SUMMARY:

• A certified Senior Network Engineer with 15 years of networking, and security experience; responsible for the implementation, design and support of the Enterprise and Data Center Infrastructure, including, implementation and migration to latest technologies, managing of multivendor devices on the DMZ Edge such as Next - Gen Firewalls, IPS/IDS and Load-balancers; managing policies and compliance of these devices using security management tools.
• Excellent communications and interpersonal skills with all levels of Management and Staff.

EXPERTISE AREA:

• Enterprise-Level Networks
• WiFi Networks
• Ethernet Networks
• VoIP Networks
• Network Architecture
• LAN Administration
• Vendor Management
• Team Building
• Routers / Switches
• Remote Access / VPNs
• Firewalls
• Network Support

TECHNICAL COMPETENCIES:

Firewalls: Checkpoint, Confidential, Palo Alto

Intrusion Detection & Prevention: Confidential IPS/IDS, Sourcefire/Firepower Next-Generation IPS

Security Management & Log Retention Management: LogRhythm, Splunk, Checkpoint Smart Tracker/Security Manager, Cisco Works, Cisco Security Manager, Solarwinds, Manage Engine, Qualys, Bradford NAC

Web Proxy/URL Filtering/Content Filtering: Cisco Sourcefire/Firepower, Checkpoint, Bluecoat SG Proxy

Routers: ASR1001-X/1002-X, 3945/3825, 2921, 1700, 1720, 2951, 2610, 891

Switch: L2/L3 Catalyst 6500, 4948, 4509, 3560, 3750 (stacks) Layer 3 routing.

Wireless: CISCO WLC 5500 802.11 a/g, 802.11n, and 802.11ac, AP 3600, 3700 LWAPP, Meraki MR18 Cloud APs

Troubleshooting Tools: Cisco Works, wire shark network analyzer(sniffer), Cisco Security Manager, Cisco Confidential Packet tracer/capture and tcpdump.

Protocols: RIP, RIPv2, IGRP, EIGRP, OSPF, IS-IS, and BGP. TCP/IP, IPX/SPX, IP addressing, Subnetting, Supernetting using CIDR, and VLSM protocols. RIP, RIPv2, IGRP, EIGRP, OSPF, BGP, IS-IS

O/S and Virtualization: Windows, Red Hat Linux, and VMWare 5.x and 6.x

HARDWARE AND CONFIGURATION:

• Configured Cisco Catalyst L2/L3 Switches (5000, 6000/6500, 7600, 4500, 2950, and 3550), Cisco ISR Branch Office Routers (3700, 3800), and Inter-Vlan Routing, isl/dot 1q Trunks and Ether-Channels.
• Setup Routers for ISDN Dial on Demand connections, PPP Over Serial, Frame Relay (single and multipoint).
• Configured and deploy EIGRP, OSPF, and BGP in a routing domain.
• Administered iOS-based access lists (IP Standard and Extended).
• Setup multi-VLAN, redundant distribution and core switch layer networks.
• Administered Cisco Firewalls (PIX, FWSM, Confidential 5555-X NGFWs) and site to site IPSec VPNs, Palo Alto NGFWs.

PROFESSIONAL EXPERIENCE:

Confidential

Network Security Architect, Security Engineer

Responsibilities:

• Design and Deploy Secure Networks for Confidential clients
• Design & Upgrade Network to ensure security compliance
• Implement Meraki MR18 Wi-Fi
• Deploy Confidential 5500X NGFW with NGIPS Firepower
• Setup remote access, site-site vpn
• Ensure Network Infrastructure is in compliant with industry security and hardening standards (i.e. PCI, CIS)

Confidential

Network Engineering Lead

Responsibilities:

• Manage and Support Enterprise Network Infrastructure
• Manage Data Center Core Infrastructure which consisted of Cisco Nexus 9K, 7K, and 5K/2K
• Manage and Administer DMZ and Internet Edge Infrastructure which consisted of Confidential NGFWs IPS/IDS, and F5 LTMs
• Design network architecture for new sites and Disaster Recovery
• Address all Post-Migration issues; participate in on-call rotation
• Participate in CAB Change Committee Review, including reviewing and approving cab changes
• Work with Confidential to define Confidential for network infrastructure
• Work with Confidential to conduct security audits, vulnerability scanning and reporting on all network infrastructure devices using Qualys
• Manage Vendors with hardware procurement, telecom billing, and professional services

Confidential

Senior Network Engineer

Responsibilities:

• Administer, Implement, and support Enterprise Network Infrastructure
• Deployed and administered Citrix Netscaler, Confidential 5500-X firewalls, Riverbed Steelhead Appliances, and Confidential firewalls with dynamic high availability using L3 routing protocols (migration from EIGRP to BGP).

• Implementing & Designing WAN & Core with High Availability using L3 routing protocols
• Implementing Dynamic High Availability with Dual Data Center Design
• Implemented Dynamic Failover of remote sites to backup VPN
• Address Post-Migration issues; participate in on-call rotation

Confidential

Manager of Network Engineering

Responsibilities:

• Migrate, manage, and support Enterprise Network Infrastructure
• Lead a team of network engineers; ensure project completion and deliverables
• Manage firewall and network changes, implement a standard workflow process; improve documentation for change management; mentor network engineers on the new process
• Provide next level escalation, and on-call support; address post-migration issues
• Manage annual performance reviews with Senior Management
• Design and Migrate Corporate Internet & DMZ Edge Firewalls; from Checkpoint to Confidential
• Design & Implement High Availability on segments of the Network Infrastructure (i.e. DMZ, Internet, Extranet) using routing protocols and VPN Technologies; mentor engineers on implementation and support of this HA design
• Implemented & designed Confidential firewalls with Dynamic High Availability using L3 routing protocols (EIGRP, and BGP)

Confidential

Network Engineer

Responsibilities:

• Implement, manage, and support Enterprise Network Infrastructure
• Manage, audit, and ensure compliance of Network Infrastructure and end users using Solarwinds, Manage Engine, LogRhythm, and Bradford NAC
• Manage and Implement Cisco Confidential, and Checkpoint Firewall changes with a standard workflow and change management process; implement and manage remote access and b2b VPNs
• Migration of Network Core to Nexus 7K/5K/2K in both primary Data Centers
• Deploy vsans on Nexus 5K for Native FC, and FCoE links for san clusters
• Migration of Corporate DMZ and Internet Edge Firewalls from Checkpoint to Confidential
• Administered SolarWinds, Confidential VPN 5500, Confidential Firewall 5500-X/IPS, Bradford NAC, and Checkpoint NGX 65, R75 UTM-1 Firewall.
• Migrated Network Core from 6509 to Nexus 7K/5K/2K in both primary data centers and Checkpoint to NGX 75 UTM-1 to ASA5555-X Firewall/IPS SSM.
• Management of Post-Migration Issues such Fault Detection, Network Maintenance, Troubleshooting and Resolution, Adherence of SLAs; participated in on-call rotation (Tier 3)
• Network Lead for PCI Compliance of all network infrastructure
• Work with CTO, and Security team on managing Confidential for network infrastructure and end-users

Confidential

Network Engineer

Responsibilities:

• Migrate, manage, and support Enterprise Network Infrastructure (i.e. wan, core, remote sites)
• Manage, audit and implement changes to Network infrastructure using CiscoWorks
• Manage and implement changes on Corporate and Remote Access Confidential Firewalls
• Management of Post-Migration Issues such Fault Detection, Network Maintenance, Troubleshooting and Resolution, Adherence of SLAs
• Manage and administer Bluecoat Proxy SG
• Migrated branch of sites to new WAN infrastructure.
• Assessed and resolved post-migration to ensure smooth transition.

Confidential

Senior Network Administrator

Responsibilities:

• Administered Global Enterprise Network Infrastructure, Global L3 MPLS VPN WAN, and Interior and Exterior Routing Domains. Coordinated with various network vendors on operational issues.
• Identified inefficiencies in WAN infrastructure/MPLS infrastructure and migrated to cost effective WAN solution providing more bandwidth at less cost per site; from 125K per month to 100K per month.
• Upgraded overutilized data aggregation sites to more robust platform (7600) while minimizing costs.
• Optimized QoS policy and design by identifying business critical applications that would benefit from QoS and implemented QoS for those applications.
• Investigated limitations in incumbent network monitoring tools and recommended purchase of tools that were comprehensive, scalable, and cost-effective, leveraging them to monitor network and WAN utilization.
• Collaborated with system administration and voice administration to design fully accessible, available, reachable network lab that was protected and isolated from production network.
• Designed proposal for remote sites for router platform consolidation, and identified remote sites that required upgrades and replacement for EoL (end of life) platforms.
• Manage and Implement firewall changes remote access, and site-site vpns Cisco PIX, FWSM, and Confidential Firewalls.
• Manage end users, and network devices Cisco Confidential .