SUMMARY

• 8 years of IT work experience in Network Engineer, Network Administrator, and Network Security Engineering.
• Experienced in multiple project implementations for different clients and in - house
• Has very strong experience on Cisco routers (800, 1700, 1800, 2600/2600XM, 2800, 3600/3600XM, 3700, 3800, 7200), switches (2950, 2960, 3550, 3570, 4510R, 6500, MDS 9000 SAN, 5000 NX-OS), VPN concentrators 3000 series, ACS 4.1, Cisco PIX (501, 506E, 515/515E, 525, 535) firewalls, ASA (5505, 5510, 5520), IDS and IPS (4235, 4250).
• Implemented routing protocols (RIPv1/2, IGRP, EIGRP, OSPF, BGP), switching (VLANS, VTP Domains, STP, and trunking), security on devices hardening (authentication, authorization, and accounting).
• Implemented IPv4 migration to IPv6 (NAT-PT, Tunneling, etc.) and IPv6 routing protocols (RIPng, OSPFv3, EIGRP for IPv6, etc.).
• Architecture and maintained network security policies on firewalls, VPN devices and remote access technology (client IPSec and SSL VPN).
• Implemented traffic filters using Standard and Extended ACL, Distribute-Lists, and Route Maps
• Experience in SAN storage and data networks and implemented Fiber Channel and Internet SCSI protocols.
• Experience in various network traffic analysis and network management systems
• Implemented SNMP on devices to allow for network management
• QoS configuration using FIFO, Weighted Fair Queuing, Priority Queuing, Custom Queuing, CoS-DSCP Mapping.
• Familiar with Low Latency Networking and Design
• Experience testing POS and Inventory management systems
• Day-to-day administration, management, maintained and monitored network and network security devices using CiscoWorks, SDM, PDM, ASDM-IDM.
• Network planning and implementation of WAN technologies including E3, E1, T1, T3, ISDN, HDLC, PPP, Frame Relay, ATM and MPLS VPN
• Designed and implemented standardized configuration of site-to-site and client VPNs.
• Specialized in network and network security and aims to be successful in this part of IT.
• Determines and proposed innovative security solutions to complex enterprise security issues.
• Performnetworksecurityadministration on enterprise Cisco ASA firewall, routers and switches, manage firewall policies that employ NAT, application layer gateways, and policy based VPNs, configuring Site-to-site IPSec and Remote SSL VPN on routers IOS platforms and Cisco ASAs.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.

TECHNICAL SKILLS

Cisco Routers: Cisco L2 & L3 Switches(1700, 1800, 2500, 2600, 3600, 3800, 7200,7600 and ASR1006,Cisco ASR 9001)(2900, 3560, 3750, 4500, 4900, 6500, Nexus 5K/7K)

LAN Technologies: Ethernet, Fast Ethernet, and Gigabit Ethernet, SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC

WAN Technologies: Frame Relay, PPP, HDLC, T1/T3, DS3, OC192

OS products/Services: DNS, DHCP, Windows (2000/2003, XP)Protocols/Services: Gateway Load Balancing

Network Management Tools: Wireshark, Netflow Analyzer, NetScout, IBM Netcool, Cisco Works, Ethereal. OPNET Modeler, Manage engine MIB Browser, PUTTYSecurity Server Protocols: TACACS+, RADIUS

Facilities: DS0, DS1, DS3, OCX, T1/T3

Load Balancers: IPS

Security Tools: Cisco CSM, F5 Networks (Big-IP)

SourceFire: Tripwire Enterprise, Symantec SEP, Symantec DLP, CCSVM,SSIM

PROFESSIONAL EXPERIENCE

Confidential, Memphis, TN

Information Security

Responsibilities:

• Ensure overallsecurityposture acrossnetworkenvironment, enforcingsecuritypolicies, defining and monitoring access, identifying, reporting, investigating and responding tosecuritybreaches and networkincidents related to ASA, TripWire and Sourcefire IPS.
• Responsible for the introduction and implementation of new Intrusion Detection and Prevention System software such as SourceFire, Review and analyze events from logs, generate reports.
• Monitoring traffic, Analyzing Application usage and resolving the issues with it on the IPS/ SourceFire.
• Generating Malware Reports and troubleshooting it on SourceFire.
• Determines and proposed innovative security solutions to complex enterprise security issues.
• Creates intelligence such as impact and mitigation strategies related to identified vulnerabilities.
• Responsible for creating, reviewing and implementing national security standards and specifications.
• Daily Monitoring Change on production using Tripwire Enterprise.
• Installing agents on DLP, enabling agents on all workstations and monitoring the endpoint system, scanning Linux and windows system.
• Hands on Experience on Tripwire Enterprise, installing, monitoring unprompted changes on production zones, live environment.
• Automate monitoring and enforcement ofsecuritycontrols.
• Operate call center support for technology troubleshooting by phone, proxy (remote access) and on-site response; both as regular responsibilities and on-call schedule.
• Monitoring Incidents on SSIM and troubleshooting them.
• Creating Incidents, Work Orders on Remedy.
• Generating Hidden Rules, Unused Rules, Traffic Flow Analysis, Complexity Report on all the Firewalls using Firemon Security Manager.
• Firewall Optimization: dissecting the rules on all zones, generating the reports from Firemon, analyzing them.
• Creating metrics from dashboards of CCSVM, TripWire, SEP, DLP, SourceFire, FireMon, Palo Alto.
• Pentesting on DMVPN Environment, Tracking the Vulnerabilities on scan on the environment.
• Egress filtering on the User Internet Firewall, Analyzing Traffic Flow Analysis report from the FireMon, Determining the business impact and blocking the ports.

Confidential, Minneapolis, MN

Network Administrator

Responsibilities:

• Working closely with Data center management to analyze the data center sites for cabling requirements of various network equipment.
• 24x7 on-call escalation support as part of the security operations team.
• Working on network vulnerabilities.Working on daily report from Rapid 7, Nessus and McAfee ePO
• Responsible for remediation of issues with Endpoint Security applications.
• Support Endpoint Security Applications Symantec Endpoint Protection.
• Working on Juniper netscreen ISG1000, Pal Alto Networks, Infoblox Grid Manager.
• Commissioning and decommissioning, configuring, URL and Web filtering, SSL Certifactes, monitoring, SNMP traps, logging, blocking on Pala Alto devices, migrating from one network to other.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
• Completed upgrades when necessary on all Aruba controllers via Airwave, CLI and/or WebUI
• Managed and monitored five Aruba AirWave servers with over 95 AMP groups
• Hands on experience on Security issues like DDoS, SSL, SNMP, Telnet, Open SSH, RC4 Ciphers.
• This position required an in depth knowledge of all aspects of a Public Key Infrastructure as well as general System Administration of client and servers utilized in the deployment of the infrastructure.
• Working on Configuring Management Interface IP, Creating Trust Zones, DMZ‘s, ACL, SSL on Juniper Netscreen ISG100 and Cisco 2900/3900 ISR Routers.
• Installation and Configuration of Cisco ISE 1.x, Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
• Partner of multi-disciplinary teams to develop and maintain technical documentation related to the provisioning and deployment of Juniper.
• Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers, and network virtualization technologies - GRE, VXLAN, Open Flow, etc.
• Software defined network controller to create and activate services on the underlying WDM platform.
• Performed network administration tasks such as creation and management of VLANS, Port security, Trunking, RPVST+, Inter-VLAN routing, and LAN security, Packet sniffing.
• Configured Hyper-V LAN which decouples virtual networks from the physical network infrastructure, removing the constraints of VLAN and hierarchical IP address assignment from virtual machine provisioning.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience, Juniper.
• Implementing policy based routing based on Cisco routers.
• Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Performnetworksecurityadministration on enterprise Cisco ASA firewall, routers and switches, manage firewall policies that employ NAT, application layer gateways, and policy based VPNs, configuring Site-to-site IPSec and Remote SSL VPN on routers IOS platforms and Cisco ASAs.

Network Administrator/Engineer

Confidential

Responsibilities:

• Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms.
• Resolve network performance and connectivity issues on the wireless and wire network.
• Implemented routing protocols and networking technologies (EIGRP, OSPF, BGP, DHCP, SNMP, SSH, QoS configuration, CoS/DSCP Mapping, NAT, IPSec, MPLS VPN, Frame Relay, ATM, leased line, etc.)
• Deploying, configuring, and administering CheckPoint firewalls Appliances (13500, … /2200, 4400, 4800 and UTM-1 Edge) with various Checkpoint Operating Systems upgrading, clustering and VPN implementations
• Implemented IPv4 migration to IPv6 (NAT-PT, Tunneling, etc.) and IPv6 routing protocols (RIPng, OSPFv3, EIGRP for IPv6, etc.) on Cisco Catalyst 3750,4500, 4900 switches and Cisco 2800, 2900, 3900 3600, 3800, 7200 & 7600 series Routers.
• Implemented Fiber channel and iSCSI protocols in SAN networks.
• Design, Provision, Implement, and Manage Customer Network Security Devices including Juniper Firewalls.
• Analyze and interpret HP Openview Performance Manager Reports and graphs.
• Played responsible role for implementing, engineering, & level 2 support of existing network technologies / services & integration of new network technologies / services on Cisco Catalyst 3750,4500, 4900 switches and Cisco 2800, 2900, 3900 3600, 3800, 7200 & 7600 series Routers.
• Configuration, Installation and trouble shooting of Juniper Netscreen.
• Professional in network implementation, configuration, integration and troubleshooting of different network devices (Routers, Switches, Firewalls and Servers) of different vendors (Cisco, Extreme Networks, Brocade and Fortigate)
• Worked with Cisco Layer 3 switches 3560, 3750, 4500, 6500; Cisco Nexus 5000 and 7000 in multi VLAN environment with the use of inter-VLAN routing, 802.1Q trunk, ether channel.
• Performed IOS Software upgrades on switches 6500, 3750 and 4500s and Cisco ASR for compatibility with Cisco ISE
• Monitor and manage network/ wireless devices using Cisco Prime Infrastructure/ NCS, Aruba Airwave Management.
• Used a combination of Agile, Waterfall methodologies for the various projects
• Monitored network activity within the Department of Education for intrusion and malware incidents using Sourcefire, Bluecoat, McAfee ePolicy, Symantec end point protection
• Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.
• Operate and maintain the following networking equipment:
• Network Security/Admin related responsibilities:
• Installation, configuration and monitoring of Cisco PIX/ASA firewalls, Palo Alto, FWSM
• Responsible to maintain all Cisco ASA 5500 and PAN firewall.
• Review network security alerts on network IPS/IDS devices, DDOS issues, SSL.
• Implementing Ironport rules and troubleshooting on its issues.
• Use network security tools such as Wireshark, Nmap, RAPID 7, Nessus, Metasploit to do ethical hacking on network segments.
• Implemented network traffic analysis and network management systems.
• Management and configuration of the following network security devices:
• Uses HP Openview Service Desk to managing open trouble tickets or incidents.

Confidential, Los Angeles, CA

Network Security Engineer

RESPONSIBILITIES:

• Manages Network Security Devices of the head office of the bank
• Designs, architects and plans network security infrastructure.
• Researches current, new and upcoming network security technologies for the bank.
• Manages the Internet and intranet firewalls (Cisco PIX 525 and 535), F5, Net IP, ASM
• Manages third party connections using Cisco ASA 5505, 5510 and 5520.
• Processes the requests for access to IT resources of the bank main data center thru the firewall.
• Processes creation of VPN tunneling to overseas branch offices at Europe, North America, and Asia.
• Processes creation of VPN request for remote users, third parties such as other banks, remittance companies and mobile phone companies.
• Analyzed syslogs generated by IDS, IPS, firewall, router and switch devices.
• Created reports of network utilizations.
• Troubleshoot network security issues such as address translations, connectivity, application accesses, routing issues, low latency networking.
• Backed-up device configurations.
• Escalates incidents and issues to ISPs and FENB Global Technology Sector divisions.
• Facilitated IT Business solutions for the FENB’s corporate user and third party needs.
• Setup meetings to corporate users needs for secure access to FENB’s IT resources such as client VPN and SSL VPN access.
• Secure access to the Internet to specific business websites.
• Secure access to and from third parties.
• Coordinates with following for network security projects, access, incidents and issues:
• Implemented Cisco Access Control Server version 4.1 on a MS Windows 2003 Standard server policy formulation and deployment.
• Deployed TACACS+ and RADIUS configuration on Cisco ISR routers, Catalyst switches and PIX and ASA firewalls.
• Configured Cisco ACS 4.1 for authentication, authorization, and accounting for network engineers user accounts.
• Designed for the near and future setup of MARS deployment bank wide and global deployment.
• Implemented Cisco MARS 20R and 50 as a monitoring tool for critical branch Cisco ISR (1841,2811,2851, 3845), routers, core and distribution Catalyst switches (2950/2960/3550/3570/4510R), Cisco ASA 5505 and 5510 and Cisco PIX 525 and 535 firewalls, Cisco IDS/IPS 4235 and 4250 devices.
• Analyzed alerts generated incidents and reports such as worm attacks and network usage reports.

Confidential

Sr. Engineer / Network Operations

RESPONSIBILITIES:

• Responsible for maintaining the EWSD switch and DSL Broadband internet network. Ensure all network devices (i.e.Cisco Routers/Switches, Alcatel ASAM & RU’s, etc.) are 24x7 operational with up-to-date configurations to prevent network related issues/problems.
• Ensure all backup data configurations are in-placed and working when needed in case of a network failure to speedup network recovery.
• Provide leadership and training to subordinates to ensure high-level telephone and broadband internet service to costumers.
• Provided Sales Engineering during sales presentations for high-revenue customers.
• Pre-sales technical expertise provided to sales team.
• Planning, design and documentation of projects and movements for the global networks:
• Implementation of Client IT network security policy:
• Configuration of TACACS+ (Cisco ACS) on network devices enumerated below.
• Configuration of EIGRP and BGP on routers connecting to MPLS network.
• Configuration of VLANs on LAN switches for different segments of each offices of client’s global network.
• Implement VPN connections for the following:
• Configuration of MPLS connectivity to Client MPLS network.
• Monitor Client’s global network:
• WAN Reports from CACTI for network devices such as:
• VPN connectivity (site-to-site, client-sever, and RAS VPN).
• Works closely with international carriers and local admins for troubleshooting the network.
• Escalation to Level 2 support on infrastructure, security, application, database and programming issues.
• Trouble ticket creation thru the use of Remedy Viatil.

Confidential

Systems Engineer

RESPONSIBILITIES:

• Perform daily operational and maintenance checks on EWSD Switch and DSL Broadband network.
• Monitor, configure changes on installed Cisco networking devices such as Routers and Switches to address network related issues/problems.
• Troubleshoot and repair all related network problems including replacement of heavy electronic parts, and works closely with technical support groups to expedite circuit repairs.
• Analyzed and corrected network troubles and system performance issues.
• Project design and proposal of large networks to key account customers and enterprises such as SDH, PBX, Frame-Relay (other WAN project designs) and offshore systems.
• Maintenance of client wide area networks (WAN) and local area networks (LAN).
• Analyze client system needs and requirements for the project proposal and design.
• Project design of computer networks inclusive of structured cabling (fiber-optic or UTP, voice and data alike), active devices (servers, switches, routers and other network appliances).
• Maintains system log and documentation.
• Conduct surveys for structured cabling and network troubleshooting.
• Evaluation of new and upcoming IT equipments to be used for prospect projects.
• Supplier outsourcing.Subcontractor project coordination.
• Support of operations and maintenance projects of the company.
• Sales support on technical meetings.