SUMMARY

• Network Security Engineer with experience in implementation, maintenance and support of LANs, VPN, Firewalls, Proxies, DNS, DHCP and Active Directory. Additional experience includes disaster recovery, software deployment, capacity planning and business continuity
• More than twelve years of experience managing and provisioning a LAN environment
• Recognized and commended by management for improving uptime and operation flow just after few months of being hired
• Developed standard and automated procedures to handle complex as well as day - to-day tasks
• Consistently supported sites achieving excellent reviews by users and customers
• Versatile individual able to prioritize, multitask and work proactively to accomplish multiple projects at the same time
• Troubleshoot problems and recommend/ implement solutions.
• Manage assigned projects including accepting responsibility and meeting milestones in a timely manner.
• Effectively communicate with customers and peers.
• Excellent verbal and written skills with outstanding customer service.
• Written comprehensive documentation including design documents, policies and procedures.
• Self-motivated and able to work on tasks, activities, and projects with minimum supervision.
• Detail-oriented with excellent analytical and project-tracking skills
• Team player interested in achieving overall department goals
• Learns technical information quickly
• Foreign Languages: Excellent oral and written fluency in Spanish.

TECHNICAL SKILLS

Network Security: Cisco ASAs 9.X, CheckPoint R77, R75, PAN OS 6, Fortinet, Ironport Network WhatsUpGold v15 (Monitoring), Splunk v4 (Logs). IP addressing, Bandwidth usage, Proxy Services, Image Deployment. Switching and Routing-Cisco Configuration of routing protocols (EIGRP, OSPF, BGP), switching procedures, creation of VLANs, VPN and firewall setup. Wireless Cisco Access Points Autonomous AP Provisioning, Lightweight AP configuration and management through WLAN controller, Aruba APs Network Hardware Cisco Routers 7200/1800/2800, Cisco Switches 2950/3550/3560/4500/Nexus5000/2000, Cisco ASA5520/5545/5585, Cisco Access Points 1200, Palo Alto 5050, Check Point 12600 Systems Windows 2008/2012 Server, Windows 10/7, CentOS 5.2. Servers VMware, HP Proliant, DELL PowerEdge Server Applications Active Directory, SCCM 2007, WSUS, Veritas NetBackup 6.5, Symantec BackupExec 12, NetVault Backup, Exchange 2013, CommVault Simpana 8.0. Desktop Applications MS Office 2016, Visio 2016, Symantec Antivirus, McAfee Virus Scan, Symantec Ghost, Acronis, WinMagic, PGP desktop and email encryption, Devicewall, Citrix XenApp.

PROFESSIONAL EXPERIENCE

Confidential, New Castle, DE

Integration Security Engineer

Responsibilities:

• Responsible for the Implementation, End of Life and Decommission of Security Equipment at a global level for Confidential
• Staged Check Point Firewalls for deployments and created Firewall Rules for new Check Point SPLAT R77.20 implementations on HA pairs for 4600s, 12200s and 12600s firewall models
• Staged Palo Alto 5050s Firewalls for new implementations with BrightCloud URL filtering and Threat Prevention
• Created and pushed Security Rules, NAT Rules to Device Groups and Individual Firewalls
• Implemented End-of-Life changes that included Cisco ASA devices used as VPN connectors
• Tracked Change and Incident process using Service Now
• Followed design baselines defined by the Integration group and Design group
• Decommissioned Check Point Firewalls following Confidential security standards
• Participated and played key roles in project discussions for implementations across the globe

Confidential, Miramar, FL

Network Security Engineer

Responsibilities:

• Part of the Network Security team in charge of maintaining the infrastructure of a cruise line with more than forty ships, ten locations worldwide and a cloud environment.
• Sustained and continuously created rules more than 50 Cisco ASA Firewalls, including context firewalls for communication between ships and shoreside, ships and vendors, and vendors and shoreside.
• Created and troubleshot rules for applications between our enterprise and the external world using CheckPoint firewalls.
• Maintained and provisioned Fortinet Firewalls located inside the new line of ships from Royal Caribbean
• Implemented, troubleshot and maintained VPN connections between vendors, employees, ships and the headquarters location.
• Managed and troubleshot Cisco Ironport devices both on shoreside and on shipboard.
• Provisioned Checkpoint firewalls integrated with an AWS environment.
• Generated and maintained Amazon Web Services (AWS) security groups for cloud server instances communicating with headquarters.
• Used Infoblox to modify information on external DNS in order to externalize production and staging sites.
• Troubleshot Network Access Control tool Bradford for Windows, Android and Apple devices giving access to corporate and guest network.
• Monitored HP Tipping Point on ships and performed weekly signature updates.
• Represented the Network Security department on change meetings and with project management meetings.
• Configured Kaspersky Antivirus to protect workstations and servers enterprise-wide

Confidential, Miami, FL

Network Engineer

Responsibilities:

• Member of the Network team assigned to implement, maintain, troubleshoot and optimize a government site with 2 mirrored networks and a commercial network, consisting on more than 300 devices and 2,000 users.
• Maintained VPN access for users using EZVPN, Site to Site and Client VPN.
• Designed and provisioned VPN access for users joining Cisco ASA and Anyconect.
• Secured communications between ASA and remote routers by implementing certificate-based autantication.
• Implemented, troubleshot and deployed Cisco Identity Services Engine (ISE) to perform network administration and provide security for endpoint devices connected to the company's routers and switches.
• Created and implemented Firewall Rules using Cisco ASA
• Maintained and troubleshoot Websense Secure Gateway
• Extended networks by configuring trunks, vtp, vlans and port security on new switches due to exercises being conducted on temporary locations (Command Centers)
• Automated provisioning of Cisco switches by the creation of scripts, reducing implementation time in half.
• Made use of Cisco Secure Access Control Server (ACS) to implement AAA via TACACS+ on different network devices
• Tracked devices, ports and also implemented changes to routers and switches enterprise-wide by using CiscoWorks
• Portrayed implementations and changes to the network topology through Visio drawings
• Implemented SNMP v3 on devices to allow for network management and used WhatsUpGold to monitor and establish alerts for interface failures, cpu overload, BGP neighbors and bandwidth utilization of Cisco switches and routers
• Used Splunk to troubleshoot and track changes and issues on Cisco devices
• Followed Security Technical Implementation Guides (STIGS) in order to provide access, SNMP and administrative security to Cisco L2 and L3 devices
• Executed VoIP-related tasks such as configuring GD-Viper phones and using Cisco Unity to add/edit/delete voicemail boxes.
• Responsible for providing daily assistance to install team/tier1/tier2 with networking management and troubleshooting, including switches/routers, 802.1x, and network security

Confidential, Homestead, FL

Systems and Deployment Administrator

Responsibilities:

• Responsible for administration of the Software and Updates Deployment Infrastructure for Homestead Air Force Base with more than 1,200 workstations and 50 servers
• Made use of mainly SCCM 2007 to administer and streamline package deployments, however me also used Network Monitoring tools, VBS and command line scripting to aid on the completion of deployments
• Usage of CiscoWorks to run reports of hosts that needed to be patched or inspected for software vulnerabilities
• Assisted efforts to run exercises at the bases by leading and implementing projects that included installation and cabling of temporary locations (Command Centers)
• Monitored Servers by creating email alerts that will let the Systems Administrators no when a server was offline, enhancing customer response.
• Created documentation on Software Deployment Procedures and Day-to-Day Troubleshooting Issues in order to generate a Knowledge Base intended to be used by Systems Administrators and Helpdesk Personnel
• Executed projects in conjunction with Federal IT site leads that included implementation of new servers, networking circuits and backbone switches.
• Enhanced functionality and reduced downtime on servers by applying practices such as Link Aggregation, Monitoring of Servers’ Usage, Backup Monitoring and Email Alerts, Printing Monitoring and Site Documentation using Visio 2007.
• Exercised daily troubleshooting (local and remote) of Active Directory, user support with Cisco VPN client and custom applications while using Remedy as a ticket queue.

Confidential, Sunrise, FL

Network Administrator

Responsibilities:

• Part of the IT team responsible for offering network and server support to the Corporate Building and Branch Offices, adding up to about 700 employees.
• Performed router and switch provisioning for the internal LAN, which included management of VLANs, package monitoring and traffic inspection.
• Performed on-call duties assisting users with issues resembling connectivity to the network VPN, reporting a malfunction on transaction-processing servers, password resets, and business-applications usage.
• Configured and deployed SOHO solutions using Check Point VPN-1 Edge devices through Provider-1 while creating two VLANs for each remote user.
• Configured DHCP reservations and scopes; configured DNS options. Set up of public folder emails and mailbox sizing on Exchange Server. Dealt with File and printer server access and troubleshooting using Windows Server 2003.
• Monitored network performance and downtimes through the use of packet sniffers and network monitoring tools, reducing the length of downtimes and creating diagnostics that warned me about future issues.
• Used scripts, Group Policy Objects and MSI packages for the deployment of software, access restrictions enforcement and sharing of resources across the network through Active Directory.