SUMMARY:

• Troubleshooting of firewalls (Cisco ASA, CP), and VPN tunneling with IPSEC or SSL.
• Infrastructure ingress and egress points; firewall, switch, and VLAN management (Dot1Q).
• Bandwidth utilization and connection testing with Wireshark, TCPDUMP, and SNMP tools.
• F5 LTM/APM load balancing expertise, and data center design architecture proficiency.
• DNS troubleshooting with UNIX CLI, Linux, or Windows based utilities (nslookup, NMAP).
• Experience in configuration of esoteric applications/protocols for IT Security.
• Designing TCP/IP networks with Visio and documentation of security policies (Remedy, AOTS).
• Experience with of IPSec and SSL VPNs, terminated on various endpoints (CP FW - 1, ASA, F5).
• Avionics systems including (AKA: ERAM) navigational systems (Global, Loran, TACACS).

TECHNICAL SKILLS:

Primary: Cisco routers and switches; F5 Big-IP LTM/APM; Cisco PIX/ASA and Checkpoint Firewalls; IPSec and SSL VPNs; OSPF, EIGRP, and BGP routing protocols; SNMP monitoring; Frame-Relay, ATM, MPLS; and trouble tracking with Ethereal/Wireshark sniffers.

Secondary: Juniper SRX firewalls, UNIX/Linux admin, Solaris, Windows 2003/2008 Servers, DNS, VMware Server and Virtual Center Infrastructure.

EXPERIENCE:

Confidential, Atlanta, GA

Network Security Engineer

Responsibilities:

• F5 LTM, GTM, and ASA firewall support for a worldwide infrastructure.
• F5 LTM iRule changes for SSL certificate based secure communications.
• Support included script writing and rule verification for remote engineers to perform F5 activities.
• ServiceNow ticketing platform used for monitoring and report generation functions.
• Use of Infoblox for IPAM purposes and responding to IP requests.

Project Manager/Network Engineer

Responsibilities:

• Corporate administration and change management for CM meetings and executive funtions.
• Network design and architecture implementation, from hardware installation through firewall rulebase recommendations, and Visio design/documentation.
• F5 support and administration with LTM/GTM 11.5 configuration utility or the TMSH CLI.
• F5 LTM 11.x and EM, APM installation inclusive with members, nodes, pools, and configsync.
• Installation of Cisco ASA firewalls from Rack-n-stack to advanced user admin, and VPNs.
• IP support for larger subnetting project (heavy CIDR) with / notation used for supernetting.
• F5 LTM/APM 10.x updating attack signatures with UCS files, and editing of iRules with TCL.
• DNS resolution and troubleshooting route caches at work stations and network equipment.
• Linux support, SNMP monitoring (Zenoss or Solarwinds), throughput analysis of WAN links, ISP interleaving (BGP attributes), and troubleshooting connectivity at workstation endpoints.
• Internet domain name service (DNS) connectivity and name cache testing for various locations.
• Orion Solarwinds Network Performance Monitor and SNMP alerting administration.
• Use of Network Observer or HP OpenView for alert/notifications of aberrant traffic behavior.
• Setting alarm thresholds locally and monitoring of connections across the WAN (QoS status).
• Security administration with the F5 LTM v. 11.3 software platform (heavy ASM exposure).
• Responsible for analyzing, designing, installing and configuring of network infrastructure.
• Checkpoint Firewall R75.40 monitoring and rulebase configuration with Smartdashboard.
• PCI data security auditing for compliance with government standards.
• Trouble ticket management via BMC Remedy for customer communications (SSL/IPSec VPN).

Infrastructure Support Analyst

Responsibilities:

• Data Center move support verifying server pool connectivity for globally accessible services.
• Server building with focus on ticker financials, X file structure, and financial software.
• Monitoring of Thomson ONE workstations, data recording, and Remedy trouble ticket monitoring, DNS troubleshooting, and remediation of gapping in ticker reception.

Network Infrastructure Engineer

Responsibilities:

• Acting as Change Control Manager while others were on leave or vacation.
• F5 (LTM) troubleshooting of server pools, IPSec or SSL profiles, end point load balancing, point-to-point connectivity, and IPSec certificate offloading.
• F5 LTM traffic monitoring, logging, farm load balancing, auditing, and accounting/reporting.
• F5 V. 10.x TMOS updates, iRule creation, and administration via CLI or GUI.
• Running of F5 LTM 10.x qkview, and configuration files transferred for F5 Engineering support.
• Provided information to the engaged parties addressing compliance standards, management reports, and other KPIs.
• Use of Solarwinds IP monitor for a visual display of port usage and to regulate IP address usage.
• Assisted the Process Owners in identifying and prioritizing process improvements.
• Facilitated Senior Management meetings for Major RFC reviews and/or endorsements
• Formulated test plans for “Proof of Concepts”; created Visio designs and architecture.
• VLAN configuration and coordination with disparate stake-holder groups for project controls.
• Troubleshooting of IPSEC/SSL VPNs, terminated on Checkpoint Firewall-1 or Cisco ASA.
• Troubleshooting switches, routers, and servers in the data center, with EIGRP dynamic routing, remediation of SIA errors, VLANs, F5 member speed/duplex verification, and OSPF routing.
• Design and configuration of data center hardware, including VMware Player, application per-VLAN configuration, subnetting, and server placement.
• Monitoring of cryptographic applications, URL filtering, alerting, Syslogs, and logging.
• Cisco ASA firewall administration ASDM utility, and NAT of secure application servers.
• Cisco PIX rule cleanup, verifying ACL usage, replacing hardware with ASA 5505/5510 firewalls.
• Cisco 2600/2800, and 7200 router configuration including static and OSPF dynamic routing.
• Layer VLAN connectivity for LAN running Cisco 6500 IOS platform switches.
• Configuration of esoteric security applications for IT Security (AAA, SSL, PKI, RADIUS, TACACS+, EAP, EAP-Fast, PEAP, LEAP, CHAP, MS-CHAP) and authentication.
• Installation and troubleshooting of single-context ASA firewalls at perimeter ingress points.
• UNIX system administration, including various CLI tools, and file manipulation (cat, vi, grep, passwd, kill, mv, mkdir, rmdir, chmod).
• Prepared DLP policies, managed workflows, performed remediation of vulnerabilities reported or projected, and running of reports and administration from the management console.
• Checkpoint Firewall-1 R70/R75.40 enforcement point installation (Secureplatform (SPLAT)).
• Checkpoint Firewall-1 R65 user administration, and site-to-multi-site SSL VPN configuration.

Network Engineer

Responsibilities:

• F-5 Big-IP LTM load balancer configuration with emphasis on WAN traffic control and balance.
• Troubleshooting (Visio) infrastructure with Wireshark, TCPDUMP, and other sniffer tools.
• Maintained LTM (F5 Local Traffic Manager) for load-balancing multiple server pools.
• Verification of firewall rules, and administration of Checkpoint Firewall-1, and the AOTS.
• Maintained a LAN/WAN Data Center Infrastructure supporting MPLS connectivity and SNMP.

Senior WAN Engineer

Responsibilities:

• Data center connectivity with Cisco 6500 switches (Sup720) and 7600-S series routers (RSP720), and configuration of BGP attributes for WAN connectivity (routing with EIGRP or OSPF).
• UNIX (SunOS/Solaris) administration and troubleshooting for end-users across the enterprise.
• Multi-homed BGP inbound and outbound policy configuration including route-maps, as-path access-lists, filter-lists, as path prepending, and associated troubleshooting.
• Backbone network redesign planning, documentation, ISP selection and screening for MPLS/VPLS solution replacement supporting VoIP and jumbo frames with burst capability.
• Firewall administration (Cisco ASA, and NetScreen) for managed services).

IP Security and Network Engineer

Responsibilities:

• Cisco (6513, 7609) and Juniper (M320) router configuration including load-balancing, route-maps, ACLs, OSPF single area configurations, call-flow troubleshooting, and BGP routing.
• Data center connectivity and end-to-end troubleshooting of server and workstations.
• Installation of VMware ESX server software and configuration of VLAN infrastructure.
• Cisco IOS scripting, VPN fast re-route operations, and change management documentation.
• Firewall ruleset changes to permit communication through ISP, direct connect, or VPN (AVPN).
• Cisco ASA 5500 firewall administration for site-to-site VPN customers (multiple contexts).
• Cisco CSS 11000 administration for HTTP web portal load-balancing operations.

Network Engineer

Responsibilities:

• Data center redesign of including Cisco 6509 and 2960 switches, F5 Big-IP LTM load balancers, Checkpoint R65 Firewalls (Nokia IPSO), VLANs with VTP, and load-balanced ISP connectivity.
• F5 Big-IP LTM 3400 and 1500 load balancer design and configuration including upgrades to TMOS version 9.4, nodes, members, virtual servers and server pools, NAT, SNATs, and iRules.
• Cisco PIX 6.35 configuration including access-lists and multiple site-to-site VPNs.
• Repair WAN communications, firewall holes, and break-fix for trouble tickets.
• Checkpoint Connectra R62CM SSL VPN with embedded Native applications and RADIUS.
• Cisco 6506 CatOS L2 configuration (VLANs, Etherchannel) and troubleshooting; replacement of Supervisor card and power supplies, and upgrade to Native IOS.
• Network troubleshooting and traffic optimization with tools such as TCPdump, Sniffers (Ethereal/Wireshark), Cacti (SNMP), and Kiwi Syslog Daemon (firewall logging).

Senior Infrastructure Engineer

Responsibilities:

• Designed two new data centers with 99.999% uptime, dual Cisco 6509s (Sup 720), HSRP/VRRP, OSPF routing with Virtual Links, F5 Big-IP Server Farms, and ASA 5500 series Firewalls.
• Design and installation of Load Balancing solution with F5 BIG-IP Local Traffic Management (LTM), with Web and Application Servers, iRules for code enhancement, and SSL offloading.
• Maintenance of legacy data centers with F5 1500 Load Balancers (130 server farms), dual PIX firewalls (6.3(5)) with multiple DMZ/security levels, Cisco 4509 cores running HSRP.
• Responsible for Radware Linkproof ISP Global Load Balancer design and administration.
• Site-to-Site VPN connectivity provided with Cisco PIX (6.3) and ASA (7.2) firewalls using the CLI or ASDM, in Active/Passive failover mode with NAT and/or PAT, IPSec.
• Troubleshooting of various Cisco switches and routers (1800, 2800, 2960, 3750, 4509, 6509).
• VMware ESX Server installations and administration with VirtualCenter Client 3.x.
• F5 BIG-IP 3400 OS upgrades, setup of VIP listeners (virtual servers), virtual forwarding servers, profile optimization, traffic analysis with TCPDUMP, and training of system administrators.

NSD Implementation Engineer

Responsibilities:

• Cisco 7609/JunOS M320 including Syslog, TACACS, VLANs, line cards, and PIC installation.
• F5 LTM Load Balancer configuration exports and network design planning with Visio.
• Routing protocol configuration including BGP peering sessions and OSPF troubleshooting.

Network Engineer

Responsibilities:

• Cisco 3845, 4510, 6509, 7500, 7600; Juniper J2300, M-series, EIGRP, OSPF, BGP.
• Cisco PIX and ASA (Adaptive Security Appliance) VPN configuration with IPSec encryption (3DES, MD5, SHA) using command-line (PIX) and/or ASDM client.
• Checkpoint firewall-1 v4.1 administration and conversion to Watchguard Firebox SSL gateway.
• T1-T3 circuit and BERT testing, DSLAM configuration, and liaison with ILEC and IXC carriers for local ISP.

Network Security Engineer

Responsibilities:

• Infrastructure support of WAN: Cisco 7200s, 4500s, 6500s, F.R. mesh, VPN, VLANs, routing.
• Responsible for Checkpoint firewalls, Active Directory GPO’s, Snort IDS for suspicious activity.
• UNIX (Solaris and Linux) support including general file maintenance and networking support.
• Cisco PIX firewall configuration with NAT rules, IPSec VPN, failover, and multiple DMZs.
• Check Point Firewall NGAI configuration, NAT, DMZ, and monitoring with Smartview Tracker.
• Change control documentation in Remedy and network group rep. for change control meetings.
• SNMP/RMON probe monitoring and management with HP Openview, SolarWinds and MRTG.
• VPN configuration using Cisco 3000 Concentrator, Nortel Contivity gateways, Vircom RADIUS authentication, SSL certificates and/or IPsec VPNs with standard encryption (3DES, MD5, SHA).
• TCP/IP network design and documentation with Visio, documentation, and report writing.

Electronics Technician

Responsibilities:

• Troubleshooting T-1 lines, various routers, ISDN PRI racks, D-4 channel banks, and CSU/DSUs.
• Configuration of Cisco routers (IOS 11/12.x), access servers, and Catalyst switches with HSRP.
• Security protocols used: (AAA, SSL/IPsec VPN, PKI, RADIUS, TACACS+, EAP, EAP-Fast, PEAP, CHAP, MS-CHAP), and authentication.
• Cisco PIX Firewall configuration (PIX v.4.x); VPNs, DMZ, rules, access lists and failover.
• CSU/DSU and Telco line configuration including Frame-Relay, X.25, HDLC, ATM, and TCP/IP.
• Configuration and troubleshooting of Windows NT/2000 Servers, DNS and DHCP servers.
• SNMP agents between RDC’s of BellSouth’s OSI Platform (BOSIP) with HP Openview.
• HP Openview with the data collector on SPARC workstation running Solaris 2.x in a NOC.
• Configuration of IIS Web Servers, NT 4.0 Servers and Workstations.
• T1-T3 BERT testing, DSLAM configuration, and liaison with ILEC and IXC carriers (for ISP).
• Cisco 3845, 4510, 6509, 7500, 7600; Juniper J2300, M-series, EIGRP, OSPF, BGP.
• AAA, SSL/IPsec VPN, PKI, RADIUS, TACACS+, EAP, EAP-Fast, PEAP, CHAP, MS-CHAP), and authentication.Cisco 7609/Juniper M320 including Syslog, TACACS, VLANs, line cards, and PIC installation.
• Routing protocol configuration including BGP peering sessions and OSPF troubleshooting.