SUMMARY:

• IT Security professional with architecture, engineering and management proficiency of large data center environments seeking to share and gain new experiences of the design, installation, and configuration of the networking infrastructure for clients who achieve their goals.

EXPERIENCE:

Senior Network Architect/Engineer

Confidential, Minneapolis, MN

Responsibilities:

• Design and implementation of ASR 1000 series routers as DMVPN Hub/Spoke for dynamic tunnel configuration across numerous remote branch/campus locations
• Configuration and implementation of firewall rules Juniper NS100s running ScreenOS 5.4 for access via external vendors
• Configure Cisco switches 6500, 4500, 3750 to support voice and data VLANs
• Configured various Router interfaces like ATM interface, T3
• Provided high - level support on MPLS-QoS and MPLS-VPN migration from Frame-Relay circuits
• Worked on next generation WAN QoS architecture for a unified network with data, voice and video.
• Provide fully configured BGP for MPLS connectivity and created hierarchical network with summarized routes by utilizing BGP Route-Maps and Aggregate address statements
• Lead network architect on DR team to design and configure dynamic failover in the event of network failure using OTV on ASR 1000s for and Riverbed SteelHeads for optimization of Mimix Replication
• Deployed Cisco WAAS devices in order to ensure consistent network performance over the WAN and ensure application performance.
• Coordinate with application owners and gather requirements
• Implemented VRF-Lite to logically separate application and presentation layers of hosting environment
• Reviewed and performed QA on various network design changes
• Implementing and managing the Cisco Access Control Server (ACS 4.2) for centralized login management for all enterprise network devices
• Deployment, configuration, and management of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS, and Cisco Prime
• Produce NRFU/AsoBuilt documentation in Microsoft Visio
• Implemented and Configured CSMARS, CSM and Cisco Security Agent (CSA) for software host intrusion prevention on all mission critical servers
• Migrated over 100,000 firewall rules from Cisco PIX firewalls to Cisco ASA’s and Checkpoint Firewalls
• Managed Checkpoint and PIX firewalls, as well as DNS and DHCP servers.
• Performed rule consolidation on more than 10 pairs of Checkpoint Firewalls in efforts to minimize the number of rules to be migrated to ASA
• Designed and implemented 60 spoke DMVPN as a low cost backup solution to MPLS
• Design and implementation of SSL WEBVPN and AnyConnect as remote access VPN solution for remote employees
• Performed Firewall Migrations from 6 pairs of Cisco ASA to 6 pairs of Palo Alto Firewalls.
• Lead a team of technicians responsible for the day-to-day administration and maintenance of ASA firewalls, F5 load-balancers and Juniper SRX series firewalls.
• Configure over 300 SSL profiles for SSL offload

Senior Network Engineer

Confidential, Bloomington, MN

Responsibilities:

• Configured and upgraded ASR 1k and 9k routers in network edge standardization initiative.
• Configured and implemented Cisco 2600, 3700, 2800, 3800, and 7200 series routers with T1, MLPPP, IMA, DS3 and OC3 interfaces
• Worked in labs to develop solutions to Issues experienced in production, along with lab out Various technologies specific to Cisco Nexus including VPC, VDC, OTV, and FEX
• Configured L2 technologies (span sessions, L2 Designs, spanning tree)
• Design and implementation of VPC and eVPC connectivity providing resilient connectivity at Layer 2
• Analyze network status and link utilization using SolarWinds NMS
• Configured VLANs with 802.1Q tagging according to the Server team
• Implemented 30 pairs of 5548s and 5596 as datacenter aggregation points in order to accommodate for future expansion and growth.
• Configured and deployed Cisco 2600 series routers and cisco 3550 switches at branch locations with MLPPP T1 configurations
• Assessed bandwidth utilization of various sites and implemented a wide variety of Circuit handoffs including sub-rate Ethernet, OC-3, DS-3 and MLPPP
• Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
• Assisted in QA analysis of WAN performance over 100 remote sites
• Design and implement environments utilizing Riverbed SteelHead CX5055 devices for WAN Optimization over MPLS for DR Replication
• Configured Riverbed Steelheads at all remotes sites to provide acceleration services for critical business applications like File Sharing
• Deployed Cisco WAAS devices in order to ensure consistent network performance over the WAN and ensure application performance.
• Designed new data center architecture to support VMWare virtualization of 150 Windows, Linux and Netware servers, with disaster recovery
• Migration and consolidation of over 200,000 Firewall rules from FWSM at Data Center core to Juniper NS5200s
• Deployment, configuration, and management of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS, and Cisco Prime
• Communicated with App Teams and Security teams to ensure that the correct level of security based on company requirements was applied to all related network traffic
• Configured ACS server in order to fully integrate NAC as well as set up and maintain TACACS accounts for end users.
• Used ISE 1.2 to authenticate AnyConnect SSL VPN users while utilizing Dynamic Group Policy based on Class Radius Attribute
• Deployed End Point Protection Services with ISE 1.2 to quarantine malicious endpoints from the rest of the network
• Deployed ISE 1.2 to support BYOD initiative across the enterprise
• Deployment, configuration, and management of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS, and Cisco Prime
• Deployed ISE 1.2 using a Distributed High-availability model using PAN, PSN, MNT, and IPN services nodes
• Deployed ISE 1.2 to support up to 10,000 Concurrent endpoints
• Implemented various features on the ASA-5500 platform including Client-VPN (Anyconnect), Transparent Mode, Multi-context Mode and Fault-tolerance
• Worked with 3rd party vendors to integrate the networks via point-to-point links and VPNs that were filtered by firewalls
• Migrated over 100,000 firewall rules from Cisco PIX firewalls to Cisco ASA’s and Checkpoint Firewalls
• Design and migration from McAfee Sidewinders to Cisco ASA 5500-X as ISP/WAN edge Firewalls
• Configuration of 300 Tunnel Groups/Profiles
• Implemented B2B IPsec VPNs to 3rd party vendors on ASA firewalls and 1000-X ASRs
• Configured ASA 5510s in Active Standby for redundancy for internal devices and external Work from home users
• Managing and implementation of PORs (port open requests) based on the requirements of various departments and business lines.
• Implemented VRFs and Checkpoint Firewalls in DMZ environment to separate and monitor east to west traffic flows between application and presentation servers
• Built Checkpoint Multi-Domain Server to manage multiple Checkpoint Security Gateways
• Migrated from Cisco ASA 5550 to Checkpoint R71 firewall platform
• Performed rule consolidation on more than 10 pairs of Checkpoint Firewalls in efforts to minimize the number of rules to be migrated to ASA
• Configured Checkpoint R71 Firewall in Active/Standby configuration
• Configuration of customer B2B IPSEC VPNs on ISR G1s
• Configured user access for VPN policies and set up client to site VPN terminating on cisco 3000 series concentrators.
• Setup simplified and traditional VPN communities, and Cisco Any connect

Senior Network Engineer

Confidential, Minneapolis, MN

Responsibilities:

• Migrated environment from RIPV2 to OSPF to allow for better network traffic management
• Configured authentication of routing protocols like OSPF, EIGRP, and BGP using MD5 hash encryption.
• Migration from EIGRP to oSPF as IGP
• Implementing, deploying and troubleshooting OSPF, BGP, MPLS-VPN, MFR, L2TP, HDLC, PPP, NTP, WCCP, WAAS, VLANs, VTP, STP, MSTP, RSTP, Root Guard, BPDU Guard, PortFast, UplinkFast, BackboneFast, Ether Channel, PAGP, LACP and 802.1Q.
• Redesigned customers LAN/WAN network for future growth which included Frame-relay and MPLS utilizing OSPF and EIGRP.
• Configured OSPF and EIGRP as IGPs utilizing route tagging and redistribution
• Implemented EIGRP as the standard routing protocol used throughout the environment
• Implemented multiple routing protocols including EIGRP, OSPF and BGP in a dual provider environments
• Executed site cutovers from legacy RIP and EIGRP networks to OSPF with BGP and MPLS networks
• Maintain regional ring networks that use the following protocols: RIPV2, OSPF, and BGP with confederations and route reflectors.
• Experience in the setup of HSRP, Access-Lists, and RIP, EIGRP, and tunnel installations.
• Performed Layer I, II and III troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for BGP, OSPF, RIP, RIPv2, EIGRP, Static and default route in a VPN environment using MPLS
• Experience in routing protocols like EIGRP, OSPF, RIP, and BGP, MPLS/VPN.
• Migration from HSRP to GLBP for all server SVIs on core infrastructure
• Monitor real time network traffic using SPAN sessions and WireShark
• Design and implementation of ASR 1000 series routers as DMVPN Hub/Spoke for dynamic tunnel configuration across numerous remote branch/campus locations
• Implemented 6500 SUP720, 6748, ACE, and 6548 Modules.
• Enhanced level of experience with QoS, OSPF, BGP, ATM, T1-T3 Frame-Relay
• Experience on implementing and troubleshooting various multicast protocols such as IGMP, PIM and MSDP.
• Set up multiple customer edge eBGP MPLS deployments utilizing DS3, OC3 and Ethernet handoff circuits.
• Implemented Cisco AnyConnect VPN solution for over 2500 remote workers
• Upgraded existing MPLS circuits to DS3 and OC3 circuits to provide better throughput, reliability and redundancy.
• Assessed bandwidth utilization of various sites and implemented a wide variety of Circuit handoffs including sub-rate Ethernet, OC-3, DS-3 and MLPPP
• Implemented redundant designs at various LAN/WAN facilities that required failover mechanisms
• Design, optimize, and troubleshoot LAN/WAN hardware, software, and telecommunications services. Lead network projects, budgets and timelines. Supervise outside vendors and mentor/lead network technicians. Maintain/perform work with optical transport, routers, switches, modems, and cabling. Created detailed Visio documentation for L1, L2 and L3 environments.
• Installations/upgrades of ASR 1000 series routers as WAN edge
• Configured VPC to Distribution Blocks for added redundancy
• Installations/upgrades of Cisco CSM/PRSM from CSMARS for Security Administration, Reporting, and Monitoring
• Lead QA analysis of over 110 WAN sites to verify standards and ensure future performance
• Consolidation of over 250,000 Firewall ACLs and objects utilizing Cisco CSM optimization
• Deployed End Point Protection Services with ISE 1.2 to quarantine malicious endpoints from the rest of the network
• Deployed ISE 1.2 to support BYOD initiative across the enterprise
• Configuration/Administration of Cisco ASA 5585oXs as WAN edge Firewalls
• Configuration of IDFW CTP on Cisco ASA 5500s
• Performed configuration migration from legacy pre-8.3 asa nat configurations to post-8.3 configurations
• Design and implementation of multi-tenant hosting environment utilizing Multi Context Mode on Cisco ASA 5500 series Firewalls,
• Implemented Cisco ASA 5520 pair with failover as replacement to legacy 500 series PIX firewalls.
• Managed Checkpoint and PIX firewalls, as well as DNS and DHCP servers.
• Performed rule consolidation on more than 10 pairs of Checkpoint Firewalls in efforts to minimize the number of rules to be migrated to ASA
• Built Checkpoint Multi-Domain Server to manage multiple Checkpoint Security Gateways
• Configured Cisco 1800 series router with NAT, DHCP, VPN access, access lists enhancing network security.
• Provisioning and configuration of IPSEC VPN on Cisco 800 series routers for remote employees
• Directly responsible for maintaining B2B VPN infrastructure both existing and adding new VPNs
• Migrated multiple point-to-point IPSec over GRE to IOS DMVPN increasing scalability and deployment of the clients small and medium sized office deployments
• Performed Firewall Migrations from 6 pairs of Cisco ASA to 6 pairs of Palo Alto Firewalls.
• Configuration and implementation of Cisco AnyConnect as RAVPN solution for over 300 customers
• Consult and speak to high risk change requests on bi-weekly CAB calls
• Participated in a lifecycle management process replacing existing Cisco 3550 switches at the access layer with the 3750-X series and deploying 4500-X switches at the distribution layer utilizing BFD to ensure rapid convergence in an all Layer 3 campus design Management and administration of Cisco switches and routers at main Data Center
• Assisted with implementation during cutover and platform migrations
• Configured and troubleshot extensive OSPF, EIGRP, BGP configurations for campus and remote locations
• Implemented BFD on Nexus 7000 and ASR1002s to provide sub-second convergence and fault-detection
• Consultation onsite with customers for approval, whiteboarding, UAT, and knowledge transfer
• Bridged tier 3 support to end clients during escalation procedures

Network Engineer

Confidential, St. Paul, MN

Responsibilities:

• Lead team in migration of 6509 core to Nexus 7k/5k/2k solution utilizing industry best practices
• Migrated Catalyst 6500 to Nexus 7000, 5000, 2000 by providing documentation of networks current and future states as well as helped develop a migration strategy to cost-effectively and efficiently migrate to new infrastructure.
• Configured Nexus 7010 platform with NX-OS port profiles, VPC, and VDCs
• Lead team in migration of 3 redundant Cisco Catalyst 6500 cores to a Nexus 7/5/2k solution utilizing VPC and FEX for server port aggregation
• Configuration of Cisco Nexus 2K FEX modules for ToR environment
• Assisted with migrating 80 pairs of 6500 series Catalyst Switches to Cisco nexus 7000 series switches.
• Migrated Cisco 6500 core to Nexus 7k/5k/2k solution
• Migration from Catalyst 6509 on CatOS 8.X to Nexus 7K/5K as Core/Distribution
• Design and validate Nexus 7K/5K/2K series switches as replacement of current Catalyst 6500 platform as Data Center Core/Aggregation infrastructure
• Staging and verification of IOS/CatOS to NX-OS migrations
• Configured Nexus 7-5-2 architecture in small scale co-located regional Datacenters utilizing Cisco nexus technologies including VDC and VPC
• Migrated 80 pairs of 6500 series switches to nexus 7000
• Design and implementation of double-sided VPC utilizing Nexus 7000 and 5500 series switches
• Migrated 60 pairs of 6500 Chassis switches to Nexus 7K/5k/2k architecture
• Migrated from Cisco 6500 to Nexus at three campus locations for core refresh project. Scope of project included configuring and implementing VDCs for internal traffic as well as Internet uplink, as well as utilizing nexus 2k/5k deployment for local server aggregation
• VRF configurations on ASR 1000s, and VRF aware Nexus 5Ks on a per customer basis
• Implemented 6500 SUP720, 6748, ACE, and 6548 Modules
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6509 at distribution/core layer
• Produce detailed guides for customer installation/NOC process and procedures
• Management and administration of Cisco switches and routers at main Data Center
• Standardized deployment methodology by standardizing configurations for 4500-x and 3750-x switches that utilize BFD and L3 links for HA with sub second failover times.
• Implemented BFD on Nexus 7000 and ASR1002s to provide sub-second convergence and fault-detection.
• Migrated existing Sup2’s running hybrid mode to native on 6500 series chassis.
• Utilized bidirectional route filtering to prohibit the redistribution of unnecessary routes
• Designed and implemented various EIGRP and RIP configurations with redistribution and summarization
• Executed site cutovers from legacy RIP and EIGRP networks to OSPF with BGP and MPLS networks
• Designed and implemented IGP migration from RIP to EIGRP.
• Experience in the setup of HSRP, Access-Lists, and RIP, EIGRP, and tunnel installations.
• Standardized deployment methodology by standardizing configurations for 4500-x and 3750-x switches that utilize BFD and L3 links for HA with sub second failover times.
• Enhanced level of experience with QoS, OSPF, BGP, ATM, T1-T3 Frame-Relay