Cloud Solutions Architect Resume
SUMMARY:
- My mission will always be the continuous strive to be the best if not one of them, and with 4 ½ years of project experience and 5 years of overall IT experience in a network support role, I consider myself a Mid to Sr level network engineer.
- My focus is on utilizing my expansive knowledge base to design and implement efficient, turn - key solutions for Enterprises, Government institutions and Service Providers that will help promote business productivity and scalability along with further advancing my career in the IT/Telecommunications field.
- From the start, I have acquired the ability to work in a team environment or independently with general guidelines and minimal supervision.
- My proven ability to work with highly demanding customers has perfected my written and verbal communication skills, allowing me to provide error-free solutions to customers.
- Create an EC2 Instance Running Apache and PHP, then Create a Custom AMI from that Instance.
- Create a Secure Web Application from Scratch with a Bastion Host, NAT Gateway and Application Load Balancer in AWS, then Configure an Auto Scaling Group for that Application.
- Manag e DNS Records with AWS Route 53 and configuring an AWS CloudFront Distribution.
- Create and Configure Secure AWS RDS Instances with Read Replicas and Backup Solutions.
- Monitor Security Groups with Amazon CloudWatch Events.
- Build Serverless Architectures using Amazon CloudWatch Events and Scheduled Events with AWS Lambda.
- Build Serverless Architectures with Amazon DynamoDB and Amazon Kinesis Streams with AWS Lambda.
- Administer Amazon RDS for Microsoft SQL Server .
- Design a Blue/Green Deployment Pattern with AWS Elastic Beanstalk.
- Configure Amazon S3 Buckets to host a Static Website with a Custom Domain.
- Configure AWS Backup and Archiving Solutions in S3 with Lifecycle Policies and Versioning
- VPC peering and how AWS routes traffic based on routing rules.
- Install an Intrusion Prevention System (IPS) on an EC2 Instance
- Build a Serverless Website with AWS API Gateway and AWS Lambda
- Build a Text-to-Speech Application using DynamoDB, AWS Polly, AWS Route S3, AWS API Gateway
- Auditing the Core Azure Services
TECHNOLOGIES:
Cloud: VPC, EC2, AMI’s, EBS, EFS, RDS, S3, SNS, ELB, C loudWatch, CloudTrail, Auto Scaling, Route 53, Lambda, IAM, CloudFormation, EMR, Elastic Beanstalk, SQS, Amazon MQ, Amazon DLM, SWF, ElastiCache , Redshift, AuroraDB, DynamoDB, Neptune, Kinesis, Glacier.
L4: MPLS, DNS, DHCP, RADIUS, LDAP, LDAPS, TACACS+, RDP, ODBC, HTTP, HTTPS, FTP, SFTP, FTPS, Telnet, SSH
L3: RIP, EIGRP, OSPF, IS-IS, BGP, PBR, PfR, NAT
L2: STP, 802.1q, HSRP, VRRP, GLBP, VPC, VSS, LACP, PAgP, OTV, MPLS
L1: 10/100/1000 Base- Confidential, SMF, MMF, GLC, SFP, QSFP
Security: 802.1X, AAA, IPSEC, IKEv1, IKEv2, DMVPN, GETVPN, WEBVPN, FlexVPN, RSA, OTP, SSO, PKI, PSK, TBAR, CA Trustpoints, Cisco ACS, Cisco ISE, IDS, IPS, ASDM, CSM, NSM
General Networking: SaaS, IaaS, PaaS, FaaS, IaaC, WAN, LAN, Infrastructure, Wireless Communications, Change Management, IT Service Management, Entry level Project management, Best Practices, Field work “Rack & Stack ”
Platforms: Cisco ISR 4400/3900/2900/2800/1900/1800/800 , ASR 1000 series, 7200 VXR, Catalyst 6500/4500/4400/3750/3600/3500/2900 , Nexus 7K/6K/5K/3K/2K, ASA 5500/5500-X, ISE 3400/WSA S170, MSE, Cisco Prime
Various: Blue Coat, PAN Firewalls, Checkpoint Firewalls, Juniper Firewalls, F5 Load Balancers, Riverbeds Steelhead 7070, 5070, 3070, 770 and 570, CDI Port Authority OBM, FortiGate Firewalls
CLI, Programming/Scripting Languages & DevTools: IOS, IOS-XE, IOS-XR, CatOS, NX-OS, JunOS, Linux (Bash), Python(Novice), JavaScript , Electron, Node.JS (Novice), JSON(Novice), Chef, Puppet, Jenkins, Ansible, Salt, Bamboo, Docker, Docker Swarm, Kubernetes, Terraform, AWS CodeBuild, CodeDeploy, CodePipeline & CodeStar, AWS OpsWorks, AWS Auto Scaling , AWS API Gateway. AWS Polly
Monitoring Tools & Utilities: NMS, SolarWinds, Service Now, HP Openview, NetBrain, SourceFire, McAfee SIEM, Virtual Defense Center, Nagios, Carbon Black, Nessus, Maltego, WireShark, Aircrack-ng , SenSu, NewRelic, AWS GuardDuty, AWS WorkSpaces, AWS Well-Architected Tool, AWS Control Tower, AWS Database Migration Service, AWS Athena, AWS Glue
Business: Microsoft Office Suite (Word, Excel, Project, Visio, One Note)
JOB HISTORY:
Confidential
Cloud Solutions Architect
Responsibilities:
- Assessed current network infrastructure to determine most efficient AWS solution.
- Created IAM Users and Groups to match staff list
- Tailored IAM policies to customer requirements
- Created customers domain using Route 53
- Created DNS records for EC2 instances
- Added Route 53 health checks to EC2 instances
- Configured DNS to failover to static site using Amazon S3
- Created customers VPC environment
- Created public and private subnets
- Created Internet Gateway
- Created route table and a added the routes to the web
- Created security groups and NACLs per customer requirements
- Created Auto Scaling group for EC2 instances
- Created customers S3 environment per requirements
- Configured permissions and poles based on customers needs
- Added all best practice solutions to S3 environment
- Versioning
- Server Access Logging
- Static Web Hosting
- Tags
- Bucket Events
- Object Lifecycle Management
- Created backup VPC environment using CloudFormation
- Created and configured ELB to load balance traffic going to EC2 web instances
- Configured ELB rules to fit customer needs and to stay aligned with AWS best practices.
- Created customers EC2 instances to function as web servers
- Used CloudFront to create and configure customers web/EC2 distribution
- Invalidated the content on CLoudFront
- Created new EBS volumes for customer
- Attached new EBS volumes to customer EC2 instances
- Used Linux shell to configure customers file system and to mount the volume whenever the instance is started.
- Used best practices by creating snapshots of volumes
- Configured Amazon DLM (Data Lifecycle Management) to schedule automated back ups/snapshots of customer EBS volumes.
- Instructed customer on how to create new volumes from snapshots and to attach and mount those new volumes to EC2 instances.
- Created a Lambda function that supports the customers AWS CloudWatch event configuration
- Implemented customers CloudWatch configuration to evaluate permissions on EC2 security groups
Confidential, Oakton, VA
Sr Govt. Specialist Network Systems Design Engineer
Responsibilities:
- Assessed current issues facing Out of Band management
- The existing code was upgraded on 800+ devices. To include version code and encryption service engine code.
- ODM application was upgraded to improve stability and performance.
- War Dialer/Heartbeat technology was implemented into OBM architecture.
- SNMP server added for proactive measures to prevent unnecessary down time due to unknown failing modems.
- Helped to design the overall architecture of the IRS WANx rollout.
- 55 Sites designed for Riverbeds Steelhead technology
- 2 sites with Steelhead 7070 models
- 4, 7070s deployed
- 15 sites with Steelhead 5070 models
- 28, 5070s deployed
- 16 sites with Steelhead 3070 models
- 17, 3070s deployed
- 15 sites deployed with Steelhead 770 models
- 7 sites deployed with Steelhead 570 models
Confidential, Washington, DC
Network and Security Engineer
Responsibilities:
- Built and configured network infrastructure to include:
- 6 Cisco 4451 ISR Routers
- 58 Cisco 3850 switches
- 4 Cisco 6807 switches
- 1 Cisco 4410 switch
- 6 Cisco ASA 5545 firewalls with SourceFire IPS/IDS services
- 3 VPN IPSec tunnels/Profiles
- 6 Cisco ISE 3415 Appliances
- 3 Cisco WSA S170 appliances
- 6 Cisco 5508 WLCs
- 124 Access Points
- Cisco MSE using vSphere ESXi server
- Cisco Prime
- Solarwinds NPM and SAM
- Deployed Carbon Black and BIT9 Servers for Threat Analysis and Host side security.
- Deployed SolarWinds NPM and SAM server for Network performance and Systems Application.
- Deployed FireEye ETP, HX and worked with vendors to establish FaaS.
- Deployed McAfee EPO, SEIM
- Deployed Tenable server for network and host-based scans.
- Deployed Nessus servers for on-demand security scans.
- Deployed Cisco ISE appliance to act as NAS.
- Deployed Cisco FirePower to configure and utilize SourceFire.
- Configured networks to maintain separation from each other and to prepare the presidential party for transition into the White House.
- Used Wireless and personnel tracking scans to pen-test the network environment for vulnerabilities.
- On-call network rotation 24x7
- Daily monitoring of network devices using SolarWinds NPM and SAM tools.
- Daily monitoring of network security and integrity using FireEye services.
- Daily monitoring and prevention of network breach using McAfee ePO.
- Daily monitoring and control of spam and malware using FireEye ETP services.
- Daily monitoring and collection of data resources using McAfee SEIM.
- Daily monitoring and policy enforcement of endpoint devices using Bit9 Parity and Carbon Black Threat assessment.
- Daily monitoring of all user web traffic using Cisco Iron Port proxy for port 80 traffic and SourceFire IPS for application layer inspection.
Confidential
Network Engineer
Responsibilities:
- Re-IP sites - 1 in Mukilteo Washington, 1 in Foxborough MA, 1 in Mexico and 3 in Argentina
- Sites were being upgraded from 3.x space to 10.
- Network discovery to update network diagrams
- Design new DHCP ranges for required SVI ’s
- The entire network was redesigned to fit GE ’s new standards to include VLANS, WLC ’s, AP’s, Firewall rules, VRF ’s and VPN Tunnels.
- Configured BGP address family, prefix-lists and route maps to reflect new IP addresses.
- ISE Buildout/BYOD Integration
- Design and implement Cisco ISE 3415 appliances within the network infrastructure.
- Configured Cisco switch interfaces for 802.1X
- ISE appliances were configured to authorize accounts and devices by authorizing them on the WLCs ’ using BYOD profiling.
- Created an extended ACL to isolate the VLAN from general network.
- Used dual Distribution layer switches to act as HA pair for the site.
- The site wanted to use 2 ASA 5515Xs as an HA pair and for isolation.
- Used soft skills to leverage my idea and save the site unnecessary expenses.
- Design and implementation of 2 ASA 5525X w Firepower services
- Built Firesight management server
- Creation of 450 Confidential and 200 objects
- Added a 3850 switch to remove single point of failure Confidential site
- Reconfigured network to provide redundancy Confidential the Distribution layer
- Configured HSRP and L2/L3 EtherChannel on Cisco Catalyst 3850 Switches.
- Additionally site wanted to migrate from OSPF to EIGRP.
- Configured routers to redistribute EIGRP as well as OSPF into the BGP routing protocol while migrating.
- Migrated all OSPF areas into single EIGRP Autonomous system.
- Assessed site to determine requirements for build
- Acquired and implemented a stack of 3750 v2s and 3 1142 APs
- Replaced 6 Access layer switches with Cisco 2960-Xs
- Replaced 2 Distribution switches with Cisco 3850s
- Replaced 2 Routers with Cisco ISR 4321s
- Replaced 6 UPSs with PS1500 RT 3120s
- Replaced 2 WLCs with Cisco 5508s
- Upgraded Circuits from 10Mb Single MPLS w ISP DMVPN backup to 100Mb Single MPLS ISP DMVPN backup
- Replaced 6 Access layer switches with Cisco 2960s
- Added 8 Cisco 4000 series Industrial Switches to shop floor for machine connectivity
- Replaced 2 Distribution layer switches with 3850s
- Replaced 45 Access layer switches with Cisco 2960-Xs
- Replaced Cisco Routers with 4451s
- Conducted research and reverse engineering of different network sites.
- Used information gathered to provide standards and guidelines for future builds
- Created & documented wiring and network diagram.
- Migration from Radware Load Balancers to F5 LTM
- Reverse engineering of Radware configurations
- Creation of VIPs on F5
- Creation of Pools
- Creation of iRules
- Creation of Health Monitors
- Deployed an ASA 5515X to restrict rogue traffic on the network.
- Non-standard build required the ASA to properly filter appropriate traffic
- Expanded backup datacenter in the Grand Rapids area
- Established new circuit and configured IPSec tunnels back to the head-end
- Reconfigured BGP relationships with dual ISP design
- Engineered BGP routing attributes (Route map, AS-path, MED, local preference) to load balance between multiple links
- Configured BGP with different attributes like Weight, Local Preference, MED, AS-path, Community, Origin, Next-Hop
- Leveraged the existing fiber optic local loops owned by GE for access into the sites current data center.
- Configured QOS involving policing, shaping and queuing towards Core and towards CE and PE routers on VzB MPLS network.
- Designed and Implemented a BGP/MPLS VPN for the service provider to the enterprise network.
Confidential, Franklin, TN
Network Engineer & Security Specialist
Responsibilities:
- Updated 1,500+ Confidential and NAT rules for Checkpoint and Sourcefire migrations.
- Designed and configured 1,200+ new Confidential, NATs, Objects, and Policies.
- Monitored and maintained a proactive approach to all LAN based devices in Confidential ’s North American sector and performed troubleshooting to resolve all issues.
- Analyzed weekly utilization reports to determine the best path for an optimized network.
- Maintained operational oversight over Confidential ’s MPLS network managed by Verizon.
- Used Service Now to coordinate and resolve all level 1/P1 ticket issues which are considered the highest.
- Installed LANs including network servers, routers, workstations, printers, and other peripheral devices.
- Operated and maintained local area networks, tracked significant problems, monitored performance, and performed upgrades to hardware and software as required.
- Installed and/or modified existing installations of network hardware, software, and other components relating to Cisco platforms.
- Maintained documentation regarding network configuration, operating procedures, and service records relating to network hardware and software.
Confidential, Baltimore, MD
Network Consulting Engineer
Responsibilities:
- Installation of Cisco CSM for Firewall Management and Reporting
- Implemented eBGP with Dual Carriers and OSPF as IGP with Redistribution
- Provisioning of Confidential on Cisco ASA 5500 series Firewalls
- Provisioning of Cisco 2811s for remote customers for B2B IPSEC as CPEs
- Configuration and implementation of HSRP across Data Center core for redundancy and failover
- Configuration and implementation of TACACS+ for network device authentication
- Assisted with DR team to assess current failover risks and redesign for dynamic failover using IP SLA and fully redundant environment
- Reviewed and performed QA on various network design changes
- Evaluation of DMZ Distribution blocks to assess scalability and performance
- Designed and documented operator instructions for NOC team on upgraded environments and new protocol rollouts
- Assisted with configuration implementation on campus and branch site builds to conform to network standards
- Performed initial security audit of management/data plane and made recommendations based on Cisco best practices.