- Accomplished network and security engineering professional with over 10+ years of real time experience in designing, deploying, migrating and supporting critical multi - site redundant network environments.
- Extensive hands-on experience with complex routed LAN and WAN networks.
- Ansible (Automation): Automating Network Engineering A.I scripting to increase Productivity and Efficency.
- Extensive experience in configuring and troubleshooting of most routing protocols and routing on Cloud.
- Extensive knowledge of deploying & troubleshooting,Multilayer Layer 1- Layer 7.
- Devops Cloud Engineering Leader, Represent Cloud Security Groups for Leadership Decissions.
- Ubuntu-VM/Server (Azure, AWS, GCP, Oracle Cloud-OCI, Linode, Docker, VM-Ware)
- Red Hat Enterprise-VM Client/Server(AWZ,AZURE,GCP,PAAS,IAAS,SAAS)
- Devops, CI-CD. Continuous Integration--Continuous Deployment- Devops/Agile process Architect.
- Worked on IS-IS, BGP, MPLS and hybrid protocols for the ISP network.
- Linux-KVM - Linux-kernel Virtual Machines (Architect/Desingn/Deploy/Implement).
- Google Cloud Firewall-FWGroups (Architect/Desingn/Deploy/Implement).
- Design Security Groups - AWS-Amazon (Architect/Desingn/Deploy/Implement).
- SME and head of Development and maintenance of Network Documentation for Confidential
- Extensive experience implementing and troubleshooting highly available firewall clusters
- In-depth knowledge on practical applications and network engineering principles and theory.
- The Open Group Architecture Framework (TOGAF)
- NIST Architecture deployments (Engineering Design Documents)
- Design Network security Groups -AZURE(Microsoft)
- Google-Cloud Firewall (Firewall Groups), Design Security Groups - AWS (Amazon).
- Proven, Aritificial Inteligence and Neurla Network Focused Network Design Architect.
- Analyse network security in complex routed network using IS-IS, BGP and OSPF
- Troubleshoot network or security implementation issues on Cisco & Jumiper platforms as required
- Self-motivated and the ability to work with almost no supervision
LAN Technologies: VLAN, VTP,vPC, Inter VLAN routing, STP, RSTP, PVST,Active Directory
WAN Technologies: Frame Relay, ISDN, PPP, ATM, MPLS,NAT, SD WAN
WLAN Technologies: Autonomous AP s, Lightweight AP s, WLC, WDS, WLSE, Standards.
Server Technologies: Cent Os, Linux/Unix, Scripting in Perl,Python,Ruby,Shell, kali, Linux-Adv-Disteros, Kali-VM(Azure), Kali-Reg, Docker Containers - VM/Softwares.
Security: NAT/PAT, Ingress & Egress Firewall, IDS, IPS, Virtual Firewall, Google Cloud Firewall, Network Security Groups-AZURE, Security Groups-AWS, Rapid7-Tools, Kali Tools, Cloud Security Certified, CHECKPOINT firewall, PaloAlto Firrewalls, Panorama VM-OS, Virtual Firewalls. Cloud IDS-IPS, CASBs, Cloud DDOS Design.
Automation: Yaml A.I Scripting/Plabooks, AnsibleIP Telephony, SIP, H.323, RTP, voice gateways, CCM, VoIP
Documentation: MS Office, Microsoft VISIO, JIRA documentation, EDD, Field bulletins, ACE.
Network Monitoring Tools: Wire shark, Splunk, Cisco works, CiscoPrime, Lancope, SolarWinds, Splunk.
Cisco and other vendor equipment: Cisco routers (10008, 7200, 3800, 3600, 2800, 2600, 2500, 1800 series), & Cisco Catalyst switches (6500, 4900, 3750, 3500, 2900,4500 series), Cisco Nexus series ; PIX Firewall 506/515/525/535 , ASA Firewall 5520/5550, CatOS, Junos Os, Cisco IOS 11.x, 12.x, PIX OS 6.x, 7.x; Load Balancers (Cisco), Netscaler, Junipers M320, T640,CHECKPOINT firewall, CMTS such as Arris E 6000, Arris C4, Cisco 10K, Casa, checkpoint Firewall, F5 LoadBalcer, SD-WAN.
Confidential, New York, NY
Network Security Architect / Cyber Security Architect
- Designing Network Architecture for Campuses, Bank offices and critical infrastructure that may be vunerabke to economic attacks.
- Building VPN tunneling infrastructure linking Confidential Bank global offices around the world.
- Was involved in network standardization of Network Infrastructure and Security infrastructure for the bank globally.
- Startergising risks that might happen from attackers trying to get into the banks critical infrastructure and building fail safe protocols and HoneyPots to track them dowm
- Involved in Building DDOS (Distributed Denial-of-service attack) Mitigation Infrastructure, to protect banks critical infrastructure and assets that make sure they function normally even when a crippling attack is taking place on the Banks Assets.
- Part of Global Network standardation Approval groups, and was involved in desigining Engneering Design Documents and Standardation Guides to be folloed by all Engineers globally working on any Confidential Bank network deployments.
- Configuring Net Screen Firewall to allow site to site VPN access and configuring authentication, encryption, compression, ACL to ensure better security.
- Network security monitoring: analysis and identification of incident activities and system log files by Tenable Security Center.
- Designed and installed SolarWinds Network Performance Monitor SNMP management stations for continuous and proactive monitoring of server and network equipment.
- Eliminating network blind spots by continuously monitoring network traffic in real-time to discover active assets by Tenable Passive Vulnerability Scanner.
- Deploying Critical Infrastructre routers Cisco 1900, 1800, 3600,3800,4000, 7200 series routers And Cisco Switches 3800 and 6500 series.
- Design NextGen architecture, combining application centric Approach, integerated with Cisco ACI and VMware NSX
- Applied effectively various routing protocols including EIGRP, OSPF and BGP ad integrating AWS/Azure.
- Deploying SD-Wan Infrastructure across critical sites.
- Desinigining Infrastructure using cisco DNS (Digital Network Architecture) for Wi-Fi.
- Creation of fire wall policies as per the requirements on Checkpoint, ASA, FWSM, Juniper firewalls
- Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN and involved in managing secure VPN across all sites.
- Worked on configuring and deploying Wireless Controllers, Cisco 8540, 5520, 3504 across multiple sites.
- Configuration and troubleshooting of various routing protocols like RIP, EIGRP and OSPF.
- Designing Architecture for "Virtual/Physical" firewalls (Palo Alto, Cisco ASA, Juniper, Nextgen, etc..)
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance.
- Design and Managing the Deploying teams, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls.
- Configured Juniper MX480s, EX8200s, EX4500s, EX4200s, and SRX5800s from scratch to match design.
Lead Network Architect /Cyber Security Architect
- Designing Network Architecture for Campuses, Corporate office and Manufacturing facilities for Confidential and all other companies around the world that are owned by the parent company Confidential .
- Was involved in network standardization of Network Infrastructure across North America ( Confidential region)
- Managing and getting Network Infrastructure with engineering teams across the world to get Corporate campuses and Manufacturing facilities operational.
- Was Part of design and deployment of Confidential One Wi-Fi Infrastructure, Confidential designed Wi-Fi infrastructure to rival cisco.
- Was part of Spider Cloud Project, they manufacture switches by routes for Facebook and Google Datacenters.
- Was Lead Network Architect in Building Confidential campuses across Mexico.
- Managing Network Administration and Security Infrastructure with Cisco hardware which includes data center and campus network.
- Designing architecture with combining application using Cisco ACI
- Worked as Administrator for managing Cisco Prime Infrastructure.
- Experience configuring/administrating technologies including: Checkpoint and Palo Alto.
- Experience in a broad range of networking tasks including planning, design, test, integration and deployment of high-speed, secure, highly survivable, voice, data & video networks.
- Managing Servers using Hardware Load balancerF5and Cisco ACE load balancer by managing internal customized tools and creating of SSL and Digital s.
- Provided support for teams in activities such as Load testing, troubleshooting, and performance tuning.
- Configured static NAT, dynamic NAT, inside global address overloading, TCP overload distribution, overlapping address translation.
- Converted legacy autonomous Cisco wireless infrastructure into WAN Controllers at Datacenters.
- Expertise in Routing & Switching technologies to provide advanced troubleshooting and escalation support with Cisco Nexus 7K/ 5K / 2K Products.
- Installation, configuration and maintenance of Cisco ASR9K,7200, 3900, 2800, 2600, 2500 and 1800 series Router / Cisco Nexus 7010,5548,2148 Catalyst Cisco 6500 (sup 720), 4500 (SUP 6), 3750, 2950 series Switches and juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP and f5LTM, Netscaler.
- Configuring ASA and PIX Firewall to allow site to site VPN access and configuring authentication, encryption, compression, ACL to ensure better security.
- Administered multiple PIX firewalls throughout WAN to ensure LAN integrity from external threats and usage of Palo Alto firewall devices.
- Participated in network planning, network architecture design/engineering.
- Worked on deployment of Meraki devices across multiple site ad Manafacturing facilities.
- Integrated and schematically depicted communication architectures, topologies, hardware, software, transmission and signaling links and protocols into complete network configurations.
- Worked on configuring Cisco DMVPN across multiple sites.
- Worked on Implemewnting Cisco ICE across multiple sites.
- Deploying and configuring SD-WAN multilayer security model to encrypt Architecture based on zero-trust.
- Installed, configured and set security policies on cisco and checkpoint firewalls, VPN.
Confidential, Denver, CO
Security Lead Engineer
- Created the National standard for ISP security (Modems) for Confidential
- Created the process that is used to certify and clear ISP modems for all companies across North America.
- Develop Architecture Design's for "Virtual/Physical" firewalls (Palo Alto, Cisco ASA, Juniper, Nextgen, etc..)
- Was SME for DOCSIS (ISP Security) and ACL standards (North America) for Charter- Confidential .
- Was Head of Internet Security (ISP Security) North America, R & D for Confidential (Charter) .
- Worked under Advanced Engineering for IP-Core, National backbone (ISP) and Security team for Charter.
- Created the national standard for ISP security (Modems) for Confidential . This process is used to certify and clear ISP modems for all companies across North America.
- Was part of the Advanced Engineering-Network Security Group.
- Worked simultaneously on both the IP-Core-National Back bone team and security team.
- Worked with FCC (Federal communication commission) and Cable Labs for creating FCC No harm process for ISP security for Confidential Communications, which is responsible for clearing security on all ISP modems for all ISP and Cable operators under the No-Harm Standard.
- SME for Confidential for ACL standardization and implementation across the production network.
- Designated owner of the Confidential standards ACL document for the country and responsible for maintaining,. Updating, and changing the standards as necessary.
- SME for DOCSIS (ISP cable modem security) for Confidential Legacy-Charter, Mountain states, Time Warner cable and Brighthouse)
- In depth knowledge with network monitoring and performance tools such as Solar Winds CPM.
- In depth knowledge with HPNA. Worked on Configuring, adding, maintaining devices.
- In depth knowledge with Splunk which collects and analyzes high volumes of machine-generated data and
- Responsible for clearing all modems for the country. All models of Neatgear, Arris, Cisco, Zoom, SMC, Ubee, Sagemcom, Asus, TP-Link, Motorola, Humax, Linksys, etc.
- Responsible for creating ACL’s and filter groups for All CMTS’s on the Confidential network, all across the country which includes legacy Charter, Time warner, Bright house and mountain states
- Was part of POC-Group (Proof of concept) Engineering Lab and built and implemented many new instances of different research projects.
- Was involved in Creating and writing many process documents such as Engineering Design Document (EDD), Field Bulletin (FB), and Instruction guides (IG) For Deployment of devices and configuration, setting up the Network architecture and was also the principle Point of contact. application inspection policies to ensure use of Layer 7 deep protocol inspection and validation.
- Worked on deployment Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP and f5LTM.
- Installation, configuration and maintenance of Cisco Routers like 2600, 2800 and 3600 series.
- Responsible for designing and implementation of Network Infrastructure.
- Implement Cisco, HP, Aruba, Juniper, Brocade, and Extreme, Telco and Enterasys switches and routers and write new configurations from scratch.
- Designing and Implementing firewall rulesin Palo Alto, Cisco ASDM, Juniper SRX and checkpoint firewalls. worked on planning and implementation of enterprise monitoring and configuration tools for the F5 platforms and BiG-IQ