SUMMARY:

Accomplished Network Engineer with over 13+ years of experience in design, deployment, implementingand troubleshooting LAN/WAN, MPLS, VLAN, Cisco Routing and Switching, Cisco VoIP, Aruba ClearPass, F5 BIG - IP Load Balancing, Fortinet, Juniper SRX/EX, Cisco ASA, Checkpoint R77 3.0/NG-1, and Palo Alto 6x/7 Next Generation firewalls, Network Security, SEIM, DLP, and IPS/IDS for data center environments.

CORE NETWORK SKILLS:

Routers: Cisco, Juniper, Huawei Switches, Bridges, Hubs Cisco, Juniper, Dell, HP

Load Balancers: Cisco CSS, F5 Networks (Big-IP), Foundry

Point Application Orientated: Cisco ACE (Application Control Engine Module)Cisco ISE NAC

Telecommunications: Avaya Definity G3i & G3r PBX, Nortel CS1000xAvaya Modular Messaging & Intuity Audix.

Security: VPNs (Site-to-Site, IPSec, Remote Access, SSL, WebVPN, GET VPN, DMVPN, ezVPN), Cryptography, AAA, Radius, TACACS+, Kerberos, Cisco CAR Radius Proxy, Cisco Authentication Proxy, Access Lists, NBAR, IOS Firewall, IOS Security, 802.1x, CBAC, DDoS prevention, Cisco IDS, Cisco IPS, Cisco CSA, CiscoWorks Firewall & IDS MC, PKI, CA, Cisco Secure ACS, Cisco VPN Concentrator, Cisco PIX / ASA Firewalls, Cisco VPN Client, Cisco AnyConnect Client, Cisco CSM, Cisco NAC / CANAC, Cisco MARS, Cisco IronPort, Cloud Security (ScanSafe, Cisco ASA 1000V), Cisco VSG, Cisco ISE, Cisco IP Access Control, Juniper Netscreen Firewalls, Checkpoint / Nokia VPN-1/Firewall-1 NG, Fortinet Firewalls, Palo Alto Firewalls

Penetration Testing: Network & Web Application Penetration Testing, Vulnerability Assessments, Social Engineering. Tools CANVAS PRO, Vulndisco, VOIP Pack, Riverbed, AWS, DLP, SEIM

WLAN (Wireless LAN): Cisco Access Points and Bridges (standalone and controller based), 802.11a, 802.11b, 802.11g, 802.11n standards, WLAN antennas, Cisco WLSE, Wireless L2/L3/Fast Roaming, WLAN Security ( WEP, WPA & WPA2 / AES, 802.1x, EAP, PEAP, LEAP, TKIP), Cisco Wireless Mesh Networking, Cisco Unified Wireless Networks, Wireless LAN controllers & WiSM blades, Cisco Wireless Control System (WCS), Cisco Network Control System (NCS), WDS, Controller based infrastructures (LWAPP / CAPWAP), Cisco LBS, Cisco MSE (Mobility Services Engine), RFID Technology, Cisco Service Selection Gateway (SSG) / SESM, Cisco Clean Air, BYOD, Band Select, Client Link, Cisco AnyConnect, Cisco Video Stream, Aruba Wireless Controllers 600, 3200, 3400, 3600, Aruba Access Points.

Routing: Static Routing, RIPv1, RIPv2, RIPnG, IGRP, EIGRP, OSPF, IS-IS, BGPv4, ODR, GRE, MPLSIPv6, Traffic Engineering, Policy Based Routing PBR, TCP/IP, IPX/SPX, PPP, NetBEUI, DLC, Ethernet, Fast Ethernet, Token Ring, SMTP/POP3/IMAP/LDAP, FTP, Telnet, SNMP, RMON, WINS, DHCP, DNS, Frame relay, ATM, OSPF, BGP, RIP, RIP2, EIGRP, LTM, GTM, TLS, IPsec, APM, ASM, AWS, DNS ANYCONNECT, DNS ANYCAST Route Filtering, Redistribution

EMPLOYMENT HISTORY:

Confidential, Houston, Texas

Sr. Network Security Engineer

Responsibilities:

• Responsible for providing responsive IT infrastructure network security services across the global landscape of SABIC’s Business operations to serve its customers in over 5 countries.
• Improved security posture byconducting system security and vulnerability analyses and risk assessments; study architecture/platform; identify integration issues; develop policies, and procedures.
• Configuration of Information Security monitoring systems which provide logging, monitoring, and actionable alerting. Systems include IDS/IPS; Database Activity Monitoring; and Vulnerability Scanners. Assist with the configuration, maintenance, and monitoring of the Security Incident and Event Monitoring (SIEM) system.
• Implemented, configured and maintained Solarwinds Orion NPM, NCM, SAM, and Network Atlas modules, Orion monitoring applications (systems intelligence) to alert global operations end point team when devices including servers, switches, routers, and wireless access points are functioning below established SLA.
• Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using the ArcSight ESM and Splunk platforms.
• Researched and analyzed log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
• Developed, implemented, and executed standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms.
• Support day to day event parsing and repairing of events that have missing or incorrect information, create log source extensions, and flow management.
• Performed all administration, management, configuration, testing, and integration tasks related to the Splunk, BigData/Hadoop, ArcSight ESM and associated platforms to include content creation, maintenance, and administration tasks.
• Setting up and configuring a logs correlation solution Security Information and Event Management (SIEM) utilizing IBM Security Intelligence QRadar SIEM 3105 all in one mode with a capacity of 5000 EPS and 25000 FPM, to improve existing DSM, custom correlation rules, configuration of different log sources (AD, AIX, Oracle, Firewall, Exchange, for QRadar, tuning correlation rules and definition of false positives.
• Responsible for defining and implementing optimal comprehensive enterprise security solutions to protect corporate assets (On premise and Cloud); including external threat assessments and related countermeasures, network segmentation and network monitoring.
• Assisted in designing and deploying a multitude of Applications utilizing almost AWS Stack (including EC2, Route53, S3, Beanstalk, RDS, Dynamo DB, SNS, SQS, IAM) focusing on high-availability, fault tolerance, and auto-scaling in AWS Cloud Formation.
• Worked on Production Server's on Amazon Cloud (EC2, EBS, RDS, S3 and Route53), monitoring MySQL Database Backup on AWS cloud S3 (CLI), while creating S3 buckets and managed Policies for S3 buckets and Utilized S3 bucket and Glacier for Storage and backup on AWS.
• Maintained the Networking from Cloud to On-Prem connectivity and no direct internet access from cloud VPC to the Internet.
• Manage multiple AWS instances, assigned Security Groups, Elastic Load Balancer and AMIs.
• Provided analysis and identified the requirements for deployment of the SolarWinds solutions in Confidential regions environment, performing the network preparation to ensure all devices are configured appropriately for monitoring and management by the identified SolarWinds solutions.
• Proficiently monitored LAN/WAN, WLAN, network inftrastructure for outages or abnormalities utilizing Solarwinds Orion Suite for Network Performance Monitoring, Network Configuration Manager, and Netflow Traffic Analyzer.
• Configuring Cisco ASA Firewall (IOS ver. 8.2 & 8.4) - Network Address Translation (NAT) and Port Address Translation (PAT), Security context, Failover, ACLs, port channel, Interface redundancy, ISP redundancy, transparent firewall.
• Configured Juniper VPN: Design, Implementation Scenarios, Connectivity troubleshooting and other Algorithms such as DES, 3DES, MD5, SHA, PKI, IPSEC Site to Site & Remote Access VPN.
• Responsible for implementing and managingMcAfee ePO, HIPS, Virus Scan, Web Gateway, MaintainMcAfee Endpoint and Networkbased solutions across global production and non-production environments.
• Responsible for implementing and managingMcAfee ePO, HIPS, Virus Scan, Web Gateway, MaintainMcAfee Endpoint and Networkbased solutions across global production and non-production environments.
• Monitor and analyze network traffic, Intrusion Detection Systems (IDS), security events and logs
• Improve security posture byconducting system security and vulnerability analyses and risk assessments; study architecture/platform; identify integration issues; develop policies, and procedures.
• Configuring Cisco ASA Firewall (IOS ver. 8.2 & 8.4) - Network Address Translation (NAT) and Port Address Translation (PAT), Security context, Failover, ACLs, port channel, Interface redundancy, ISP redundancy, transparent firewall.
• Configured Juniper VPN: Design, Implementation Scenarios, Connectivity troubleshooting and other Algorithms such as DES, 3DES, MD5, SHA, PKI, IPSEC Site to Site & Remote Access VPN.
• Coordinate and perform the implementation of Cisco's Integrated Security Engine (ISE)
• Configuration, implementation and integration of Cisco ISE.
• Configured and implemented Cisco ASA 5525 HA Firewalls (IOS ver. 8.2 & 8.4) - Network Address Translation (NAT) and Port Address Translation (PAT), Security context, Failover, ACLs, port channel, Interface redundancy, ISP redundancy, transparent firewall.
• Configured Juniper VPN: Design, Implementation Scenarios, Connectivity troubleshooting and other Algorithms such as DES, 3DES, MD5, SHA, PKI, IPSEC Site to Site & Remote Access VPN.
• Implementation and Configuration of IPS - Tuning signatures, creating custom signatures. Promiscuous mode and Inline mode deployment.
• Implementing and Configuration of Identity Management Authentication and Authorization & Accounting using ACS/ISE.
• Coordinate and perform the implementation of Cisco's Integrated Security Engine (ISE)
• Configuration, implementation and integration of Cisco ISE
• Conduct information security risk assessments based on industry standards (NIST, ISO, SANS Critical Security Controls).
• Deployed Cisco ASA Firepower Services Delivers cultivating rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP, ThreatGrid sandboxing, advanced threat intelligence using CIF, Soltra, and OpenSOC, including Hadoop for consuming, parsing and analyzing 6 Gbps at each PoP, with all forms of system telemetry and syslogs.
• Deployed and configured Splunk Enterprise, Splunk Cloud and Splunk premium applications including Enterprise Security and IT Service Intelligence, including - Network/Application security vulnerability assessment and management experience (e.g., Nessus, Splunk, Symantec SEP, AppScan, Palo Alto.
• Responsible for implementing Palo Alto Firewall 7.1 Panorama platform administration; including rule set configurations, network security software and hardware, security monitoring systems, encryption software, threat and vulnerability management services and software, identity management solutions, application security, VPN, and URL filtering.
• Provided Palo Alto administrative technical support with Secure Keys, High Availability HA ports for the PA-3000 Series, PA-4000 Series, PA-5000 Series, and PA-7050 firewalls and the HA Ports on the PA-7050 Firewall appliances, VPN, Layer 2/3, Mobile Security and Virtual Wind deployment administration, User ID, App ID, and Content ID Agent configurations.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support for Oracle Database and RAC Single Sign On Authentication.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Deployment & troubleshooting of L2/L3 TCP/IP, Multilayer Switching, QoS, IPSec, UDP, Ethernet, Voice & Data Integration & IP Routing Protocols RIP, EIGRP & OSPF, VPN concentrators, F5 LTM GTM load balancer support.

Confidential, Dallas, TX

Sr. Network Security Engineer

Responsibilities:

• Responsible for providing enterprise network security, engineering, and administration supporting for a nationwide government service driven infrastructure; including but not limited to, new data center transition/move in route / switch, firewalls, intrusion detection / prevention, remote access, security policy administration, Network/Application security vulnerability assessment and management, F5 administration, Avaya VoIP, and Aruba Wireless support.
• Responsible for configuring, deploying, and implementing Avaya Definity G3i & G3r PBX, Avaya S88XX, S87XX & S85XX Media Servers, Avaya LSP (Local Survivable Server) & ESS (Enterprise Survivable Server), Avaya G250, G350, G450 & G650 Media Gateways.
• Responsible for deploying, implementing and troubleshooting the Avaya Voice Portal environment, Avaya CMS, Parlance IVR, VeraSmart Call Accounting, Mercom Screen Recording, Virtual Hold, Mutare Unified Messaging Hardware & Software Administration & Programming; including VoIP, Voice over A.T.M. & Voice over MPLS.
• Configured and deployed Avaya Modular Messaging & Intuity Audix 770 Voicemail, Avaya Message Networking Server, Nortel Meridian Mail & Call Pilot Voicemail; Mitel NuPoint Voicemail; Intecom InteMail Voicemail; Hardware & Software Administration & Programming; Automated Attendant; Custom Call Routing, Message Networking and Unified Messaging services.
• Assisted in the design and setup of Aruba Controllers 531, redundant 7211, 3200, 3400 and 6000 series configuring ACLs, Ether Channel, STP, Stacking, HSRP troubleshooting, Static Routes, OSPF t-shooting.
• Configured, implemented, and deployed Aruba Controllers 531, 7211, 3200, 3400 and 6000 series, Aruba ClearPass server Authentication: 802.1X, AAA, Policy Management, Guest Access, Confidential, and PCI Compliance auditing concerning Cisco/Aruba equipment & configs.
• Configured and deployed multiple CISCO Enterprise switches/routers(1841,3750, 3845ISR, 6405's,etc) configuration, maintenance & design (Ether Channel, STP, Stacking, HSRP troubleshooting, Static Routing), Aruba ClearPass server build & migration away from Microsoft/Cisco NPS & TACACS solutions.
• Deployed Cisco ASA Firepower Services Delivers cultivating rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP, ThreatGrid sandboxing, advanced threat intelligence using CIF, Soltra, and OpenSOC, including Hadoop for consuming, parsing and analyzing 6 Gbps at each PoP, with all forms of system telemetry and syslogs.
• Deployed and configured Splunk Enterprise, Splunk Cloud and Splunk premium applications including Enterprise Security and IT Service Intelligence, including - Network/Application security vulnerability assessment and management experience (e.g., Nessus, Splunk, Symantec SEP, AppScan, Palo Alto.
• Responsible for implementing Palo Alto Firewall 7.1 Panorama platform administration; including rule set configurations, network security software and hardware, security monitoring systems, encryption software, threat and vulnerability management services and software, identity management solutions, application security, VPN, and URL filtering.
• Provided Palo Alto administrative technical support with Secure Keys, High Availability HA ports for the PA-3000 Series, PA-4000 Series, PA-5000 Series, and PA-7050 firewalls and the HA Ports on the PA-7050 Firewall appliances, VPN, Layer 2/3, Mobile Security and Virtual Wind deployment administration, User ID, App ID, and Content ID Agent configurations.
• Utilized Tripwire Enterprise 8.1 for deploying, monitoring, and integrating application security solutions (including SaaS security solutions), endpoint security solutions (antivirus, desktop firewall, web content filtering, and intrusion prevention), encryption solutions (full disk, file/folder), data loss prevention (DLP), SIEM and enterprise log management systems for corporate environment.
• Provided direct administration and support for SIEM log analysis, correlation and optimization; endpoint protection; Anti-malware; vulnerability scanning and management; incident response; malware analysis for DLP.
• Centralized and unify network access policy management with Cisco ISE to provide consistent, highly secure access to end users, whether they connect to your network over a wired, wireless, or VPN connections.
• Maintain/setup/conifer/deployed Cisco/Sourcefire and uptime, performance, reliability, and updates across al data centers IPS/IDS appliances, etc. McAfee NSP) infrastructure and network Taps (NetOptics) and ApCon (switch-port aggregators) appliances. Work with ArcSight, Splunk, ePO & DLP, NetScout engineers' integration with the IPS/IDS platform.
• Design, Implement & troubleshooting of Juniper switches, routers, Wireless and Firewalls EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240, SRX 3600/650, WLM1200, WLA632, WLA 532, WLC2800 and JunosV wireless Lan controller.
• Configured Cisco 7200, Juniper M10i Routers as Route-Reflectors in the IP Core Back Bone, OSPF, BGP, LDP, MP-BGP on Juniper M320 and Cisco CRS-1 in the Core, VLAN's, HSRP, VRRP, LACP on the Cisco 6500/7600 and Nexus 7010.
• Migrated L3VPN Traffic from Juniper M320's to Cisco CRS-1 with minimum disruption, and configuring LACP, HSRP, NSR, for High Availability, BFD for OSPF and BGP interfaces on Cisco CRS-1.
• Provided Tier IV support for production networks and involved in troubleshooting issues, configuration of Juniper M320s as PE's, Cisco CRS-1 as Core, Cisco Catalyst 6500/7600 and Nexus 7010 as CE's.
• Provided regular enterprise IPS/IDS perimeter analysis for threat analysis, security filters, regression testing and configuration management, utilizing Tipping Point Security System NX.
• Configured the auto scaling groups inAWSand AZURE environments; includingmaintaining the user accounts (IAM), RDS, Route 53, SES and SNS services inAWScloud, utilizing applicable protocols like FTP, SSH, HTTP, HTTPS and Connect direct.
• Responsible for the design, deployment, configuration, and managed the F5Viprion load balancing platform migration from Cisco ACE 4100x/4700; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, and HA vCMP provisioning.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support for Oracle Database and RAC Single Sign On Authentication.
• Responsible for configuring and implementing BIG-IP® ASM v11: Application Security Manager (TMOS 11.X), APM - Policy building and successful DoD CAC authentication, PKI (SSL) CA Certificate SME - Ca Bundles and individual SSL certificates, TMOS scripts: WIP creation, Pool and member creation, VLAN, VIP’s and Self IP’s.
• Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform migration from Cisco ACE 4100x/4700; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, and HA vCMP provisioning.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support for Oracle Database and RAC Single Sign On Authentication.

Confidential, Victoria, TX

Network-Security Engineer

Responsibilities:

• Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform migration from Cisco ACE 4100x/4700; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, and HA vCMP provisioning.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support for Oracle Database and RAC Single Sign On Authentication.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Deployment & troubleshooting of L2/L3 TCP/IP, Multilayer Switching, QoS, IPSec, UDP, Ethernet, Voice & Data Integration & IP Routing Protocols RIP, EIGRP & OSPF, VPN concentrators, F5 LTM GTM load balancer support.
• Implemented F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection, configuring and managing F5 Web Accelerator module and Application Security Module (ASM) technology or with similar/competing ADC and Security product solutions.
• Utilized Netscout and Wireshark for implementing enterprise monitoring and configuring F5 Big-IQ, BIG-IP Application Security Manager, Advanced Firewall Manager and BIG-IP DNS, GTM/LTM, ASM, AFM, and HTTPS for the F5 BIG-IP 3900 and 6900 platforms.
• Implemented Application Visibility and Reporting (AVR) Features on LTMs to provide metrics for applications teams.
• Implement Application Acceleration Manager (AAM) for select web based applications to improve performance and metrics reporting.
• Performed wireless planning, designing, installation, configuration, upgradation, testing and troubleshooting for all 8 remote offices in US.
• Configured Autonomous and LWAP of Aruba, Cisco Aironet/Meraki WAP, wireless controller, Airwave Management Platform, and, Cisco PRIME, Client Link 2.0, Clean Air Cisco, WCS Navigator, Mobility Services Engine (MSE), Cisco ACS / ISE.
• Responsible for migrating 30+ Cisco ASA 5000/5500 firewalls to Palo Alto Next Generation 7.0.8 Firewall platform for corporate datacenter; including configuration auditing, rule base analysis, interface settings (physical, logical and IPs), configured (dynamic routing protocols or static routes) High Availability clustering, AAA, SNMP, APP, Content, User ID policy enforcement utilizing Palo Alto Migration Tool 3.
• Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone based integration, and analyzing syslogs, and utilizing wild fire feature in Panorama 6.7.
• Responsible for implementing Palo Alto Firewall 7.1 Panorama platform administration; including rule set configurations, network security software and hardware, security monitoring systems, encryption software, threat and vulnerability management services and software, identity management solutions, application security, VPN, and URL filtering.
• Provided Palo Alto administrative technical support with Secure Keys, High Availability HA ports for the PA-3000 Series, PA-4000 Series, PA-5000 Series, and PA-7050 firewalls and the HA Ports on the PA-7050 Firewall appliances, VPN, Layer 2/3, Mobile Security and Virtual Wind.
• Utilized Tripwire Enterprise 8.1 for deploying, monitoring, and integrating application security solutions (including SaaS security solutions), endpoint security solutions (antivirus, desktop firewall, web content filtering, and intrusion prevention), encryption solutions (full disk, file/folder), data loss prevention (DLP), SIEM and enterprise log management systems for corporate environment.
• Provided direct administration and support for SIEM log analysis, correlation and optimization; endpoint protection; Anti-malware; vulnerability scanning and management; incident response; malware analysis for DLP.
• Provided regular enterprise IPS/IDS perimeter analysis for threat analysis, security filters, regression testing and configuration management, utilizing Tipping Point Security System NX.
• Utilized Riverbed Steelhead 9.0, Riverbed ACE, Wireshark and tcpdump to perform deep packet inspections, WAN acceleration, optimization, performance management, and to prioritize delivery of mission-critical applications for complete Service Level Agreement (SLAs) for Data Center administration.
• Configured and implemented BGP, OSPF, EIGRP protocols on Cisco (7200, 3800), Juniper (MX240, MX280) series Routers, also enabled HSRP and VRRP protocols for redundancy administering Cisco catalyst (6500, 4500), Nexus (2k, 5k, 7k), and Juniper (EX2300 EX3400) switches, enabled all L2 critical configurations like 802.1Q encapsulation, Port channels, VTP, VLAN, inter VLAN routing.

Confidential, Houston, TX

Senior Network Engineer

Responsibilities:

• Provided Tier 3 network engineering support for Network Operations and Security Center, performing the design, implementation, configurations and troubleshooting Cisco routing/ switching, Cisco Wireless, Cisco UCCM, Cisco ASA, Checkpoint, Juniper SRX/NX, Palo Alto 6x/7x, F5 Load balancing, IPS/IDS, DLP, and SEIM solutions.
• Assisted in the design, and deployment of Checkpoint R76/R77 75+ 15000, 21400, 23000
• Firewall appliances implementing security rules and mitigating network attacks, deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1, GAIA. Smart Center, and Secure platform.
• Responsible for the design, installation, and configuration of 50+ Checkpoint Firewall-1 2000 (v41) and Checkpoint Firewall-1 NG (v50) firewalls operating on the Nokia IP series Network Appliance Platform (NAP) with Checkpoint Provider-1 with Smart Center in the corporate data center as well as remote offices.
• Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone based integration, and analyzing syslogs, and utilizing wild fire feature in Panorama 6.7.
• Daily administration of over 100 Netscreen firewalls using NSM (Netscreen Security Manager), configuration, implementation, and problem determination across the major firewall platforms, including rule implementations, VPN setups, upgrades, new builds.
• Responsible for configuring, implementing, and troubleshooting FortiManager 300D and FortiGate 600D cluster for deploying IPsec site-to-site VPNs, upgrading the Tufin Orchestration Suite from 1.8 to 2.10 on a T-1000 appliance, Fortiweb 1000d Secure Access platform.
• Implemented various levels of functional test plans for Traffic Signal controller with land line and wireless, signaling of steps and time scheduling and Integration test plans under the environment of Oracle, Windows 2012 R2 Server, and Cisco 6500/47xx/3xxx/26xx routers over IP/BGP/MPLS/OSPF, F5, HSRP, GPRS, Cisco WCS/WLSE, and Juniper on M/T/MX series, and Cisco PIX 515 firewall, IDS, and IPS.
• Proposed design for a network and understand BGP policies and the effects of its implementation (route reflectors) on the Internet connectivity and traffic flow. Perform trace routes to George Mason University servers using various look up glasses to figure out GMU's BGP routing policy towards its transit providers to assign the addresses to all the links between routers (point to point) in the network.
• Assisted in the migration of Cisco catalyst switches with the new Nexus switches in the datacenter from 3750G stack to 3750X stack, and completed the migration of cisco Catalyst 6509, Catalyst 4506, Catalyst 3560, Catalyst 2950 toNexus 5k & 2k switching infrastructure with Nexus 56128P, 2232PP, 2248TP.
• Assisted with the design and implementation of Nexus 7K/5K/2K and Catalyst 6500/4900/3750- X in a complex DC Core/Aggregation/Access layer on a 10G backbone in Production and DR Data Center.
• Performed build-outs of newly added capacity and installation and setup of new Cisco 6513 switches and FWSM blades to provide total failover redundancy in BGP and OSPF environment. Implemented remote access via VPN access via ASA-55xx appliances and FWSM blades.
• Utilized Riverbed Steelhead 9.0, Riverbed ACE, Wireshark and tcpdump to perform deep packet inspections, WAN acceleration, optimization, performance management, and to prioritize delivery of mission-critical applications for complete Service Level Agreement (SLAs) for Data Center administration.
• Responsible for supporting the Citrix NetScaler F5 platform, configuring, implementing, and troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway, and content switching configuration solutions.
• Responsible for deploying, implementing and troubleshooting the Avaya Voice Portal environment, Avaya CMS, Parlance IVR, VeraSmart Call Accounting, Mercom Screen Recording, Virtual Hold, Mutare Unified Messaging Hardware & Software Administration & Programming; including VoIP, Voice over A.T.M. & Voice over MPLS.
• Replacing existing systems with an Avaya IP solution. Install G430 and G450 remote gateways, S8300 and 96xx series IP phones at approximately 130 sites. Perform site surveys of existing telephone systems, configure site profile, file all paperwork and design documentation for T1's and equipment. Testing cutover and LSP. Submit site requirements, Visio drawings, installation instructions, cutover plans, BOM and routing.
• Responsible for the design, migration from Cisco ACE 4100 to F5 Viprion deployment, configuration, and troubleshooting the F5 Viprion Load Balancing platform, integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, BIG-IP GTM Wide IP configurations and vCMP administration.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Utilized Netscout and Wireshark for implementing enterprise monitoring and configuring F5 Big-IQ, BIG-IP Application Security Manager, Advanced Firewall Manager and BIG-IP DNS, GTM/LTM, ASM, AFM, and HTTPS for the F5 BIG-IP 3900 and 6900 platforms.
• Responsible for deploying, implementing, configuring, and troubleshooting Cisco Identity Service Engine (Cisco ISE - Network Admission Control / NAC), 802.1X authentication, MAC Authentication Bypass, Web Authentication, ISE profiling, Policy Enforcement, Posturing, Profiling, and TrustSec administration for 5000+ endpoints.
• Responsible for deploying and managing multiple types of security appliances such as: Security Information and Event Management (SIEM), Intrusion Prevention/Detection Systems (IPS/IDS), Data Loss Prevention (DLP), Web Application Firewall (WAF), public key infrastructure (PKI), and SSL encryption.
• Provided direct administration and support for SIEM log analysis, correlation and optimization; endpoint protection; Anti-malware; vulnerability scanning and management, incident response, and malware analysis.
• Provided complex enterprise IPS/IDS perimeter analysis for threat analysis, security filters, regression testing and configuration management, utilizing Tipping Point Security Management System NX.
• Performed wireless planning, designing, installation, configuration, upgradation, testing and troubleshooting for all 8 remote offices in US.
• Configured Autonomous and LWAP of Aruba, Cisco Aironet/Meraki WAP, wireless controller, Airwave Management Platform, and, Cisco PRIME, Client Link 2.0, Clean Air Cisco, WCS Navigator, Mobility Services Engine (MSE), Cisco ACS / ISE.
• Designed, implemented, and troubleshoot WLAN Security in the areas of authentication, encryption, IDS/IPS using Radius, AAA authentication, EAP, LEAP, PEAP, PSK, AES-CCMP encryption, Wireless Sniffers, WEP encryption (Wired Equivalent Privacy), WPA (Wi-Fi Protocol Access), WPA2.
• Aruba ClearPass Policy Manager platform configuration, implementation, and troubleshooting access control policy engine, RADIUS, TACACS+, SSO (Single Sign On), VPN, AD, LDAP, EMM/MDM attributes, device health administration.
• Setup and configuration of test benches includes configuring Cisco UCM, 29xx/3800 series routers, Cisco 7975/9971 IP Phones, RSVP gateways, POE switches and Media servers, implemented all VMware configurations for CUCM installs using vSphere.
• Tested and automated CUCM features which include, Intercom, Unicode, RSVP, Conference, Call Back, Call Preservation, Barge, Multi-Level Precedence, Call Park, Call Transfer, Mobility, Music on Hold, SIP call flows, Platform Upgrades, Fresh Installs, DRS backup and Restores.
• Supported Cisco VG224, VG248, H.323 Gateway, MGCP Gateway, includes Cisco Intelligent Contact Management (ICM), Cisco Call Manager, Cisco Customer Voice Portal (CVP), Cisco Voice over IP (VoIP) Gateways and Cisco 8800 series IP Phones.
• Provided Cisco Call Manager 8x/9x administration, utilizing the CUCM BAT tool for PSTN, VoIP, T1/PRI, MPLS, Frame Relay, ATM, ISDN and systems interconnectivity, VoIP QoS issues and mitigation strategies for (G711, G729), Session Border Controller, SIP Trunk, Call Routing, Line Grouping for the Avaya platform.
• Supported Cisco VG224, VG248, H.323 Gateway, MGCP Gateway, includes Cisco Intelligent Contact Management (ICM), Cisco Call Manager, Cisco Customer Voice Portal (CVP), Cisco Voice over IP (VoIP) Gateways and Cisco 8800 series IP Phones.

Confidential, Prescott, AZ

Network Administrator

Responsibilities:

• Provided Level 2/3 escalation solutions for routing, switching and WAN connectivity issues using ticketing system Remedy.
• Experience in troubleshooting VLAN, STP (Spanning tree protocol), & Switch Trunk and IP subnet issues.
• Responsible for support of existing network policies and procedures, as well as creation and implementation of new security procedures.
• Risk assessment for partners.
• Presented options to management for the enhancement of DNS, firewall, modernization of firewalls, and inbound e-mail security and robustness.
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.

Confidential, Houston, TX

Senior Systems Analyst

Responsibilities:

• Responsible for PC and server hardware maintenance, software installation and support, network operations support, managed switch and router install and configuration, creation of new domain accounts, virtual machine creation and deployment, remote access support, SharePoint administration, response to service tickets, phone calls and emails. Assisted with implementation of enterprise wide network upgrade from copper to fiber and VoIP.
• Personally tasked with system wide antivirus updates, VM development, Linux development, SharePoint development and wireless device management.