SUMMARY:

• Sr. Network Security Engineer with over 20 + years of experience in design, installation, configuration, administration and troubleshooting of LAN/WAN L2 and L3 OSPF/EIGRP/BGP/VRF/MPLS/SpaningTree/Port Channel/VPC/LACP/VDC/OTV/VPN/NAT/ACL/HA. Cisco ASR/ISR routing, Catalyst/ PoE /Nexus Switching infrastructure and Cisco, Checkpoint firewalls. NOC Level 3 Architectural and support Data Center/Cloud environments.
• Have strong engineering experience in implementing SNMP monitoring, firewalls and security such as ITIL, PCI and Identify Vulnerabilities. Manage Cisco Wireless PRIME, CISCO IOS, CAT - OS, NX-OS, Hardware such as Nexus 2000/5000/7000/9000 , ASA 5510/5515/5520/5585 , Cisco Catalyst switches 4700/6500/3850 series, Linux Redhat/Suse/UNIX. Consult in various industries like Telecommunications, Data Center and Production, Manufacturing, and Engineering services industry.

TECHNICAL SKILLS:

Operating Systems: Windows Vista/Windows Server, Windows Mobile, Linux, CISCO IOS, UNIX, Mac OS X, DOS, PalmOS, Symbian, Android, iPhone OS.

Other Software: IBM Tivoli Enterprise Console, IBM Tivoli Netcool / OMNIbus, SAProuter, SSH, EotS, Microsoft Office, Power Quest Drive Image, Norton Ghost, ZoneAlarm, McAfee Antivirus, Norton Antivirus, Symantec antivirus, Winternals software, VMWare, VirtualPC, MDaemon, Agnitum Outpost, PuTTY, Solarwinds, Kiwi, Network Monitoring System, CVS, SQL database.

Technologies: Wireless Gateways Networking, Wi-Fi, TCP/IP, UDP, xDSL, ADSL, SHDSL, ISDN, Ethernet, Directory Service, SSH, DNS, FTP, HTTP, Email, SMTP, POP3, IMAP, V.32, V.32bis, V.42, V.42bis, V.90, V.92, RS-232, NAT, VPN, 802.11a, 802.11b, 802.11g

Networking: (TCP/IP stack, routing, Communication protocols, Link-Level protocols, Modems, High-Speed Internet access, LAN/WAN, Physical cabling, Network planning and design, Troubleshooting)

Network Hardware: (CISCO Routers, CISCO PIX Firewall, CISCO Catalyst Switches, Check Point Secure Platform Pro, Aventail, Nokia Firewall, Tipping Point Intrusion Prevention System (IPS) basic)

Security (Firewalls: VPN, DMZ, Tunnels, Intrusion detection and monitoring, CISCO, DMZ, ACL)

Wireless: (Wi-Fi, 802.11b, 802.11g, WEP/WAP, Bluetooth, GPRS, Roaming, Wireless Security)

Specific Hardware: (Broadband routers, Modems, CISCO Hardware Firewalls, Wireless Routers, Access Points, Billing Hardware, Medical Hardware)

User Management: (Active Directory, Microsoft Windows Domain Controller, Workgroups, Billing Systems)

Internetworking: (NAT, PAT, Proxy Access, FTP, Email, Traffic and Bandwidth Accounting, User Management and Auditing, Messaging Solutions, Sniffing)

Protocols: (TCP/IP, UDP, SSH, FTP, HTTP, SMTP, POP3, IMAP, DNS, STP, RSTP, IPSec, LWAPP, RIP, EIGRP, OSPF)

System Architecture: (PC Hardware, Apple Mac Hardware, Pocket PC, Windows Mobile, Symbian, Palm OS, Android, Blackberry, Mobile Communication Devices Hardware Diagnostics, SCSI, RAID, Troubleshooting and Upgrade)

PROFESSIONAL EXPERIENCE:

Confidential, Boston MA

Sr. Network Security Engineer

Responsibilities:

• Engaged in project management, including analysis needs, Network planning, segmentation, implementation, and designed documentation in Visio. Performed Data Center migrations from Canton MA to Portland OR and LAN and WAN troubleshoot.
• Supporting the ongoing management and maintenance of network service components encompassing switches CAT 6500/4507, C2960, Routers 2921, ISR 3800, wired and wireless networks. Designing GRE, IpSec Tunnels building DMVPN between 15 sites, Migrated VPNs from Nortel Contivity to Cisco 2900/3900 routers. Configured routing protocols. Managed firewalls such Cisco ASA 5520, Checkpoint Smart Dashboard R77 nodes, policies and rules ACL/NAT.
• Assigning IP addresses, managed vLANs and network-related servers and services such as RADIUS, DNS, and DHCP. Configure NEXUS 5596 - VPC, Port channels, registering 2000 FEX extenders. Troubleshoot Cisco Wireless Clients using Cisco Prime. Connected brand new access point to the Cisco Wireless Controller 5508, created network documentation of route distribution and subnets.

Confidential, Worchester MA

Sr. Network Security Operations Engineer

Responsibilities:

• My daily responsibilities to Implementation and troubleshooting on devices such as: Cisco ASA, Cisco Routers configure OSPF, EIGRP, MPLS, VRF, Cisco Nexus (2k, 5k, 7k). Configure VPC Peer-Keepalive Link, Port Channels, VPC, register FEX 2k. Managed Checkpoint R77 firewalls such as - network nodes, groups, and push security policy changes.
• Performs routine firewall, changes such as IPSEC, VPN, SSLVPN, NAT, customer ICL’s. Assisted to migrate about 20 Checkpoint to Palo Alto firewall PA-4060, PA-5020 using PAN-OS Conversion Tool Imported NAT, VPN rules, loaded checkpoint configs, corrected and clean up imported rules.
• Manage Linux, Unix working on incidents and troubleshooting ServiceNow tickets, processing from Tier 2 staff. Interacts with the Security Operations Center (SOC). Analyze vulnerability of networks and systems and suggest solutions and proposed policy upgrade for any threats identified. Create documentation and guidance for processes according ITIL process, assisting in tracking firewall audit and team members.

Confidential, Providence RI

Sr. Network Engineer

Responsibilities:

• Data Network Implementation Lead project. Configured Cisco 2801, 2900, ASR1001, ASR1002, Cisco 650x platform. Implement and support Cisco ASA NAT, VPN solution such as AnyConnect/ Site to Site. Set up Nexus 2K/5K/7K devices with VM environment for Disaster Recovery. Installed various nexus modules M and F series, copper SFP and fiber. Configure OSPF, BGP, VRF, routing on Nexus, VPC, Port-channels, Processed port, IP, firewall and load balancer requests, Perform network summarization for optimize network routing.
• Fallow implementation guide configured iRules for local traffic on few F5 BIG-IP LTM and WebAccelerators. Configured and support disaster recovery and mainframe testing, configured SNMP monitoring, troubleshoot network connectivity used QRadar to identified Firewalls activity.

Confidential, Andover MA

Sr. Network Security Engineer

Responsibilities:

• Designing and implementing large-scale networks, network routing, switches, firewalls, load balancer, firewalls (including client and PTP VPN), WAN accelerators and internet-related networking and security technologies. Design and implement security-related improvements and enhancements to customer and internal networks. Designs and tests provisions VPNs.
• Developed intrusion detection and firewall management architectures. Deploying Cisco ASA 5515, 5520 network firewalls and Cisco ACLs. Design 10gig redundant network for EMC DD990, NetApp, implementation and direct support of customers. Managed Cloud Services Platform, network infrastructure supporting Core distribution and Access switches. Implementing security policies and infrastructure in a multi-customer ISP Data environment. Support and configure new Cloud offering, DaaS, IaaS and SaaS.

Confidential, Burlington MA

Sr. Network Security Engineer

Responsibilities:

• Leading in an enterprise data center migration. Working with the existing team to complete project work, assist with tier III alerts, such-as emergency, guide technician to install/replace hardware at datacenter facilities. Performing Dell SecureWorks Vulnerability Management, blocking scanning IP on IPS module on Cisco 6500 catalyst switch. Implementation SNMPv3 network monitoring for whole datacenter, finding OID's, setup custom sensors for network.
• Daily perform task such as: Configure ASA/PIX/Cisco Firewall Service Module (FWSM) opening Firewall rule, manage OSPF, NAT, VPN, VRF, VRRP NEXUS 5k/7k, configuring Cisco 7600 Series Routers, Cisco 6500/4510 Series Catalyst Switches, configuring Nexus 7k/5k/2k FEX module (Fabric Extenders) F & M series, VLAN, VPC, Port-channels, configuring Cisco ACE for server farm for load balancing, identifying firewall issues using Capture, packet-tracer and some tools such as Wireshark Nessus, nmap, NA/Sniffer Pro, Nagios, Rancid, assist with ITIL implementation, perform capacity planning, configured and troubleshoot HP iLo and Proliant BL460c blade running linux and many more.

Confidential, Portsmouth NH

Sr. Network Engineer

Responsibilities:

• Lead MPLS upgrade team to assist in all stages installation and maintenance in state-of-the-art voice/data network technology include Video - Streaming Media, Telco Circuits and Transport T1/T3/DS3/OC3. My daily responsibilities were to prepare devices configuration.
• Attending hosting services cut over meeting over 900 company offices. Install new and upgrade Cisco routers 2811, 2921, 3925, ASR1002-5G w/ SFPs. Cisco switches 3850/6500/4500.
• Network Management and troubleshoot - DNS, DHCP, BGP, preffics list, Access list, IGRP, VRRP/HSRP,VRF, VLAN, Infoblox - IP Management, Avaya Avaya G350/450 gateways, Avaya voicemail, Avaya IP Office branch system w/ stations 4620sw/4621sw /Cisco voice, Avaya Site administration.

Confidential, San Jose CA

Sr. Network Engineer

Responsibilities:

• The project to coordinate and responsible for migration all CISCO testing laboratory running multipurpose Cisco Voice for running effective tests solutions for various Cisco devices and software equipment which is over 360 on 26 racks networking & systems containing Cisco 6500 Switches
• Linux Based high-end Servers, Storage SAN, NAS. Setup voice Cisco 2800/3800/2900/3900 , Cisco Unified Communications Manager, connecting phones. Configured Cisco 2950 switches, 7200 Routers and 4500 Switches, Multi service Modular MDS 9222i, Cisco Voice Gateways VG224/248.
• Configured and troubleshot; VLAN’s, STP, VTP, Tranking, DNS, DHCP EtherChannels, Access Lists, EIGRP, NAT, QOS, BGP, MPLS and static routing. Configuration OSPF on Nexus 7000/5000/2000 FEX Extenders
• VSXi installation on Cisco Server Chassis UCS-5108, UCS 6120xp for new product testing and development, in both a test and production environment.

Confidential, Cedar Groove NJ

Sr. Network Analyst

Responsibilities:

• ESC consulting company specializing in software projects consulting and technical support. Lifecycle: analysis, design, testing, deployment serves various industries: financial, brokerage, banking, insurance, health care, manufacturing, pharmaceutical, and many others. Being responsible for consulting and technical support Linux and other systems, networking, wireless
• Network implementation: Cisco routers 2811, 2921, 3925. Cisco switches 3850/6500/4500. Implement CISCO ASA 5510, 5515- firewall deployment, rule base revalidations and migrations for multi customer environments. Configured VPN site to site, NAT, PAT, Cisco Nexus 7k, 5k, 2k / network replacement at all US colo’s. Installed and migrated the various cloud/customer physical network pods into this new virtualized Cisco infrastructure perform such as architectural configurations, troubleshooting. Being responsible for development architectures and standards documents for wireless networks for customers. Performing AirMagnet site survey for wireless Wi-Fi coverage technologies end products for multivendor WLC 5508 controller and access point systems with Cisco Aironet 3700/2700 with CleanAir Technology for Accurately identifies source, location and roaming.
• Performing estimation technology wireless network protocols based IEEE 802.11a, IEEE 802.11b, IEEE 802.11g and IEEE 802.11n carrying the actual traffic. Configured BGP/OSPF routing protocol for suitable to the actual network physical topology. Configured IEEE802.11s with Hybrid Wireless Mesh Protocol to use longer-range lower-bandwidth service.
• Used Cisco Prime to manages WLC and troubleshoots wireless clients. Implementing Cisco Aironet Omnidirectional Antenna outdoor and Indoor 5GHz, 3.5dBi Omni/Dipole Antenna for best wireless performance. Manage protocols: TCP/IP, UDP, SSH, FTP, HTTP, SMTP, POP3, IMAP, DNS, RSTP, IPSec, LWAPP, RIP, EIGRP, OSPF. Assisting all technical environments with effective monitoring solution. Wirelesses network troubleshoot and support based on CISCO Aironet 1100,1200, Cisco 1520/1522 Mesh Access Points.

Confidential, St Louis MO

Sr. Network Security Engineer

Responsibilities:

• AT&T is the largest provider of local, long distance telephone services in the United States, and also sells digital subscriber line Internet access and digital television. AT&T is the second largest provider of wireless service in the United States, with over 81.6 million wireless customers, and more than 150 million total customers.
• Being responsible for configuration, maintenance and monitoring of clients firewalls, routers and load balancers, I worked as Network security engineering team to support, troubleshoot with a wide range of hardware devices including but not limited to CISCO IOS, PIX505 and ASA 5510/5515 Products. Deployed the first Nexus 7000/7700/5000/5500/2000 architecture into production securing competitive advantage across multiple verticals.
• Configures multiple VPC for storage and VLAN. In my work I’ve utilized various software products such as Cisco Works, Lotus Notes and many other databases, Remedy, ticket management MAXIMO, R1 and others. Used Nessus scanner for Network Scan External/Internal large networks with many hosts. Manage and troubleshoot networking protocols such as MPLS, BGP, OSPF, HSRP. Performing network security packets scanning using capture tools tcpdump and Wireshark, Nmap to analyze to identify network problems.
• Manage spanning tree network, 802.1q trunking and VLAN, Proxies, Configured DNS, Manage the network scripting using bash to perform some automated tasks. Revalidate firewall rules to optimize the rules and recommend for specific clients application types. Responsible for life cycle and End of Live networking devices, Improve process documentation improvements to prevent compliance violations. Planning and performing the network security audit, Service Activation and Deactivation, Incident Responses.
• Assisting all Systems Development Life Cycle (SDLC), Vulnerability Scanning Assist team leader with service planning and maintain PCI network security documentation, ITIL procedures and processes to improve service delivery and reporting. Work with team on-call rotation.

Confidential, Jersey City NJ

Sr. Network and Firewall Engineer

Responsibilities:

• IBM, the world’s largest multinational computer technology and consulting corporation with over 338,000 employees and over 170 offices worldwide. At Confidential I administered firewalls, switches, routers and load balancers for Deutsche Bank, one of the largest clients of IBM and one of the largest financial institutions in the world. Being responsible for support for configuration, maintenance and monitoring of client’s firewalls, routers and load balancers, Revalidating firewalls rules and identify rules that can be removed if not used by clients application.
• I worked with a wide range of hardware devices including but not limited to CISCO Switches and routers, PIX/ASA Firewalls, Checkpoint NGX R62/R65/R70 Provider- 1, IBM xSeries, Foundry Server lon and others. In my work I’ve utilized various HP and Dell, AIX, Suse, RedHat linux servers and others include Bralde Logic and CVS, Assisting all Systems Development Life Cycle (SDLC) and supporting Web Applications, reverse-proxies, socks and many others.
• Using network security analysis tools Wireshark, TCPdump, to sniff traffic, using monitoring software CA Spectrum, Qradar identifying security assets, analyzing log, flow, vulnerability, user and asset data troubleshoot devices and firewalls. The position required from me extensive work with low level network protocols management, security tasks such as defining and managing ACLs, hands-on working with advanced network technologies such as virtual private networks, tunneling, remote access and management, demilitarized zones, etc.

Confidential

Sr Network Engineer

Responsibilities:

• Responsible for such as design, implementation, configuration, and management of enterprise wireless hardware, software, and implementing Wireless Control systems (WCS). Design wireless systems operation of IEEE 802.11 b/g, 11n, 11ac, Manage Cisco WCS, installed WiSM into Catalyst 6500
• Performing WLAN software such as AirMagnetsite survey for wireless Wi-Fi coverage technologies using WLC 4404 controller and access point system. Implement Cisco Wireless LAN Controller Modules NME-AIR-WLC8-K9 with 3845 Services Routerused for robust coverage with 802.11 a/b/g to deliver unprecedented reliability using 802.11n and Cisco Next-Generation Wireless Solutions. Setting up Cisco AP 2700 with CleanAir. Installed AIR-AP1010/AIR-AP1020 to use (LWAPs) to control multiple Wi-Fi wireless access points at once.
• I submitted a proposal to hotel Director to create and set up Wireless Internet Access for whole hotel infrastructure using wireless technology performing Airmagnet site-survey and analyzing signal spectrum. I have planed and coordinate system utilization and capacity.
• My team was responsible for advanced enterprise wireless LAN/WAN design, troubleshoot, Configured hardware: Cisco Catalyst 6509/4510/Cisco routers Cisco routers 2811, 2921, 7603/ASA 5505 configured customer access lists, DNS, VLAN, OSPF, BGP, NAT, Create wireless mesh networks, and point-to-point and point-to-multipoint topologies. Implement SNMP Network Monitoring and data acquisition. Used for troubleshoot TCPdump, Wireshark, many others.