SUMMARY:

• Confidential is a Senior Solution Engineer with Confidential Advisory Team, Platform team members.
• He has experience in Active Directory enterprise Infrastructure, Risk/Technology Risk. Microsoft Certificate Authority, Enterprise Account Migration, DNS, DHCP, GPO, ADFS, Active Directory Upgade, Symantec DLP/mDLP, PCI Enterprise Vulnerability Scan and Fix.
• He has worked as a Team Lead and Subject Mater Expert in his last 5 Projects roles.
• Overseeing multi forest / Domains with over 190,000 AD Objects and 95,000 AD Users.
• Focused on Active Directory Right Management Services, Monitoring day to day activities and managing Certificate Authority for Application access and procuring and revoking certificate as required for clients security using Vanafi.
• Oracle Identity Governance, Oracle Identity Manager, SyberArk, and Microsoft FIM. Worked and led my team on McAfee EPO upgrade on Servers and client computers.

PROFESSIONAL EXPERIENCE:

Confidential

Managed DLP Analyst

Responsibilities:

• As the first Confidential mDLP Analyst, I monitor and analize multiple engagements, ensurring that no PII or confidential informations are lost or sent to unautorized persons.
• Part of my responsibilities ranges from events and trends analysis, policy creation, policy tuning & rules creation, escalating suspected incident to the engamement data manager.
• Creating monthly dashboard reports, proposing policy tuning on our findings to help reduce false positive. Modify and white list approved URL/ allowed events. Worked with the team to install and configure Symantec DLP Console on few of our clients engagements.

Confidential

IBM Tivoli Identity Access Manager

Responsibilities:

• I worked as part of the IBM Identity access management team, responsible for creating and modify users accounts, Roles and permissions.
• Helped in upgrating process of 5.0 to 5.1, ensuring that users account were backed up and a test was sucessfully carried out in the lower environment before implementing in PROD.

Confidential

Oracle Identity Manager Administrator

Responsibilities:

• As the newest member of the GNMA project, I worked remotely from Florida as first point of contact for “LAR/LAG” activities “Logical access Request”.
• Main responsibility was to create new user accounts in Oracle Identity Manager and validate that they replicate in Oracle Unified Directory.
• I was in charge of creating and modifying user’s access request in the 3 lower environments, QA, UAT and DEV.
• Responsible for acknowledging client request sent to Confidential MASSO support team, and following up to completion.
• Resetting user’s passwords, Unlocking user’s accounts and adding required Administrative Roles to user’s accounts as requested.
• Researched and troubleshoot sync issue between Oracle Identity Manager and Oracle Unified Directory.

Confidential, Dublin, OH

Active Directory Team Lead

Responsibilities:

• I was responsible for Active Directory day to day activities, managed Certificate Authority both External and Internal PKI, using Venafi Certificate application to procure Certificates, moved expiring certificate to archives and procure a new certificate or renew old certificates as required by organization.
• Resolved DNS issue for network and sites access.
• Migrated users from acquired companies to our network Infrastructure using ADMT.
• Ensure Network Folder access request are met on time.
• Trained the offshore team on Active directory 2008 and certificate Authority.
• Modified GPO to smoothen operation on frequent account lockout.
• Used AD - RMS to grant folder access as approved by callers Manager.
• Track performance of AD team with weekly meetings.

Confidential, Denver CO

Windows Platform Lead Administrator

Responsibilities:

• Oversaw the Active Directory and Wintel activities across the Multi Forest network of our Client.
• CHI recently acquired St. Luke’s Health in Houston Texas, I led my team on Network security assessment, found a lot of unsecured IT environment, and wrote my report and how to improve.
• Perform onsite analysis, diagnosis, and resolution of complex network problems for end users and recommend & implement offsite repair for remote users as needed.
• Was responsible for 3rd level software support for issues not resolved by Helpdesk, vendor technical support staff, and hospital Field Support Technicians.
• Packaged monthly security updates using W.S.U.S. via SCCM and perform testing prior to initiating enterprise deployment to end users.
• Developed, implemented and managed SMS/SCCM packages, deployments and other automated installation.
• Developed Protocols and guidelines for application deployments.
• Collaborated with Servers and Network Administrators to achieve optimal configuration of all applications and systems.
• Assist in developing long-term strategies and capacity planning for meeting future desktop hardware, software and application needs also serve as a liaison point with external vendors. (Licensing, Support, Updates).
• Served as project lead regarding process and procedures for deployment of applications.
• Write technical specifications for purchase of workstations, desktop hardware, software and application related products. Provide technical guidance for all hardware and software purchases.
• Troubleshoot SCCM Server issues and maintain SCCM Windows server infrastructure.
• Responsible for creating SCCM queries & collections for software deployments, and reporting.
• Supported over 10,500 Desktop/Laptop unit’s hospital wide via Systems Center Configuration Manager.
• Supported the Replications & Network communication across multiple forests.
• Used SCOM to monitor Servers performance on the Network, server heart bits, systems running out of disk space, and put system into SCOM maintenance mode for as long as required to avoid SCOM alert when system is offline during a maintenance.
• Reviewed DNS, DHCP, Active Directory Vulnerabilities, Firewall Ports configurations.
• Developed a report to my Manager and write up the steps to fix any error found on the Network Infrastructure.
• Used service now concept to deal with Remedy ticket following and meeting Service Level Agreement of the Client.
• Used ADRAP Tools to diagnose the Network for Performance error like, ADSS, Replication Issue, and Failed Backups then follow up with Wintel team on how to solve the problem or come up with a Solution.
• Recommended implementing PROD changes in Test Environment before carrying them out in PROD
• Enforced the use of SCOM to monitor Servers hearth bit, notification of User account lockout, Server running low on HDD space and many More.
• Acted as the escalation point for network access issue like AD Frequent Account lockout and solve it as quickly as possible, I also wrote SOP on tracing the lockout source.
• Leveraged PowerShell Script to check for Site & Subnet mismatch after the ADRAP License expired.
• Fixed Remote Users having problem accessing their network resources while on VPN
• Edited and configured the DNS for Name Resolutions and reverse lookup.
• Worked with the Security team to point out error with the Threat management Gateway.
• Troubleshoot Account lockout issue for external users in FIM, used the Active Directory account lockout tools to locate the Domain controller locking user out, and then check the Event Log of the DC to get the information of the Device causing the lockout. Leading to users with activated active sync on a mobile devices linked to their emails.

Confidential, Tempe, AZ

Active Director Subject Mater Expert. L3

Responsibilities:

• Used AD-Rights Management Service, to restrict rights and give permission on network Shared Files & Folders, Documents & E-mails.
• Used the ITIL standard, to approach IT service management and Provide frame work for Identifying, Planning, delivery, and Support of IT services.
• Monitored Active Directory Sites and Services (ADSS) for Overlapping Subnet and Missing Subnets by Verifying with IP-Control team.
• Managed enterprise level environment with over 170,000 AD Objects and 20,000 Users.
• Added and Removed User rights and privileges in Active Directory.
• Migrate AD objects from one environment to another using ADMT Vs3.2.
• Performed Site Costing and fix missing links.
• Configured the Hyper-V Host Server to host the Virtual servers for the Europe Domain.
• Wrote SOP on how to build Hyper-V servers with fixed drive size to prevent dynamic expansion.
• Manage over 175 physical Domain Controller 40 Virtual Server 10 Forest and 13 Domains.
• Upgraded the McAfee Solid Core Antivirus on the DC’s.
• Created, Modified, Deleted, granted permissions to AD Objects.
• Decommissioned forty-two 2003 servers.
• Built 2008r2 Servers to allow elevation of the Forest functional Level to 2008r2.
• Prepare Schema Update for the introduction of Lync 2013 and exchange 2013 in QA.
• Reviewed SOP on steps needed to accomplish some AD task, as there was little or no SOP on site.
• Build fixed size drive for the Hyper-V Virtual DC’s for the Europe Domain.
• Migrated AD Object using Active Directory Migration tools, Created a Trust between forests.
• Migrated relocating ASIA forest Users to NAmerica Forest by installing SQL Express 2008 Sp1 to create the Database to allow the migration to be successful.
• Used Quest recovery Manager to restore Deleted AD Objects.
• Used Lync & Email to follow up with customer in resolving IT problem.

Confidential, MN

Active Directory Team Lead

Responsibilities:

• Administered the 5 Forest and 9 Domains with more than 150,000 ADObjects and 50,000 AD users.
• Managed ADFS communication with other BestBuy vendors to share and Allocate Federated resources without having to set up a new Forest Trust.
• Migrated AD Users using Active Directory Migration tools, Created Trust between forests.
• Migrated relocating ASIA forest Users to NAmerica Forest by installing SQL Express 2008 Sp1 to create the Database to allow the migration to be successful. To allow the AD user from Asia to have access to the resources in NAmerica forest and keeping the permission from the source Domain to the Target Domain using the SID history.
• Configured and Maintained EXSI 5.1 Host, VMWare Servers.
• Used Script to locate & Remove inactive AD account to Stale OU and delete after 91 days.
• Remotely Manage Hyper-V Servers at our Bloomington Data Center.
• Monitored servers and Network Health using SCOM.
• Configured and Maintained the Active Directory Federation Services.
• Install & configured Server 2012 in Test/QA Domain.
• Rsolved the time sync Issue amongst the Domain controlers.
• Used Microsoft forefront Identity Manager to authenticate users’ with Logon issue for password reset.
• Used FIM to manage User Identity, access control permission and allows user to reset their password without having to go through IT Service Desk Request for the Administrator to reset their password.
• Elevated the domain & forest functional level in production.
• Enabled Active Directory recycle Bin & wrote SOP “Standard Operational Procedures” for the restore steps accidentaly deleted AD-Objects.
• Helped to train my offshore AD team to be more effective.
• Decommission over 60 2003 Servers and built new servers and Promoted new member servers to DC’s.
• Documented the disaster recovery plan for BestBuy on holiday readiness.
• Used PowerShell to run account cleanups for Inactive ADObjects for more than 31 days and moving. them to stale OU, setting trust relationship between domains and forest.
• Create and delete accounts, set password policy. Responsible for implementing, configuring and managing Active Directory, DNS, DHCP, ADFS, Radius Servers Authentication, and Trust Relationship with the 9 domains and 5 forest.
• Upgraded server 2003 to 2008 r2, managed the DMZ, Test environment, & Quality Asurance forest.
• Respond to incident tickets using service now, made sure all domain controllers are syncing with the external timeserver source using the Microsoft time hierarchy standard.
• Provided on-call and remote support during off office hours and weekends.
• Radius server authentication for TagMobile issue with the BestBuy Asia computers could not be authenticated by the Radius Server in NA\BestBuy.
• Monitored time sync for drift within tolerance.
• Used ADRAP to monitor the Risk & Health assessment of the network
• Managed some remote computer using PC-Duo.

Environment: Windows, Systems Backup, Server 2003/2008, Exchange 2010, DHCP, DNS, Remote access, Cisco Router 2600/ Cisco switches WS-C3750, FIM, VSphere, VMWare, Esx, and Microsoft Systems Center systems Center, Citrix, Radius Server

Confidential, Tampa, FL

Windows Disaster Recovery Engineer

Responsibilities:

• Short term contract to restore Confidential ’s failed Network and backup their data using Symantec Backup Exec, in a complex network where they have over 167 Servers with different operating systems Platforms, Cisco, Windows server 2000,2003 and 2008r2.
• Solved the problem using Acronis to move data between different OS and 5 sites in different location, backed up with Symantec Backup Exec on the NetApp storage of the Robotic Library.
• Backup was tested and automatic report as scheduled from backup exec sends email directly to the IS Manager.

Environment: Windows, Symantec Backup exec, Server 2003/2008, McAfee Security Suit, Exchange 2010, DHCP, DNS, Symantec firewall, Remote access, Cisco Router 2600/ Cisco switches WS-C3750, VSphere, VMWare, Esx, and Microsoft Systems Center systems

Confidential, Orlando, FL

Remote Windows Network Administrator

Responsibilities:

• I used Remote network connection to support and managed the Active Directory, DNS, DHCP, GPO and network security by setting file permission for staffs and ensuring the company’s data is well protected as much as possible.
• I used Server 2008R2 Active directory services, to create user accounts, set up trust from other domain to allow access to a general application for the company.
• Provided network implementation support for data and voice network
• Configure the Exchange server for the headquarters and branch office in Singapore.
• Upgraded environment to Exchange 2010.
• Configure VMware/VSphere & Hyper-V to reduce the work load on the main server and configure the console.

Environment: Symantec Backup exec, Server 2003/2008, Exchange 2007, DHCP, DNS, Symantec firewall, Remote access, Cisco Router 2600/ Cisco switches WS-C3750, VSphere, VMware, and Firewall.

Confidential

Windows Remote Network Administrator

Responsibilities:

• Remotely managed all clients of Rash-Mot Int’l from U.S. to support the Junior Network Engineers on the field.
• Utilized server 2008R2 Active directory to create user accounts, sites, and trust from other domain to allow access to a general application for the company.
• Installed McAfee security suite to monitor and prevent internet intrusion and virus on the network.
• Used SharePoint as a platform to create sites using SharePoint Designer or Visio for our staffs in all branch offices to work together on Project and store it on the SharePoint to avoid hard disk space use up on client’s computer.
• Provided deployment support planning and network integration with Active directory and setting group Policy as deemed and DHCP, DNS and remote access for remote staffs.
• Performed configuration audit for network devices.
• Provided change window support for critical network activities.
• Provided first office application (FOA) support for new technologies.

Environment: Symantec Backup exec, Server 2003/2008, Exchange 2007, DHCP, IIS, DNS, Symantec firewall, Remote access, Cisco Router 2600/ Cisco switches WS-C3750, VSphere, VMware, and Firewall.

Confidential

Project Lead

Responsibilities:

• Installed and Maintained the Microsoft Exchange Server 2007.
• Migrated Exchange Server 2007 to 2010.
• Installed, configured, operated and troubleshot Microsoft Exchange Server.
• Provided support and coordinated the SharePoint environment.
• Provided alternative access to the shared data on our SharePoint site, web servers, file servers, anti-virus servers, departmental servers and storage systems.
• Designed, setup, configured, monitored, optimized the VMware infrastructure and associated technologies.

Environment: McAfee Security Suit, Symantec Backup exec, SharePoint 2007, Server 2003/2008 r2, Exchange 2007/2010, DHCP, DNS, Symantec firewall, Remote access, Cisco Router 2600/ Cisco switches WS-C3750