Network Security Palo Alto
Resume:
RODNEY DUNHAM
ad4kb9@r.postjobfree.com
Network Security Firewall Operations Engineer and Architect
Results-driven Network Security professional with extensive experience securing enterprise LAN/WAN environments. Proven track record of excellence in rapidly responding to security threats. Adept at working with Checkpoint Firewall, Palo Alto Firewall, AWS Cloud, ASA Firewall, Cisco routers, and switches. Highly effective team builder with strong interpersonal skills. Organized, detail-oriented, and capable of maintaining positive relations with staff and clients at all levels.
Skill Areas:
Security Tools
NetBrain, SolarWinds, Infoblox, ISE, Orca, Tenable, CrowdStrike, Jira, Tufin
Network Devices
Checkpoint, Cisco ASA, Palo Alto (Firewalls), Akamai WAF, Firepower IPS/IDS, Cisco routers and switches
Technical Expertise
Cloud Security, Infrastructure as Code (CI/CD pipelines), SASE Platform, Security Risk Event Management, Zero Trust Concepts, API Integration
Security Principles
Endpoint Security, Cybersecurity, Threat Intelligence, Cloud Security
Collaboration Tools
GitLab, GitHub, Jira
Additional Skills
Infrastructure Architecture, Security Analysis, Enterprise-level Solution Architecting, Stakeholder Management
CAREER HIGHLIGHTS & ACHIEVEMENTS
Security Architectural Expertise
Proven track record in designing and implementing robust security frameworks across diverse environments, including physical and virtual networks.
Cloud Security Leadership
Spearheaded cloud-native and cloud-agnostic security solutions, ensuring the protection of IaaS and PaaS investments for major cloud platforms, including Azure, AWS, Oracle, and GCP.
Infrastructure as Code (IaC) Proficiency
Demonstrated expertise in managing Infrastructure as Code CI/CD pipelines using standard tools like GitLab/GitHub, contributing to efficient and secure development practices.
Strategic Project Leadership
Led strategic projects involving Palo-Alto Firewall upgrades, cloud migrations, and vendor transitions to Azure, IBM, Google, and AWS, showcasing strong leadership and technical acumen.
Collaborative Team Player
Highly effective team builder with strong interpersonal skills, contributing to successful collaborations with network engineering, operations, and cross-functional teams.
Comprehensive Security Skill Set
Possesses a diverse skill set encompassing security tools (NetBrain, SolarWinds, Infoblox, ISE, Orca, Tenable, CrowdStrike, Jira, Tufin) and network devices (Checkpoint, Cisco ASA, Palo Alto, Akamai WAF, Firepower IPS/IDS, Cisco routers), reflecting a holistic approach to network security.
PROFESSIONAL EXPERIENCE
Zebra Technologies
Senior Information Network Security Engineer – Security Architecture
August 2022 – Present
Network Security Framework
Partnered with Network Engineering to ensure the achievement of security frameworks across physical and virtual networks.
Designed, configured, and maintained cloud-native and cloud-agnostic security tools for protecting IaaS and PaaS investments.
Axis Security
Adding administrators who will manage the Axis Security platform.
I secure and authenticated interface between internal network and the Atmos Cloud.
I ensure secure communication between the organization’s resources and the Axis Security platform.
Security Service Edge (SSE)
ZTNA provided secure remote access to applications and services based on access control policies and virtual private networks (VPNs) solutions granting only the access explicitly to users.
Provided Cloud Secure Web Gateway to protect users from web-based threats by filtering and monitoring internet traffic.
CASB solutions provide visibility and control over cloud applications and services.
Secure Access Service Edge (SASE)
Converged software-defined wide area networking (SD-WAN) and Zero Trust security solutions into a unified cloud-delivered platform.
Cloud Security and Consulting
Acted as a technical consultant for customers, delivering value engagement to cloud platforms such as Azure, AWS, Oracle, and GCP infrastructure.
Architected enterprise-level security solutions across on-premises and multiple cloud environments, incorporating zero-trust concepts.
Infrastructure as Code (IaC) and SASE Platform
Demonstrated the ability to manage Infrastructure as Code CI/CD pipelines with standard tools like GitLab/GitHub.
Supported the design and administration of Secure Access Service Edge (SASE) platform.
Security Analysis and Reporting
Conducted regular and ad hoc analysis using security tools such as Tenable, Orca, Tufin SecureTrack, and CrowdStrike.
Presented Quarterly Business Review results to team members, CISO, and VP Chief Security Officer.
Cloud Migration and Vendor Management
Led projects, including upgrading Palo-Alto Firewall software versions, implementing migrations to Azure, IBM, Google, and AWS clouds.
Collaborated with vendors such as Zscaler (ZCC, ZIA, ZPA) and Akamai WAF for web application security.
Remote Access, TCP/IP (IPv4 and IPv6), VPN and SSL technology, Firewall security, Network management and troubleshooting
Documentation and Process Improvement
Tracked all changes in the Jira tracking tool and provided metrics reporting for project release activities.
Contributed to overall capability roadmap and planning, identifying, and addressing security gaps for continuous improvement.
Experience with: Fortigate, Pulse (Ivanti), Wireshark, Network Management tools, Cloud AWS/Azure
Experience with deployment and documentation of enterprise project management and change management processes
MetLife
Sr. Network Engineer – Security DevOps
April 2020 – August 2022
Data Center Infrastructure Support
Served on the DevOps team for the Global Network Security Organization, supporting Data Center Infrastructure, including ASA, Palo Alto Firewalls, AAA, Cryptography, and VPN technologies.
Axis Security
Adding administrators who will manage the Axis Security platform.
I secure and authenticated interface between internal network and the Atmos Cloud.
I ensure secure communication between the organization’s resources and the Axis Security platform.
Security Service Edge (SSE)
ZTNA provided secure remote access to applications and services based on access control policies and virtual private networks (VPNs) solutions granting only the access explicitly to users.
Provided Cloud Secure Web Gateway to protect users from web-based threats by filtering and monitoring internet traffic.
CASB solutions provide visibility and control over cloud applications and services.
Secure Access Service Edge (SASE)
Converged software-defined wide area networking (SD-WAN) and Zero Trust security solutions into a unified cloud-delivered platform.
Design and Documentation
Developed design drawings for Data Center Architecture and created Method of Procedure (MoP) documents for stakeholder review.
Utilized Azure DevOps Boards to manage projects, including work status, user stories, backlogs, and features throughout the development lifecycle.
Security Analysis and Monitoring
Used SolarWinds (SEIM) to monitor, analyze, and maintain database performance for business-critical applications.
Developed and enhanced security architecture documentation, secure development lifecycle, and threat modeling.
Project Management and Vendor Support
Project-managed networking tasks, vendor support, office communications, and change management responsibilities.
Demonstrated strong analytical skills and an excellent understanding of application and network architecture in global data centers.
Remote Access, TCP/IP (IPv4 and IPv6), VPN and SSL technology, Firewall security, Network management and troubleshooting
Capital One Bank (WIPRO)
Sr. Network Security Engineer
June 2019 – April 2020
Rule Optimization and Firewall Management
Worked on remediation projects to make original rules less permissive and implemented change orders while working with line of business or third-party vendors.
Provided support for Checkpoint (Provider-1 R77), Cisco ASA, and Palo Alto firewalls in the data center environment.
Cloud Implementation and IPv6 Enablement
Implemented projects for firewall decommissions, 3rd Party VPN Migration, AWS Cloud, servers, and applications.
Enabled IPv6 using the Easy IP tool to implement firewall change orders.
Remote Access, TCP/IP (IPv4 and IPv6), VPN and SSL technology, Firewall security, Network management and troubleshooting
Security Analysis and Reporting
Analyzed firewall rules, conducted log analysis, and monitored applications/servers and network for security violations.
Reviewed Tufin reports for the removal of zero-use rules and created PowerShell scripts for efficient rule management.
Documentation and Communication
Provided expertise in technical design documents, implementations, and maintenance, ensuring compliance with information security policies.
Communicated planning, development, and status to management for multiple projects.
Capital One Bank /Next Source
Sr. Network Security Engineer
December 2016 – June 2019
Rule Optimization and Firewall Management
Worked on remediation projects to make original rules less permissive and implemented change orders while working with line of business or third-party vendors.
Provided support for Checkpoint (Provider-1 R77), Cisco ASA, and Palo Alto firewalls in the data center environment.
Cloud Implementation and IPv6 Enablement
Implemented projects for firewall decommissions, 3rd Party VPN Migration, AWS Cloud, servers, and applications.
Enabled IPv6 using the Easy IP tool to implement firewall change orders.
Security Analysis and Reporting
Analyzed firewall rules, conducted log analysis, and monitored applications/servers and network for security violations.
Reviewed Tufin reports for the removal of zero-use rules and created PowerShell scripts for efficient rule management.
Documentation and Communication
Provided expertise in technical design documents, implementations, and maintenance, ensuring compliance with information security policies.
Communicated planning, development, and status to management for multiple projects.
Capital One Bank/Insight Global
Information Security Engineer
January 2013 – December 2016
Rule Optimization and Firewall Management
Worked on remediation projects to make original rules less permissive and implemented change orders while working with line of business or third-party vendors.
Provided support for Checkpoint (Provider-1 R77), Cisco ASA, and Palo Alto firewalls in the data center environment.
Cloud Implementation and IPv6 Enablement
Implemented projects for firewall decommissions, 3rd Party VPN Migration, AWS Cloud, servers, and applications.
Enabled IPv6 using the Easy IP tool to implement firewall change orders.
Security Analysis and Reporting
Analyzed firewall rules, conducted log analysis, and monitored applications/servers and network for security violations.
Reviewed Tufin reports for the removal of zero-use rules and created PowerShell scripts for efficient rule management.
Documentation and Communication
Provided expertise in technical design documents, implementations, and maintenance, ensuring compliance with information security policies.
Communicated planning, development, and status to management for multiple projects.
Wells Fargo (Apex Systems)
Sr. Network Security Engineer
January 2012 – January 2013
Data Center Security Management
Managed perimeter devices in several data center zones throughout multiple sites within the network infrastructure.
Supported Checkpoint, ASA firewalls, Cisco routers, LAN/WAN, UNIX, and TCP/IP in data centers.
Firewall Log Analysis and Infrastructure Enhancement
Collected information from systems that generated data from firewall logs.
Monitored hosts, data feeds, and network-based Firepower IDS/IPS to watch for security violations.
Collaboration and Security Infrastructure Improvement
Collaborated with appropriate teams for prioritization, planning, and organizational skills for implementation.
Reviewed FireMon and Symantec/Blue Coat reports to improve existing network security infrastructure.
SunGard Availability Services
Sr. Network Engineer
August 2010 – January 2012
Network Design and Security Information Management:
Performed network diagram, network design, security information management, and security analysis using IT security best practices.
Managed perimeter devices in several data center zones across multiple sites within the network infrastructure.
Configuration Management and Load Balancing:
Defined, tracked, and maintained configuration sets of network devices for implementation.
Assisted with NetScaler and F5 Load balancers across multiple servers in the data center environment.
MPLS and Security Support:
Supported MPLS, Nexus, Juniper, Checkpoint, Cisco layer 2 and 3 switches, VLAN, Routing, ASA firewalls, Cisco routers, LAN/WAN, and TCP/IP.
Transportation Security Administration /Inscope Solutions
Network Security Engineer
May 2009 – August 2010
New Resource Implementation and Security Monitoring
Implemented new resources including ArcSight (SIEM), ASA, Checkpoint, Juniper SRX Series, FWSM firewalls, Cisco routers, and other network devices.
Monitored hosts, data feeds, and network-based IDS/IPS to watch for security violations via the ArcSight SIEM platform.
Vulnerability Identification and Penetration Testing
Identified vulnerabilities through hacker methodology, penetration testing, and host/network device hardening techniques.
Provided recommendations for tuning of host and network-based IDS/IPS and other security devices within the network infrastructure.
System Needs Analysis and Proposal Response
Identified customer's system needs and responded to requests for proposals through feasibility and performance studies.
Developed appropriate systems recommendations, including system configurations and installation planning.
AT&T /Apex Systems
Senior Network Security Engineer
March 2007 – May 2009
Network Vulnerability Assessment and VPN Implementation
Performed network vulnerability assessments, network diagram creation, network design, security information management, and security analysis.
Implemented new technologies, including VPN and MPLS network services connectivity.
Firewall Support and Daily Processes
Provided support for Checkpoint NGX, Juniper, FWSM, and PIX firewalls, Cisco (2950, 3500, 3750, and 4500 series), Cisco Wireless Access Point, LAN Switches, LAN/WAN, network printers, TCP/IP, and IDS/IPS.
Established and managed daily processes such as antivirus scans, updates, and web security (Websense) throughout the network.
Collaboration and Enterprise Security Architecture
Worked closely with business and technology counterparts to understand enterprise objectives and its impact on the security architecture.
Protected applications/servers and network devices using Tripwire for asset discovery, configuration hardening, vulnerability identification, and threat detection.
GlaxoSmithKline/Analyst International
Senior Network Engineer
April 2005 – March 2007
Security Information Management and DMZ Design
Performed security information management, systems administration, and data security administration.
Implemented and designed changes for DMZs on Nokia/IPSO, Cisco Switches (2950, 3500, 3750, 4500, 5000, 6500, and 7200 series), and Checkpoint NGX firewalls in perimeter operations.
Configuration Management and Network Performance
Assisted with configuration and tested new servers or applications residing on servers.
Managed network performance monitoring and analysis, supporting remote management, Radius Authentication Servers, Cisco FWSM, MPLS, Cisco ACE, DMZ Servers, and TCP/IP.
Global Network Deployment and Documentation
Created network diagrams, deployed network equipment and services globally.
Analyzed test plans for changes on routers, switches, firewalls, and documented results to support recommendations.
AT&T
Network Security Engineer
May 2000 – March 2005
Infrastructure Implementation and SIEM Configuration
Implemented new technologies infrastructure, performed network vulnerability assessment, and installed/configured/troubleshooted ArcSight (SIEM).
Monitored hosts, data feeds, and network-based IDS/IPS to watch for security violations.
Project Management and Daily Processes
Managed projects of varying scope, supporting MPLS, AIX, Checkpoint NGX (Provider-1), Juniper, LAN Switches, Radius Authentication Servers, IDS/IPS, Cisco layers 2 and 3 Switches, ASA PIX firewalls, Cisco routers, Cisco ACE, and TCP/IP.
Established and managed daily processes, including scans, Web Security (Websense), and updates throughout the network.
Collaboration and Security Architecture Impact
Worked closely with business and technology counterparts to understand enterprise objectives and the impact on the security architecture environment.
PROFESSIONAL DEVELOPMENT & CREDENTIALS
Master of Science in Information Security
Capitol College
August 2003 – May 2005
Bachelor of Business Administration
Campbell University
August 1995 – December 1998
Contact this candidate