SUMMARY:

A certified, self - motivated professional with more than 8+ years’ experience in design, LAN/WAN, MPLS, VLAN, Cisco Routing and Switching, Cisco VoIP, F5 BIG-IP Load Balancing, Juniper SRX/EX, Cisco ASA, Checkpoint R77 3.0/NG-1, and Palo Alto 6x/7 Next Generation firewalls migrations, deployment, implementation and troubleshooting engineer.

TECHNICAL SKILLS:

Cisco Routers: (1605, 2500, 3640, 4000, 7500, 6400, 7100, 7200)

Bay Routers: (28200/5000/350/252/250 ), Cisco Nexus 5000x, 7000x, 9000x, Cisco Aironet WAPP 1200, 1850, 3700 F5 Network BIG-IP Viprion B2100, B2250, B4000 Load Balancers, Cisco ACE -Cisco Catalyst 6500

Switches: Cisco (Catalyst 5000, 5500, 6000, 8500) Cisco Nexus 3000, 4000, 5000, 7000, 9000

Firewalls: Cisco Pix Firewall 520/515, Cisco ASA 5500, Cisco ACE 4710 load balancers Palo Alto Firewall 2000, 2050, and 4000 Security Appliances, Juniper SRX100/240, NetScreen 5GT Security Appliances, Checkpoint 1100/1120/4200 Appliances, and DDoS Protector Security, Symantec DLP Endpoint 10x/11x.

Operating Systems: Cisco IOS, JUNOS, Windows 7/8.1, Quest Migration Manager 8.0, Solarwinds 10x/11x, Windows Server 2008/R2/2010, Microsoft Lync 2010/2013, Enterprise Messaging, Blackberry Enterprise Server 12, Lotus Notes Domino Server 8.0, SCCM 2012, VMWare ESX 4.5, Checkpoint Firewall R65/67,77, Palo Alto Panorama 6x, Palo Alto 6x/7x,Good Dynamic Platform 8.0, Active Directory Enterprise 2012, SharePoint Server Farm 2010, Microsoft Lync 2010 Enterprise, Layer 7 API Management Suite, SSL, SOA, SSO.

CLOUD COMPUTING SERVICES: AWS Identity and Access Management (IAM), Amazon Cloud Watch, AWS Cloud Formation (infrastructure templates), Amazon Cloud Search, Layer 7 API Management Suite, SSL, SOA, SSO, Mobile Access Gateway, Secure Span Gateway, Bluecoat Web Proxy SG 6.4/6.5.

EMPLOYMENT HISTORY:

Confidential, Pittsburgh, PA

F5 Engineer

Responsibilities:

• Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform during new data center migration from Citrix Netscaler 9.3 and Cisco ACE 4100x/4700; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, LTS 1.2, and HA vCMP provisioning.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support for Oracle Database and RAC Single Sign On Authentication.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Deployment & troubleshooting of L2/L3 TCP/IP, Multilayer Switching, QoS, IPSec, UDP Ethernet, Voice & Data Integration & IP Routing Protocols RIP, EIGRP & OSPF, VPN concentrators, F5 LTM GTM load balancer support.
• Implemented F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection, configuring and managing F5 Web Accelerator module and Application Security Module (ASM) technology or with similar/competing ADC and Security product solutions.

Confidential, Dallas, TX

Network Engineer

Responsibilities:

• Responsible for migrating new F5 Viprion B2100 to B2250 load balancing platform; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, and vCMP administration.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Utilized Netscout and Wireshark for implementing enterprise monitoring and configuring F5 Big-IQ, BIG-IP Application Security Manager, Advanced Firewall Manager and BIG-IP DNS, GTM/LTM, ASM, AFM, and HTTPS for the F5 BIG-IP 3900 and 6900’s.

Confidential, Temple, TX

Network Security Engineer

Responsibilities:

• Provided daily remote administration, implementing, configuring, and troubleshooting Checkpoint R77, Juniper SRX, Palo Alto, Blue Coat Web Proxy SG 200/SWG VA 100 appliances, Cisco VoIP deployment, and F5 GTM/LTM Big-IP load balancing solutions.
• Responsible for deploying and managing multiple types of security appliances such as: Security Information and Event Management (SIEM), Intrusion Prevention/Detection Systems (IPS/IDS), Data Loss Prevention (DLP), Web Application Firewall (WAF), public key infrastructure (PKI), and SSL encryption.
• Installed, configured, and supported the Symantec DLP environment of 15,000 + production endpoints, by assessing Symantec Endpoint Protection workstation installations for security improvements and enhancements.
• Provided Symantec DLP Cloud Prevention for Microsoft Office 365, DLP Cloud Storage, Cloud File Sync, ActiveSync, Auto Discover, DAG, RBAC, PowerShell, E-Discovery, OAB, EAC, Public Folders, Exchange client protocols, Exchange Server Roles, DNS, IIS, AD, and SSO administration.
• Provided implementation, administration, and troubleshooting of Exchange Online, Exchange Online Protection, Skype for Business, Active Directory 2008/2012, Microsoft Exchange Server 2013 deployments, Azure Active Directory, and Active Directory Federation Services (ADFS).
• Implementation and support of a highly available multi-domain directory infrastructure platform, assess, and review future directory architecture solutions, 3rd party directory management tools/applications and implement life cycle maintenance processes, utilizing AD Self Service Plus, AD Audit, Event Log Analyzer, Recovery Manager, and AD Manager, and ADFS.
• Assisted in the Office 365administration and support for, MS Exchange, Microsoft Exchange and Lotus Notes O365, Office 365, Cloud Migration Exchange, Integration Microsoft, Lync 2010/2013 utilizing Quest Notes Migrator for Lotus Notes 8, Azure Active Directory Sync.
• Provided direct SharePoint-Office 365 configuration, managing, and troubleshooting SharePoint environments including: managing site permissions, performing user adds/changes/deletes, setting up and monitoring alerts, creating new sites, enforcing defined standards and policies, creating and managing templates.
• Participated in the design and migration of the Hybrid CUCM / Lync 2010 Enterprise Voice topology to a Lync 2010 Enterprise Voice + Lync IP Phones for 30 + Office topology.
• Migrated VI environment from Dell Blade solution to Cisco UCS B-series, configured Polycom DMA Super-cluster, CMA, RMX, and VBP integration with Lync 2010 Enterprise Voice, CUCM, and Sonus SBCs.
• Provided direct administration and support for SIEM log analysis, correlation and optimization; endpoint protection; Anti-malware; vulnerability scanning and management, incident response, and malware analysis.
• Provided regular enterprise IPS/IDS perimeter analysis for threat analysis, security filters, regression testing and configuration management, utilizing Tipping Point Security Management System NX.
• Provided Cisco Call Manager 8x/9x administration, utilizing the CUCM BAT tool for PSTN, VoIP, T1/PRI, MPLS, Frame Relay, ATM, ISDN and systems interconnectivity, VoIP QoS issues and mitigation strategies for (G711, G729), Session Border Controller, SIP Trunk, Call Routing, Line Grouping for the Avaya platform.
• Supported Cisco VG224, VG248, H.323 Gateway, MGCP Gateway, includes Cisco Intelligent Contact Management (ICM), Cisco Call Manager, Cisco Customer Voice Portal (CVP), Cisco Voice over IP (VoIP) Gateways and Cisco 8800 series IP Phones.
• Deployed, configured, and supported Cisco Unified Communications Manager (8.6+), Unity Connection, and light UCCX (8.5/9x), troubleshooting network configuration, including IP SLA rules and tracks.
• Utilized Unified CCX and Unified ICM scripting to configure call types, email contacts, post routing, IVR’s, and Outbound configuration deployments.
• Responsible for the deployment of new Microsoft 365 Skype for Business Enterprise Voice environment, implementing, configuring, and integrating Lync Server 2013, Cisco Unified Communications Manager, Cisco Unity and Cisco Session Manager, Audio Codes SIP gateways, and VoIP troubleshooting including log analysis, tracing and packet capturing.
• Provided day-to-day administration and support of an OSPF/BGP Netscreen firewall WAN with dual-stack IPV4/IPV6 environment.
• Daily administration of over 100 Netscreen firewalls using NSM (Netscreen Security Manager), configuration, implementation, and problem determination across the major firewall platforms, including rule implementations, VPN setups, upgrades, new builds.
• Responsible for the configuration, installation, troubleshooting and maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series, Panorama 6.7/7.1.
• Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone based integration, and analyzing syslogs, and utilizing wild fire feature in Panorama 6.7.
• Responsible for supporting the current F5 BIG-IP load balancing platform; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, IPv6, SSL administration.
• Utilized Netscout and Wireshark for implementing enterprise monitoring and configuring F5 Big-IQ, BIG-IP Application Security Manager, Advanced Firewall Manager and BIG-IP DNS, GTM/LTM, ASM, AFM, and HTTPS for the F5 BIG-IP 3900 and 6900 platforms.
• Responsible for the deployment, configuration, and implementation of the Bluecoat ASG S200 and S500 appliances for the application delivery platform with F5 BIG-IP Viprion https, ASM, and LTM environment.
• Deployed and maintained enterprise intrusion detection systems and prevention systems (IDS/IPS) Sourcefire for organization’s dispersed high traffic volume networkimplemented Bluecoat Web Proxy SG 6.5 with SSL inspection solutions.
• Provided Blue Coat SG 200/SG500 administration supporting Director, Profile Creations, Content Policy, Content Collections, Creating and Distributing URL Lists, and Appliance Certificate compliance.
• Utilized Blue Coat’s CPL for creating rule based policies for the SWG VA100 appliances, within the Management Center v1.2 GUI and the Visual Policy Manager SG 6.0.2 GUI.

Confidential, Atlanta, GA

Sr. Network Engineer

Responsibilities:

• Provided effective network engineering support for global enterprise platform, performing the design, implementation, configurations and troubleshooting Cisco routing/ switching, Cisco Wireless, Cisco UCCM, Cisco ASA, Checkpoint, Juniper SRX/NX, Palo Alto 6x/7x, F5 Load balancing, MS Exchange 2012, Active Directory 2012, and Window Server 2008/2012 for global datacenter environment.
• Provided solutions collaborative solution based on Microsoft technologies, covering Exchange, Lync, Office 365 for migrating over 10,000 users from Lotus Notes to MS Exchange 2012; Quest NDS Migratory, GroupWise Migrator, QMM AD and QMM Exchange tools.
• Provided implementation, administration, and troubleshooting of Exchange Online, Exchange Online Protection, Skype for Business, Active Directory 2008/2012, Microsoft Exchange Server 2007/2010/2013 deployments, Azure Active Directory, and Active Directory Federation Services (ADFS).
• Provided direct SharePoint-Office 365 configuration, managing, and troubleshooting SharePoint environments including: managing site permissions, performing user adds/changes/deletes, setting up and monitoring alerts, creating new sites, enforcing defined standards and policies, creating and managing templates.
• Participated in the design and migration of the Hybrid CUCM / Lync 2010 Enterprise Voice topology to a Lync 2010 Enterprise Voice + Lync IP Phones for 30 + Office topology.
• Migrated VI environment from Dell Blade solution to Cisco UCS B-series, configured Polycom DMA Super-cluster, CMA, RMX, and VBP integration with Lync 2010 Enterprise Voice, CUCM, and Sonus SBCs.
• Responsible for the deployment, configuration, and implementation of the Bluecoat ASG S200 and S500 appliances for the application delivery platform with F5 BIG-IP Viprion https, ASM, and LTM environment.
• Deployed and maintained enterprise intrusion detection systems and prevention systems (IDS/IPS) Sourcefire for organization’s dispersed high traffic volume networkimplemented Bluecoat Web Proxy SG 6.5 with SSL inspection solutions.
• Provided Blue Coat SG 200/SG500 administration supporting Director, Profile Creations, Content Policy, Content Collections, Creating and Distributing URL Lists, and Appliance Certificate compliance.
• Utilized Blue Coat’s CPL for creating rule based policies for the SWG VA100 appliances, within the Management Center v1.2 GUI and the Visual Policy Manager SG 6.0.2 GUI.
• Installed, configured, and supported the Symantec DLP environment of 10,000 + production endpoints, by assessing Symantec Endpoint Protection workstation installations for security improvements and enhancements.
• Provided Symantec DLP Cloud Prevention for Microsoft Office 365, DLP Cloud Storage, Cloud File Sync, ActiveSync, Auto Discover, DAG, RBAC, PowerShell, E-Discovery, OAB, EAC, Public Folders, Exchange client protocols, Exchange Server Roles, DNS, IIS, AD, and SSO administration.
• Utilized Tripwire Enterprise 8.1 for deploying, monitoring, and integrating application security solutions (including SaaS security solutions), endpoint security solutions (antivirus, desktop firewall, web content filtering, and intrusion prevention), encryption solutions (full disk, file/folder), data loss prevention (DLP), SIEM and enterprise log management systems for corporate environment.
• Utilized Tripwire and Symantec CCS Host configuration monitoring and management, Host-based Data Loss Prevention technologies RSA DLP for Log management, event monitoring and reporting.
• Provided direct administration and support for SIEM log analysis, correlation and optimization; endpoint protection; Anti-malware; vulnerability scanning and management; incident response, and malware analysis.
• Provided regular enterprise IPS/IDS perimeter analysis for threat analysis, security filters, regression testing and configuration management, utilizing Tipping Point Security Management System NX.
• Performed the prerequisites and test environment configuration for implementation plans (system builds, test plans, documentation), and forecasting identification of resource requirements for Cisco ACE 4710 to F5 Viprion 4000 Chassis-B2250 migration for organization’s data center environment.
• Utilized Netscout and Wireshark for implementing enterprise monitoring and configuring F5 Big-IQ, BIG-IP Application Security Manager, Advanced Firewall Manager and BIG-IP DNS, GTM/LTM, ASM, AFM, and HTTPS for the F5 BIG-IP 3900 and 6900 platforms.
• Responsible for migrating new F5 Viprion B2100 to B2250 load balancing platform; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, and vCMP administration.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Deployment & troubleshooting of L2/L3 TCP/IP, Multilayer Switching, QoS, IPSec, UDP, Ethernet, Voice & Data Integration & IP Routing Protocols RIP, EIGRP & OSPF, VPN concentrators, F5 LTM GTM load balancer support.
• Implemented F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection, configuring and managing F5 Web Accelerator module and Application Security Module (ASM) technology or with similar/competing ADC and Security product solutions.
• Responsible for the deployment of new Microsoft 365 Skype for Business Enterprise Voice environment, implementing, configuring, and integrating Lync Server 2010, Cisco Unified Communications Manager, Cisco Unity and Cisco Session Manager, Audio Codes SIP gateways, and VoIP troubleshooting including log analysis, tracing and packet capturing.
• Assisted in the design, implementation, integration, customization, and supporting the Layer 7 SSL/TLS API Management Suite, SecureSpan Gateway, SSO, and Mobile Access Gateway for Citrix Netscaler 10x/11x, Proprietary Business Applications, and Amazon Web Services platform.
• Created load balancing implementation plans and configurations, and migrating the Cisco ACE 4710 deployment and migrating to the F5 BIG-IP 4200 LTM/GTM, and iRules load balancer, to ensure network interoperability, and documenting existing and proposing load balancing infrastructure solutions.
• Deployed, configured and managed Symantec Endpoint Protection Management servers and clients in a corporate environment of 7,500 production endpoints, assessing Symantec Endpoint Protection workstation installations for security enhancements.
• Responsible for implementation and administration of network security hardware and software, enforcing the network security policy and complying with requirements of external security audits and recommendation.
• Utilized Wireshark and Solarwinds to analyze network traffic, IDS monitoring & analysis distinguish potential intrusion attempts from false alarms, and creating security alert notifications.
• Responsible for deploying and managing multiple types of security appliances such as: Security Information and Event Management (SIEM), Intrusion Prevention/Detection Systems (IPS/IDS), Data Loss Prevention (DLP), Web Application Firewall (WAF), public key infrastructure (PKI), and SSL encryption.
• Responsible for the design, installation, and configuration of 50+ Checkpoint Firewall-1 2000 (v41) and Checkpoint Firewall-1 NG (v50) firewalls operating on the Nokia IP series Network Appliance Platform (NAP) with Checkpoint Provider-1 with SmartCenter in the corporate data center as well as remote offices.
• Checkpoint User Center management and licensing (HA Configuration hot/standby, user/profile management, object auditing and reclamation, rule base rewrites, Smart updates to manage license repository, SmartView Tracker for auditing and troubleshooting, traceroute, ping, tcpdump using complex filtering, zdebug and fw monitor.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint, Juniper, Cisco ASA, and Palo Alto firewalls.
• Configured the Nokia IP platform including 330, 440, 650 and 740 in DMZ, Extranet, and Internet zones, the Policy Rules, DMZ, IPS, DLP and UTM and Multiple VDOM's for 12 remote offices on the Checkpoint R77 and Palo Alto firewall platforms.
• Provided direct Checkpoint R77 administration supporting firewall platform; deployment, problem analysis, solutions development and implementation, vulnerability assessment, rules creation, establishing and enforcing policies, NAT'ing, Site-to-Site VPN connections, BGP, RIP, QoS, Active-Active and Active-Passive failover, Smart View Tracker, DMZ, GAIA, and Nokia IPSO administration.
• Performed regular checks of servers, firewall, antivirus, and intrusion detection systems Provide exceptional incident-response and perform forensic investigations.
• Implemented of the Cisco VPN’s includes the following configurations: Internet Key Exchange Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmac.
• Implementation of Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components: three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps' traffic, zone-pairs, and application of policy to zone pairs.
• Implemented include PAT with NAT exemptions for the VPN traffic on the Cisco ASA5505, and PAT using a route-map to exclude VPN traffic from translation on the Cisco 1841 ISR.
• Responsible for configuring, implementing, and troubleshooting Cisco Security Devices including Cisco PIX/ ASA Firewalls, Cisco VPN concentrators, Site-to-Site and Client to Site VPN’s, Cisco NAT and access rules on PIX/ASA Firewalls; including Failover on PIX/ASA Firewall (Active/Standby & Active/Active), DMZ configurations.
• Provided direct support for the following: Analysis & Response, ID & Remediate: Cisco Security Manager, Cisco ACS Radius, Cisco GNAC administration.
• Performed Firewall NAT, policies, routing, ACLs, and application troubleshooting setup, configuration, maintaining, and support of the Cisco Firewalls, VPN Concentrators and Security appliances for access to vital business applications.
• Responsible for implementing Palo Alto Firewall 6.1.9 Panorama platform administration; including rule set configurations, network security software and hardware, security monitoring systems, encryption software, threat and vulnerability management services and software, identity management solutions, application security, VPN, and URL filtering.
• Provided Palo Alto administrative technical support with Secure Keys, High Availability HA ports for the PA-3000 Series, PA-4000 Series, PA-5000 Series, and PA-7050 firewalls and the HA Ports on the PA-7050 Firewall appliances, VPN, Layer 2/3, Mobile Security and Virtual Wind deployment administration, User ID, App ID, and Content ID Agent configurations, RADIUS, LDAP, and IPSec, SSL tunneling.
• Deployed and maintained enterprise intrusion detection systems and prevention systems (IDS/IPS) Sourcefire for organization’s dispersed high traffic volume networkimplemented Bluecoat Web Proxy SG 6.5 with SSL inspection solutions.
• Provided Blue Coat SG 200/SG500 administration supporting Director, Profile Creations, Content Policy, Content Collections, Creating and Distributing URL Lists, and Appliance Certificate compliance.
• Utilized Blue Coat’s CPL for creating rule based policies for the SWG VA100 appliances, within the Management Center v1.2 GUI and the Visual Policy Manager SG 6.0.2 GUI.
• Provided day-to-day administration and support of an OSPF/BGP Netscreen firewall WAN with dual-stack IPV4/IPV6 environment.
• Provided JUNOS-Juniper firewall implementation, configuring and troubleshooting for the EX-2200, EX-4200, EX-4500 switches, SSG 550M, ISG 2000, SRX-210, SRX-240, SRX-650, SRX-1400, SRX-5800 series Firewall; including the Juniper Q-Fabric lab including QFX3100-Director Device, QFX-3600 and QFX-3008-Interconnect Devices.
• Configuration and management of Juniper SSG/ISG firewalls (Screen OS) using the GUI management interface and CLI (VPNs, static/dynamic routing, multiple, switching, NAT, policies, and iRules.
• Provided Cisco Call Manager 8x/9x administration, utilizing the CUCM BAT tool for PSTN, VoIP, T1/PRI, MPLS, Frame Relay, ATM, ISDN and systems interconnectivity, VoIP QoS issues and mitigation strategies for (G711, G729), Session Border Controller, SIP Trunk, Call Routing, Line Grouping for the Avaya platform.
• Responsible for operational maintenance of Cisco VG224, VG248, H.323 Gateway, MGCP Gateway, includes Cisco Intelligent Contact Management (ICM), Cisco Call Manager, Cisco Customer Voice Portal (CVP), Cisco Voice over IP (VoIP) Gateways and Cisco 8800 series IP Phones.
• Deployed, configured, and supported Cisco Unified Communications Manager (8.6+), Unity Connection, and light UCCX (8.5/9x), troubleshooting network configuration, including IP SLA rules and tracks.
• Implemented Cisco IP Telephony solutions by translating business requirements into project plans thru implementation of Cisco IP Telephony applications including Cisco CVP/ICM (Cisco Voice Portal/Intelligent Contact Manager) Enterprise call routing, Cisco IPCC (IP Contact Center), VXML (Voice Extensible Markup Language) Gateways..