Network Engineer Manager
Resume:
Zod Mansour
adeftg@r.postjobfree.com
Location: Northern California
Certificates: JNCIP-SEC
Education Cal State Hayward, Hayward, CA with BS in Computer Science
Technical Skills
Standards: Implementing PCI 1.1
Management: Managing IT, Data Center, Implementation and Operation Team.
Project Manager: Executing projects from start to finish.
Vendor Relations: Managing vendor relationship.
Monitor and Manage: Used solarwinds, Zabbix, SNMP, infoblox/IPAM, netbrain, netmri, nagios, mrtg, FireEye
Servers: Extensive experience in installing and troubleshooting Linux,
Some Windows Server install and configuration.
WAN Communication: Installed, and troubleshot routers on backbones, reconfigured Aryaka SDWAN, configured OSPF, BGP peering and MPLS on Juniper routers and internal routing protocols on Cisco routers. Instantiated AWS services. Configured and troubleshot leased lines and Frame Relay, ATM, HDLC. Configured firewalls and vpn’s. Used Juniper JunOS, Cisco IOS and ASA, Netscreen ISG, SSL VPN such as Pulse Secure and AnyConnect and Global Protect, Juniper SRX series, M10i/320, MX480/960, QFX/QFabric, EX4200 and EX4500 stack. CoS/QoS implementation. Used Palo Alto, Panorama and Juniper SRX, Security Director firewalls.
LAN Communication: Extensive experience in layers 2,3,4, 7, STP, HSRP, VRRP, LACP. Installing hubs,
Switches (Cisco, Juniper, Extreme, Foundry), and load balancers (F5, CSS/CSM,
Netscaler). Configured various networking software such as e-mail (SMTP, exchange, imap), DNS/bind, ansible, git, Perl, Python. Nagios, VMWARE, Splunk, Mrtg Solarwinds.
Application and Traffic
Management: Managed Internet Facing Traffic with DNS and Infoblox, Citrix Netscalers, F5, Palo Alto and Juniper Firewalls, Infoblox DDI
Wireless: Tested and implemented Cisco Wireless Controller, Meraki, Aruba, Clear Pass, ISE.
Security: Managed large networks utilizing Palo Alto Firewalls and IPS, Juniper SRX Firewalls. Setup SSL Decryption, App Firewall, Policies on Panorama / Palo Alto devices. Contributed to Security Framework. Used Service Now to log tickets..
Professional Summary
Zod is experienced in Architecture, Networking and Security, highlights include;
• Possesses hands on experience in Networking and Security in Enterprise, Data Center, POPs
• Experience with LAN/WAN protocols such as TCP-IP, BGP, OSPF, MPLS, STP, VRRP.
• Implementation of site to site VPN via routers/firewalls of ASA, Juniper SRX, Palo Alto PAN, Panorama, SSL VPN PSA 5000, SA4500 SA2500, Pulse Secure Connect, Global Protect, AnyConnect
• Implementation of Dynamic VPN via Cisco or SRX Firewalls and Pulse Secure Clients.
• Hands on experience with Cisco, Juniper, Foundry, HP in design, configuration, implementation.
• Experience with Cisco router and switches, Juniper SRX Firewalls, Juniper MX80 routers and M10i, Juniper MX480/960 and EX4200/4500 switches and Unified Access Control, Foundry/Brocade switches, Netscreen ISG, SSG, Palo Alto firewalls/Panoram, Cisco ASA and Cisco Nexus, Aruba Wireless.
• Network analysis by utilizing Juniper JSA/STRM, cacti, mrtg, Netscout and syslog collector. Utilized Infoblox IPAM as DNS server.
Experience
Anaplan San Francisco, CA 11/2019 3 months contract
Sr. Network Engineer ( Insight Global Consultant )
As a Contractor and Sr. Network Engineer identified the Potential Network Potential, created a plan, reviewed the plan with the management and addressed the issues. Upgraded all Cisco stack and standalone switches to a stable version. Upgraded all Active/Passive and Stand-Alone Palo Alto Firewalls, Created Template Stacks for Common Services on Panorma for the Palo Alto Firewalls, Configured Global Protect Cloud Services in Panorama for Remote VPN Users and for Internet Users to register their ID/Group and identify them to the Palo Alto Firewalls. Configured and Upgraded the Master/Local Aruba Wireless Controllers. Configured Zabbix Monitoring and SNMP to Alert on Network devices. Designed redundant IPSEC VPN connections. Submitted plans to reconfigure the SDWAN with dynamic routing protocols.
LAM Research Fremont, CA 1/2018-11/2019
Architect / Lead Network Security ( Infosys Consultant )
Infosec Lead of 5 Security Engineers. Work on Palo Alto Firewalls, upgrade, configure, Threat Prevention, URL Filtering. Create Template Stacks and Device Groups in Panorama, Gather requirement for projects. Create documents. Perform PoC. Troubleshoot Voip (skype, webex) issues through out the network and VPN. Upgraded Panorama to version 9. Configure and maintain SSL VPN using Pulse Secure for remote users via user certificate and machine certificate. Managed support personnel onshore and offshore. Maintain ACS and ISE for network authentication and authorization, adding MAB and Creating Policy Sets for VLAN assignments and daily troubleshooting for Rejected Devices. Some network troubleshooting in routing, switching, WAN accelerator ( silver peak ). Perform maintenance at POPs/Remote and Data Center, Refresh Hardware at Data Centers, Create presentation reports for the business. Maintain Web Application Firewall. Contribution to Infosec Security Framework of Identification, Protection, Detection, Respond, Recover.
City and County of San Francisco 11/2016-11/2017
Sr. Network Engineer Consultant
Overviewed the monitoring of networking equipment. Configured Solarwinds, built Views for different groups, created Sites with Network Atlas etc. Configured NetBrain to map out the WAN and monitor the health of the network. Plan to utilize NetBrain for Change Control and making network changes. IP addresses and name resolution in Infoblox DDI. Converted all network nodes to snmp v3 and imported into Solarwinds. Used NetBrrain to review firewall policies. Verified and monitored F5 LTM configuration in production. Maintained city sites. Evaluated AVI load balancer performance vs F5.
YELP San Francisco, CA 4/2016-11/2016
Sr. Network Architect Engineer Consultant
Consulting on Yelp’s corporate projects of which QoS has been the dominant project. Gathered all the requirements from Yelp and the private WAN providers. Designed a QoS architecture, consulted with the Network Engineering team, modified per request, set up a lab, implemented the design in the lab, worked with the WAN providers to have them implement Yelp’s requirements. Rolled out QoS to the WAN. Configuring and troubleshooting Juniper Firewalls, Routers and Switches. Implementing firewall policies. Configuring Juniper SSL VPN and Pulse Secure. Configured Solarwinds for monitoring QoS. Automated deployment and management with Ansible, GIT, Python. Used Splunk to correlate logs. Built Splunk Dashes. Aruba Wireless, Created AWS EC2 instances in VPC with Internet Gateway and VPN.Configured VMWARE ESX Networking for multiple VLANs. Performed maintenance at Data Centers. Configured Services like MAB Authentication and added Enforcement Policy in Clear Pass and troubleshot rejected devices. Configured QFX TOR and QFabric Switches.
FireEye Inc. Santa Clara, CA 4/2014-3/2016
Sr. Network Engineer / Firewall Engineer ( Taos )
In charge of all Juniper SRX firewalls consisting of SRX3600, 1400, 550. Using CLI and/or Junos Space Security Director for management. Install, upgrade, troubleshoot, design, etc. Reviewed site security policy and removed unnecessary firewall policies. Participated in network redesign and made improvements to the Data Center and the site firewalls. Downloaded and configured IDP with the Recommended policy. Downloaded and configured AppTrack for application firewall. Created scripts for the management to run commands remotely. Configured CheckPoint firewall on the remote end. Implemented BGP, OSPF, Routing Instances. Moved environment from one firewall to another. Created VDC, VPC, VRF. Employed Juniper JSA/STRM for log analysis. Worked with Cisco 4510, Nexus 7K, 5K, and Force 10. Configured Pulse Secure, Juniper SA2500 and SA4500 SSL VPN. Participated in the firewall cleanup project and created a trust model with the cooperation of the InfoSec. Installed, configured, troubleshot networks, maintained ASA for VPN partners. Tested Pulse Secure SSL VPN and Policy Manager. Configured Infoblox IPAM DNS. Installed and configured FireEye appliances. Deployed F5 GTM and configured F5 LTMs to host virtual servers in various sites. Added LTMs to the GTMs. Configured various LTM contexts for different groups with their own users.
GAP Inc. San Francisco, CA.
Sr. Infrastructure Network Engineer Consultant ( Akraya ) 9/2013 – 4/2014
Implemented new WAN design between POPs and Data Centers. Moved services from one provider to another. Configured MPLS over VPLS. Some RSVP traffic engineering, LDP. Moved metro service between providers, using Juniper and cisco equipment, BGP and EIGRP. Installed and configured F5 load balancers to replace the aging CSS/CSM load balancers. Evaluated and tested JunOS Space. Tested and configured LSYS ( Logical Systems ). Maintained network infrastructure comprising of Nexus, Juniper, Catalyst equipment. Added firewall policies on Palo Alto and Juniper firewalls. Utilized Infobox IPAM DDI. Maintained GAP POPs and Data Centers.
Tivo Inc., Alviso, CA.
Sr. Network Architect Engineer Consultant ( Astreya Partners ) 9/2012 – 9/2013
Planned and implemented the perimeter refresh project. Installed and maintained new design in Data Center. Worked on replacing Cisco 6509 switches with Juniper EX series switches. Developed automated tools to convert Cisco configuration to Juniper, deployment planning and installing. Migrated Data Center. Configured, deployed, installed and maintained Palo Alto firewalls. Troubleshot network problems. Wiring copper and fiber 10g networks. MM and SM fiber. Debugged Layer 3 and Layer 2 issues. Provisioned VLANs and port. Implemented Layer 2 topology in the corporate environment. Installed and configured Palo Alto firewalls. Setup Infoblox IPAM. Configured F5 Viprion virtual systems and standalone appliances. Configured LTM for virtual servers, configured F5 AFM to protect virtual servers, DNS and firewall against DDOS. Upgraded both Viprion and appliance based F5 LTMs to the latest code. Worked with F5 support to upload qkview to F5 for analysis. Configured Pulse SSL VPN for remote access.
Southern California Gas Company, Los Angeles, CA.
Sr. Network Engineer Consultant ( Structure Networks ) 1/2012 – 9/2012
Architected and implemented the integration of 5 million Gas Meters into Gas Company’s WAN. Wrote requirement documents for vendors, designed and peered with business partners, installed MetroE and leased lines, configured routers, switches, firewalls. Used Juniper MX480, M10i, SRX360. Configured BGP, OSPF, MPLS, IRB, VRRP. Configured and monitored Palo Alto firewalls for Content Filtering and Virus Checking.
In charge of plan, requirement, design, test and configuration of networking gas meters into the company’s backbone through to the database. BGP peered with Cellular Wireless carriers. Designed and implemented a MPLS network to carry data from the PE routers to the database. Created a Metro Wireless with Verizon WPN and Firetide.
Configured F5 LTMs to host virtual servers for the application servers to receive data from Verizon and ATT.
Reach Local Inc., Woodland Hills, CA. 2/2006 – 1/2012
Hands on Network and Systems Manager
Network and Systems Manager in charge of total networking and systems operation. Architected 4 co-location facilities with ASA/PIX, Juniper ISG, SSG, SRX firewalls, Juniper EX4200 and Foundry SX1600 layer 3 switches, Juniper vpn concentrators, F5 and Netscaler load balancers. The environment consisted of Linux web servers and MySQL database fronted by load balancers, firewalls, and routers.
Responsibilities:
•Implemented PCI. Configured VRRP, BGP for redundancy. Installed RSA Secure server for 2 factor authentication through the SSL VPN SA2500.
•Created a global server load balancing scheme to load balance the web traffic ( GSLB )
•Migrated Data Center, Built new Data Center, Refreshed Data Center.
•Analyzed traffic flow by installing Cascade, a riverbed flow collector device.
•Designed and implemented a disaster recovery site for emergency purposes.
•Maintained the Foundry/F5/Netscaler load balancers in Active/Stand-by mode, reconfigured the ASA/PIX firewalls in Active/Stand-by mode, installed new firewalls, configured site to site vpn and vpn client connection between Cisco, Juniper, Netscreen.
•Installed Cisco Wireless Controller authenticating against radius and ldap servers.
•Installed Juniper Unified Access Controller
•Installed and configured F5 and Netscaler load balancers in Global Load Balancing Environment.
•Configured radius server with EAP/TTLS authentication for wireless use. Added new servers, installed various applications, installed and configuring bind, installed and configured postfix, Splunk tools.
•Configured Nagios, Orca and Zabbix monitoring.
•Migrated the production site physically and to a new IP scheme with no down time. Registered domains, installed SSL certificates, and configured Cisco, Juniper, Dell, and Foundry Switches.
Contact this candidate