SUMMARY

• A Senior Network Security Engineer with 10 years of experience, responsible for deployment, configuration, administration, troubleshooting and maintenance of enterprise - wide network and network security solutions.
• Solid understanding and experience in LAN, WAN, TCP/IP, Cisco software (IOS, NXOS).
• Hands of experience in configuring AWS, Cisco ASA, Paloalto firewalls, creating rules, monitoring logs and troubleshooting connectivity.
• Experienced in layer 2 and layer 3 switching which include protocol such as Spanning Tree, VPC, Fabric Path, VDC, FCoE, MPLS, ISIS, DMVPN, VTP, IEEE 802.1D/1W/1.Q/1S, 802.1X.
• Hands on experience configuring routing protocols such as EIGRP, OSPF and BGP.
• Monitored and managed devices using Solarwind Orion and good knowledge on configuring Juniper routers. have excellent communication skills and solve problems in an analytical and logical manner. Work closely and effectively with all levels of management to achieve the targets.

Core Competencies

• IP Data/Voice/Wireless Networks
• LAN/WAN
• Information Systems Security
• End Point Security
• Risk Management
• VMWare VSphere 6.5
• Data Center
• System Implementation
• System Analysis
• Firewall (Palo Alto, ASA)
• Load Balancer (F5-LTM)
• Troubleshoot

TECHNICAL SKILLS

Organizational Security: Data Security at Rest, in Process and in Motion, IAAA, CIA, Asset Security, Vulnerability and Penetration, BIA, Risk Analysis, Controls, Software Security, ISO 27001

AWS: Logging and Monitoring, VPC, Load Balancers, DNS R53, Systems Manager, Inspector, Cloud Trail, Cloud Watch, Security Groups, IAM, S3, Config, WAF, Trusted Advisor, Security Hub, AWS Support

Routing: 800, 1800, 1900, 2800, 2900, 3800, 7200, EIGRP, OSPF, BGP, MPLS, HSRP, VRRP, GLBP, QoS, Security

Switching: 2960, 3560, 3750, 4500E, 6500, STP, RSTP, VTP, 802.1Q, LACP, EtherChannel, Port-Security, L3 Routing

Data Center: Nexus 2K/5K/7K, MDS, vPC, VDC, OTV, FCoE, FC, FEX, Port-Profiles, Port Security

Firewall: Palo Alto, ASA 5505, ASA 5520, active/standby failover, Policies, Profiles, Decryption, Certificates, LSVPN, AAA, IPSec VPN, ACL, Zones, Interfaces, LACP, DHCP

Wireless: Cisco 2500/5520 Wireless Controller, Access Points - HP, Colubris, Ruckus, Motorola, Ubiquity, 802.11a/b/g, Wireless Security

VMWare: VSphere 6.5, ESX 6.5, vDS, vSS, Virtual Networking, VM, VMFS, vSphere Management

F5: Virtual Servers, Pools, Nodes, Profiles, Certificates, Static IP, Floating IP, Self IP, Load Balancing Methods, Management and Support

Voice: CUCM, Mitel Controller, Cisco phones, Mitel Phones, Telus TC2/TC3, Asterisk PBX

SIEM and Data Security: Splunk, Confidential QRadar, Symantec, Vormetric

Network Analysis and Monitoring Tool: Network Profile, Network Performance Analytics, Risk Analysis Tool, Software Operations Risk Assessment, Solarwind Orion, EOTS, Cisco Prime, Zabbix, CTM

Ticketing Tool: Confidential -Tivoli, Confidential -SCCD, BMC-Remedy, ITSM, Service Now, Impact, JIRA

Network and Packet Analyzer: Sniffers, Ethereal, Wire shark, TCP Dump, Power Shell Scripting, Nmap, Nessus

PROFESSIONAL EXPERIENCE

Confidential, Oakville, ON

Responsibilities:

• Technology: Amazon Web Services (AWS)
• Communicate with vendors for AppScan, SAST, DAST, Vulnerability and Pen Test for Web and Mobile Applications for PCI Compliance
• Periodically run Qualys vulnerability software to find out vulnerabilities in Web based Applications
• Configure AWS Systems Manager, AWS Inspector, Load Balancers, S3 Buckets, Security Groups, IAM, DNS Route53 and others
• Configure and monitor AWS Cloud Trail and AWS Cloud Watch logs and troubleshoot issues
• Configure schedule in Auto Scaling Group for EC2 instance start/stop and reduce the operational cost for the organization.
• Configure AWS Config to check the changes in the infrastructure for the organization and meet the required compliance
• Generate reports from AWS Trusted Advisor and present to higher management for cost optimization, security and others
• Troubleshoot issues regarding S3 buckets access for users and services and configure S3 bucket policies to resolve the issues
• Manage users, groups, policies, roles and keys using IAM and KMS console
• Configure events using AWS Event Bridge and SNS topic for required alarms and send notification to higher management
• Periodically generate and review AWS Inspector report and present the vulnerabilities to higher management
• Support different AWS services and features in microservices web applications platform
• Configure ECS Clusters, ECS Services, VPCs, Subnets, Security Groups, Load Balancers, Service Discovery and run the task
• Troubleshoot ECS Task issues using AWS CLI, CloudWatch, CloudTrail logs in AWS Console
• Analysis the cost associated with different AWS services and provide the use cases of the services to management team
• Periodically discuss the AWS billing with Management team and analyze the scope to managing it in cost-effective way
• Do research on different AWS services to improve the AWS infrastructure and provide recommendation to management team
• Troubleshoot issues regarding Web Application using API Gateway, ECS Clusters, ECS Services, ECS Tasks, Cloudfront and others
• Work closely with developers and database administrators and implement necessary solutions

Confidential, Edmonton, AB

Network Administrator

Responsibilities:

• Firewall: PaloAlto (PA-3050, PA-3020, PA-820, PA-220)
• Router/Switch/ASR: Aruba CX-6300, Aruba CX-6200, Brocade, ASR-9000
• Technology: Data Center, LAN/WAN, Network Security, LSVPN | Routing protocol - OSPF | Layer 2/3 switching
• Monitoring Tool: Solarwind Orion, Darktrace
• # of sites: 35
• Designed, configured and deployed Paloalto firewalls to set up new branch sites
• Designed and configured LSVPN on Paloalto firewalls to establish secure connections between data centers and remote sites
• Designed, configured and deployed Aruba and Brocade switches and set up new branch sites
• Configured zones, interfaces, dhcp, lacp, policies, profiles, nat, HA, Policy based forwarding and others on Paloalto firewalls
• Used Wireshark and captured traffic using troubleshoot on Paloalto firewall and resolved issues

Confidential, Edmonton, AB

Senior Network Analyst

Responsibilities:

• Firewall: PaloAlto, Panorama
• Router/Switch/ASR: Nexus 9K, 5K,65xx/38xx/29xx/37xx, ASR-9000
• Technology: Data Center, LAN/WAN, Network Security, VPN | Routing protocol - OSPF | Layer 2/3 switching
• Monitoring Tool: Solarwind Orion, Lan Sweeper
• Ticketing Tool: Service Now
• # of sites: 25
• Created Change Implementation Plan and configured the Change on Paloalto Firewalls using Panorama
• Deleted records of decommissioned servers and cleaned up Paloalto firewalls using Panorama
• Investigated logs of Paloalto firewalls using Panorama and troubleshooted network connectivity issues for end users
• Configured Security Policies and others on branch firewalls using Panorama
• Used Lan Sweeper and Solarwind Orion to find resources, investigated network connectivity and slowness issues

Confidential, Edmonton, AB

Network Consultant

Responsibilities:

• Firewall: Cisco ASA 55xx, PaloAlto, Panorama
• Router/Switch/ASR (65xx/38xx/29xx/37xx/36xx, 9300 IOS-XE)
• Technology: Cisco VOIP Call-Manager | Mitel Controller | SD-WAN | Site-2-Site VPN | vManage (Viptella) | Routing protocol - OSPF/BGP/EIGRP | Layer 2 switching
• Monitoring Tool: Solarwind Orion
• Ticketing Tool: ISM
• # of sites: 105
• Configured vEdge routers using vManage as per Architect team of Managed Service Provider for branch and data center locations
• Created rules, configured and managed Paloalto firewalls using Panorama as per Architect team of Managed Service Provider
• Created rules and managed Internal, External and DMZ ASA firewalls as per Architect team of Managed Service Provider
• Configured Cisco Access Points and established connection for small group of corporate users
• Configured virtual servers, pools, nodes, profiles, device and traffic certificates on F5 as per Risk Management team
• Worked on new branch deployment projects, configured LAN switches, routers and others
• Troubleshooted LAN/WAN networking issues and maintained maximum uptime of the network
• Configured CUCM, Cisco Unity, Mitel Controller and Telus Collaboration for Cisco and Mitel phones for end users
• Configured and managed DNS and DHCP scopes using Solarwind Orion
• Troubleshooted end users’ IP phone and voice mail related issues using CUCM, MITEL, Telus Collaboration (TC2/TC3)
• Resolved tickets related to data network, voice network, RSA tokens and others

Confidential, Edmonton, AB

Network Analyst

Responsibilities:

• Firewall: Cisco ASA 55xx, PaloAlto, Panorama
• Router/Switch/ASR (65xx/38xx/29xx/37xx/36xx)
• Technology: Cisco VOIP Call-Manager | Mitel Controller | SD-WAN | Site-2-Site VPN | vManage (Viptela) |
• Routing protocol - OSPF/BGP/EIGRP | Layer 2 switching
• Monitoring Tool: Solarwind Orion, Eye of the Storm (EOTS)
• Ticketing Tool: ISM
• # of sites: 105
• Worked on SDWAN projects for migrating existing WAN networks of Confidential
• Conducted site survey and evaluated the performance of Cisco and Aruba SDWAN solution
• Provided solution to network team for configuring IKEv2 Site-to-site VPN using Cisco ASA
• Troubleshooted LAN/WAN networking issues and ensured maximum uptime of the network
• Used CUCM, Cisco Unity and Mitel Controller to configure Cisco and Mitel phones for end users

Confidential, Edmonton, AB

Lead Computer Operator

Responsibilities:

• Lead a team of three computer operators and ensuring the services are being delivered in timely and accurate fashion
• Managed back up data media for Confidential supported GoA Accounts like Ministry of Health, Community and Social Services, Imagis, MAHS and ATB Account in Confidential WLDC)
• Managed inventory, created reports, maintained communication with third party in a professional manner
• Assisted to all operations personnel and ensured that the highest level of customer satisfaction is achieved
• Query system for outstanding mounts jobs and providing interpretation and resolution as appropriate
• Recognized hardware and library malfunctions and resolved problems under supervision of lead personnel
• Followed the procedures to resolve discrepancies and maintained accurate inventory by auditing quarterly

Confidential, Edmonton, AB

Network Services Specialist

Responsibilities:

• Firewall: Cisco ASA 55xx
• Router/Switch/ASR (65xx/38xx/29xx/37xx/36xx/NEXUS 7K/5K/2K)
• Technology: LAN/WAN | Cisco Data Center | Cisco Wireless |Routing protocol - OSPF/BGP/EIGRP | Layer 2/3 switching
• Shift rotation | Supervising junior team members | Training co-ordination etc.
• Monitoring Tool: Solarwind Orion, Eye of the Storm, Cisco Prime, Zabbix, Cisco Transport Manager, HP Open View
• Ticketing Tool: Confidential -Tivoli, Confidential -SCCD, BMC-Remedy, ITSM, ServiceNow, Impact, JIRA
• # of sites: > 150 for Alberta Human Services
• Lead a team of ten Network Analysts and ensured continuous delivery of services in a professional manner

Confidential, Calgary, AB

Network Analyst

Responsibilities:

• Configured Motorola Canopy 900 MHZ, 2.4 GHz, 5.4 GHz, 5.7 GHz radios, access points, BHM and BHS
• Configured Ubiquity gears like Rocket M, Nanostation M, Powerbridge M radios, access points, BHM and BHS
• Assigned field technicians with proper guidelines and followed up with them to install and resolve the problem
• Provided NOC support, monitored customers network and provided solutions
• Configured cisco switches and routers to establish connectivity
• Received calls from the clients and resolved issues within SLA

Confidential, Calgary, AB

Network Analyst

Responsibilities:

• Provided technical support to all sorts of wireless internet connectivity issues to international hotel guests on desktops, laptops, iphone, ipad, gaming console using Windows, Mac and Linux commands from remote location
• Captured client requests, incidents, issues, assigned tickets and solved the problems
• Delivered exceptional customer experience and identify opportunities to improve customer service level

Confidential, Toronto, ON

Network Engineer

Responsibilities:

• Router/Switch/ASR: (76xx/65xx/38xx/29xx/37xx/45xx/NEXUS 7k/5K/ASR1K)
• Firewall: Cisco ASA
• Risk Assessment Tools: Network Profile, Network Performance Analytics, Risk Analysis Tool, Software Operations Risk Assessment
• Technology: LAN/WAN | Routing protocol - OSPF/BGP/EIGRP | Layer 2/3 switching
• Analyzed customer networks like TD Bank, Bank of Nova Scotia (BNS), Bank of Montreal (BMO), Royal Bank of Canada (RBC), Apotex and provided Network Optimization Service (NOS) to reduce the Cost of Ownership
• Reviewed Branch Network Design based on baselines in regards of Security, HA, Manageability and Scalability
• Conducted remote knowledge transfer session to Network team of TD Bank
• Analyzed Configuration Best Practice for customer network, conducted remote knowledge transfer session to TD team
• Analyzed Proactive Software Recommendation Report (PSRR) to mitigate customer s network vulnerability
• Generated, reviewed and presented Hardware End of Sale, Software Infrastructure Analysis, Software Security Alert (PSIRT), Syslog Analysis, Configuration Best Practice (CBP), Field Notice (FN), Network Device Security Assessment (NDSA) reports to customers