SUMMARY:

• IT Solutions Architect with over 26 years of experience in F50/F500 enterprise class systems.
• Experience with cloud platforms and proven ability to implement, PM manage, design and troubleshoot complex large - scale systems.
• Designed, engineered and implemented various environments, with emphasis on high availability, virtualization and cloud, security, business continuity, monitoring and performance management.
• Extensive experience with virtual machines, IaaS, PaaS, IDaaS and SaaS with in Azure, AWS and other cloud systems.
• Managed level 1-3 engineering teams in critical environments.
• Managed vendor relationships and third party applications, including retail (PCI 3.x), and SOX market data providers, back office systems and trade executions.
• Hardware consists of Checkpoint, Steelheads, advanced DNS and F5 GTM/LTM HA clusters, AD FS, Ping with proxies and Extended DMZ DMZ1, DMZ2, DMZ3 and other muti-layer DMZ concepts and endpoint detection and response (EDR) solutions; PKI, LDAPS, and other identity access (IAM) solutions.
• Hands on knowledge of Sharepoint, JIRA, ITIL, Remedy, ITSM, and Confluence deployed with Windows, Linux or Oracle (Sun) environments, including high availability implementations. Knowledge and deployment experience with Aris and its specifics around deployment topology to support Global community of users with high availability. Today’s environment is highly scalable, highly available, OnPrem, hybrid Cloud services.

TECHNICAL SKILLS:

Operating Systems: RHEL Linux, CentOS Solaris, HPUX, IRIX, AIX, Windows, OSX, IOS, TMOS.

Cloud Services: Highly scalable, highly available, Cloud (IaaS, PaaS, SaaS and IDaaS) services. Global and functional/Platform Azure Cloud architect, SunGard AS, APAC Dimension Data Hybrid (openstack) PROD/DR HK-Tokyo environments, migrations from physical to VM (if necessary) to cloud, often including hybrid cloud configurations; usually Networking equipment and circuit drops, VMWare hosts, DMZ, virtual appliances, extended CORE or DBMS related technologies. AWS Certified Cloud Technical. Roles Based Access Control (RBAS); ASM/ARM/AZURE RBAS/AWS, IDaaS, IasS, PaaS, SaaS, Iot, Azure AD Premium, HDInsight, import/Export, Azure Data Lake Factory, data Lake Store.

Database/Application Servers: Oracle, Sybase, MySQL, PostSQL, Informatica, WebLogic, Java, Apache Tomcat

Clustering/High Availability: Virtualization (ESX/VMware VMs, nPar/vPar, hard/soft zones), many types of storage and Raid levels, Thick and thin provisioning, VCS, Microsoft/SQL Clusters, horizontal and vertical application clusters; granular recovery DR/BCP.

Backup Management: CommVault Simpana10v9, Globally OnPrem and Azure Blob aes256 replication, Symantec NetBackup, CA BrightStor/ARCserve, SyncSort Backup Express.

Monitoring and Performance: Splunk, HP OpenView (Performance Management), TeamQuest, SolarWinds, GlancePlus, BMC Patrol/Predict, PROGNOSIS, CA SiteMinder, SCOM, Netcool.

Security and Authentication: PKI (OCSP, CRLS, AIA), Aruba ClearPass, Airwave, SSO, NAC, 802.1x, EAP-TLS, SSL, VPN, SSH, MIT Kerberos 5 with IDE (Eclipse with the Photon), Check Point VPN1 clusters, Juniper, Cisco PIX, Real Secure IDS, Tripwire, OAM, IAM, CA signed s, internal X.509 CA s; SOX, PII, PCI scans with hardened OS. F5 TMOS ADC/LTM McAfee DLP, A/V and app level, same day, FW (OSI 7) protection.

Name/identification Services: AD, AD CS, AD FS, LDAP(S), PKI, Oracle OAM, IAM, SAML2, SSO, Kerberos, X.509 s, TACACS REST API’s, Azure IAM, ASM (declining), ARM (parallel Azure Resource Management ~ REST), AWS IAM, Virtual Directory Stores, CA SiteMinder, Cyberarc duplication and relocation to internal DMZ.

Networking: TCP/IP, UDP / multicast, X.25, SNA 3270/X.25, FIX, TIBCO RV, MQ, Filter, IPSec, VRRP, OSPF, VoIP, DMVPN, IPSec, EDMZ (multiple methodologies). DNS, DHCP, Routing Protocols, NAT, VPN, IPSec, MPLS, NIS, various load balanced solutions; LD, ACE, (F5-GTM/LTM GLB LLB VIPS).

Wireless and Mobility: 802.11a/b/n/a+c, aes256, SHA-2, IAP, aes256, Aruba ClearPass, AirWave, Mobile Iron (SaaS & OnPrem) /BYOD, 802.1x (PCI 3), rfid OnBoarding for mgmt.

Programming/Shell Scripting: C, sh, csh, ksh, bash, perl, (VI) Java, JavaScript, Python, PowerShell, Azure CLI, 4 GL’s; Puppet NetBeans, Visual Studio 2015/2017, GIT, GitHub.

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Solutions Architect Manager

Responsibilities:

• Working on Project for Confidential FIOS VoD (Video on Demand) / VoB (back-office) functions.
• Hands on RHEL VM's, IPSec tunneling, GTM/LTM, NoSQL, iSQL, VOD, CDN Streamers, Caching Servers with big data sets and several analytics operands, in some cases merging SOAP and RESTful services into many Tomcat jvm instances, Mongo DB steaming up to MPEG H.264 (HD TV) real-time flex view delivery.
• Extensive experience in installing and configuringSiteMinderpolicy server and Web agents.
• Worked with Python scripting and Splunk monitoring; Vault to Streamers to Cached content (GTM/LTM) (RESTful) load balancing with shared caching services and stateless API calls to content and IDM/OAM, Deployed vm's; jvm Services, java 1.7, java 1.8, Splunkforwarder, iSQL, MongoDB, Oracle 12i RHEL RAC.
• Identity Management to the Household as well as Digital Rights Management for free, rental, and purchased or expiring content as well as purchased channel access rights. Bookmarking through differing set top boxes and other playable playback devices (flex view); including iPhone, iPad, Android, Chrome-book, and Windows.

Confidential, New York, NY

Senior IT Solutions Architect

Responsibilities:

• With O365, created external domainnames, federated Sharepoint with MS auto discovery DNS to provide external domainnames to (IDaaS) SharePoint-online 2015 sites (PaaS) for MS Ping federation via Azure AD and outside domains to multiple big pharma AD domains using PING server for SSO; with SAML 2.0 (SP) (SharePoint-online) initiation with Powershell Azure, manage, federate, Azure metadata, key exchange.
• Microsoft Active Directory on Azure, Key Vault, Design of SOAP to REST services, Java EE .NET (IaaS and PaaS). Compliance and security standards supported by Azure and IAM roles-based, resource grouping and provisioning via parallel deployment (ARM), customization and security rights management (IAM) control.

Confidential, New York, NY

Senior IT Solutions Architect

Responsibilities:

• Integrated a multi-tier Microsoft 2008R2 PKI Enterprise design, integrating with Cisco RADIUS and Aruba ClearPass appliance suite; thereby Identity Access Management is assured by X.509 fingerprint. This includes CRL’s, OSCP, SCEP, Secure LDAP, BYoD, BYoC, and Secure LDAP at the DC level to all machines.
• Completed Global Aruba ClearPass LAN/WLAN security management with PEAP/TLS eap-tls, for 2300 corporate windows devices using 802.1x, x.509 s (via internal PKI chain) and PKI Windows 2008r2 Servers with auto renewable s, Windows 7 clients, Mac OSX clients, and IOS (WiFi/802.1X, and Guest (MAB). The 2300 Windows clients utilize AD CS, IAM, and Powershell; locally and Azure SSO LDAPS AD, replicated remote.
• Successfully migrated NYC campus production (PROD) assets to the HA Hybrid Cloud from New York office to Sungard datacenter in Philadelphia including DR, approximately 20 TB with big data sets (OpenStack).
• In SunGard cloud, built SharePoint 2013 (PaaS) front-end, App Servers Project Combo with MS SQL Cluster.
• Built AD FS servers in 3-tier DMZ to integrate with external environments; Juniper, Azure initiated VPN (replicated, read-only DC), IPSec to GUID FW zones, which with normal internal access, included multi-factor IAM authentication from same Azure read-only DC, as well as CyberArc HA-account connectivity.
• Engaged in daily support of Azure Subscriptions and the creation of virtual elements in Azure. (IDaaS) (PaaS).
• AWS concept implementation, replication and DR with scripted LAMP stack Linux, Apache, MySQL, Python.
• Redesigned backup technology and procedure to a modern data management framework globally with big data sets. Solution included thirty-day snap shots daily offsite replication to Azure cloud solution for DR and data retention with $1M in annual savings, cloud IaaS (vm’s), PaaS (upload), SaaS (MDM), IDaaS (Premium AD) .
• Worked on F5 GTM/LTM infrastructure for global advanced geocentric DNS and HA Load balanced configurations.

Confidential, New York, NY

Senior Solutions Architect

Responsibilities:

• Created multiple solutions utilizing Weblogic Tomcat as well as .NET VMs, Oracle DBMS, in two and three tiered eDMZ network topologies, internal and cloud; Solaris Unix, RHEL Linux, and Windows.
• Created several solutions involving Windows IIS and .NET as web and web/app servers for third party solutions or access through data marts or reporting services such as Business Objects, Oracle EBS, SSO, Moodle (Apache LAMP stack) MicroStrategy, Informatica, and Knova; an Exadata Oracle OS optimized database footprint.
• Worked on F5 GTM/LTM irules to traffic balance large common core project, with HR and also including Weblogic and Coherence, for a stateless Representational state transfer (REST) configuration.
• Architected RHEL Solutions for Oracle 11gr2 RAC on ASM, migrating from Higher cost Solaris VCS.
• Worked through new and supplemental firewall modifications in support of new applications, partner-net offshore VPN IAM, with SSO, and Neoteris Citrix access. This includes piloting DMVPN.
• Experience in Configuring CA SiteMinder policy server (SSO), framing Rules and Policies, and troubleshooting.
• Implemented SiteMinder password policies for external Sun One LDAP user repositories, OAM, IDM.
• Constant compliance with SOX, PCI and HIPAA regulations, utilizing an ITIL framework for PCLM.
• Openstack as well as AWS and puppet design deployment solutions (SDP) for elastic analytics on big data sets.

Confidential, Denver, CO

Professional Services Engineer Consultant

Responsibilities:

• Created Solaris 10 zones (global/root, non-global/shared), installed oracle 10g into multiple zones, IAM, and integrated each into 64-bit PROGNOSIS 9 monitoring and data collection; scripted many perl collections.
• Installed instances of PROGNOSIS (8.5, 9) in multiple architectures (OS), features and topologies.

Confidential, New York, NY

Consultant

Responsibilities:

• CSM Liaison project manager (SCM) between technology silos (GTI) and business (GMI) units to design, coordinate and implement solutions for new or existing applications.
• Incorporated a firm-wide contingency and recovery (C&R) SLA and application footprint for next generation, granular recovery (GR) contingency and Recovery (C&R). Collected 273 tier one trading application candidates and converted all simple and several complex applications to GR enabled and internally certified and SOX compliant. This included implementation of Big-Iron F5 3DNS/Wide ID, unique storage sets per application function, and spanning storage sets with srdf to single replicated frames.
• Engineered NAS and EMC LUN storage group consolidation (Premium+, Lite+, Lite, CASS, NAS), thereby making granular srdf/asrdf (and tier 2 NAS) contingency failover configuration possible.
• Managed a variety of server and database consolidation efforts to fir m m-wide farm clusters, including Sybase/Solaris10, Oracle/Solaris10, Oracle/Linux as5, and Solaris10 utility containers.

Confidential, New York, NY

Production Support Engineer

Responsibilities:

• Architected a vendor entitlements engine for IBD, writing a scripted Perl/ldap, SQL and AD groups lookup aggregation and delivery mechanism (perl/pgp) - triggered by an Autosys event scheduler, confidential content delivered via encrypted Comet delivery service and monitored through a Netcool perl API.
• Performed an Autosys job migration project from Solaris to Linux; cataloging IBD unit’s 684 Autosys jobs, identifying 126 candidates for platform migration, onto IBM and HP Blade Center technology.
• Managed multiple offshore teams responsible for approximately 70 applications in varying phases of lifecycle development for Investment Banking (IBD), Global Capital Markets (GCM), and Real Estate (MSRE) divisions within a global level II support team, executing daily ready for business (RFB) checks, weekly and emergency change management turnovers as well as emergency break fix diagnosis and repair.
• Built SharePoint segment for IBD with widgets for workload tracking and permissioning.

Confidential, New York, NY

Consultant

Responsibilities:

• Architected a new enterprise backup solution; a heterogeneous environment of 50 clients and five media servers consisting of UNIX (Solaris/Irix/Linux), Netware and Windows (NT).
• Managed IBM installation and assisted implementation of a Blade Center consisting of Intel Xenon blades, SAN booted to a LC channel FastT700 and tertiary 10 TB SATA storage array, in support of an IBM Content Management System (ICMM) with DB2, Web Sphere and video on demand (VOD) application.