We provide IT Staff Augmentation Services!

Network Security Architect (contractor), New York, Ny

SUMMARY:

  • 22 years experience, Architect level understanding of networking technologies, routing, switching and security in diverse corporations, across multiple verticals such as financial, pharmaceutical, entertainment & media, internet & telecom, consulting & professional services, and startup corporations.
  • Developed fundamental understanding of numerous competencies in various technologies. Expertise includes architecture and design, as well as operation and production support from an end to end basis.

AREAS OF EXPERTISE:

Routing & Switching: Profound understanding of routing protocols BGP, OSPF, EIGRP, IGRP, RIP, RIPv2 IS - IS. Switching protocols STP, RSTP, PVST+, MSTP. WAN protocols Frame Relay, MPLS L2VPN & L3VPN and QOS. High-level understanding of switch fabric architectures. Designed, deployed and troubleshoot networking technologies across Cisco, Juniper and Brocade switch/router production environments.

Security: Technical design and administration of numerous firewalls solutions including the Cisco ASA/PIX, Palo Alto Networks, Juniper (ScreenOS & JunOS), and Checkpoint Firewalls, encompassing TACACS+ & RADIUS Authentication Authorization & Accounting methods. Managed firewalls using enterprise/carrier class tools such as Provider-1, Cisco CSM, Juniper NSM. Implementation of NAC appliances, end point security, and 802.1X. Administered security tools such as AlgoSec, Firemon, Snort/SourceFire, FireEye, and Tufin.

Incidence Response/Remediation/Change Control: Designed and architected solutions to minimize risks and exposures to the business. Developed processes and standardized remediation techniques using industry best practices. Participated in Process Control Change Boards to evaluate and determine impact of changes.

Performance Testing: Detailed oriented focus on performance testing and documentation of switching architectures using various performance metric tools such as Spirent Test Center and Avalanche

Network Management: Designed customized network management solutions using HP Openview, Cisco Works, OpenNMS, Nagios, Cacti, MRTG, Sitescope, Zennoss, Zabbix, OpsWare, NetScout, Cisco DCNM, Infoblox, BlueCat, Mice & Men, Sev One, HPNA

.PROFESSIONAL EXPERIENCE

Confidential, New York, NY

Network Security Architect (Contractor)

  • Performed migration of security policies of CheckPoint from provider managed management server to new management server in support of datacenter migration
  • Documented all existing VPNs in current environment
  • Implemented and deployed Tufin

Confidential, Brooklyn, NY

Network Security Architect (Contractor)

  • Performed operational support of network and security infrastructure environment which includes Cisco ASA, CheckPoint, Palo Alto, F5 LTM/GTM/ASM, BlueCoat Proxy SG, and Cisco Nexus.
  • Performed firewall compliance tasks including rules optimization and auditing using Firemon
  • Upgraded and standardized CheckPoint firewalls to Gaia version R77.30
  • Upgraded Backbox to current version and configured for centralized backups of network devices.

Confidential, Boston, MA

DNS (Infoblox) Subject Matter Expert (Contractor)

  • Performed migration of DNS services from AD to Infoblox including implementation of DNS views and zone imports.

Confidential, Brooklyn, NY

DNS (Infoblox) Subject Matter Expert (Contractor)

  • Redesigned existing DNS infrastructure to utilize multimaster functionality of Infoblox.
  • Separated traffic on existing Infoblox appliances to specific interfaces.

Confidential, Las Vegas, NV

CheckPoint Subject Matter Expert (Contractor)

  • Performed migration of security policies and objects from multiple management servers to a new single management server.

Confidential, Stamford

DNS (Infoblox) Subject Matter Expert (Contractor)

  • Performed upgrade/replacement of legacy Infoblox devices to Trinzic 1420 in HA configuration between multiple sites
  • Provided training and knowledge transfer including best practices for operational support of Infoblox

Confidential, Melville, NY

Network Security Architect (Contractor)

  • Performed POC testing of ForeScout CounterAct NAC appliance
  • Performed FireEye POC to assess interoperability in Northwell's environment.
  • Migrated VPNs from legacy PIX/ASA firewalls to to NG ASA devices.
  • Standardized remote SOHO branches to SonicWall firewalls.

Confidential, Culpeper, VA

Network Security Architect (Contractor)

  • Performed operational support of network and security infrastructure environment which includes Cisco ASA, CheckPoint, Juniper SRX, F5 LTM/GTM/ASM, BlueCoat Proxy SG, and Cisco Nexus.
  • Performed firewall audits and rule optimization using Skybox

Confidential, Brooklyn, NY

Senior Network Security Engineer (Contractor)

  • Designed, configured, and implemented RSA Netwitness devices.
  • Performed daily operational tickets and troubleshooting of network environment consisting of CheckPoint, Cisco ASA, DNS (Mice and Men), Juniper SSL VPN, and Palo Alto.
  • Analyzed Q1Radar data to correlate security events and performed SOC functionality such as attack mitigation and intrusion detection.

Confidential, Princeton, NJ

Network Security Architect (Contractor)

  • Created micro design for SSL VPN infrastructure for new regional data centers using Pulse Secure MAG 6611 (formerly Juniper)
  • Created low level design, run books, and test/use cases for the SSL VPN solution

Confidential, McConnellsburg, PA

Network Architect (Contractor)

  • Performed operational support of network and security infrastructure environment which includes Cisco Pix/ASA, CheckPoint, Juniper SRX, Juniper SSG, F5 LTM/GTM, BlueCoat Proxy SG,, and Cisco Nexus.
  • Migrated sites from EIGRP to OSPF
  • Migrated users from legacy VPN (Cisco VPN Concentrator 3000 to Juniper
  • Implemented and configured Solarwinds Orion for network monitoring
  • Migrated Cisco ACS from version 4.3 to 5.

Confidential, Cincinnati, OH

Network Architect (Contractor)

  • Migrated FWs from IPSO and Splat to GAIA (stepwise upgrade from R71 to 75.40 to 77.20)
  • Migrated FWs from standalone management to Provider-10

Confidential, New York, NY

Senior Network Security Engineer (Contractor)

  • Performed operational support of network and security infrastructure environment which includes PIX, ASA, Palo Alto Networks, CheckPoint, Juniper SRX, Juniper SSG, Radware, Citrix Netscaler, F5 LTM/GTM, BlueCoat Proxy SG, Imperva WAF, and Cisco Nexus.
  • Redesigned connectivity and infrastructure of government programs (Medicare/Medicaid) environment to ensure separation and isolation as defined by Federal standards.
  • Designed and implemented IPAM/DNS solution using Infoblox Trinzic 820
  • Migrated CheckPoint firewalls to Palo Alto
  • Designed, architected, and implemented SNMP v3 across all network devices in environment using IBM Tivoli/Netcool.
  • Analyzed IDP/IDS (Sourcefire) logs and investigated security events and performed root cause analysis.
  • Audited security events using a combination of Tufin/AlgoSec/Firemon.

Confidential, St. Louis, MO

Network Architect (Contractor)

  • Designed and deployed a standardize segmented LAN and simulated Internet/WAN network infrastructure to support the following segments: Development, Test, Staging, Partner Integration, Product Support, and Training
  • Infrastructure includes Cisco 6500, 7600, Juniper EX4200, Imperva WAF, Checkpoint 12400, F5 LTM, Citrix Netscaler, Cisco CSS/ACE using BGP, HSRP, VRRP, GLBP, IGMP, and MPLS.
  • Key deliverables include: high level design of network environments, low level design including diagrams of L2/L3 connectivity, and generation of bill of materials for additional environments.
  • Designed and built out several datacenters in support of hosting and cloud services.

Confidential, Jersey City, NJ

Network Security Architect (Contractor)

  • Performed hardware refresh of legacy SSG firewalls to newer SSGs or converted to SRX platforms
  • Performed daily operational support of Juniper SRX/SSG and Palo Alto Networks firewalls.
  • Managed all devices for service delivery content (end to end connectivity) that includes: BlueCoat Proxy SG, F5 LTM/GTM/3DNS, Riverbed Steelhead, Cisco routers/switches, NikSun NetVCR, ZoneRanger, and Mcafee WebWashers.
  • Performed POC of FireEye and AlgoSec to be implemented in UBS’ global infrastructure-1

Confidential, New York, NY

Senior Network Engineer (Contractor)

  • Created low level design for special projects that included decommissioning/expansion/migration of sites.
  • Supervised and coordinated turn-ups of WAN circuits and configured BGP and MPLS connectivity for new and pre-existing sites
  • Participated as an individual contributor in the role of implementation and design engineer on Pfizer’s 19x4 data center consolidation project.
  • Performed BAU activities related to global LAN/WAN operations.
  • Performed operational support of global LAN Engineering environment
  • Performed migration of global Cacti monitoring system from Windows to Linux
  • Performed network monitoring using tools such as Cacti, HP Openview, Opsware, SolarWinds, NetScout, Opsware, and CA eHealth and generated reports for upper management and relevant business units.
  • Performed network discovery including network dependency elicitation for Nutri and Animal Health (Zoetis) divesture project.
  • Architected OTV solution on Cisco Nexus platform for datacenter consolidation project.

Confidential, New York, NY

Network Architect (Contractor)

  • Performed network assessment and documentation of existing network topolgy.
  • Standardized firmware/code of existing Dell/Force10 switches
  • Provided recommendations to move network to an enterprise platform.

Confidential, New York, NY

Network Security Architect (Contractor)

  • Performed PCI DSS compliance audit of network infrastructure as related to ecommerce and Nook Media sites.
  • Consolidated and performed cleanup of firewall rules on Cisco ASA in coordination with all BUs for PCI compliance.
  • Designed architecture for separation of office and development/qa networks.
  • Performed operational support of security infrastructure that included, Cisco ASA, F5 ASM, Imperva WAF, and SourceFire.

Confidential, Woodland Park, NJ

Network Security Architect (Contractor)

  • Performed operational support of security infrastructure environment which includes PIX, ASA, Palo Alto Networks, and CheckPoint.
  • Completed the separation and divestiture of business unit (Coatings Resins, Inc. ) by implementing new firewall and network between the two entitites
  • Performed system support for MS PKI infrastructure including smart card logins, SSL certificates, web development, Nessus scanning, Tripwire, and MS Frontfront.

Confidential, Jersey City, NJ

Network Architect (Contractor)

  • Designed and architected solutions for new and existing clients in fully managed datacenters using a variety of technologies including PIX, ASA, Palo Alto Networks, Juniper SRX, Juniper SSG, Cisco CSS/CSM, F5 LTM, Netscaler, Riverbed Zeus, Riverbed Steelhead.
  • Coordinated with sales group to integrate customers to cloud computing with direct connections to Amazon Web Services
  • Documented all global sites.
  • Standardized IPv6 configurations across all routers in global network

Confidential, New York, NY

Manager, Network Engineering, Media & Production Operations

  • Represented HBO, Broadcast IT Operations on Time Warner’s Network, Systems, and Storage Governance Committees
  • Supervised and managed network and systems engineers
  • Performed role of Manager of Production Operations as well as Principal Network Architect for HBO’s broadcast operations.
  • Responsible for all networking equipment in Broadcast & post-edit operations, both linear and non linear equipment.
  • Designed and built out entire new Data Center utilizing Cisco Nexus 7018 as core infrastructure, configured in a back to back (active-active) VPC between 3 facilities.
  • Standardized data center racks using Fex 2248 or 2232s as ToR design, configured for eVPC leading back to 5548/5596 using loopless design, “eliminating” need for spanning tree.
  • Implemented monitoring of equipment using a combination of OpenNMS, Zabbix, Zennoss, CiscoWorks LMS, Opsware, NetScout, and Cisco DCNM.
  • Performed various PoCs of networking, security, storage, and systems engineering equipment such as Procera, Palo Alto Firewall, Juniper SRX/SSG, SpectraLogic, SGl, Cisco UCS, and VM Ware ESXi.
  • Migrated routing protocol from RIPv2 and EIGRP to OSPF
  • Recovered existing IP space and converted to private addressing RFC1918 (IP reclamation), preparing for IPv6.
  • Migrated legacy equipment from pvst to rstp for faster convergence
  • Implemented OTV on Nexus platform for site to site, extending layer 2 across physically diverse data centers
  • Performed upgrades and maintenance of 6509-e and 4507-r using efsu (issu) including standardizing IOS and firmware across all modules
  • Migrated and decommissioned older 4507s and 6509s in an effort to standardize on Cisco Nexus platform.
  • Worked closely with the Director of Storage Architecture to investigate possibility of implementing (created a PoC) iSCSI and FCoE (using Cisco fabricpath) as a replacement to direct attached fibrechannel.
  • Supported systems, running on Windows, LINUX, Solaris, and MacOS integral to post-edit and broadcast operations such as Aspera, Amberfin, Avid ISIS Unity, Telestream, Civolution, and Elemental, necessary for HBO Go content delivery
  • Developed business processes and procedures for network change control

Confidential, Snoqualmie, WA

Network Security Engineer (Contractor)

  • Performed technical reviews of work orders and MOPs for all security devices in network.
  • Conducted audits, security vulnerability assessments and penetration testing of new devices and existing infrastructure.
  • Executed work orders involving the implementation, deployment, and change configuration of firewalls (CheckPoint on Nokia, SPLAT, Crossbeam, and Solaris, Cisco PIX/ASA, Imperva WAF ), load balancers (F5 GTM/LTM), DNS (Infoblox and F5 3DNS), and VPN concentrators (Cisco VPN 3000 and ASA).
  • Created scripts for automation of backups of security devices and mass password changes of devices.

Confidential, King of Prussia, PA

WAN Architect (Contractor)

  • Evaluated RFIs and RFPs for WAN optimization project to replace end of life Packeteer Packetshapers/Ishapers.
  • Created lab environment to test POCs for WAN optimization products from Riverbed, Juniper, Cisco, & Blue Coat.
  • Designed and implemented distribution and access switches in new global data center (Nexus 7000, 5000, 2000 running NX-OS 4.1)
  • Assist in design of new datacenter, specifically on the integration and securitization of wireless networks.
  • Evaluated IPAM/DNS/DHCP products (Infoblox, Men & Mice, BlueCat Easy IP) for replacement of existing management software.
  • Led IP asset reclamation project and created strategy for transition and migration to IPv6.
  • Designed service model for MPLS running multiple VRFs with S2S VPN (utilizing CheckPoint UTM and Cisco ISR) as backup link for 300 global sites.
  • Evaluated CSM as management tool for Site to Site VPN POC.
  • Designed strategy to integrate networks obtained from M&As into consolidated global network (Biologicals and Stiefel).
  • Designed application load balancing solution using F5 GTM/LTM on Viprion platform

Confidential, Omaha, NE

Network Security Architect (Contractor)

  • Separated voice and data client networks into distinct VLANs in accordance with PCI DSS compliance.
  • Added and propagated new networks through EIGRP/OSPF and advertised into BGP tables.
  • Performed audits of network devices on client networks and identified any PCI DSS non compliant devices.
  • Remediated all routers/switches, firewalls, and proxies for PCI DSS compliance. This included migration of PIX to ASA, addition of Cisco IDS/AIP devices, migration of CatOS to IOS (hybrid to native), and creation of additional security policy (best practice and least privilege access) based on traffic discovery.
  • Added all devices to centralized logging mechanisms such as MARS, CSM, Spectrum, LogLogic, and WhatsUp Gold.

Confidential, Copenhagen, Denmark

WAN Architect (Contractor)

  • Designed migration plan of global infrastructure from heterogeneous environment consisting of managed and standalone CheckPoint, Cisco PIX/ASA, WatchGuard into Provider-1 managed deployment of CheckPoint NGX r65.
  • Documented and designed standardized configurations for MPLS and VPN communities at all datacenters and remote sites for centralized management of global environment.
  • Designed implementation of redundant RSA appliances for remote connectivity.
  • Document project plan and schedule for WAN migration in preparation for AD consolidation.

Confidential, Iselin, NJ

Security Co,mpliance Manager (Contractor)

  • Created strategic vision for global network security. This includes policy and procedure drafting, resolving compliance issues, and ensuring regulatory compliance is met.
  • Perform network audits, penetration and vulnerability tests.
  • Integrated Q1Radar for central log collection and auditing.

Confidential, Philadelphia, PA

Network Architect (Contractor)

  • Designed complete network & security infrastructure for Confidential ’s new datacenter for their portal site ( Confidential Interactive Media: Confidential .net)
  • Integrated CheckPoint NGX r65 on multiple Nokia 2450s running IPSO clustering/multicast. Deployed SourceFire IDS. Configured Cisco 7609/6513/3750, Foundry FastIron SX800, Foundry ServerIron 450.
  • Configured and administered BEA Weblogic.
  • Configured and allocated LUNs on Sun Storage Array using Brocade switches/routers.

Confidential, Tel Aviv, Israel

Network Security Architect (Contractor)

  • Designed complete network & security infrastructure for classified military application.
  • Developed proof of concept of design for presentation to Israeli Ministry of Defense and Israeli Defense Force.
  • Tested and evaluated proof of concept. Environment consisted of multiple firewalls, IDS, SIM/SOC, RADIUS, 802.1x, EPS, PKI, and biometric security.
  • Components of infrastructure included: CheckPoint NGAI on Crossbeam X80, Proventia ISS, Imperva WAFS, Cisco FWSM, MARS, IDSM, ACE, CSM, ADSM, Symantec Sygate, Cisco NAC, EMC RSA SecurID, CA eTrust SCC, BigFix Enterprise Suite, and inhouse proprietary tools (CA/PKI).

Confidential, Hightstown, NJ

Network Security Engineer (Contractor)

  • Manage and administer global infrastructure of all customer facing applications for McGraw-Hill and their subsidiaries including JD Power, Standard & Poor’s, and BusinessWeek. The environment consists of 154 CheckPoint Firewalls running on Nokia, Sun, Nortel,and Crossbeam platforms as well as Cisco Pix/ASA and Juniper/NetScreen firewalls.
  • Evaluated RFIs and RFPs for new data centers adhering to McGraw Hill three tier architecture and full redundancy/fault tolerance guidelines and select best overall design based on technology, pricing, and support.
  • Design and architect new data centers in new geographical locations such as Singapore, Japan, and India.
  • Designed plan for creating site redundancy of main datacenter as well as migration of main datacenter to new datacenter.
  • Performed load and performance testing of network devices using Spirent Avalanche
  • Integrated Packeteer, a QoS and traffic shaping device as well as NetVCR to record and analyze traffic in the global EDMZ.
  • Developed plan to migrate JD Powers environment from Cisco Pix to CheckPoint Firewalls.
  • Designed and integrated ISS Proventia IDS devices using fiber bypass and TAPS.
  • Day to day firewall operations, including monitoring, change management and remediation/troubleshooting of applications, using tools such as Provider-1, Remedy One, CiscoWorks, Solarwinds, Nessus, Ethereal, and nmap.

Confidential, Cherry Hill, NJ

Senior Network Engineer (Contractor)

  • Designed and implemented highly available fault tolerant Exchange 2003 solution for NJ Turnpike Authority consisting of 4 Back end servers, 2 front end bridgeheads, 2 OWA, and 2 RPC-HTTP servers. Geographic diversity at 3 sites was achieved using NSI GeoCluster software for clustering across WAN.
  • Designed and configured real time site to site replication of SAN at Beacon City School District using EMC Replistor on EMC Clarion architecture.
  • Installed and configured various backup operations using software such as Veritas Backup Exec, Veritas NetBackup, CA Brightstor/ArcServe, and CommVault Galaxy at various school districts.
  • Upgraded and migrated CheckPoint Firewall to highly available fault tolerant solution using VRRP on Nokia platform at Newark School District.
  • Upgraded and migrated RSA server for integration with Citrix nFuse server.

Confidential, New York, NY

Senior Network Engineer (Contractor)

  • Migrated Data Center from Washington, DC location to Weehawken, NJ
  • Configured and administered BGP for multi-link redundancy and diversity
  • Designed and architected complete network infrastructure of production environment which included data centers in NJ and CA.
  • Created clustered environment for MS Exchange 2003
  • Worked closely with development team to support and deploy custom applications
  • Responsible for deployment of code through entire lifecycle (development to QA to stage to production)
  • 24x7 support of production environment consisting of custom application on JRun with IIS and Oracle 10g
  • Installed and administered CheckPoint FW NGAI on Crossbeam and Nokia platforms
  • Tested, recommended, and deployed NetScaler as production load balancers.
  • Coordinated with Akamai to facilitate distribution and delivery of content to end users
  • Implemented SiteScope/Nagios/Cacti as internal network monitoring tools and Keynote/Gomez as third party monitoring

Confidential, New York, NY

Director of Network Operations

  • Designed and architected complete network infrastructure of production environment which included data centers in NJ, Australia and India.
  • Migrated Windows 2000 Network to Windows 2003 including Exchange 2000 to Exchange 2003.
  • Upgraded older storage arrays from SCSI to IDE RAID storage as a lower cost solution.
  • Installed Cisco Pix firewalls on client private lines for secure access to our production site.
  • Replaced CheckPoint FW1 firewalls with Netscreen to reduce license and administrative costs as well as adding Netscreen IPS systems for advanced intrusion detection/prevention.
  • Migrated existing NT network from multi domain environment with trust relationships to a single autonomous 2000 network with Active Directory.
  • Deployed and administered Exchange 2000 and MS SQL 2000.
  • Administration of Blackberry Server with Integrated Exchange.
  • Designed disaster recovery/contingency plans and responsible for high availability of all network services.
  • Implemented VRRP for CheckPoint FW1 on Nokia and Wintel systems with subsequent migration to NG version.
  • Integrated market data feeds such as Reuters, Tullets, and Moneyline into the existing infrastructure.
  • Specified and deployed new database and servers to existing co-location and DR sites.

Confidential, New York, NY

Senior Systems and Database Administrator

  • Installed and maintained Sendmail and Exchange servers. Created custom forms and views under Exchange and updated alias files for virtual domains.
  • Performed build master responsibilities for custom Java applications running in a WebSphere/Solaris/Visual Age/Apache/DB2 environment. Process included compiling and debugging code, interaction and coordination between developers, DBAs, and QA Team. Implemented failover load balancers (F5 BigIP & Cisco LocalDirector). Created SSL proxies and tested cookie persistence across server farms.
  • Designed and configured both intranet and production networks. Designed security policies including the installation of firewalls (Cisco Pix and NetScreen 100) for a new subnet, addition of a DMZ, and installation of sshd throughout the environment.
  • Responsible for the setup and maintenance of primary and secondary DNS servers running on Solaris platform including the creation of named.conf, database files for each zone, and regularly conducting zone transfers and updates.
  • Handled NFS server and clients in the intranet, daemons, files and security control. NFS troubleshooting for developers.
  • Analyzed, configured, tested, and documented new hardware and software for staging and production environments.
  • Performed file system management using Veritas Volume Manager.
  • Migrated environment from NT 4.0 to 2000 and Exchange 5.5 to 2000.

Confidential, New York, NY

Director of Client Services/Technology

  • Clients were primarily hedge funds that required integration of market data vendors such as Bloomberg, Bridge, FirstCall, Reuters, Autex, and other similar services. Responsible for coordination with each of these vendors and oversaw their integration in each of the clients’ sites.
  • Managed a team of 20 engineers/analysts that provided user support and network design.
  • Performed pre-sales engineering work such as meeting with clients/customers to understand their current technical environment, key business issues/drivers, and future technology requirements.
  • Worked closely with customers on the technical requirements to provide technical solutions.
  • Performed disaster recovery of various servers (Exchange, SQL, and MySQL) and workstations.
  • Migrated Novell networks to NT platform. In addition, performed upgrades from older Novell servers to version 5.0
  • Configured and implemented routers (usually static routing with IGRP and BGP on main router, some light usage of RIP) for the purpose of point to point connectivity between main datacenter and over 50 individual client sites. This included Cisco 1600, 2500, 2600, 2900, 3600, 3800, catalyst 5000, 7200, and 7500 series.
  • Installed and administered individual network security including firewall administration at each of the sites. Each individual client necessitated custom security configurations including the design and implementation of DMZs, network policies, VLANs, VPNs, and access lists. Products included: CheckPoint FW-1, Raptor, Guardian, Guantlet, Sonic, Borderguard, and Raptor AV.
  • Designed network infrastructure for new clients, including coordination with construction and electrical crews.
  • Installation of various backend servers and their subsequent administration. Most common network configuration involved PDC and BDC with Exchange and SQL. Less frequently, IIS servers were also deployed.
  • Designed and documented disaster recovery procedures for each of the individual networks with emphasis on Y2K possibilities.
  • Programming of PBX phone systems including punching down on Telco Blocks (66,100, Krone). Most programming involved Lucent Legend & Definity systems. Additional experience in Nortel Meridian and IPC Turret Systems.

Hire Now