OBJECTIVE:

• A talented and experienced Sr Information Security professional with extensive knowledge of Threat Response & Investigation. Dedicated to Information Security Support, Incident Response, Event Correlations, and Documentations.
• Delivered multiple large scale Information Technology projects consistent with best practices exceeding industry standards.
• Strong leadership and personnel management skills, articulate communicator and dedicated to teamwork with a commitment to design, maintenance and improvement of security processes.

TECHNICAL SKILLS:

Operating Systems: Windows NT, Windows 2000 - XP, Window 2003, NET. Windows Active Directory, LDAP, WAN, IIS, IP/IPX, DHCP, DNS.

Software: BrightStor Arc Serve backup, McAfee Policy Orchestrator, Web shield, EMC Clarion management software, Lotus Domino Server, CA Arc serve, Network Associate, McAfee, Surf Control, Microsoft Office Suit, Python, MS SQL Server 7.0 and 2000, Windows 2003 Terminal Services, MS Exchange 5., Cisco VPN Clients, Watch Guard VPN Clients, CA Single sign on, Cisco Works LAN Management solutions.

Security: Snort, Check Point Firewall-1 (4x, 2000, NG & AI) Provider -1, IDS, ACID, NSM Intellitactics, Source fire Intrusion Management System, Ethereal, ISS, Sniffer, Single Sign on, SAS70 and ISO security guidelines. Palo Alto Threat, Antivirus, Wildfire and URL Filtering, Qradar SIEM.

Hardware: Cisco 13 switches, Cisco router VXR, Cisco PIX 525, Cisco ASA 5520, Cisco VPN concentrator 3000, Checkpoint NG1, Checkpoint NG1, Juniper Net-Screen SG-500, Unified Threat Management, Cisco Aironet, SA700, Cisco Aironet wireless access point.

PROFESSIONAL EXPERIENCE:

Confidential, Chicago, IL

Lead Information/Network Security Engineer

• Designed and implemented new security programs.
• Manage Nessus for vulnerability assessments on all devices.
• Designed and implemented Cylance Endpoint protection.
• Implemented Poofpoint for email protection, DLP and encryption.
• Manage Oracle IAM for user access and Identity management across all applications.
• Designed and implemented user awareness program.
• Designed and implemented incident management program.
• Work with multiple vendors managed security service providers.
• Manage QRadar SIEM for threat management.
• Configured and deployed RSA SecureID for SSLVPN 2 factor authentication.
• Configure and manage Cisco ACS server, TACACS, RADIUS.
• Use Manage engine for password management.
• SCCM patch management.
• Using powerShell scripts as security tool for automation.
• Experience with Windows, Unix and Linux OS.
• Configure, manage ASA for site to site VPN.
• Configure Cisco ASA 5585-x with Firepower hardware for perimeter security.
• Manage Checkpoint vSEC AWS, VMware NSX.
• Manage multiple Checkpoint 700, 5000, 15000 for Remote offices and data center.
• Manage Checkpoint Threat prevention IDS/IPS, Applications/web filter, Threat prevention and Anti-spam/Anti-bot, Identity Awareness.
• Configure and manage Cisco 7000/5000 and 2000 Nexus switches at Datacenters.
• Configure and manage Cisco 6500, 4500, 3560 switches for maintaining LAN.
• Configure and manage Cisco routers and switches 2911, 3548, 7206 EIGRP advertise into BGP.
• Design and Manage F5 for IPSec and SSL VPN with RSA two-factor authentication.
• Monitor new threats with proactive analysis and impact perspective.
• Use Nessus for vulnerability assessments.
• Constant review of new trend and technologies relating to network security.
• Work with network team on all security projects (upgrades, patching, and system replacement).
• Constant review of security standard and ensure company compliance PCI-DSS.

Confidential, Chicago, IL

Lead Senior Network Security Engineer

• Research/assess available technologies in relation to the enterprise's current and future needs.
• Create and maintain Visio drawings and support documentation of the enterprise network.
• SolarWinds LEM for log management and events analysis.
• Manage SOPHOS full disk encryption system.
• Using NeXpose for penetration testing and vulnerability assessment.
• Use Palo Alto Threat, Antivirus, Wildfire and URL Filtering.
• FireEye Endpoint Security Manage for end use status and analysis of threat and events.
• Cisco Content Directory Agent to manage users and security gateways traffic.
• Configure, manage devices ASA 80 site to site VPN and perimeter security.
• Cisco SSM10-20 and Juniper IDP threat management and tuning.
• Manage Juniper SRX Threat Management system
• Nessus for vulnerability assessments.
• Maintain corporate security compliance with HIPPA guidelines and DHS.
• StealthWatch for detailed traffic analysis and statistical correlation of events for security violations.
• Using CA NetQOS for network traffic monitoring and reporting.
• Riverbed WAN optimization for over 23 locations on ATT OPT-E-MAN network.
• Configure and manage Cisco routers and switches 2911, 3548, 7206 EIGRP advertise into BGP.
• Configure 6500 switches FWSM in multiple context mode to segment clients.
• Lead refresh of Cisco 3550 and 4000 switches to 3750/G and 4500 switches.
• Manage Cisco 7000/5000 and 2000 Nexus switches at Datacenters.
• Lead Replacement projects 32 partner PIX to Cisco ASA Firewall.
• F5 Big IP load balancer LTM to manage multiple IPS for failover.

Confidential, Chicago, IL

Senior Network/ Security Engineer

• Design, configure and manage over 1500 network switches and routers in large - scale WAN MPLS cloud.
• Replacement of over 60 PIX and Juniper firewalls to Cisco ASA 40 with SSM10 IPS modules.
• Monitoring Tools such as Cisco Works, MRTG, Sniffing tools, Infinistream, Ethereal.
• Design, configure and manage multiple ASA 5520, ASA 5540, PIX Firewalls IPSec VPN for new clients.
• Monitor firewall and IPS traffic for possible intrusions and taking proper step to rectify the breach.
• Configure and manage Cisco routers 2911, 3548, 7206 EIGRP advertise into BGP.
• Install and configure Cisco WAAS (WAE 512) at multiple sites for WAN optimization at smaller offices.
• Configure 6500, 4500, 3560 VTP servers for access layer switches.
• Installation, operating and maintaining Cisco (IDS) within ASA firewalls.

Confidential, Chicago, IL

Senior Network/ Security Engineer

• Configuring Cisco routers in a large - scale Wide-Area Network using MPLS cloud.
• Configure and manage multiple ASA 5520 and PIX Firewalls and site-to-site VPN for new clients.
• Configure and manage Cisco routers 3548, 7206 OSPF, EIGR, BGP also policy base routing.
• Configure 6500 switches FWMS in multiple context mode to segment clients.
• Configure 6500 switches with VTP and 4500 and 3560 switches as access layer devices.
• Installation, operating and maintaining Cisco (IPS) within ASA firewalls.
• F5 Big IP load balancer management, persistence, Cookies, iRules SSL Certs.
• Maintain all corporate security compliance with SAS70 and ISO guidelines.
• Configure multiple Cisco ACS for domain authentication (VPN, Wireless, all Cisco devices).
• Configure and setup multiple Cisco Aironet AP 802.11gn wireless using 802.1x.
• Using Solar winds to manage Cisco routers, switches and backing up configurations of all networks.

Confidential, Chicago, IL

Network Engineer

• Managed multiple Cisco switches clustered 2548, 3550, 4510, 6509, 6513, Cisco routers 1750, 3825, 3845, and 7206VXR ATM interface and DS3 for backup for all business units
• Configuring Cisco routers in a large - scale Wide-Area Network using Frame Relay.
• Manage multiple remote routers connecting to our OC12 WAN and Marconi ATM Switch.
• Design and implement remote office network with Cisco 7206VXR Routers with OC3, DS3.
• Define new technologies and impact performance, reliability, connectivity and cost.
• Using Solar winds to manage Cisco routers, switches and backing up configurations of all devices.

Confidential, Chicago, IL

Sr Network/ Security Engineer

• Installed all Windows servers on a domain with rotation as needed to new hardware.
• Manage all Active Directory domains in Chicago, London, and Prague.
• Responsible for all high capacity cross connects across DS3 and MPLS networks.
• Install TTNET Gateways to connect to Exchanges (CME, eCBOT, Eurex, LIFFE, NYMEX, MONTREAL).
• Configure TT WAN routers on all systems for remote site and traders.
• Configure managed Cisco switches 3560, 4500, 6509/6509 - E, Cisco routers 1700, 3800, 7206VXR.
• Setup routes on routers for direct / cross-connect of ISP lines T1 T3 DS3, OC3
• Design and implement PIM (SM- SSM - SDM) for low latency data delivery. including exchange connectivity, latency, capacity utilization.
• Design and Manage BGP handoff from ISP to internal redistribution into EIGRP.
• Setup and management Experience in Clustering SSL/VPN appliances and other Juniper appliances.

Confidential, Chicago, IL

Security/Technology Risk Management

• Assist in identifying and resolving potential security breaches and vulnerability issues.
• Monitor and analyze Provider - 1/Check Point Firewall-1 (4.1 & NG) Smart View Tracker, Snort IDS, ISS Real Secure, Sourcefire Defense Center Intrusion Management System, NSM Intellitactics..
• Provide recommendations to Firewall/IDS/Security Engineers based on correlated data.
• Consult with global groups and help desks regarding scanning, vulnerability assessment, antivirus, new and existing implementations and procedures for secure deployment.
• Provide 1st and 2nd level security monitoring and production support for the environment.
• Perform monitoring of IDS for suspicious traffic, and upon receiving security events, validate events.