SUMMARY:

• My mission will always be the continuous strive to be the best if not one of them, and with 4 ½ years of project experience and 5 years of overall IT experience in a network support role, I consider myself a Mid to Sr level network engineer.
• My focus is on utilizing my expansive knowledge base to design and implement efficient, turn - key solutions for Enterprises, Government institutions and Service Providers that will help promote business productivity and scalability along with further advancing my career in the IT/Telecommunications field.
• From the start, I have acquired the ability to work in a team environment or independently with general guidelines and minimal supervision.
• My proven ability to work with highly demanding customers has perfected my written and verbal communication skills, allowing me to provide error-free solutions to customers.
• Create an EC2 Instance Running Apache and PHP, then Create a Custom AMI from that Instance.
• Create a Secure Web Application from Scratch with a Bastion Host, NAT Gateway and Application Load Balancer in AWS, then Configure an Auto Scaling Group for that Application.
• Manag e DNS Records with AWS Route 53 and configuring an AWS CloudFront Distribution.
• Create and Configure Secure AWS RDS Instances with Read Replicas and Backup Solutions.
• Monitor Security Groups with Amazon CloudWatch Events.
• Build Serverless Architectures using Amazon CloudWatch Events and Scheduled Events with AWS Lambda.
• Build Serverless Architectures with Amazon DynamoDB and Amazon Kinesis Streams with AWS Lambda.
• Administer Amazon RDS for Microsoft SQL Server .
• Design a Blue/Green Deployment Pattern with AWS Elastic Beanstalk.
• Configure Amazon S3 Buckets to host a Static Website with a Custom Domain.
• Configure AWS Backup and Archiving Solutions in S3 with Lifecycle Policies and Versioning
• VPC peering and how AWS routes traffic based on routing rules.
• Install an Intrusion Prevention System (IPS) on an EC2 Instance
• Build a Serverless Website with AWS API Gateway and AWS Lambda
• Build a Text-to-Speech Application using DynamoDB, AWS Polly, AWS Route S3, AWS API Gateway
• Auditing the Core Azure Services

TECHNOLOGIES:

Cloud: VPC, EC2, AMI’s, EBS, EFS, RDS, S3, SNS, ELB, C loudWatch, CloudTrail, Auto Scaling, Route 53, Lambda, IAM, CloudFormation, EMR, Elastic Beanstalk, SQS, Amazon MQ, Amazon DLM, SWF, ElastiCache , Redshift, AuroraDB, DynamoDB, Neptune, Kinesis, Glacier.

L4: MPLS, DNS, DHCP, RADIUS, LDAP, LDAPS, TACACS+, RDP, ODBC, HTTP, HTTPS, FTP, SFTP, FTPS, Telnet, SSH

L3: RIP, EIGRP, OSPF, IS-IS, BGP, PBR, PfR, NAT

L2: STP, 802.1q, HSRP, VRRP, GLBP, VPC, VSS, LACP, PAgP, OTV, MPLS

L1: 10/100/1000 Base- Confidential, SMF, MMF, GLC, SFP, QSFP

Security: 802.1X, AAA, IPSEC, IKEv1, IKEv2, DMVPN, GETVPN, WEBVPN, FlexVPN, RSA, OTP, SSO, PKI, PSK, TBAR, CA Trustpoints, Cisco ACS, Cisco ISE, IDS, IPS, ASDM, CSM, NSM

General Networking: SaaS, IaaS, PaaS, FaaS, IaaC, WAN, LAN, Infrastructure, Wireless Communications, Change Management, IT Service Management, Entry level Project management, Best Practices, Field work “Rack & Stack ”

Platforms: Cisco ISR 4400/3900/2900/2800/1900/1800/800 , ASR 1000 series, 7200 VXR, Catalyst 6500/4500/4400/3750/3600/3500/2900 , Nexus 7K/6K/5K/3K/2K, ASA 5500/5500-X, ISE 3400/WSA S170, MSE, Cisco Prime

Various: Blue Coat, PAN Firewalls, Checkpoint Firewalls, Juniper Firewalls, F5 Load Balancers, Riverbeds Steelhead 7070, 5070, 3070, 770 and 570, CDI Port Authority OBM, FortiGate Firewalls

CLI, Programming/Scripting Languages & DevTools: IOS, IOS-XE, IOS-XR, CatOS, NX-OS, JunOS, Linux (Bash), Python(Novice), JavaScript , Electron, Node.JS (Novice), JSON(Novice), Chef, Puppet, Jenkins, Ansible, Salt, Bamboo, Docker, Docker Swarm, Kubernetes, Terraform, AWS CodeBuild, CodeDeploy, CodePipeline & CodeStar, AWS OpsWorks, AWS Auto Scaling , AWS API Gateway. AWS Polly

Monitoring Tools & Utilities: NMS, SolarWinds, Service Now, HP Openview, NetBrain, SourceFire, McAfee SIEM, Virtual Defense Center, Nagios, Carbon Black, Nessus, Maltego, WireShark, Aircrack-ng , SenSu, NewRelic, AWS GuardDuty, AWS WorkSpaces, AWS Well-Architected Tool, AWS Control Tower, AWS Database Migration Service, AWS Athena, AWS Glue

Business: Microsoft Office Suite (Word, Excel, Project, Visio, One Note)

JOB HISTORY:

Confidential

Cloud Solutions Architect

Responsibilities:

• Assessed current network infrastructure to determine most efficient AWS solution.
• Created IAM Users and Groups to match staff list
• Tailored IAM policies to customer requirements
• Created customers domain using Route 53
• Created DNS records for EC2 instances
• Added Route 53 health checks to EC2 instances
• Configured DNS to failover to static site using Amazon S3
• Created customers VPC environment
• Created public and private subnets
• Created Internet Gateway
• Created route table and a added the routes to the web
• Created security groups and NACLs per customer requirements
• Created Auto Scaling group for EC2 instances
• Created customers S3 environment per requirements
• Configured permissions and poles based on customers needs
• Added all best practice solutions to S3 environment
• Versioning
• Server Access Logging
• Static Web Hosting
• Tags
• Bucket Events
• Object Lifecycle Management
• Created backup VPC environment using CloudFormation
• Created and configured ELB to load balance traffic going to EC2 web instances
• Configured ELB rules to fit customer needs and to stay aligned with AWS best practices.
• Created customers EC2 instances to function as web servers
• Used CloudFront to create and configure customers web/EC2 distribution
• Invalidated the content on CLoudFront
• Created new EBS volumes for customer
• Attached new EBS volumes to customer EC2 instances
• Used Linux shell to configure customers file system and to mount the volume whenever the instance is started.
• Used best practices by creating snapshots of volumes
• Configured Amazon DLM (Data Lifecycle Management) to schedule automated back ups/snapshots of customer EBS volumes.
• Instructed customer on how to create new volumes from snapshots and to attach and mount those new volumes to EC2 instances.
• Created a Lambda function that supports the customers AWS CloudWatch event configuration
• Implemented customers CloudWatch configuration to evaluate permissions on EC2 security groups

Confidential, Oakton, VA

Sr Govt. Specialist Network Systems Design Engineer

Responsibilities:

• Assessed current issues facing Out of Band management
• The existing code was upgraded on 800+ devices. To include version code and encryption service engine code.
• ODM application was upgraded to improve stability and performance.
• War Dialer/Heartbeat technology was implemented into OBM architecture.
• SNMP server added for proactive measures to prevent unnecessary down time due to unknown failing modems.
• Helped to design the overall architecture of the IRS WANx rollout.
• 55 Sites designed for Riverbeds Steelhead technology
• 2 sites with Steelhead 7070 models
• 4, 7070s deployed
• 15 sites with Steelhead 5070 models
• 28, 5070s deployed
• 16 sites with Steelhead 3070 models
• 17, 3070s deployed
• 15 sites deployed with Steelhead 770 models
• 7 sites deployed with Steelhead 570 models

Confidential, Washington, DC

Network and Security Engineer

Responsibilities:

• Built and configured network infrastructure to include:
• 6 Cisco 4451 ISR Routers
• 58 Cisco 3850 switches
• 4 Cisco 6807 switches
• 1 Cisco 4410 switch
• 6 Cisco ASA 5545 firewalls with SourceFire IPS/IDS services
• 3 VPN IPSec tunnels/Profiles
• 6 Cisco ISE 3415 Appliances
• 3 Cisco WSA S170 appliances
• 6 Cisco 5508 WLCs
• 124 Access Points
• Cisco MSE using vSphere ESXi server
• Cisco Prime
• Solarwinds NPM and SAM
• Deployed Carbon Black and BIT9 Servers for Threat Analysis and Host side security.
• Deployed SolarWinds NPM and SAM server for Network performance and Systems Application.
• Deployed FireEye ETP, HX and worked with vendors to establish FaaS.
• Deployed McAfee EPO, SEIM
• Deployed Tenable server for network and host-based scans.
• Deployed Nessus servers for on-demand security scans.
• Deployed Cisco ISE appliance to act as NAS.
• Deployed Cisco FirePower to configure and utilize SourceFire.
• Configured networks to maintain separation from each other and to prepare the presidential party for transition into the White House.
• Used Wireless and personnel tracking scans to pen-test the network environment for vulnerabilities.
• On-call network rotation 24x7
• Daily monitoring of network devices using SolarWinds NPM and SAM tools.
• Daily monitoring of network security and integrity using FireEye services.
• Daily monitoring and prevention of network breach using McAfee ePO.
• Daily monitoring and control of spam and malware using FireEye ETP services.
• Daily monitoring and collection of data resources using McAfee SEIM.
• Daily monitoring and policy enforcement of endpoint devices using Bit9 Parity and Carbon Black Threat assessment.
• Daily monitoring of all user web traffic using Cisco Iron Port proxy for port 80 traffic and SourceFire IPS for application layer inspection.

Confidential

Network Engineer

Responsibilities:

• Re-IP sites - 1 in Mukilteo Washington, 1 in Foxborough MA, 1 in Mexico and 3 in Argentina
• Sites were being upgraded from 3.x space to 10.
• Network discovery to update network diagrams
• Design new DHCP ranges for required SVI ’s
• The entire network was redesigned to fit GE ’s new standards to include VLANS, WLC ’s, AP’s, Firewall rules, VRF ’s and VPN Tunnels.
• Configured BGP address family, prefix-lists and route maps to reflect new IP addresses.
• ISE Buildout/BYOD Integration
• Design and implement Cisco ISE 3415 appliances within the network infrastructure.
• Configured Cisco switch interfaces for 802.1X
• ISE appliances were configured to authorize accounts and devices by authorizing them on the WLCs ’ using BYOD profiling.
• Created an extended ACL to isolate the VLAN from general network.
• Used dual Distribution layer switches to act as HA pair for the site.
• The site wanted to use 2 ASA 5515Xs as an HA pair and for isolation.
• Used soft skills to leverage my idea and save the site unnecessary expenses.
• Design and implementation of 2 ASA 5525X w Firepower services
• Built Firesight management server
• Creation of 450 Confidential and 200 objects
• Added a 3850 switch to remove single point of failure Confidential site
• Reconfigured network to provide redundancy Confidential the Distribution layer
• Configured HSRP and L2/L3 EtherChannel on Cisco Catalyst 3850 Switches.
• Additionally site wanted to migrate from OSPF to EIGRP.
• Configured routers to redistribute EIGRP as well as OSPF into the BGP routing protocol while migrating.
• Migrated all OSPF areas into single EIGRP Autonomous system.
• Assessed site to determine requirements for build
• Acquired and implemented a stack of 3750 v2s and 3 1142 APs
• Replaced 6 Access layer switches with Cisco 2960-Xs
• Replaced 2 Distribution switches with Cisco 3850s
• Replaced 2 Routers with Cisco ISR 4321s
• Replaced 6 UPSs with PS1500 RT 3120s
• Replaced 2 WLCs with Cisco 5508s
• Upgraded Circuits from 10Mb Single MPLS w ISP DMVPN backup to 100Mb Single MPLS ISP DMVPN backup
• Replaced 6 Access layer switches with Cisco 2960s
• Added 8 Cisco 4000 series Industrial Switches to shop floor for machine connectivity
• Replaced 2 Distribution layer switches with 3850s
• Replaced 45 Access layer switches with Cisco 2960-Xs
• Replaced Cisco Routers with 4451s
• Conducted research and reverse engineering of different network sites.
• Used information gathered to provide standards and guidelines for future builds
• Created & documented wiring and network diagram.
• Migration from Radware Load Balancers to F5 LTM
• Reverse engineering of Radware configurations
• Creation of VIPs on F5
• Creation of Pools
• Creation of iRules
• Creation of Health Monitors
• Deployed an ASA 5515X to restrict rogue traffic on the network.
• Non-standard build required the ASA to properly filter appropriate traffic
• Expanded backup datacenter in the Grand Rapids area
• Established new circuit and configured IPSec tunnels back to the head-end
• Reconfigured BGP relationships with dual ISP design
• Engineered BGP routing attributes (Route map, AS-path, MED, local preference) to load balance between multiple links
• Configured BGP with different attributes like Weight, Local Preference, MED, AS-path, Community, Origin, Next-Hop
• Leveraged the existing fiber optic local loops owned by GE for access into the sites current data center.
• Configured QOS involving policing, shaping and queuing towards Core and towards CE and PE routers on VzB MPLS network.
• Designed and Implemented a BGP/MPLS VPN for the service provider to the enterprise network.

Confidential, Franklin, TN

Network Engineer & Security Specialist

Responsibilities:

• Updated 1,500+ Confidential and NAT rules for Checkpoint and Sourcefire migrations.
• Designed and configured 1,200+ new Confidential, NATs, Objects, and Policies.
• Monitored and maintained a proactive approach to all LAN based devices in Confidential ’s North American sector and performed troubleshooting to resolve all issues.
• Analyzed weekly utilization reports to determine the best path for an optimized network.
• Maintained operational oversight over Confidential ’s MPLS network managed by Verizon.
• Used Service Now to coordinate and resolve all level 1/P1 ticket issues which are considered the highest.
• Installed LANs including network servers, routers, workstations, printers, and other peripheral devices.
• Operated and maintained local area networks, tracked significant problems, monitored performance, and performed upgrades to hardware and software as required.
• Installed and/or modified existing installations of network hardware, software, and other components relating to Cisco platforms.
• Maintained documentation regarding network configuration, operating procedures, and service records relating to network hardware and software.

Confidential, Baltimore, MD

Network Consulting Engineer

Responsibilities:

• Installation of Cisco CSM for Firewall Management and Reporting
• Implemented eBGP with Dual Carriers and OSPF as IGP with Redistribution
• Provisioning of Confidential on Cisco ASA 5500 series Firewalls
• Provisioning of Cisco 2811s for remote customers for B2B IPSEC as CPEs
• Configuration and implementation of HSRP across Data Center core for redundancy and failover
• Configuration and implementation of TACACS+ for network device authentication
• Assisted with DR team to assess current failover risks and redesign for dynamic failover using IP SLA and fully redundant environment
• Reviewed and performed QA on various network design changes
• Evaluation of DMZ Distribution blocks to assess scalability and performance
• Designed and documented operator instructions for NOC team on upgraded environments and new protocol rollouts
• Assisted with configuration implementation on campus and branch site builds to conform to network standards
• Performed initial security audit of management/data plane and made recommendations based on Cisco best practices.