SUMMARY:

• Over 15 year experience of designing and implementing of medium to large scale networks and IT infrastructure.
• Hands on routing, switching, VoIP, security and wireless.
• Hands on various routing protocols including EIGRP, OSPF and BGP.
• Hands on various VPN solutions including IPSec VPN, DMVPN, SSL VPN and MPLS VPN.
• Hands on various firewall solutions including routed mode and transparent mode.
• Hands on various VoIP solutions including Call Manager, Call Manager express, H.323, MGCP and SIP gateways, Cisco Unified Border Element (CUBE).
• Hands on Policy base - routing, QoS, Multicast, Host Standby router protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), Gateway Load Balancing Protocol (GLBP), Virtual Switch System (VSS), Cluster Switch System (CSS), virtual routing and forwarding (VRF), Link Aggregation Control Protocol (LACP), Port aggregation protocol (PAgP), NBAR, Virtual context, Virtual domains (VDOMs) SNMP, NTP, DHCP, VTP, NAT, TACAC+, RADIUS, VMWARE, Microsoft Visio.
• Knowledge of Linux.

PROFESSIONAL EXPERIENCE:

Lead Network & Security Engineer

Confidential, Campbell, CA

Responsibilities:

• Redesign internet tier running multihomed BGP
• Installed and configured Fortigate devices as firewall.
• Installed and configured Cisco Switches as additional Core switches.
• Installed and configured Citrix Netscaler as load balancers.
• Installed and configured Cisco ASA as VPN termination for both Remote access and IPSec.
• Installed and configured HP switches, Nexgen storage device to provide additional storage for database.
• Moved Network equipment from Equinix colocation in Sunnyvale to Centurylink colocation in Santa Clara and ensured they all are working properly.
• Replaced Cisco end of life ASA with Fortigate 500D.
• Replaced Cisco switches with Huawei switches.
• Worked with Meraki team and vendor to install access points.
• Add additional Internet circuit to separate internet access and IPSec VPN.
• Installed and configured Cisco ASA as Firewall,
• Install Cisco routers as console server and connect network devices serial/console port to it
• Install Cisco switch and connects network devices management interfaces to it.
• Installed a Linux server as TACAC server for authentication.
• Installed Solarwinds to monitor network performance
• Installed Extrahop devices for network troubleshooting tool.
• Installed and configured Fortigate 600D as firewall device.
• Installed and configured Huawei CE8860-4C-EI switches as Spine & Leaf architecture.
• Installed and configured Huawei 9000E chassis for server farm.

Senior Network Engineer

Confidential, San Francisco, CA

Responsibilities:

• Connected the 3 networks together through MPLS and reconfigured routing protocol (BGP & OSPF)
• Convert internet access to centralized model from distributed model to save monthly cost and enhance internet access and security ( less internet connections equal less security breach)
• Designed and implemented network equipment for new remote office in UK and relocation office in Japan that connects to Head quarter though MPLS as primary path and IPSec as backup path. Working with site contact and vendors to ensure Data, voice, video and wireless working properly.
• Install switches, wireless controllers and access points to existing network. Worked with vendors to install robots, laser barcode scanners and ensure shipping area operate smoothly.
• Site to site IPsec tunnels from retail stores to datacenter were getting harder to manage. Implemented a pair of cisco router as DMVPN termination and reconfigure IPSec VPN tunnels from retail stores to the new DMVPN termination.
• Configured retail routers FXO and 3com modem as dial-up for backup path.
• Coordinated with Aerohive Engineers to rollout wireless solution for all retail stores.
• Segmented billing servers behind Juniper SRX firewall.
• Coordinated with Chase bank Engineer to connect billing servers segment to Chase bank network through MPLS.
• Coordinated with Sungard Engineer to connect billing servers segment to Sungard network through IPSec VPN for vulnerability scanning.
• Secure PCI/billing servers segment zone from Vendors access by implement Cisco ACS downloadable ACLs.
• SSLv3 has been vulnerable (POODLE attack) implemented Juniper MAG for remote access VPN to meet PCI compliance standard.
• Tape Backup is no longer cheap solution and with the hassle sending tapes to storage. Coordinated with Microsoft engineer to bring IPSec VPN tunnel to Asure and scheduled data backup.
• Implement new guest wireless solution at corporate office with WLCs Anchor setup.
• Install Silverpeak wan optimization on several locations and reconfigure QoS on Cisco routers and switches to work with wan optimization device for Data, voice, video classes matching QoS policies and working properly.

Technical Consultant

Confidential, Pleasanton, CA

Responsibilities:

• Design and implement IPSec VPN solution between SCIF Headquarter and agents home offices.
• Configure IPSec VPN to Amazon and Skytap clouds. Then provides feedback to SCIF management.
• Installed and configured A10, Citrix NetScaler and F5 load balancer for evaluation. Then provides feedback to SCIF management for selecting right devices.

Technical Consultant

Confidential, San Bruno, CA

Responsibilities:

• Coordinated with Confidential Network Engineers to design and implement new network in San Bruno campus that including Internet routers, Firewalls, VPN, CUCM, Cisco CUBE, WCL, core switches and users switches.
• Moved network equipment from Brisbane campus to San Bruno campus and ensured they all are working properly.
• Replace existing vudu office network equipment with new equipment then connect vudu office network to Confidential network through MPLS and IPSec VPN.
• Redesigned several Confidential branch offices

Technical Consultant

Confidential, Cupertino, CA

Responsibilities:

• Redesign Internet tier from single home to multi-home.
• Moved network devices from Equinix Colocation and integrated them to Digital Realty Colocation
• Inserted FWSM into Cisco 7609 and configured it as Firewall.

Technical Consultant

Confidential, Redwood City, CA

Responsibilities:

• Migrated voice configurations from Cisco end of support VGs and IADs to new Cisco IOS routers.
• Implement Cisco CUBE and trunk to Sprint and routed off-net calls to the SIP trunk. Then terminate PRI circuits to save monthly cost.

Technical Consultant

Confidential, San Jose, CA

Responsibilities:

• Configure Cisco ISR routers as Internet router.
• Configure Cisco ASA as firewall.
• Configure Cisco Nexus 7000 routers as Core switches.
• Configure Cisco routers with T1/E1, FXS and FXO WICs and AS 5400 as simulating PSTN network.
• Configure Cisco GRS as Cisco Unified Border Element.
• Configure Cisco CE 4700 as load balancer.
• Configure Cisco 800 routers as to simulate home DSL router.
• Configure Cisco 3900 router as H.323 voice gateway and gatekeeper and interconnect with CUCM.
• Connect Tandberg Video Communication Server, Tandberg Video Communication clients, Cisco Telepresence, Cisco IP phones to simulated network for test engineers and software developers to improve better products.
• Support test engineers and software developers on several tasks to improve Cisco Telepresence products.

Technical Consultant

Confidential, Alameda CA

Responsibilities:

• Coordinated with Confidential engineers to implement Voice over intercom.
• Support both Confidential and vendor Engineers on various tasks to improve intercom products.
• Configure IPSec VPN between Confidential office in America and vendor in Thailand.
• Implemented VoIP solution with Cisco CUCM Express for Corporate office.

Implementation Network Engineer

Confidential, San Jose, CA

Responsibilities:

• Audited Cisco existing data centers, campus and remote offices networks to evaluate network infrastructures.
• Redesigned and implemented network infrastructure if it does not meet Cisco designed standard
• Designed and implemented network infrastructure for new datacenters and offices.
• Integrated acquired companies network to Cisco network.
• Moved network devices from old offices to new offices and ensured data, voice, video and wireless working properly
• Tasks includes:
• Audited existing networks using Microsoft Visio, CDP, ARP, Mac-address tables.
• Coordinated with ISP for new circuits.
• Generated wireless heat map base on floor map.
• Coordinated with vendor to install access points.
• Configured network devices.
• Ensured data, voice, video and wireless working properly after implementation.

Cisco IOS Security Engineer

Confidential, San Jose, CA

Responsibilities:

• Configure IPSec VPN, zone base firewall, NAT and load IPS signatures on Cisco integrated routers.
• Interconnect Cisco integrated routers with Cisco Security Monitoring, Analysis, and Response System, Cisco Secure ACS, Cisco Security Manager, Microsoft Server and Avalanche traffic generator.
• Generate traffic from Avalanche traffic generator to send though Cisco routers to test VPN, NAT, firewall and IPS signatures performance and functionalities.
• Collect information and document test results.
• Prepare documentations for management and developer Engineers for customer presentation.

Network Engineer

Confidential, San Ramon CA

Responsibilities:

• Resolve technical issues that involves between SBC edge routers and customers premise equipment.
• Provision new BGP session with new customer router.
• Coordinate with on field Technician to troubleshoot circuit’s issues
• Assist enterprise customers in using BGP attributes to manipulate routes.
• Assist small business customers in using NAT/PAT for internet access.

Network support Engineer

Confidential, Austin, Texas

Responsibilities:

• Install new switches and interconnect test systems for production testers.
• Replace failed hardware include switches modules.
• Monitor performance and functionality of the network equipment and troubleshoot network issues.