SUMMARY:

• I am a seasoned / certified Sr. Network Security Engineer / Architect - Systems Engineer looking to advance my career & knowledge by designing & implementing new secure network technologies & practices.
• Currently, I am a Senior Network Solutions Engineer working for Confidential located in Mid-Town New York, NY.
• I am looking for a position in which I can keep my hands dirty & mind sharp by assessing / securing / redesigning / configuring and managing mid-level to large-scale network LAN, WAN, VOICE, SERVER environments / topologies.

TECHNICAL SKILLS:

Operating Systems: Windows 7 & 10; Windows Server 2008, 2012; Linux (Desktops & Servers)

Programming: Beginner C++; Win32; Java; PHP; XHTML; CSS; XML; SQL; JavaScript; Batch; VBScript

Development Tools: Visual Studio; Dreamweaver; Photoshop; Notepad++

Networking/Administration: CCNA, CCNP, CCIE Written Routing & Switching; CISCO IOS (STP, VTP, VLAN, VRF, BGP, RIP, OSPF, EIGRP, ACL, TCP/IP, Route Maps, Multicast, PBR); Juniper Junos; SDN fundamentals; Firewalls; Routers; Switches; Micro-Segmentation, Wireless; AD User and Group Policies/Privileges; Remote Access; VPN; Windows Server; Linux Server, VMWare & Hyper-V

Hardware Knowledge: Cisco Nexus 2000, 5000, 7000; Cisco Catalyst 3750, 3750, 45xx, 4500-X, 6509; Cisco Router ISR-29xx, ISR-39xx, ISR-44xx, ASR-100x, ASR-90xx; Checkpoint 4800, 12000, Cisco UCS; Juniper SRX Firewalls, Juniper MX Routers, Juniper EX Switches; HP ProLiant DL Series Servers; HP ProLiant BL Series Blade Servers; Dell PowerEdge R Series Servers

Databases Knowledge: PostgreSQL, MYSQL, Microsoft SQL Server

PROFESSIONAL EXPERIENCE:

Confidential,New York, NY

Sr. Network Infrastructure Engineer

• Network design, implementation, and configuration engineer
• Manage Juniper vGW & (VMWare NSX) hosts micro-segementation firewalls
• Build then create & manage firewall security policies/rules/filters on Cisco ASA, Fortinet, Checkpoint & Juniper SRX Security Gateways
• Research network direct and IPSec tunned connectivity to AWS & GCP cloud providers for near future migrations.
• Create AWS & GCP BGP peerings via Direct Connect & IPSec Tunnels respectively.
• Work with windows/linux/dev systems department personnel to troubleshoot source to destination connectivity issues.
• Review / Complete security access request(firewall rule) tickets
• Review, propose then implement BGP/OSPF configuration changes to increase DC to DC and local routing performance / efficiency.
• Riverbed SteelCentral NetProfiler configuration for network visibility when troubleshooting
• Internal / External Citrix Netscaler Load-balancer management

Confidential,Yonkers, NY

Sr Network Edge Security Engineer

• Network edge design & modernization (Lead network edge security engineer - Securing Internet & WAN links as well as 200+ virtual Site-to-Site IPSec VPN links with various remote affiliates/3rd party vendors)
• Lead Checkpoint / ASA firewall engineer - Redesigning / Building / Upgrading / Management of the current edge security infrastructure
• Level 3 edge network issues troubleshooting / mitigation (eg. ddos attacks, cryptolocker/malware infections, corporate wireless outages, etc...)
• Network edge security / performance / management / monitoring redesign diagramming & write-ups
• Team ticketing processes redesign
• Securing the network edge for the new medical software ‘EPIC’
• Internal / External Citrix Netscaler management. WebSense proxy policy management.
• Network topology / equipment needs forecasting & purchase reviews (Moves from WebSense to Bluecoat, ASAx upgrades, Edge network redesign switches / routers / firewalls models, etc...)

Confidential,Charlotte, NC

Lead Network Solutions Architect / Engineer

• Lead network design, implementation, and configuration engineer.
• Review/Decide on standard appliance IOS code versions. As well as devise a format / execute automatic and manual code deployments via ISSU, non-ISSU, and standard upgrades of nexus and non-nexus Cisco equipment.
• Define QOS Policies / Re-Design / Re-IP Address the Confidential main & branch offices in preparation for a mass migration of 5000+ users from the current AT&T Centrex solution to a hosted Cisco voice solution.
• Troubleshoot network outages / performance issues that were notified to the group either via an escalated helpdesk ticket or alerted via the SolarWinds or Cisco Prime NMS.
• Troubleshoot and resolve network related issues on various city SCADA networks eg CATS, CDOT, Charlotte Water...
• Provided suggestions to improve network performance / security / redundancy / overall health / etc…
• Research secondary connectivity solutions which comprised of DMVPN IPSec tunnels via a private 4G LTE cloud.

Confidential,New York,NY

Lead Sr. Network Architect / Engineer

• Lead network design, implementation, and configuration engineer
• Backup Firewall Engineer (Checkpoint, Cisco, Juniper)
• Backup Windows Domain Administrator
• Backup VMWare Administrator
• Lead Intel/McAfee EPO Administrator
• External / Internal IP address & DNS Management
• External Certificate / Internal Certificate Authority Management
• Design / Implement Network Server Core Centralization / Datacenter Colocation
• Design / Implement Multi-Branch Cisco Hardware Refresh (Including phase/replacement out of Juniper SRX series edge Security Gateways & HP switch standard)
• Design / Implement Hub Site Cisco Wireless Network
• Design / Implement Multi-Branch Cisco VoIP Design & Configuration
• Design / Implement hierarchical IP Addressing scheme for Main/Branch sites; Re IP'd user/server segments accordingly

Confidential,NY

Sr. Network Engineer

• Act as a level 3 network design, implementation, and configuration engineer on various projects to aid network growth while providing multi-vendor setup alternatives.
• Build, Configure & deploy Cisco routers (ASR 1004, ASR 1006, Cisco 7200) / L3 switches - (Cisco 7609 with sup720-3b-xl), (Nexus 3064, Nexus 7010's with sup1) and Wireless LAN Controllers (Cisco WLC 5500), Ruckus ZD5000, Belair AP's.
• Meet with Cisco, A10, Ruckus & other vendors to review TAC cases/fixes & code feature upgrades to various network appliances.
• Document network changes and review baselines, peak & delta for device, traffic, latency, session, memory, cpu, etc. (SevOne NMS) Such proactive monitoring has ensured network availability and device uptime.
• Troubleshoot Cisco CAPWAPP, Ruckus LWAPP & Belair LNS L2TP tunnel termination issues.
• Administer Cisco Network Registrar & troubleshoot DHCP extension options related issues with use of our Apcon port aggregation & Clear Sight packet capture appliances.

Confidential,New York,NY

Sr. Network Engineer / Juniper Firewall Engineer

• Act as level 3 network support. Was contracted by Confidential to aid in a large scale migration/network cutover due to Confidential acquisition of Prudential Bache.
• Aid in the management/maintenance/support of the 1,200+ Confidential global (including US, London, Hong Kong, etc…) network appliances found in their Primary, DR and Branch sites.
• Configure & deploy Cisco routers (ISR 3845 & 3945) / L3 switches - (Catalyst 3750, 4948), (Catalyst 6504s & 6509s with either sup32 3b’s or sup720 3b’s), (Nexus 7010’s with sup1) and Juniper SSG20 firewalls to be used at Primary, DR and Branch sites.
• Monitor/implement everyday routing & firewall related requests submitted by users & the helpdesk through Confidential Remedy ticking system. Example of everyday tickets include server patch schedules; configuring/trunking/VPC HP & Dell servers & BladeCenter switches to the network; creating site to site IPSEC VPN tunnels to third party companies; adding new routes to the network; troubleshooting routing protocol issues such as tweaking BGP & EIGRP metrics to alter preferred routes; work with the Windows & Unix server engineering teams to determine possible application slowness; etc…
• Troubleshoot MPLS & Point-2-Point circuit and BGP connectivity & routing issues. Work primary (Verizon), secondary (AT&T) & tertiary (optimum lightpath) circuit providers to address network stability and link flapping/down issues.
• Create firewall rules using Juniper NSM to allow servers or users (when bypassing the proxy is needed) to access internet or extranet services; Rules were also created to deny IP addresses/ranges when potential malicious threats were observed.
• Utilize network management applications such as Orion NPM, Infoblox, ManageEngine Device Expert, Optnet Acelive (Gigamon) & Wireshark, Riverbed MAZU, etc… when troubleshooting network performance & maintenance related issues.
• Create MS Visio diagrams & word documents for easier access of crucial data and to visualize the network topology when modifying or implementing changes.
• Research software’s/appliances that can increase our engineering staff’s productivity, then propose the benefits & disadvantages to management.

Confidential,New York,NY

Network Engineer / NOC Technician

• Installation and configuration of CISCO switches Catalyst series (2900XL, 3560, 3750, 4506, 6509, and 6513) and router series (2600, 3845) into Daily News Datacenter at Primary & DR sites.
• Preserve the integrity of the Daily News network; troubleshooting issues found by network monitoring applications CISCOWORKS LMS, SOLARWINDS ORION NPM, OPTNET ACELIVE, IPSWITCH WHATSUPGOLD, etc.
• Investigate & resolve issues regarding CISCO appliance switching / routing protocols eg. STP loops/Unnecessary convergence; routing loops, IPSEC GRE tunnel’s going down unexpectedly; BGP links down or flapping; etc…
• Aid in the management of user access to Daily News central network using Juniper’s SSL VPN appliance.
• Server & user Ethernet & Fiber patching.
• Creation of Visio diagrams to account for network changes.
• Currently I’ve been tasked with upgrading our company’s CISCOWORKS NMS from 2.6 to 3.2.