Lead Infrastructure Engineer - Network and Infrastructure Security
Resume:
Name: Ashish Sanas Email: ad28oh@r.postjobfree.com Phone: +1-209-***-**** Location: 75072, TX
Network Security Engineer/Architect
www.linkedin.com/in/ashish-sanas-36136187
Delta System & Software, Inc. Contact; Pawan 972-***-**** ad28oh@r.postjobfree.com
A senior Network Security Engineer/Architect with over 13 years of extensive experience in Network and System Administration, Security Architecture, Facility Operations Management, Project Management (Data Center), and Infrastructure Development. Having knowledge of numerous technologies, networks, infrastructure security, and cloud migration/technologies; expertise in infrastructure engineering and architectural solutions for client environments
PROFESSIONAL SUMMARY:
Scheduling the architecture and installation of infrastructure devices (servers, switches, and firewalls)
Upkeep and design of AWS and Azure cloud infrastructure, including architecture and monthly billing.
Implementing Azure networking and security, AzureAD, W65 cloud devices, and WVD environments.
Controlling access to AWS VPCs. security auditing is done, and weaknesses are shown.
Upholding communication with the support desk partner, improving and automating ServiceNow ticketing, and putting user provisioning between AD and ServiceNow into practice.
Setting up and managing SolarWinds alerts and nodes. Create the monitoring and alerting parameters to produce auto-ticketing according to the priority of the alert.
Produce infrastructure security reports using Splunk.
Upkeep of public domains and DNS records for domains owned by the organization
Take part in mergers and acquisitions, with the goal of integrating the new partners and developing fresh IT infrastructure designs.
Keeping up with Azure Enterprise applications and attempting to integrate every application into SSO
Creating the necessary infrastructure in AWS Glacier and on-premises servers for organization backup and retention rules.
Holding regular team meetings to discuss current infrastructure threats and problems.
Creating a budget for the next six months to three years and providing management with the necessary reports.
Coordinate monthly billing and link-related conversations with ISP
Anticipating IT needs and collaborating with providers to identify the best solution.
Maintain ongoing efforts to keep the infrastructure secure by designing the security layers and audit parameters in close collaboration with the IT Security team.
Participate in weekly/monthly vendor calls and keep up ties with vendors for (Fortigate, Extreme, AWS, Microsoft, Nutanix, Rubrik).
Designed DR sites in AWS and On-Prem and worked on data center planning, migration, and design.
Manage the Office 365 environment and assist the Exchange team with any design needs.
Upkeep of an active directory both locally and in Azure. planning and assisting with ad sync with azure and the other way around.
Enterprise applications with SSO support and AzureAD architecture.
Imperva WAF, a Web-enabled firewall that provides improved security by hosting websites through Imperva.
Tenable performs monthly infrastructure vulnerability scans
Taking care of BlueCoat proxies
Overseeing Extreme NAC management for L2 security (802.1x)
Managing Direct Connect and Express Route connections between AWS, Azure and OnPrem.
Arranging for the architecture and installation of the newest appliances in the world's ITIL v3 data centers, with a focus on retiring and replacing the environment's current older appliances.
Creating and executing multi-vendor wide area network (WAN) systems that support several protocols and integrate SD-WAN services.
WAN transport systems/services (MPLS, VPLS), LAN switching technology (including Spanning tree, VTP domain management), and routing protocols solutions (OSPF, BGP, SDN) are all being improved to meet PCI-DSS and HIPAA compliance rules.
Planning and integrating VoIP (Voice over Internet Protocol) solutions with AV systems and other communication systems
Creating plans for network and security device disaster recovery and corresponding with manufacturers for network and security goods.
Close collaboration with the CTO and cross-functional teams to match the infrastructure landscape with corporate objectives
Increasing efficiency, lowering costs, and improving operations by spotting and seizing new business possibilities.
Serving as an escalation gate and offering help 24 hours a day, seven days a week, to address issues or problems in the facilities to maximize customer satisfaction.
Analyzing new network technologies to improve performance, security, and efficiency; managing the deployment of various appliances and devices in the infrastructure landscape; and educating the team on these technologies.
Establishing enterprise-level security rules and policies, process documentation, compliances, and SOP for the team and vendors.
Keeping up with burn testing protocols for various appliances used in commissioning and decommissioning processes.
Keeping facility infrastructure systems' overall quality and service levels up to par with organizational rules and procedures.
Participating in review sessions with clients to talk about upkeep issues and upgrades.
Examining and analyzing the reports; providing top management with an update on the operations process to aid in decision-making.
Coordinating and coordinating with vendors to ensure that all functions are carried out in accordance with the established norms and procedures.
Holding review meetings with ISP suppliers, going through SLA data, and looking at bandwidth management to enhance LAN/WAN connectivity
Consulting the customer and other stakeholders to get their consent and keep track of the project's progress.
Establishing project baselines, keeping an eye on, and controlling projects to switch traditional datacenter appliances to cloud platforms (AWS/Azure) with respect to cost, resource, time, and quality compliance to ensure satisfactory project execution.
Ensuring that the projects for data centers adhere to strict health and safety standards.
TECHNICAL SKILLS
CLOUD
AWS – Cloud architect and SYS-OPS admin
Google Cloud Platform
Microsoft Azure
FIREWALLS
Cisco ASA
5500 Series
Checkpoint
R60, R75, R77.30
Palo Alto
PA-200, PA-500, PA-5060, PA-5050, PA-3020
Juniper
SRX-220, SRX-240, SRX-100, SRX-650, SSG-5
Fortigate
80C, 90D, 100C-D-E, 200D, 550E
Network Access Control (NAC)
Extreme
Extreme NAC
Cisco
Cisco ISE
ROUTER
Cisco
ASR1002, 26xx, 28xx, 2921, 3925
Nexus
7K & 9K
SWITCH
Cisco
Catalyst switches (Cisco 3750, 4500, 6500) 2950, 2960.
Juniper
5500, 2500
Extreme
EX2200, EX4200, EX4300, Summit & modular switches (C5 & K, S, N-series)
WIRELESS
Cisco Controller
650, 7010, 7210, 3400
Aruba Controller
C4110-1, V2110 (virtual wireless appliance)
Extreme Wireless Controllers
IdentiFi
VPN (Pulse connect secure)
MAG-SM360, AWS-Virtual Appliance
Network Automation
Python, JSON, XML, Postman, Ansible, Puppet, Chef
TOOLS
Packet Capture Tool
Wireshark, Cisco Packet Capture, TCP Dump, TCP view
Process Tools
Remedy, Vital QIP, Maximo, Assist, Service Now, Enterprise Wizard (EW)
Technical Tool
Cisco Works, Cisco Prime, Solarwinds – Orion, Clear pass, MOATIS, Avocent, Netbrain - Enterprise 6.1, NetSight, FortiManager, FortiAnalyzer, StatSeeker, Riverbed CMC, OKTA, ADManager
Proxy
Blue coat, ngnix
PAM solution
CyberArk
Professional Experience
Client: Enovis (DJO Global), Dallas, TX Period: Jul’2017 – till date
Lead Infrastructure Architect
Key Result Areas:
Network
Ability to create design (HLD, LLD) for network architecture.
Designing and implementing new network solutions and/or improving the efficiency of current networks.
Installing, configuring, and supporting network equipment including routers, switches, firewalls, Wireless controllers, Riverbeds, IPsec VPN, SSL-VPN and NAC.
Strong design experience in building large scale distributed internet systems.
Deep experience in MPLS, MPBGP, OSPF, RSVP, VRF\s, VLAN\s, VXLAN\s, datacentre networking, Spine Leaf topologies.
Procuring network equipment and managing subcontractors involved with network installation.
Configuring Firewalls, Routing and Switching to maximize network efficiency and security.
Maximizing network performance through ongoing monitoring and troubleshooting.
Arranging scheduled upgrades.
Investigating faults in the network.
Periodically updating network equipment to the latest firmware releases.
Reporting network status to key stakeholders.
Establishes and maintains network performance.
Troubleshoots network problems.
Defines, documents, and enforces system standards.
Ability to execute methodically to gather, document, and present specific requirements and articulate technical solutions.
Secures network system by establishing and enforcing policies and defining and monitoring access.
Strong understanding of DNS and DHCP.
Manage public DNS services via CSC portal and related domain providers.
In-depth knowledge of routing, switching, wireless and network security.
Knowledge of stateful packet inspection, firewalls, VPNs, and ACLs (Access Control Lists).
Extensive experience with Layer 2 protocols and associated enhancements (LACP, L2 ECMP, 802.1dws, 802.1x, etc.) required.
Partner with Info-Security to detect, prevent and defend security network vulnerability.
Self-directed to complete tasks professionally and timely with minimal supervision.
Provide technical expertise and fully engage during P1/P2 network escalation and RCA.
In- depth experience installing, configuring, and maintaining different monitoring tools like SolarWinds & Zabbix.
Strong understanding of public cloud architectures, technology and deployments including AWS, Azure.
Installation and deployment of CyberArk for PAM solution.
SolarWinds
Network Design and Planning: Designing the organization's network architecture, including the selection and integration of network devices, technologies, and topologies to meet performance, scalability, and security requirements.
SolarWinds Integration and Architecture: Integrating SolarWinds into the network infrastructure and designing the overall SolarWinds architecture to ensure effective monitoring and management of network devices and services.
Network Performance Optimization: Analysing network performance data from SolarWinds to identify areas of improvement and optimize network traffic flow, ensuring the best possible user experience.
Advanced Monitoring Solutions: Leveraging the capabilities of SolarWinds to implement advanced monitoring solutions, such as Network Performance Monitoring (NPM), Network Configuration Management (NCM), and IP Address Management (IPAM).
Network Security Architecture: Designing and implementing network security measures at various layers of the OSI model, with a focus on utilizing SolarWinds for security event monitoring and threat detection.
Capacity Planning and Scalability: Using SolarWinds historical data and trends to plan for network capacity requirements and scalability as the organization's needs grow.
Vendor Evaluation and Selection: Evaluating and selecting network hardware and software vendors that align with the organization's goals and integrating these solutions with SolarWinds.
Automation and Orchestration: Implementing network automation and orchestration solutions with SolarWinds to streamline network management and reduce manual tasks.
Network Documentation and Standards: Establishing network documentation standards and guidelines, ensuring that network changes and configurations are well-documented within the SolarWinds platform.
Network Troubleshooting and Root Cause Analysis: Utilizing SolarWinds monitoring data to conduct in-depth network troubleshooting and root cause analysis for complex network issues.
Disaster Recovery and Business Continuity: Designing network architectures with disaster recovery and business continuity in mind and using SolarWinds for monitoring and managing redundant network paths.
Collaboration and Communication: Collaborating with cross-functional teams, including Network L2 and L3 Engineers, Network Administrators, IT Managers, and other stakeholders to ensure the successful implementation of network solutions.
Network Performance Reporting: Generating executive-level reports based on SolarWinds data to communicate network performance, incidents, and improvements to senior management and other key stakeholders.
Security and Compliance: Ensuring network architecture aligns with security best practices, regulatory compliance, and industry standards, and utilizing SolarWinds to monitor and assess security measures.
Staying Abreast of Industry Trends: Keeping up to date with the latest networking technologies, trends, and best practices, including updates and advancements in SolarWinds capabilities.
Amazon Web Service (AWS)
Design and Implement VPCs (Virtual Private Clouds): Creating and configuring VPCs to isolate and secure different resources, subnets, and network traffic within AWS.
IAM (Identity and Access Management): Managing IAM roles, policies, and permissions to control access to AWS resources and ensuring proper authentication and authorization mechanisms are in place.
Account Management: Overseeing and managing the network infrastructure for multiple AWS accounts, ensuring consistency, security, and compliance across all accounts.
EC2 (Elastic Compute Cloud): Provisioning, managing, and maintaining EC2 instances, including selecting appropriate instance types, optimizing performance, and ensuring high availability.
S3 Glacier: Configuring and managing Glacier for long-term data archival and ensuring data retrieval when required.
Direct Connect and VPN: Setting up and maintaining Direct Connect and Virtual Private Network (VPN) connections to securely link on-premises data centers with AWS resources.
Backup and Disaster Recovery: Implementing and monitoring backup and disaster recovery solutions for critical network resources to ensure business continuity.
Route 53: Managing DNS (Domain Name System) services, creating and configuring hosted zones, and ensuring proper routing of traffic to AWS resources.
Security and Compliance: Ensuring that network configurations and access controls adhere to security best practices and compliance standards relevant to the organization.
Network Monitoring and Troubleshooting: Setting up monitoring tools and implementing proactive measures to identify and resolve network-related issues promptly.
Performance Optimization: Continuously optimizing the network infrastructure to improve performance, reduce latency, and enhance overall reliability.
Automation and Scripting: Developing scripts and automation tools to streamline network configuration and management tasks.
Documentation and Reporting: Maintaining comprehensive documentation of network configurations, changes, and incident reports.
Collaboration and Support: Working closely with other teams such as developers, DevOps, and security personnel to support application deployments and resolve cross-functional issues.
Cost Management: Optimizing AWS resources usage and implementing cost-effective solutions without compromising performance or security.
Stay Current with AWS Services: Keeping abreast of the latest AWS services and features and evaluating their applicability to the organization's needs.
Microsoft Azure
Designing, implementing, and maintaining Azure AD (Active Directory) infrastructure for user and device authentication and authorization.
Configuring and managing Azure AD Connect for directory synchronization between on-premises Active Directory and Azure AD.
Integrating and managing enterprise applications within Azure AD, allowing users to access these applications with single sign-on (SSO).
Troubleshooting application access and SSO-related issues.
Monitoring and troubleshooting sync issues to maintain consistency between on-premises and cloud identities.
Managing user accounts, roles, and permissions within Azure AD.
Handling user onboarding and offboarding processes, including provisioning and deprovisioning of resources.
Configuring and managing virtual networks (VNets), subnets, and network security groups (NSGs) to secure the Azure environment.
Implementing and monitoring network traffic and security policies to protect against threats.
Deploying and managing Azure resources, including virtual machines, storage accounts, and load balancers.
Optimizing resource utilization and ensuring cost efficiency.
Monitoring the health and performance of Azure resources and network infrastructure.
Identifying and resolving network-related issues and outages.
Implementing backup and disaster recovery solutions for critical Azure resources.
Testing and validating disaster recovery plans regularly.
Enforcing security policies and compliance standards within the Azure environment.
Collaborating with compliance teams to ensure adherence to industry regulations and company policies.
Maintaining accurate documentation of the Azure network infrastructure and configurations.
Preparing regular reports on network performance, security, and usage.
Imperva WAF (Web Application Firewall)
Configuring and maintaining the Imperva security policies for web applications.
Managing access controls and user permissions within the Imperva system.
Configuring network settings for integrating Imperva products into the organization's infrastructure.
Managing load balancers and routing traffic through the Imperva solution.
Working with security administrators to optimize network security and traffic filtering.
Collaborating with security administrators to define and implement application-specific security policies.
Assisting with the deployment and integration of Imperva components within web applications.
Conducting application testing and fine-tuning Imperva rules for optimal performance.
Responding to and resolving incidents related to Imperva security events.
Track and manage the entire lifecycle of digital certificates, including monitoring expiration dates and initiating certificate renewals or replacements.
Vendor management for Helpdesk
Requirement Gathering: Clearly define your organization's specific needs and business processes that require automation or optimization using ServiceNow flows. Collaborate with your team to identify pain points and areas that need improvement.
Process Mapping: Work with the ServiceNow development team to map out the existing processes and the desired automated workflows. Provide detailed process documentation, flowcharts, or diagrams to illustrate how the system should work.
Business Rules and Logic: Clearly communicate the business rules, conditions, and logic that need to be applied within the flows. This involves specifying the criteria for decision-making and actions to be taken based on different scenarios.
Data Requirements: Define the data inputs and outputs required for each flow. Ensure that the necessary data is available and accessible within the ServiceNow platform.
Integration Needs: If the flows need to interact with external systems or APIs, communicate the integration requirements to the ServiceNow development team.
Security and Access Control: Specify the access control requirements, including who can access, modify, or approve data within the flows. Discuss security considerations and compliance needs.
User Interface and Experience: Discuss the user interface requirements and how the flows should be presented to end-users. Consider factors like usability, accessibility, and user experience.
Testing and Validation: Work with the development team to review and test the implemented flows. Provide feedback on their functionality and ensure they meet your organization's expectations.
Documentation and Training: Request thorough documentation for the implemented flows, including user guides and training materials. Ensure that your team is well-trained in using the new processes.
Change Management and Deployment: Coordinate with the ServiceNow development team to plan the deployment of the flows in a manner that minimizes disruption to your organization's operations. Ensure that change management processes are followed to manage any potential risks.
Continuous Improvement: Actively participate in the post-implementation phase by providing feedback on the effectiveness of the flows and suggesting improvements if necessary.
CMDB management - auto discovery for Infrastructure devices
Client: Varian Medical Systems, Palo Alto, CA Period: Jan’2016 – Jun’2017
Sr. Network admin
Responsibility:
Managed Network Equipment:
Managed Juniper EX series switches, SRX firewalls, Aruba wireless controllers, PAN firewalls, Riverbed devices, and Pulse Secure gateways.
Oversaw the configuration, maintenance, and performance optimization of these network components to ensure reliable and secure operations.
Redundant Connectivity:
Maintained network connectivity through redundant links, including MPLS, VPLS, and RVA (Recoverable Virtual Addressing).
Monitored and configured Pulse Secure gateways to ensure seamless and secure remote access for users.
Aruba Controller and Access Points:
Managed Aruba wireless controllers and associated access points to provide wireless network services.
Ensured the stability, performance, and security of the wireless network infrastructure.
ClearPass:
Administered ClearPass, a network access control (NAC) solution, to enforce network security policies and authentication protocols.
Implemented and maintained ClearPass policies to control and manage user access to the network based on predefined criteria.
Client: CondeNast publications, New York, NY Period: Jan’2015 – Dec’2015
Sr. Network Admin
Responsibility:
ITIL Ticketing through HP SM7 and Enterprise Wizard:
Utilized ITIL ticketing systems, including HP SM7 and Enterprise Wizard, to manage and track IT service requests and incidents.
Ensured efficient handling of IT service tickets, including logging, assignment, prioritization, and resolution tracking.
Managed and Troubleshoot Network Infrastructure:
Administered and troubleshot a diverse range of networking equipment, including Cisco Routers (ASR1002, 26xx, 28xx, 29xx, 39xx, 19xx series), Catalyst switches (3750, 4500, 6500), and all L2 switches.
Supported and maintained Palo Alto firewalls, Citrix Netscaler, Pulse secure VPN devices, core Nexus switches (Cisco Nexus 7009), Cisco Wireless controllers, and connected Access points.
Ensured the reliability, security, and performance of the network infrastructure through proactive monitoring and troubleshooting.
Pulse SSL VPN Management and Configuration:
Managed and configured Pulse Secure SSL VPN devices to provide secure remote access to the network for authorized users.
Implemented and maintained VPN policies, user profiles, and security protocols to safeguard network access and data integrity.
Ensured the availability and functionality of Pulse SSL VPN services, providing secure and seamless remote connectivity for users.
Client: Kraft – Chicago, IL Period: Jan’2014 – Dec’2014
Sr. Network Engineer
Responsibility:
Firewall migration to Checkpoint and managing firewalls post-migration.
Network Assessment: Conducted a thorough assessment of the existing network, including the current firewall setup, policies, and configurations.
Migration Planning: Developed a comprehensive migration plan that outlines the steps, timeline, and resources required for a smooth transition to Check Point firewall solutions.
Firewall Deployment: Installed and configured Check Point firewalls, ensuring they meet the organization's security requirements and compliance standards.
Policy Migration: Migrated firewall policies and rules from the existing firewall to Check Point, ensuring a seamless transition while maintaining security and compliance.
Testing and Validation: Conducted extensive testing to validate the functionality and effectiveness of the Check Point firewall configurations, policies, and rules.
Troubleshooting: Diagnosed and resolved any issues that arise during the migration process to minimize downtime and ensure a secure network environment.
User Training: Provided training to IT staff and end-users on how to work with the new Check Point firewall system and its management interface.
Documentation: Created detailed documentation of the migration process, configurations, and policies for future reference and compliance purposes.
Security Best Practices: Implemented and enforced security best practices, including regular updates, patch management, and monitoring of firewall logs for security incidents.
Compliance and Reporting: Ensured that the Check Point firewall environment complies with industry standards and regulatory requirements, generating reports and documentation as needed.
Change Management: Followed change management process to track and manage firewall policy changes, ensuring they align with security policies and business needs.
Incident Response: Developed and implemented an incident response plan to address and mitigate security incidents or breaches involving the Check Point firewall.
Vendor Collaboration: Collaborate with firewall vendors and support resources to troubleshoot complex issues and stay updated on product enhancements and updates.
Scalability and Performance Optimization: Continuously monitor and optimize the firewall environment to accommodate network growth while maintaining high-performance levels.
Backup and Recovery: Implemented backup and recovery procedures for firewall configurations and data to minimize the impact of unexpected failures or data loss.
Client: Bank of America, New York, NY Period: Apr’2010 – Dec’2013
Network Engineer:
Responsibility:
Managed DPS, Procurement, architecture, design & and development of network and infrastructure Security technology assets as part of HP’s US Network Security Engineering/Consulting team, working in leverage customer environment of US
IP Address Allocation: Allocate and manage IP address assignments to devices and systems within the network, ensuring efficient utilization of available IP address ranges.
DNS Configuration: Configure and maintain DNS servers, including the creation and management of DNS zones, records, and resolving domain names to IP addresses.
DHCP Configuration: Configure and maintain DHCP servers to automatically assign IP addresses, subnet masks, and other network configuration parameters to devices requesting network access.
IP Address Tracking: Keep track of IP address assignments, maintain accurate IP address documentation, and update records as needed to avoid conflicts and overlaps.
Troubleshooting: Diagnose and resolve DNS and DHCP-related issues such as network connectivity problems, IP address conflicts, and DNS resolution failures.
Security: Implement and enforce security measures to protect DNS and DHCP servers from unauthorized access, DDoS attacks, and other security threats.
Scalability: Plan and implement strategies to accommodate the growth of the network, ensuring that DNS and DHCP services remain scalable and responsive to changing demands.
Monitoring and Logging: Continuously monitor DNS and DHCP server performance, utilization, and logs to identify potential issues and proactively address them.
Backup and Recovery: Implement backup and recovery procedures to safeguard DNS and DHCP configurations and data in case of server failures or data loss.
Documentation: Maintain detailed documentation of configurations, changes, and best practices related to DNS and DHCP services for future reference and compliance purposes.
Compliance and Standards: Ensure that DNS and DHCP configurations comply with industry standards and best practices, such as RFCs (Request for Comments) and organizational policies.
Collaboration: Collaborate with other IT teams and departments to ensure seamless integration of DNS and DHCP services with other network components and services.
Training and Knowledge Sharing: Stay updated on DNS and DHCP technologies and share knowledge with team members to enhance overall network management capabilities.
Education
Bachelor of Science in Information Technology
Certification
CCIE R&S v5 – Written Certified
CCSA (Checkpoint) - Certified
PaloAlto – ACE – Certified
AWS Certified:
oSysOps Administrator – Associate
oAdvanced Networking – Specialty
ITIL foundation
Training
NetBrain
Solarwinds Administration
Nutanix
Office 365 administration
OKTA administration
Network Automation (DEVNET)
Azure Security
Rubrik Admin
Tenable
Contact this candidate