Senior Network Engineer/Firewall Engineer
Resume:
PERRY JARVIS, CISSP
E-mail: ********@*****.***
SUMMARY An experienced, senior level network engineer with a strong focus on security and firewall technologies.
TECHNOLOGY
Networking: Cisco ASA firewalls 5505 – 5585 series, Cisco Firepower (FTD) firewalls 1100 – 4100 series, Firepower Management Console 6.x/7.x, Cisco switches, Extreme Networks switches
Languages: Cisco IOS / CatOS / NX-OS, Juniper JunOS, ScreenOS, PanOS, FortiOS, Extreme XOS
Security: IPSec VPN (IKEv1/IKEv2), SSL VPN, TACACS/RADIUS, SIEM, Event Auditing, IPS/IDP, VLAN Segmentation/802.1Q trunking, CVE/OWASP hunting, NMAP, PKI, 802.1x, NGFW
Redundancy: HSRP/VRRP, Load Balancing, HA pairing, EAPS (Ethernet Automatic Protection Switching), STP
Applications: Microsoft Office Suite, Visio, Microsoft Teams, Slack, Skype for Business, Outlook, IBM Notes
Certifications: CISSP, CCNP Security, CCNA Route/Switch, CCNA Security, CCNA CyberOps, Cisco Certified Design Associate, Security+, Juniper JNCIP-Security, JNCIA-Junos, Palo Alto ACE
PROFESSIONAL EXPERIENCE
Insight Global, Atlanta, GA 6/2023 – Present
Senior Network Engineer
Support for over 100 Cisco ASA and Cisco Firepower firewalls.
Support for Anyconnect Remote Access, LDAP/SAML Dynamic Access Policies, Site-to-Site VPN’s, EZVPN: to significantly improve remote connectivity and security to the network.
Cisco catalyst switches, Nexus 9300 series, Cisco routers, Palo Alto firewalls.
Performed packet captures for enhanced network performance and security (tcpdump, Wireshark, IOS).
Performed product research for potential new products and made recommendations.
Static routing, EIGRP, BGP routing review and cleanup for better routing efficiency.
Currently evaluating SD-WAN solutions for remote office access.
Mount Saint Mary’s University – Los Angeles 6/2010 – 10/2023
Contract Network Engineer / Security Architect
Deployed 200+ Extreme Networks Layer 2/3 switches across two campus locations with 10 Gb uplinks for fast, clean network connectivity.
Strong emphasis on EAPS and redundancy: VRRP, LAG/LACP groups, Spanning Tree, etc.
Configured security features such as DHCP snooping, ARP Validation, Trusted DHCP server, etc.
Configured broadcast rate limiting to minimize broadcast storms.
Set up OSPF and static routing, and BGP with the ISP’s.
Performed migration from Cisco ASA 5585’s to Cisco Firepower 4110’s and installed a new FMC/backup FMC.
Configured and maintained IKEv2 VPN with Azure and other site-to-site VPN’s.
Configure/tune IPS policies, SNMPv3, DHCP server, DHCP forwarding, NAT’s, DMZ’s, Anyconnect
Perform weekly vulnerability assessments with Tenable.IO Nessus scan. Remediate findings.
IBM Corporation – Global Technology Services, Boulder, CO 9/2011 – 5/2023
Senior Security Escalation Engineer – Device Management Group
Worked in a global, world-class 24x7 Security Operations Center supporting thousands of customers with tens of thousands of devices geographically distributed around the globe.
Configure and support Cisco PIX/ASA/Firepower firewalls, Juniper SRX/Netscreen and Checkpoint firewalls.
Create ACL’s, set up VPN’s, modify routes, policy-based routing, QoS, create VPN accounts, create VSYS, LSYS and security contexts, run Debug/perform packet captures, trouble shoot connectivity/routing issues, create static NAT’s/MIP’s/VIP’s, configure twice (double) NAT/No NAT’s, modify encryption domains, create objects, and object groups, setup/maintain HA pairs, and a myriad of other firewall tasks.
Specialize in Cisco, Juniper and Netscreen firewalls, also worked with Checkpoint, Palo Alto, and Fortinet.
SunGard Availability Services, Thornton, CO 9/2010 – 9/2011
Senior Implementation Engineer
VPN setup, bandwidth rate-limit increases/decreases, new customer turn-ups for managed services.
Installed new equipment: Cisco PIX/ASA, Juniper firewalls, Cisco switches, Cisco and Juniper routers, F5 load balancers, Avocent Cyclades
Create IPSec VPN’s, troubleshoot network issues such as routing issues, latency issues, ACL’s, etc.
Set up Cisco Catalyst 6509 shared infrastructure in hosting centers (create vlan's, pvlan's, rate policers, assign vlan port memberships. Cisco IOS switches - create vlan's, port membership, trunking). Setup/configure OSPF, EIGRP, static routing, ACL’s, T1 bundling, LAG groups, STP, configure trunk ports, HSRP/VRRP.
Juniper M series routers configure rate policers, routing, BGP peering, bandwidth upgrades.
Juniper Netscreen firewalls configure/modify policies, create site-to-site VPN's, etc. F5 Load balancers - create VIP’s server pools, monitoring, etc.
Crocs Inc., Boulder, CO 2/2009 – 2/2010
Global IT Manager of Networking
Daily support for 400+ Juniper firewalls in a global network, hundreds of IPSec VPN’s to retail locations
SSL VPN installation/setup/maintenance. Maintain F5 load balancers, Riverbed WAN optimizers, Extreme Networks switches and Cisco routers.
Designed and implemented many security improvements to the network such as ACL’s for in-scope PCI devices, broadcast rate-limiting on all to switches, scripts to detect and block loops in the network, engaged IP security features such as ARP validation, DHCP snooping and static ARP entries to prevent spoofing attacks.
Increased network redundancy by configuring VRRP on core switches to protect Layer 3 gateways.
Participated in PCI audits and security audits/pen tests.
Extreme Networks, Santa Clara, CA 11/2006 – 11/2008
Professional Services Engineer – North America (US, Canada, Mexico and Hawaii)
Duties included supporting large enterprise customers by designing, planning and installing Extreme Networks Ethernet equipment. This included the deployment of complex network solutions encompassing LAN, WLAN, Metro Ethernet and security technologies.
Strong focus on building redundant network design with sub-second recovery times (EAPS), 802.3ad LAG groups, Spanning Tree (STP), 802.1Q Vlan tagging, QoS for prioritization of traffic, policy-based routing, SNMP, and many other common networking protocols and configurations.
Expert level with routing protocols such as OSPF, RIP, EIGRP and BGP.
Configured Universal Port in conjunction with Radius 802.1x authentication for network access control for phone access to the phone network.
Expert level knowledge of PIM Sparse and Dense mode multicasting.
Worked with Cisco switches, routers and PIX firewall. Expert level knowledge of Juniper Netscreen Firewalls.
Built a fault tolerant 10 Gb Ethernet Metro Area Network encompassing a major metropolitan US city.
Lead engineer on a complex video camera system utilizing PIM Sparse and Dense mode multicasting.
City of Burbank, Burbank, CA - Network Operations Manager 9/2002 – 11/2006
Verizon Communications, Woodland Hills, CA - Tier 3 Support Engineer 5/2000 – 9/2002
NovaCoast International, Los Angeles, CA - Senior Network Engineer 5/1999 - 5/2000
Stant Manufacturing, Connersville, IN - Network Engineer 8/1997 - 5/1999
Education
A.A.S. in Computer Information Systems – Ivy Tech State College, Richmond, IN May 1996
Certificate in Project Management, Villanova University Online April 2004
References available upon request.
Contact this candidate