A professional Network, Security and Cloud engineer seeking an opportunity to achieve a high career growth through a continuous learning process in Network Security Cloud Engineering field.
- 12+ years of Network Security Cloud Engineer experiences in LAN, WAN, Security, Cloud and Data Center with routers/switches/firewalls, Cisco, Checkpoint, Palo Alto, F5, Juniper, Aruba, Zscaler, Ixia, Netscout, VMware NSX, Azure, AWS
- Network Security Cloud infrastructure architect/design/refresh experience in assessing business and products/projects requirements in large company
- Solid understanding and hands on experience with ACI, SD - WAN, TCP/IP, EIGRP, OSPF, BGP, DHCP, DNS, LDP, LACP, VPC, VDC, VSS, VLAN, VXLAN, VTP, VPLS, STP, SPB, RSTP,, MPLS, QOS, PKI and MPLS VPN's
- VPN and Security: IPSEC VPN, DMVPN, GRE, SSL VPN, NAT, DLP, TACACS+, URL Filtering, Anti-Virus and Proxy
- Hardware: Cisco Routers, Switches, Nexus (2K,5K,7K,9K), Cisco ASA and Firepower, IPS, WLC, AP, ISE, ACS, ACE, F5 BIG-IP LTM, GTM, Citrix Netscaler, Aruba, CheckPoint R77 R80, Palo Alto, Panorama, Fortinet and Fortigate, NetScout, IXIA, SSLV, Infoblox, Juniper and Brocade
- Tools/Software/Platforms: Wireshark, Solarwinds, Tcpdump, Traceroute, Tufin, Firemon, Remedy, Spectrum, Proteus, SM9, Service Now, AlgoSec, Splunk, LogsTash, Powershell, WhatsUP, NetMRI, Arbor, Stealthwatch
- Cloud Virtualization and Automation: VMware vSphere, VMware Cloud Foundation, NSX, Azure, AWS, OpenStack, Softlayer, Cisco Meraki, Ansible
Senior Network Engineer
- Managed and implemented firewall Policies/VPN/URL Filtering/IPS/WAF daily for various bank managed security devices (Check Point, FortiGate, Palo Alto and Panorama)
- Conducted major studies regarding system usage, makes recommendations for improvements, and determines infrastructure system requirements.
- Designed, developed and tested scalable cloud-based solution architectures and infrastructure AWS and Azure, Such as Route 53, ELB, Security group, VPC, VPN, NACL, NSG and VNET)
- Provided technical leadership, standards and best practices to infrastructure teams during network design and build phases of initiatives or projects. (SD-WAN Viptela, Infoblox, ACI, Ansible automation, Aruba, NetScout, Citrix VDI, IXIA, F5 LTM/GTM/ASM, ASA, Fortinet, and Palo Alto)
- Managed application micro-segmentation project with VMWare NSX T to create secure zone in data centers and cloud deployments
- Designed, coded, tested and deployed Corporate network automation infrastructure service and nodes by using Python and Ansible.
- Determined standards and roadmaps for hardware and software. Decided how infrastructure built and recommended infrastructure standards for organization wide initiatives based on area of expertise.
- Troubleshooted various network issues affect solutions and collaborate with staff and vendors to resolve complex problems
Senior Network Engineer
- Managed, maintained and monitored Corporate’s network performance, including LAN, WAN, Data Center, SD-WAN, Azure Cloud, Voice, Load Balancer, Wireless and Security
- Managed global network security infrastructure includes Firewalls, IPS, Web Security Gateways and Proxies, URL Filtering and Advanced threat protection systems (Blue Coat, FireEye, RSA, SSLV). Microsoft Azure AD, VNet and NSG
- Setup, configured and managed Confidential 's Zscaler Internet Access deployment, Zscaler Private Internet access and Netskope DLP Cloud Security Platform CASB
- Performed firewall change management, analyze and configure a wide variety of firewalls (Checkpoint R77 R80, NSX, Juniper SRX, Palo Alto with Panorama, Cisco ASA and Fortinet), perform firewall rules risk assessment, design and optimize firewall rules/Policies with Tufin
- Monitored firewall logs, process firewall change requests and implement policy changes, and troubleshoot application/network access connectivity issues
- Provided analysis and consulting on Standard and Policies, Network Solutions & Security, Data Security
- Worked with business requirement holders to ascertain necessary information is available to make required changes on the security infrastructure to safely deliver business needs
Network Security Analyst
- Led Firewall Rules Accreditation and Recertification project, in which high and medium risk firewall rules were removed through traffic analysis using LogsTash and AlgoSec tools, communicated effectively and efficiently with data
- Communicated with the information security team to obtain approvals for high risk firewall rule requests and ensured compliance with RBC regulations and standards.
- Planned network traffic security measures for information systems to regulate access to computer data and prevent unauthorized modification, destruction or disclosure of information.
- Analyzed network traffic through firewalls and layer 3 network devices and designed methods of procedure for firewall rules implementation on Checkpoint, McAfee SideWinder and Palo Alto Firewalls for RBC.
- Managed more than 350 firewall clusters through Provider 1 and Panorama. Made extensive use of Splunk and LogsTash for SIEM traffic and security logging and analysis.
- Obtained valuable experience regarding a global network with multiple data centers, DMZs and service clouds, as well as numerous MPLS connections, leased lines and VPNs for Business to Business and branch to branch connectivity.
- Managed, maintained and monitored Corporate’s network performance, including LAN, WAN, Data Center, Voice, Wireless and Security
- Managed and supported System Administrator (SCCM) (Windows servers, Active directory, Exchange Server, VMWare, Veeam, MS SQL server);
- Installed, designed, configured and administered Check Point, Cisco ASA and Palo Alto Firewall to perform policy changes, VPN tunneling, monitoring and troubleshooting
- Managed network related work orders, incidents and change tickets with Remedy based on ITIL
- Worked on planning, designing and implementation of Nexus 9K, 7K, 5K, 2K, ACI, APIC, VXLAN based fabric Next-Generation SDN Data Center project
- Implemented network and server. Strong understanding of VMware virtualization products and storage technologies.
- Used BlueCat Proteus Enterprise IPAM Platform to manage IP address, DNS records and Domain names for servers and devices
- Worked closely with internal/external clients, vendors, engineers, testing team, architects and project managers to build and test the performance of the new applications/hardware to achieve the requirement of the business
- Managed and configured Cisco Identity Service Engine (ISE ) with 802.1X for corporate users including Wireless BYOD, wired network users, IP phones and printers (requiring Mac Address Bypass (MAB))
- Implemented, configured, upgraded, supported all network devices, including Nexus switches, routers, switches, load balancers, firewalls, IP Phone, gateways, APs
- Configured and managed F5 BIG-IP LTM Load Balancer such as VIP, Pool, Members, SSL, Policy and Health Check Configurations
- Performed IP management across the Confidential corporate network and data center
- Performed network changes to all network elements such as Nexus and Juniper Switches, Routers (CMTS), RF-Gateways, Voice-CMTSs, Line Card
- Migrated WAN infrastructure related to over 50 sites with new MPLS cloud on CASA CMTS, involved designing new IP Scheme, developing cut-over plan and traffics routing policy
- Provided technical assistance/guidance to field technicians in troubleshooting and resolving network outages.
- Worked on Layer-2 and Layer-3 technologies OSPF/MPLS/BGP/STP/VPN/VPC/VDC
- Provisioned and deployed multiple vendor products: CCAP CMTS, 3G60 Line cards, RFGW10 (EQAM), Cisco Nexus 7K,5K and 2K Switches and ASR 9000 Routers and Juniper MX
- Managed Change Management process, ticketing process, customer requirements, and generated reports and managed MOPs in Remedy tool
- Implemented IOS upgrades, configuration changes and preventive maintenance routines following the change Management procedures
Environment: Remedy, Oracle Access/Identity Mgmt., Secure CRT, STM, DCNM, VPN, TACACS, RADIUS, NRM, IP Control
- Configured new or managed network equipment for internet and Voice (Cisco 1841, 2811, 3825 routers - Cisco 3550, 3750,6509 switches)
- Designed, supported and implemented LAN/WAN/Data Center using Cisco routers, L2/L3 switches
- Provided on-site technical support to Cisco product clients and internal users
- Designed and deploy network using dynamic routing protocols (OSPF, EIGRP and BGP) and network security (VPN and Firewalls)
- Performed periodic network audits, network device backups and test recovery plans
Network System Administrator
- Responsible for designing and implementation of clients’ network infrastructure
- Provided technical support with TELNET, SSH, HTTP and HTTPS
- Designed, implemented and management hosted server applications
- Implemented network and infrastructure related projects for clients; provided internal customer support for various divisions of the company
- Scheduled, coordinated and deployed server updates and preventative maintenance with limited downtime
- Maintained system security with anti-virus and firewall configuration
- Completed regular network backups, recovery and audits of network to determine integrity and security of system
- Provisioned Cisco routers and switches including 3825, 3620, 2921 routers and 3750, 3560, 3550 switches