OBJECTIVE:

ROBERT S. HARVEY

*** **** *****,

North Brunswick NJ 08902

Contact: 917-***-**** Email: ad4no7@r.postjobfree.com Seeking a challenging position in a dynamic environment to apply my consulting and network design expertise for growth to a professional organization that will promote a positive and valuable work environment. TOTAL EXPERIENCE: 20 years

SUMMARY OF QUALIFICATIONS

Senior network engineer with experience with 10+ years of experience in all of phases of network pre- sales, architecture design, development, troubleshooting and good understanding of network routers, switches, and firewalls, evaluating and improving exhibiting systems with new features and performance improvements. TECHNICAL CORE SKILLS

PLATFORMS

Scripting automation : Python, Ansible and yaml

IP Routing Protocols: EIGRP, OSPF, IS-IS, MP-BGP, BGP Attributes/Communities. (Prefix-list / distribute- lists / route-maps)

Routers Cisco 9K/1K ASR’s, ISR 4000/3800/2900/1800/800, Cisco IOS 1800, 2500, 2600,2800, 3600, 3800 Series Routers running IOS v.12.4

Switches Catalyst WS-6513/6509/6506, WS-4507/4506/4503, WS-3750, WS-3560/3550,WS- 2960XR/2950 Cisco, 4200, Arista 7260-CX-32P Aggregation (LACP, PAGP, VPC, MEC )Multicast, Nexus 7010 / 7018

/ 5578P / 5548 UP / 2232 PP / 2248 T, Cisco, 93xx, 94xx and 95xx. ASR8500, ISR4331- AX/K9, C9500- 24YC,C9500- 48YC,C9600-48YL.

Wireless: Wi-Fi, 802.11b, 802.11g, WEP/WAP.

LAN Switching: VTP, NAT/PAT, HSRP, VRRP, GLBP, VACL, RSTP, STP,MST, LACP, BFD, PAgP, Ether Channel, VSS,DHCP snooping, Dynamic ARP inspection, IP source guard, IEEE802.1x, MAB MPLS: VRF, LDP, RSVP, L2VPN, VPLS, L3VPN, MPLS TE, MPLS LDP/TDP frame mode, Firewalls Palo Alto PA-220/460/3020/3060/5020/5022/5260, Palo Alto Panorama,Cisco Firepower ASA 5506-X, ASA5512- X, ASA 5515-X, Cisco Secure PIX/506/515e/525/535, Cisco Firewall Switch Module (FWSM) v2.x/3.3, Cisco ASA Firewalls 42xx, 55xx Ver. 7.x/8.x/9.x.

Security Cisco Identity Services Engine (ISE ver 1.4, 2.0) DMVPN(Phases 1, 2 and 3 ),VPNs Site- to- Site, IPSec, Remote Access, SSL, AnyConnect, Configuration of IPS and IDS. AAA Architecture: TACACS+, RADIUS,

Network Management Tools: SolarWinds, Wireshark

Load Balancer: F5 Big IP – LTM

NETWORKING CERTIFICATION:

CCIE Routing and Switching written exam ( CCIE R&S )– valid till 5/2022 CCNP Core specialist – valid till 5/2022

Cisco Certified Systems Instructor (CCSI # 32714) Cisco Security Solutions and Design Specialist (SSSE) Cisco Certified Network Associate (CCNA)

Cisco Certified CCNA Security

Cisco Certified Design Associate (CCDA) Cisco

Certified Network Professional (CCNP)

Palo Alto Networks Accredited Engineer (ACE v8.0)

EMPOLYMENT HISTORY

Sony Corporation of America – New York City, NY June 2023 –Present Position Title: Senior Network Security Engineer

• Design, configuration, development, troubleshooting activities SCA campus/branch offices, data centers to meet business requirements. Each datacenter network consisted of Cisco Nexus, Cisco ASR Internet, Cisco ACI, Palo Alto firewalls and Cisco Wireless.

• Provide network solution architecture for Sony USA customers. Interface with customer and network vendors to provide leadership and oversee network infrastructure design and review for LAN, WAN, and Wireless. Providing technically and complete solutions for network migrations and enhancements.

• Collaboration with internal and external teams/vendors to ensure proper integration of technology solutions while maintaining the highest levels of network availability and performance.

• Manage and troubleshoot complex enterprise routing with BGP/MP-BGP, OSPF, VPC, 802.1Q, VxLAN, eVPN, BFD, use of underlay and overlay routing protocols.

• Created network configurations for LLD, HLD for all network and firewall security migrations.

• Deployed and maintained IPTV multicast service for Sony customers.

• Experience in configuring and deploying Global Protect VPN with multiple gateways and rolled out to 30k+users.

• Designed and implemented network infrastructure Palo Alto Prisma Access for all global datacenters/locations to support Mobility Users. Worked closely with InfoSec and Desktop teams to maintained and troubleshoot the Prisma Access environment.

• Created playbooks and migration scripts to migrate devices from legacy network to ACI and Distribution switches.

• Created Postman collections to automate ACI configurations by reading configuration parameters from CSV file.

• Create Postman collection to automate Meraki Dashboard configurations

• Designed, installed, configured, and maintained security solutions utilizing Palo Alto 5200, 5000, 3000, and 220 with Threat prevention, External Dynamic Block lists, DNS Sinkhole, Minemeld, and Panorama. Cisco ASA 9300 and 5500 series firewalls with FireSight,IPS, Botnet filtering, Failover, L2L VPN, and Anyconnect VPN with Cisco Umbrella technologies.

• Lead engineering activities during the incubation of new SDWAN customers starting from PoC phase to final delivery.

• Designed and deployed AWS VPC infrastructures with multiple EC2 instances. EC2 instances include Cisco CSR-1000v, Palo Alto VM-100.

• Assisted team members with updating and maintaining python scripts that automated the deployment of Cisco ACI fabrics.

• Deployed and maintained Cisco ISE appliances across all global datacenters. ISE was used for Network Access Control and Cisco SD-Access; it was also for the wireless captive portal and wireless clients information repository.

• Write comprehensive reports including assessment-based findings, outcomes, and propositions for further network security enhancement.

• Developed overall network design best practices and approved techniques and approaches to maximize network efficiencies.

• Created complete technical, architectural documentation, providing technical guidance which ensured solutions met or exceed standards for cost and function.

• Lead engineering teams from Plan and Define through Deployment of projects.

• Profound working knowledge of administration and management of Fortigate firewalls

• Responsible for Documentation all work and procedures and ensure that this information is published, refreshed, and shared across the global network team. Signature Bank – New York City, NY Jan 2023 –June 2023 Position Title: Senior Network Engineer

• Provide Architecture, Design, and Implementation for all Internet and Extranet

• Firewall connectivity to meet the business and InfoSec requirements.

• Serve as primary support for security environment by managing customer devices and end-to-end security services, identifying sources of problems, and resolving configuration issues.

• Configuration and integration of ISE 2.3 for wired and wireless for authentication, authorization and accounting.

• Design, build and maintain Palo Alto and Fortinet firewall infrastructure (S2S, User-ID, Content ID, Wildfire, URL Filtering, SSL decryption ).

• Designed load balanced internet service provider using BGP attributes.

• Manage and Troubleshoot complex enterprise routing with MPLS, BGP, OSPF,VRF and QoS.

• Coordinates with Infrastructure owners to resolve security issues through the system lifecycle.

• Designed and maintained Next-Gen Palo Alto firewall infrastructure for Internet, Extranet, of all Sony datacenters. Structured and organized firewall policies and management in Device Groups and Templates with HA Panorama. Utilized almost all Layer 7 features of the Palo Alto firewalls which includes Threat prevention Anti-Virus, Anti-Spyware and Vulnerability, implementing File Blocking, Wildfire Analysis and Dos Protection on PA firewalls.

• Assisted with deployment of conversion of (FTD & ASA w/ Firepower FPR- 2130/FPR-4110/ASA5506- X/ASA5508-X/ASA5525-X) to PA3220/PA820/PA852.

• Integrated security tasks and activities into system development methodologies (e.g. planning, design, implementation, operations, maintenance, and disposal)

• Performed validation of security controls to ensure consistency with industry- standard methodologies and identify and verify security requirements are met throughout the process.

• Build, configure, Implement and operate Global Protect VPN, IPSEC VPN, SSL VPN through IKE and PKI on Palo Alto firewalls for Site-Site VPN connectivity.

• Good understanding of routing technologies including OSPF, BGP, GRE Tunnel and IPSEC VPNs with the ability to design and troubleshoot complex enterprise network infrastructure.

• Prepared and documented secure system development standard operation policies for Cisco IOS,IOS- XR,IOS-XE,NX-OS and PA Firewalls.

• Participates in the development, implementation, and review of security controls for the network.

• Performed vendor technical solution acceptance verification and validation.

• Developed technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.

• Assessed gaps in existing policy and propose amendments to an existing policy or new policy to address these gaps.

ZTsystems - Secaucus, New Jersey Jan 2020 –Dec 2022 Position Title: Senior Network Design Engineer

• Conceptualized, designed, and developed total system/product solutions for ZT enterprise-wide information technology and/or engineering processes.

• Architected, designed, and developed security solutions to support the achievement of the customer's goals.

• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for PA7050, PA3220, PA5220, PA3020

, ASA5520-X, ASA5525-X

• Progressive understanding of EIGRP, OSPF, BGP and MPLS as well as real world implementation and troubleshooting experience.

• Analysis and translation of end user needs into technology solution capabilities and designs. Provide recommendations for technology alternatives and lead the delivery of network solutions, including requirements analysis, internal proposal preparation, evaluation of supplier proposals, tool selection, and implementation planning.

• Experience with Cisco FTD(Firepower threat defense) Next generation Firewall, ASA and performed migrations from different vendor to Cisco FTD and ASA.

• Develop high-level technical solutions and translate ZT systems manufacturing/corporate IT/infosec environment into infrastructure deliverables.

• Designing and implementing resilient, reliable and highly available Network topologies including assessment and implementation of data and secure networking environments.

• Developing a plan of action and recommendations, identifying milestones and issues to be addressed, and generating reports as required.

• Participated in Architecture review board and security review board meetings for proactive management of deliverable projects.

• Planning, designing of Corporate Firewalls architecture and implementing in distributed environment by developing security solutions designs using approved Network Security Systems Firewalls.

New Era Technology - Paramus, NJ Jan 2017 – Jan 2020 Position Title: Network Solution Engineer

• Create high level design, low level design, evaluation, implementation plan, migration plan and procedures for projects involving migration of core technologies like BGP, OSPF and MPLS.

• Creating automated scripts using Python language and also manual testing to enhance hardware performance.

• Intergrade the existing Palo Alto devices with Panorama and deploy the new devices using Panorama.

• Hands-on experience in configuring Viptela devices and creating device and feature templates on vManage required for SD-WAN implementation.

• Performed 802.11a/g/n Wireless Site Survey and Design for using Ekahau suite of tools that included Wireless Survey Pro and Spectrum Analysis.

• Working knowledge of Cisco Prime’s functions such as building wireless site maps and AP locations, addition/configuration of wireless access points and WLC, access points settings changes, monitoring of wireless devices.

• Experienced in configuring WLC 8540, C9800-L-C and C9800-L-F.

• Implement the BGP routing protocol on Palo Alto firewalls.

• Design, implement and troubleshoot networks which included Routing, Switching, WAN, LAN, MPLS, QoS, Multicast, Spanning tree, and HSRP technologies.

• Designed and implemented high availability purpose of site-to-site IPSec VPN between head office and remote branch offices by combing Hot Standby Router Protocol (HSRP) with IPSec protocol.

• Designed Fail Over IPSec Site-to-site VPN With Dual WAN Links and IP SLA on Cisco ASA Firewall 9.x

• Designed and Deployed new and flexible data center network incorporating technologies such as Spine/Leaf 93180, virtual route forwarding (VRF), VXLAN, Fabric Path and OTV for VLAN extension.

• Collaborate with a team of global network architects, designing and implementing server connectivity and security test plans, resulting in delivery of fully integrated and tested new network architecture, and ensuring server to network compatibility and proper firewall data flows.

SecurView - Edison October/2015 - Jan/2017

Position Title: Network Security Engineer

• Developed and maintained network security policies and procedures, resulting in a reduction in security incidents and improvement in compliance with industry regulations.

• Responsible for developing overall strategy and implementing different security technologies including VPN audit security gap analysis and working with vendors to implementing desired security controls.

• Assist in the administration of user access and privileges to applications/systems, ensuring that access requests are properly authorized, appropriately documented, and accurately fulfilled.

• Responsible for preforming firewall vulnerability testing and reporting.

• Create custom Antivirus, AntiSpyWare, Vulnerabilities profile per organization standards and apply them to security policies. Software Upgrading for Palo Alto Devices and Integrating of Active Directory/LDAP with Palo Altos Next Generation Firewalls.

• Implemented User ID, custom App-ID, URL filtering and SSL encryption and security policies for Palo Alto series.

• Create the custom URL filtering rules and apply them appropriately to Security policies.

• Create multi-VSYS and multi-VR environment using the PA firewalls.

• leveraging F5 LTMs & GTMs to improve web application delivery speed and replication through and between distributed global data centers. Load balancing and application acceleration solution triples server capacity through a rich set of infrastructure

• Responsible for configuring Cisco ASA secured routing templates allowing customer clients to encrypt routing protocol updates on the firewall.

• Helped the deployment group with templates related to the configuration of Active/Standby failover enabling rapid deployment of failover configurations for customer clients

• Deploying, configuring & maintaining F5 3DNS(Global traffic Manager) Controller and BigIP - LTM(local traffic manager) for wide area load balancing and global redirection using various load balancing techniques.

• Responsible for Configuring and Troubleshooting of SSL VPN and IPSec L2L connectivity.

• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTM.

• Perform special projects and participates as a technical advisor for a variety of information security and logical user access projects that will be dictated by current business and technological developments.

• Identified vulnerabilities, recommended corrective measures and ensured the adequacy of existing information security controls.

• Assesses and manages the risks of security threats to information systems Ensures that information systems possess security levels equal to the level of exposure to potential risks.

• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.

• Scheduling and completion the Risk Assessment calls for the different work streams of the client based on the Releases/Iterations planned.

• implement access control and manage rule-sets / filters on specific ports, IP addresses, or customer-defined events.

• Analysis of IDS packet data, with comprehensive understanding of switching and routing. Lefrak Realty Operations – New York City, New York Feb 2013 – Oct 2015 Position Title: Network Engineer

• Member of a team of engineers responsible for providing end to end LAN/WAN solutions. Provide day to day firewall/VPN support which spans across multiple firewall platforms, including Cisco ASA

• Configured Nexus 2148, 2248 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7k.

• Configured and extension of VLAN from one network segment to their segment between Different vendor switches (Cisco, Alcatel)

• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.

• Analyzed and tested network protocols (Ethernet, TCP/IP) using Wireshark tool.

• Implemented IPS, DLP and UTM features on the firewall for added security purposes.

• Replacements of the 6500 Platform external switch stack with Nexus 7k 10gb data rates.

• Deployed Service Switching layer with 6500 platform for Firewall and Load Balancing Services for WEB and APP server Cloud on the Nexus platform

• Configured an IPSec Site-to-Site VPN between the Cisco ASA5545 at small office location and Cisco 1841 ISR with a security IOS image at the main office.

• Configured Zone-Based Policy Firewall on the Cisco 1841 ISR with three zones, class- maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps' traffic, zone-pairs, and application of policy to zone pairs.

• Re-Configured policy based routing BGP routing (Route Maps, AS-Path prepend, MED, Local Preference) to load balance traffic across customer multiple links.

• Analyzes BGP and OSPF network problems and coordinates resolutions. Develop work plans, migration plans, and conversion scripts needed to integrate proposed solutions. Huawei Technologies Co June 2010 - Sep 2012

Position Title: IP Mobile Backhaul Network Engineer

• Provided Customer Managed services (MS) for a based cellular network solution of IPRAN

(Radio Access Network for 3G, 2G and 2.5G mobile data) on huawei platforms.

• worked with customer solution architects and engineering team to upgrade and improve network infrastructure and security.

• Successfully achieved main goal of the Network Backbone Upgrade project which is migrate off of older supported Huawei networking Routers (18) NE40 per site to a newer Huawei (16

) NE40E platform environment. The end goal of the project is to ensure that all network traffic has been migrated and no longer flows through any current NE40 equipment. The migrated traffic will go to (2) provider Huawei router NE80.

• Configured Juniper M320s as PE's, NE80E-1 as Core, Huawei NE40 as CE’s

• Configured Huawei NE80E-1, Juniper M10i Routers as Route-Reflectors in Core BackBone.

• Configured OSPF, BGP, LDP, MP-BGP on Juniper M320 and NE80E-1 in the Core.

• Built the swap cutover and the redundancy load sharing solutions and the rollback plans for 1- NE40/2-NE40Es per each IP-RAN Site.

• Implemented the cutover from the NE40 to the NE40Es while insuring minimum downtime per service.

• Troubleshooting of all IP related faults of IPRAN routing protocols such as OSPF tuning(failure detection, BFD, VPNV4(MP-BGP,),MPLS(LDP), QOS (Diffserv) [DSCP,IPP],PHB[EF,CS,AF,BE]. VPN-MPLS, [L2 Gb traffic, 2G Traffic & Signaling] and MPLS-TE by RSVP-TE/FRR.

• Implemented traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network Open Shortest Path First (OSPF).

• Configured of Gb/IP, A/IP, Abis /IP services from BSC & RNC CE sides.

• Configuration of VLAN's, VRF's on CE side for logical separation of high bandwidth interfaces and LACP for increasing the bandwidth.

• Troubleshooting QOS involving policing, shaping and queuing towards Core and towards CE and PE routers.

Global Knowledge Co., Ltd

Position Title: Data Centre Engineer December 2009-June 2010 Tasks and responsibilities:

• Responsible for designing a network redundancy scenario with two physically separate data centers in two different buildings. deployment of the data center infrastructure for 2 Pods in the data centre environment for expand LAN datacenter from flat network chained switches to hierarchical switched network design the environment is Cisco- based redundant Cisco Catalyst 6500 switch, Core Router platform 7600 series, Cisco 4507R and 3750.

• Configure and manage a collapsed Cisco 6509 VSS and HSRP cores with C3750 stacks in top- of- rack; C6500s and C3560 stacks in access layer.

• Configured VLAN's, HSRP, VRRP, LACP with the help of Redundant 6509 switches with L2/L3 Redundancy.

• Design and implementation of Main Data Center Move project from one location to another location with minimal down time using traditional DCI with vPC and In-box configurations with same HSRP group for redundancy on four Nexus 7k switches, two on each side.

• Design and Implementation of DR Co-location consisting of Nexus 7K switches.

• Configured Nexus 7010 including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0.

• Configuration for one-armed ACE load balancing with SNAT solution.

• Upgrading IOS images for 260*-****-**** routers Configuring and installing L3/L2 CISCO 6509 switches.

• Built the Customer Layer 2& 3 switch configuration – VTP, Spanning Tree, 802.1Q trunk, VTP,

• Implemented HSRP on the Cisco 2948G Layer 3 switches, and EIGRP, OSPF on the 2 Cisco 7200 routers, 2 Cisco 2610 routers, the Layer 3 switch, 3 Cisco 3508XL Switches, 2 Cisco 3524XL switches for load balancing and fail over.

• Worked on enhanced development of Layer 2 security by introducing 802.1x, port security, VTP security, storm control, and Private VLANS into the network infrastructure.

• Managed Cisco IPS 4250 implementation in Promiscuous and Inline modes, Signature

• gradation, fine tuning and log monitoring using Cisco Event viewer “IEV”.

• Monitored IPS signature alerts, in real-time creating security incidents if violations occur.

• Configuring Cisco secure server (TACACS+) for AAA login to routers and switch and integrated for FW for SSH users.

Position Title: Cisco Technical Instructor November 2008 – December 2009 Tasks and responsibilities:

As a fully Certified Cisco Systems Instructor, I am certified to teach the following Cisco classes Cisco Routing & Switching, Service Provider, Security and Design Courses CCNA, CCNP, CCIP, CCDA, CCDP and CCSP.

• Involved in the security channel partners program to deliver Check Point Security Administration (R77 GaiA ) and Cisco ASA courses

• Conducted on-site training for Fortigate Firewall 50A Security administration course to customer IT stuff.

Orange Business Services - Internet Service Provider Position Title: VPN Implementation Engineer June 2006 -November 2008

• Support, Implementation and Troubleshooting of highly complex Cisco based Network Operations (upgrades, replacement, topology changes, etc)

• Migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router

• Provide technical support to pre-sales, and project managers to validate and review the technical design of new services of complex VPN changes sold to the designated customers.

• Assist in design, configuration and operations of PriceWaterHouse Coopers IP/MPLS data communications commercial network, specifically focusing on MPLS L2/L3 VPN Design, Routing and R&D issues.

• Work with the engineering and marketing teams to implement necessary changes, fixes, patches when necessary to platforms by Providing ongoing technical support and consulting services for platforms.

• Provide sales support for the business development team and manage new integrations through the deployment phase.

• Provide extranet connections over direct links, IPSEC VPNs over public networks, GRE/IPSEC for multicast traffic for global large accounts.

• Perform testing of QoS (CBWFQ, WRED, CAR, CB Policing etc), MPLS (L2 VPN, VPLS) and new Cisco IOS features before deploying them in production environment.

• Configured networks using routing protocols such as OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on- demand Infrastructure.

• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.

• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS- path.

• Configured policy based routing for BGP for complex network systems.

• Tuned BGP internal and external peers with manipulation of attributes such as MED, local preference and community.

• Re-engineered BGP routing (route maps, as path prepend, MED local preference to local balance traffic access multiple ISP links.

• Provided intranet VPN solution using IPsec tunneling. Position Title: Network Support Engineer-Level III May 2005 - June 2006 Tasks and responsibilities:

• Basic configuration on routers ( 890 /1700 / 2600/ 1800 ) switches ( 2960 / 2960G ) and providing L1 support for customers

• Handling calls for troubleshooting of network related issues.

• Monitoring for MPLS and internet circuits on cisco routers 1841/2811/3725/3825

• Providing support for internal networks and related trouble tickets.

• Coordination with bandwidth vendors and upstream providers.

• Upgraded cisco routers, switches and firewall IOS using TFTP.

• Perform password recovery on Cisco IOS routers/switches

• Configured backup and recovery of Cisco IOS Images. Position Title: Network Support Engineer May 2004 – May 2005 Tasks and responsibilities:

• Installing hardware and software systems

• Configuring computer networks

• Technical support on-site or via phone or email

• Provide Tier II and Tier III technical support for data network faults

• Monitoring, troubleshooting, diagnosing, maintaining and resolving network issues.

• Administration of routers switches and firewalls.

• Maintain log and configuration files of existing and newly-installed equipment (asset management).

Academic Profile

B.Sc. of Electrical and Computer Engineering, Higher Institute of Technology; Jan/2004, Egypt. References:

Available upon request.

Contact this candidate