OBJECTIVE

Provide technical enterprise network and security architecture solutions from the perimeter network to the network access layer following regulatory and industry best practices. An information technology IT Architect with extensive experience securing, designing, implementing, and supporting enterprise, campus and datacenter TCP/IP environments.

TECHNICAL EXPERTISE

• Routers: Cisco ASR1000, 7600, 7200, 3900, 3800, 3600, 2800, 2900, 2600, 2500 and 1700.
• Switches: Cisco 7600, 6500, 5000, 4500, 4000, 3750, 3500, 2900 and 1900
• Datacenter Switches: Cisco Nexus7K, 5K and 2K
• Palo Alto Firewalls
• Cisco Trustsec, Cisco Access Control System 5.X
• Cisco Security Products: ASA 5500X series, Firewall Service Module FWSM , Identity Services Engine ISE , Cisco Trustsec, Cisco Access Control System ACS 5.X, Sourcefire IPS
• Cisco Datacenter Technologies: OTV, FabricPath, Unified Fabric, VXLAN and TRill
• Bluecat IPAM and DNS Appliance
• Juniper M-series, T-series and NetScreen firewalls
• RSA Security: RSA SecurID, RSA Archer GRC, Security Analytics and Identity Access Management
• F5 Networks: Local and Global Traffic Manager, Secure Web Gateway
• Bluecoat Proxy Server: SG8100, AV810, Bluecoat Reporter, Bluecoat Director 510
• Riverbed SteelHead, SteelCentral and SteelFusion
• Microsoft Active Directory, Microsoft Office, Microsoft DNS/DHCP and Microsoft Cluster Services
• Cisco Unified Communications, Voice over Internet Protocol VoIP , CallManager, Unity, Emergency Responder
• Cisco Unified Wireless: WLC 5500 series and LWAP 3500,1500,1200,1000
• Encryption devices: TACLANE 100/175, SECTERA KG-235 and FASTLANE
• WAN/LAN: Frame Relay, PPP, HDLC, MPLS, ATM
• Routing Protocols: OSPF, BGP, EIGRP, IGRP, and RIP
• Network Management Applications Security Information and Event Management: Cisco Prime, Cisco Works LMS, HP Openview NNM, CSMARS, NetCool, SmartsInCharge, NetCop, Cisco Access Control Server ACS , Cisco Security Manager CSM , ArcSight, Solarwinds Network Performance Monitor, Orion, Cirrus , McAfee Nitro, Cisco NAM and NetIQ.
• Cisco Intrusion Detection System, Cisco Intrusion Protection System IPS 4300 appliances and Advance Intrusion Protection-Security Services Module for ASA 5500 series
• Protocols: TCP/IP, SMTP, TACACS , RADIUS, AAA, DNS, NTP, FTP, STP, DTP, VTP, HSRP, GLBP, VRRP, SNMP, ISAKMP/IKE, AH, ESP, MGCP, H.323 and BOOTP, SSL, ICAP, IPSEC VPN, EASY VPN, DMVPN, GETVPN

EXPERIENCE

Consulting Solution Engineer

Confidential

• Responsible for architecting highly resilient and available IT networks that span across multiple geographic locations.
• Assist agencies with maintaining security posture for IT infrastructures, applying both technical and nontechnical tools.
• Deployed and managed unified communications suite of equipment to replace legacy analog communications systems.
• Develop enterprise campus and datacenter LAN solutions utilizing industry standards to ensure adherence to IT policy and industry best practices.
• Provide technical deep dives on key IT industry products for engineering staff and sales teams.
• Responsible for performing pre-sales activities designing IT solutions around customer business IT requirements.
• Generate Statement of Work SoW and project proposals for customers in response to RFI's and RFQ's.
• Architect secure remote access solutions for remote office and tele-work community utilizing IPSEC VPN solutions.
• Perform security assessments for enterprise WAN and LAN devices provide best practice recommendations to properly secure infrastructure devices.
• Evaluate customer requirements and propose engineering solutions to support organizational IT policies and requirements.
• Designsecure enterprise edge solutionsutilizing multivendor approach covering routing, firewall, proxy, IDS/IPS, email security and traffic monitoring devices.
• Document network design diagrams detailing customers IT environments.
• Provide engineering oversight for network implementations to include quality control.
• Engineernext-generation datacenter technologies utilizing Virtual-Port Channel vPC , Overlay Transport Virtualization OTV , Location/Identity Separation Protocol LISP and Fabric Path feature-set.
• Architect and implemented Security Information Event Management SIEM applications to monitor infrastructure equipment provide correlation and analysis of data traffic.
• Apply compliance checks for infrastructure equipment ensuring DOD agencies meet compliance requirements as directed by DISA STIG.
• Support account managers with level of effort LOE , Bill of Material BOM and conducttechnical customer presentations.
• Implement and designaccess control solution utilizing industry standard 802.1x and Cisco Identity Services Engine ISE security solution forwired and wireless LAN users.

Solutions Architect,

Confidential

• Provided technical write-ups in response to RFP/RFQ solicitations, including providing customer with customized documentation to address IT implementations.
• Design physical cable plant and infrastructure for campus LAN and datacenter, assisting with identifying IDF/MDF requirements to support end-user connectivity.
• Design and implement Cisco unified wireless solutions for federal customers in compliance with DISA STIG requirements.
• Support federal and commercial account teams with pre-sales consulting for campus LAN, datacenter, unified communications, and physical infrastructure and security solutions.
• Create checklists and continuity of operations documentation for customers in support of IT installation service installations.
• Assisted customers with troubleshoot campus LAN and datacenter connectivity TCP/IP issues with root cause analysis and documentation detailing issues and recommended fix actions.
• Initiate technical services strategy for sales verticals and generate content response for customer IT initiatives.
• Apply compliance checks for infrastructure equipment ensuring DOD agencies meet compliance requirements as directed by DISA STIG.
• Initiate technical services strategy for sales verticals and generate content response for customer IT initiatives.
• Support account managers with professional engineering services level of effort LOE , Bill of Material BOM and conduct technical customer presentations.
• Implement and design access control solution utilizing industry standard 802.1x and Cisco Identity Services Engine ISE security solution for wired and wireless LAN users.
• Architect wired and wireless network solutions utilizing best-of-breed OEM vendor infrastructure equipment.
• Design network security intrusion protection services for both inline and promiscuous deployment.
• Assist customers with network engineering implementation strategies, problem resolution and analysis.

Network Engineer,

Confidential

• Designed intrusion protection devices operation and system configuration and signature tuning.
• Coordinated organizational transition from Frame-Relay circuits to MPLS circuits.
• Developed new IPv4 and IPv6 address transition scheme to support future technologies.
• Created and administered proof of concept labs to test new technologies before mainline deployment and to train new employees.
• Assisted in deployment of 15K Blackberry devices and network design to support blackberry services
• Created implementation and deployment strategy for Bluecoat proxy SG 8100, Anti-Virus 810 and Bluecoat reporter to handle HTTP, FTP and HTTPS traffic.
• Developed security suite of applications to manage and provide real time reporting of security events for local and remote sites.
• Manage Active Directory Domain Controller, DNS, DHCP and Microsoft Clustering Service.
• Maintained Network Management applications and provided daily/weekly network reports.
• Managing the overall administration network architecture by implementing high end switching technology and security features.
• Lead the configuration and implementation of Cisco Security Monitoring Analysis and Response System CSMARS standalone server and Cisco IPS.
• Installed infrastructure equipment and data communication hardware and software environment.
• Designed routing architecture utilizing EBGP and EIGRP for edge and LAN connectivity.
• Configured firewalls for policy and network address translation, AAA services, multiple contexts and routing support on firewalls.
• Engineered security policy for intrusion detection devices to ensure up-to-date signature updates and critical security alerts.
• Developed Network and Security Management applications to monitor and maintain over 1000 network devices configurations and operational status.
• Implemented site-to-site and remote access IPSEC VPN configuration employing Cisco routers and firewalls.
• Created project plans and configuration documents for network infrastructure.
• Engineered Cisco Clean Access Network Admission Control NAC design and deployment for local/remote LAN and VPN for over 15K users.
• Architect deployment of over 100 Cisco ASA firewalls for geographical separated sites, creating configuration policies and end-user training.
• Designed Cisco firewall using FWSM in multiple context mode to address agency IP security policy, provided access-list updates to ensure compliance with regulatory requirements.
• Maintained Microsoft Active Directory Services for over 10K users supporting critical IP services for end-users.
• Configured and deployed VMWare hypervisor technology to support virtualized applications and virtual desktop for over 100 applications and 2K user endpoint devices.
• Developed Network Engineering IP design plans for unclassified network in support of over 100 geographically dispersed sites.

Network Engineer

Confidential

• Tier II and III network support to over 100,000 Win2K, 2Win2K3, XP and UNIX desktop operating systems. Central focal point for all users network connectivity issues and application support.
• Evaluated new technologies and provided recommendations of new technologies in support of increase network performance and data integrity.
• Provided technical support of encryption devices for local and global users.
• Responsible for layer 3 design and implementation, routinely performed maintenance on Cisco/Juniper routers and switches to prevent security vulnerabilities and to increase future capabilities.
• Provided Tier II and III tech support for nationwide LAN/WAN infrastructure.
• Developed a standard network configuration checklist and training class for local and global users.
• Isolated network problems with NA Sniffer and HP Internet Advisor.
• Maintained departments LAN/WAN network connectivity and supported Microsoft and UNIX servers in support of day to day operations.
• Team lead for the upgrade of code for all network infrastructure devices.
• Oversaw the management of IP addresses for local and global sites to ensure proper use of IP's across the network.
• Installed management software to generate reports and track changes of all router configuration changes made across the network on a daily basis, and procedures to reconcile those changes with proposed configurations and created checklist on proper operating procedures.
• Designed large scale HSRP configuration to provide redundancy and traffic load balancing in the event of router malfunction.

Infrastructure Technician,

Confidential

• Developed technic al plan on how to remotely manage geographically separated routers/switches.
• Network Management administrator of key software to monitor core network devices and systems via HP Openview, NetCool, Ciscoworks 2K, and NetIQ applications.
• Certification and Accreditation Branch certified IT systems via DITSCAP and NIATSCAP methodologies.
• Created Operating Instructions OI pertaining to router/switch/VPN configuration.
• Maintained Norton Antivirus for Internet Exchange Gateway Servers and DNS servers for over 100,000 users.
• Developed network security and user policies.
• Remotely manage and maintain geographically separated base routers/switches/VPN concentrators.
• Managed customer trouble tickets using Remedy Trouble Ticketing System.
• Provided Tier II Tier III Helpdesk support for 100,000 users pertaining to network i.e. down circuits and computer software issues i.e. Outlook . Supervised and trained crew of 10 on help desk operations.
• Prepared detailed Network Diagram including data, power and network cabling.
• Administered network security tools Axent's Enterprise Security Manager and Intruder Alert .
• Supervised and assisted server administrators on how to install proper patches for all base systems.
• Configure and Maintain 200 Cisco 7206 router access list.
• Developed emergency reaction plans for over 200 core network systems and UPS shutdown procedures.
• Enforce DOD, Air Force, and base network security policies for base users per creation and deletion of GPO's via Microsoft AD.

Network Security Administrator,

Confidential

• Installation of Windows NT/ 2000, XP, ME on around 200 terminals. Developed technical plan on how to remotely manage routers/switches.
• Maintain Network Management software for backbone network which consist of HP Openview, HP OVO, CISCO WORKS, and NETCOP.
• Draft Operating Instructions OI pertaining to router/switch/VPN configuration.
• Provided assistance and guidance for Certification and Accreditation of network infrastructure equipment per DoD 5200.40 DITSCAP .
• Remotely manage Norton Antivirus for Internet Exchange Gateway Servers and DNS servers for over 100,000 users.
• Ensure base administrators install proper patches for all base systems.
• Update virus signatures for base Norton Anti-virus Server.
• Review Automated Incident Measurement System ASIM logs for possible intrusion attempts.
• Scan base network for network security vulnerabilities using Internet Security Scanner ISS .
• Enforce DOD, Air Force, and base network security policies for base users.

Network Infrastructure Technician,

Confidential

• Installation and configuration of routers, switches and access servers.
• Implementation of security and access control via Cisco Firewall PIX 515.
• Installation and configuration of Nortel Alteon Websystem Cache Director Managing E1 connectivity.
• Configured Access Server - AS 5100, 5200, 5300 and Tigris for hybrid asynchronous serial ISDN Lines, configured ISDN BRI and implemented security using Access List
• Oversaw power management at remote sites using Remote Power Control.
• Acted as a point of contact for 16 ACC bases for over 100,000 users.
• Preparing monthly progress reports and shift rosters.
• Monitoring, tes ting and verifying for any backdoors or loopholes in the running mission critical 24/7 networks, and take emergency actions.