Network Security Engineer Resume

Title Network Security Engineer Primary Skills Cisco Networking Security Linux Netbackup Location US-CA-san diego (will consider relocating) Posted Jan-06-09 RESUME DETAILS U.S Government DOD clearance: Active Secret level Employment Experience August 2008 -- December 2008 Genesis Networks Southern California Locations Position: Sr. Network Security Consultant Performed wireless site surveys with Cisco Spectrum Expert to troubleshoot 2.4 and 5.8 spectrum. Giving advice on AP placements, lowering interference sources, configuration of wireless controllers. Performed security penetration testing on network equipment and servers using SAINT security tool checking for vulnerabilities and performing exploits on specific systems. Consulted with remote projects on Cisco products such as ASA firewalls, IPS, NAC and MARS servers, security on switches and routes and other products such as wireless systems in pre-sales calls. Consulted on remote projects about best practices and give professional estimates on project deadlines to be given to the project manager, other engineers and the customer. Performed upgrades to data systems infrastructures of routers and switches. July 2007 -- August 2008 NEC Unified Solutions Cypress, CA Position: Sr. Network Security Engineer Installed hardware and software such as MARS appliance, a monitoring system with support of PCI compliance, combined with Cisco Security Manager (CSM) to manage switches, routers, PIX, ASA firewalls, AIM SSM IPS modules and other Cisco devices, setup for role-based access for a granular control of the Cisco devices, configured different types of VPNs. Tuning of the IPS signatures to create an accurate alert log of attacks. Many of the devices being implemented are going to live production networks some with

NAT/PAT, ospf, rip, bgp, and other routing protocols. Configured, installed with advance features set, and troubleshooted hardware of many different Cisco models of switches, firewalls, IPS modules, routers, stackwise switches, wireless LAN controller (WLC), wireless control system, these processes includes IOS upgrades and data migrations projects. Administered Network Admission Control (NAC) of out-of-band and in-band which authenticates with Single Sign On (SSO) with AD server using validation rules that were configured, installed and configured Cisco Security Agent and server to check for security policies such as no unauthorized USB devices. Also implemented ACS with Radius/TACACS+ with some projects using RSA Securid tokens. Implemented a large wireless network using access points, WLCs, ACS and WCS to administer wireless devices securely with protocols such as EAP TLS, WPA TKIP, and authenticating to the ACS. Design and create implementation plans for the hardware and software applications, and providing documentation and Visio diagrams for the plans. There is a need to work cohesively with many different types of clients in different industries, working independently, technical project lead, or part of the technical team for different projects simultaneously and working on project critical deadlines. April 2006 -- June 2007 TACSWACAA w/ ITT Systems Bagram/Tarin Kowt, Afghanistan Position: Sr. Network Administrator Oversee network operations of the FOBHUB and the supported Forward Operations Base (FOB)s, developing network practices to be adopted by the team, implementing security on devices, resolving issues together with the satellite communication (SATCOM) WAN/Promina team, Army battalions 25th, 335th, Unmanned aerial vehicle (UAV)s units, 82nd Airborne, other military clients, dealing with NIPRnet, SIPRnet, Centrix on network issues, assisting them in ASIs maintenance windows that concern the FOB network connectivity or security, working with Satellite WAN links using Satellite Radyne modem dmd20, IGX phone switch troubleshooting, streaming video, using Symantec Antivirus server, in a 24/7 environment. Ensure information assurance and vulnerability policies developed by the military follow the DITSCAP/DIACAP process. Assisting FOB personnel and FOB Hub junior team members with implementing tasks regarding networking, network security, WAN/LAN administration such as vlans, TACACS+, access lists, ip subnetting, EIGRP, class maps, ACS device logins, Cisco Voip phones, DNS, Windows server and MS Exchange administration, creating documentation and Visio diagrams, install or relocate installations. Monitoring with Solarwinds, SNMP server, and Spectrum server and perform troubleshooting of Cisco routers and switches, serial interfaces with Prominas switches, Cisco Content engine, Websense, connectivity of servers and workstations, developing Cisco hardware/IOS upgrade/network planning. COMSEC changes and troubleshooting, military hardware encryption such as KIV-19, KIV-7 bulk and Taclanes KG-175, software encryption, cryptography, Cisco VPN networks and Pix firewall requests and troubleshooting, gre tunnels, and SSH, MAC address security and other security measures on the Cisco devices, and DISA security procedures, using Harris Stat and ISS Internet Scanner.

December 2003 -- April 2006 Jet Propulsion Laboratory (contracted w/ ITT industries and BD systems) Pasadena, CA Position: Network Engineer Installed, configured, and assisted in designing of LANS, WANS, VPNs connections with switches and routers which includes configuring the networking protocols of RIP and OSPF, VLANS, IP numbering, security access lists, firewalls, and VOIP networks with a network with over 100 Cisco and non Cisco networking devices some ranging from switches 2900 to several 6500 and routers 1800 to 7200. Created and administered a secure Apache Webserver for the documentation and procedures for networking team, which uses HTTP, Perl, Modperl, PHP, SSL, SecureID login, using Open Source software. Ensure that hardware is in compliance with patches and security issues with mailing lists and research. Ensure network security by looking at access logs, using ACS, and getting security audits. Working on the government installation I have been cleared by NASA with a national agency check to expire in the year 2008 and have gone to several remote installations for network projects. Another one of the duties that I personally performed is oversee support contracts with Cisco of our hardware and software IOS images inventory, assisting with NASA's internal inventory as well. June 2003 -- November 2003 Little Tokyo Discovery Center Los Angeles, CA Position: Network Security Contractor Planned a wireless WAN and public hotspot for the Little Tokyo area of downtown Los Angeles in coordination with LTSC's Technical Advisory Committee. Mentor staff members of the DISKovery Center on server administration, networking, Veritas Netbackup, Microsoft Windows Advance Server administration and hardware. March 2000 -- June 2003 TicketMaster Online Los Angeles, CA Position: Internet Systems & UNIX System Administrator Administered over 100 websites using Apache web servers, Mysql databases, Oracle, modperl, vbulletion, php, network switches and routers, load balancing, fail-over strategies. Completed request tickets from Request Tracker, and Remedy which involves making system accounts ftp accounts, providing support for applications such as Oracle, Mysql, Qmail, advance Apache, Bugzilla, mod-perl modules on Sun, Linux, and Irix SGI servers, setup or changes to services such as NFS, SSH, Alteon switches, RAID configuration, network security, network issues, NIS, FTP, kickstart, jumpstart, Sunray hardware server and clients, internal and external DNS, Tinydns, NTP, Veritas, make custom rpms from source, maintenance to the UNIX/Linux servers or Network Appliances Netapps filers, and system monitoring with Nagios, MRTG, Netsaint. Developed plans to purchase and utilize a SAN network with Brocade fiber switches, Network Appliances, and backing up on an Adic AIT-3 format tape robot in a live

production UNIX/Windows NT environment remote site. Performed backups, scheduling, restores, preparing for offsite data storage and troubleshooting of the system hardware and software. August 1998 -- March 2000 The J. Paul Getty Museum Bel Air, CA Position: Computer Operations Engineer Administer, monitor and troubleshoot Novell NDS, UNIX and Microsoft Windows NT servers, Xylan LAN switches, and Cisco WAN links to ensure network connectivity and respond to networking and server problems with hardware and software issues. Administering server data backups with Veritas Netbackup using a Storage Tek DLT tape library. Performing backups, scheduling, restores, preparing for offsite data storage and the troubleshooting in the Microsoft NT, Windows 2000, Novell, and UNIX environment. Complete 2nd level help desk tickets using McAffe Help Desk application that 1st level PC technicians were not able to complete, which involved network, server connection, and advance PC troubleshooting of hardware and Microsoft Windows OS. September 1988 -- September 1992 U.S. Marine Corps Position: Active duty scout in Light Armored Infantry Stationed overseas and in United States and was granted Secret Clearance with honorable discharge. Served in the Persian Gulf War, in operation Desert Shield and Desert Storm in the early 1990's. Education University of California, Los Angeles - Bachelor of Arts in Anthropology, 1997 Computer courses from different technical schools Including hands-on courses in LAN and WAN Technologies such as Intrusion Detection and Prevention sensors, ATM, Frame Relay, Sonet, ISDN, TCP/IP, SNMP, Ethernet, Windows 2000 and XP (server and workstation), Active Directory, configuring and troubleshooting Cisco routers and switches, Sun Solaris, Perl, C++, Cisco IDS servers, Pix / ASA firewalls, CSACS, RAIDUS, TACACS+, VPN, PKI, IPSec and LDAP, Ethereal, DISA and DITSCAP/DIACAP security policies, wireless technologies supported by DISA and auditing, Information Assurance and working with ISS Internet Scanner, Eeye Retina/ Nessus scanners, Wireless Site Survey using Ekahau. Certifications Certifications Cisco networking and security Completed certifications Cisco?s CCNA, CCNP, CCSP (Cisco Certified Security Professional), which includes the specialization of the Pix / ASA firewall and IDS sensor server, ACS Cisco Secure Access Control Server, IPSec VPN, router security, and network design emphasizing security and NSA?s (National Security Agency) government standard 4011 training INFOSEC in network security. I am NASA certified to design networks and

administer Cisco devices. CCNP (Cisco Certified Network Professional) This covers routers, switches, LANs, and WANs administration, and troubleshooting of these networks. Passed written exam for CCIE security, currently studying for the Lab exam. Cisco Lifecycle Services Advanced Security test taken and successfully passed. Harris Stat certified, Information Assurance (IA) and vulnerability and risk assessment (VA), IAVA training completed given by the U.S. Army. U.S. Army training for Juniper?s Netscreen Firewall and Incident Response SAINT security application training completed Checkpoint Security Administrator CCSA. Solaris Certified Systems Administration, part 1 & 2, SCSA. CONTACT DETAILS