & contract roles

Network Engineering Firewall Administration Systems Administration Cybersecurity Virtualisation

Technically focused engineer with hands-on experience in Sophos firewall administration, enterprise network design, and Linux systems management. I specialise in building secure, scalable environments using Sophos XGS, MikroTik RB5009, and UniFi — and automate infrastructure workflows with Python & Flask.

View My Work Get In Touch
MM
Moffat Mubea
Network Engineer · Systems Admin
LocationNairobi, Kenya
StatusOpen to Work
GitHubmubeakungu
X@moffatmubea
Phone+254 110 291 686
01

Core Expertise

Sophos Firewall
Security
Full XGS firewall deployment — IPS policies, traffic insights, zero-day protection, and active threat response via Sophos Central.
Sophos XGSIPS/IDSDual WANMDR
MikroTik Administration
Networking
RB5009 configuration via WinBox — bridge, interfaces, DHCP management, routing, and live traffic monitoring.
MikroTik RB5009WinBoxDHCPRouting
Network Design & Simulation
Design
Full enterprise topologies in Cisco Packet Tracer — physical racks, logical WAN diagrams, and corporate floor plans.
Packet TracerWANVLANsOSPF
Structured Cabling & Floor Plans
Physical
Physical network documentation including floor plan layouts, switch port assignments, AP placement, and server room architecture.
Floor PlansUniFi APsIP CamerasPort Docs
Linux & Virtualisation
Systems
VM deployment on VirtualBox — Kali Linux, Debian systems, snapshots, storage configuration, and NAT networking.
VirtualBoxKali LinuxDebianKVM
Infrastructure Automation
Dev
Custom scripts and REST APIs for network monitoring, sysadmin workflows, hotspot authentication, and config management.
PythonFlaskBashREST API
01Network Design & Simulation — Cisco Packet Tracer4 projects
Multi-site WAN
Multi-Site WAN Topology
Completed
Simulated multi-site WAN for Lineplast Group connecting Aromakare Factory, KIE, Warehouse, and CUTE over P2P links on 192.168.2.0/24.
Packet TracerWANP2PSubnetting
Enterprise Topology
Lineart Enterprise Topology
Deployed
Full enterprise network for Lineart covering Finance, Accounts, Procurement, Admin, Production with APs, CCTV, and multi-switch distribution.
Packet TracerMulti-switchWireless APsCCTV
Physical Rack
Physical Rack & Wiring Closet
Completed
Detailed rack simulation showing PDUs, switches, wireless LAN controllers, and access points across two wiring closets.
Packet TracerRack DesignWLCPDU
Corporate Office
Corporate Office Physical Layout
Completed
Physical layout of a full corporate office showing all named workstations, laptops, printers, and the main wiring closet with switch uplinks.
Packet TracerPhysical ModeEnd Devices
02Physical Network Documentation — Floor Plans2 projects
Factory Floor Plan
Lineart Factory Floor Plan
Deployed
Full physical layout for Lineart Factory — server room with Sophos firewall, dual ISP (Safaricom 1Gbps + JTL 25Mbps), all departments cabled.
SophosDual ISPIP CamerasCabling
Production Floor
Production & Godown Extension
Deployed
Extended floor plan covering Production Office, Accounts (S1 ports 16–24), Pet Factory, Procurement, and Admin with wireless APs.
UniFi APsSwitch PortsIP Cameras
03Sophos XGS Firewall Administration — Lineplast Groups4 projects
Sophos Control Center
Sophos XGS107 Control Center
Live
Full firewall dashboard — traffic insights, active threat response (MDR, NDR, X-Ops), user & device insights, and SSL/TLS monitoring.
Sophos XGS107MDRX-OpsSSL/TLS
Firewall Interfaces
Firewall Interface & Uplink Config
Live
Dual WAN — Safaricom Port 2 (1Gbps) and JTL Port 3 (100Mbps) — with MikroTik LAN and guest AP interfaces, all statically assigned.
Dual WANSafaricomJTLStatic IP
IPS Policies
Intrusion Prevention & IPS Policies
Live
IPS policies covering DMZ-to-LAN, LAN-to-WAN, and WAN-to-DMZ traffic flows with custom strict/general policies. Signatures updated March 2026.
IPSDoS ProtectionDMZCustom Sigs
Sophos Reports
Traffic & Threat Reports
Live
Traffic dashboard showing 17.97 GB daily throughput, top domains, FTP/web upload monitoring, and mail traffic summaries for Lineplast Groups.
Traffic DashboardReportingWeb Filtering
04MikroTik RB5009 Administration — WinBox2 projects
DHCP Log
DHCP & ARP Conflict Management
Live
Live DHCP log showing 1000+ IP assignments on 192.168.2.x with ARP conflict detection and resolution for the enterprise LAN.
MikroTikDHCP ServerARPLog Analysis
Interface List
Interface & Bridge Configuration
Live
RB5009 interface list with live Tx/Rx throughput — ether1 at 1.6 Gbps Rx handling main LAN traffic alongside SFP+ and bridge ports.
RB5009BridgeEthernetSFP+
05Virtualisation — VM Deployment & Installation1 project
Kali Linux VM
Kali Linux VM Deployment
Running
Deployed Kali Linux 2025.4 x64 on Oracle VirtualBox — 2 vCPUs, 2GB RAM, 80GB SATA, KVM paravirtualisation, NAT networking.
VirtualBoxKali 2025.4Debian 64-bitKVM
03

Get In Touch

Open to full-time roles, contract work, and consulting engagements in network engineering, systems administration, and cybersecurity.

✉️
Primary Email
macmubea5@gmail.com
📞
Phone
+254 110 291 686
🐙
GitHub
github.com/mubeakungu
💼
LinkedIn
linkedin.com/in/mac-mubea