SUMMARY

• T - shaped Sr. Network Engineer with tested and proven proficiency on enterprise-scale Network and Security Infrastructures on-premises and AWS cloud.
• With over than thirteen years of experience in Engineering, Design, Implementation, Operation and Support of Network and Security infrastructures, a steadily progressing interest and expertise in different fields around the Information Technology Industry.
• Another five years of architecting, supporting and maintaining high available, scalable, fault tolerant and resilient architectures/applications on AWS cloud.

TECHNICAL SKILLS

• Tier IV experience within a Telecom Operator.
• Routers (Cisco 7200, 3600, 2600, 2800, 1800, 1700), Cisco Catalyst Switches (6500 “with Sup 720”, 4500, 3700, 3500, 2900).
• Cisco Firewalls, PIX (535, 525, 520, 515, 506), ASA 5500, FWSM, VPN Concentrator 3000 series, Cisco IOS Firewall feature set (IOS 12.X).
• Juniper NetScreen Firewalls (NS-5GT, NS-204, NS-208, NS-500, SSG 520, ISG 1000). Juniper SSL VPN SA-4000.
• Security products like IPS/IDS (ISS Proventia) and SIEM (AlienVault)
• Cisco NAC (CAS, CAM … ), Wireless (WLC, WCS …), CS-MARS and 802.1x / network access control.
• F5 BIG-IP LTM and LoadMaster (KEMP Technologies) load balancers,
• AWS (Amazon Web Services) design and architecture (EC2, VPC, VPN, S3, Route53, IAM ...)
• Manage CiscoWorks LMS for Cisco LAN Management, and provide periodic reports.
• STM, T-1, E-1, Ethernet (Gigabit Ethernet, Fast Ethernet) FDDI,
• Routing Protocol (BGP4, OSPF, EIGRP, IGRP, RIP), Routed Protocol (TCP/IP, IPX/SPX).
• Implemented QoS using FIFO, Weighted Fair Queuing, Priority Queuing, Custom Queuing, RSVP, RED, CAR.
• Implemented SNMP on devices for network management.
• Implementation, Upgrade and Management of HP Openview Server for network management (NNM).
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route-maps and PBR.
• Implementation of HSRP, NSRP, DHCP, DNS, FTP, TFTP, MRTG.
• Unix/Linux (RedHat, CentOS, Ubuntu, Sun Solaris …etc), Windows Servers, MS Office,
• Automation of management and administration tasks using scripts (Shell scripts),

PROFESSIONAL EXPERIENCE

Confidential

Sr. Network Engineer

Responsibilities:

• Manage and handle all LAN/WAN related issues and improvements,
• Secure Network, prevent and mitigate D/DOS attacks using Firewalls, DMZs, WAF, Security policies, ACLs, NATs, PATs …
• Manage, configure and maintain IP-Sec VPN (Site-to-Site/Multipoint), using GRE supporting OSPF, and clientless/client users’ VPN,
• Act as the “head of security” (SME) person, evaluate, provide guidance and propose security solutions; advise users, train and educate them to raise awareness about security risks,
• Architect, design and deploy AWS solutions using EC2, VPC, VPN, S3, Route53, IAM, CloudFormation …etc
• Planned, prepared, managed and executed Confidential ’s Data Centers move from bare walls to exploitation,
• Work with different vendor’s supports and carrier providers to open and resolve tickets for problems as they arise,
• Manage a team of a Junior and two Technicians,
• Deploy NSA/CSS SNAC (System and Network Attack Center) and CIS guidance and benchmarks.
• Manage load balancers (F5 and KEMP Technologies) by configuring new services with different policies, persistence, iRules …etc
• Configure and manage BGP peering and policy with multiple carriers (Verizon, TWC, AWS, FRGP, Cogent and NYSERNet “Internet 2”),
• Designed, planned, implemented then managing Cisco wireless platform (Cisco WLC and Light Weight Access Points),
• Manage, upgrade and monitor Network devices, Load Balancers, DNS, web application analysis systems … etc on daily basis,
• Install and configure different Linux-based systems (Monitoring: MRTG, NTOP, Net-flow; VPN: PPTP, L2TP; Inventory: GLPI, OCS-Inventory, Ticketing systems, SMTP Postfix, Exim4 … etc).
• Manage, integrate and secure Confidential ’s services on the cloud (AWS, CloudBees, JIRA …etc).
• Troubleshoot, conduct scans and assess Network issues, then patch vulnerabilities and mitigate DDOS attacks (Wireshark, Fiddler, TCPDump, Nmap, Nessus, Metasploit, SIEM, Cisco Network Analysis Module -NAM-, MRTG, Syslog, Net-flow, CS-MARS…),
• Evaluate email architecture for internal and external customers to help establish appropriate mail architecture, security and SPAM management (SonicWall, IronPort, Spam Assassin),
• Evaluate new technologies and make recommendations in regards of integration into the existing network.
• Recommend upgrades, patches, and new applications or equipment, based on budget and future vision,
• Support the Help-Desk team and act as a level 2 support,
• Implement ITIL V2 best-practices,
• Manage and maintain “CCNA Help/materials” and “AWS Users and Architects in NYC Area” groups on confidential

Confidential

PIX Firewall consultant

Responsibilities:

• Recover PIX, Routers and Switches from disaster situation; and restore the services back.
• Check the security policy and configure IP-Sec VPN Tunnels with CRC’s customers.
• Installation, Configuration, and Hardening of FTP Servers (on Linux).

Confidential

Sr IP Network / security Engineer

Responsibilities:

• Installation, configuration, support and follow up of the IP Network Infrastructure (Switching, Routing « Cisco », QoS, IP-Sec VPN (Site-to-Site), LAN/WAN, WiFi “WLC, WCS”, NAC (CAS, CAM …), Security, Integration of new platforms and deploying of new POS Nedjma),
• Secure the infrastructure with Firewalls (Cisco PIX/ASA, Cisco FWSM, Juniper Netscreen),
• Manage the IDS/IPS "Intrusion Detection System / Intrusion Prevention System" (ISS Proventia G400 IBM with SiteProtector),
• Manage VPNs (Juniper SSL VPN, CiscoSecure ACS and RSA SecureID),
• Integration of new platforms on F5 BIG-IP (Load Balancer),
• Managed WebSense (Web filtering) with different policies to block/limit access to the Internet,
• Managed the Web Proxy BlueCoat SG (Proxy Server),
• Manage HP OpenView NNM (Network Node Manager) to monitor Servers, Switches, Routers, …,
• Managed a small team of 3 Junior Engineers,
• GPRS integration and support (SGSN-GGSN and GGSN-IP network Gi interface, APNs).
• CDR collection to Billing system integration and support (from all GSM network elements)
• Integrate GSM platforms (MSC, MMSC, SMSC, IN ….etc) to the IP Infrastructure and guarantee the Security support and troubleshooting.
• Integration and support of Convergent Platform (Volubill, HP OCSAC …) for WAP, MMS, and Internet traffic to the existent solution (non-convergent).
• Integration of USSD, Wi-MAX, Push-To-Talk, VoIP, Call Center platforms to the IP Infrastructure.
• Troubleshoot Network issues (Ethereal, Wireshark, Cisco Network Analysis Module -NAM-, MRTG, Syslog, Net-flow, CS-MARS…).
• Resolve complex problems and attacks over the Network.