SUMMARY:

IT professional with over 7 years of professional and progressive technical experience in engineering, implementation, configuration, installation, support, administration and troubleshooting of various technologies for enterprise environments which include proficiency in Cisco routing/switching, and firewalls (Cisco ASAs, Juniper SRXs, Checkpoint), voice (Call Manager) and wireless.

TECHNICAL SKILLS DETAIL:

Routing/Switching Technologies: Cisco Routers (3900, 2900, 1900, 800 Series), Cisco Catalyst Switch (6500, 5500, 4900, 4500, 3750, 3560 - X, 3100), Cisco Nexus 1kv, 2k, 5k Series, Juniper and HP Routers & Switches - WAN, LAN, TCP/IP, Cisco IOS, Spanning Tree Protocol, BPDU, CDP, ACL, NAT, PAT, RIP, RIPv2, OSPF, OSPFv3, EIGRP, BGP, MPLS, VTP, SNMP, SMTP, ARP, TCP, UDP, Static Routing, Stub Routing, VLAN, VLAN Trunking, VXLANs, Multicast routing, HSRP, SVI, CEF, Etherchannel, Portfast, VSS, VPC.

Security/Firewalls Technologies: Cisco Security Manager Suite, Cisco ASA 5500 series firewalls, Cisco FWSM, Cisco IPS/IDS, Cisco ACS, Advanced Firewall Manager (AFM), Cisco ASA 1000V cloud firewall, Checkpoint Firewall, Blue Coat, FireEye, Fortinet, Juniper SRX series, Palo Alto, Edge Security, InfoBox, Protocols & Standards - AAA, TACACS+, RADIUS, SSH, VPN, IPSec, SSL/IPSec, Data Loss Prevention, Data Management Zone, PGP, PKI, Internet Key Exchange Policy, Port Security, MAC Address Filtering

Wireless/Voice Technologies: Cisco WLC, IEEE 802.1x & 802.11, WLAN, WAP, AP, SSID, LWAPP, Aironet, Bluetooth, Avaya, AURA - Voice Over Internet Protocol (VoIP), VoIP/SIP, CUCM, UCCM, UCCX, MGCP, RSTP, SCCP, STP, Quality of Service (QoS), PoE, MMDS, LMDS, CCK, DSSS

Monitoring/Data Center Technologies/APPS: Wireshark, Remedy, Cacti, Nagios, VMware, SolarWinds, Cisco Security Manager Suite, Server, Sniffer, Ethereal, Orion - VMware, F5 Big-IP load balancing (GTM/LTM), Cisco AnyConnect VPN mtg, Cisco Prime, Cisco IPS/IDS, Meraki cloud-based - Splunk Enterprise, SNMPv2c, SNMPv3, DNS, DHCP, FTP, Telnet, HTTP(S), SMTP, tunneling protocols, PTP, SFTP, RDP.

Other Technologies/Languages: French, Sign Language, HTML, Microsoft Office, Microsoft Visual Basic, Unix/Linux, Data Communications, Remedy, SharePoint, Turnover, Outlook/Exchange and Windows Server 2003

PROFESSIONAL EXPERIENCE:

Confidential

Senior Network Engineer

Responsibilities:

• Write clear, concise and complete specifications.
• Participate in testing new program enhancements.
• Develop programs and support production.
• Perform complex tasks relating to network monitoring, operations, and maintenance on Cisco Routers, Switches, Access Points and Firewalls on all branches and Datacenters
• Participate in estimating, planning design, application development, quality assurance, prototyping, implementation, modification and evaluation of automated systems.
• Recommend solutions to enhance system functionality.
• Configure, test and implement software.
• Review specifications and analyze software releases for compliance to specifications.
• Perform regression testing on system components.
• Execute demonstrations of software via the Internet.
• The support and administration of firewall environments in line with IT security policy
• Build, maintain, and manage strong vendor relationships to resolve problems and coordinate the delivery of IT products and services.
• Ensure that assets are responsibly maintained, inventoried and/or disposed of properly.
• Work independently with Nexus 3k- cisco Nexus3064T Chassis ("48x10G Base-T + 16x10G/4x40G Supervisor"), cisco Nexus3000 C3064PQ Chassis, cisco Nexus 3132 Chassis ("32x40G Supervisor"), cisco Nexus 3048 Chassis, cisco Nexus 3172T Chassis; Nexus 7k- cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X"); Nexus 9k- cisco Nexus9000 C9236C chassis, cisco Nexus9000 C9504 (4 Slot) Chassis ("Supervisor Module"); Cisco Catalyst Switches- cisco WS-C6509-E, Cisco Catalyst 4900M Managed L3 Switch - 8 X2 Ports, cisco WS-C4948-10GE, Cisco Firepower 9300 - Cisco FX-OS(tm) fxos, Software (fxos-k9-system), Version 5.0(3)N2(4.01), Interim version 5.0(3)N2(4.01.5); Cisco ASA 5580 - Cisco Adaptive Security Appliance Version 8.4(5)6, Cisco ASA 5585 - Cisco Adaptive Security Appliance Version 9.6(2); Checkpoint, Fortinet/Fortigate; Palo Alto - Palo Alto Networks PA-5000 series firewall; M-Series Appliance; Palo Alto Networks PA-3000 series firewall; Arista Switches and Routers- Arista DCS-7050T-64-F; DCS-7504; DCS-7250QX-64; DCS-7060CX2-32S-F; DCS-7010T-48; Juniper- mx480, mx240, mx2010, mx104
• Other technologies include secure CRT (Linux), IPAM, HPNA (Hewlett Packard Networking Automation), Service Now Ticketing System and Change Management, Logic Monitor (similar to SolarWinds), Microsoft Office Business, InfoBlox, Splunk, ASDM, VLAN trunking, assigning and managing VLANS, DMVPN, VRF, VPC, HSRP / VSRP / VRRP, BGP, MPLS, OSPF, QoS policy and design, load-balancing, route filtering, community lists, SNMP, NAT, IPSec, DNS Services

Confidential

Senior Network Engineer

Responsibilities:

• Make recommendations on the Network’s Infrastructure to enhance and optimize day to day business activities and to support the scalability of building and implementation of Network Infrastructure Components/Upgrades, etc.
• Responsible for identification and installation of hardware, software and network purchases in accordance with company policy.
• Administer and maintain the company’s WAN infrastructure in compliance with all applicable standards.
• Responsible for technology roadmaps and budgeting for network infrastructure.
• Develop project plans and oversee the implementation of all network implementation activities of small to medium level of complexity.
• Maximizing network performance by monitoring performance, troubleshooting network problems and outages, and scheduling upgrades.
• Securing network system by establishing and enforcing policies, and defining and monitoring access.
• Reporting network operational status by gathering, prioritizing information and managing projects.
• The support and administration of firewall environments in line with IT security policy
• Build, maintain, and manage strong vendor relationships to resolve problems and coordinate the delivery of IT products and services.
• Ensure that assets are responsibly maintained, inventoried and/or disposed of properly.
• Perform complex tasks relating to network monitoring, operations, and maintenance on Cisco Routers, Switches, Access Points and Firewalls on all new branch openings and current branches and Datacenter
• Work independently with CUCM (Cisco Unified Call Manager version 10.5.2), UCCM, CUC (Cisco Unity Connection Administration version 10.5.2), CER, IOS Voice Gateways, IP Phones, CenturyLink VOIP Portal, XMedius fax services, Active Directory, MS Server 2012, VMWare, ASDM, SolarWinds, Wireless Infrastructure, VPN, MPLS, BGP, Network Security, vendor relations, maintenance, support of LAN/WAN Technologies, and Citrix Support.
• Additional products Cisco ONE, Cisco IWAN, APIC-EM, SMARTNET, UCCA, UCCX, SIP trunking, PRI Lines, Telepresence, VOIP services, WebEx, MGCP, Cisco Jabber, ASDM version 7.2 (2), MicroAge (Vendor/Supplier) Amazon (for overnight supplies), Kaseya Monitoring, SolarWinds Performance Monitoring, ASA 5515 and Cisco ASA 5506-X FirePower and FireSight, Cisco ISR 4331 and Cisco ISR 4321 routers (mainly used for Call Manager), CUBE, Cisco Catalyst 2960X, Cisco Catalyst 3560, Cisco Catalyst 3850 Stack, Ruckus 300 Wireless Access Points, Cisco 1042 Access Points, Cisco Meraki HW-32 Wireless Access Point, VLAN trunking, assigning and managing VLANS, SD-WAN Technology, DMVPN, VRF, VPC, HSRP / VSRP / VRRP, BGP, MPLS, EIGRP, QoS policy and design, load-balancing, route filtering, community lists, SNMP, NAT, IPSec, DNS Services, I/O Datacenter; ISPs CenturyLink, Comcast, Cox, XMedius, AT&T, Charter/Spectrum and Arvig.
• Implement physical and software preventative measures to protect the networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment
• Expand and scale with Organization as they have gone from 100 to 300 Employees, and from doing business in 3 states to 10 in the past year. Plan on being at 500 Employees and in 20 States in the next 2 years.

Confidential

Network Engineer

Responsibilities:

• Member to a professional team responsible for support, vendor/client relations, configuration, maintenance, monitoring, management, operations, tickets and troubleshooting for the LAN/WAN networks which support mainframe devices, network performance, network security, network software, switch management, Cisco environments and Cisco Prime.
• Technical Responsibilities include but not limited to Voice, Network Systems Support, Wireless Infrastructure, Disaster Recovery, support of LAN/WAN technologies for customers, servers and enterprise applications and desktop technologies.
• Specific responsibilities were but not limited to Disaster Recovery, Database updates per Disaster Recovery, Cisco or Juniper OS, Microsoft Outlook, Failover Tests, LAN/WAN servers, Juniper devices: NetScreen 5000 series, SRX Series, Junos OS, Cisco Devices: 7500 Series routers, Cisco Nexus 5020 Switches, Genesis OS, Citrix NetScaler OS, server devices, mainframe devices and WAN/Routing/ACLs/Policies and VLANs.
• Professional responsibilities include documentation, software, vendor relations, following corporate policies and procedures and scheduling as needed reports to management.

Confidential

Onsite Engineer

Responsibilities:

• Team member to a professional team responsible for escalation support, implementation, configuration, maintenance, testing, ticketing, support and troubleshooting for various LAN/WAN network infrastructures.
• Technologies handled by the team include but not limited to routers and switches which include Cisco, Juniper, Alcatel and Cisco ASA 5510, Juniper J2320 using Cisco IOS and JUNOS configurations, DNS requests, circuits, static routing and routing protocols (BGP/OSPF).
• Specific technologies were intrusive circuit testing for customers.
• Responsibilities include training employees, administration, documentation, following policies and procedures and scheduling as needed reports to management.

Confidential

IT Technician

Responsibilities:

• Professional team responsible for installation, implementation, configuration, repair, maintenance, management, vendor/client relations, support and troubleshooting for various LAN/WAN network infrastructures which included Cisco routers, switches and wireless access points.
• Technologies handled by the team include but not limited to local area network (LAN) technologies, wide area network (WAN) technologies, server and enterprise applications, desktop technologies, Outlook/Exchange and Windows Server 2003.
• Professional responsibilities included supporting Engineers which includes collaboration, escalation, coaching, mentoring, training, administration, documentation and following corporate policies and procedures.
• Implement trunk ports and implement granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network infrastructure than previous generation of switches.
• Implement port-profiles as part of the NX-OS command structure that allows for configuration of multiple ports and port-types via inherited configurations applied via a single command that reduces administrative error and allows for better configuration readability.
• Implement a virtual version of Nexus: Nexus1000v into VMWare to extend Nexus capabilities directly adjacent to virtual machines so that they benefit from Cisco switching capabilities and network topology consistency ensuring VMs maintain their subnet/VLAN relationships during failover.
• Implement secure privileged administrative access to the Cisco IOS system. Enable the encryption of system passwords to prevent unauthorized users access to passwords in the system configuration.
• Implement secure access to the console and vty ports, and set the interval that the EXEC command interpreter waits until user input is detected on the Console and vty ports. Also, configure the console and vty ports log messaging to not interfere with active device configuration.
• Implement VLAN Trunking Protocol to reduce administrative overhead. Enable secure sharing of VLAN information to prevent the introduction of rogue devices from affecting the VLAN database. Shutdown unused switchports following Layer 2 security best practices.
• Create and manage Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using PAgP for layer 2 forwarding. Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches. Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays. Modify spanning-tree parameters for manual root bridge assignment. Implement ether-channels between each switch using PAgP for negotiation. Modify ether-channel load balancing method.
• Implement WAN links between sites using frame-relay point-to-point and multipoint connections to establish connectivity between each of the four sites as required. Establish frame-relay point-to-point connections three of the sites creating a full mesh. Implement hub and spoke network between three of the sites with the main office as the hub for redundant connections.
• Implement EIGRP routing for point-to-point and Non Broadcast Multi-Access networks. Ensure that the spoke routers are receiving routing information about each other from the hub. Configure EIGRP unequal-cost load balancing to also use the lower capacity multipoint links when routing packets.
• Prevent neighbor adjacencies from being formed as well as the sending and receiving of routing updates on unnecessary interfaces. Implement EIGRP MD5 Message Authentication between sites to prevent unauthorized insertion of routes into the domain. Implement manual EIGRP route summarization to reduce routing protocol demand on CPU resources, memory, and bandwidth used to maintain the routing table.
• Implement OSPF routing with multiple areas for networks between sites. Implement totally stubby areas to lower the system resource utilization of routing devices for the network. Implement NSSA area to allow injection of external routes into the area and propagation into the OSPF domain.
• Implement backup and recovery of Cisco IOS Images. Perform password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access. Backup and Restore startup-comfit file for disaster recovery.
• Configured and verified internal BGP peering using directly connected networks.
• Configured and verified internal BGP peering using loopbacks by using an interior gateway protocol (OSPF) to provide routing information.
• Configured and verified external BGP peering using directly connected networks.
• Configured and verified external BGP peering using loopbacks and ebgp-multihop.
• Configured and verified internal BGP peering using a Route Reflector.
• Used debugging diagnostic commands to monitor BGP events.
• Configured and verified MPLS manually and using automatic configuration via OSPF.
• Configured and verified virtual routing and forwarding (VRF) instances with route-targets and route descriptors.
• Configured and verified MP-BGP to send VRF traffic in an MPLS VPN.
• Redistributed provider edge networks into MP-BGP.
• Verified end-to-end connectivity over the MPLS VPN.
• Implement an IPSec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office. Implementation of the VPN includes the following configurations: Internet Key Exchange Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmac to define how the traffic is protected, crypto-map to associate the previously configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint.
• Implementation of Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components: three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.
• Implement a Clientless SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5505 using a web browser. Prepare the Cisco ASA with necessary configurations to self-signed certificate generation. Generate a general purpose RSA key-pair for certificate authority identification, configure certificate authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association.
• Configure Syslog on the Cisco ASA5505 with logging to a host and internal buffer. Forward all logging to an internal Syslog server for monitoring and management. Configure and manage Syslog output generation using custom message lists. Implement FTP backup of internal buffer when it is exceeded.
• Implement Basic Threat-Detection, Advanced TCP Intercept and Scanning Threat-Detection. Simulate attacks on network to manage threat-detection rates and verify Syslog generation.
• Utilize Cisco ASA5505 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic. Configure HTTP inspection policy to block restricted sites and file downloads.
• Implement a local voice network with the following network elements: Cisco 2811 ISR (VoIP) with a Cisco Unity Express Network Module (NM-CUE) installed, Cisco Communications Manager Express, a standard Cisco 3550 Switch, and a Cisco 3550 switch with Power-over-Ethernet. Create and manage Data and Voice VLANs, and configure ports with static VLAN assignment and 802.1Q trunks for layer 2 forwarding. Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.
• Configure Fast Ethernet main and sub-interface assignments as required for intervlan routing. Implement static routes for local connectivity. Implement NTP server, DHCP server, and TFTP server for support of the VoIP network. Modification of system level parameters including max phones, max directory numbers, display format for date and time, and setting the Time-Zone.
• Implement Unity Voicemail on the Cisco Unity Express Network Module. Configure a dial-peer on the Cisco 2811 ISR to define the attributes of the packet voice network connection to the Cisco Unity Express Network Module. Enable call forwarding on busy or no answer. Implement Message Waiting Indicators and Voicemail access via SMTP. Daisy-chain PCs to VoIP phones to reduce network cabling costs. Utilize PoE ports for VoIP phones to reduce power infrastructure costs.
• Implement a wireless network infrastructure providing access to wired LANs to increase mobility and productivity utilizing the following network elements: Cisco Wireless LAN Controller (WLC) 2106, a Cisco 3550 switch, a Cisco 1130AG series Access Point, and a Cisco 1121G series Access Point. Create wireless LANs and configure interface association, security parameters, and radios used. Utilize the Wireless LAN Controllers web GUI to configure and manage the wireless network. Configure internal DHCP scopes for WLANs.
• Prepare infrastructure for AP registration on same subnet as management VLAN and for AP registration on different subnet. Configure AAA AP policies to allow Self Signed Certifications for APs shipped without a Manufacturer Installed Certificate. Implement AP Grouping to ensure WLAN SSIDs are only broadcast by the APs desired.
• Configured VLANs and access ports connecting virtual machines using the NX-OS CLI on a Cisco Nexus 1000v virtual machine and VMWare vSphere Client networking.
• Configured routing policies and service profiles for separate levels in an organizational hierarchy using a Cisco Prime Network Services Controller virtual machine. These policies and profiles were applied to Cisco Cloud Service Router 1000v (CSR 1000v) virtual routers.
• Configured a CSR 1000v router using the Cisco IOS 15.4 CLI.
• Used the Cisco Configuration Professional GUI to configure interfaces, passwords, hostnames, DHCP, EIGRP, and SNMP on a Cisco router. Used the CCP monitoring tool to monitor traffic from that router.
• Configured the Nagios XI monitoring tool to monitor routers and switches and customized its dashboard.
• Configured SolarWinds Orion NPM and used it to monitor traffic on a network.
• Configured the CACTI tool to graph traffic from a router and to generate alerts based on a threshold traffic level.
• Used the Wireshark tool to study HTTP, telnet, and SSL traffic.