PROFESSIONAL EXPERIENCE

Confidential

SR. Network Engineer

Responsibilities:

• Supported Enterprise Cisco routers like Cisco ASR 1002, 7200s, 3800s, 2800s, and 2900s and Enterprise Cisco switches like Nexus 7010, Catalyst 6500, 4500, 3850, 3750G, 3750X, 3560Xs.
• Provided network support for global MPLS WAN, DMVPN, IPsec VPNs and Internet circuits to maintain availability and performance.
• Supported routing protocols like eBGP, iBGP and EIGRP. Used BGP attributes and access - lists to filter and manipulate BGP route advertisements. Upgraded Cisco IOS image and ROMMON firmware on Cisco routers and switches.
• Provided support for global remote access SSL VPN using Adaptive Security Appliance (ASA) and Juniper Pulse Secure VPNs. Used Cisco Adaptive Security Appliance 5512-X, 5520 and 5580 series (ASA) Firewalls to protect zones with different security levels.
• Supported Checkpoint VSX Gateway Security Appliances running R65, R77 and R77.30 Gaia (Red Hat Enterprise Linux 5.2 based) on external perimeter to control and enhance security at the network edge. Create and modify firewall policies to allow /restrict/block access to network resources. Configure and Provide support for Checkpoint Eventia and log servers
• Maintained and configured Cisco’s Wide Area Application Services (WAAS) and vWAAS for traffic optimization and acceleration over the WAN. Utilized WAN Acceleration Engine (WAE) 512, WAE-612, WAVE-694 and WAE-7326-K9 devices
• Worked on Avocent ACS8, ACS16 and ACS32 Linux and Unix (Solaris) Cyclades and configured dial-up modem for backup and out-of-band network access.
• Conduct weekly, monthly, quarterly and yearly Disaster Recovery testing on network devices and services. Verify disaster recovery instance functionality and replication between the disaster recovery and production environments.
• Used Solarwinds, Syslogs, Kiwi, Scrutinizer and DeniKa network monitoring tools to monitor network service performance, utilization and proactively detect potential network device and service failure. Used Netflow and Scrutinizer to capture network traffic and payload analysis.
• Configure TACACS authentication for users’ access to network resources. Configure users, routers and switches for TACACS authentication.
• Mitigate Network devices' security vulnerabilities as reported by external security penetration testers.

Network Engineer III

Confidential

Responsibilities:

• Work as a technical lead for Army Knowledge Online (AKO) Continuity of Operations and Management Center NOC and provide support to AKO/DKO Systems and Network availability and performance. Interface with DISA and CONUS in support of network connectivity and circuit issues related to AKO network.
• Responsible for allowing external customers access through AKO Firewalls at both Primary and Disaster recovery Sites. Assist and coordinate with CI owners a Continuity Of Operations Plan (COOP) between the Primary and Disaster recovery sites as necessary.
• Monitor and maintain AKO/DKO systems and network performance and availability; using Network monitoring and reporting tools like Netcool Internet Service Monitor, Smokeping, Sitescope, MRTG Grapher, Cacti, Syslogs, IBM Tivoli Enterprise portal on NIPRNET (unclassified) and SIPRNET (classified) Networks.
• Configure, monitor and troubleshoot small, mid-to-high end Cisco switches including 2950s, 3700s and 6500 series switches and 7600 series routers. Troubleshoot and implemented switch port security, connectivity and VLANs on both NIPRNET and SIPRNET networks.
• Manage network operational incidents, coordinate, create and review such reports and disseminate to the Government representatives through a secured medium (Informational Special Outage Report) and through Situational Awareness Reports in confidential and secure manner.
• Ensure environmental concerns such as temperature and humidity controls, media reuse, disposal, and destruction of media containing sensitive information is adequately addressed. Process spillage information reported from the AKO/DKO help desk and the Army Global Network Operation Security Center (AGNOSC).
• Prepare a daily briefing for pertinent Army Knowledge Online (AKO)/Defense Knowledge Online (DKO) services status of both classified and unclassified nature for the AKO/DKO Government representatives. Ensure the accuracy and completeness of the daily briefing and point out all service impacts and events that fall outside normal operational parameters.

Network Engineer

Confidential

Responsibilities:

• Analyze, change and define VPN policies and requirements to achieve a secure remote network access, which meet HIPPA standards for electronic health care transactions. Analyze network routes and VLANs for optimum and secure access to state of the art medical imaging reports, with high availability and confidentiality. Installed, configured and maintained Cisco routers and PIX 515E, 506, 501 firewalls and defined secure access policies for remote data access.
• Work on VPN Concentrator 3000 and configured secure VPN tunnels between small remote offices throughout US and the head quarter. Utilize secure Authentication and Authorization parameters for remote access using RADIUS, PPTP, L2TP and IPSec tunneling protocols to protect Information systems housing PHI data from intrusion.
• Responsible for the configuration and maintenance of company’s Wide Area Network Frame-Relay, secure VPN and VOIP connectivity for about 21 remote sites. Work on the new and existing Frame-Relay, T1 and OC-3 circuits to connect between different sites.
• Used Ethereal Network protocol analyzer to interactively browse the network traffic, analyze and troubleshoot connectivity problems. Maintain the status of SSL certificates for the company’s US and UK servers using VeriSign Web server Security.
• Configure, monitor and troubleshoot Cisco 3600s, 2800s, 2600s, 1700s series routers and small to mid-size Cisco Switches; including 3700s, 3500s and 2900s series switches. Installed, configured and maintained VOIP networks in a Cisco Unified Communications Manager (CUCM) environment, using 7940 and 7960 Cisco IP phones. Configure QOS on Cisco routers and switches.
• Monitor network utilization and performance monitors using network performance monitoring tools like Solarwinds, MRTG Traffic Grapher, Cisco Network Assistant, Kiwi and Neon Cyber gauges.

Network Engineer

Confidential

Responsibilities:

• Responsible for the configuration, integration and deployment of Secure Wireless Wide Area Networks (WWAN) and WLAN network. Integrated secure wireless data communication systems, which meet the Federal Government’s network security standard (FIPS 140-2 compliant), utilizing commercial GSM and CDMA cellular wireless data services like GPRS, EDGE, 1x RTT, 1x EVDO and iDEN.
• Designed and implemented secure IP network addressing and subnetting for secure broadband wireless network connectivity to CBP’s sensitive but unclassified data, which meets the confidentiality and Integrity requirement of the existing security policy and compliant with FIPS 140-2 standard. Nationwide deployment of wireless strategies to selected US international airports, seaports, and land border entry points.
• Installed, Configured and maintained Cisco Pix Firewalls, routers, Switches, VPNs, IBM Websphere Everyplace Connection Manager (Wireless Gateway), rugged wireless laptops and PDAs as a secure broadband wireless data access solution. Configure Cisco routers and CSU/DSUs for Frame-relay, T1 and T3 connectivity.
• Built Sun Solaris, IBM AIX and Windows 2000 servers and configured them as a secured FIPS compliant wireless gateway. Implemented nCipher crypto key management and Hardware Security Modules (HSMs)- a trusted platform within which keys can be securely created, used and stored.
• Worked with NIST to implement a secure wireless WAN access solution to sensitive Government data, using nCipher tamper proof and sealed encryption key and secure key management solutions.
• Worked on US/Canadian and US/Mexican borders Point of Entry (POE) Video surveillance systems, Digital Video recorders (DVRs), PTZ Video Cameras, Lenel secured access control products and magnetic card readers to locally and remotely provide information to CBP border workers. This included Video surveillance of everyone passing through the POEs, knowledge management-based targeting systems that focused on the most likely threats using INS, FBI and local government’s criminal data; and digital records of all cars entering and exiting the United States.
• Troubleshoot network connectivity, server and desktop hardware and software related problems in a heterogeneous and complex networks consisting of Sun Solaris, HP-UX Unix, Novell NetWare, Windows NT and the Banyan Vines networks.
• Diverse practical technical knowledge, excellent problem solving skills, and use of structured troubleshooting methodologies for the Agency’s network, hardware, UNIX file and mail server maintenance and administration.
• Performed network administration tasks and end user support, including user accounts, email accounts, email forwards, daily and weekly server backups, and file restorations.
• Took responsibility to successfully complete time sensitive projects including TCP/IP configurations, Pathway NFS, GroupWise, Beyond Mail and Remote Access Service projects in mixed domain architecture, independently and in a team environment.
• Established procedures and instructions and created documentation on the proper installations and configuration of Pathway NFS network client and LPR printing systems for future use.

TECHNICAL SKILLS:

Networking: Cisco Routers, Switches, PIX, ASA and Checkpoint Firewalls, Cisco VPN concentrator, VOIP, VLAN, Frame-Relay, T1, T3, CSU/DSU

Wireless: CDMA 1xEVDO, 1XRTT, GPRS, EDGE,Cellular Digital Packet Data (CDPD), Ardis (tcp &x.25 based), Mobitex x.25, 802.11x IEEE, IBM Secureway suite of wireless middleware, Dynamic Mobile Data suite of wireless middleware.

Operating Systems: Cisco IOS, HP UX, Windows 2000/2003, Windows XP, Windows NT, Novell, AIX, Sun SolarisProtocol: Ethernet, RADIUS, IPSec, SSH, DHCP, DNS, SMTP, HTTP, LDAP, SSL, SLIP, PPP, TCP/IP, UDP/IP, IPX/SPX, HSRP, RIP, EIGRP, OSPF, eBGP and iBGB.

Security: Cisco Firewall Services Module (single and Multi-context) PIX 501, 506, 515E, 520, 525, 535, V-One, Novell Border Manager 3.5 Enterprise, IBM WebSphere Connection Manager, VeriSign Web server Security, nCipher Encryption key Management, checkpoint administration.

Practices: Netflow, Ethereal protocol analyzer, Wireless Security, wireless gateway, Sierra Aircards 750/710, 555s, 550s, Airprime PC5200 and PC3200 Air cards, Novatel Merlin cards, Enfora spider II CDPD wireless modems, Access points, Cisco and Proxim Wireless LAN cards.

Software: Microsoft office suites, Microsoft Project, Visio, Service now, Track-IT helpdesk software, Remedy ticketing system, VERITAS data backup.

Hardware: Intel x86/pentium, Dell, IBM Pseries, IBM RS/6000, Wireless Laptops, PDAs, Sun Ultra 60/10