OBJECTIVE:

Sr. Net Security Eng. /Architect where over a decade of successful experience and training will add value.

SUMMARY:

Seeking a position where more than a decade of application security, data security, cloud security, network management and network operations experience will contribute to increased efficiency; Energetic team - player, able to cross-train staff for best results.

PROFESSIONAL PROFILE:

• Intuitive, results-driven leader with diverse experience emphasizing cloud security and on-premised network architecture, endpoint security, IPS/IDS forensics, and Project Management.
• Excellent interpersonal skills, collaboration, and problem-solving skills, known for versatility, multi-tasking high-level priorities, ability to “wear many hats”, and exceeding expectations under pressure/ time constraints.

TECHNICAL SKILLS

Operating Systems: Windows (Enterprise and Server Editions), VMware, UNIX (all flavors), Novell

Firewalls: Checkpoint R60-R80, Cisco ASA, Palo Alto, Juniper, Fortinet, SonicWall

Programming Languages: Shell Scripting, VB, Perl, Python

Tools: Net Witness, Wireshark, Tufin, Firemon, Riverbed, SIEM, QRadar, Qualys, Nexpose, Nessus, Cisco Firepower, Cisco Sourcefire, Splunk, Imperva, Net Scout, Symantec, McAfee, AnyConnect, Cisco UCS, Cisco ISE, NSX, VSX, MS Azure, AWS, Confidential & Confidential Site shield, IPsec VPN, SSL VPN, DMVPN, VPC

Written Policies: IAM, MFA, IT Risk & Governance, NIST, SOX, PCI-DSS, ISO 27001-02, PII, DLP, GDPR, STIGS, HIPAA, OWASP

PROFESSIONAL EXPERIENCE:

Sr. Network Firewall Engineer/Architect

Confidential, Westmont, IL

Responsibilities:

• Architect, implement, and support of network security solutions to enable large scale projects and functionality.
• Technical Lead in the development and maintenance of networking and firewalls; applying expertise to best practices, methodology refinement, and solution validation.
• Provide input on costs, benefits, issues and risks related to development and support activities
• Participate in hardware and/or software studies and providing recommendations to leadership; provide input in the development of our IT application and architecture strategies as needed
• Provide consultation to the operations team and helping to train team members.
• Manage relationships between vendor support providers and IT, including communication, prioritization, coordination, and allocation of resources.

Tools: used: Checkpoint (inclusive all software blades) & Cisco ASA Next Generation firewalls, F5, Q Radar, KACE KBox, CyberArk, Duo, Cylance, Secure Works, Confidential & Confidential Site Shield, DNS, IPS/IDS, NexPose, Coalfire, Tanium, Cat OS, IOS, Nexus OS, EIGRP, BGP, OSPF, IPsec VPN, GRE, VPC, VMWare, Trend Micro, Rackspace, Imperva, AWS, Azure, Wireshark, Firemon.

Sr. Network Security Engineer/Consultant

Confidential, Downers Grove, IL

Responsibilities:

• Responsible for migration, configuration, and encryption updates of Cisco ASA IPsec Tunnels.
• Responsible for global company content management, configuration, updates, and analysis of Cisco Source Fire Defense Center.
• Installation, upgrade, configuration and troubleshooting of Cisco ASA/Source Fire Modules.
• Configuration of route statements using OSPF, BGP, MPLS, and IPv4 protocols.
• Responsible for Checkpoint Firewall architecture and design.
• Provide in-depth analysis for complex troubleshooting for Checkpoint, Fortinet, and Cisco ASA Firewalls.
• Performed security measurements using Cisco ASA, Forti Gate, Checkpoint, Cisco Routers, Switches, Cisco ASDM, Wireshark, Cisco Source Fire Virtual Defense Center, and What’s Up Gold.

Sr. Information Security Engineer/Consultant

Confidential, Elgin, IL

Responsibilities:

• Troubleshooting of new and existing Firewall installations.
• Design, develop and implement Firewall Architecture.
• Design and perform seamless upgrades of existing Firewall infrastructure.
• Responsible for Highest Level support for Firewall SLA contracts.
• Mentoring support for First Level One Firewall helpdesk staff.
• Provided security measurements using Checkpoint All Versions, Cisco ASA All Versions, Juniper SRX, Websense, Symantec, RSA, TACACS, Cisco ACS, Cisco switches, routers, Major Firewall Appliances.

SIEM Implementation Engineer

Confidential, Chicago, IL

Responsibilities:

• Manage SIEM interfaces for stakeholders and vendors on client side.
• Provide advanced technical support as Tier 4 mentor for the Security Analysts in the Security Operations Center for the transition from implementation to the tuning of the alerts and events.
• Responsible for defining, tracking and maintaining the standard baselines and configuration sets of all managed and/or monitored devices within SIEM zoning.
• Provide security analysis, notification, and reporting for clients based on alert creation and correlation identified through review of the various data feed types given.
• Responsible for proactive tuning values for IDS/IPS/HIDS/FW/IS audit levels and other configurations to the client during the initial phases.
• Provide security measurements using Trustwave OE, ArcSight, F5 LTM/GTM Series, Cisco ASA 5500 series, Checkpoint, Juniper, Fort iGATE, Python Scripting py, xml, MySQL, and Red Hat Unix Bash Shell .

Sr. Info Security Engineer

Confidential, Chicago, IL

Responsibilities:

• Responsible for IT Risk Management & Information Security domain standards development.
• Oversee the enforcement of Policy/Procedure/Standard through IT risk management and compliance certification, threat management, vulnerability management, IT risk assessment and formal risk acceptance processes.
• Provide airport network refreshes - design and deployment of security controls Confidential remote locations which involves building data center confidentiality, Internet DMZ and Common Services Zones.
• Provide LAN refreshes via Cisco Catalysts 2960 and 3750 IOS upgrades, Base Configurations, Delta File programming, SFP, GLC/ Confidential, and Fiber SM/MM patch and analysis. Provide security measurements using WireShark, Checkpoint NGX R60-R75 running on crossbeam (XOS and COS series) appliances, Checkpoint UTM-1 2070-3070 series, Cisco ASA 5500 Series, Cisco ACS 4.2, Symantec Sep 11, F5, Sourcefire IDS/IPS, WebSense, Tufin, Novell Access Manager, and Active Directory.

Global Info Security Engineer

Confidential, Chicago, IL

Responsibilities:

• Responsible for maintaining and monitoring security for our client's computing environments and perimeter security devices (Firewalls Checkpoint: R61-R71.3/Cisco ASA 5510/20, IDS/IPS, Qualys Vulnerability Analysis, Symantec Anti-Virus 10-11).
• Maintain and monitor the global and regional IT security architecture in alignment with the IT security policies and guiding principles to ensure the integrity and security of the organization's information contained on and transferred within all computing operating systems and applications.
• Develop and implement global security solutions to meet business requirements while balancing acceptable risk to the company’s client information assets.
• Provide security measurements using MAGIC, WireShark, Checkpoint NGX R61- R71.3 running on Nokia IP appliance, IPSO 4.6 - 6.2, ISS Proventia IDS, MessageLabs URL Filtering, PointSec Full Disk Encryption, Symantec Antivirus Sav 10 and Sep 11, FireMon Security Manager, Cisco ACS 4.2, Qualys Vulnerability management.

Checkpoint Solutions Engineer

Confidential, Lincolnshire, IL

Responsibilities:

• Responsible for creating, modifying, configuring, troubleshooting and monitoring of Checkpoint Firewall R70 VPN-1 NATs, Subnets, IPSec Tunnels, and VPN LDAP Groups for over 100+ business partners.
• Appointed primary lead over Duane Reade integration which involves firewall design, IPSec tunneling, VPN modifications, and overall gateway design and troubleshooting.
• Responsible for designing NATs, VLANs, subnet masks, Host Objects (nodes/groups), service ports, Interoperable Device design, VPN/IPSec tunnel management (encryption/IKE/ISA), trafficking, trunk port troubleshooting, firewall clustering/routing, and Internal/External data security analysis for over 7500 stores.
• Provide security measurements using Remedy, Checkpoint Provider-1, Softerra LDAP, Safeboot, and Lotus Notes (ACL/PCI/PHI/HIPPA/SOX/IPSec/VPN (RSA; Parallel)/Firewall requests).

Project Team Lead

Confidential, Chicago, IL

Responsibilities:

• Provided quality assurance of new equipment, asset inventory, and preparation.
• Directed the Windows XP OS, HP rollouts, Dell Server lockdowns, Cisco Nexus switch analysis, and Norton Ghost for the branches turnover.
• Directed team of 4 for critical technical support issues that may have occurred during bank conversion.

N/W Lead Instructor

Confidential, Chicago, IL

Responsibilities:

• Provided novice to expert training in fundamentals of computer and network hardware.
• Directed lectures for low to high level computer networking operations and securities.
• Responsible for maintaining computer lab, equipment and management of 4 assistant’s.

HP State Team Lead

Confidential, Chicago, IL

Responsibilities:

• Directed Windows XP to Windows Vista imaging on new HP desktops.
• Provided inventory control in MS Excel, Symantec Net backups, Active Directory maintenance, MS Outlook 2007 support, Digital Sender setup, VNC configurations and common network protocol troubleshooting.

UNIX/Windows Security Administrator

Confidential, Chicago, IL

Responsibilities:

• Monitor account access, password changes, application support, and intrusion detection reporting
• Provided security and critical access monitoring on 2000+ clustered servers which included Sun Solaris, HP-UX, Linux, OS 390, and ABLE 3000 systems.
• Responsible for complexity password changes using password generators for CyberArk Vault and CA eTrust
• Provided Active Directory account adds/deletes/changes, DMZ clustering, DBA In trader/Trade desk application support, NCS financial system intrusion reporting, vendor support for 4 continents, documentation authoring and revisions while maintaining SLA status Confidential 98.9 percent.
• Tools used were CA Top Secret, Lotus Notes, IBM Sametime, Peregrine Service Center, Active Directory, Windows XP, Windows 2003 Server, Citrix XenApps, SSL, SFTP, NIS, ESS, Secure Shell, Putty, Hummingbird, RSA, and Confidential & Confidential VPN Client which included shell scripting.
• Created account IDs and passwords for Novell 5 in conjunction with Windows Server 2008 Account Auth.