Post Job Free

Resume

Sign in

Security Engineer Network

Location:
Sunnyvale, CA
Posted:
February 11, 2024

Contact this candidate

Resume:

Tony Saunders

Sunnyvale, CA

Phone (C): 650-***-****

ad3jjc@r.postjobfree.com

Education:

BS Electrical Engineering, UC Irvine

MS Network Engineering and Telecommunications, University of Colorado, Boulder

MS Engineering Management and Technology, George Washington University

Position: Staff Security Engineer/Linux Security /Cloud Infrastructure Security Engineer

WORK EXPERIENCE

Milestone Technologies (Google, Apple):

Sr. Security Engineer-Network, Cloud & Infrastructure August 2022-Dec2023

Recent Cybersecurity Architecture/Design/Operational experience in Networks, Data Center Systems, and Cloud Infrastructure and Platforms (IaaS security, PaaS security).

Experience in threat-modelling of complex systems and knowledge of common attack techniques and vectors.

Experience in delivering comprehensive architecture specifications for complex security solutions.

Strong cross-domain and cross-functional knowledge that will enable design of the best possible security solutions.

Solid understanding of, and ability to speak authoritatively to, security principles in areas such as network, systems, virtualization, cloud technologies, application development, databases, and access control.

Hands-on experience, strong understanding, and demonstrated knowledge of enterprise security technologies including:

Secure Multi-Cloud architecture

Vulnerability Management

Network Security

Endpoint Security

Advanced Threat Detection

Privilege Access and Identity Management

Data Governance, Identification, Classification & Loss Prevention

SEIM, SOAR, and Security Operations

Experience with open source-based security technologies.

Programming/coding and automation experience (e.g., Python, Linux,Ansible, Chef).

Experience integrating multiple vendor products.

Basic understanding of compliance, regulatory and legal requirements relevant to customer industry such as PCI, SOX, HIPAA, GLBA, GDPR, CCPA.

Basic understanding of relevant Industry Principles, Best Practices, and Standards, such as NIST, ISO, CSA, and ISSA.

Facebook:

Network Security Engineer Oct 2019 – August 2022

oDeveloped documentation and capacity plans, and debug the hardest problems, on some of the largest and most complex networks and systems in the world.

oManaged and maintained multi-vendor, multi-protocol data center, backbone and edge networks. Defined and developed optimized network monitoring systems.

oAnalyzed data to diagnose and identify root causes to network issues.

oExperience coding in higher-level languages (e.g., Python). Experience in configuration and maintenance of network devices and NMS systems, web servers, load balancers, relational databases, storage systems and messaging systems.

oWorking Knowledge of routing and switching and practical protocol knowledge of BGP, MPLS, ISIS and OSPF and similar routing protocols - knowledge in typical configurations, troubleshooting, and performance tuning. Experience developing and understanding network device configuration for (Juniper, Cisco, Arista, Brocade, etc.)

oBroad engineering skillset to partner with product engineering teams to improve user experience for billions of people across Facebook, Instagram, WhatsApp, Messenger, Oculus, and many more products.

oWorked cross-functionally with highly technical software engineering and network engineering teams and product engineering teams to instrument metrics and build scalable systems that identify key relationships across network and user quality of experience measures.

oLeverage machine learning and related techniques to deliver solutions for large network infrastructure problems. Leverage data produced to improve platform architecture and design. Knowledge of network infrastructure and routing. Experience with data logging and processing at scale. Experience with analysis of network and performance metrics. Hands-on experience with large-scale datasets and experience in partnering with technical engineering teams to solve issues.

oInstalled, implemented, administered, monitors, and maintained security architecture technology processes and solutions including security information and event management, anti-malware, intrusion detection, public key management, certificate management, and identity and password management solutions.

oConducted routine phishing and Information Security awareness campaigns to increase the awareness of users on social engineering attacks and provided periodic reporting.

oPerformed threat, and vulnerability assessment, and provided subject matter expertise on appropriate threat mitigation.

oConducted day-to-day direct observation of various security solutions such as Security Information and Event Management (SIEM) systems, firewall appliances, intrusion prevention systems, analysis tools, and various log aggregation tools.

oProven experience with pen-testing tools and security attack vectors.

oExperience in conducting root cause analysis.

oSystem forensics/investigation skills.

oExperienced in Data protection in transit and at Rest, Data Loss prevention techniques.

oCollaborated with other Information Security and Information Technology (IT) team members to develop and implement innovative strategies for monitoring and preventing attacks.

NTTDATA:

Sr. Network/Security Engineer - August 2018 - Oct 2019

oExpert knowledge in large scale IP Networking Technologies and protocols such as: MP-BGP, OSPF, ISIS, VRF, VXLAN, EVPN, QoS, GRE, IPSEC, DNS.

oHands-on experience around Peering and Datacenter interconnect technologies: PNI, Transit, Exchange, Passive DWDM, Wave circuits.

oAbility to write and understand Python/Shell scripts and programs for automation, tools, frameworks, dashboards, alarms.

oUnderstanding of network virtualization such as: VRFs, VXLAN

oFamiliarity with Arista, Juniper and Cisco OS.

oExpert in the field of network, especially in underlay network.

oStrong track record of implementing network services in a variety of distributed computing environments.

oExperience with high performance network and network optimization in highly available, large-scale, multisite, international environments

oHands-on experience with automation for provisioning, monitoring, and managing the network infrastructure.

oNetwork data center Engineer at Facebook performing hybrid software/network engineering functions to ensure that Facebook's network and related services run smoothly and have the capacity for future growth.

oResponsible for conceiving, developing, and deploying systems and tools to keep the network running reliably and efficiently.

oDeveloped documentation and capacity plans, and debug the hardest problems, on some of the largest and most complex networks and systems in the world.

oManaged and maintained multi-vendor, multi-protocol data center, backbone and edge networks. Defined and developed optimized network monitoring systems.

oAnalyzed data to diagnose and identify root causes to network issues.

oExperience coding in higher-level languages (e.g., Python). Experience in configuration and maintenance of network devices and NMS systems, web servers, load balancers, relational databases, storage systems and messaging systems.

oWorking Knowledge of routing and switching and practical protocol knowledge of BGP, MPLS, ISIS and OSPF and similar routing protocols - knowledge in typical configurations, troubleshooting, and performance tuning.

o Experience developing and understanding network device configuration for (Juniper, Cisco, Arista, Brocade, etc.)

o Installed, implemented, administered, monitors, and maintained security architecture technology processes and solutions including security information and event management, anti-malware, intrusion detection, public key management, certificate management, and identity and password management solutions. Conducted routine phishing and Information Security awareness campaigns to increase the awareness of users on social engineering attacks and provided periodic reporting.

oPerformed threat, and vulnerability assessment, and provided subject matter expertise on appropriate threat mitigation.

oConducted day-to-day direct observation of various security solutions such as Security Information and Event Management (SIEM) systems, firewall appliances, intrusion prevention systems, analysis tools, and various log aggregation tools.

oProven experience with pen-testing tools and security attack vectors.

oExperienced in Data protection in transit and at Rest, Data Loss prevention techniques.

oCollaborated with other Information Security and Information Technology (IT) team members to develop and implement innovative strategies for monitoring and preventing attacks.

oDeveloped appropriate metrics (key risk and performance indicators) to measure the monitoring program and related processes.

oDeveloped and monitored basic Intrusion Detection Systems/Intrusion Protection Systems (IDS/IPS) rules to identify and/or prevent malicious activity.

oDeveloped and tested new correlation content and use cases using SIEM filters, rules, data monitors, active lists, and session lists.

oResearch on emerging security threats.

oProposed additional components and techniques that could be used to proactively detect and prevent malicious activity.

oEnsured the smooth running of the vulnerability scanning solution and engaged with system owners on system patching.

COMCAST

Network Engineer April 2017 -Aug 2018

oManaged the performance of the network from a senior/engineering viewpoint and lead efforts to optimize, troubleshoot, maintain, and provided engineering support for the network infrastructure and interact with vendors to resolve issues

oStrong knowledge of internet designs and their applications, to include IP subnetting and complex routing techniques on LAN/WAN networks with varying routing & switching architecture of large-scale networks.

oUnderstanding of SDN/SDDC (Software Defined Network or Datacenter) including

oexperience with AWS VPC, Azure, Openstack, Cloudstack, and related technologies.

oInvolved with multiple successful implementations of (including the ability to setup,

oconfigure, upgrade, manage, and troubleshoot) Cisco routers and switches, VPN connections, Cisco Lightweight Wireless Access Points, Meraki, and Citrix NetScaler.

oKnowledge of project life cycle management, Network device installation and testing,

oVirtualization technologies, Secure network architectures, High availability network design and implementation.

oHands-on experience with repeatable, reliable, and scalable network architectures with fault tolerance, performance tuning, monitoring systems, statistics/metrics collection, and disaster recovery.

oExpert level knowledge of transport protocols, routing protocols, and security/auth to encryption protocols at all layers of the OSI model with emphasis on TCP/IP.

oThorough understanding of networking technologies, including administration of enterprise routers, switches, firewalls and load-balancers (OSI layers 4-7)

oExpertise with Palo Alto Network Firewall, Cisco ASA and NetScaler load balancers.

oStrong OSI layer 2 knowledge and practical experience, including various flavors of STP, ARP as well as knowledge of OSI layer 3 networks and protocols, including broadcast, multicast, anycast concepts, routing, and firewall.

oExpertise with various routing protocols (BGP, OSPF, EIGRP) Understanding of network security methodologies, including but not limited to ACLs, Stateful firewalls, VPNs (tunneling, IPsec, PPTP.)

oFluency with common network admin and intrusion detection tools such as Rancid, OpenNMS, Nagios, Ethereal Wireshark, Nmap, and NetFlow.

oAdministrative scripting skills (Python, UNIX shell scripting). In-depth knowledge of Cisco IOS, NX-OS, encompassing Cisco Nexus 1K, 2K, 5K 9K and non-Nexus series switches, Cisco routers and other Cisco networking gears.

oSolid understanding of data center related technology and collocation environment and In-depth knowledge of MPLS network. Experience with Cisco Fabric interconnect configuration and implementation.

oExperience deploying and maintaining wireless networks.

Loral-SSL:

Sr. Network Engineer Feb 2015 - March 2017

oDesigned, deployed and maintained the production and network infrastructure to include routers, switches, firewalls and other network devices. Reviewed existing processes, recommended changes and instituted new processes as necessary, to include areas of monitoring, upgrades, and tuning.

oParticipated in application customization discussions and technical implementations as it pertained to network engineering. Management of both remote-access and site-to-site VPN tunnels in a Cisco environment and others. Involved in Debugging and troubleshooting of all IPsec/network related issues and VPN access.

oGenerated high-quality project documentation, such as architectural designs, implementation plans, design documents, test plans, etc. Provided documentation, training and technical escalation applicable for day-to-day administration and change requests for network configuration.

oDocumented maintenance activities, failure analysis results, incident reports, penetration analysis, audit results and activities related to management of small-scale projects.

oProvided technical escalation and be on call during designated periods. Worked with release management and testing within a SaaS environment. Diagnosed, as appropriate, complex systems issues with multiple influencing factors which required interaction with resolve problems.

oExperience with internal monitoring tools such as SolarWinds, Nagios, etc. Solid knowledge of LAN/WAN technologies. Solid knowledge of TCP and UDP protocols. Solid knowledge of BGP, OSPF and EIGRP. Experience deploying and maintaining wide area networks with emphasis on IPSec, VPN DMVPN and MPLS transport.

oExperience with Cisco IOS, IOS-XE and NX-OS, leaf-spine architecture, fabric path and vpc+. Experience working in a load balanced environment. Experience with F5, NetScaler, Palo Alto and cisco ASA firewalls. Proficiency with VPN technologies such as PAN Global Protect and OpenVPN.

oScripting and automation experience (Python). Familiarity with deploying and managing networks in a cloud supported. Proficiency with VoIP and Video Conferencing Technology architectures and implementations: Google Hangouts, Zoom, Dialpad. Firm grasp and experience in troubleshooting layer 2 and 3 protocols such as STP, 802.1q, OSPF, BGP, MPLS, LDP, and VRF. Familiarity with 802.11 a/b/g/n/ac radio technologies.

Cisco Systems:

Sr. Network Engineer July 2013 - Feb 2015

oProven ability to initiate and complete new projects with minimal direction and guidance, and to conduct them through a project life cycle which includes requirements analysis, design, planning, evaluation, implementation, and formal presentations.

oPlayed a key role in taking the organization network to the through several network projects, including architectural problem analysis, capacity expansion, redundancy, and high availability.

oIn-depth Data center networking experience with Cisco Nexus 7K/5K/9K/2K, Cisco ASA Firewalls, and Cisco ASR routers as well as Juniper and Arista router and switches. Experience with NetScaler, Cisco ACE and F5 load balancers.

oProficiency with BGP, OSPF and EIGRP with proven skills to implement, administer and troubleshoot network operational issues involving. Supported compliance, patching, upgrades and audits. Also participated in Change management meetings for network changes and on-call rotation to provide after hour support.

oExperience with network tools such as Cacti, Nagios, RANCID, SNMP and NetFlow. Able to handle multiple, complex, short term projects and incidents simultaneously. Comfortable documenting, updating and explaining network topologies and diagrams to support future expansion needs.

oHands-on experience with Cisco Catalyst products (6500, 4900M, 3700 switches). A solid understanding and skills to configure, manage, deploy and troubleshoot multi-vendor network platforms including Cisco legacy switches and routers, Cisco Nexus, (5k, 7k and 2k), Juniper SRX, MX, EX devices, Arista, Palo Alto and Cisco ASA security appliances.

oDemonstrated abilities with networking concepts and protocols, such as VLAN, sub netting, STP, HSRP/VRRP, and network infrastructure protocols such as SSL/TLS, DNS, DHCP, TFTP, SCP, NTP, FTP, HTTP, SMTP, and LADP. Experience working in large and multiple data center build/migration projects, and the troubleshooting of complex multi-vendor geographically separated networks.

Proofpoint Inc:

Sr. Network/NOC Engineer June.2011- June 2013

oStrong design and implementation experience in TCP/IP networks, including extensive knowledge of networking technologies. Strong experience with layer 2 protocols such as Spanning tree, VPC, and VLAN Trunking.

o Full understanding of Routing Protocols (OSPF, EIGRP, and BGP) and Gateway Redundancy Protocols (HSRP, VRRP, and GLRP) and experience troubleshooting issues with these protocols.

oExperience with application QoS performance and latency tuning and troubleshooting across network architecture. Experience implementing and supporting enterprise systems monitoring and management tools such as Solar Winds. Solid network and systems troubleshooting experience with network protocols (UDP, TCP)

oStrong working knowledge of OSPF and BGP Ability to analyze and assess network architecture requirements and determine optimum, cost-effective solutions.

oContributed to the, provided recommendations for continuous improvements to workflow, processes, resiliency and technology. Act as a liaison between the

Engineering, and Network architecture.

o Responsible for the implementation of new network architecture/designs on the production network. Also, responsible for training the NOC on new and existing technologies and troubleshooting procedures. Provide overflow support for the NOC and activations related tasks.

oDesigned and produced Root Cause Analysis. Documents as follow up to Major Network and Application outages.

oManagement, configuration and deployment of various network routers, switches and firewalls: Cisco routers: 76xx, 72xx, Cisco switches: 65xx, 3560, 3750, 2960, 4948, 4500, 4900M, Cisco firewalls: ASA 5585, ASA 5580, ASA 5550, ASA 5520, Juniper routers/firewalls: Juniper SRX Firewalls, Netscreen firewalls(SSG), Juniper MX series routers and Juniper EX series switches(Juniper Networks devices with JUNOS and Screen OS) as well as Citrix NetScaler, and F5 devices such as GTM and LTMs

oExperience with subnets, VPN (IPSEC site-to-site VPNs), SSL VPN, VPN tunnel, and Juniper/Cisco client remote access. Strong understanding of MPLS, MPLS/VPN, MP-BGP,

oApplication protocols - HTTP, HTTPS, FTP, SMTP, SNMP, SSL etc., Network Security - IPsec VPN, AAA Architecture, TACACS+, RADIUS as well as Traffic filtering and network traffic analysis. Knowledge of Data Center Architecture - Network, Server, Storage and monitoring tools such as SolarWinds Orion, Nagios, Cacti & Rancid.

Microsoft:

Sr. Network Engineer June. 2009-May 2011

oManaged high priority trouble calls and worked closely with the technicians, and telecommunications carriers to resolve service issues. Participated in on-call rotation for incident support.

oProvided assessment and fulfillment of network support service requests including requests for network reports, documentation, implementations, and modifications and decommissioning of network infrastructure.

oHands-on technical experience with enterprise data center environments, with solid understanding of the Cisco L2/L3 switching and routing technologies. Experience to renew and create new network baselines for network performance, trending and capacity planning for routers, switches, firewalls and VPN devices.

oStrong initiative and ability to identify security risks, potential network latencies, and infrastructure threats.

oAbility to work independently within a team, organized and able to communicate with of internal/external clients. Cisco hands-on experience (configuration and troubleshooting) with routing and switching platforms including Cisco 6500, Cisco 4500, Cisco 7200, Nexus 7k, 5k and 2k fabric extenders.

oSupport of Global teams working on systems and tools. Helped change requests from end-users, review application migration plans, document project progress via established organizational tracking tools and report results. Maintain basic network functionalities and deployment needs including topology changes, subnetting and troubleshooting.

oA strong understanding of TCP/IP, IP routing protocols (BGP/OSPF/EIGRP), MPLS, VPN/IPSEC, Juniper and Cisco SSL VPN appliances, knowledge of Layers 4-7; DHCP, SNMP, SSL, FTP, NTP, HSRP, TFTP, TACACS+, SSH, Traceroute, Syslog as well as experience with route-maps, ACL, NAT/PAT and SMTP.

oProficiency with switching technologies including, spanning tree (PVST+, RSPT, MST) Port Channels, VPCs and VTP domains

SanDisk Inc:

Network Engineer July 2005-May 2009

oExperience with designing and implementing large-scale networks, network routing, switches and internet-related networking and security as well as providing senior level engineering support with the and deployment of the organization's network systems and technologies.

oProvided technical, procedural and operational support to of IT staff to ensure proper integration of systems' functions with the, firewall, MPLS and wireless operations.

oCoordinated with the to facilitate network design, enhancements, new implementations and problem resolution. Performed problem analysis, root cause analysis, and provided recommendations for enhancements of the Data Network, Voice Network, Conferencing and security infrastructure.

oPerformed gap analysis and implemented steps for improving service quality. A detailed understanding of the IP network and the routing environments, proven network security skills as well as a strong technical experience in the installation, troubleshooting, integration and operation of various networking equipment.

oExcellent understanding of the protocols surrounding IP service provider networks. Knowledge and experience in: TCP/IP fundamentals, IP subnetting, and hierarchical routing principles, routing protocol operation, and routing policies.

oOperational knowledge of Cisco routers and a detailed experience configuring and managing Cisco 2800, 3800, and 7200 routers, Cisco 3550/3750, 4500, and 6500 Catalyst Switches in a high availability production environment.

oHands-on and technical experience with TCP/IP (IPv4) platforms involving protocols such as EIGRP, OSPF, and BGP and their related control protocols as well as a strong working knowledge of TCP/IP enhancements such as multi-cast, QoS techniques, bandwidth path reservation techniques and server load balancing in a 24/7 production environment.

oExperience with NetScaler and Cisco CSS/GSS load balancers; configuration, management, and troubleshooting. Knowledge of Global DNS load balancing, WAN optimization and compression appliances such as: Riverbed, - SHA2020.

oTechnical experience with Cisco PIX and Checkpoint firewalls, Juniper SSG520 firewalls, wireless WLAN controller, WISM configurations, Cisco AP (Aironet 12000 series) and Wireless Access Security: Experience with Audio Video conferencing systems using Polycom as well as a working knowledge of VoIP.

oFamiliar with enterprise support tools such as CiscoWorks, SolarWinds Orion 8.0, MRTG as well as the use of the monitoring tools to monitor and analyze routing and established network metrics including memory usage, latency, error rates, and bandwidth utilization for deployed networks in order to improve network availability.

Infineon Technologies:

Sr. Network Engineer March. 2001-July 2005

oDesigned, implemented and maintained all corporate network infrastructures on a day-to day basis.

oInvolved with very large-scale TCP/IP projects, and production level tasks involving Load Balancing systems: Alteon and Cisco Load Balancers.

oExperience with large-scale sub-netting and network implementations including routing and switching competence in a high-performance network environment. Exceptional experience working with topologies and protocols including OSPF, EIGRP, RIP, BGP, ATM, Frame Relay and VPN.

oExtensive hands-on experience with Cisco 7500, 7200, 3700 and 2600 series routers. Additional hands-on experience working with series switches, Catalyst 4500 and 3750 switches, Cisco 2950 series switches as well as other Cisco layer 2 and 3 switches.

Intel Corporation:

Network Engineer: July 99 - Feb. 2001

oResponsible for the design, implementation, expansion, monitoring and maintenance of complex network infrastructure of LAN, WAN, Remote Access, VPN and Firewall.

oWorking knowledge of TCP/IP, IPsec, 3Des-CBS, DES/3DES, SHA-1, TCP/IP, Linux OS, Internet Security technology and network protocols. Expert knowledge in network design and topologies for the LAN, WAN and Campus networks with experience in network applications and set up, upgrade and configuration of networking devices such as routers, switches, firewalls and VPN.

oIntimately involved with advanced troubleshooting and resolution of network connectivity problems up to the. Performed bandwidth performance monitoring and analysis using various network tools such as Cisco Works, Open View and MRTG. Provided support for a production environment.

Cisco Systems:

Customer Engineer: Sept. 97-June 99

oResponsible for modeling, designing and forecasting traffic trends on the WAN backbone.

oRecommended architectural direction for the backbone based on traffic requirements and

technological evolution and routinely provided detailed reports to needed.

oSupported WAN connectivity's to the resolved all issues related to Internet access for the remote users.

oOther responsibilities included configuring and debugging of customer routers and assisting and firewall design and implementation. Interacted with telephone companies in procuring and testing the various line speeds.

oIn depth knowledge of TCP/IP, RIP, OSPF, BGP4, ATM and Frame Relay with extensive hands-on experience in the installation and configurations of Cisco routers using these protocols.



Contact this candidate