QUALIFICATIONS SUMMARY

Intuitiveresult driven Network Engineer professional with 9 years of notable success directing a broad range of corporate IT Solution in Network Engineer, Security and Data Center while participating in planning, analysis, and implementing of solution in support of business objective.Providing comprehensive secure network Design,system analysis and hands-on experience leading all stages of system development effort, including requirements definition, design, architecture, testing and support. Outstanding project and program leader and expert in subject matter expert with VMware ESXI, Cisco, Gaia, IPSO 6.2,F5,GTM ,CiscoISE,Nexus 5K,7K and 2K,IPSec, SSL VPN, Campus Design and Firewall from GAIA operating system to ASA firewall system . Expert knowledge routingprotocol EIGRP,OSPF,and BGP. Advanced knowledge in Cisco 3550 switch, 2950,6500 switches and 7600 Routers ,windows ,Linux and Kali.

AREAS OF EXPERTISE

• Network Security /Routing and Switching. RiskAssessment/Impact Analysis.
• Research and Development. Technical Specifications .
• Network Designed /Implementation. Team and Project Leadership.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential

• Planned and determined security requirements by evaluating business strategies and requirements, researching network security standard, conducting system security and vulnerability analysis.
• Manages information security aspects of IT projects, ensuring security protocols are in place and compliance with other applicable information security policies. Analyzes project plans to determine security requirements and follows up to ensure security of new systems
• Assists senior staff in supporting internal audit and external regulators with compliance issues and investigations. Provides supporting documentation for information security processes and procedures
• Enhanced security team to accomplish and competence by planning delivering of solutions answering technical and procedural questions improved processes and mentoring team members.
• Built and configured solutions in the production environment including documenting the security infrastructure and design.
• Develops, reviews and updates related security reporting systems. Develops new reporting criteria based on security policies. Periodically reviews security related systems and reports exceptions to management for resolution. Recommends new reporting capabilities and processes for management review. Implements new reporting and monitoring capabilities
• Determined and updated strategy of network security devices with a focus on capacity, manageability, and security of new and existing security infrastructure.
• Gathered and analyzing security specific requirements,identified gaps in the security architecture and developing solutions to best address any identified gaps.
• Designs security parameters for new systems and business applications and verifies conformance to existing security goals and policy. Coordinates implementation of new security systems and upgrades to systems
• Plan, co-ordinate to separate current production firewall network to different zone.
• Remediation PCI standard for Network security and Data security based on corporate policy.
• Used security vulnerabilities scanning tools Nmap , Nessus, and metasploit network security device and servers.
• Maintains current knowledge of information technology environment, proactively pursuing knowledge of new and developing technologies.
• Configured URL filtering in Palo Altofirewall and analysis firewall policy for PCI remediation.
• Reviewed fifty four ASA firewall current rules and configuration for PCI version 2.0 standard .
• Install and configured Pola alto firewall in new retail store and configured it sub-interface mode.

Network Security Architect

Confidential

• Maintains information security systems and architecture across Company's infrastructure including related communications hardware and software. Applies developed knowledge of information systems technology to execute plans for implementing information security structures
• Planned security system by evaluation network and security technologies, designs public key infrastructures PKIs ,including use of certification authorities CAs and digital signatures as hardware and software adhering to industry standards.
• Plans ongoing intrusion and vulnerability testing. Reviews logs and reports, analyzing results to determine vulnerabilities and takes correction action as needed.
• Enhanced network department and organization reputation by accepting ownership for accomplishing new and different requests explored opportunities to add value to corporate information security policies and procedure.
• Managed problems,maintain vendor relationships,and assist operations with vendor escalation.
• Maintain the network forensics infrastructure to ensure absolute availability of critical security alerting, investigated andresponded.
• Developed and maintain comprehensive security documentation including design requirements, network diagrams, dataflow diagrams, application communication diagrams, support diagram, and project documentation.
• Planed, coordinated, designed, and the installation, configured, maintenance and support network security devices, worked with other disciplines and business units to propose, implement and enforce network security best practice.
• Provided leadership to deploy, monitor, test and tune network device and system to provide optimal network security and performance, performed subject matter expert including Checkpoint firewall, Cisco device and F5 load Balancer.
• Performance, coordinating planned maintenance,adjusting hardware component and responding to network connectivity issues, regularly leads in the technical assessment and delivery of specific technical solutions to the customer, provided a team structure conducive to high performance, and managed the team lifecycle states.
• Managed thirty six checkpoint firewall and deployed firewall rules based business requirement, collected and determines data from appropriated sources to assist in determining customer needs and requirements, response to requests for technical information from customers ,developed customer technology solution and engaged in technical problem solving across multiple technologies often needs to develop new methods to apply to the situation.
• Configured OSPF, static route all thirty six checkpoint firewall including all productions site, remote site, provided all high level complex firewall issues and troubleshoot all firewall routing issue not limited to application.
• Monitored all firewall device by using checkpoint firewall smart monitored, Solar Wind, and What's Up Gold application.
• Configured firewall with high availingly mode VRRP Clustering technology, failover each firewall to ensure the firewall redundancy and troubleshoot for necessary requirement.
• Visited customer all remote site to troubleshoot various firewall including SIC communication and troubleshoot L3 connectivity.
• Configured F5 device, created server pool, VIP, and assigned appropriated pool to virtual server IP and analysis traffic thorough F5.
• Upgrade F5 v9 to v10 and backup old configuration.
• Documented all firewall and other server incident report and updated to all team member.
• Addressed WAN Dark fiber circuit issue two different site and notified circuit people the issue.
• Implemented full mesh connectivity with Router, switch and checkpoint firewall to achieve full redundancy.
• Configured SNMP3 for firewall monitoring with solar wind application and restricted access to firewall unauthorized users.
• Solved all routed issue with firewall such static route,OSPF area mismatch and advance redistribution issue.
• Monitored NID device everyday to indent malicious activity in corporate network.
• Hands on install and configured Checkpoint R75.40 firewall ,ipso 6.2 software version IP appliance 1280,695,and 295.
• Assigned to various firewall and network Engineer to configure Cisco and Checkpoint firewall based company requirement.
• Migrated ACS server to Cisco ISE-V 1.2 environment and created all policy for node and servers.
• Setup Vulnerability scanner on Kali Linux and tested two hundred servers, mitigated ARP spoofing,DHCP starvation, man in middle attack.
• Configured port base authentication for all host and servers, setup web-Based user authentication, AD, MACsec, and trust Sec.
• Configured device admin RADIUS authentication ,profiling ,probing and mac authentication Bypass, wired 802.1x and Machine authentication with PEAP.
• Posture assessment with NAC agent ,web agent ,sponsor ,guest and configured cisco BYOD best practice .

Network Engineer

Confidential

• Manipulated traffic with various BGP technic to successfully redistribute to BGP domain from EIGRP and troubleshoot.
• Worked multi-vendor product, configured as business requirement and troubleshoot network related as client request.
• Ensured port security each connected node and allowed maximum MAC address based on customer requirement.
• Test full failover both primary and backup site, documented each test result and upload in SharePoint site.
• Designed network diagram by using Microsoft Visio and documented all designed in details also illustrated each designed well-defined in Visio.
• Prevent loop between BGP and EIGRP, configured route map, access list to implement to production and customer remote site.
• Configured all cisco device to implement proper routing protocol.
• Converged existing network infrastructure with other vendors and organized proper documentation.
• Provided troubleshooting, diagnostic, performance analysis and Documentation across multiple platforms including network, server and infrastructure issue.
• Supported monitored overall network infrastructure, troubleshoot BGP,EIGRP and documented properly, configured IP summery address routed to EIGRP and BGP Domain.
• Technologies supported but not limited to include dial up connections, ISDN, frame relay, T1/E1,ATM,MPLS, HSRP, NAT, Quality of Service, Voice over IP,WLAN, Redistribution
• Designed and Configured Nexus 7000/5000/2000 in Top of Rack End of Row Architecture for a Scalable Production Network that supports Rack Blade server architecture in a Multi-Tenancy environment using vPC, VDC VRF
• Designed and Implemented Nexus 7K/5K/2K and Catalyst 6500/4900/3750-X in a complex DC Core/Aggregation/Access layer on a 10G backbone in Production and DR Data Center
• Manage all aspects of Network Installation ,Configuration and Troubleshooting networking issues and security breaches
• Designed and Implemented Overlay Network Management Network to manage all our Production Devices with Syslog, Cisco Secure ACS, TACACS and Solar winds NPM.
• Traveled to various location work with firewall policy, physical connectivity issue and documented each enter user and client interview.
• Configured F5 LTM, created pool, virtual server and assigned SSL Certificate Termination and configured various F5 Monitor and profiles.
• Configured and setup Palo Alto firewall in DMZ environment with clustering mode.