Security Engineer Azure Cloud
Resume:
JON BACHA
SUMMARY
I have over ** years of experience as a network, AWS/Azure cloud network, and security engineer/ administrator with advance knowledge of both Linux and Windows environments. Having over 7 years of extensive experience in AWS cloud platforms, including VPC networks and firewalling. Also, performed Terraform configs for several infrastructure as code initiatives. I have extensive hands on experience working with Cisco routers and switches. 10 years’ experience administering and building out enterprise level LAN and WAN networks with 8 years configuring and building out WLAN networks. 2 years working with HIPPA and PCI Compliance and standards. Ability to architect large-scale networks. Configured Routing protocols such as RIP, EIGRP, OSPF, BGP, static routing and policy based routing. Experience with converting WAN routing from EIGRP/OSPF to BGP (OSPF is used for local routing only) which also involved converting from Point to point circuits to MPLS circuits.
TECHNICAL SKILLS
Clouds: AWS, Azure
Firewalls: Firepower appliance 4100 &2100 .ASA 5585, Palo Alto 3050 & 2060, Panorama, Checkpoint Firewall FW-1 & VPN-1, Cisco ASA-x 5555x with FTM, Pix Firewall, Juniper SRX 550
Networking: Cisco Nexus 9500 ACI Spine n N9300 leaf, Catalyst 9500, 9300, 4500xN7713 & FI 6248, N5548, CSR 1000, Juniper SRX & MX 400
Load balancer: F5 BigIP LTM & GTM, Cisco ACE, and Citrix Netscaler
Routing: Cisco Nexus 7000 IOS-XE, ASR1006, ISR4351 Catalyst 6509 & 6513, 4948-10G, BGP, OSPF, EIGRP, PfR, IS-IS
Security: Cisco ISE,NAC, posturing and profiling TACAS, radius, ACS, Cisco SourceFire, Firepower, Fortinet SEIM, Splunk, RSA SecureID & ACE,
OS: Linux -Redhat, Ubuntu, Windows2016, 2012R2, 2008 & 2003, LBSD, Solaris, VMWare
VoIP: Shoretel, Asterisk, Cisco UCS & Call Manager 10.8, Unity, Call Center Express
Operating Systems: CentOS, Debian, Redhat Enterprise and cluster, Microsoft server 2012 r2, 2008 r2
Storage Area Network: NetAp, Pure SSD, Brocade fibre channel, HP Left Hand P4000, P2000, Compellant,
Hypervisors: VMware 6, 5.5, 4.1, MS Hyper-V 3, Citrix Applications:
Security: Solarwinds
DevOps: Puppet & Chef, Nagios, Cacti, Jenkins, GIT.
Programming: Python, Ruby, java script, Drupal, PHP, Flash 10, ASP.NET, Ruby on Rails C#, Objective C, Iphone API, ASP.NET, VB, UNIX Shell Scripting, C++, HTML, Perl and Python.
Database: MySQL, MS SQL 2008 & 2012, Salesforce SQL
Protocols: IPv4, IPv6, BGP, OSPF, IS-IS, VOIP, HSRP, GLBP, SNA, Cisco ACS, PKI, SSH, DECnet, Banyan, IPX/SPX. HTTP/HTTPS, SMB, NFS, SMTP, IMAP, DNS, NTP, SSL
Monitoring: Solar Winds 12, Nagios, Zenos, HP open-view, HP Insight Manager,
PROFESSIONAL EXPERIENCE
University of California Davis Office of Research - Davis, CA October 2021 to Present
Network Engineer
Currently Architecting High Performance clusters for parallel computing for research. infiniband upgrade to HDR. Integrating high performance i storage networks.
Alluma, Sacromento CA
Senior Network Engineer Jan 2021- Apr 2021
Migrated 1000 VM environment to azure and Palo Alto firewall.
Established the network environment by designing system configuration, directing system installations, documenting and enforcing system standards.
Design and configured new WAN configurations for remote, HQ and DR sites.
Installed switches, routers and troubleshoot LAN and WAN
Create, test and maintain Firewall rules for Data center and remote branches.
Entisys 360, Folsom CA
Network Security Engineer Nov 2019- Feb 2020
Palo Alto firewall integration, Access control App-ID, Active Directory integration, 2 factor authentication, Okta authentication.
Cisco fire power firewall manager and node deployment.
Healthcare redundant datacenter build out, cloud migration to AWS and Azure.
GDT, Irvine, CA February 2019 - July 2019
Consulting Engineer
Designed new MPLS BGP VPN on Cisco 9500 and ASR for large enterprise
Upgraded datacenter core, extranet and security for cloud services
Implemented multi VRF BGP for network isolation and consolidation
Cisco, Costa Mesa, CA February 2018 - December 2018
Consulting Engineer
Secured multi-tiered security levels and Internet facing DMZ with ASA 5585-x and 5555-x firewalls
Implemented IPS appliances including WSA-300.
Cisco Nexus 9500 ACI spine n leaf with APIC controllers
Cisco UCS & Nexus switch fabric Flexpod
NetApp 8060 FAS Storage
Catalyst switches 9500, 6509 VSS, 3850 smart stack.
Global WAN with VPN Cisco SD-WAN 40 site
Cisco ISE posturing & profiling, 802.1x
Firepower firewalls 4200 & 2100 and sourcefire
New Age Creations, Santa Monica, CA September 2016- January 2018
Consulting Engineer
Palo Alto firewall and application filter deployments for clients web farm builds.
Migrating datacenters
Cloud integration AWS and Azure
Container and continuous deployment implementations
BJ’s Restaurants Huntington Beach, CA May 2016 – September 2016
Network/Security Engineer
Palo Alto NG 3050 Firewall upgraded, Panorama
Cisco Flexpod infrastructure including Cisco UCS – 5108 and 6248
NetApp – Fiber Channel, Ontap 8.2 2 HA racks, Pure SSD 2 clusters
Cisco Nexus 5548 and 6248 core
Cisco ACS and ISE
200 site MPLS WAN Cisco and Fortinet protection
Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues.
Responsible for designing and maintaining BGP and EIGRP Wan Protocols for Network Infrastructure.
Upgraded Solar winds monitoring NPM, Net flow, snmp. SQL database migration
VMware upgrade to vsphere 6 migration
Windows serever upgrades and MSSQL administration
New Age Creations, Santa Monica, CA July 2013– April 2016
Network Systems Engineer
Customized Solar winds monitoring NPM, Net flow, SNMP, custom MIB
Network install and support of Cisco switch and router infrastructure. IWAN deployment and Voice QOS.
Cisco UCM suite, Unity, Presence, Call Center Express on UCS mini.
Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
Secured network with Cisco firewalls and intrusion detection. Administered Linux and VMware infrastructure for fault tolerance and load balance.
Chef automation integrated into operations.
Customized vpn secure links between sites and implemented load balancing on BigIP LTM and GTM.
WestCoast Dental, Los Angeles, CA September 2012 – May 2013
Network Administrator
Deployed Solar winds monitoring NPM, Net flow, snmp, custom MIB, replaced Zenoss
Managed 30 site MPLS WAN conveying integrated VOIP and database applications.
Generated server infrastructure for Data Mining for patient data and production. Managed email system and spam filtering. Generated email/im marketing server. Migrated windows and Linux servers to Vsphere 5.1.
Hosted on UCS Blades.
Implement OSPF routing with multiple areas for networks between sites. Implement stubby areas to lower the system resource utilization of routing devices for the network. Implement NSSA area to allow injection of external routes into the area and propagation into the OSPF domain.
Shared storage on HP Left Hand SAN OS. Upgraded to Cisco Nexus 5548 core and 2248 FEX top of rack config with 4924 routing mpls regional WAN.
Splunk data mining implementation.
Cisco ACS - network security
New Age Creations, Santa Monica, CA July 2011 – September 2012
Network Systems Engineer
Ecommerce high volume networks support and design. Network with Cisco 6509 cores.
UCS Blade servers and VoIP admin, Nexus 6248
Involved in the redistribution into OSPF on the core ASA firewall.
Performed redistribution with OSPF, EIGRP to enable communication with backbone.
Performed RIP and OSPF routing protocol administration.
Implemented various OSPF scenarios on networks
United Layer Los Angeles, CA October 2010 – July 2011
Network/Facilities Technician
Monitored with Nagios and maintained tier 1 peering Cisco network and implemented IPv6 dual stack throughout internal and customer facing IPv6 networks.
Cisco UCM suite on UCS via VMware hypervisor
Operated Cisco 10Gigabit backbone on 6509 and 4548x switches layer 3 with 10Gigabit East and West Coast peering exchanges. Maintained F5 Big Ip & Foundry load balancers, for geographic dispersed hosts. Operated multi-site collocation facilities and managed server products at the Los Angeles datacenter.
Responsible for Linux system administration for internal systems and managed server support. Provided technical support for cooling (CRAC) system and set up monitoring system in Nagios and Cacti. Integrated Salesforce into corporate operations.
Created and tested Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
Configuring RIP, OSPF, EIGRP and Static routing on Juniper Routers
Cisco ACS.
All Tech Industries Santa Monica, CA January 2007 – October 2010
Technology Engineer
Upgraded to Cisco Nexus infrastructure for 10G.
Built and administered Redhat and Windows server infrastructure in VMware.
Designed nation wide area networks with ISR, with tier 1 carriers secured via ipsec vpn.
Managed several client data services and network infrastructures.
Led development of commercial internet presence utilizing ASP.net and AJAX interface to database driven content.
Designed Flash based interactive brochures and movie players.
Built PHP based surveys and dynamic searches technical based resources.
Developed MySQL database storage of user data and match for searches. Secured network against intrusions and maintained service uptime.
Cisco ACS
Whittier Presbyterian Hospital, Whittier, CA January 2006 – August 2008
Network Security Engineer
Provided troubleshooting for Cisco Call Manager suite and 5000 VoIP phones network. Conversion from terminal to web interfaces to medical resources.
Utilizing C# and ASP.net connecting with MSSQL data process billing calculations. Maintained Two factor remote access system for doctors and remote sites.
Maintained the RSA SecureID authentication system for VPN. Maintained Cisco Concentrator 3000 cluster for ACL and group policies.
Configured centralized Wireless Area Networks access control list and user management system.
Computax, Torrance, CA August 2005 – January 2006
Network Security Engineer
Implemented two factor remote access system for developers. (RSA) Created web interface to financial calculations. Maintained the firewall security and VPN access.
Maintained the RSA SecureID authentication system for VPN. Maintained Cisco Concentrator 3000 cluster for ACL and group policies.
Configured dynamic ACL and streamlined access with ACS.
Handled transition of firewall and router infrastructure to new datacenter.
Configured centralized Wireless Area Networks access control list and user management system. Maintained Cisco catalyst switches and configured VLAN’s for readdressing entire enterprise network.
Utilized routes summarization to accommodate new subnets into the core environment.
Conexserv, Santa Monica, CA February 2003 - August 2005
Network Security Engineer
Environment: Cisco, CAD, VPN, MS SQL
Engineered fault tolerant networks for schools and hospitals. Led teams on infrastructure installations and designed configurations to meet customer expectations.
Small Project management of several the installations and maintenance of Windows network systems and desktops.
Configuring and supporting Microsoft Office suite, Visio and AutoCAD. Constructed and configured Intel and AMD workstations for high-performance computing and AutoCAD design.
Maintained VPN access on Checkpoint using ACE RSA authentication via two factor SecureID and secured network with PIX firewalls for legal practices and real estate management firms.
Administered and designed internet based commerce services for retail stores. Securing purchasing process and credit card verification using SSL and incorporating extranet VPN for suppliers.
Installed print server for user groups on Cisco switches and AP’s.
Designed MS SQL and ASP.NET programming for IE browser based interface.
Multiple contracts providing comprehensive remote and on-site support for domestic and international clients.
Provided network design documentation on Visio and RFC for new implementations. Designed inventory database for Film storage vault.
LA Unified School District Los Angeles, CA August 2002 - February 2003
Network Engineer
Led team on implementing 'fiber to desktop' project district wide. Cisco switch infrastructure implemented including 500 stackable multi-layer switches. Models: Cisco 6509 & 2950
EarthLink, Pasadena, California February 2001 – August 2001; August 2000 – February 2002
Network Engineer
Lead team on operational support of very Network monitoring large internet service provider access network with NetCool snmp agent. Cisco Coded PHP and Perl scripting of monitoring and maintenance enterprise equipment. Mentored technical team in troubleshooting and monitoring network infrastructure in ISP setting. Maintained very large Oracle customer database. Oracle Designed and implemented customer call- center support procedures and customer network design strategy for sales and marketing teams. Maintained largest west coast datacenter with over 1 million dial access and broadband users. Supported Nortel and Cisco access servers. Installed and supported multi-homed BGP peering with all tier 1 carrier over OC 48 at OC3 and DS1 levels.
Mahoning County Commissioners, Youngstown, Ohio January 1997 – May 1999
Network Engineer Infrastructure Liaison
Obtained federal/state grants to fund internetworking several agencies and local law enforcement. Installed data wiring and switch equipment to handle sharing criminal database via Windows network. Project manager for VPN linked database of law enforcement records agencies for sharing criminal history data on MS SQL server.
EDUCATION
Bachelor of Arts Geographic information systems from University of California Santa Barbara, Santa Barbara, California1993
CERTIFICATIONS
CCNP (In progress)
Cisco Certified Network Associate
Vmware Certified Professional
Microsoft Certified Solutions Expert
Contact this candidate