Sign in

Network Engineer

Toronto, ON, Canada
October 27, 2018

Contact this candidate





Highlights Managed, designed, engineered, implemented, delivered technical services, and supported Datacenters of 20$ billion worth, Strong experience in Cloud environments, Per-App VPN, SDN with NSX and ACI for application centric infrastructure in Agile environments, WAN design and security for country-wide NGN networks, Banks of over 3000 branches, LAN for large enterprises with over 15K nodes including complicated technologies such as Firewall, VPN, SAN, NAS, high availability, load balancing, security compliance (PCIDSS, ISO27001), monitoring, and clustering for datacenter. VoIP/Video Telephony, Teleconference. Superb documentation and brief diagraming technique. Superb in migration planning and implementation with minimized downtime of core, aggregation and access layer switches/routers among routers, great hands on ability on the aforementioned devices and technologies, amazing ability to Breakdown of complicated tasks and provision of the reversal plan and alternatives to “What ifs” and “How Tos”

Networks IPv4, IPv6 QoS, VoIP, DNS, DHCP, WINS, RIP, IGRP, BGP, ISIS, OSPF, PPP, SLIP, SMTP, HTTP, NAT, CIDR, VLSM, IPX/SPX, AppleTalk, Ethernet, FDDI, xDSL, ISDN, X.25, Frame Relay, MPLS traffic engineering, ATM, SONET/SDH, IOS, NX-OS, Junos, ScreenOS, Active Directory, DFS, DNS, DHCP

Network Devices Cisco Routers/Switches/FW/IDS/CallManager/Management, Juniper, Fortinet, Baracuda Foundry (Brocade), Nokia IP Series, Lucent Switches, Nortel Switches/Routers, Optimizers (Packeteer, Exinda…), F5 BIG-IP LTM/GTM, Cisco GSS, ACE

SAN/Storage EMC, Panasas, HP 3-PAR, Dothill, NetAPP, Silverpeak, Brocade, Cisco NEXUS


Security PCIDSS/IS7799/ISO17799/27000, ITSEC, IPSec, IKE, SKIP, IPCOMP, ISAKMP, CA PKI, AAA Servers: RADIUS, TACACS+, Kerberos, RSA, NGFW Firepower FMC, Paolo Alto

Databases Oracle, MS-SQL, MySQL, DBII

Applications Check Point, Exchange, ISG, SCOM, SCCM Remedy, HPOpenView, eHealth, Spectrum, Kerio Connect, Manage Engine

Languages/Standards HTML, Basic, C, Assembly 68K, ISO FCAPS, ISO 27000, EIA/TIA-942, BICSI

Virtualization vSphere, ESX, ESXi, SRM, Hyper-V, SDN, VMWARE NSX, vSAN, vFW, Cisco ACI

Cloud AWS, Azure services from Ec2 keypair to code deployment and database, acquiring office mail servers and networks


Network Security Engineering, Manager

Milano Innova System (MIS) 12.2011 – now

MIS (Milano Innova System S.R.L) is a high profile international company based in Milan, Italy with worldwide agents, which provides high profile datacenter, network and security services mostly in banking industry

Managed design and delivery of virtual block banking by Cisco ACI and VMWare NSX in a SDN manner to prepare the infrastructure upon which virtual banking, Fintech, and Startups could be built including 30 Technicals according to PCI

Successfully planned and cost study for best cloud platform package based on nature of businesses

Implemented virtual AWS EC2 for mPOS payment API and database code deploy in a multiple instance environment service on Amazon Windows .NET Application revision control to keep track of developers changes

Planned an automated plan for AWS database and servers alonmg with load balancers growth for CMS (Card Management System and Lawyers app). The payment app demanded 1500 trans/sec and 10% increase yearly

Monitored Azure and AWS for best performance balancing and resource optimization

Managed the Implementation of numerous load balancing techniques using Cisco GSS, F5 BIG-IP for best load distribution among servers in logical groups both using Round-Robin and Round-trip methods to achieved best with test and measurements

Led technical team to implement video conferencing/Telepresence for 700 locations to let remote meetings run smoothly with Cisco MCUs, and MX series along with bandwidth optimization

Built and managed a newly startup application farm with Per-App VPN for different sectors

Successfully migrated a 500 node WAN from Foundry to Cisco along with full multi-layer LAN migration of the aforementioned equipment

Managed the project, designed and supervised implementation of VPN mesh among branches and ATMs with Juniper firewalls - 3 months on-site, and 6 months remote support

Prepared migration plan from heterogeneous security boarder firewalls to Cisco ASA series firewalls – 4 months on-site support

Prepared WAN design and migration from IGRP to OSPF for 12000 nodes using cisco 7600 at core and 39xx, 29xx, 19xx at branches

Fully prepared the WBS and over tasks for managing the DC project to meet the milestones and successful completion along with optimized resource allocation

Supervised implementation of 200 servers to virtual environment using VMWare on HP DL58x, DL38x, BL C7xxx servers with HP 3-PAR and EMC SAN systems – 6 months on-site and 3 months training

Building a network and security plan for main DC with backup and DRP sites in a site-to-site VPN manner with Juniper SRX and hot standby storage mirroring and VMWare SRM, F5, Juniper for VPN

Managed the project and implemented a complete NOC for Cisco (QUEST, Manage Engine, Solarwinds, CiscoWorks/Prime), and SOC with rule base optimization with Check Point, Juniper, Cisco ASA mixed firewalls and VPNs for a bank with 700 branches for over 3500 tasks and 25 engineers

Security rule base design, conflict resolution and optimization for almost 1200 firewalls in a mixed environment including Juniper, Check Point, ASA, Fortigate

Provided high profile consultancy and RFP developer for bank with 2500 branches

Engineered virtualization environment along with site and disaster recovery for over 300 physical servers and 1000 of virtual servers and desktops

Supported and maintained datacenter with server virtualization and datacenter network including 40 racks and more than 200 VMs both in Hyper-V and vSphere + SRM

Designed and migrated IPSec, DMVPN for 5,000 nodes aggregated in 50 hub sites and two redundant super hub sites at core

Planned, and installed a mirrored enterprise EMC storage (10 racks each) solution in two sites with compression

Developed NOC, SOC for three country-wide networks and DCs with over 5000 subscribers and nodes

Implemented security operation center by configuring Cisco Firepower/Juniper Netscreen firewalls, NMS and FMC systems

Designed, installed and configures Windows based systems including 1200 Windows 2008, 2012r2, 2016 with Active Directory, DNS, DHCP, DFS

Designed, implemented and maintained over 12 tier-3 datacenters of medium to large size covering passive and active layers

Fully supervised technical part of a 4$ Million/1500 sq/m datacenter passive project from A to Z

Managed a VoIP design plan for 5th bank in size made up of over 4000 locations and 70 call processing site )including cisco 79xx series switches and multi-layer CUCMs)

IT Infrastructure Manager,

Canadian Advanced Information Technology (CAIT) 12.2005 – 10.2011

Consultant, Supervisor for more than 10 countrywide governmental and banks of variant sites ranged from 2,000 to 10,000 (VoIP, MPLS, Infrastructure, DC, etc.)

Managed the Architectural, Mechanical and Network Components of TIA-942 tier-3 for the second largest Bank in the ME Region

Designed and deployed VDI for over 5000 client environment

Designed a comprehensive self-defense network and application environment for an organization with 3000 locations countrywide

Designed and implemented Core and WAN block for the second largest bank in private sector having over 1000 Branches

Successfully managed a 40$ billion high-critical IT project including DC, network infrastructure

Successfully integrated the Enterprise Management Infrastructure for a 700 Branch Bank with 99.999% availability and DRP

Delivered requirement and needs assessment for Implementing the country’s largest enterprise management platform for the second largest governmental bank with more than 3000 branches and 750 trans/sec

Delivered e-banking platform requirement analysis for the described bank

Managed a team on 20 highly skilled professionals to take over the DCN for the Police

Specifically have been trained on vDC /IDC and visited the Rome Municipality DC for a DC A-Z solution

Delivered consultancy for a 20$ billion turn-key DCN for core banking

Managed a team of highly skilled professionals to design and implement a 1000 branch credit institute e-solution, network and DC

Fully designed and delivered hardware for a micro DC for HPC and grid computing with 30TFLOPS processing power and fully redundant storage solution

Designed and implemented a full e-manufacturing and SCM for a company having 150 trans/sec and 2TB oracle based and full redundant storage with 99.999% 2-tier DC architecture

Installed and supported Windows 2008, 2012 and Linux 2.x, 3.x kernels

IT Infrastructure Architect

Hedayat Hooshmand Qarn (HHQ), 10.2004 – 12.2005

Companies under contract: Iran railroad (IRR), IFC, POGC, IFC, Mehr CI, IranTransfo, Patsa, IDC, DP, DPI

Designed, planned and implemented a 40 point dynamic multipoint VPN for military

Troubleshoot datacenter connectivity for a country-wide network consisted of 6513, 3120 complex VSS network environment

Delivered 240 hours of advanced management courses (CW, SCCM, SCOM)

Proposed a fully secure video on-demand and personal TV for 5000 users country-wide (DATA .co)

Developed 3 RFPs for purchase, design and implementation of WAN, LAN, Datacenter for 505 Buildings (STORG-Ministry of Taxation over 1Billion dollars)

Developed a standard pattern for LAN design for very large scale buildings according to best practices of well-known vendors and in accordance to BS7799

Developed and implemented a test program in which Huawei, Cisco, ZTE and Siemens equipments compared under different circumstances

Developed an ISMS-x security lab for type approval of equipments from different vendors (worth 2Million dollars)

Designed and Implemented a wireless VPLS solution with L2-VPN to connect 100 points country-wide

Delivered consulting services for designing a test pattern and supervised the conformance and compliance testing of NGN network equipments from 4 different vendors (ITRC-Iran Telecommunication Research Centre)

Proposed an ISO17799 compliance plan for NGN

Designed and implemented the Schneider electric network with having a two-site and 300 nodes, VPN, security plan according to ISO17799, hardware and software

Redesigned the Farineh network and office automation platform

Designed several SME’s network architecture including hardware and software

Proposed the detailed layered network architecture for ITRC (over 1000 nodes)

Designed a QoS plan to achieve the ERP voice and video bandwidth requirements

Tuned up the network services for voice and video over IP using Cisco switches

Planned and installed the advanced network for NCICT supporting email, database clusters, WebDAV, and Distributed file sharing with full security

Gained 100% increase in performance by implementing a gateway/firewall cluster

HSC Hospital for Sick Kids, Canada

System Analyst – Server Support, 8.2002-10.2004

Planned, implemented and fully tested a High Availability plan using Microsoft SQL and IBM SANblade cluster systems with IBM SAN for mission-critical hospital applications so 10,000 users can rely on

Provided no Single Point of Failure for backbone services and devices through redundancy from servers to switches and routers

Load balanced web application servers using Nortel technology

Gained 100% in server response in load distribution analysis and services tune-up

Successfully implemented a no failure in backup through clustering

RYERSON University, Canada, Herriot-Watt NCC University

Microsoft Trainer, Official Cisco Trainer, 4.2001-10.2004

Taught over 500 trainees the networking and Internet Security courses

Designed and made a cutting-edge lab to deliver training of video, voice and security courses including performance, functionality and compliance

Proposed an online lab for Cisco eLearning

Designed the lab equipment and material for Ryerson Cisco Training Center

Outstanding Trainer for Cisco CCNA, CCNP, CCSP

Prepared the class and lab material for network security courses

Official Security Trainer for Check Point CCSA, CCSE, CCSE+ and CISSP

Trainer for Microsoft MCSE 2000 track (all courses)

FINANSIA Canada, Telemarketing software solutions

Senior Network/Security Analyst, Corporate Trainer, 4.2000, 4.2001

Implemented a company wide security policy and defining different level of access for employees, as well as fully secured solid firewall tested with the most hacking tools and an to protect the customers data from Anti-Replays

Provided an audit solution and IDS system to protect the confidential data

Trained the company’s network administrators for maintaining Check Point firewall

Implemented a High Availability NLB and FT windows 2000 cluster environment solution for web servers

Implemented A Check Point PKI solution for securing Web Services and Emails including digital signing and sealing messages

Added Cisco Access List filters as an extra security feature to maximize protection

Trained a group of 20 people on Microsoft 1560 Upgrade Skills from NT4.0 to Windows 2000, 1561 Active Directory Design, 1562 Network Design

Minimized setup cost and built up a private Windows 2000 based heterogeneous LAN (8 Win2k DCs and 2 Sun Solaris Servers)

Maximized servers run time through Active Directory backup and recovery policy Using VERITAS backup exe

Balanced Web Servers (distributed on 4 Windows 2000) load through DNS Round Robin and interconnectivity with Solaris DNS BIND Servers

Increased network performance by 250% through precise analysis of network data (frames and packets) and devices with Network Monitor (SMS version) and eliminating NetBIOS traffic over the network

Planned an Active Directory organizational structure and implemented policy and application deployment and distributed responsibilities

Implemented a Check Point Security gateway interacting with a virus scanning server with single enforcement point (on both NT and Solaris)

Optimized Internet access by designing organizational units through LDAP and implementing a filter policy to restrict access based on OU’s needs

ISI Network Solutions

Senior Network Analyst, Trainer, 6.1997-4.2000

Trained more than 1000 junior Windows 2000 network administrators

Outstanding trainer for all MCSE 2000 courses

Successfully migrated a Multi-Master NT domain with Exchange to Windows 2000

Headed network management and troubleshooting (diagnostics) team for a heterogeneous network including 24 Win2k, 2 NT, Novell 3.12/4.11/5, UNIX Servers and 550 clients including thin MS-DOS clients to Win2k Pro Clients

Saved 200% in budget through Terminal Services implementation on 4 Win2k Servers for 60 thin clients

Saved 75% in recovery time through an automated system for Windows 2000 and NT and NetWare application deployment and installation

Launched and maintained a Windows 2000 web server for 400 Internet users in a heterogeneous environment (equipped with CISCO routers)

Maintained a 99% running Exchange 5.5 server system with 5000 users hosted including different sites and connectivity with MS-PostOffice Servers

Designed an Active security policy to protect resources from public intruders

Successfully migrated and consolidated the multi-master NT domain to Win2k

Other certificates familiarized: RHCE, VCP 5.5 and 6.0.


Datacenter Design and Implementation 10, 2009

IMPM Masters in Project Management (IT Track)

Ryerson University, Toronto, Canada, 2005

B.Sc. in Industrial Engineering (systems analysis & planning)

Elm o Sanat University of Science and Technology, Tehran, Iran, 1992

CCIE WinNET Technologies, Canada, Toronto 2004

CCNP, CertX Technologies, Canada, Toronto, 2001

MCT Unicom Training, Canada, Toronto, 2001

CCSE: Check Point Certified Security Engineer (CCSA+CCSE)

MCSE: Early Achiever (70-240) Accelerated exam

(70-210) Windows 2000 Professional

(70-215) Windows 2000 Server

(70-216) Windows 2000 Network Infrastructure

(70-217) Windows 2000 Active Directory

(70-220) Design Security for Networks

(70-219) Design Active Directory

(70-221) Design Network Infrastructure

(70-222) Migrating from NT 4.0 to Windows 2000

WinNET Technologies, Canada, Toronto, 2001

CCNA: Interconnecting Cisco Network Devices

WinNET Technologies, Canada, Toronto, 2001

MCSE NT4.0:New Horizons Computer Institute, UAE, Dubai, 1999

References available upon request.

Contact this candidate