SUMMARY:

• Fifteen years of hands on experience with various Cisco routers, switches, ASA firewall
• Checkpoint Certified Security Administrator and Engineer (CCSA & CCSE): Eight years of working experience on various versions of Checkpoint Firewall
• Five years of hands on experience with various security appliances, such as Bluecoat Proxy, RSA enVision SIEM system, Cisco IDS and SSL VPN gateways.
• Six years of hands on experience with various Netscreen firewalls and Network Security Manager (NSM)
• Dedicated and highly motivated individual with the ability to work well independently and in a team environment

EMPLOYMENT:

Senior Network Engineer

Confidential

Responsibilities:

• Network infrastructure components include Cisco 6500s, 4500 - x, ASA 5520, Palo Alto 5020, Arista switches, Netscreen firewalls, Infoblox and F5 LTM/GTM.
• Administer multiple redundant pairs of Juniper ScreenOS and Palo Alto firewalls. Responsibilities include site-to-site VPN configuration, firewall polices changes, firmware upgrade and troubleshooting.
• Manage 10+ standalone and redundant pairs of F5 LTM and GTM. Tasks includes WideIP configuration, iRule modifications, create new VIPs and customize setting as per application needs, and firmware/hotfix updates.
• Provide a complete network solution to integrate a newly acquired business into the exiting network infrastructure. Tasks includes overall network design, installation and implementation. Network component includes Netscreen ISG 1000/2000 firewallsCisco 4500-x VSS configuration and F5 installation.
• Prepare and implement necessary network changes and coordinate with deployment team to launch new applications
• Provide support for MPLS and VPN connectivity of multiple remote offices and datacenters
• Build and maintain a centralized health check website based on Solarwind Orin SNMP engine. The page displays statistics of all critical network components and their CPU, Memory, and bandwidth utilization
• Create and consistently update network diagrams/documents of company’s network topology

Network Security Engineer

Confidential

Responsibilities:

• Team member of 6 engineers manages network and security infrastructures of 3 datacenters and 5 corporate offices.
• Network infrastructures include Cisco Nexus 7000, Nexus 5000, 6509, 3750, 2800, 2900, 4948, ASA 5520, Juniper mx480, srx650, srx3600 and Netscaler load balancers/GSLB
• Participated in implementation and maintenance of production and corporate networks.
• Tasks includes add/replace routers and switches, configuration changes, firmware upgrade and troubleshooting.
• Administered multiple pairs of redundant Cisco ASA and Juniper firewalls.
• Task includes configuring site - to-site VPN, firewall policy implementation and troubleshooting.
• Prepared scripts of router, switch, firewall and load balancer modifications prior to change control window.
• And responsible for implementing and validating network and firewall change requests.
• Performed DNS record modifications in BIND environment.

Network Security Engineer

Confidential

Responsibilities:

• Team member of 2 engineers manages network and security infrastructures of 8 datacenters. Network infrastructures include various Cisco and Foundry routers/switches, Cisco ASA firewalls, and Foundry load balancers.
• Managed and maintained high-availability networks which support Internet content steaming with 30GB of average throughput
• Utilized BGP routing protocol on the edge routers with multiple ISPs to achieve network redundancy and load sharing
• Administered multiple pairs of redundant Cisco ASAs firewalls.
• Task includes configuring site-to-site VPN, firewall policy implementation, utilizing policy NAT and troubleshooting
• Provided support and troubleshoot on routing, switching, security incident and load balancing matters.
• Network protocol includes BGP, OSPF, HSRP, VRRP, STP, GRE Tunnel, IPSEC, NAT, ACL, EtherChannel ant Trunking

Senior Network/Security Engineer

Confidential

Responsibilities:

• Team member of 2 Network/Security engineers supporting all firewall, network and VPN infrastructures of 4 datacenters and 50+ client connectivity for trading and market data application.
• Managed and maintained a high-availability network consists of various Cisco routers and switches. Utilized protocols and technologies such as BGP, EIGRP, NAT, ACLs, WCCP, HSRP, EtherChannel, Trunking, GRE tunnel.
• Upgraded production network to 10Gb infrastructure which consist of Cisco Nexus 7010, Nexus 5596 and ASA 5585.
• Administered multiple pairs of redundant Cisco ASAs firewalls. Task includes configuring site-to-site VPN, firewall policy implementation, utilizing policy NAT and troubleshooting.
• Responsible for all technical aspects of a new client setup from the initial network design, ordering services and perform end-to-end network implementations.
• Managed Bluecoat SG proxy appliances in transparent mode for corporate Internet traffic.

Network Security Engineer

Confidential

Responsibilities:

• Lead engineer on implementing RSA enVision logging system to satisfy PCI compliance requirements.
• Project lead on migrating company proxy platform from NetCache to Bluecoat SG appliances in load balancing environment.
• Tasks include policy management, firmware/patch update and troubleshooting.
• Evaluated and implemented a distributed RSA enVision logging infrastructure that supports 8,000 logging sources and 32,000 EPS.
• Integrated MS Windows, Bluecoate SG Proxy, Checkpoint Firewalls, and various syslog based devices (Netscreen, PIX, Routers, Switchs, Linux/Unix) into enVision system.
• Built a completely new proxy infrastructure with 4 x Bluecoat 8100-30 SG and redundant BIGIP LTM load balancers to support 10,000+ proxy clients.
• A team member of 2 that manage 10 pairs of BIGIP LTM which support various divisions of Confidential . Tasks include iRule/VIP/SNAT modifications, appliance maintenance and troubleshooting.

Network Security Engineer

Confidential

Responsibilities:

• Provide immediate contributions to various projects such as datacenter & office space expansion, network/connectivity/hardware upgrades and implementing VOIP system within the year with the company
• Project lead on implementing Fonality VOIP system. Tasks include initial PBX server installation, IP phone rollout, network preparation and setup SIP trunk over the Internet
• Designed network and security infrastructure for a new hosting datacenter, which includes Cisco routers, switches, Juniper firewalls and F5 BIGIP load balancer
• Managed corporate security components such as Cisco PIX/ASA and Juniper SSG firewall/VPN gateways. Tasks include maintain security policies, setup B2B VPN tunnels, provision client VPN access, firmware/hardware maintenance and troubleshooting
• Upgraded corporate network from various DELL switches to Cisco 6509 and improve network performance/security by segregate network traffic via VLAN & ACL
• Utilized various open source software for vulnerability Scanning and troubleshooting such as Nessus, Wireshark, MRTG and Super-Scan

Senior Security Engineer

Confidential

Responsibilities:

• Responsible for security components of web hosting, DMZ and Intranet (B2B) network environments.
• Security components include Nokia/Checkpoint firewall-1, NetScreen, ASA, F5 BIGIP, Foundry, Cisco VPN concentrator, Neoteris SSL VPN and BlueCoat Proxy SG Appliances.
• Managed the security infrastructure of multiple Internet and Extranet access points. Responsibility includes Nokia/Netscreen/ASA firewalls installation, security policy management, troubleshooting and traffic analysis
• Maintained IPSEC and SSL VPN infrastructures for corporate users and B2B data communications. Tasks includes create VPN tunnels, setup security access policies and group/users management
• Configured and maintained a BlueCoat Proxy SG Appliance infrastructure that supports 5000 users internationally. Tasks include maintaining Web Access policies, user authentication, new installation, upgrading and troubleshooting
• Setup F5 Appliances and BIGIP blade controllers to perform load balancing for web hosting and Disaster Recovery remote access environment
• Configured FoundryXL switches to perform global/local server load balancing for several network services and applications
• Performed regular security vulnerability scans using assessment tools such as Nessus and nmap
• Provided lead and planning for several key projects. Projects include datacenter relocation, Nokia/Netscreen firewall upgrade and design vendor extranet redundant network

Network Specialist

Confidential

Responsibilities:

• Planned, built and managed implementations of company’s LAN and WAN network infrastructure.
• Tasks include deploying multiple Cisco 6509 with MSFC2, 4000, 3500 switches, 2600 and 3600 routers, Frame relay, dedicated T1 and ISDN lines
• Managed a network that supports 700 users in 5 locations and implemented network protocol such as BGP, EIGRP, HSRP, IPSec and NAT
• Installed and configured multiple pairs of Checkpoint NG firewalls with Nokia appliances in load-balancing environments. Managed network security policies which include access control, content security and authentication
• Implemented network security for remote access. Tasks include configuring site to site and clients to site VPN tunnels through Cisco VPN Concentrators and Checkpoint firewalls, deploy Neoteris for clientless SSL VPN, and maintained network access policies
• Enhanced network security by implementing ACL/VACL, Cisco Secure Intrusion Detection Sensors, IDSM and Cisco Secure Policy Manager
• Setup and configured network monitoring and management systems, which include CiscoWorks 2000 to manage Cisco gears, WhatsUp and Webtrends Enterprise suite to monitor network connections, server services and disk usage. Installed MRTG to collect bandwidth utilization statistics of server and WAN links
• Implemented Webshield SMTP Mail Gateway for mail relay and content/virus scanning

Senior Network Engineer

Confidential

Responsibilities:

• Initial configuration, designing and installation of Checkpoint 2000 firewalls for multiple locations.
• Solely responsible for the company’s security infrastructure, which includes maintaining network security rulebase, SecuRemote access polices and IDS systems
• Monitored and managed both a corporate network for 300 users and a production network which supported 30 millions of Internet subscribers. Network environment includes Cisco 7200/2600 routers, 5500/4000/2900 switches, and NT servers
• Implemented extended ACL, NAT, EIGRP and HSRP on Cisco routers. Configured VLAN, STP, VTP domain, trunking and EtherChannel on Cisco 5500 switches
• Configured ArrowPoint/Radware Web Server Directors to load balance production websites
• Managed a team of six in providing 24/7 network monitoring coverage. Trained and prepared documents for new group members in the network operations department
• Built and maintained company’s production datacenter. Tasks included IIS and SQL server installation, configuring external storage raid systems and performing system maintenance, security patch update and troubleshooting

Production Systems Operator

Confidential

Responsibilities:

• Monitored over 300 production servers and several ISP connections, and provided status reports on daily activities
• Provided technical support for corporate datacenter. Tasks include building NT servers and array storage units, administrated Serv-U FTP servers, and troubleshoot TCP/IP, WINS and DNS related issues
• Utilized various NT tools to analyze and troubleshoot server performance issues such as disk I/O, network, CPU and memory usage
• Assisted in the process of departmental projects from inception, implementation and turnover