TARIKU LEMESSA GELALCHA

**** ******* ***, ***********, **, 20784,

ac1gtn@r.postjobfree.com Tel: 703-***-****

WORK EXPERIENCE

FTI Consulting

SR. Network Engineer 06/2013 to Present

Provide global network support and maintain MPLS WAN, GRE VPN tunnels, IPsec VPNs and Internet circuits. Monitor performance and availability of MPLS and Internet circuits on a daily basis.

Provide support for several Enterprise Cisco switches like Nexus 7010, Catalyst 6513, 6509-E, 6506-E, 4510R-E, 4506-E, 4006, 3850, 3750G, 3750X, 3560Xs and 2960Xs. Upgrade the ROMMON firmware, IOS images and configured HSRP on several of these switches.

Provide support for several Enterprise Cisco routers including Cisco 7200s, 3800s, 2800s, and 2900s series and Data Center Interconnect Platforms like ASR 1002 Series Aggregation Services Routers.

Provide support and used external dynamic routing protocols like eBGP and internal routing protocols like iBGP and EIGRP. Used BGP community attributes and access-lists to filter and manipulate BGP route advertisements.

Provide support for Adaptive Security Appliance 5512-X, 5520 and 5580 series (ASA) Firewalls to protect zones with different security levels. Support Adaptive Security Appliance SSL and Juniper Pulse Secure VPNs for global remote access.

Supported Checkpoint VSX Gateway Security Appliances running R65, R77 and R77.30 Gaia on external perimeter to control and enhance security at the network edge. Create and modify firewall policies to allow /restrict/block access to network resources. Configure and Provide support for Checkpoint Eventia and log servers

Maintain and configure Cisco Wide Area Application Services (WAAS) and vWAAS for traffic optimization and acceleration over the WAN. Utilized WAN Acceleration Engine (WAE) 512, WAE-612, WAVE-694 and WAE-7326-K9 devices

Worked on Avocent ACS8, ACS16 and ACS32 Linux Cyclades and configured dial-up modem for backup and out-of-band network access. Installed and implemented new /repurposed Avocent devices at several locations.

Conduct weekly, monthly, quarterly and yearly Disaster Recovery testing on network devices and services. Verify disaster recovery instance functionality and replication between the disaster recovery and production environments.

Used Solarwinds, Syslogs, Kiwi, Scrutinizer, DeniKa and Whatsup network monitoring tools to monitor network service status, performance, utilization and proactively detect potential network device and service failure.

Configure TACACS authentication for users’ access to network devices and resources. Configure users, routers and switches for TACACS authentication.

Mitigate Network devices' security vulnerabilities as reported by external security penetration testers.

Team Lead AKO NOC/ Network Engineer III

CRGT Inc./ US Army Knowledge Online 09/2006 to 05/2013

Work as a technical lead for Army Knowledge Online (AKO) Continuity of Operations and Management Center NOC and provide support to AKO/DKO Systems and Network availability and performance. Interface with DISA and CONUS in support of network connectivity and circuit issues related to AKO network.

Responsible for allowing external customers access through AKO Firewalls at both Primary and Disaster recovery Sites. Assist and coordinate with CI owners a Continuity Of Operations Plan (COOP) between the Primary and Disaster recovery sites as necessary.

Monitor and maintain AKO/DKO systems and network performance and availability; using Network monitoring and reporting tools like Netcool Internet Service Monitor, Smokeping, Sitescope, MRTG Grapher, Cacti, Syslogs, IBM Tivoli Enterprise portal on NIPRNET (unclassified) and SIPRNET (classified) Networks.

Configure, monitor and troubleshoot small, mid-to-high end Cisco switches including 2950s, 3700s and 6500 series switches and 7600 series routers. Troubleshoot and implemented switch port security, connectivity and VLANs on both NIPRNET and SIPRNET networks.

Manage network operational incidents, coordinate, create and review such reports and disseminate to the Government representatives through a secured medium (Informational Special Outage Report) and through Situational Awareness Reports in confidential and secure manner.

Ensure environmental concerns such as temperature and humidity controls, media reuse, disposal, and destruction of media containing sensitive information is adequately addressed. Process spillage information reported from the AKO/DKO help desk and the Army Global Network Operation Security Center (AGNOSC).

Prepare a daily briefing for pertinent Army Knowledge Online (AKO)/Defense Knowledge Online (DKO) services status of both classified and unclassified nature for the AKO/DKO Government representatives. Ensure the accuracy and completeness of the daily briefing and point out all service impacts and events that fall outside normal operational parameters.

Sr. Network Engineer:

MedTel International Corp. 11/05 to 09/2006

Analyze, change and define VPN policies and requirements to achieve a secure remote network access, which meet HIPPA standards for electronic health care transactions. Analyze network routes and VLANs for optimum and secure access to state of the art medical imaging reports, with high availability and confidentiality. Installed, configured and maintained Cisco routers and PIX 515E, 506, 501 firewalls and defined secure access policies for remote data access.

Work on VPN Concentrator 3000 and configured secure VPN tunnels between small remote offices throughout US and the head quarter. Utilize secure Authentication and Authorization parameters for remote access using RADIUS, PPTP, L2TP and IPSec tunneling protocols to protect Information systems housing PHI data from intrusion.

Responsible for the configuration and maintenance of company’s Wide Area Network Frame-Relay, secure VPN and VOIP connectivity for about 21 remote sites. Work on the new and existing Frame-Relay, T1 and OC-3 circuits to connect between different sites.

Used Ethereal Network protocol analyzer to interactively browse the network traffic, analyze and troubleshoot connectivity problems. Maintain the status of SSL certificates for the company’s US and UK servers using VeriSign Web server Security.

Configure, monitor and troubleshoot Cisco 3600s, 2800s, 2600s, 1700s series routers and small to mid-size Cisco Switches; including 3700s, 3500s and 2900s series switches. Installed, configured and maintained VOIP networks in a Cisco Call Manager environment, using 7940 and 7960 Cisco IP phones. Configure QOS on Cisco routers and switches.

Monitor network utilization and performance monitors using network performance monitoring tools like Solarwinds, MRTG Traffic Grapher, Cisco Network Assistant, Kiwi and Neon Cyber gauges.

Network Engineer: 01/99 to 11/05

New Technology Management Inc(NTMI)/US CUSTOMS & Border Protection(CBP)

Responsible for the configuration, integration and deployment of Secure Wireless Wide Area Networks (WWAN) and WLAN network. Integrated secure wireless data communication systems, which meet the Federal Government’s network security standard (FIPS 140-2 compliant), utilizing commercial GSM and CDMA cellular wireless data services like GPRS, EDGE, 1x RTT, 1x EVDO and iDEN.

Designed and implemented secure IP network addressing and subnetting for secure broadband wireless network connectivity to CBP’s sensitive but unclassified data, which meets the confidentiality and Integrity requirement of the existing security policy and compliant with FIPS 140-2 standard. Nationwide deployment of wireless strategies to selected US international airports, seaports, and land border entry points.

Installed, Configured and maintained Cisco Pix Firewalls, routers, Switches, VPNs, IBM Websphere Everyplace Connection Manager (Wireless Gateway), rugged wireless laptops and PDAs as a secure broadband wireless data access solution. Configure Cisco routers and CSU/DSUs for Frame-relay, T1 and T3 connectivity.

Built Sun Solaris, IBM AIX and Windows 2000 servers and configured them as a secured FIPS compliant wireless gateway. Implemented nCipher crypto key management and Hardware Security Modules (HSMs)- a trusted platform within which keys can be securely created, used and stored.

Worked with NIST to implement a secure wireless WAN access solution to sensitive Government data, using nCipher tamper proof and sealed encryption key and secure key management solutions.

Worked on US/Canadian and US/Mexican borders Point of Entry (POE) Video surveillance systems, Digital Video recorders (DVRs), PTZ Video Cameras, Lenel secured access control products and magnetic card readers to locally and remotely provide information to CBP border workers. This included Video surveillance of everyone passing through the POEs, knowledge management-based targeting systems that focused on the most likely threats using INS, FBI and local government’s criminal data; and digital records of all cars entering and exiting the United States.

Network Admin/Technical support 01/1998 to 12/1998

New Technology Management Inc./USDA

Troubleshoot network connectivity, server and desktop hardware and software related problems in a heterogeneous and complex networks consisting of Sun Solaris, HP-UX Unix, Novell NetWare, Windows NT and the Banyan Vines networks.

Diverse practical technical knowledge, excellent problem solving skills, and use of structured troubleshooting methodologies for the Agency’s network, hardware, UNIX file and mail server maintenance and administration.

Performed network administration tasks and end user support, including user accounts, email accounts, email forwards, daily and weekly server backups, and file restorations.

Took responsibility to successfully complete time sensitive projects including TCP/IP configurations, Pathway NFS, GroupWise, Beyond Mail and Remote Access Service projects in mixed domain architecture, independently and in a team environment.

Established procedures and instructions and created documentation on the proper installations and configuration of Pathway NFS network client and LPR printing systems for future use.

Technical support

RHI Consulting/Calibre Systems 10/97 to 12/97

Provide technical support, resolve and respond to military and civilian client problems via telephone or email. Provided technical expertise for a combined Novell and NT network environment and document the information within Professional Help Desk (PHD) software.

LAN/WAN/ integrator/installer

TAD Resources/Netcom Solutions – Alexandria, VA 08/97 to 10/97

Duties include installing hardware and software required for the USDA LAN/WAN/VOICE installation project using TCP/IP protocol and UNIX file server. Configured print servers including HP jet direct cards and axis print servers.

Senior Aircraft Mechanic –

Ethiopian Airlines 1/83 to 10/90

Troubleshoot, repair and test Aircraft Avionics system malfunctions including Aircraft communication, navigation, Autopilot and radar system equipment on different Boeing Aircraft like B-757, B-767, B-727 and ATR42. Performed major and minor system modifications following Engineering order and manufacturer’s wiring diagram.

CERTIFICATIONS

Certified Information System Security Professional (CISSP) – 05/2011

Cisco Certified Network Professional (CCNP) – 10/2015

Cisco Certified Network Associate (CCNA) - 03/13

ITIL foundation Certification – 09/2014

CompTIA Security+ Certified - 08/2010

Microsoft Certified Systems Engineer (MCSE) - 09/99

Cisco Certified Sales Expert (CCSE) - 03/01

Novell Certified NetWare 3.1x and 4.x Network Administrator (CNA), 04/97

Federal Aviation Authority (FAA) A&P Aviation Mechanic license, 1992.

TECHNICAL SKILLS:

Networking: Cisco Routers, Switches, Cisco PIX, ASA and Checkpoint Firewalls, Cisco VPN concentrator, VOIP, VLAN, Frame-Relay, T1, T3, CSU/DSU

Wireless: CDMA 1xEVDO, 1XRTT, GPRS, EDGE,Cellular Digital Packet Data (CDPD), Ardis (tcp &x.25 based), Mobitex x.25, 802.11x IEEE, IBM Secureway suite of wireless middleware, Dynamic Mobile Data suite of wireless middleware.

Operating Systems: Cisco IOS, HP UX, Windows 2000/2003, Windows XP, Windows NT, Novell, AIX, Sun Solaris, DOS.

Protocol: Ethernet, RADIUS, IPSec, SSH, DHCP, DNS, SMTP, HTTP, LDAP, SSL, SLIP, PPP, TCP/IP, UDP/IP, IPX/SPX, HSRP, RIP, EIGRP, OSPF, eBGP and iBGB.

Security: Cisco Firewall Services Module (single and Multi-context) PIX 501, 506, 515E, 520, 525, 535, V-One, Novell Border Manager 3.5 Enterprise, IBM WebSphere Connection Manager, VeriSign Web server Security, nCipher Encryption key Management, checkpoint administration.

Practices: Firewall, Router security, Wireless Security, wireless gateway, Sierra Aircards 750/710, 555s, 550s, Airprime PC5200 and PC3200 Air cards, Novatel Merlin cards, Enfora spider II CDPD wireless modems, Access points, Cisco and Proxim Wireless LAN cards.

Software: Microsoft office suites, Microsoft Project, Visio, Track-IT helpdesk software, Remedy ticketing system, VERITAS data backup.

Hardware: Intel x86/pentium, Dell, IBM Pseries, IBM RS/6000, Wireless Laptops, PDAs, Sun Ultra 60/10

TRAINED IN THE FOLLOWING AREAS

Configure, manage, and troubleshoot the Cisco Nexus 7000 Series Switches.

Implementing Cisco Unified Communications Voice Over IP and QOS V8.0

Advanced Cisco router configuration:

Fundamentals of HP-UX UNIX systems:

Advanced enterprise-wide Networking:

LAN installation, maintenance and user support:

SAEDA Briefing and OPSEC (Operation Security)

Information Assurance Fundamentals (IASO)

Information Assurance Awareness

Implementing and supporting Windows in the Enterprise:

Internet Information Server 4.0 (IIS 4.0):

Data communication Technologies- LAN & WAN:

Enterprise-wide networking –Novell NetWare 4.1x:

ITIL® Foundation Certification Training

EDUCATION

University Of Maryland University College; Computer Network Security 5/2010 - 5/2011.

George Washington University, Washington, D.C.; Computer Science: 01/94 - 04/96.

Network Engineering and Management, ECPI University (CLC) 06/96- 09/97

Microsoft Network Engineering, Administration and support, NOVA 03/99 – 08/99

Avionics Diploma, Aviation Technology School 01/83

Addis Ababa University; Geology 01/81

Clearance

DOD TOP Secret (Inactive)

Contact this candidate