We provide IT Staff Augmentation Services!

Cloud Solutions Architect Resume

SUMMARY:

  • My mission will always be the continuous strive to be the best if not one of them, and with 4 ½ years of project experience and 5 years of overall IT experience in a network support role, I consider myself a Mid to Sr level network engineer.
  • My focus is on utilizing my expansive knowledge base to design and implement efficient, turn - key solutions for Enterprises, Government institutions and Service Providers that will help promote business productivity and scalability along with further advancing my career in the IT/Telecommunications field.
  • From the start, I have acquired the ability to work in a team environment or independently with general guidelines and minimal supervision.
  • My proven ability to work with highly demanding customers has perfected my written and verbal communication skills, allowing me to provide error-free solutions to customers.
  • Create an EC2 Instance Running Apache and PHP, then Create a Custom AMI from that Instance.
  • Create a Secure Web Application from Scratch with a Bastion Host, NAT Gateway and Application Load Balancer in AWS, then Configure an Auto Scaling Group for that Application.
  • Manag e DNS Records with AWS Route 53 and configuring an AWS CloudFront Distribution.
  • Create and Configure Secure AWS RDS Instances with Read Replicas and Backup Solutions.
  • Monitor Security Groups with Amazon CloudWatch Events.
  • Build Serverless Architectures using Amazon CloudWatch Events and Scheduled Events with AWS Lambda.
  • Build Serverless Architectures with Amazon DynamoDB and Amazon Kinesis Streams with AWS Lambda.
  • Administer Amazon RDS for Microsoft SQL Server .
  • Design a Blue/Green Deployment Pattern with AWS Elastic Beanstalk.
  • Configure Amazon S3 Buckets to host a Static Website with a Custom Domain.
  • Configure AWS Backup and Archiving Solutions in S3 with Lifecycle Policies and Versioning
  • VPC peering and how AWS routes traffic based on routing rules.
  • Install an Intrusion Prevention System (IPS) on an EC2 Instance
  • Build a Serverless Website with AWS API Gateway and AWS Lambda
  • Build a Text-to-Speech Application using DynamoDB, AWS Polly, AWS Route S3, AWS API Gateway
  • Auditing the Core Azure Services

TECHNOLOGIES:

Cloud: VPC, EC2, AMI’s, EBS, EFS, RDS, S3, SNS, ELB, C loudWatch, CloudTrail, Auto Scaling, Route 53, Lambda, IAM, CloudFormation, EMR, Elastic Beanstalk, SQS, Amazon MQ, Amazon DLM, SWF, ElastiCache , Redshift, AuroraDB, DynamoDB, Neptune, Kinesis, Glacier.

L4: MPLS, DNS, DHCP, RADIUS, LDAP, LDAPS, TACACS+, RDP, ODBC, HTTP, HTTPS, FTP, SFTP, FTPS, Telnet, SSH

L3: RIP, EIGRP, OSPF, IS-IS, BGP, PBR, PfR, NAT

L2: STP, 802.1q, HSRP, VRRP, GLBP, VPC, VSS, LACP, PAgP, OTV, MPLS

L1: 10/100/1000 Base- Confidential, SMF, MMF, GLC, SFP, QSFP

Security: 802.1X, AAA, IPSEC, IKEv1, IKEv2, DMVPN, GETVPN, WEBVPN, FlexVPN, RSA, OTP, SSO, PKI, PSK, TBAR, CA Trustpoints, Cisco ACS, Cisco ISE, IDS, IPS, ASDM, CSM, NSM

General Networking: SaaS, IaaS, PaaS, FaaS, IaaC, WAN, LAN, Infrastructure, Wireless Communications, Change Management, IT Service Management, Entry level Project management, Best Practices, Field work “Rack & Stack ”

Platforms: Cisco ISR 4400/3900/2900/2800/1900/1800/800 , ASR 1000 series, 7200 VXR, Catalyst 6500/4500/4400/3750/3600/3500/2900 , Nexus 7K/6K/5K/3K/2K, ASA 5500/5500-X, ISE 3400/WSA S170, MSE, Cisco Prime

Various: Blue Coat, PAN Firewalls, Checkpoint Firewalls, Juniper Firewalls, F5 Load Balancers, Riverbeds Steelhead 7070, 5070, 3070, 770 and 570, CDI Port Authority OBM, FortiGate Firewalls

CLI, Programming/Scripting Languages & DevTools: IOS, IOS-XE, IOS-XR, CatOS, NX-OS, JunOS, Linux (Bash), Python(Novice), JavaScript , Electron, Node.JS (Novice), JSON(Novice), Chef, Puppet, Jenkins, Ansible, Salt, Bamboo, Docker, Docker Swarm, Kubernetes, Terraform, AWS CodeBuild, CodeDeploy, CodePipeline & CodeStar, AWS OpsWorks, AWS Auto Scaling , AWS API Gateway. AWS Polly

Monitoring Tools & Utilities: NMS, SolarWinds, Service Now, HP Openview, NetBrain, SourceFire, McAfee SIEM, Virtual Defense Center, Nagios, Carbon Black, Nessus, Maltego, WireShark, Aircrack-ng , SenSu, NewRelic, AWS GuardDuty, AWS WorkSpaces, AWS Well-Architected Tool, AWS Control Tower, AWS Database Migration Service, AWS Athena, AWS Glue

Business: Microsoft Office Suite (Word, Excel, Project, Visio, One Note)

JOB HISTORY:

Confidential

Cloud Solutions Architect

Responsibilities:

  • Assessed current network infrastructure to determine most efficient AWS solution.
  • Created IAM Users and Groups to match staff list
  • Tailored IAM policies to customer requirements
  • Created customers domain using Route 53
  • Created DNS records for EC2 instances
  • Added Route 53 health checks to EC2 instances
  • Configured DNS to failover to static site using Amazon S3
  • Created customers VPC environment
  • Created public and private subnets
  • Created Internet Gateway
  • Created route table and a added the routes to the web
  • Created security groups and NACLs per customer requirements
  • Created Auto Scaling group for EC2 instances
  • Created customers S3 environment per requirements
  • Configured permissions and poles based on customers needs
  • Added all best practice solutions to S3 environment
  • Versioning
  • Server Access Logging
  • Static Web Hosting
  • Tags
  • Bucket Events
  • Object Lifecycle Management
  • Created backup VPC environment using CloudFormation
  • Created and configured ELB to load balance traffic going to EC2 web instances
  • Configured ELB rules to fit customer needs and to stay aligned with AWS best practices.
  • Created customers EC2 instances to function as web servers
  • Used CloudFront to create and configure customers web/EC2 distribution
  • Invalidated the content on CLoudFront
  • Created new EBS volumes for customer
  • Attached new EBS volumes to customer EC2 instances
  • Used Linux shell to configure customers file system and to mount the volume whenever the instance is started.
  • Used best practices by creating snapshots of volumes
  • Configured Amazon DLM (Data Lifecycle Management) to schedule automated back ups/snapshots of customer EBS volumes.
  • Instructed customer on how to create new volumes from snapshots and to attach and mount those new volumes to EC2 instances.
  • Created a Lambda function that supports the customers AWS CloudWatch event configuration
  • Implemented customers CloudWatch configuration to evaluate permissions on EC2 security groups

Confidential, Oakton, VA

Sr Govt. Specialist Network Systems Design Engineer

Responsibilities:

  • Assessed current issues facing Out of Band management
  • The existing code was upgraded on 800+ devices. To include version code and encryption service engine code.
  • ODM application was upgraded to improve stability and performance.
  • War Dialer/Heartbeat technology was implemented into OBM architecture.
  • SNMP server added for proactive measures to prevent unnecessary down time due to unknown failing modems.
  • Helped to design the overall architecture of the IRS WANx rollout.
  • 55 Sites designed for Riverbeds Steelhead technology
  • 2 sites with Steelhead 7070 models
  • 4, 7070s deployed
  • 15 sites with Steelhead 5070 models
  • 28, 5070s deployed
  • 16 sites with Steelhead 3070 models
  • 17, 3070s deployed
  • 15 sites deployed with Steelhead 770 models
  • 7 sites deployed with Steelhead 570 models

Confidential, Washington, DC

Network and Security Engineer

Responsibilities:

  • Built and configured network infrastructure to include:
  • 6 Cisco 4451 ISR Routers
  • 58 Cisco 3850 switches
  • 4 Cisco 6807 switches
  • 1 Cisco 4410 switch
  • 6 Cisco ASA 5545 firewalls with SourceFire IPS/IDS services
  • 3 VPN IPSec tunnels/Profiles
  • 6 Cisco ISE 3415 Appliances
  • 3 Cisco WSA S170 appliances
  • 6 Cisco 5508 WLCs
  • 124 Access Points
  • Cisco MSE using vSphere ESXi server
  • Cisco Prime
  • Solarwinds NPM and SAM
  • Deployed Carbon Black and BIT9 Servers for Threat Analysis and Host side security.
  • Deployed SolarWinds NPM and SAM server for Network performance and Systems Application.
  • Deployed FireEye ETP, HX and worked with vendors to establish FaaS.
  • Deployed McAfee EPO, SEIM
  • Deployed Tenable server for network and host-based scans.
  • Deployed Nessus servers for on-demand security scans.
  • Deployed Cisco ISE appliance to act as NAS.
  • Deployed Cisco FirePower to configure and utilize SourceFire.
  • Configured networks to maintain separation from each other and to prepare the presidential party for transition into the White House.
  • Used Wireless and personnel tracking scans to pen-test the network environment for vulnerabilities.
  • On-call network rotation 24x7
  • Daily monitoring of network devices using SolarWinds NPM and SAM tools.
  • Daily monitoring of network security and integrity using FireEye services.
  • Daily monitoring and prevention of network breach using McAfee ePO.
  • Daily monitoring and control of spam and malware using FireEye ETP services.
  • Daily monitoring and collection of data resources using McAfee SEIM.
  • Daily monitoring and policy enforcement of endpoint devices using Bit9 Parity and Carbon Black Threat assessment.
  • Daily monitoring of all user web traffic using Cisco Iron Port proxy for port 80 traffic and SourceFire IPS for application layer inspection.

Confidential

Network Engineer

Responsibilities:

  • Re-IP sites - 1 in Mukilteo Washington, 1 in Foxborough MA, 1 in Mexico and 3 in Argentina
  • Sites were being upgraded from 3.x space to 10.
  • Network discovery to update network diagrams
  • Design new DHCP ranges for required SVI ’s
  • The entire network was redesigned to fit GE ’s new standards to include VLANS, WLC ’s, AP’s, Firewall rules, VRF ’s and VPN Tunnels.
  • Configured BGP address family, prefix-lists and route maps to reflect new IP addresses.
  • ISE Buildout/BYOD Integration
  • Design and implement Cisco ISE 3415 appliances within the network infrastructure.
  • Configured Cisco switch interfaces for 802.1X
  • ISE appliances were configured to authorize accounts and devices by authorizing them on the WLCs ’ using BYOD profiling.
  • Created an extended ACL to isolate the VLAN from general network.
  • Used dual Distribution layer switches to act as HA pair for the site.
  • The site wanted to use 2 ASA 5515Xs as an HA pair and for isolation.
  • Used soft skills to leverage my idea and save the site unnecessary expenses.
  • Design and implementation of 2 ASA 5525X w Firepower services
  • Built Firesight management server
  • Creation of 450 Confidential and 200 objects
  • Added a 3850 switch to remove single point of failure Confidential site
  • Reconfigured network to provide redundancy Confidential the Distribution layer
  • Configured HSRP and L2/L3 EtherChannel on Cisco Catalyst 3850 Switches.
  • Additionally site wanted to migrate from OSPF to EIGRP.
  • Configured routers to redistribute EIGRP as well as OSPF into the BGP routing protocol while migrating.
  • Migrated all OSPF areas into single EIGRP Autonomous system.
  • Assessed site to determine requirements for build
  • Acquired and implemented a stack of 3750 v2s and 3 1142 APs
  • Replaced 6 Access layer switches with Cisco 2960-Xs
  • Replaced 2 Distribution switches with Cisco 3850s
  • Replaced 2 Routers with Cisco ISR 4321s
  • Replaced 6 UPSs with PS1500 RT 3120s
  • Replaced 2 WLCs with Cisco 5508s
  • Upgraded Circuits from 10Mb Single MPLS w ISP DMVPN backup to 100Mb Single MPLS ISP DMVPN backup
  • Replaced 6 Access layer switches with Cisco 2960s
  • Added 8 Cisco 4000 series Industrial Switches to shop floor for machine connectivity
  • Replaced 2 Distribution layer switches with 3850s
  • Replaced 45 Access layer switches with Cisco 2960-Xs
  • Replaced Cisco Routers with 4451s
  • Conducted research and reverse engineering of different network sites.
  • Used information gathered to provide standards and guidelines for future builds
  • Created & documented wiring and network diagram.
  • Migration from Radware Load Balancers to F5 LTM
  • Reverse engineering of Radware configurations
  • Creation of VIPs on F5
  • Creation of Pools
  • Creation of iRules
  • Creation of Health Monitors
  • Deployed an ASA 5515X to restrict rogue traffic on the network.
  • Non-standard build required the ASA to properly filter appropriate traffic
  • Expanded backup datacenter in the Grand Rapids area
  • Established new circuit and configured IPSec tunnels back to the head-end
  • Reconfigured BGP relationships with dual ISP design
  • Engineered BGP routing attributes (Route map, AS-path, MED, local preference) to load balance between multiple links
  • Configured BGP with different attributes like Weight, Local Preference, MED, AS-path, Community, Origin, Next-Hop
  • Leveraged the existing fiber optic local loops owned by GE for access into the sites current data center.
  • Configured QOS involving policing, shaping and queuing towards Core and towards CE and PE routers on VzB MPLS network.
  • Designed and Implemented a BGP/MPLS VPN for the service provider to the enterprise network.

Confidential, Franklin, TN

Network Engineer & Security Specialist

Responsibilities:

  • Updated 1,500+ Confidential and NAT rules for Checkpoint and Sourcefire migrations.
  • Designed and configured 1,200+ new Confidential, NATs, Objects, and Policies.
  • Monitored and maintained a proactive approach to all LAN based devices in Confidential ’s North American sector and performed troubleshooting to resolve all issues.
  • Analyzed weekly utilization reports to determine the best path for an optimized network.
  • Maintained operational oversight over Confidential ’s MPLS network managed by Verizon.
  • Used Service Now to coordinate and resolve all level 1/P1 ticket issues which are considered the highest.
  • Installed LANs including network servers, routers, workstations, printers, and other peripheral devices.
  • Operated and maintained local area networks, tracked significant problems, monitored performance, and performed upgrades to hardware and software as required.
  • Installed and/or modified existing installations of network hardware, software, and other components relating to Cisco platforms.
  • Maintained documentation regarding network configuration, operating procedures, and service records relating to network hardware and software.

Confidential, Baltimore, MD

Network Consulting Engineer

Responsibilities:

  • Installation of Cisco CSM for Firewall Management and Reporting
  • Implemented eBGP with Dual Carriers and OSPF as IGP with Redistribution
  • Provisioning of Confidential on Cisco ASA 5500 series Firewalls
  • Provisioning of Cisco 2811s for remote customers for B2B IPSEC as CPEs
  • Configuration and implementation of HSRP across Data Center core for redundancy and failover
  • Configuration and implementation of TACACS+ for network device authentication
  • Assisted with DR team to assess current failover risks and redesign for dynamic failover using IP SLA and fully redundant environment
  • Reviewed and performed QA on various network design changes
  • Evaluation of DMZ Distribution blocks to assess scalability and performance
  • Designed and documented operator instructions for NOC team on upgraded environments and new protocol rollouts
  • Assisted with configuration implementation on campus and branch site builds to conform to network standards
  • Performed initial security audit of management/data plane and made recommendations based on Cisco best practices.

Hire Now