TECHNICAL SKILLS

SWITCHING: Root Guard/BPDU Guard/Filtering/UDLD, VTP, Trunk Dot1q & ISL, STP/PVSTP/RSTP/Port fast

QOS: NBAR

ROUTING: Longest match more specific routes, recursive lookup, next hop & interface routing, hdlc/ppp encapsulation.

OSPF: Backbone/Multi - area/ABR/ASBR/route-summarization, EIGRP/BGP

EIGRP: AD/FD, successor, feasible successor, active/passive route, variance unequal cost load balancing, IP summary-address, passive-interface, IP default-network, split-horizon, IP bandwidth-percentage, MD5 autantication, key chain, K value/metric - bandwidth, delay, load, and reliability.

BGP: PE-PE MPBGP, address-family VPNv4, route reflectors/BGP confederation, BGP attributes manipulation through route map.

MPLS: LSP/LSR ID & LDP neighbor/CE/PE/P, MPLS/IPv4 forwarding table, PHP

VRF: Route distinguisher/target

CACHING: RIB/LIB, FIB/LFIB - CEF caching

NAT: Static 1 to 1, Dynamic PAT overload, writes object oriented NAT statement.

VPN: SSL/IPsec

CRYPTOGRAPHY: AES

HA: HSRP/VRRP/GLBP/Preempt, NX-OS vPC/vPC+

OS: Windows Server 2003/2008/2012, Windows 7/XP/Vista/2000, Linux Enterprise Server Redhat/Ubuntu/Suse

OS: IOS/CATOS/IOS-XVR/NX-OS, CUCM 8.6/9.1, CUC 8.6/9.1, CUPS 8.6/9.1, CUCME/AIM-CUE

SCRIPTING: TCSH, linux bash/sed & awk/, Windows command prompt/powershell

APPLICATION: VMware ESXi/Infrastructure/Vmotion

MONITORING: PRTG, Solarwinds Orion, IP SLA, Nagios

L2 HARDWARE: Cisco 2950/3550/3560/3750, Cisco 6500 series switches

L3 HARDWARE: Cisco Integrated Service router 2600XM, 2800, 2900, ASR 1002

2nd GEN L2/L3 NETWORK STACK: Nexus 2K, Nexus 5K, Nexus 7K

Cisco 2nd GEN TECHNOLOGY: Fiber Channel over Ethernet (FCoE), Overlay Transport Virtualization (OTV), Virtual Device Context (VDC), Virtual Port Channel (vPC), Fabrix Extender (FEX), Fabric Path

PROFESSIONAL EXPERIENCE

Confidential CA

Network Security Architect

Responsibilities:

• Design and deploy OSPF L3 switching on multiple branch distribution/access switch using Cisco 4500-X VSS and 3850, configure multiple metro ethernet/MPLS/AVPN interconnect using OSPF cost high-availability and EIGRP.
• Design and deploy MPLS edge 4450-X router IGP/Redistribution.
• Design end to end MQC based QoS best practice.
• Configure EIGRP/OSPF/redistribution, vPC, vDC, N2K FEX on Nexus 7K’s, upgrade software using ISSU.
• Create multi-layer in-depth technical network diagram for LAN (Cisco Nexus 7K, 2K, 4500X, 3750, 3850), WAN (ASR1002, MPLS, Metro-E), Security (ASA FW) and Compute (Cisco UCS blade server, and unified fabric interconnect switch)
• Upgrade multiple ASA 5500’s to 9.x.x and migrated script post ASA 8.3, establish and maintain multiple S2S IPsec VPN tunnels, deploy and tune Cisco ASA-SSM-20 Intrusion Prevention System signature definitions.
• Design & deploy multiple contexts on active/standby Cisco ASA 5545-X.
• Design & implement Cisco 2nd Gen FirePOWER IPS on ASA 5515-X and 5545-X
• Integrate FirePOWER IPS into FireSIGHT (VM Manager) tune IPS signature, configure network discovery, security intelligence correlation, map/integrate IP to User LDAP.
• Push File/Malware Policy Globally via FireSIGHT, push URL Filtering Policy for branch office via FireSIGHT ensuring acceptable use policy.
• Design and deploy Cisco AnyConnect 4.1.x and Clientless VPN using best practice, integrate to ACS 5.8/AD multiple security group membership and RSA token base 2 Factor Autantication.
• Design and deploy Cisco ESA IronPort Data Loss Prevention (DLP) best practice policies.
• Maintain Cisco WSA internet web filtering
• Correlate FirePOWER intrusion events wif InfoSec and leverage RA Intellishun, and HP Arcsight SIEM.Unified Compute System (UCS):
• Perform FI upgrade, and 40gbps N7K to FI interconnect, configure policies.
• Add secondary vPC bonded trunk LAN uplinks from the following Fiber Interconnect switch below, and create a port-channel to add existing and new LAN uplink interfaces.
• Add UCS chassis
• Build F5 and Citrix NetScaler VIP for web server/database farm, including redirect, custom responder/rewrite policies and node health monitoring.

Confidential CA

Senior Infrastructure Network Engineer

Responsibilities:

• Created custom bash & python codes, leverage local and 3rd party python library such as requests, json, os, shutil, to query run time information on varying Citrix NetScaler models and A10 AX3400 Global Server Load Balancer (GSLB) L4-L7 session/service.
• Configure LB VIP’s for HTTP/SSL, including redirect, custom responder/rewrite policies and monitoring.
• Build Load Balancer and Content Delivery Network (CDN) network diagram.

Confidential CA

Network Architect/Engineer

Responsibilities:

• Design and implemented HA Cisco ASA 5515-X pair, ingress ACL access-group between inside/dmz/outside, migrated old NAT rules into object-oriented NAT statement pre ASA 8.3, configure IPS and enabled signature/policy for vulnerability prevention.
• Design and implemented Cisco Nexus 5K/2K as a collapsed core/distribution switch, configured bonded vPC for server devices, and HSRP for VLAN SVI HA, propagated network VLAN in OSPF area 0 routing protocol.
• Configured OSPF area 0 backbone as IGRP, and propagated default-information originate for neighbor candidate default route, configured OSPF ASBR router connecting to ISP redistributed summary-routes from remote sites.
• Implement and configured Windows 2008 Radius autantication and accounting, to act as AAA network admission control for Cisco ASA remote access/anyconnect VPN clients.
• Configured multiple S2S IPSec VPN tunnel, and maintained ACL routing domain.
• Add/Delete modify DN’s and accounts in CUCM/CU, generate call reports, configure DID to DN translation pattern, program dial-peers as digital fax to email in Cisco voice gateway.
• Added remote site routers as voice gateway and configured FXO port GS/LS connecting to pots line call leg, troubleshoot and debug problematic pots line at remote location.
• Configure Cisco ATA 186/187 to allow analog phones to integrate to Cisco voice infrastructure.
• Configured CUCM/CU 9.1 from scratch as a VM guest in ESXi 5.1 host, extracted CUCM 7.1 publisher database.
• Implemented PRTG and configured/enabled netflow/snmp monitoring on 75 remote site network devices.
• Configured Motorola AP6522 WAP, verified Motorola RFS6000 AP adoption, and configured wireless profile/network/SSID/security.
• Respond to highest-level of escalation requests, and created/updated network diagrams.

Confidential CA

Network Engineer

Responsibilities:

• Deployed active/standby ASA 5540, inbound access-group between inside/outside/dmz network segments.
• Implement multiple S2S IPsec VPN tunnels,/webvpn/anyconnect/RA VPN on HA paired Cisco ASA firewalls, configured global/policy based PAT, and static NAT.lo
• Deployed Nexus 5K/2K, configured bonded vPC for devices, and HSRP for VLAN SVI, deployed Cisco
• Architected routing, switching and security network design using Visio, coordinated wif provider implementing MPLS/BGP and route reflectors, coordinated wif Vendors network device procurement.
• Implemented and deployed PRTG using netflow/jflow/snmp on network devices.
• Configured HA RADIUS service on Windows server 2012, configured AAA autantication and accounting on all network devices.
• Configured HBA initiator and fiber switch interconnect zoning for WWN’s, defined alias for WWN’s in Unisphere, create storage group and mapped it to alias, configure block level LUN and linked it to storage group.

Confidential CA

Senior Network Engineer

Responsibilities:

• Converted multiple buildings from L2 switching to a full L3 switching via OSPF multi-area routing.
• Configured bonded vPC on redundant Nexus 5K and 2K, and configured HSRP VLAN.
• Maintained ACL’s/NAT on enterprise network security firewalls such as FWSM, ASA, PIX.
• Primed and configured multiple capwap AP’s for different hospital, and maintained WLC IOS, participated in Aruba wireless project.
• Deployed multiple multi-homed ç switches wif sup-32 modules, and ensure SSO/Redundancy.
• Deployed multiple 2800 router, and configured router on a stick for Intervlan routing, monitored and troubleshoot problematic WAN sites.
• Participated creating documentation for network best practice implementation created and maintained enterprise network diagrams.
• Participated in on-call rotation monitoring overall enterprise network health, via Statseeker, NetMRI, WatsUP.
• Managed wireless and desk VoIP through CUCM, and voicemail through Unity.

Confidential, Long Beach CA

Network Engineer

Responsibilities:

• Updated exterior BGP routing, and interior RIP routing.
• Deployed multiple ASA 5505 using Easy VPN to remote site, configure Cisco 3750 switch behind/inside the FW.
• Created security documentation, and network drawings.
• Maintained existing Windows domain and Redhat Linux server environment, design redundant network LAN/routing/AD 2008/Exchange 2010 environment on 3 separate sites which includes one co-location/DR for a proposed DR/Colo project.
• Administer/maintained VMware ESXi 3.5/4.0 farm/Vsphere/Vcenter, provisioned VM guests, vswitch/network connectivity, maintained snapshots, VMotion VM Guests on ESX node wif low resources.
• Administer and maintained LAN environment, on multiple sites, running Foundry and Cisco Catalyst 2950, 3560, 2975, 3560, and 3750, interface VOIP auto QoS/COS, troubleshoot dot1q trunk on multi-vendor environment, ether-channel/PVSTP+/SVI on data VLAN/L3 routing on multi-layer switch,
• Deployed and maintained Cisco AIR-AP1242AG, multi-SSID, security/encryption, trunk connectivity, WAP coverage overlap for roaming, and security/encryption for traffic.
• Maintained exterior routing protocol BGP, redistribute OSPF routes to BGP, announce network on IGP, configured first hop redundancy on L2/L3 environment, using HSRP/VRRP, and wrote TCLSH/Macro script to ensure converged network/automation.
• Configured HP Blade C7000 Chassis, BL680c G5/BL460c G1 blades, and Cisco blade switch 3020, configure production server NIC teaming/dynamic link aggregation on switch port.
• Maintained Cisco CSS 11150 web farm load balancer, routing, circuits, group, VIP address, and service.
• Maintained and configured, Cisco VPN 3002, ASA 5520/PIX 501/800 router site-to-site VPN tunnel/EasyVPN, via SDM/ASDM/CCP/PDM on remote sites.
• Installed, and monitored Solarwinds IP Orion/Engineer toolset. Maintained Legato EMC Networker 7.6 SP1 backup tape rotation, and EMC Autostart for AD DC/Exchange, active/standby failover/high-availability.

Confidential, San Pedro CA

Infrastructure Administrator

Responsibilities:

• Administer more TEMPthan 50 Microsoft Windows Servers (Active Directory, IIS, and SQL), Microsoft Workstations, and network security devices for more TEMPthan 500 users which are running on both physical and virtual machines.
• Administer/maintained VMWare ESXi 3.5/4.0 farm, provisioned VM guests, vswitch/network connectivity, maintanined snapshots, VMotion VM Guests on node wif low resources.
• Configured Frame Relay Hub & Spoke route, map, and dlci. Private line WAN connectivity PPP/CHAP.
• Maintain OSPF network add/remove subnets/interface on OSPF network; troubleshoot OSPF neighborhood adjacency issue, maintained route summarization on inter-area border routers. Configured default static route on routers.
• Maintained ASA firewall standard/extended Access-List, modified ASA/PIX firewall policy per request/approval from Security Manager.
• Configured VLAN VTP domain, STP/RSTP portfast, and assign core switches redundant root bridges.
• Managed/Monitored IP Orion, configure network device alerts, and thresholds to trigger email alerts in-case of an issue. Coordinate WAN circuit resolution wif AT&T.
• Maintained different network level diagram drawing using Visio.
• Configure VOIP telephony devices, Administer Cisco Call Manager and Unity.

Confidential CA

Systems Administrator

Responsibilities:

• Managed and designed Active Directory Sites and Services intra/inter-site replication partners’ topology, assign DC as preferred bridgehead server, AD DNS structure.
• Managed L2/L3 switch port VLAN assignment, configured VTP, trunks, and redundant STP.
• Configured MPLS/Frame Relay Hub & Spoke route, map, and dlci. Configured default static route/gateway of last resort on routers next hop/exit interface.
• Configured Solarwinds IP Monitor SNMP client and trap configured SNMP/WMI server monitors.
• Configure Infoblox B-1050 as Grid Master, restore backup and added nodes.
• Troubleshoot Exchange 2003 mail enabled AD objects, created query-based DL/criteria, configured QCS for inter forest Exchange Global Address List synching.
• Maintained recurring Backup Exec schedule, monitor problematic backup.
• Maintained existing Sharepoint site/IIS web server.
• Configured VMWare ESX Server, provisioned VM guests, vswitch/network connectivity, maintained snapshots, VMotion VM Guests on node wif low resources.

Confidential, CA

Windows User Support Administrator

Responsibilities:

• Managed and configured MPLS/PPP, VTP domain on 3550 switches, configured static routes on Cisco 2800 series router on different sites.
• Managed and designed Active Directory Sites and Services inter-site replication topology, configured DC as preferred bridgehead server.
• Managed and enabled DC’s as Global Catalog or Universal Group Membership Caching on different sites.
• Managed and designed transferring/seizing/assignment of Masters Operations Roles (FSMO Roles) on new, decommissioned, failed or problematic DC by using NTDSutil and Active Directory Services.
• Design and configured DNS zone replication scope, configured DNS AD-I, and configured secured dynamic updates.
• Installed and configured Exchange 2007 client access role, hub transport role, and mailbox role.
• Designed and configured Exchange 2007 mailbox database local continuous replication (LCR) for redundancy.
• Configured Send and Receive connectors.
• Managed and configured public folders and distribution groups.
• Configured and maintained Outlook Web Access (OWA) configured Outlook Anywhere or RPC over HTTPS.
• Coordinated 3rd party Digital Certificates provider.
• Managed and designed split scope DHCP, configured VLAN.
• Installed and configured Dell Poweredge 2950 Rack Server.
• Installed Dell Powervault 124 tape backup solution, designed backup strategy schedules and tape rotations.
• Installed Dell Powervault 220S iSCSI/Network Attached Storage (NAS), configured Raid Array.
• Installed and configured Windows Software Update Services (WSUS - OS Update Delivery Solution) for server and client machines that runs Windows operating system.

Confidential, CA

Windows Systems Administrator/Desktop Support III

Responsibilities:

• Used Remedy 6.0 (Action Request System) to manage, track, resolve and escalate trouble tickets.
• Managed transferring/seizing of Masters Operations Roles (FSMO Roles) on decommissioned, failed or problematic DC by using NTDSutil and Active Directory Services.
• Managed AD user and computer accounts access to resources, by administering disk quota, NTFS permission, login scripts and membership to Security/Distribution Groups. Use Active Directory Migration Tool (ADMT) to move user, group, and computer accounts wifin a domain or forest.
• Designed and configured OU structure/hierarchy, for proper delegation of IT administrative authority, configured and secured user and computer environment and settings by using Group Policy Objects (GPMC/GPO), configured password/account lockout policy via domain level, block inheritance and no override GPO settings on certain OU to allow proper control of GPO application.
• Design and configure DC functional level. Design and nested Domain Local/Global/Universal security groups using ADLP/AGDLP/AGUDLP to effectively manage network bandwidth and inter domain resource access for users.
• Managed DHCP address pool allocations, assigned static IP address reservation to Servers, Printers, and Network Appliances.
• Configured ODBCAD32 on sequel based applications to connect to SQL servers.
• Administered CA Unicenter Desktop and Server Management (DSM - Software Delivery Solution)
• Administered and approved updated for Client/Server hosts using Patchlink/Windows Software Update Services (WSUS - OS Update Delivery Solution)
• Administered and configured Exchange 2003 distribution group, send on behalf permission, and mailbox features to allow access to OWA and Active sync.
• Created and configured new exchange 2003 mailbox, storage quotas, client permission to access public folders, and mailbox journaling.
• Installed and configured Dell Poweredge rack servers, upgraded and maintained NIC, Memory, SCSI, and SAS cards, configured Dell Powervault direct access storage (DAS) scsi/iscsi connections to servers, configured RAID arrays, network shares and permissions.
• Assign port voice and data Vlan, added network segment to EIGRP routing, coordinate WAN circuit issue wif WAN provider.

Confidential, CA

IT Support Specialist

Responsibilities:

• Used Remedy (Magic ticket system) to track, resolve and escalate user trouble ticket requests.
• Administered AD accounts, secure resources wif NTFS permissions and security group membership.
• Provided desktop support on Windows XP, 2000 platform onsite and remoetly, supports network/local printer and IT equipments, configure SMS client, and pushed software on client machines via SMS.
• Supported and configured MS Outlook 2000/2003, personal folder (PST), Cisco VPN client, POP3/SMTP, Good link and Treo handheld devices.
• Supported and configured Richter, barcode reader, Zebra, bar tender, Gerber and WMS (warehouse management system).
• Managed server back-ups, restored (Veritas backup exec.), and offsite tape storage rotation.
• Troubleshoot network issue, configure and install Cisco switches, patch data connection. Install Cisco IP phone 7960 series, installed analog and digital phone, installed and punched panduits line, administer Octel voice mailbox.
• Deploy and install Red Prairie DLX.
• Managed and configured, VLAN and VTP domain on 2950 Cisco switch, configured bonded ether channel trunks (802.1Q), configure static default route/gateway.
• Configured router on a stick (ROAS)/Trunk on 2600 Cisco series routers, configured static routes and RIPv2 VLSM for 3 different directly connected sites using CWDM GBIC modules. Configured extended ACL on 2600 series routers, to filter web traffic.
• Manage and configured Apache/Tomcat web servers configured Mandrake Linux OS.
• Manage Windows 2000/2003 server AD/DC/DHCP/DNS/DFS/File & Print servers.
• Administered AD accounts, secure resources wif NTFS permissions and security group membership, configured GPO to enforce desktop settings, restrict certain applications.
• Provided desktop support for Windows XP, 2000, onsite and remote, supports network/local printer and IT equipment/projector.
• Supported and configured MS Outlook 2000/2003, personal folder (PST)