Network Engineer Security
Resume:
Christopher Paul J.
Date of Birth - **-**-**** 53/2 Luthren Center
Mobile No – +965-******** Pudur Vaniyambadi
E-mail – adf0xp@r.postjobfree.com Vellore – 635751
Tamil Nadu, India
Objective
To work with a great spirit and lead by example with passion, integrity and creativity to meet the challenges, competency and to hold a responsible and challenging position in an organization having good working environment and provide best of me, both at technical and personal level to the organization.
Employment Details
Over 19 years of experience in, Network plan and Design, Network instructor, Network Administration, Network Project Management, Technical Support Engineering Team Management.
Exposure to development of large/complex network devices including routing/switching systems
Senior Design Network Engineer
Company
Duration
Designation
Profile
Vectrus System Corporation
(US Army) OCONUS
March ’19 to till date
Sr. Network Engineer
Network Design/Project Evaluations/Security Implementations
Alghanim International
October ’17 to February ‘19
Unit Head Network
Network Design/Project Evaluations/Security Implementations
Industrial Bank of Kuwait
Mar ’16 to October ‘17
Sr. Network Engineer
Network Design/Project Evaluations/Security Implementations
M.H. Alshaya Co.W.L.L
(Kuwait)
Jun’06 to Feb ‘16
Sr. Networks Design Expert
Network Design/Evaluation
Network Projects
Kuwait Small Projects Development Company
(Kuwait)
Nov’03 to Jun’06
Sr. Networks Administrator
Network Administration/Server Administration
Al-Watan Newspaper
(Kuwait)
Feb’03 to Oct’03
Network Support Engineer
Troubleshooting LAN/WAN/Security issues
Kuwait Airways
(Kuwait)
Oct’00 to Feb’03
Network Administrator
Maintaining WAN Connectivity
Neyville Lignite Corporation
(India)
Aug’99 to Sep’00
Server Administrator
Windows Server Maintenance
Kewal Tronics
(India)
Jan’99 to Jul’99
System Administrator
PC Assembling/Troubleshooting
Professional Certifications
CCIE – Pursuing (completed written exam)
CCIP – Cisco Certified Internet Professional
CCDP- Cisco Certified Design Professional
CCNP – Cisco Certified Network Professional
CCSA – Checkpoint Certified Security Associate
FNCNE- Foundry Network’s Certified Network Engineer
CCNA- Cisco Certified Network Associate.
MCSE- Microsoft Certified System Engineer
Pursuing F5-BIGIP and Juniper Certifications
Technical Knowledge
WAN Optimizations
Wide Area Application Services, Riverbed Steel-Head.
WAN Technologies
Frame Relay, ATM Lease Line, MPLS, MPLS-TE
Firewalls
Checkpoint, Cisco, Juniper, PaloAlto, SonicWall, FortiGate, Cyberoam
Routing Protocols
RIP, IGRP, EIGRP, OSPF, BGP, MP-BGP, VRF
Network Devices
Cisco-Meraki, Cisco, Brocade (Foundry), Extreme Networks, HP-Procurve, Juniper, Blue-Coat, Brocade ADX 1000 Series and KEMP Load Balancer.
Data Center
Cisco Nexus 7K; 5K; MDS; FEX; B-Series; C-Series and Brocade MLX16 series with 100GB back bone capability. Extreme Networks C-series, Black Diamond, Summit-X400 Series Edge Switching.
ASR Devices
900 Series; 1000 Series
LAN Technologies
Client Server Hierarchy Model - Windows Server 2012, 2008,2003, 2000 Active Directory, Group Policy, Desktop Management Suites, WINS, DHCP, DNS, Unattended installations.
Switching Network
EAPS, VXLAN; VPC; VLAN, VTP, Trunks, STP
Wireless Network
Motorola, Meraki-Cisco, Cisco-Aironet.
Multicast
Video and Audio Streaming via multicast solutions
Achievements
Successful implementation of Project on Design, Configuration and deployment of Cisco-Meraki Cloud Managed SD-WAN Network. Total of 350 Access Switches, 8 Core Switches, 32 Distributions.
Successful Deployment of Firewall PaloAlto PA-3020 on HA integrated.
Successful implementation of Data Center with Cisco Nexus 7K and 5K with FEX 2000 with the B-Series and C-series switches. Deployment of MDS for the storage.
Successful implementation and deployment of the MPLS, over MP-BGP layer 3 VPN, for 200 Branch/Regional offices located in Middle east, Africa, Europe, London. Warehouses covering the entire Middle-East and central Europe, Russia and Turkey connecting the Head Office in Kuwait over Cisco ASR Aggregation Routers.
BGP over Dual ISP Internet Providers with RIPE IP Subnets.
Metro Network deployment with MPLS/VPLS with hierarchical VPLS distributed architecture an emulated Ethernet LAN extension connecting 8 branch offices, 3 warehouses and 23 Malls.
DWDM and Dark Fiber connectivity to the three geographically separated Datacenter located in the Remote locations.
Multi homed BGP connectivity to the three ISP failover and load balancing.
Multicast Video Streaming to carry out online training and classroom sessions across the region.
Network Devices
Cisco-Meraki MS-450, MS-420, MS-125, MS-533, MR-56, MR45, MX-65C, Extreme Networks Black Diamond, Summit Switches, Brocade MLX8 and 16, VDX6700, 16RX, 1600SX, FGS, FCS, Cisco Nexus (NX-OS)7K, 5K, 6500, 4500, 3560, 2800, Catalyst Switches, ASR Series routers, Foundry Network’s Big Iron 4000, 8000, 15000 Multilayer Switches, Extreme Networks C-series, Summit-X450, 7100 Edge Switching. HP Procurve 12500 series, Cisco Wireless Controllers, Motorola WS7100 Controllers, Foundry 24-E, SMC 8648T Edge Switches. US Robotics Total Control 8, 16 Port Access Servers, Proteon Token Ring Concentrator/Multi Access Systems Unit, Proteon Token Ring Router.
Hardware
Symantec Netbackup, IBM, Intel, Dell, HP-Compaq based desktops and Dell, HP-Compaq server, IBM Netfinity Server, IBM PC300L workstations, Laser/Ink Jet Printers, Network Printers, JetDirect, Texas 985e Printers, OKI 182/184 Telex Printers, E-Data Telex Printers, Monitors, VEDICOM Equipment, VoIP phones, V-Conference Devices.
Software
LAN-Desk Desktop management, McAfee Email Gateway Server, Kaspersky Desktop Management and Anti-Virus, ESET Desktop Antivirus, Trend-Micros Server Antivirus, SolarWinds Network Management Suite, Syslog servers, Symantec System, Bitdefender Antivirus Server Software, Veritas 8.1, 9.1 Backup Exec Tape backup software, Oracle 9i server with OMNIS as runtime management on a JAVA client financial software, Windows Portal-Server 2003, Windows WSUS Update Server, Windows Certificate Server.
Experience Summary
Designed and implemented Cisco-Meraki Based LAN Solution at different parts of the world.
Plan, Design and implementation of MPLS Layer 3 VPN with MP-BGP, Ethernet emulation for multipoint circuit over VPLS and AToM to connect geographically separated regions.
Design and Implementation of Cisco, Brocade (Foundry Networks), Juniper, Extreme Networks, Nortel, HP-Pro Curve routers and switches.
Possess extensive experience on advanced level Enterprise Networking with TCP/IP protocol suite. In-depth knowledge and successful deployment skill sets on BGP, MPLS, OSPF, EIGRP, QoS (DSCP Coding), VRRP-E, HSRP.
Perimeter level Security deployment of Check Point NGX R71 (Cluster-Mode), Palo Alto, Juniper, SonicWall Proxy server, Cyberoam, Cisco PIX, ASA.
WAN optimization Devices Cisco WAAS, Juniper, Blue-Coat and River-Bed.
Wireless LAN Cisco Controllers, Motorola (Symbol) WS7100, Foundry Networks.
Voice Devices Avaya, Asterisk and Yoda (Routing, Dial-Plan and Digitization)
Windows Operating System, Novell NetWare IPX/SPX, MAC OS AppleTalk, Leased Line Networks, Desktop Management with Active Directory Service, Group Policy, NDS, Planning, Implementation and day-to-day Maintenance of LAN, WAN & IP Securities in the Windows, Unix/Linux & Novell NetWare environment.
Microsoft Exchange Server ver5.5, 2000, 2003 with Installation, configuration, implementation, maintenance and Strong troubleshooting skills.
Remote Access network for Users dial-in-service, L2TP, Client Remote VPN. Switch, MS ISA server.
Proteon IBM TokenRing topology based Concentrators/Multi Access Units, and Proteon TokenRing Routers.
PC hardware, Printers, Monitors troubleshooting, Token Ring, Ethernet and leased line cabling, RJ-45 and Token Ring type-I cable/connector crimpling and LAN box crimping Fiber Optic Cable splicing and termination.
Vectrus System Corportion: OCONUS Kuwait: (for US-Army) (’19 March to till Date)
Desined and Implemented Cisco-Meraki Cloud Management SD-WAN Solutions at Kuwait, Qatar, Germany, Spain, France, Cuba, Japan, GreenLand Where US-Army Base Operation Support Systems are deployed.
Used more than 600 Cisco-Meraki Access Level Switches, Cisco-Meraki 75 Core Switches, Cisco-Meraki 385 APs.
Security Perimeter was deployed by Palo-Alto Firwall PA-3020. WAN Optimization with Riverbed SteelHead.
Different Locations were Connected by Cisco-Meraki VPN Concentrators.
Solarwinds NPM was deployed for more than 3500 Nodes, with SQL database servers.
· On-going tuning of firewall rules and IPS Signatures and other security devices as per the security stance requirements. Incident Support for this function is required 24 x 7 x 365, immediate response
· Ensure the creation and update of all related infrastructure diagrams showing security infrastructure
· Customization and mandate of IDS / IPS sensor policies.
· Management of Internet content filtering to protect bank staff from malicious web sites
· Define, implement, assess, and maintain controls necessary to protect networks, hardware, and systems in accordance with security requirements (intrusion prevention/detection)
· Define, implement, assess, and maintain controls necessary to protect the network/Internet perimeter in accordance with security requirements (firewalls, DMZ, network connections, third-party connectivity, remote access, VPNs)
· Manage the implementation and maintenance of controls necessary to protect information and vital assets (including media) in accordance with security requirements (includes privacy requirements, PII, encryption, PKI, backups, DLP, data retention/destruction)
Alghanim International: (Oct ’17 to Feb ’19)
Joined Alghanim International as Unit Head Network, taken the responsibility of Planning, Designing the network for the user population of about 4500 working at various geographical places in Kuwait. As a first project involved in the implementation of firewall PaloAlot PA-3220 in a two-tier architecture to secure the network from Perimeter, DMZs and LAN segment.
Handling a team of 25 IT-Support technical staffs at various levels of implementation. Guiding the staff and involving with them to achieve their goals and target.
Taken care of completing the project on time and testing and signing off.
Designed a failover, load balancing LAN environment with Cisco 3760X routers.
Deigned a failover, Active-Active High Availability of the PaloAlto PA-3220.
Assigning day-to-day activity to the team, follow-up, keen on implementation of the jobs assigned to the team, Technically involving with the team during the time of difficulties at the time of implementations etc.
· Ensure security requirements are embedded in all projects from the onset of any project and during the initial design phase and throughout the lifecycle of the project.
· Provide further technical security related guidance as required during the build and testing stages of the projects.
· Provide technical security input as required by the security policy development team.
· Implement security design of complex application and technology architectures.
· Manage technical design/review activities with various segments within the Security team
· Evaluation and maintenance of systems and procedures to safeguard internal information systems and databases.
· Researching and recommendation/implementation of changes to procedures and systems to enhance security aligned with corporate policies
· Mapping Policy requirements to detailed technical implementation requirements for IT Stakeholders
· Perform certification and accreditation prior to releasing new systems to production
· Software and application controls - Define, implement, assess, and maintain controls necessary to protect software and applications in accordance with security requirements
Industrial Bank of Kuwait (IBK): (Mar ’16 to Oct ‘17)
The IBK Bank is the non-commercial finance institute where the bank servers the industrial customers. Employed with 485 staffs, the bank has a strict implementation of the LAN network with heavy security policies.
The Bank’s DR site is located in Sabhan as branch office. The bank is implemented with 25Mb of dual internet Connectivity to ISPs Zajil-KEMS and Fasttelco. The bank has the VPN site-to-site facility to connect the off-shore Financial Software Suite development like Infosys India.
The bank’s LAN is facilitated with Extreme Networks network environment, comprised of Black Diamond modular chassis and the Summit X400 Series L2 Access Layer switches to connect to the user LAN.
The LAN is implemented with the EAPS advanced level loop prevention software mechanism integrated with the Core and access switches.
The core and access layers switches are scrutinized with severe switch port security levels. The Complete LAN access is protected with the DHCP Snooping mechanism.
All the Network connectivity is monitored with the SNMPv2 with RSA 4098-bit key mechanism. Syslog servers, Solar-Winds Network management system.
The desktops are implemented with the end-point security management suite called LAN-Desk desktop management software. Kaspersky plays a dominant role to protect the LAN environment with Anti-Virus security solutions. While the server-farm is implemented with the Trend-Micros Security system.
McAfee E-mail Gateway Software is implemented to scan the incoming mails, and the very advanced mail filtering mechanism is implemented.
The bank’s LAN and WAN networks are protected with the SonicWall Firewall, Juniper Firewall, Cyberoam VPN Devices and Sophos Proxy server.
As network administrator, I played a major role in designing and implementing of the all the above said technologies.
As network administrator, frequent implementation of the Security patches guided by the internal audit and the Security manager as per the guidance of the ISO security implementation companies.
Taken part in the training program conducted by Alliance Access Swift Messaging Software at Brussels, Belgium. There after taken part with the team of Swift engineers to implement the Swift systems and secure VPN Network implementations with the Swift partners.
Dealt with the Bank’s Trading System called the Dealing system with the Reuters Implementation team to configure the server software and the secure VPN connectivity to the Reuters Dealing System.
Successfully implemented the BGP Dual Internet Connectivity with the ISPs in Kuwait Zajil-KEMS and Fasttelco with the RIPE IPs.
· Provide technical security input as required by the security policy development team.
· Implement security design of complex application and technology architectures.
· Manage technical design/review activities with various segments within the Security team
· Evaluation and maintenance of systems and procedures to safeguard internal information systems and databases.
· Ensure the creation and update of all related infrastructure diagrams showing security infrastructure
· Customization and mandate of IDS / IPS sensor policies.
· Management of Internet content filtering to protect bank staff from malicious web sites
· Define, implement, assess, and maintain controls necessary to protect networks, hardware, and systems in accordance with security requirements (intrusion prevention/detection)
M.H.Alshaya Co.W.L.L (Jun’06 to Feb ‘16)
M.H.Alshaya is biggest retailer in Middle East region. With its operations spread in UAE, Kuwait, Kingdom of Saudi Arabia, Bahrain, Qatar, Egypt, Jordan, Cyprus, and Lebanon, it is also has successfully established stores in Russia, Poland and Turkey. Alshaya is retailer for major US and UK brands in Fashion Design, Casual Dining and Home Furniture Marketing.
As a Network Administrator for the 30000 employees strength Retail Company, I restructured the complete network to meet the business needs by connecting all regions over MPLS Layer 3 VPN over MP-BGP network by having KEMS ISP Network Plane with Cisco ASR Series Aggregated Routers. All the 17 regional countries are connected with MPLS Layer 3 VPN.
MPLS Traffic Engineering deployment as successful implementation.
Metro-Channel connectivity between various Branch offices and Warehouses over Hierarchical VPLS distributed architecture an Ethernet emulated WAN topology over MPLS Layer 3 VPN.
Successfully completed LAN design and deployment of 100GB backbone design with Brocade MLX series modular switches with full redundancy solution using VRRP-E integrated with 900 + VLAN and VTP switch configurations.
Deployed two tier models for the firewalled network and all brands are being integrated with the VPN intranet connectivity.
Setup the QoS for the VoIP, Video services for the voice and video communications for all regions.
QoS deployment for Voice/Video services, Oracle Mission critical applications, E-Commerce time-critical applications with DSCP coding concept integrated with the Checkpoint Firewall.
Multicast Deployment for the video server streaming to carry out the training for the end users across the regions. The complete middle-east covering UAE, Bahrain, Qatar, Oman, Egypt, Jordan, Lebanon, Cyprus and the Central Europe, Russia and Turkey
Kuwait Small Projects Development Company (Nov’03 to Jun’06)
As an individual network and system administrator in a Financial Institution Company for the strength of 750 employees, I performed all tasks related to LAN/WAN IT environment.
Redundant LAN with the VRRP-E using Foundry Networks (Brocade) Big Iron 15000 chassis modular multi-layer switches.
LACP Protocol to aggregate the Backbone bandwidth for up to 40GB between the access switches and the collapsed core.
Deployment of Check point firewall and PIX for 2 tier architectures.
Successfully deployed the complete setup of Compaq, Dell Server/PCs with the optional software using the unattended installation for the entire organization. The deployment was carried out with Windows 2003 Enterprise server, Windows XP Professional, Office 2003 suite, Oracle 9i Server with JAWA client financial software with OMNIS as runtime Management.
Implemented the Microsoft Exchange server 2000/2003 as the corporate mailing system.
Provided day-to-day maintenance, troubleshooting on both hardware and software. Providing maintenance/repair for the Laser/Ink Jet Printers, Network printers.
Performed a Scheduled Backup for user data with Veritas 9.1 Backup Exec on a DLT tape device.
Configured a central management, Remote agent for remote backup from user PCs.
Implemented the Symantec System Center Antivirus software, configured a schedule for server client automated Antivirus definition files update.
Installed and configured network services like DNS, WINS and DHCP.
Performed the software upgrade on the PIX firewall 515E ISO software version from 6.0 to 6.3 with PDM update of 3.0(1) and reconfigured the setup when the ISP was changed. Also performed the software upgrade on US Robotics Total Control MP/8 V.34 to ISO version of V.92 for the 56K access mode with the hardware upgrade of the Sister board.
Successfully deployed VPN for the company to provide the employees a Remote Access to access IT recourses. The IT Security systems were deployed with IPSec and the Windows Certificate Service systems.
Implemented the Automated VPN Dialup network via the Windows Phonebook Services.
Successfully deployed Windows Automated Update Server Service system which helps the PCs to stay up-to-date with the current version of the Software, Service-Packs, Security Systems over a secure channel.
Al-Watan Newspaper and Journalism (Feb’03 to Oct’03)
As a Network Engineer performed the tasks as LAN maintenance and troubleshooting of hardware, software problems.
Scheduled a tape backup strategy with the installation of Veritas Backup Exec 8.1 on DLT tape backup devices.
Installed and configured Exchange server 2000. Successfully completed the Remote Access Network for a specific department locate in off the campus to access the Sybase data base systems.
With the third party involved in the design and implementation of cabling, structured cabling for the entire organization. Worked on fixing the panel boards and rack systems to fit the switches.
Worked on the configuration of catalyst 3550 series switches, fixing the modules and configuring them on 7600 series Modular system.
Configured the Cisco Aironet 350 series Wireless LAN access points.
Implemented the desktop management strategy by creating Group policies on Windows 2000 server.
Kuwait Airways (Oct’00 to Sep’03)
Worked with a team of five engineers for installation, configuration and troubleshooting of Mainframe which was getting connected to Videcom Dump terminals to access the Cargo and Reservation systems with the help of SITA (Satellite International Telecommunications and Aeronautics LTD) communication network at Cargo terminal, Kuwait International Airport and NCC- Network Control Center.
Installed, configured and performed troubleshooting for printers like OKI, TEXAS message/Document and ticket printers.
Designed and installed Videcom CRT leased line cabling with a modem, Ethernet with Cat-5/Cat-5e/Cat-6 with RJ-45 and Token Ring based IBM Type-I cabling systems to connect IBM PCs to operate at ring speed 16 Mbps, with TCP/IP, IPX/SPX and NetBIOS protocols.
Installed panel boards and rack systems to fix Proteon a Token Ring Concentrator/ Multi Access system unit to connect all the PCs in a subnet, and connecting a Proteon Token Ring Router to connect the subnets.
Installed, configured and performed troubleshooting for GATEWAY VTM & VTA servers and corresponding client Gateway Emulator Software on all client IBM PCs.
Installed and configured applications software like MS Office, Cargo Wise, Eicon Aviva, Isnet and MS Outlook Express the client messaging system.
Provided technical support as help desk to all users and providing a fast recovery at the time of system failures.
Maintained database that holds complete information of equipment and user info etc.
Co-ordinate with a team of five Co-engineers to design and implement structured cabling for the entire cargo newly renovated building.
Out of self-motivation and personal interest co-operated with LAN section and workshop to install ISO on Routers, switches and participated in configuring them as per the environmental user specific needs, created VLANs based on department requirements on the switches. Installed these equipment’s at proper locations and verified the connectivity by testing it. Possess good knowledge in TCP/IP, IP subnetting, implementing the proper subnet concept and required number of subnets. Helped in defining Access Control Lists (ACL) in environment to secure the network and user access to the network.
Neyville Lignite Corporation (Aug’99 to Sep’00)
Performed all duties related to Windows NT 4.0 server system administration, hardware and software technical support in a fast-paced heterogeneous windows/Novell/Unix environment.
Involved with team of engineers to provide LAN support. Successfully completed laid LAN cables for the entire campus as per corporations and departments requirements and as per design team approval.
Provided the end-user support to the campus of 700 users in issues related to printers, permission to access various LAN segments and connecting to Internet with CISCO 2900 series switches and 2500 routers, performed troubleshooting for network and hardware equipment’s.
Kewal Tronics (Jan’99 to Jul’99)
Assembled hardware, installed software, installed and configured modems, UPS, print devices, scanners and digital cameras, troubleshooting the PCs. Involved in post purchase maintenance/upgradation and troubleshooting. Distribution to all clients the AMP cabling Cat-5 and RJ-45 connectors and Type-I cable and connectors for Token Ring based topology networks.
Educational Qualification
Degree
Institute/Board/University
Year
Percent
MBA (Marketing)
University of Madras, India
1997
61
B.Sc (Physics)
University of Madras, India
1994
68
Higher Secondary
T.N Board
1989
65
High School
T.N Board
1987
63
Strengths
Committed to accomplish corporate goals.
Ability to learn quickly the challenging concepts of the industry.
Persuasive communication skills.
Result oriented, valued contributor who performs confidently and effectively under pressure and thrives on challenges
Hobbies
Reading, Audiophile listening to music, musical instruments, Home Theater Custom installer and Acoustic Room Treatment
Date Paul Christopher J.
Contact this candidate