SUMMARY:

Full - time/Contract Network Engineer position

SKILLS:

Cisco IOS/IOS XE/IOS XR/NX-OS, Nexus 2200/5500/7000/7700 Series SwitchCatalyst 2900/3650/3750/3850/4500/6500 Series Switch, 1900/2900/3900/7600 Series Router, ASR 1000/9000 Router, Cisco WLC 4400/5500, Cisco MDS 9000, Cisco UCS, Cisco Aironet AP, Cisco Meraki AP, Cisco VoIP Juniper JUNOS, MX 240/480 Series Router Security Cisco ASA 5500/5500x Series Firewall, SRX 240/650/1400/3600 Series Firewall, Cisco Ironport WSA S380, Cisco ACS, PaloAlto 3050/5050 Firewall, Checkpoint R71/75 Firewall, ISG 1000/2000 Series Firewall, IBM NAB Load Balancers Citrix NetScaler MPX 11000, F5 Viprion LTM, Cisco ACE 4710 - Protocols OSPF, EIGRP, RIP, BGP, MPLS, IPv6, QoS, GRE, VRF, HSRP, vPC, VDC, VLAN, STP, VTP, Fabricpath, QinQ, Multicast, PIM, IGMP, MSDP, PPP, DNS, DHCP, PBR, NBAR, StackWise, 802.11x, WPA, DCB, vSAN, Fibre Channel, FCoE, iSCSI, DMVPN, IKE, IPSec, SSL, SSH, RSA, PKI, AES, 3DES, MD5, SHA, ACL, AAA, RADIUS, TACACS+, 802.1x Data Center HP Procurve, Compellant SAN, VMWare ESX/ESXi, Amazon AWS/VPC, Rackspace Network management Splunk, Zenoss, HPNA, Stealthwatch, Solarwinds, IPControl, ITNCM, Tufin, Junos Space, CiscoWorks, CiscoPrime, PaloAlto Panorama, Checkpoint SmartDashboard/SmartDomain Manager/Provider-1, MRTG, PRTG, Wireshark, tcpdump, smokeping, Nagios, Cacti, OpenNMS, SNORT, Nmap, Netflow, Syslog, SNMP, EEM, Cisco Device/Fabric Manager, Cisco CSM, Cisco MARS, Cisco ASDM, Racktables, LinkAnalyst Linux Debian, Ubuntu, RHEL, CentOS, Quagga, IPTables, OpenVPN, Samba, Bash Windows Windows Server, Exchange, Active Directory, SQL, Windows CA Server, Terminal Services, Group Policy, DFS, Visio Other HTML, CSS, Apache, Nginx, PHP, Python, MySQL, Memcached, Redis, MongoDB, Javascript, React, jQuery, NPM, Browserify, Uglifyify, Elasticsearch, TCL, iRules, Trixbox VoIP, Assembly Language, C, TWiki, Lotus Notes, GNS, Dynamips, Qemu, Virtualbox, Openstack, Openflow, SDN, EVE-NG.

EXPERIENCE:

Confidential - Chicago, IL

Network Design Engineer

Responsibilities:

• Focused on routing and security at the edge/extranet on networks located across Canada, US, Europe, Asia.
• Handled multiple projects at once varying in complexity.
• Created VPNs to vendors and extranet partners on Checkpoint/Juniper/Cisco devices.
• Worked with vendors and financial applications such as FIS, Bloomberg, Brokertec, Fedline, Xtiva, Pershing, CIBC, Fiserv, etc.
• Handled vendor data center migrations, and vendor IP changes. Plan and design backup data center migration.
• Worked with LOB to get circuit and hardware requirements, and designed new DR site.
• Worked on legacy site closures in US, and migration of traffic through primary data center.
• Worked on project migrating internet traffic from DMZ through proxy.
• Created ISP failover plans for multiple sites to test for high availability.
• Audit and remediate firewall rules for compliance.
• Upgraded IBM NAB devices across different sites.
• Create virtual lab environments using EVE-NG to validate all new designs.

Confidential - Rosemont, IL

Sr. Security Engineer

Responsibilities:

• Lead security engineer on migrating legacy Checkpoint R71 VPN cluster to Cisco ASA 5516.
• Migrate Checkpoint configuration using SmartDashboard, CLI, and Cisco online migration tool.
• Create IPsec VPN configuration not generated by migration tool.
• NAT both local and vendor traffic to private IPs to redesign IP scheme used over IPsec VPN tunnels.
• Create lab environment to validate new design. Identify and remediate incorrect configurations on ASA VPN device.
• Work with vendors to verify IPsec parameters and changes required for IP scheme redesign.
• Create security and NAT rules on PaloAlto and Checkpoint firewalls to allow traffic between vendor.
• Coordinate with line of business to determine downtime and schedule change window.

Confidential - Chicago, IL

Network Design Engineer

Responsibilities:

• Worked on international design and engineering team supporting all BMO business groups including commercial banking, capital markets, corporate and asset management.
• Support global network with multiple data centers, offices, and branches located across Canada, US, Europe, Asia and other major financial markets.
• Design/operate/optimize a varying network across different locations due to acquisitions/mergers.
• Network design typically consisted of edge Cisco ASR 1k routers, core/distribution Cisco 6500/Nexus 7k switches, access layer Cisco Catalyst 3650/3750 and Nexus 2k/5k switches, Juniper SRX 240/650/1400 firewalls, Checkpoint firewalls, Citrix Netscaler/F5/Alteon load balancers, branch/extranet Cisco 2900 routers and Cisco Ironport proxies.
• WAN backbone network consisted of multiple geographic areas connected using AT&T MPLS AVPN/EVPN network. BGP used between PE-CE to advertise prefixes and apply routing policies throughout network.
• Campus LANs used OSPF/EIGRP, HSRP, and vPC/VSS. QoS implemented to support VoIP, telepresence, and other application
• Multicast implemented to support capital markets trading environment. Solarwinds, Tufin, ITNCM, IPControl, Netflow, Wireshark and other tools used to check compliance, maintain configurations and logging, and help identify network issues.
• Lead design engineer on migrating all(500+) legacy Nortel 5520 access switches at corporate headquarters and capital market locations to Cisco 3650 switches.
• Created new Cisco switch configuration template supporting voice, video, wireless, multicast, and security hardening using port security, ARP inspection and DHCP snooping.
• Migrate Nortel configurations to Cisco, used Beacon reporting to maintain port configurations.
• Create BOM for purchasing switches, review SOW for work performed by IBM deployment team to refresh all sites.
• Other projects included migrating 450+ Fujitsu PBX phones to Avaya VoIP, moving BMO resources to new locations, implement VoIP for new locations, migrate corporate QRM database between data centers, migrate site from legacy Checkpoint to Juniper SRX firewalls.
• Address compliance issues such as syslog reporting, identifying non-compliant firewall rules, removing usage of VLAN 1 and VTP for networks acquired through merger.
• Research and identify security vulnerabilities in OS across all network devices, upgrade OS or apply workaround on all affected devices. assist in creating and reviewing firewall requests to allow internal and extranet services, create MOP for deployment team using IBM Lotus Notes.

Confidential, Chicago, IL

Network Design Engineer

Responsibilities:

• Worked on network engineering team supporting Confidential Inflight Internet service.
• Support global network with multiple data centers, and connectivity from devices on planes to the internet from different airlines.
• Design/operate/optimize a redundant, modular, highly available network built using a hierarchical architecture.
• Network design consisted of edge Cisco ASR1k routers, core Cisco 7600/Nexus 7k/ASR 9000 switches, distribution layer Catalyst 6500/Nexus 5k switches, access layer Catalyst 3700/Nexus 2k switches, Cisco ASA 5500x firewalls, and F5 Viprion 2400 load balancers.
• Campus LANs used OSPF, HSRP, and vPC.
• Extensive use of policy based routing to implement WAN optimization/compression. Solarwinds, wireshark, tcpdump and other tools used to manage network, maintain configurations and logging, and help identify network issues.
• Implement 802.1x solution to secure corporate network for both LAN/WLAN.
• Used Active Directory and Cisco ACS to authenticate users and push allowed VLANs and ACLs based on user groups.
• Implemented solution on both Cisco/HP switches and Meraki APs.
• Changed PCI design on firewall from using separate subinterfaces to a single subinterface design.
• Push gateways to routers and put all PCI components in separate PCI VRF behind firewall.
• Remove need to constantly add ACLs to allow traffic.
• Migrated and decommissioned FWSM contexts on Cisco 7600 to ASA 5585, using online Cisco FW migration tool to convert code.
• Upgraded ASA devices from 8.2 to 9.2, resolved issues related to new code affecting NAT and other features.
• Upgraded Cisco ACS devices to 5.6, and setup devices in HA design using primary/secondary servers for centralized management.
• Implement virtual servers, VIPs, pools, nodes, monitoring, and iRules on F5 Viprion to load balance access to web portals, WAN optimization, and other services.

Confidential, Santa Barbara, CA

Sr Network Engineer

Responsibilities:

• Worked as part of product operations team supporting products such as GoToMeeting, GoToAssist, GoToMyPC, GoToWebinar, Sharefile, and Podio.
• Design/operate/optimize a redundant, modular, highly available network built using a hierarchical architecture.
• Consistent network design deployed across all data centers consisting of edge Juniper MX240/480 routers, core Cisco 6500/Nexus 7000/7700 switches, distribution layer Catalyst 3500/Nexus 5500 switches, access layer Catalyst 2900/3500/Nexus 2200 switches, Juniper SRX 3400/3600 firewalls, Citrix Netscaler MPX 11000 load balancers, and Cisco Ironport WSA S370/380 proxies. WAN backbone network consisted of multiple geographic areas connected using either P2P or IPsec VPN connections.
• WAN network used BGP communities to implement routing policies. Multiple 1/10G uplinks from different ISPs per data center.
• Campus LANs used OSPF, HSRP, and vPC. QoS and multicast implemented at some data centers to support voice and video used in meetings and other products.
• Splunk, Zenoss, HPNA, Stealthwatch and other tools used to automate network, maintain configurations and logging, and help identify network issues.
• Worked primarily on data center migration of GoToMeeting product in Las Vegas from Switch NAP4 to SuperNAP8.
• Project scope involved replacing EOL/outdated equipment, and upgrading ISP and P2P circuits.
• Responsible for planning, design, implementation, and operation of new network.
• Worked with all teams including application, storage/database, security, monitoring, and infrastructure to create migration plan and design.
• Create and review BOM for appropriate equipment and features.
• Design and implementation of L2 extension from existing to new data center, failover services and applications to alternate data center, and final cutover to new data center.
• Detailed testing of high availability and redundancy for all devices.
• Work with ISPs to setup multiple 1/10G and P2P circuits.
• Created documentation of configurations, diagrams, design, and implementation details using Wiki and Visio.
• Migrated edge Juniper MX240 to MX480 series router, core Catalyst 6500 switches to Nexus 7700 switches, distribution/access 2900/3500 Catalyst switches to Nexus 2200/5500 switches, Juniper SRX 3400 to SRX 3600 series firewall, Ironport WSA S370 to S380 proxies, and Citrix Netscaler MPX 11000 load balancers.
• Deploy Nexus 7700 switches at new data center as new core layer.
• Migrated IOS code to NX-OS, used multiple VRFs to separate edge, core, database, and management zones.
• Use vPC to connect to downstream devices, including Nexus 2200/5500 for extended fabric connection to chassis switches and other devices.
• Deploy SRX 3600 firewalls using active/passive chassis clustering for HA, use virtual router to separate zones, manage firewalls using Junos Space.
• Implement authentication using Cisco ACS in redundant topology, and implement web proxy using Ironport WSA S370/380.
• Deploy pair of Citrix Netscaler MPX 11000 load balancers in active/passive HA mode, to provide load balancing for internal/external services and applications.
• Configure backend/virtual servers, bind services, bind monitoring, content switching, SNIP/MIP/VIP IP addresses, install/manage certificates, and SSL offloading.
• Upgrade Cisco ACS servers in redundant topology.
• Perform ISSU upgrades for Nexus switches. Identify Confidential attacks using monitoring tools, and perform Confidential mitigation using Verisign offsite scrubbing.
• Manage and connect to Amazon AWS VPC using IPsec VPN. Perform on call duties to address any production network issues, support internal enterprise network issues and work requests.

Confidential, Chicago, IL

Network Engineer

Responsibilities:

• Manage network of Cook County connecting over 100 sites and supporting over 25,000 users.
• Maintain reliable network connectivity for mission critical applications used by police departments, jails, hospitals, and all agencies within the county.
• Provide WAN connectivity to the City, State, and other neighboring counties.
• Operate and optimize a redundant, modular, highly available network built using a hierarchical architecture.
• Consistent network design deployed across all nodes throughout county consisting of core Cisco 7600 routers, distribution layer Catalyst 6500 switches, WAN aggregation Cisco 7600 routers, and access layer Catalyst 2900/3500/3750/3850 switches.
• WAN backbone network consisted of 10 geographic areas connected using either OC3 drop or 10G dark fiber, and T3 for backup. ONS 15454 used for aggregating ethernet and TDM based circuits running over Sonet ring.
• Three ISP uplinks with multihoming used for redundancy and performance, with iBGP running internally.
• Campus LAN used multi area OSPF, with high availability using HSRP. RSTP used between distribution and access layer, as well as BPDUguard on the access switches.
• QoS implemented to support phone systems, and multicast implemented to support broadcasted meetings.
• CiscoWorks used to manage network devices, maintain configurations and logging, and help track end users to access layer switches.
• Operate and optimize multiple ASA 5500 firewalls, manage firewalls using Cisco CSM/ASDM/CLI, and troubleshoot network connectivity issues using ASDM log viewer and Wireshark. Implement and monitor site-to-site IPsec VPN connections, and implement both IPSec/SSL client VPN connections using PKI infrastructure for both internal users and vendors.
• Implement authentication using both Cisco ACS and LDAP using Active Directory.
• Implement web authentication for users using ASA HTTP authentication feature.
• Resolve VPN end user issues.
• Plan/design/implement major County network refresh.
• Project scope involved replacing EOL/outdated equipment throughout network, deploy new Nexus devices and ASA 5585-x firewalls, installing additional ISP uplink, and implementing new WLAN networks.
• Perform walkthroughs and surveys, review BOM for appropriate equipment and features, and verify proposed network design and SOW.
• Work with installers to verify rack space, power, and cabling.
• Work with agencies and management to schedule cutover times.
• Deploy Nexus 7000 switches at two main campus locations as new core layer.
• Create VDCs for production traffic and new ISP uplink termination.
• Use vPC to connect to downstream devices, including Nexus 2000/5000 for extended fabric connection to servers.
• Deploy wireless network using Cisco 4400/5500 WLC and Aironet APs. Perform site surveys for new deployments, prime APs, create WLAN and dynamic interface, create AP group, and configure Layer 2 security and QoS.
• Deploy redundant pair of Cisco ACE 4710 to provide load balancing for County Exchange mail servers.
• Configure high availability, health probes, real servers, server farm, HTTP cookie sticky service, and virtual server. Plan, design, and implement internet connection migration from 100 Mbps to 200 Mbps. Migration involved verifying BGP peering on new uplink, scheduling network outage for cutover, modifying and creating firewall and NAT rules, working with internal groups to change DMZ server IP addresses and update DNS changes. Responsible for monitoring network nodes and links using CiscoWorks and LinkAnalyst, network bandwidth usage and Netflow collection using PRTG, and firewall and device logs on Cisco MARS for anomalous behavior.
• Design and implement requests for new network access both on LAN campus and branch offices.
• Requested services include new WAN circuits, switches, routers, firewalls, APs, and VPN accounts.
• Provide DNS and DHCP services to end users.
• Work with Cisco TAC to resolve issues. Work with ISP to resolve circuit issues.
• Create and support VPN networks used for transmitting polling data for general, primary and presidential elections.

Confidential - Chicago, IL

Network Engineer

Responsibilities:

• Perform role as data center manager which involved taking inventory of hardware; configuring and installing network equipment and servers; maintaining documentation and configuration for all equipment; monitoring network usage and node issues using Cacti and Nagios; perform updates and maintenance for network equipment; reviewing equipment log information using syslog. Setup and managed 13 full 42U racks in XO&Coresite data centers in downtown Chicago.
• Four were for internal use, while the rest were co-location and managed servers which were supported on various levels.
• Design and implement data center LAN/WAN. Implement collapsed core using Cisco 6500 switch.
• MetroEthernet uplinks connected to dual Sup720s with failover providing high availability.
• Redundant open source firewalls implemented using IPtables, and client VPN connections implemented using OpenVPN.
• Cisco ASA 5500 and Sonicwall 2040 firewalls implemented for VPN connections to clients, and Cisco 2800 routers used for point-to-point T1 connections to clients.
• Plan and manage data center migration from XO to Coresite.
• Migration involved moving internal and customer equipment with minimal downtime.
• Work closely with customers to create a project schedule to organize moves.
• Prepare network design to implement new data center LAN/WAN, work with ISPs to install uplinks and connections between data centers using QinQ.
• Move mission critical servers on the SAN, and test all aspects of network to verify functional operation. Design and implement Compellent SAN infrastructure.
• SAN consisted of dual controllers for failover, four Cisco MDS 9000 FC switches, and 20TB of FC/SATA storage.
• Configure and install fiber channel HBA cards, create and manage volumes and replays, and implement iSCSI using Cisco 2960 switches. Install different OS and VMware ESX, and monitor storage for usage.