Post Job Free
Sign in

Engineer Network

Location:
Toronto, ON, Canada
Posted:
August 17, 2016

Contact this candidate

Resume:

ROGELIO S. ESCAÑO JR.

Address: *** ********** ****** ***** # *** Toronto Ontario M4G 4J9

Mobile Number: 647-***-****

Email: ***.******@*****.***

SUMMARY OF QUALIFICATIONS:

Over 15 years’ experience in network analysis and system’s administration

Demonstrated adaptability on learning and implementing new and evolving network technologies

Deep knowledge and experience engineering/supporting LAN/WAN including Network Routing & Switching

Deep Knowledge and experience engineering/supporting Cisco ASA and Checkpoint firewalls, F5 Load Balancers, Cisco Wireless (WLC and APs), Cisco WAAS and CDN, reverse proxies, VPN solutions (Pulse Secure Gateways) and Web Gateways

Ability to work effectively in multi-cultural and dynamic environment

PROFESSIONAL EXPERIENCE:

Network Security Engineer Apr 2011 – April 2016

Merck, Sharp and Dohme (MSD) Singapore Pte Ltd., Singapore

Design, develop and implement Merck’s Data Network offices around the globe (North America, Europe and Middle East Asia, Asia-Pacific) from ground up.

Engage and collaborate with the business to interpret business requirements and transform them to workable network solution

Lead Network Engineer in AsiaPac for managing and implementing corporate projects and services requiring Network Perimeter devices like F5 LTM, Cisco ASA firewalls and IPS, Juniper/Pulse IVE SSL VPN from ground up.

Configuration and maintenance of Large Enterprise Datacenter components like Nexus 7K, 5K, and 2K, Cisco Catalyst 3750X, 3850, 4500X and 6500 Series.

Lead Engineer for implementing Amazon Web Services VPC and tunnels in Asia Pacific.

Global point of contact for implementing DMZ related requests such as creation of firewall policies; Virtual IP and pool members; and SSL certificate renewal in F5 LTM.

Administration of Merck’s Global DHCP, DNS, RADIUS and TACACs Infrastructure using VitalQIP, Cisco ACS and Juniper Steel Belted Radius.

Single point of contact from AsiaPac Network team in ensuring that there is no production impact from networking perspective when a change is made (server IP change, firewall policy creation/removal, etc) in PCI environment located in the US.

Serves as a liaison between external partners/supplier and internal IT teams

Provide Tier-4 expert support of MSD’s Global Network for troubleshooting complex issues related to WAN, VPN, Firewall, F5 and Layer 3 Core in data center.

Manage and use Network Management tools for monitoring and audit like Cisco Security Manager, nGenius, MRTG, Solarwinds, wireshark.

Projects / Accomplishments:

2015

Shanghai New office Network Infrastructure

- Engineering Lead that traveled to China together with Network Operations team to deliver solution and implemented the overall network infrastructure of the 14-Storey Merck-owned building with approximate 1400 users.

- Enabled a more robust network and deploy top of the line Cisco network devices (Nexus 7K as L3 Core, Cisco 3850, WAAS, CDN, Wireless LAN Controller and APs, ASA firewalls).

Remote Access Service setup in AsiaPac and Kenilworth, New Jersey USA.

-Engineering lead that upgraded Merck’s legacy ASA firewalls (ASA 5580 and 5520) in Asia Pacific (Singapore, Australia, Japan and China) to Cisco’s next generation of firewalls – ASA 5585. This includes firewall rule creation from ground up and configuration of active/standby firewalls.

-Traveled to Japan, China, and NJ USA to ensure successful installation of F5 LTM and Juniper/Pulse MAG SM360 devices and operation of critical application and services such as VPN.

-The new RAS setup enabled the following end-to-end security features:

a.Endpoint devices can be checked prior to and during a remote access session to verify an acceptable device security posture requiring installed/running endpoint security applications (antivirus, personal firewall, etc.), as well as check for IT-required Operating System versions, patch level, browser type, and many other requirements.

b. Noncompliant endpoints can be quarantined, denied access, or granted access, depending on administrator defined policies.

c. System automatically remediates noncompliant endpoints by updating software applications that do not comply to corporate security policies.

2014

Enable Amazon Web Services Regional Cloud gateway in Singapore and Brussels

-Lead the team in the deployment, configuration, and client testing of Regional Cloud setup in Singapore and Brussels using Site-to-Site VPN tunnels (Classic, Modern Compute, DMZ, Test environments) to AWS.

-The Cloud setup includes the following Network Security features:

a)IP Spoofing

– Prohibited at host OS level. The AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own

b) Packet Sniffing

– Promiscous mode is ineffective

– Protection at hypervisor level

c) Unauthorized Port Scanning

– Mandatory inbound firewall, default deny mode

- Customer controls configuration via Security Groups

d) MITM (Man in the Middle)

- All end endpoints protected by SSL and new EC2 host keys generated at boot

Partner’s inter-connectivity to Merck WAN

-Lead the Network team for the design and implementation of a fully redundant network infrastructure from ground up; MPLS circuit turn-ups, disaster recovery setup and end-to-end testing with the clients.

-Setup includes a pair of firewall at the partner’s premises to secure and protect unauthorized access by deploying firewall security policies approved by both parties in compliance with company’s Information security standards.

2013

Singapore West Campus plant – Shop Floor Network build up

-Lead the Network Services team in the deployment and configuration of Singapore plant’s “process” networks with fully redundant infrastructure using Cisco ASA 5540 to protect against unauthorized access from Enterprise networks.

Enable Guest and BYOD Wireless Access in AsiaPac

-Engineering lead in AsiaPac that enable a dedicated wireless SSID’s for guest users to access the internet while visiting Merck’s local offices and BYOD devices of employees such as smartphones and tablets to access Merck’s internal network and services. Setup includes new Wireless LAN Controllers as regional Anchors and MobileIron Solutions (for iOS and Android operating systems).

2012

Singapore Data Centre relocation to Colocation facility

-Responsible in the flawless relocation of Singapore Data Centre network components (Firewalls, F5 Load Balancers, Juniper reverse proxies) and services such as Remote Access, Site-to-Site VPNs, and Outbound Internet access of the whole Asia Pacific offices to a Class “A” Colo facility.

Legacy Checkpoint firewall migration to Cisco ASA firewalls in Charlotte USA Data Centre.

-Network Lead that successfully migrated hundreds of firewall policies from Checkpoint firewalls to Cisco ASA from ground up in collaboration with Cisco TAC Engineers and multiple support groups like Windows, VMWARE, Linux, Storage and Database.

PCI DSS compliance Perimeter support

-Secondary firewall engineer that supported the PCI perimeter environment (External and Internal firewalls) to make sure it is compliant from data security, encryption and tokenization solutions.

2011

Checkpoint firewall migration to Cisco ASA firewalls in Brussels, Belgium Data Centre.

-Network Lead that successfully migrated the Site-to-Site VPN connections of numerous EMEA clients from Checkpoint firewall to Cisco ASA firewall in collaboration with Cisco TAC and partners.

Network Analyst Nov 2008 – Apr 2011

Getronics Solutions Pte Ltd., Singapore (contractual in MSD Technology Singapore Pte. Ltd)

Implement WAN/LAN expansion on MSD offices in Asia Pacific

Responsible for handling and maintaining the Global Network Infrastructure Operations of Merck & Co including MPLS networks, Checkpoint and Cisco ASA Firewall policies, Internet and SSL-VPN, Site-to-Site VPN tunnels.

Maintains Merck’s Asia Pacific IP Telephony Infrastructure using Cisco Call Manager 7.1 and Cisco Unity.

Analyze and resolve technical problems for established networks.

Install, configure and maintain large network data components (Cisco technologies – Routers, L3 and L2, WAAS, CDN, Wireless Controller and Access Points).

Work with vendors in resolving complex network problems.

Document network problems and resolutions, network diagrams for future reference.

Projects / Accomplishments:

2010

Philippines and Vietnam new office Network Infrastructure

- Traveled to the Philippines and Vietnam and lead the Network Operations team to deploy new network devices (MPLS routers, Layer 3 and Layer 2 switches, Wireless Controllers and APs, IPT phones) in the new offices from ground up supporting 200 and 80 users respectively.

Network Engineer Jan 2008 – Nov 2008

HCL Technologies Pte. Ltd., Singapore (contractual in OCBC Securities Pte. Ltd./ OCBC Bank)

Responsible for handling and maintaining the Network Infrastructure and other datacenter operations of OCBC Securities Pte Ltd.

Single point of contact regarding LAN and WAN upgrade and connectivity.

Perform administration and maintenance of large enterprise network devices such as Checkpoint Firewall, Cisco Catalyst 6500 and 4500 series, Cisco PIX firewall, Juniper Netscreen, Packetshaper, F5 load-balancer, Cisco 3800 and 2600 series routers.

Responsible for implementing firewall policies and securities, network upgrades and network expansion.

Senior Systems and Network Engineer Mar 2007 – Jan 2008

MATADOR Systems Singapore Pte. Ltd., Singapore

Performing on-site professional consulting/ technical services, support, and preventive maintenance at various contracted client’s premises encompassing Server & Network Infrastructure Management, IT Consultancy and all other computer software and hardware related duties.

Responsible for Windows Server administration like Active Directory, DNS, and DHCP

Maintain and configure corporate emails using Microsoft Exchange.

Perform network administration and maintenance of clients’ network equipment.

Third level of contact regarding LAN and WAN problems and connectivity.

Network and Customer Engineer Jun 2005 – Feb 2007

Leverage Systems Technologies, Manila, Philippines

Responsible for providing support for one or more clients over the phone or on-site support, field installations, trainings and site surveys. Work with the network engineering group to evaluate and improve the overall technical support process. Operates under general supervision and typically reports to Network Manager.

Design and configuration of Network Infrastructure to clients such as VPN, WAN fail-over, and load-balancing.

Conduct Network Assessment / Audit to Clients using network monitoring tools.

Configure Cisco routers and switches onsite in client’s premises after purchase and delivery of the products.

Systems and Network Administrator Aug 2001 – Jun 2005

Blue Bamboo Interactive Solns, Manila, Philippines

Ensure that company systems and network are in good running condition. This includes the checking and logging the performance of the servers, network traffic monitoring, data integrity checking, and other server administration task.

Windows Server administration like Active Directory, DHCP, DNS, File sharing.

Administration and maintenance of Corporate email using Microsoft Exchange Server 2003.

Perform network-related tasks such as LAN upgrades and WAN connectivity.

Use network Monitoring tools such as Solarwinds and IP Sentry.

Systems Engineer Feb 2000 – Jul 2001

Tritel Wireless Inc., Manila, Philippines

Monitors m-commerce and e-commerce services such as Mobile Banking and Mobile Mail and resolve problems systematically.

Use network Monitoring tools such as IP Sentry for LAN/WAN and service monitoring.

Ensure successful installation, implementation and proper maintenance of these services such as backup and disaster recovery procedures.

Provide network administration of LAN/WAN and use network-monitoring tools for problem isolation.

Installation of Server and cabling from ground up.

Systems administration of Windows NT.

EDUCATION:

Bachelor of Science in Electrical Engineering

Mapua Institute of Technology (Philippines)

1994 – 1999

Registered Electrical Engineer (Philippines)

1999

INDUSTRY CERTIFICATION AND TRAININGS:

CCNP and CCNA (Routing and Switching) – Cisco ID: CSCO11356732

Certified Sonicwall Systems Administrator – Certificate Number: 115**********

Fortinet Certified Network Security Associate – Certificate Number: FCA2383

F5 LTM Configuration and Troubleshooting

Amazon Web Services – Cloud VPC and tunnels

Cisco Certified Network Professional – Routing and Switching

Cisco Certified Network Associate – Routing and Switching



Contact this candidate