We provide IT Staff Augmentation Services!

Network Engineer Resume

Washington, DC

PROFESSIONAL SUMMARY:

  • Over 20 years’ experience in the IT industry and 15 years’ experience in security.
  • Currently holds Certified Ethical Hacker, Penetration Tester and IBM AIX System Administrator.
  • In Depth experience with NIST, FISMA standards, both practical application for networking equipment, desktop configuration, Windows and UNIX servers.
  • Experience in managing internal as well as external high profile projects, such as the Grammy Awards, US and French Open as well as Atlanta Olympics.
  • Have been responsible for ethical hacking and penetration testing.
  • Experience in performing Vulnerability Testing and used Nessus Server and Client, sniffers including: Wireshark, Netscout Enterprise Sniffer and Observer 6.x.
  • Have a very extensive and diverse background with LINUX and many “flavors” of UNIX to include, AIX, IRIX and BSD.
  • Knowledge of installing and configuring Cisco routers, switches, firewalls and VPNs.
  • Responsible for analyzing possible security threats to overseas sites located in 140 US Consulates in 136 countries with Cisco Mitigation Attack Response Solution (MARS).
  • Training from The John F Kennedy Special Warfare Center at Ft. Bragg, NC and service with the US Army 5th Special Forces Group during real world operations. This made me an excellent leader under very stressful situations and a unique instructor in a multitude of diverse technologies, processes, procedures and services.
  • Experience with overseas network security and any new working with threats/risks.
  • Extensive experience with On-call 24/7 for overseas and local sites.a
  • Member of WatchGuard.com (Firebox Firewalls) and SANS.org, Security related websites.
  • Graduated of the Institute of Police Technology and Management's Interviews and Interrogations School.
  • Experience with conducted drills for site disaster recoveries and leading and decision making during day-to-day operations disaster recovery situations.
  • Experience in designing, building and maintaining Windows NT and man UNIX / Linux environments,

PROFESSIONAL EXPERIENCE:

Confidential

Network Engineer

Responsibilities:

  • Responsible for maintaining and reporting on Security Threats to CIO.
  • Keep up with latest security related techniques and advise on updates to the infrastructure.
  • Manage the support of all network and security equipment needed to conduct daily operations.
  • Manage any and all critical situations that involve perimeter penetrations.
  • Responsible for scheduling any needed / requested training.
  • Check firewall logs daily and VPN logs daily and report on any anomalies.

Confidential

Sr. Cyber Security Analyst / Engineer

Responsibilities:

  • Responsible for updating and writing new access lists and rule sets.
  • Personally responsible for “no access rules” to malicious URL’s on both Blue Coat and Checkpoint Firewalls
  • Created new rules for both IPS and IDS devices. (IPS/IDS was the IBM Proventia)
  • Respond for working and managing suspected malware tickets and calls.
  • Collect, analyze, correct and remove any suspected malware, spyware, Trojans and / or Virus and Worms.
  • Wrote incident reports to Symantec and US CERT when hostile files and code are found.
  • Create and updated firewall and IPS, IDS signatures and rules as needed to secure the network.
  • Skilled in the use of Remedy for ticketing process and procedures.
  • Used FireEye to aid in attack and attack vector investigations.
  • This enabled us to do TCP traces on the packets that were captured by the tool.
  • Located hostile malware. In the course of the investigation we were able to locate copy and neutralize the malware.
  • Riverbed was also used to acquire information between an internal system and a possible malware system.
  • Reports were generated and packets were copied to go through with Wireshark or other packet analyzers view all communications between the hostile system and the government system.
  • Used Ethical Hacking, PEN testing, Forensic and management tools such as, FireEye, IBM Proventia ISS (IPS/IDS), Imperva (Layer 4 Firewall), BlueCoat Proxy Servers, Barracuda Packet Collectors and Application Rebuilder, Riverbed Profiler as well as BacKTrak LINUX (Forensics), Metasploit and other tools as specified by US CERT, FCC, NIST and FISMA standards.
  • Worked with Cisco PIX 500 series, Cisco FWSM, ASA 5500 and CheckPoint Firewalls R61 – R75.

Confidential

Sr. Security Analyst / Network Engineer

Responsibilities:

  • Responsible for the installation, configuration and maintenance of all servers and workstations in the division. This included security scanning and hardening of all workstations and servers.
  • Created Shell Scripts in multiple scripting languages.
  • Used them in OS Crontab as well as web server CGI-Bin.
  • Created and updated process and procedure documentation dealing with security or forensic study of malware.
  • Perform on-call duties every other month or as needed according to team schedule.
  • Update Ethical Hacking and PEN testing tools such as, CANVAS, Metasploit and other tools as specified by the client and their standards
  • Perform on-call duties every other month or as needed according to team schedule.
  • Install and configure Cisco ASA / PIX and Checkpoint firewalls as needed by the customer. Also in charge of maintaining proper IOS code level and keep the configurations to a manageable size.

Confidential

Sr. Security Analyst / Network Engineer

Responsibilities:

  • Responsible for the installation, configuration and maintenance of all network security devices. This included Cisco PIX 525 / 535, ASA 5500.
  • Responsible for using and creating shell scripts.
  • Created new jobs and processes with korn shell (as an example) in order to be placed in to cron jobs on given LINUX servers.
  • Created and updated processes and procedural documentation for Security Team.
  • Updated patches, changed and coded as needed.
  • Performed on-call duties every other month or as needed according to team schedule.
  • Updated Ethical Hacking and PEN testing tools such as, CANVAS, Metasploit and other tools as specified by Unisys standards.

Confidential

Sr. Security Analyst / Network Engineer

Responsibilities:

  • Responsible for the installation, configuration and maintenance of all network security devices, including: Checkpoint w/ R70 – R62, Cisco PIX 525 / 535, ASA 5500, done weekly.
  • Responsible for using and creating shell scripts.
  • Created new jobs and processes with korn shell (as an example) in order to place cron jobs on LINUX servers.
  • Worked with NIST and FISMA standards, both practical application for networking equipment, desktop configuration, Windows and UNIX servers.
  • Worked with DCID 6/x,
  • Used DISA Gold Disk, along with checklist and scripts.
  • Used WebRoot to check organization desktops and server for spyware and other malware in order to generate monthly reports.
  • Used Symantec Client Security (3.0) enterprise wide, Antivirus (10.0) and Client Firewall.
  • Used Symantec SIM for information and risk compliance.
  • Responsible for writing new policy and procedures and updating old ones as well as all Security Information Management.
  • Responsible for reviewing proposed changes to the A.O.C. Network with Visio diagrams or PDF files.
  • Marked recommendations that went along with proposed changes to the A.O.C. Network.
  • Monitored all emergency changes to the network from the security side, made recommendations and enforced policy during said changes.
  • Responsible for ethical hacking and penetration testing. Primarily used Metasploit and Canvas.
  • Performed Vulnerability Testing and used Nessus Server and Client, sniffers including: Wireshark, Netscout Enterprise Sniffer.
  • Installed and maintained testing tools in order to perform packet captures and logging of captures.

Confidential

Sr. Network / Firewall Engineer

Responsibilities:

  • Responsible for the installation, configuration and maintenance of all network security devices including: Cisco PIX 525 / 535, ASA 5500, Cisco IOS 12.4.x, CATOS CAT6000-SUP720/MSFC3/FWSM, PIXOS 6.x–7.x, and Nokia IP380’s, Firewall Service Module (FWSM) and running CheckPoint Firewall IPSO 3.8+.
  • Worked extensively with the VPN Concentrator, Juniper Networks – Netscreen VPN products and device clustering.
  • Worked with Nortel Contivity, Cisco Works, HP OpenView and Eye of the Storm.
  • Responsible for the up keep and maintenance of approximately 20 LINUX servers. All of which required shell scripting for new jobs and processes, such as processing logs files.
  • Worked with Perl and Java script in order to create new scripts or reverse engineer current scripts.
  • Was responsible for setting a point-to-point VPN connection between PIX 501 and Linksys 54G. Later in the project we used the “easy vpn config” to switch out the Pix 501 with an ASA 5509.
  • Worked with NIST and FISMA standards, both practical application for networking equipment, desktop configuration, Windows and UNIX servers.
  • Responsible for the creation of infrastructure documentation such as Visio diagrams, policies and procedures, governing changes to configurations or the addition of new rules.
  • Worked with NIST and FISMA standards, both practical application for networking equipment, desktop configuration, Windows and UNIX servers.
  • Updated procedures and conducted drills for site disaster recoveries.
  • Installed and maintained ArcSight SIM as well as the daily use for analyzing the networks different networks.
  • Installed, configured and maintained Cisco Load Balancers. Also responsible for weekend and after hours callouts for troubleshooting.
  • Installed and maintained nCircle and used for daily for vulnerability scanning.
  • Used Wireshark and Metasploit Framework tools for scanning and capturing data
  • Administered network management software, SolarWinds, CiscoWorks, Tivoli NetView, HP, and OpenView.
  • Created rule-sets in Cisco MARS used to interrogate security logs generated by MARS.
  • Monitored firewall logs daily for any changes and suspicious activity.
  • Maintained virus, worm and other malicious threat awareness through subscriptions with SANS.org, CheckPoint, Symantec, Cisco and Microsoft Security Website, and Metasploit.
  • Highly skilled in the use and implementation of Checkpoint Dashboard products including Checkpoint NGX R65 and below.
  • Extensive uses of packet capture software such as WireShark, and Observer.
  • Maintained rule sets, policies and code levels on Bluecoat Proxy server and Websense Security Suite.
  • Extensive experience with numerous network monitoring, scanning and reporting solutions and Security Information Management (SIM).
  • Used LINUX (RedHat, Slackware) daily.
  • Install and configured Cisco routers using IOS 12.4(2)T, using OSPF, EIGRP, static routing also have extensive experience in the use of ACL’s in routers, firewalls and switches.
  • Was responsible for being on 24/7 on-call in the US Army.

Confidential

Network Engineer / Sr. Security

Responsibilities:

  • Was responsible for configuring and maintaining the Cisco VPN 3000 Concentrator. Cisco Pix 501 to 535 models and making the 501 talk to a Linksys 54G Wireless Router while in firewall mode for an offsite network.
  • Worked with NIST and FISMA standards, both practical application for networking equipment, desktop configuration, Windows and UNIX servers.
  • Setup monitoring of Cisco routers and switch logs using Cisco Works.
  • Used Performance Monitoring with SolarWinds Orion and Cisco Works Intranet Performance Monitor.
  • Responsible for writing scripts to be used by Cisco Works to automate processes, such as, changing Secret / VTY and user passwords monthly.
  • Used Symantec Client Security (3.0) enterprise wide, included was Antivirus (10.0) and Client Firewall
  • Used Symantec SIM for information and risk compliance.
  • On-call 24/7 for emergency response at the DC site as well as making myself available to our overseas sites.
  • Was also responsible for configuring bandwidth trending, alerting for critical system processes and devices listed as down.
  • The system was configured to send pages / text messages to cell phones as well as emails.
  • Used extensively to scan, track, prevent and report attempted cyber-attacks against USDA Foreign Assets. Further assessment of intelligence that originated in the Middle East, North Africa, parts of Israel, along with other regions and countries that were known to be sympathetic / friendly to those areas yielded more information on point of origin for suspected attacks. This also provided more intelligence on suspected internet crime organizations in various regions of the world. Information gathered on suspected terror groups was passed on to the intelligence organizations while suspected international Internet criminal groups were passed on to INTERPOL. Also skilled in IBM (SIM) and Symantec (SIM)
  • Participated in real world operations in that region contributed greatly to expert knowledge of the area’s people, cultures, customs, technological demographics, conventional terrorism as well as cybercrime and terror organizations were instrumental in creating network and utilities risk assessments and analysis.
  • Had access to all Cisco routers, switches and VPN concentrators of all sites both local and worldwide. Also skilled in troubleshooting all above listed Cisco devices. Was responsible for upgrading Cisco Secure ACS and TACACS to TACACS+.
  • Tasked with maintaining user VPN accounts and network engineering / admin accounts on TACACAS+ so all equipment could be accessed by the use of single user id , password and enable / secret passwords.
  • Skilled in installing, configuring, maintaining and troubleshooting Juniper devices, such as NetScreen.
  • Extensive use of OSPF and EIGRP as primary routing protocols while working for the USDA.
  • Worked closely with US State Department and Foreign Agriculture Service, upper management to provide reports in reference to overseas network security and any new possible threats / risks.
  • Studied extensively diverse topics and technologies regarded by experts as information warfare, which consisted of malicious code, including, Java Applets, JavaScript, macros and other scripting and markup languages. Also conducted planned DoS attacks, IP and MAC address spoofing as well as Ethical Hacking and Cracking (A.K.A. Pen Testing).
  • Proved valuable performing risk assessments of new equipment and potentially volatile situations caused by erroneous configurations or breaches of security.
  • Worked with NIST, NIACAP, DIACAP and FISMA procedures and protocols
  • Extensive experience configuring PKI and AES encryption in Cisco Routers and PIX Firewall and ASA 5500 series Cisco Firewalls

Confidential

Sr. Network and Security Engineer / Team Leader / Project Manager /

Internal / External Threat Analyst

Responsibilities:

  • Responsible for boarding external and internal IBM customers in the Ashburn Virginia Collocation facility.
  • Responsible for annual budget. Employee reviews and SAS70 security inspections.
  • Worked on a regular basis as a CCNA and CCNP level. At the time I did actually have a CCDA.
  • Responsible for the management of 30 employees and contractors, career counseling and annual reviews. Also responsible for hiring and termination of employees as necessary.
  • Daily use of Tivoli Management products such as Netview and Storage Manager. I am also familiar with almost all IBM products. To include HMC AIX systems management tools, Tivoli setup, maintenance and upgrades.
  • Designed, implemented and managed custom Tivoli Netview and Cisco Works 2000 and Cisco Works LSM 2.6 Solutions for customers in Collocation and Fully Managed Environments.
  • Also skilled in the use of MRTG on infrastructure devices for measuring bandwidth.
  • Skilled in using the reporting element of MRTG.
  • Extremely familiar with NIST, both practical application for networking equipment, desktop configuration, Windows and UNIX servers. Referenced NIST SP 800-50 and SP 800-40 series primarily for safeguarding MS Windows OS, UNIX / LINUX OS and network printers.
  • Use physical security protocols and procedures to include social engineering, shoulder surfing, physical lock picking and other measures such as dumpster diving to test physical security as well as security software, packet monitoring software and products such as Solar Winds Orion and download able tools such as TCPDUMP, ETHERRAPE, ETHEREAL as well as password crackers and keystroke recorders to test logical / virtual security. Also taught techniques to senior staff members that were actively involved in ongoing security protocols and procedures.
  • Thinking out of the box or much like a professional cooperate spy when it comes to security.
  • Worked with TCP/IP every day. Due to clients and the way they were managed I usually dealt with the first three layers of the TCP/IP Stack. But have worked extensively with all seven layers at one time or another.
  • Installed and configured Cisco 6509 Core switches, Cisco 6504, Cisco 4008 Switches as well as Cisco 1700 series through Cisco 12008 GSR Routers.
  • Maintained redundant OC-3 connections to the Collocation site. Used OSPF, EIGRP, RIP, RIP II and IGRP during router configurations. Also skilled in troubleshooting these protocols using SNMP and it's MIB Database.
  • Installed and configured Big-IP F5’s. Was also responsible for troubleshooting during weekend and after hour’s callouts.
  • Skilled in SONET, POS, Frame Relay, T-1, Fractional T-1, ISDN PRI and BRI, I also work well with service providers such as Sprint and Verizon to complete circuits and projects.
  • Was responsible for installing and configuring Cisco and Juniper VPN solutions, servers and clients.
  • Highly skilled in troubleshooting both Microsoft workstations and servers. Former MSCE (WinNT 4.0), so I'm very skilled in Microsoft Operating Systems. (All of them).
  • Extraordinarily work well with teams as a team member or as a team lead. I always know my place and where I stand with in a team never overstep my bounds without prior permission from either the team lead or management.
  • Also skilled with solutions and reporting tools such as Cisco MARS.
  • Responsible for troubleshooting customer network equipment such as, Nokia IP 330 and 660 Firewalls running Checkpoint firewall, Cisco PIX Firewalls as well as Cisco and Nortel Routers and switches. Checked firewall logs daily for any new issues. And ran them against Cisco (MARS) - Mitigation Attack Response Solution.
  • Wrote process and procedures for Collocation and fully managed network environments.
  • Was responsible for leading and decision making during day to day operations and as well as disaster recovery situations.

Confidential

Sr. Network Engineer / Sr. Security Test Team Lead / Project Manager

Responsibilities:

  • Designed, built and maintained Windows NT 4.0 (Domain) network to be used in all E-Business Solutions, Production, Development and Testing Environments.
  • Managed internal as well as external high profile projects, such as the Grammy Awards, US and French Open as well as Atlanta Olympics.
  • Was responsible for major migration of services and equipment.
  • We, as a team, replicated the Atlanta office in 20 states and 4 countries around the world. My specialty was the design and implementation of the network to include security and ACL’s on the firewalls.
  • Created a template for each site. Where only part of it could be a template.
  • Daily use of major software includes Microsoft Active Directory and Microsoft FrontPage as well as MS.Exchange.
  • This includes setting up and maintaining user accounts.
  • Maintaining and creating security policies.
  • Maintaining day to day policies.
  • Performed maintenance and upgrades according to Microsoft TechNet and local company processes and procedures.
  • Served as Team Lead for security testing on Bank of America website. Used tools that could be downloaded from the Internet by hackers and crackers.
  • Wrote and used a neural network based on the Hopefield Neural Network in C++ then ported it to Java to perform security testing on systems and networks.
  • Was in charge of all security testing for applications and networks.
  • Accomplished this by creative thinking and the use of malicious code and hostile Java Applets.
  • Planned and conducted three month migration of Bay Networks Centillion 5000 and 100's to Cisco 6509's and 8540 over ATM Backbone with MFSC Routing Modules.
  • Installed, configured and maintained Bay Networks/Cisco ATM Routers and Switches to be used in Ethernet, Token ring and ATM LAN / WAN network environment.
  • Installed and configured CSU/DSUs, Ascend MAX 50 (ISDN) for Video Teleconferencing and 3com Bridges.
  • Installed and configured Cisco 700, 2500, 2600, 3600 and 7000 Series Routers.
  • Wrote packet filters for both Cisco and Bay Networks Routers and Switches to prevent internal and external network intrusion and Denial of Service Attacks.
  • Highly skilled in the use of intrusion detection software as well as various sniffers and TCP/IP.
  • Maintained existing Novell 3.12, 4.01 and 4.11 networks for the IBM E-Business Solutions business.

Confidential

Test Lead / Field Service Manager / Sr. Security Test Lead

Responsibilities:

  • Security Test Lead for web sites that were being developed, such as Bank of America.
  • Wrote programs and used tools that were available to any hacker over the Internet.
  • Performed ethical hacking and penetration testing.
  • Designed, created and organized testing of Internet products and web sites for multi-million dollar companies, such as shop.NHL.com, Bordersonline.com, World Banking Organization, Star Trek and Superbowl.com.
  • Managed a group of three to twenty five contractors at two site locations.
  • Was responsible for contractor performance reviews, promotions, awards and bonuses.
  • Lead a team of application, website testers as well as security testers.
  • Worked extensively with operating systems in testing environment such as, Windows, Apple, LINUX (Slackware / RedHat / Suse), FreeBSD, Irix, AIX and Os2

Confidential

Tech Support Manager

Responsibilities:

  • Responsible for 4 to 6 people at any given time during day to day operations to include budget and employee reviews.
  • Responsible for ensuring that the products going out were 100% and how to fix them in a questionable situation.
  • Made schedules for other employees on a weekly basis.
  • Was also responsible for keeping them functioning as a team.
  • Worked with Operating systems such as, Windows, Mac, LINUX and Solaris in its earlier versions.

Confidential

Radio Talk Show Host

Responsibilities:

  • Responsible for coming up with weekly content and holding planning meetings.
  • Learned to improvise should my partner or a member of the team couldn’t show up to the show.
  • Handled callers with professionalism

Confidential

Police Officer / Hostage Negotiator / Interviewer / Interrogator

Responsibilities:

  • Street patrols and investigation of 911 calls.
  • Worked with other agencies, local, state and federal in the course of investigation and prosecution of crimes. Both Misdemeanors and Felonies.
  • Serve as a witness on numerous occasions in the prosecution of criminal cases both state and federal.
  • Conducted interviews and interrogations of suspects, for all divisions of the police department.
  • Worked extensively with the Hostage Negotiations team emergency call outs.
  • This also included, but was not limited to, hostage situations and attempt suicide, such as a bridge jumper.
  • Served in special services unit for two and half years.
  • Conducted interrogations of suspects for all department agencies with the exception of Internal Affairs Division. These sections included homicide, burglary and robbery, auto-theft and juvenile.
  • Was personally responsible for obtaining the confession of a serial killer that was later convicted due in part to his confession, numerous convicted murderers, rapists and one juvenile gang member that was later convicted of five counts of first degree murder. This offender had only been in town for five days and within that time he murdered five people.

Confidential

Responsibilities:

  • Combat service in Operation Desert Shield / Desert Storm w/ A Co. 3rd BN. 5th Special Forces Group (Airborne) on ODA-573.
  • Prior to my second assignment in Special Forces I was with the HHC. 3rd BN. 101st AVN RGT, 101st Airborne Div. Extra duties included Rappel Master, and Sniper w/ the company Long Range Surveillance Detachment. (LRSD).
  • 12 months service in the Republic of Korea w/ 2nd Infantry Division.
  • First assignment, US Army Reserve 389th Military Intelligence Detachment, 11th Special Forces Group (Airborne)

Hire Now