SUMMARY:

• A skilled, versatile, and results - oriented IT professional with extensive experience in engineering and operational support of information systems in network and system-diverse enterprise infrastructure.
• Possess strong hands-on technical expertise in various areas of system and network security.
• A quick learner with strong analytical and problem solving skills.
• Over 15 years of experience with Check Point security solutions. Strong UNIX skills.

TECHNICAL SKILLS:

Networking: Cisco LAN/WAN networking, routing/switching

Firewalls: Check Point FW-1 4.1 through NGX R77.30 on GAiA, Cisco ASA, Cisco Meraki, Palo Alto, Fortinet Fortigate

VPNs: Check Point VPN-1/SecureRemote, Cisco ASA, Juniper JSA

Load Balancers: BIGIP F5 LTM, MS Forefront TMG, Nortel Alteon

Virtualization: VMware vSphere 5 environment, ESX 3.0-3.5, ESXi 5.5

Cloud computing: Amazon AWS (EC2, VPC, S3, Route 53, RDS, CloudWatch)

Wireless: Cisco WLCs, LWAPPs, WCS

Authentication: RSA SecurID/AceServer, Vasco Authentikey, Cisco ACS, Microsoft IAS, FreeRADIUS

Endpoint Security: Check Point, TrendMicro, Kaspersky, Sophos

Servers: HP x86standalone x86 servers and C-class blades, Cisco UCS B- and C-series, Sun Sparc

Email: Sendmail, Postfix, Courier, Cyrus, Barracuda, SpamAssassin, OpenDKIM, OpenDMARC

DNS: Bind9, MS DNS

DB: MySQL

Operating Systems: Various Linix distros, RedHat/CentOS Linux up to v7, Sun Solaris 2.5-10, FreeBSD, OpenBSD, HP-UX 11i

Languages: Perl, Tcl/Tk, JavaScript, UNIX shells

Other: Author of GORT, a popular security add-on for GroupMe

PROFESSIONAL EXPERIENCE:

Confidential

Owner

Responsibilities:

• Developed special purpose interactive messaging bots integrated with GroupMe group messenger platform
• Developed custom backend and frontend web applications using Perl, MySQL, Apache, JavaScript
• Developed a custom e-commerce system with PayPal integraton
• Built and maintained Amazon AWS-based Linux server infrastructure
• Hired, trained and supervised a 5-person Sales/Customer Service team
• Provided consulting services

Senior Network Security Engineer

Responsibilities:

• Technical lead of the Network Security team, ensuring security, integrity and availability of information systems in the enterprise
• Primarily responsible for Check Point firewall and site-to-site VPN infrastructure company-wide, including overall design, new builds, migrations, policy management, patches and upgrades
• Responsible for Juniper-based remote access VPNs
• Manage BigIP F5 load balancers (hardware deployment and configuration, policy management, new virtual server setups, custom iRules)
• Maintain log servers and firewall event correlation system
• Manage Cisco WLC- and LWAPP-based wireless networks
• Manage corporate endpoint security solutions
• Manage internal PKI infrastructure/certificate authority
• Manage corporate public DNS system
• Manage VMware vSphere infrastructure
• Perform periodic security audits and vulnerability assessments of production systems
• Perform security hardening of business critical UNIX systems
• Respond to security incidents, perform remediation
• Work with external auditors and provided coordination for formal security audits
• Work with vendors to evaluate various network and security solutions for use in the enterprise
• Rollout of Check Point security appliances under central management company wide, replacing legacy standalone firewalls in all branch offices
• Redesign of edge security and DMZs architecture in physical and virtual datacenter envonments
• Design and implementation of remote access VPN solutions using Juniper JSA / Pulse
• Design and implementation of two-factor authentication solutions using RSA, and later VASCO products
• Design and implementation of company-wide Cisco WLC-based 802.11a/g wireless network and underlying authentication infrastructure using WPA-Enterprise with PKI and full Active Directory integration
• Design and implementation of SMTP content inspection/spam filtering solution for inbound email
• Desktop antivirus replacement project: migrating all servers and workstations from TrendMicro to Kaspersky Endpoint Security solutons
• Server consolidation/datacenter virtualization project on VMware ESX: primary technical lead in the team that consolidated ~100 physical servers onto a single HP 7000/DL460 blade system with EVA SAN using VMware VI 3.5 with features VMotion, HA/DRS, and VMware Consolidated Backup.
• Virtual datacenter migration project: consolidated both virtual datacenters in US and EU into a single managed virtual datacenter runningVMware vSphere on Cisco UCS hardware

UNIX, Network, and Security administrator

Responsibilities:

• Single-handedly managed corporate Check Point firewall infrastructure - from custom hardware builds to policy design and daily administration
• Designed and built corporate public and private DNS systems using BIND under Solaris
• Performed domain name administration and management through Network Solutions and other registrars
• Performed SSL certificate management
• Maintained sendmail-based SMTP relays for inbound and outbound email
• Built, deployed and supported various UNIX systems(Solaris, HP-UX, various Linux, OpenBSD) throughout the enterprise - including hardware setup, OS installs, configuration, patching, imaging, backups, security
• Migrating Check Point 4.1 firewalls to NGX R55 on Sun Sparc hardware
• Deploying a web filtering/monitoring system (Surfcontrol SurfWatch)
• Periodic security scanning using Tenable Nessus
• Open source network backup system for UNIX servers using Amanda Backup
• Open source enterprise monitoring system based on NetSaint
• Distributed intrusion detection system for the datacenters based on Snort
• High availability/load balancing solution for corporate e-commerce web sites using Nortel Alteon switches

Web Administrator

Responsibilities:

• Administered production corporate web servers on both Windows NT/IIS and Linux/Apache platforms
• Performed server builds, investigated server outages, provided overnight and weekend on-call support.
• Designed various perl CGI applications
• Implemented perl and shell scripts for task automation
• Conducted security audits and penetration testing of exposed web servers
• Designed and implemented a centralized webs server log collection, processing and reporting solution
• Built the corporate FTP server with a custom management front-end
• Built and maintained a mailing list server hosting over 200 mailing lists

Systems Administrator

Responsibilities:

• Performed routine NT domain administration including user management, backups, software installation and upgrades
• Performed installation, configuration and in-house hardware repair of NT servers and workstations
• Maintained internal e-mail system (sendmail, MS Exchange)
• Provided 24x7 user support
• Was responsible for network security and integrity
• Setup and fine-tuned a remote access solution using US Robotics NetServer Plus/ISDN and Livinston RADIUS
• Implemented a Linux-based firewall solution
• Designed the company web site (confidential)

Hardware and Network Consultant

Responsibilities:

• Installed and maintained Windows NT 4.0 and Linux networks.
• Assembled and configured custom Intel based PC systems
• Software installations, trouble shooting, backup and fax solutions on the enterprise level.
• Took part in a development of an E-commerce system
• Implemented: HTML coding, CGI programming