SUMMARY:

• Accomplished Network Engineer with over 13+ years of experience in design, deployment, implementing,and troubleshooting LAN/WAN, MPLS, VLAN, Cisco Routing and Switching, Cisco VoIP, F5 BIG - IP Load Balancing, Fortinet, Juniper SRX/EX, Cisco ASA, Checkpoint R77 3.0/NG-1, and Palo Alto 6x/7 Next Generation firewalls, Network Security, SEIM, DLP, and IPS/IDS for data center environments.

TECHNICAL SKILLS:

Routers: Cisco, Juniper, Huawei Switches, Bridges, Hubs Cisco, Juniper, Dell, HP

Load Balancers: Cisco CSS, F5 Networks (Big-IP), Foundry

Point Application Orientated: Cisco ACE (Application Control Engine Module),Cisco ISE NAC

WAN Optimization: Cisco WAAS, Riverbed Steelhead Appliances

Security: VPNs (Site-to-Site, IPSec, Remote Access, SSL, WebVPN, GET VPN, DMVPN, ezVPN), Cryptography, AAA, Radius, TACACS+, Kerberos, Cisco CAR Radius Proxy, Cisco Authentication Proxy, Access Lists, NBAR, IOS Firewall, IOS Security, 802.1x, CBAC, DDoS prevention, Cisco IDS, Cisco IPS, Cisco CSA, CiscoWorks Firewall & IDS MC, PKI, CA, Cisco Secure ACS, Cisco VPN Concentrator, Cisco PIX / ASA Firewalls, Cisco Sourcefire/Firepower 5512X, 5515X, 5520, 5525X, Palo Alto 6/7, JUNOS, Checkpoint R75/77, Nokia VPN-1/Firewall-1 NG, Fortinet Fortigate 30D, 60D, and 90D series, Citrix Netscaler GSLB.

Penetration Testing: Network & Web Application Penetration Testing, Vulnerability Assessments, Social Engineering. Tools CANVAS PRO, Vulndisco, VOIP Pack, Riverbed, AWS, DLP, SEIM

WLAN (Wireless LAN): Cisco Access Points and Bridges (standalone and controller based), 802.11a, 802.11b, 802.11g, 802.11n standards, WLAN antennas, Cisco WLSE, Wireless L2/L3/Fast Roaming, WLAN Security (“WEP”, WPA & WPA2 / AES, 802.1x, EAP, PEAP, LEAP, TKIP), Cisco Wireless Mesh Networking, Cisco Unified Wireless Networks, Wireless LAN controllers & WiSM blades, Cisco Wireless Control System (WCS), Cisco Network Control System (NCS), WDS, Controller based infrastructures (LWAPP / CAPWAP), Cisco LBS, Cisco MSE (Mobility Services Engine), RFID Technology, Cisco Service Selection Gateway (SSG) / SESM, Cisco Clean Air, BYOD, Band Select, Client Link, Cisco AnyConnect, Aruba Wireless Controllers 600, 3200, 3400, 3600, Aruba Access Points.

Routing: Static Routing, RIPv1, RIPv2, RIPnG, IGRP, EIGRP, OSPF, IS-IS, BGPv4, ODR, GRE, MPLS,IPv6, Traffic Engineering, Policy Based Routing PBR, TCP/IP, IPX/SPX, PPP, NetBEUI, DLC, Ethernet, Fast Ethernet, Token Ring, SMTP/POP3/IMAP/LDAP, FTP, Telnet, SNMP, RMON, WINS, DHCP, DNS, Frame relay, ATM, OSPF, BGP, RIP, RIP2, EIGRP, LTM, GTM, TLS, IPsec, APM, ASM, AWS, DNS ANYCONNECT, DNS ANYCAST Route Filtering, Redistribution

PROFESSIONAL EXPERIENCE:

Confidential, Victoria, TX

F5 Network-Security Engineer

• Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform migration from Cisco ACE 4100x/4700; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, and HA vCMP provisioning.
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support for Oracle Database and RAC Single Sign On Authentication.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Responsible for providing direct Citrix Netscaler administration such as GSLB, SSL offloading, HA, Application load balancing, NetScaler Virtual appliances on XenServer, VMWare ESX & Microsoft server 2012 R2, Citrix Access Gateway, and configuring user performance for Citrix VDI & HDX environments though Citrix policies.
• Migrated multiple IPsec site-to-site VPNs from Check Point to FortiGate, implementing
• FortiManager 300D and FortiGate 600D cluster for deploying IPsec site-to-site VPNs,upgrading the Tufin Orchestration Suite from 1.8 to 2.10 on a T-1000 appliance, Fortiweb 1000d Secure Access platform.
• Responsible for configuring, implementing, and troubleshooting Brocade - MLX/CER/SX800 IP/MPLS routers and switches; Cisco IOSXE, XR and Nexus OS, Juniper JUNOS, Cisco ASR 1000, Nexus 7000, ASR 9000, Nexus 1000v.
• Configured Autonomous and LWAP of Aruba, Cisco Aironet/Meraki WAP, wireless controller, Airwave Management Platform, and, Cisco PRIME, Client Link 2.0, Clean Air Cisco, WCS Navigator, Mobility Services Engine (MSE), Cisco ACS / ISE.
• Configured WLAN Security in the areas of authentication, encryption, IDS/IPS using Radius, AAA authentication, EAP, LEAP, PEAP, PSK, AES-CCMP encryption, Wireless Sniffers, WEP encryption (Wired Equivalent Privacy), WPA (Wi-Fi Protocol Access), WPA2.
• Responsible for migrating 30+ Cisco ASA 5000/5500 firewalls to Palo Alto Next Generation 7.0.8 Firewall PA 5050 and PA 7050 appliances at corporate datacenter; including configuration auditing, rule base analysis, interface settings (physical, logical and IPs), configured (dynamic routing protocols or static routes) High Availability clustering, AAA, SNMP, APP, Content, User ID policy enforcement utilizing Palo Alto Migration Tool 3.
• Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone based integration, and analyzing syslogs, and utilizing wild fire feature in Panorama 6.7.
• Responsible for implementing Palo Alto Firewall 6.1.9 Panorama platform administration; including rule set configurations, network security software and hardware, security monitoring systems, encryption software, threat and vulnerability management services and software, identity management solutions, application security, VPN, and URL filtering.
• Provided Palo Alto administrative technical support with Secure Keys, High Availability HA ports for the PA-3000 Series, PA-4000 Series, PA-5000 Series, and PA-7050 firewalls and the HA Ports on the PA-7050 Firewall appliances, VPN, Layer 2/3, Mobile Security and Virtual Wind deployment administration, User ID, App ID, and Content ID Agent configurations, RADIUS, LDAP, and IPSec, SSL tunneling.
• Utilized Tripwire Enterprise 8.1 for deploying, monitoring, and integrating application security solutions (including SaaS security solutions), endpoint security solutions, Source Fire NGIPS/NG
• Provided direct administration and support for SIEM log analysis, correlation and optimization; endpoint protection; Anti-malware; vulnerability scanning and management; incident response; malware analysis for DLP.
• Utilized Riverbed Steelhead 9.0, Riverbed ACE, Wireshark and tcpdump to perform deep packet inspections, WAN acceleration, optimization, performance management, and to prioritize delivery of mission-critical applications for complete Service Level Agreement (SLAs) for Data Center administration.

Confidential, Houston, TX

Senior Network Engineer

• Provided Tier 3 network engineering support for Network Operations and Security Center, performing the design, implementation, configurations and troubleshooting Cisco routing/ switching, Cisco Wireless, Cisco UCCM, Cisco ASA-Firepower, Checkpoint, Juniper SRX/NX, Palo Alto 6x/7x, F5 Load balancing, IPS/IDS, DLP, and SEIM solutions.
• Managed successful delivery of massive security response portfolio including Splunk, Cisco WSA, Cisco IPS, Sourcefire FirePower and AMP, Cisco ESA, FireEye, Passive DNS collection, DNS-RPZ, Cisco ISE, Lancope StealthWatch, and Mandiant.
• Responsible for deploying and managing multiple types of security appliances such as: Security Information and Event Management (SIEM), Intrusion Prevention/Detection Systems (IPS/IDS), Data Loss Prevention (DLP), Web Application Firewall (WAF), public key infrastructure (PKI), and SSL encryption.
• Migrated internal Cisco ASA 5510 firewalls with ASA 5512-X firewalls with Firepower Services, included swapping out hardware as well as converting the configuration on the 5510 to the 5512-x, created Network Objects and service objects for 9.51 ASA code.
• Installed, configured, and troubleshoot the functionality queries for the sourcefire/firePOWER module on the 5500-X NGFW Install, configure and maintain Cisco ASA firewalls 5505, 5510, 5512X, 5515X, 5520, 5525X.
• Performed build-outs of newly added capacity and installation and setup of new Cisco 6513 switches and FWSM blades to provide total failover redundancy in BGP and OSPF environment. Implemented remote access via VPN access via ASA-55xx appliances and FWSM blades.
• Installed and configured Firepower Management Center 6.0 on VMware and added ASA Sourcefire Agents as well as Firepower NGIPS for monitoring and management, added licensing to Firepower Management Center to cover NGIPS as well as 5512-x.
• Assisted in the design, and deployment of Checkpoint R76/R77 75+ 15000, 21400, 23000
• Firewall appliances implementing security rules and mitigating network attacks, deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1, GAIA. Smart Center, and Secure platform.
• Responsible for the design, installation, and configuration of 50+ Checkpoint Firewall-1 2000 (v41) and Checkpoint Firewall-1 NG (v50) firewalls operating on the Nokia IP series Network Appliance Platform (NAP) with Checkpoint Provider-1 with SmartCenter in the corporate data center as well as remote offices.
• Checkpoint User Center management and licensing (HA Configuration hot/standby, user/profile management, object auditing and reclamation, rule base rewrites, Smart updates to manage license repository, SmartView Tracker for auditing and troubleshooting policy objects.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint, Juniper, Cisco ASA, and Palo Alto firewalls.
• Configured the Nokia IP platform including 330, 440, 650 and 740 in DMZ, Extranet, and Internet zones, the Policy Rules, DMZ, IPS, DLP and UTM and Multiple VDOM's for 12 remote offices on the Checkpoint R77 and Palo Alto firewall platforms.
• Provided direct Checkpoint R77 administration supporting firewall platform; deployment, problem analysis, solutions development and implementation, vulnerability assessment, rules creation, establishing and enforcing policies, NAT'ing, Site-to-Site VPN connections, BGP, RIP, QoS, Active- Active and Active-Passive failover, Smart View Tracker, DMZ, GAIA, and Nokia IPSO administration.
• Responsible for the design, deployment, configuration, and implementation of Palo Alto firewall support with Secure Keys, High Availability HA ports for the PA 5050, PA-3000 Series, PA-4000 Series, PA-5000 Series, and PA-7050 firewalls and the HA Ports on the PA-7050 Firewall appliances, VPN, Layer 2/3, Mobile Security and Virtual Wind deployment administration, User ID, App ID, and Content ID Agent configurations, RADIUS, LDAP, and IPSec, SSL tunneling.
• Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone based integration, and analyzing syslogs, and utilizing wild fire feature in Panorama 6.7.
• Performed firewall audits for the entire firewall estate of DTNA to optimize firewall security policies, rule and object usage for all FortiManager 200D and300D, FortiGate 600D/90D, FortiManager 5.2.4, FortiOS, 5.2.6; and Tufin SecureTrack R13-4, R15-3; at all remote offices.
• Configured and monitor two bridged data center infrastructures each running redundant, dual-chassis Cisco Nexus 7010 core switches with multiple distribution VDC's. Utilize over 10 Nexus 5000/2000s switches for Data Center aggregation, maintaining over 200 Cisco Catalyst switches for LAN access and distribution layer switching.
• Implemented various levels of functional test plans for Traffic Signal controller with land line and wireless, signaling of steps and time scheduling and Integration test plans under the environment of Oracle, Windows 2012 R2 Server, and Cisco 6500/47xx/3xxx/26xx routers over IP/BGP/MPLS/OSPF, F5, HSRP, GPRS, Cisco WCS/WLSE, and Juniper on M/T/MX series, and Cisco PIX 515 firewall, IDS, and IPS.
• Assisted in the migration of Cisco catalyst switches with the new Nexus switches in the datacenter from 3750G stack to 3750X stack, and completed the migration of cisco Catalyst 6509, Catalyst 4506, Catalyst 3560, Catalyst 2950 to Nexus 5k & 2k switching infrastructure with Nexus 56128P, 2232PP, 2248TP.
• Assisted with the design and implementation of Nexus 7K/5K/2K and Catalyst 6500/4900/3750- X in a complex DC Core/Aggregation/Access layer on a 10G backbone in Production and DR Data Center.
• Utilized Riverbed Steelhead 9.0, Riverbed ACE, Wireshark and tcpdump to perform deep packet inspections, WAN acceleration, optimization, performance management, and to prioritize delivery of mission-critical applications for complete Service Level Agreement (SLAs) for Data Center administration.
• Responsible for providing direct Citrix Netscaler administration such as GSLB, SSL offloading, HA, Application load balancing, NetScaler Virtual appliances on XenServer, VMWare ESX & Microsoft server 2012 R2, Citrix Access Gateway, and configuring user performance for Citrix VDI & HDX environments though Citrix policies.
• Responsible for supporting the Citrix NetScaler F5 platform, configuring, implementing, and troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway, and content switching configuration solutions.
• Responsible for the design, migration from Cisco ACE 4100 to F5 Viprion deployment, configuration, and troubleshooting the F5 Viprion Load Balancing platform, integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, BIG-IP GTM
• Provided application switching, traffic management, SSL web acceleration, TCP optimization and CLI support, utilizing Big Pipe and Shell (TMSH), F5 DOS and DDOS mitigation, API iControl, IPSec VPN, AAA, TACACS+, RADIUS, and application integration design support
• Utilized Netscout and Wireshark for implementing enterprise monitoring and configuring F5 Big-IQ, BIG-IP Application Security Manager, Advanced Firewall Manager and BIG-IP DNS, GTM/LTM, ASM, AFM, and HTTPS for the F5 BIG-IP 3900 and 6900 platforms.
• Responsible for deploying, implementing, configuring, and troubleshooting Cisco Identity Service Engine (Cisco ISE - Network Admission Control / NAC), 802.1X authentication, MAC Authentication Bypass, Web Authentication, ISE profiling, Policy Enforcement, Posturing, Profiling, and TrustSec administration for 5000+ endpoints
• Responsible for deploying and managing multiple types of security appliances such as: Security Information and Event Management (SIEM), Intrusion Prevention/Detection Systems (IPS/IDS), Data Loss Prevention (DLP), Web Application Firewall (WAF), public key infrastructure (PKI), and SSL encryption.
• Provided JUNOS-Juniper firewall implementation, configuring and troubleshooting for the EX2200, EX-4200, EX-4500 switches, SSG 550M, ISG 2000, SRX-210, SRX-240, SRX-650, SRX-1400, SRX-5800 series Firewall switches; including the Juniper Q-Fabric lab including QFX3100-Director Device, QFX-3600 and QFX-3008-Interconnect Devices.
• Configuration and management of Juniper SSG/ISG firewalls (Screen OS) using the GUI management interface and CLI (VPNs, static/dynamic routing protocols.
• Provided complex enterprise IPS/IDS perimeter analysis for threat analysis, security filters, regression testing and configuration management, utilizing Tipping Point Security Management System NX.
• Configured Autonomous and LWAP of Aruba, Cisco Aironet/Meraki WAP, wireless controller, Airwave Management Platform, and, Cisco PRIME, Client Link 2.0, Clean Air Cisco, WCS Navigator, Mobility Services Engine (MSE), Cisco ACS / ISE.
• Assisted in the Aruba Wireless Clear Pass 500, 5K, and 25K virtual appliance deployment, configuration, and implementation project, including; Aruba Mobility Controller, Policy Manager for (Active Directory) Clear Pass Clustering, LDAP, Radius, TACACS, 802.1X, MAC authentication, and Web authentication, Single Sign On (SSO), Network Access Control (NAC), Network Access Protection (NAP) posture and health checks, and Mobile Device Management (MDM) integration for enterprise environment.
• Designed, implemented, and troubleshoot WLAN Security in the areas of authentication, encryption, IDS/IPS using Radius, AAA authentication, EAP, LEAP, PEAP, PSK, AES-CCMP encryption, Wireless Sniffers, WEP encryption (Wired Equivalent Privacy), WPA (Wi-Fi Protocol Access), WPA2 for Aruba Wireless platform.
• Aruba ClearPass Policy Manager platform configuration, implementation, and troubleshooting access control policy engine, RADIUS, TACACS+, SSO (Single Sign On), VPN, AD, LDAP, EMM/MDM attributes, device health administration.
• Setup and configuration of test benches includes configuring Cisco UCM, 29xx/3800 series routers, Cisco 7975/9971 IP Phones, RSVP gateways, POE switches and Media servers, implemented all VMware configurations for CUCM installs using vSphere.
• Tested and automated CUCM features which include, Intercom, Unicode, RSVP, Conference, Call Back, Call Preservation, Barge, Multi-Level Precedence, Call Park, Call Transfer, Mobility, Music on Hold, SIP call flows, Platform Upgrades, Fresh Installs, DRS backup and Restores.
• Supported Cisco VG224, VG248, H.323 Gateway, MGCP Gateway, includes Cisco Intelligent Contact Management (ICM), Cisco Call Manager, Cisco Customer Voice Portal (CVP), Cisco Voice over IP (VoIP) Gateways and Cisco 8800 series IP Phones.
• Provided Cisco Call Manager 8x/9x administration, utilizing the CUCM BAT tool for PSTN, VoIP, T1/PRI, MPLS, Frame Relay, ATM, ISDN and systems interconnectivity, VoIP QoS issues and mitigation strategies for (G711, G729), Session Border Controller, SIP Trunk, Call Routing, Line Grouping for the Avaya platform.
• Configured Autonomous and LWAP of Aruba, Cisco Aironet/Meraki WAP, wireless controller, Airwave Management Platform, and, Cisco PRIME, Client Link 2.0, Clean Air Cisco, WCS Navigator, Mobility Services Engine (MSE), Cisco ACS / ISE.
• Configured WLAN Security in the areas of authentication, encryption, IDS/IPS using Radius, AAA authentication, EAP, LEAP, PEAP, PSK, AES-CCMP encryption, Wireless Sniffers, WEP encryption (Wired Equivalent Privacy), WPA (Wi-Fi Protocol Access), WPA2.
• Provided Blue Coat SG 200/SG500 administration supporting Director, Profile Creations, Content Policy, Content Collections, Creating and Distributing URL Lists, and Appliance Certificate compliance. Utilized Blue Coat’s CPL for creating rule based policies for the SWG VA100 appliances, within the Management Center v1.2 GUI and the Visual Policy Manager SG 6.0.2 GUI.

Confidential, Prescott, AZ

Network Administrator II

• Provided Level 2/3 escalation solutions for routing, switching and WAN connectivity issues using ticketing system Remedy.
• Experience in troubleshooting VLAN, STP (Spanning tree protocol), & Switch Trunk and IP subnet issues.
• Responsible for support of existing network policies and procedures, as well as creation and implementation of new security procedures. Risk assessment for partners. Presented options to management for the enhancement of DNS, firewall, modernization of firewalls, and inbound e-mail security and robustness.
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
• Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance,Failover DMZ zoning and configuring VLANs/routing/NATing with the firewalls as per the design.

Confidential, Houston, TX

Senior Systems Analyst

• Responsible for PC and server hardware maintenance, software installation and support, network operations support, managed switch and router install and configuration, creation of new domain accounts, virtual machine creation and deployment, remote access support, SharePoint administration, response to service tickets, phone calls and emails. Assisted with implementation of enterprise wide network upgrade from copper to fiber and VoIP. Personally tasked with system wide antivirus updates, VM development, Linux development, SharePoint development and wireless device management.