OBJECTIVE

• To provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enables business functionality. “Security for security sake”, is not my goal. Secure business and fostering business in a secure way: that’s the challenge.

TECHNICAL SKILLS

Firewalls: CheckPoint FW - 1 4.1/NG FP3 & NG AI, NGX R65/R75/7R77.10, Nokia, SPLAT & GAiA, PaloAlto, Juniper NetScreen & SRX, Cisco PIX/ASA & FWSM, IP chains, IP filter, Cisco IOS packet filters (ACLs standard & extended, dynamic, reflexive, time-based, CBAC and Zone-Based Firewall)

Remote Access: RSA Ace Server/SecurID, RADIUS, CheckPoint FW-1 SecureClient/SecureRemote, CyptoCard, Cisco AnyConnect,& IPSec Client, Cisco Secure Access Control Server (ACS) TACACS+, DuoSec, NetScaller SSL VPN, Juniper SSL VPN

Load Balancers: F5 BigIP/3DNS, Citrix Netscaler Load Balancer, Radware, Alteon (Nortel) Load Balancer and Cisco CSS (ArrowPoint)

High Availability: CheckPoint FW-1 (Nokia VRRP and Clustering), Cisco HSRP, F5 Big/IP & 3DNS along with BGP4 and plain old DNS 'round robin', NetScaller primary & secondary HA and GSLB

Vulnerability Scanning: QualysGuard, Rapid 7/NexPose, Nessus, Nmap, Hping, ISS Security Scanner, CyberCop Scanner, BackTrack and Kali Linux, BurpSuite, HP WebInspect, IBM AppScan, MetaSploit

Cisco IOS VPNs: crypto maps, EzVPN, DMVPN (phase 1, 2 & 3), (static & dynamic VTI) and FlexVPN (IKE v2 with Suite B), AnyConnect

SIEM: ArcSight ESM, QRader, AlienVault & OSSIM, Splunk, Alertlogic, Solutionary, ELK Stack Elasticsearch, Logstash, and Kibana

PROFESSIONAL EXPERIENCE

Confidential

Network Security Engineer

Responsibilities:

• Managed Cisco ASA and PaloAlto firewalls.
• Worked with and configured f5 load balancers.
• Managed WebSense Proxy servers.
• Configured Cisco SourseFire & FirePower IDS/IPS.
• Configured Splunk, QRader and Alien Vault SIEM solutions.
• Participated in security vulnerability scans using Qualys & Tenable/Nessus.
• Ran the scans and interpreted the results. Worked with server teams to patch.
• Developed security standards and procedures to secure DMZ and internal systems and OS’s.
• Setup and configured Cisco ISE authentication and postures assessment servers.
• Reacted to critical security incidents and vulnerabilities

IT Security Consultant

Confidential

Responsibilities:

• Troubleshooting complex CheckPoint issues, mostly Site-to-Site VPN related. Working to make more restrictive firewall rules, within multiple data centres globally.
• Installing and setting up AlgoSec Firewall Analyzer product to facilitate with this task. Also, consulting on an IDS deployment project, using my Cisco Nexus 7k/5k experience to place IDS devices globally.
• Working and commenting on global firewall polices. Working on global private WAN encryption and network technologies and strategies (MPLS vs. DMVPN).
• Providing input on day-to-day security architecture policies and procedures. Developing systems and process to protect, various user groups while accessing public Internet content from malicious hack attacks.
• Working on so Cisco WSA (Web IronPort), setup polices and procedures to search various logs for need information.
• Contributing, to the selection of a global SEIM solutions - Qrader & AlienVault -- from a network device and security perspective (NetFlow support required).

Confidential

Network Security Consultant

Responsibilities:

• Strong network and security role. With a focus on Cisco ASA and CheckPoint FW-1 rule base changes. Also, manage LAN & WAN and BlueCoat proxy servers.
• Manage RSA and setup new users on RSA. Manage network access and respond to scans of hosts not approved on the network and disable switch ports as needed (Manual NAC).
• Maintain Network Visio diagrams. Installed and configured QualysGuard. Run QualysGuard scans and work to remediate Qualys vulnerabilities with various Server teams (windows and UNIX).

Network Security Engineer

Confidential

Responsibilities:

• Reviewed and approved firewall rule-base requests, based upon potential security impact. Also managed internal Microsoft Web proxy servers.
• Manage 10 Sendmail servers running on OpenBSD 3.8, most of these servers are used with our production application for sending outbound e-mail to clients and their clients.
• Manage Cisco VPN concentrators 3030's and 3010's, both site-to-site VPN and remote access VPN clients.
• Manage and maintain various content filtering solutions including: eSfae SMTP and WebSense Web filtering servers, MS proxy servers and Akonix (Instant Messenger proxy).
• Manage and maintain an internal certificate authority (CA), request, and issue and revoke X.509 digital certificates which are stored on Aladdin USB eTokens and used with the Cisco VPN client as a means of two-factor authentication.
• Cisco VPN client support along with CheckPoint (formally ZoneLabs) Integrity server to enforce anti-virus and Microsoft patch levels on remote VPN clients.

Confidential

CheckPoint FW-1/Nokia Firewall Engineer

Responsibilities:

• Troubleshooting complex hardware and software issues with regards to network connectivity and access controls
• Analyse firewall performance and suggest/implement improvements
• Scrutinize rule sets to ensure high levels of security and functionality
• Carried a pager on a rotating basis for one week and responsive to off-hour production firewall issues 24x7
• Responded to internal, and external, audit inquiries regarding firewall management and configuration practices