PROFESSIONAL SUMMARY:

• Accomplished, results oriented, Senior Network and Information Security Architect with over 10 years of advanced technology experience, helping clients identify and strategically implement, multi - vendor solutions. Experienced with managing projects in diverse technology environments, with expertise in the design and enhancement of large scale IP networks.
• Effective at translating business requirements into technical solutions, developing strategies based on company objectives.
• Extensive hands on technology experience spanning multidisciplinary domains including routing and switching, security, wireless, data center, and service provider technologies.

PROFESSIONAL EXPERIENCE:

Confidential

Cloud Network Engineer

Responsibilities:

• Lead the design of a Global SD-WAN solution involving complex WAN connectivity, including application specific performance routing across leased line and broadband connections, for communications between our data centers, branch offices, and Multi-Region AWS Cloud and VPC space
• Redesign Internet and Market Data access perimeter for redundancy across multiple data centers utilizing diverse carriers with iBGP/eBGP Multi-homing, MEC Multi-Chassis Ether-Channel (VPC/VSS), and Palo Alto firewalls in an HA Pair
• Design Multi-Region AWS Direct Connects with 10Gbp/s leased line circuits, and Backup IPsec Tunnels Integrated with virtual routing appliances for High availability and traffic optimization
• Design Global Transit/Shared Services VPC with Aviatrix Gateways in a Hub-and-Spoke topology for inter/intra Region communications
• Develop comprehensive WAN/LAN/WLAN documentation; Manage all key network infrastructure products and technologies including Load Balancers (LTM/GTM), Firewalls, Web Content Filtering, Site to Site and Client VPNs, Cisco Catalyst (2k-9k), Nexus (1k-9k) switches, Cisco ISR/ASR/CSR routers 1900,2900,3900,4k, Meraki MX100, MX64, Z1, MR33-52 Access points, Routing Protocols(OSPF,EIGRP,BGP), PBR, QoS, OTV DCI
• Develop Python scripts and Ansible playbooks for automating the deployment of standard network/system management configurations ( QoS, Syslog, Netflow, SNMP, NTP, Login Banners, access-lists, etc)

Confidential

Network Architect - Consultant

Responsibilities:

• Lead architect responsible for the design of the data center and campus core network infrastructure, creating standard configuration templates and designs for project build activities.
• Responsibilities include reviewing all areas of the network to ensure scalability, high availability, security and traffic optimization.
• Redesign the Internet perimeter for redundancy across multiple data centers utilizing diverse internet carriers with iBGP/eBGP Multi-homing, MEC Multi-Chassis Ether-Channel (VPC/VSS), ASA 5585-X FW’s in Multi-context HA pair and FIREPOWER 8000 Series NGIPS Inline at the Internet Edge
• Applying proper security measures and access controls for DMZ network segments, Partners and Client VPNs, Web proxy redirection, Guest Wireless services, and Server access segments including designing the AWS Direct Connect Cloud and VPC space.
• Act as the SME for all key network infrastructure products/technologies including firewalls, NGIPS, Site to Site and Client VPNs, F5 Load Balancers (LTM/GTM) irule scripting, SSL Offloading, SNAT/XFF, SSL passthrough, Palo Alto and ASA FW’s, Web proxy redirection, Wireless Network design, Server segmentation and network compliance.
• Develop SDWAN architecture based on Cisco iWAN involving BGP, DMVPN and PfRv3, demo Viptela
• Develop end-to-end QoS strategy for traffic prioritization of real-time applications including IP telephony, video conferencing, and instant messaging (Lync/Skype for Business) across wired, wireless, and wide area (MPLS/Metro-E/DWDM/GRE/IPSEC VPN) network boundaries.
• Design global multicast routing architecture, PIM-ASM (Anycast RP) Multicast HA design, applications include Qumu CDN (Content Delivery Network) and facilities management software.
• Collaborate with internal IT teams on projects to develop comprehensive documentation including Disaster recovery, testing, and validation procedures to guarantee designs are working within specification. Engage in technical discussions to review new technology developments and overall network strategy.
• Develop standard configuration templates for Cisco Wireless WLC controllers, models include ( 2504, 3504, 5508, 5760, 5520) WiSM2, Access points 1700/3700/3700 , 1800/2800/3800 , 802.11 a/b/g/n/ac-ac wave2, MGig, 3850 Unified Access, AP Groups/RF Profiles, RRM (TPC, DCA, Clean air), Flexconnect, Autonomous AP, AVC/WMM/QoS profiles, Mobility Groups, Voice/Video over WLAN, Guest access services, EOIP, (foreign/local controller), (centralized web authentication).
• Integrate Cisco ISE- Identity Services engine TACACS/RADIUS authentication as well as 802.1x Auth, EAP/FAST, EAP/TLS, PEAP-MSCHAP, Guest Access/Posture/Profiling. Lead escalation point and SME for a group of senior network engineers, encompassing all aspects of network design and troubleshooting related matters for the following technologies: Firewalls Cisco ASA X, Palo Alto, SourceFire IPS, VPN technologies (L2L, DMVPN, VRF-aware IPsec, SSL VPN), Juniper SSL VPN, Infloblox, F5 GTM/LTM, Cisco CSM, StealthWatch Lancope (Netflow monitoring), ISE, Splunk, Orion, DHCP snooping, DIA, BPDU guard/filter, root-guard, HSRP, VRRP, GLBP, Nexus 9k, 7k, 5k, 2k, VPC, OTV, VXLAN, Farbic Path, VDC, Nexus 1000v, VBlock 200/300, UCS, Catalyst VSS, 4500, 4500-X, 3850, 3750, 2960, ASR100x, ISR 4000s, 4451-X, 3900, 2900, 1900

Confidential

Solutions Architect

Responsibilities:

• Develop complex network architectural solutions, including the bill of materials, statement of work, and configuration templates that adhere to industry best practices
• Validate advanced network designs and routing strategies including: Data Center Technologies (N2k -9k, VDC, VPC, OTV, FabricPath), VSS, Security: Cisco ASA 5506-X - ASA 5585-Xw/FirePOWER Services, SourceFire IPS, URL Filtering AMP, 6500/7600 FWSM (Firewall Service Module), Cisco Security Manager, ACS, ISE, Wireless Technologies WLC 5500, 5760, 8500 AP: 1700,2700,3700s Cisco Prime, MSE, Meraki
• Network Design and Integration of an IWAN SDN pilot network for a large corporate customer including a Statement of Requirements
• Develop comprehensive Network Support documentation and Network Master Diagrams
• Create Standard site build Documentation and Implementation Procedures
• Provide Tier 4 troubleshooting assistance, Firewall rule analysis, Design Validation/optimization, PCAP, debugging, configuration assistance, Create standard best practice configurations templates, configure the network in support of BGP, OSPF, EIGRP, Multicast, DWDM technologies, MPLS and Metro Ethernet
• Models include but not limited to the following:
• ISR Branch Routers (1800,1900,2800,2900,3800,3900, 4300,4400) - Integrated Security on ISR G2 routers CBAC/ZBFW
• Switches (2960, 3560, 3750G, 3750-X, 4500-E, 4500-X, 6500,6800 series Switches) Nexus 7010, 7710, 5548UP, 5500, 3064, 2248,
• Firewalls - Multiple Contexts, Failover Active/Passive, ASA Clustering, Nats - Static/Dynamic, Policy NAT, Nat exemption, Site-to-Site VPNs, Remote Access, SSLVPN, Dynamic Crypto map, DMVPN, DPD, VRF Aware-IP Security, DHCP Snooping, DAI, uRPF, Port-Security, PVLAN, ZBFW
• Integrate Cisco ACS, Firewalls, routers, switches, VPNs, IPS and Load Balancers

Confidential

Principal Network Architect

Responsibilities:

• Provide comprehensive network, virtualization and cloud solutions for large enterprise customers:
• Enterprise LAN/WAN/WLAN/SAN network Design
• Data Center Design: Cisco UCS-B, FI-6248, N9K/N7K/5K/3K/2K/1K, vPC/VSS/OTV/VXLAN/EVPN/FP
• Software Defined Fabrics: Cisco ACI/VMware NSX multipod/multisite. Cross Vcenter NSX
• Network Virtualization and Overlay Technologies (MPLS L2/L3VPN/VXLAN/OTV/DMVPN/NVGRE/MGRE)
• SD-WAN Solutions: Cisco iWAN/Viptela/Velocloud/SilverPeak/Cato Networks
• Application Delivery - Large scale F5 BIG-IP deployments. GTMs and LTM deployments.
• Multicast Routing - IGMP v2/3 PIM SM/DM, ASM, SSM, BIDIR, Anycast RP, MSDP, MVPN
• High Availability/Disaster Recovery Designs
• Low Latency Network Design
• Next Generation Firewalls (Palo Alto, Checkpoint, Fortinet, ASAw/Firepower)
• Information Security Policy Creation/Review
• Hypervisors: VMware ESXi, Hyper-V, XEN Server, KVM,
• Cross-Vcenter NSX - VXLAN/VNI, ULS, UDLR, UDFW,
• Cloud Networking - Amazon AWS VPC/VPG/DCG, VPC Peering, Transit/Shared Services VPC, Aviatrix, CSR 1000V, Route53, S3, Security Groups, ELB
• Wireless - 802.11 a/b/g/n/ac - CAPWAP,WLC, EAP/EAP TLS/PEAP/MS CHAPv2,TKIP, Meraki, AP groups, RF profiles, Flexconnect, Voice/Video QoS, 802.1x authentication, Cisco ISE/ACS
• Lead Cisco ISE deployment encompassing wired, wireless, VPN, and guest access services in a large enterprise environment. Integrate 802.1x/MAB/Centralized Web authentication into existing Network Infrastructure. Develop documentation outlining project objectives, solution components, Network Access Device (NAD) configuration templates, and step by step implementation and operation procedures. Create authorization profiles and policy rule sets to address concerns for Wired, Wireless, VPN, BYOD, and guest network access.
• Firewall model selection, licensing, rule assessment, Multi-Context, HA, Clustering
• Systems Integration - AD, DNS, LDAP, Syslog, Radius, Infoblox, Cisco ACS, SNMP,NTP, Cisco Prime, Stealth Watch Lancope

Confidential

Network Architecture Consultant

Responsibilities:

• Lead Engineer - Responsible for the Design of a Global PCI Compliance and Firewall/Network Segmentation solution- Technologies include: ASA Firewalls, IPS, L2L VPNs, DMVPN Phase3 Multi-tier Hubs, VRF-Aware VPN (fVRF/iVRF), IOS FW (CBAC and ZBFW), Global BGP route manipulation, Network Restructuring, Detailed Routing Design, Network Security Documentation, PCI compliance engineering.
• Propose network architectural solutions involving (Router/Switch/Firewall) model selection and posturing, IOS code/licensing selection, proof of concept testing and evaluation.
• Develop transition to support documentation and host knowledge transfer sessions for a group of 20+ NOC Engineers. Host weekly status meetings to discuss project progress and developments, engage in regular whiteboard sessions to discuss various technology options and act as the SME for all VPN/GRE Tunneling, route/switch, and firewall/security related technologies.
• Reconstruct network perimeter including DMZ and VPN termination segments to adhere to industry best practices. Migrate over 200+ Internet based VPN Sites to new VPN Gateway’s, design, configure and implement 10+ VPN gateways worldwide.
• Lead implementation efforts of proposed network architectures, develop copy/paste ready configuration scripts and guide a group of engineers to assist in successfully implementing architectures across 100+ MPLS sites worldwide.
• ISR Branch Routers (1800,1900,2800,2900,3800,3900) - Integrated Security on ISR G2 routers for CBAC/ZBFW
• Swiches (2960, 3560, 2750, 4500-E, 6500 series Switches) (Nexus 3-7K) 7600 and 7200 Routers
• Firewalls - ASA5505 - ASA5580 Models, Next Gen. ASA 5515-X - ASA 5585-X, 6500 FWSM (Firewall Service Module)
• IPS 4300, IPS 4500, AIP-SSM, IPS Software/license for ASA Next Gen. Firewalls

Confidential, Hicksville, New York

Senior Security Architect - Consultant

Responsibilities:

• Implement and support Firewalls, create DSCP-based ACLs, act as the SME for all security related incidents
• Implement protection against ISP Denial of Service and develop complete mitigation strategy
• Manage Arbor Networks Peakflow TMS DDOS Appliance; Provide full scale performance analysis, design validation, BGP Route-Injection, and attack mitigation strategies
• Work with A10 Networks CGN - Carrier Grade NATing Appliance; Implement COPP Control-plane Policing
• Provide network configuration assessments
• Firewall rule assessment, industry best practice template configurations, configuration audits
• Work with Network automation tools like HP Opsware for network configuration standardization and compliance
• Platforms include ASR9k, 76xx, 65xx, Cisco Prime, Cisco WLC 5500, Cisco Aironet 3500, ASA 5585, IPS.

Confidential, New York, New York

Senior Network Architect

Responsibilities:

• Provide Tier 3 escalation support
• Provide mentoring to a group of senior engineers - documentation/design review
• Work on multivendor/platform environments (IOS, IOS-XR, NX-OS, JUNOS/ScreenOS)
• Design, Configure, and Optimize MPLS/BGP/OSPF/EIGRP in both Service provider and Enterprise Networks
• Design MPLS Extranets for Finance clients
• Lead Engineer - Low Latency Network Build
• Full capacity L2/L3 design Involving: 22 Nexus devices (3064s and 5596s) 6 ASR 1006s with Firewall Services, Refresh 3 Data Centers, Build POPs for 4 European Stock Exchanges.
• Configurations include BGP, OSPF, MPLS L3VPNs, Route Summarization, Detailed Route/Security Policy, Zone Based FW, NATs, vPC (Virtual Port-channels).
• Documentation- Visio of Physical/logical topology, IP Address Assignment, port-assignments.
• Work with Customer on developing custom firewall policies for new environment.
• Migrate infrastructure from 6500/3750s to new Nexus environment.
• Work with Bill of Materials - Ordering/licensing optics - SFP 10Gb-SR/LR, GLC-LH-SM, XFP 10Gb-SR/LR.
• Perform Cisco configuration assessment.
• Create Secure Configuration Templates for IOS/ScreenOS devices.
• Create scripts to check non-complaint IOS/ScreenOS configurations. Provide Firewall Policy/Configuration assessment and remediation, Create scripts to check Firewall policies and categorize them based on severity level.
• Coordinate Global site remediation schedule.

Confidential, WhitePlains, N.Y

Lead - Network Security Engineer

Responsibilities:

• Manage the design, configuration, and daily operations of the network security infrastructure Including:
• Symantec SNS 7160 IPS and Symantec NAC
• Websense Web Security - Internet content Filterer/Web Proxy
• Whale Communications E-Gap/UAG SSL VPN
• Provide proactive network vulnerability scanning with QualysGuard Vulnerability Management utility;
• Coordinate remediation schedule with affected system owners
• Manage Symantec Endpoint Protection (SEP) - Create domain-wide AV(Anti-Virus) policies, peripheral device access-policy, host-based application control, and viral trend analysis
• Proof of concept - Testing and Evaluation - Websense - DLP - Data Loss Prevention
• Creating Periodic Presentation Reports
• Provide Network configuration assessment and firewall rule assessment
• Multi-Site VPN implementation with DMVPN; GRE/mGRE, NHRP
• Configuring IPSEC Site to Site VPNs
• Security analysis, firewall configuration, network restructuring, VPN design
• Provide detailed Network Security Documentation
• Security - Layer 2 Security e.g DHCP Snooping, DAI, Port-Security, 802.1x port authentication, Vulnerability scanning & asset discovery/rogue device identification
• Maintenance of Firewall Policies i.e. service ports/protocols DNS, ISAKMP, GRE, FTP, HTTP/HTTPS, SMTP, L2TP

Confidential, New York, N.Y

Systems Administrator/Network Engineer

Responsibilities:

• Facilitate daily technology based operations LAN/WAN connectivity in a Cisco Routing and Switching environment; Responsible for Installing supporting and troubleshooting all Cisco Issues.
• Maintenance of Cisco Routers/switches configuration of Access Control lists(ACL), IP routing Protocols (EIGRP, OSPF, BGP), Implementing proper VLAN design, troubleshooting all Switching issues.
• Performing Data Center Maintenance i.e. implement/troubleshoot HSRP, VRRP, Site-to-Site VPNs, and Server Connectivity
• Design, implement, and troubleshoot redundant T1 circuits between our company’s office and Data Center using Cisco 2600, 7200 and Cisco 3750 and 6500 Switches
• Design, configure, & implement Site-to-Site VPNs w/ Check Point NG Firewalls and Cisco VPN concentrators, setting up remote access VPN client software
• Firewall policy maintenance i.e. opening specific ports for communication services in/out bound such as TELNET, RDP, SSH, NTP, DNS, SNMP, FTP, & various others
• Configure, Implement, and troubleshoot VOIP phones
• Windows Server 2003 and Active Directory maintenance i.e. NTP, DNS, DHCP, RAS, IIS, GPO
• Writing scripts to facilitate software installations & other needed automated processes
• Microsoft Exchange Server 2003 maintenance

Confidential, New York, N.Y

Systems Administrator/Network Engineer

Responsibilities:

• Design, implement, troubleshoot, and maintenance of computer networks LAN/WAN connectivity
• Troubleshooting and maintenance of Cisco Routers (IP Protocols EIGRP,OSPF,RIP) PPP encapsulation and authentication with CHAP, configuring and updating Access Control lists(ACL) and default static/floating routes, basic Frame Relay configurations and troubleshooting with various show commands.
• Network line tracing and installations (Patch cables, cross over, roll over, serial)
• Network configurations including DHCP scopes, RIP, RAS, WINS
• Performing system backups with Brightstor ARC serve backup utility
• WAN - Configurations of HDLC, PPP, Full/Partial Mesh Frame Relay
• Security - 802.1X & Layer 2 Port Security, Standard/Extended ACL's(Access Control List)
• Switching - Configuration of VTP management, 802.1Q/ISL Trunking, 802.1D STP, & 802.1w RSTP
• TCP/IP services - Configurations of Static/Dynamic NAT, PAT, DHCP,