SUMMARY:

• Senior IT Solutions Architect with over 26 years of experience in F50/F500 enterprise class systems. Experience with cloud platforms and proven ability to implement, PM manage, design and troubleshoot complex large - scale systems.
• Designed, engineered and implemented various environments, with emphasis on high availability, virtualization and cloud, security, Disaster Recovery and business continuity (DR/BCCM), monitoring and performance management.
• Extensive experience with virtual machines, P-V and data migration, IaaS, PaaS, IDaaS and SaaS within Azure, AWS, SunGard, OpenStack and other cloud systems. Managed level 1-3 engineering teams in multiple critical environments; as well as vendor relationships and third-party applications, including retail (PCI 3.x), and SOX market data providers, back office systems and trade execution plants. Technology consists of multiple separated VLANS, SDN technology, Firewalls, packet shapers and accelerators, advanced DNS and F5 GTM/LTM HA clusters, ADFS, OAM and Ping Federation with proxies and Extended DMZ; insolated DMZ1, DMZ2, DMZ3 and other muti-layer concepts (VMware, cloud and hybrid cloud), as well as endpoint detection and response (EDR) solutions with IoT; MDM, PKI, LDAPS, ClearPass, Federation and SSO, ADFS, and other identity access (IAM) solutions.
• Hands on knowledge of collaboration software and VoD, IBM, Sharepoint/O365 with active authentication, JIRA, Remedy, ITSM, and others as listed below.

TECHNICAL SKILLS:

Operating Systems: RHEL Linux, CentOS, Solaris, HPUX, IRIX, AIX, Windows, OSX, IOS, TMOS.

Cloud Services: Azure cloud services, O365 & AADConnect, RBAC, MFA, cloud services and subscriptions. SunGard AS, APAC Dimension Data Hybrid (openStack) PROD/DR HK-Tokyo environments, migrations from physical to VM (P-V) to cloud, including hybrid cloud configurations; networking equipment and circuit drops, VMWare hosts, EDMZ, virtual appliances, extended CORE and DBMS related technologies. AWS Certified Cloud Technical, both; Roles Based Access Control (RBAC); ASM/ARM/AZURE RBAS/AWS, IDaaS, IasS, PaaS, SaaS, Iot).

Database/Application Servers: MSSQL, Oracle, MySQL, Sybase, Informatica, Java, Apache Tomcat, WebLogic, PowerBI.

Clustering/High Availability: Virtualization (ESX/VMware VMs, nPar/vPar, LDOMS. nPar, lPar), many types of storage and Raid levels, thick and thin SAN provisioning, VCS, Microsoft/SQL Clusters, horizontal and vertical application clusters; granular recovery DR/BCP.

Backup Management: CommVault Simpana10 w/ global OnPrem and Azure Blob replication, Symantec NetBackup, CA BrightStor/ARCserve, SyncSort Backup Express.

Monitoring and Performance: Splunk, HP OpenView (Performance Management), TeamQuest, SolarWinds, GlancePlus, BMC Patrol/Predict, PROGNOSIS, CA SiteMinder, SCOM, Netcool.

Security and Authentication: PKI (OCSP, CRLS, AIA), Aruba ClearPass, Airwave, SSO, NAC, 802.1x, EAP-TLS, SSL, VPN, SSH, MIT Kerberos 5 with IDE (Eclipse with the Photon), Check Point VPN1 clusters, Juniper, Cisco PIX, Real Secure IDS, Tripwire, OAM, IAM, CA signed s, internal X.509 CA s; SOX, PII, PCI scans with hardened OS. F5 TMOS ADC/LTM McAfee DLP, A/V and app level, same day, FW (OSI 7) protection.

Name/identification Services: AD, AD CS, AD FS, LDAP(S), PKI, Oracle OAM, IAM, SAML2, SSO, Kerberos, X.509 s, TACACS REST API s, Azure IAM, ASM (declining), ARM (parallel Azure Resource Management ~ REST), AWS IAM, Virtual Directory Stores, CA SiteMinder, Cyberarc duplication and relocation to internal DMZ.

Networking: TCP/IP, UDP / multicast, X.25, SNA 3270/X.25, FIX, TIBCO RV, MQ, Filter, IPSec, VRRP, OSPF, VoIP, DMVPN, IPSec, EDMZ (multiple methodologies) and Load Balancer technologies.

Wireless and Mobility: 802.11a/b/n/a+c, aes256, SHA-2, IAP, aes256, Aruba ClearPass, AirWave, Mobile Iron (SaaS & OnPrem) /BYOD, 802.1x (PCI 3), rfid OnBoarding for mgmt.

Programming/Shell Scripting: C, sh, csh, ksh, bash, perl, (VI) Java, JavaScript, Python, PowerShell, Azure CLI, 4 GL s; Puppet, NetBeans, Visual Studio 2015/2017, Git, GitHub, Aris, and Confluence.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Consultant

Responsibilities:

• Installation, realignment and configuration of Microsoft ADFS 3.0/4.0 on F5 IDM (APM) to WAP/VIP, Windows 2012/2016 node HA farm; configuration for Federation and SSO for City Relying parties (trusts) into Microsoft/ADFS and Oracle/OAM environments.
• Architecting Microsoft FIM 2012 to MIM 2016 with AD migration to ADDS 2016 installation and configuration.
• Installations and auditing existing environments as per sub-SOW’s, creating Portals, 802.1x, VLANS, NAC.

Confidential

Responsibilities:

• Hands on RHEL VM's, IPSec tunneling, GTM/LTM, NoSQL, iSQL, VOD, CDN Streamers, Caching Servers with big data sets and several analytics operands, in some cases merging SOAP and RESTful services into many Tomcat jvm instances, Mongo DB steaming up to MPEG H.264 (HD TV) real-time flex view delivery.
• Worked with Python scripting and Splunk monitoring; Vault to Streamers to Cached content (GTM/LTM) (RESTful) load balancing with shared caching services and stateless API calls to content and IDM/OAM, Deployed vm's; jvm Services, java 1.7, java 1.8, Splunkforwarder, iSQL, MongoDB, Oracle 12i RHEL RAC.
• Identity Management to the Household as well as Digital Rights Management for free, rental, and purchased or expiring content (asset and metadata schema as well as purchased channel access rights. Bookmarking through differing set top boxes and other playable playback devices (flex view); including iPhone, iPad, Android, Chrome-book, and Windows.

Confidential

Senior IT Solutions Architect

Responsibilities:

• With O365, created external domainnames, federated Sharepoint with MS auto discovery DNS to provide external domainnames to (IDaaS) SharePoint-online 2015 sites (PaaS) for SSO, Ping federation via Azure AD and outside domains to multiple big pharma AD domains for SSO; with SAML 2.0 (SP) (SharePoint-online) initiation with Powershell Azure, manage, federate, Azure metadata, and key exchange.
• Microsoft Active Directory on Azure, Key Vault, Design of SOAP to REST services, Java EE .NET (IaaS and PaaS). Compliance and security standards supported by Azure and IAM roles-based, resource grouping and provisioning via parallel deployment (ARM), customization and security rights management (IAM) control.

Confidential

Senior IT Solutions Architect

Responsibilities:

• Integrated a multi-tier Microsoft 2008R2 PKI Enterprise design, integrating with Cisco RADIUS and Aruba ClearPass appliance suite; thereby Identity Access Management is assured by X.509 fingerprint. This includes CRL’s, OSCP, SCEP, Secure LDAP, BYoD, BYoC, and Secure LDAP at the DC level to all machines.
• Completed Global Aruba ClearPass LAN/WLAN security management with PEAP/TLS eap-tls, for 2300 corporate windows devices using 802.1x, x.509 s (via internal PKI chain) and PKI Windows 2008r2 Servers with auto renewable s, Windows 7 clients, Mac OSX clients, and IOS (WiFi/802.1X, and Guest (MAB). The 2300 Windows clients utilize AD CS, IAM, and Powershell; locally and Azure SSO LDAPS AD, replicated remote.
• Successfully migrated NYC campus production (PROD) assets to the HA Hybrid Cloud from New York office to Sungard datacenter in Philadelphia including DR, approximately 20 TB with big data sets (OpenStack).
• In SunGard cloud, built SharePoint 2013 (PaaS) front-end, App Servers Project Combo with MS SQL Cluster.
• Initiated bringing in the Microsoft Azure cloud platform, the governance and strategy for creating multiple subscriptions for different projects and global services; creating a framework, network topology, VMs, HA aspects, Azure AD Premium strategy, and solution documentation packages.
• Built AD FS servers in 3-tier DMZ to integrate with external environments via Juniper to Azure initiated VPN (replicated, read-only DC), IPSec to GUID FW zones, which with normal internal access, included multi-factor IAM authentication from same Azure read-only DC, as well as CyberArc HA-account connectivity.
• Engaged in daily support of Azure Subscriptions and the creation of virtual elements in Azure. (IDaaS) (PaaS).
• Updated cloud services, including; Salesforce (SaaS) and MobileIron (SaaS) to OnPrem Internal DMS resources.
• AWS concept implementation, replication and DR with scripted LAMP stack Linux, Apache, MySQL, Python.
• Redesigned backup technology and procedure to a modern data management framework globally with big data sets. Solution included thirty-day snap shots daily offsite replication to Azure cloud solution for DR and data retention with $1M in annual savings, cloud IaaS (vm’s), PaaS (upload), SaaS (MDM), IDaaS (Premium AD) .

Confidential

Senior Solutions Architect

Responsibilities:

• Created multiple solutions utilizing Weblogic Tomcat as well as .NET VMs, Oracle DBMS, in two and three tiered eDMZ network topologies, internal and cloud; Solaris Unix, RHEL Linux, and Windows.
• Created several solutions involving Windows IIS and .NET as web and web/app servers for third party solutions or access through data marts or reporting services such as Business Objects, Oracle EBS, SSO, Moodle (Apache LAMP stack) MicroStrategy, Informatica, and Knova; an Exadata Oracle OS optimized database footprint.
• Worked on F5 GTM/LTM irules to traffic balance large common core project, with HR and also including Weblogic and Coherence, for a stateless Representational state transfer (REST) configuration.
• Architected RHEL Linux Solutions for Oracle 11gr2 RAC on ASM, migrating from Higher cost Solaris VCS.
• Worked through new and supplemental firewall modifications in support of new applications, partner-net offshore VPN IAM, with SSO, and Neoteris Citrix access. This includes multi-bind DNS and piloting DMVPN with SDN.
• Experience in Configuring CA SiteMinder policy server (SSO), framing Rules and Policies, and troubleshooting.
• Implemented password policies and SSO for external Sun One LDAP user repositories, OAM, IDM.
• Constant compliance with SOX, PCI and HIPAA regulations, utilizing an ITIL framework for PCLM and PBR.
• Openstack as well as AWS and puppet design deployment solutions (SDP) for elastic analytics on big data sets.

Confidential

Professional Services Engineer Consultant

Responsibilities:

• Created Solaris 10 zones (global/root, non-global/shared), installed oracle 10g into multiple zones, IAM, and integrated each into 64-bit PROGNOSIS 9 monitoring and data collection; scripted many perl collections.
• Installed instances of PROGNOSIS (8.5, 9) in multiple architectures (OS), features and topology.
• LSE Enterprise Infrastructure Architect and Lead Solutions Engineer (LSE), Equities and Fixed Income and Commodities (FICC).
• CSM Liaison technical project manager (SCM) between technology silos (GTI) and business (GMI) units to design, coordinate and implement solutions for new, augmenting existing applications.
• Incorporated a firm-wide contingency and recovery (C&R) SLA and application footprint for next generation, granular recovery (GR) contingency and Recovery (C&R). Collected 273 tier one trading application candidates and converted all simple and several complex applications to GR enabled and internally certified and SOX compliant. This included implementation of Big-Iron F5 3DNS/Wide ID, unique storage sets per application function, and spanning storage sets with srdf to single replicated frames.
• Engineered NAS and EMC LUN storage group consolidation (Premium+, Lite+, Lite, CASS, NAS), thereby making granular srdf/asrdf (and tier 2 NAS) contingency failover configuration possible.
• Managed a variety of server and database consolidation efforts to fir m m-wide farm clusters, including Sybase/Solaris10, Oracle/Solaris10, Oracle/Linux as5, and Solaris10 utility containers.

Confidential

Investment Banking Division (IBD) Level II Production Support Engineer

Responsibilities:

• Architected a vendor entitlements engine for IBD, writing a scripted Perl/ldap, SQL and AD groups lookup aggregation and delivery mechanism (perl/pgp) - triggered by an Autosys event scheduler, confidential content delivered via encrypted Comet delivery service and monitored through a Netcool perl API.
• Performed an Autosys job migration project from Solaris to Linux; cataloging IBD unit’s 684 Autosys jobs.
• Managed multiple offshore teams responsible for approximately 70 applications in varying phases of lifecycle development for Investment Banking (IBD), Global Capital Markets (GCM), and Real Estate (MSRE) divisions within a global level II support team, executing daily ready for business (RFB) checks, weekly and emergency change management turnovers as well as emergency break fix diagnosis and repair.
• Architected a new enterprise backup solution; a heterogeneous environment of 50 clients and five media servers consisting of UNIX (Solaris/Irix/Linux), Netware and Windows (NT).
• Managed IBM installation and assisted implementation of a Blade Center consisting of Intel Xenon blades, SAN booted to a LC channel FastT700 and tertiary 10 TB SATA storage array, in support of an IBM Content Management System (ICMM) with DB2, Web Sphere and video on demand (VoD) application, with SGI data and legacy system conversion.
• Architected and submitted patent application for “a proprietary elevator efficiency loading control system”.

Confidential

Consultant (Sun Professional Services) - Infrastructure Project Manager

Responsibilities:

• Created and managed project plans from post 9/11 boilerplate templates, matching a discrete number of available configurations to fulfill business unit requirements.
• Facilitated project plans though procurement, change request, asset allocation, and coordination of functional silo activities to fulfill a successful completion. This was primarily an IT project manager (PM) role.
• Designed and implemented a 5x9 highly available load balanced collocated environment; including F5, Firewall and IDS clusters, VLAN segments trunked via host and Cisco Cat OC bridging, various management and event notification systems, redundant multi-carrier 50 Mb internet vendor VPN MPLS, multi-tiered DMZ for IPlanet, Weblogic, and clustered Oracle OLTP and Datamart, J2EE applets, .NET Front-end UI and static content.

Confidential

Consultant - Sr. Systems Administrator (CICG/Equities Core Engineering Team)

Responsibilities:

• Built a new listed block trading web-reporting service in a productions client server environment.
• Designed a QA lab environment for equities server consolidation with decimalization expansion.
• Built Windows IE Server, app server for mainframe MUNI bond data feed analysis and scrub functions.
• Audited network and system design, with respect to Sun Solaris Enterprise systems, Sun Storage and HA.

Confidential

Consultant - Sr. Systems Administrator / Sr. Architect

Responsibilities:

• Designed network and infrastructure components of SunAmerica’s Broker Dealer trading application, Vision2020, through the development and beta-production site in New York and Prod in Los Angeles.
• Built VCS clustered Sun Oracle DBMS, dual Sun U60 SNA/X.25 gateways, DNS servers, Sendmail and ftp servers (all Sun Solaris, Veritas foundation suite and DBMS HA fail-over (VCS))
• Built SIS and SPS/PME environments, upgrading Solaris hosts and OS along the PCLM
• Built my own scripting for VCS type 2x cluster using scripts and duplicate hardware and monitoring.
• Electrical Engineer at SCIF facility Schriever (Falcon) Air Force Base (DoD Security Clearance - inactive 91)
• Unix Systems Administrator iRAD 36D (Electronics and Missiles) SunOS, Solaris, IRIX, Linux, HPUX, AIX