CAREER SUMMARY

• Lead Engineer with 18 years experience in the following concentrations:
• Networks: Routers, switches, data center infrastructure, VPN, voice, enterprise management, wireless.
• Security: Firewalls, DMZs, intrusion detection/prevention, content filtering, pki, encryption, controls.
• Systems: UNIX/Linux, enterprise tools, virtualization, clustering, cloud, scripting, automation.

EXPERIENCE

Confidential

Senior Network Systems Engineer

Deployed, and configured a ground-up, carrier-class, MPLS network of Juniper MX routers 480 , and EX switches 4200 and 2200 . Served as a leading staff engineer to facilitate successful configurations to meet rigorous compliance testing and transition requirements. Provided expertise in the areas of dynamic routing and virtual-chassis switching configurations. Worked with engineering team to formulate efficient and repeatable configuration methods and techniques. Guided teams in the field throughout the deployment cycle to ensure consistent results. Designed and configured Juniper secure remote access devices VPN , and CentOs Squid proxy servers for remote field management during the deployment phase.The environment consisted of an MPLS switching core and aggregation layer, over Confidential backbone that was distributed to multiple points-of-intersect POI switching stacks. POIs were connected with 20-40GB Aggregated Ethernet over fiber, with multiple, geographically dispersed sites throughout the region, The network was managed with an OSPF routing plane.

Confidential

Senior Network Consultant

Responsibility to the Confidential. Designed and implemented Internet-facing Confidential architecture. Provided network, and firewall planning and consultation. Generated Cisco-based configuration solutions for ongoing network expansion. Provide consultation and mentoring of staff with various configuration scenarios, including Cisco ASA 5500 series devices.

Confidential

Network Systems Engineer

Primarily lead, Designed, implemented projects for the Data Center Networks group of Confidential. Lead the design and implementation of a 3-phase, 10GB, Data-Tier-Disk Network. Implemented dual-blade 20GB Etherchannels to increase redundancy and scalability to the core data center network. Designed a 3-tier blade center server farm, with load balancing, and vlan maps. Aggregated and extended the distribution layer of the tiered architecture to support the Blade Servers. Analyzed and reconfigured core infrastructure devices to improve performance and capacity. Secured application flows between zones with firewall rule sets. Participated in design review meetings to support other ongoing projects. Wrote and published official state production documents of each design project. Produced connectivity guidelines, and layer 2/3 infrastructure drawings. Provided problem solving, and analysis for other groups as needed.

Confidential

Senior Network Engineer

Analyzed and resolved global routing issues with OSPF, BGP and MPLS. Analyzed relationships between Intra-area, Inter-area, and external networks. Worked with carriers to determine complex routing loop issues. Implement OSFP/BGP sham-links and other techniques to enhance traffic flow. Adjusted route redistribution to eliminate loops between intra-area Confidential and inter-area MPLS traffic when converged at the border routers. Corrected the default route originate statements for Confidential. Reconfigured interface routing metrics to improve intra-area traffic flow. Resolved wireless infrastructure problems such as signal interference, etc. Configured and tested Confidential Security Switches. Performed configuration of Cisco VPN 3030, 3015, and 3005 concentrators. Devised DNS naming convention for device interfaces for each region of the enterprise. Produced Visio diagrams and Excel spreadsheets to document the network changes.

Confidential

Senior Network Solutions Consultant

Technically lead, Designed, implemented projects. Designed enterprise-class VPN solution of Cisco 6500s equipped with VPNSM blades. Provided secure B2B connectivity to business partners. Configured PIX firewalls to secure enterprise tunnel traffic. Tuned VPN to support global AD, and mission-critical application traffic. Designed WAN consolidation solution to reduce circuit costs, and improve security. Constructed multiple, special-case tunnels for more robust infrastructure. Collapsed primary frame-relay network over a network of redundant T3s. Designed and Implemented Confidential Dynamic Multi-point VPN DMVPN . Configured solution to support DR with primary and secondary DMVPN hubs. Provided statefully redundant pair spokes across the enterprise. Allowed for unlimited scalability, and interoperability between sites. Redesigned and integrated new network infrastructure on a site-by-site basis. Conformed each site to the core, distribution, and access model. Resolved issues related to policy routing, routing redistribution, and NAT/PAT Migrated Checkpoint firewalls to a Cisco PIX firewalls. Planned and designed voice, and video over IP traffic solution. Planned a quality of service QOS framework for voice and video traffic. Mapped out voice and video channel allocation. Determining TOS marking locations, and queuing. Configured traffic shaping requirements for frame-relay traffic. Prepared traffic flow and bandwidth requirements. Mapped out voice paths, CIR requirements, voice classifications. Formulate a comprehensive set of policies for devices across the enterprise. Provided documentation and training for each new project. lead classroom training for network staff of new designs. Mentored junior engineering staff on the fly, while resolving network issues. Produced Visio diagrams, Word documents, and Excel spreadsheet details. Published project documents to Sharepoint web server.devices. Planned and engineered new data center build-outs. Configure and deploy distributed network and security devices. Analyzed application flows to determine firewall policy. Interacted with IS and business groups to develop network security related solutions. Corrected other complex technical issues that surfaced during project planning, and implementation. Utilized industry best practices for network security and common data encryption standards, as well as advanced knowledge in the application and administration of DMZ environments, principles, and practices.

Confidential

Senior Security Consultant

Engineered a very complex migration of a 9-zone DMZ from a PIX/ASA 8.0 3 firewall pair, to Check Point R71.40 firewall appliances, running Confidential mode in ClusterXL configuration, in a Provider-1 environment. Engineered multiple zone-to-zone traffic flows, with extensive one-to-one, and one-to-many static Confidential. Strategically placed Hide Confidential to support a variety of Confidential scenarios. Built objects, converted policy rules, implemented proxy ARPs to facilitate a number of many-to-one static translations. Managed customer expectations. Worked with the test team to resolve a number of state-related traffic issues with F5 load balancers, and B2B connectivity during the testing phase. Successfully guided the live cut-over during a global maintenance window. Very visible, very critical, successfully deployed.

Confidential

Senior Network Security Engineer

Analyzed Check Point Firewall running R75.x to determine Active Directory connectivity issues., and recommended viable solution to resolve mobile access and remote VPN authentication. Provided consultation in the area of traffic analysis, bandwidth management, traffic shaping, authentication, and related wireless account management issues. Assessed, the clients DMVPN network. Recommended Cisco-based embedded solutions to support their 2900/3900 Cisco routers with Waas service modules. Explored, and presented alternate solutions as well.

Confidential

Senior Network Security Engineer

Designed complex Check Point firewall architectures 127 firewall devices , including configurations, policy implementation, image and package upgrades, as well as multiple new builds to support secure application flows for EMS, DMS, and OMS. Upgraded existing Check Point appliances, and Nokia firewalls, from R65 to R70. Upgraded Nokia platforms from IPSO 4.2 to 6.2. Planned and engineered new network infrastructure of Cisco Routers, and switches, including hundreds of VLANs across multiple geographically dispersed data-centers to support extensive application architecture. Analyzed application flows to determine firewall policy. Built IPSEC VPNs between primary and DR sites to support development and testing. Interacted with IS and business groups to develop network security related solutions to solve situation specific problems. Corrected other complex technical issues that surfaced during project planning, and implementation. Utilized industry best practices for network security, and common data encryption standards, as well as advanced knowledge in the application and administration of DMZ environments, principles, and practices.

Confidential

Senior Network Security Engineer

Responsibility to the Enterprise Platform Architecture Group of Confidential. Evaluated over 350 devices of network and security infrastructure of new acquisitions by Confidential. Provided recommendations for improvements to architecture, performance, and security to management. Applied configuration best practice framework to firewall and VPN stateful fail-over systems. Produced detailed layer 2, and 3 Visio diagrams, and detailed reports of findings.

Confidential

Principal Network Security Engineer

Technically lead, Designed, and implemented infrastructure projects, and transitioned each to production. Designed a distributed network and firewall architecture across multiple data centers to provide redundancy and disaster recovery. Engineered end-to-end complex design and implementations to support new IT applications, capabilities, sites, and business requirements. Evaluated Intrusion Prevention IPS solutions from SourceFire, Juniper, Tipping Point, StoneSoft, Force10, and some other open source options as well. Performed security scans using Nessus, Nmap, MetaSploit, and other tools. Performed in-house testing using live data streams across 10GB connections. Generated detailed report of findings, and presented final recommendations to management. Designed and lead the implementation of the Tipping Point IPS infrastructure that included strategic placement of in-line active mode devices at locations across the enterprise, and centrally managed with clustered management systems. Redesigned the front-side network using co-location clustering to fortify the firewall functionality within the enterprise, using StoneSoft Firewalls and multi-site VPN implementation. Installed Confidential network appliance with content filtering on public-facing networks. Migrated the Confidential regulated network into the primary network to form a more robust and unified solution. Lead engineering staff and vendors to formulate new design of critical network infrastructure, primarily of Foundry and Cisco routers and switches. Surveyed existing network infrastructure at remote sites, and published unified design plans, and Visio diagrams to standardize the security function across the enterprise. Integrated routing of Confidential networks to improve the dynamic routing flows, and fail-over mechanisms. Designed enterprise dashboard solution using Orion, by SolarWinds, to monitor performance, connectivity, and trending of the global network. Orion was also used to provide reporting to upper-level management, and engineering, and to enhance the third party monitoring function. Added additional Orion modules to support more specific functions, such as Netflow, and Traffic Analyzer, Wireless Networks, VoIP, as well as SolarWinds Engineer's Tool set, and LANsurveyor.

Confidential

Senior Network Security Engineer

Migrated PIX firewalls to Checkpoint Firewalls. Migrated rule sets, NAT tables, and created various objects. Installed and configured various Cisco switches. Upgraded Cisco IOS for various Cisco Routers.

Confidential

Senior Network Security Engineer

Responsible to provide Internet proxy solution. Installed, and configured an Confidential Server. Installed WebSense Content filter for Confidential. migrated the WebSense policies from the Cisco PIX firewall. Installed Confidential DownloadSecurity for Confidential. Configured the WebSense reporting parameters. Installed four Snort-based Host IDS sensors near various DMZ locations.

Confidential

Senior Network Security Engineer

Technically lead, Designed, implemented projects. Designed strong security mechanisms for the enterprise. Deployed a Multi-stage firewall scheme. Configured intrusion detection and WebSense URL filters. Installed and configured Root Certificate Servers with AD integration. Deployed Radius servers. Configured AD policies for security, including X.500 certificate enrollment. machine, and user level certs . Implemented VPN with strong security mechanisms, such as PEAP-EAP-TLS, PKI, X.509 digital Certificates, Xauth, and Radius accounting. Deployed LAN security measures with strong security, such as PEAP-EAP-TLS with PKI, X.509 digital Certificates on all Servers and clients. Secured LAN with IEEE 802.1X Port Authentication. Configured X.500 digital Certificates and Radius RFC 2865 and RFC 2866. Performed Network traffic assessment, classification, and tuning. Performed penetration testing of internal and external networks, clients, and servers. Designed and implemented Voice-Over-IP VOIP for the enterprise. Instituted Quality of Service QOS for the enterprise. Deployed IM using in-house Microsoft servers, and AD integration. Redesigned and upgraded Data Center infrastructure. Configured, and secured routers and switches. Documented projects with Visio diagrams, Excel and Word. Prepared for high-level security audit by TruSecure. Received a report of zero exploitable finds for internal and external networks.

Confidential

Senior Network Security Engineer

Short-term contracts that varied in content and duration. Generated design proposal to build a firewall and VPN solution between sites. Included Windows NT/2000 installation, with Microsoft Exchange deployment between the offices. Provided firewall, and router configuration with Check Point and SonicWall firewalls. Also configured Cisco routers, performed firmware upgrades, and circuit provisioning. Provided Windows and Exchange 2000 design, including Active directory. Acted in an advisory role by reviewing the design, making recommendations to the client. Implemented router and firewall changes to support site relocation.

Confidential

Senior Systems Consultant

Designed, planned, and deployed cloud-based virtualization environments including Confidential. Building on past experience with Vmware in enterprise environments, I have expanded my knowledge of open source alternatives to Vmware in the cloud technology arena. Primarily focused on IaaS, in multi-tenant environments, I have built and deployed several cloud-based infrastructures. These include Confidential on Red Hat Linux hosts, with network, compute, and cloud controller components. In addition, I have built and deployed Xen Cloud Platform. Deployed guest VMs using a number of open source Hyper-visors, on both SE Linux and Non-SE Linux distributions, including Kernel VM KVM , Oracle VirtualBox, as alternatives to my experience with Hyper-V and Vmware.

Confidential

Network Management Architect

Responsible to Architect, and expand the network management function for Data General. Provided network management solutions for Data General customer networks. Designed, and implemented, HP Openview projects for new service offerings. Expanded the Confidential environment to manage 17 customer enterprise networks. Lead small teams to architect enterprise management solutions. Made presentations of new designs to corporate and customer management. Installed and configured enterprise-level tools. see skills . Configured routers and switches by Cisco, Cabletron, 3Com, and Nortel. Deployed multiple instances of HP Openview 6.x on various Sun platforms. Programmed correlation scripts for HP Openview to reduce fault isolation times. Wrote Perl scripts for paging, reporting, ticketing, and displaying alarm data to wall mounted panels. Generated Confidential configuration templates for all network devices. Developed web-based customer views and reports. Customized filters on HP Openview to support customer. Implemented and configured several instances of Concord Nethealth for SLA reporting. Programmed NerveCenter to monitor link performances. Implemented Check Point and Cisco PIX firewall changes as needed. Utilized various network probes such as Visual Uptime and other RMONII probes. Redesigned and upgraded management core to Improve Confidential performance. Provided ongoing support through Unix kernel tuning. Provided training of new systems for the Confidential Controllers. Updated the Confidential web server to reflect changes. Responsible to Architect, and integrate the network management function for Confidential. Integrated Confidential and Data General networks under a single management scheme. Lead a team for the integration of Confidential and Data General networks. Utilized the team to carry out an extensive audit of the global enterprise. Provided detailed report of findings with Visio diagrams, and Word documents. Evaluated Vital Suites, used by Confidential as the existing desktop management strategy. Audited all the management tool functions for compliance to Confidential standards. Researched advanced fault-isolation, performance, and simulation tools. Performed extensive technical reviews of vendor tools to determine the best fit for Confidential. See skills . Drafted a 3-phase upgrade proposal of the network management function within Confidential Wrote a statement of work, audit report, proposal, and detailed project plan.

SYSTEMS Skills