Network Engineer Security
Resume:
Waheb Al Samaraie
Lead Network Infrastructure Design, Development, Automation and Support enterprise network LAN, WAN, Security, Data Center and Wireless. Skilled in Routing/Switching, Data Center (VxLAN / ACI), AWS/Azure Cloud, SDN, Linux, Python and automation.
Develop and execute technology roadmaps, network modeling, analysis, and planning based on business needs and the enterprise technology strategy. Create functional strategies and specific objectives for the sub-function and develop budgets / policies / procedures
Identify and lead implementation of industry best practices for Network infrastructure design and maintenance including cloud. Identify opportunities to improve resource efficiency of business applications through technology, application and database improvements. Recommend future directions and participate in strategic and financial planning
Area of Expertise:
Cisco routing, switching, firewalls, wireless, and load balancing.
Arista switching, SDN, SDWAN, Data Center Technologies.
AWS, Azure, GCP: SaaS, PaaS, IaaS.
Palo Alto Networks firewalls, SASE, Prisma Cloud.
Checkpoint firewalls.
Juniper JUNOS NetScreen.
F5 GTM and LTM Load Balancers.
Aruba Wireless ClearPass.
Network Security, Endpoint Security, WAN Accelerators, SilverPeak, Riverbed.
Routing: BGP, EIGRP, OSPF, ISIS.
Solarwinds.
PolyCom, Cisco VoIP.
EMC Backup and Storage.
EDUCATION/TRAINING/CERTIFICATION
Masters, Cybersecurity: Managing Risk in the Information Age, Harvard University, Massachusetts, United States, 2017 – 2018
Bachelor of Science, Electrical Engineering, University of Technology, Baghdad, Iraq, 1999 – 2003
Certifications/Training:
Palo Alto Networks Certified Network Security Engineer (PCNSE)
Arista Warrior
Network Warrior
Architecting with Google Cloud Platform and Cloud Security
CISSP(ISC)
Hacker/Security+ (SY0-401): Advanced Exploitation Techniques
CCNA Routing and Switching
CCNA Security
MCSE
Checkpoint Security Expert (CCSE R70)
Checkpoint Security Administrator (CCSA R70)
Security + Higher Institute of Technology
Network + Higher Institute of Technology
TECHNICAL ENVIRONMENT
Skills: Cisco Switches, Routers, Firewalls, Wireless and Load balancers Arista Switches, EOS SDWAN, Data Centers Technologies and best practices, Security As a Process IaaS, Paas, SaaS and cloud architecture Including Public (AWS, Azzure &GCP), Palo Alto networks, solar winds monitoring, Campus Networks (Wired/Wireless), Juniper JUNOS NetScreen, Google cloud solutions, AWS, PVC, AZure and EC2 (Various Isas, Paas, Saas), Load balancers, Wan Accelerators and Edge network security (silverPeak, Riverbed and F5), Polycom &teleprecense solutions, Remote Offices Upgrades, EMC backup and storage/SRM and Business continuity planning, Experienced in check point Firewalls(splat/windows) Migration to PaloAlto Networks, Check Point best practices and tools (smart dashboard, monitor, tracker)Accounting and usage Analysis, Aruba Wireless solution and 802.11x Authentication (utilizing Clear Pass for on boarding) along with cloud DeployWi-fi and wireless network coverage and strength monitoring etc, utilizing Airwave and spectrum Analyzers, Wireless 802.11ac design and deployment in Aruba using Airwave, Design and deploy Wave 2 cisco using prime in addition to Cisco Aironet Meraki and SOHO solutions including IAPs, Yagi, Senao and Sectorial APs along with Sight Survey and tuning of power/Frequencies, Cisco IOS, Fierwalls Migration to PaloAlto networks, VLAN, BGP, MPLS, RCS, sniffing and Ethernet troubleshooting tools and applications(check point, Fluke, Wire Shark), Security Setup and Maintenance, Load Balancing using Cisco ACE and Citrix NetScaler’s and hardware appliances(coyote point), web accelerators(river bed), proxy servers, Radius and TACACS, Auditing and implementing strong system and network security(IPS, IDS, Intrusion Tests, DOS/DDOS mitigation and disaster recovery plans), Networking and network troubleshooting instillation configuration and maintenance LAN/WAN/WLAN/MPLS/BGP Static and dynamic routing, Cisco routers and multi-layer switches, VLANS, Enterprise server and network storage(SAN, NAS, RAID, iSCSI, LVD, SAS, SATA III, EMC, Coraid) Dell Blades HP blades including HPUX and various servers, Threat detection/prevention techniques, Monitoring tools implementing configuration and operation (Cacti, Nagios, NetFlow Gigamon Windows Apps Health Monitors, LANZ, HP OpenView, Dell open Manage, Alarm point, PRTGG, KeyNote/Webometrics . SolarWinds, Big Panda and Telemetry), Linux configuration, open source application and reporting management(CentOS, PFsence/Mikrotik FWs, Elastix (Asterisk based), Open Vpn, Nagios), Exchange servers, Active Directory, VPNs, Virtual Servers, Antivirus servers, Terminal Servers SharePoint, Reloading, DNS DC and DHCP Servers, IIS and Application Servers, Backup and Database Replication including tape loaders, Desktops, servers, mainframes and data centers instillation operation configuration and maintenance as well as telecommunication mobile switching offices dispatch centers and command and control centers, Experience administering and architecting virtualized and physical systems, SDN(Cloud Vision), SD Wan using Paloalto VTIs to decrease MPLS coasts and Cloud Genix, Silver Peak, Riverbed Wan Acceleration, Help Desk/Ticketing and PC Support experience Willingness to learn and apply new technologiesIT Project Management Skills and tools, Primavera, BMC Remedy, Service Now, Agile/JIRA- ITIL-Lean Management-MS Project and service now. Confluence, ITIL, Six Sigma, 5 habits, TOGAF ADM
MAJOR ASSIGNMENTS
Wipro, Dublin, CA 2021 – Present
Sr. Solution Architect
Responsibilities:
Leading a network redesign initiative to accommodate client’s need for growth to a multi-billion dollar industry while accounting for security in mind. Heavily involved in the solution selection and sizing of routing, switching, and firewalling devices.
Migration of customer’s firewall solution from Cisco Firepower to Palo Alto Networks with Panorama managed.
Participated and often led design and whiteboarding discussions to address challenges, issues, or new initiatives. Provided training and guidance for local engineering staff in various topics of networking and security
Facebook, Menlo Park, CA 2019 – 2021
Sr. Network Security Engineer
Responsibilities:
Managing of Facebook’s large network environment to ensure network resiliency, optimal performance, and the detection and prevention of threats and anomalies in both production and lab environment.
Implementing TACACS for Network devices to achieve 2FA based Authentication.
Implementation of routing protocols such as EIGRP, BGP, and ISIS. Implementation and roll out of new network services, optimization of existing services, and troubleshooting complex network issues and responding to security incidents.
Responsible for the maintenance, upgrades, and patching of various network and security devices while maintaining operations.
Implementation and management of new solutions, to include but not limited to Juniper, Arista, Cisco switches and Wireless LAN Controllers.
Nortek Security & Controls, San Jose, CA 2017 – 2019
Lead Security Engineer
Responsibilities:
Lead the software security team and established a process for testing and validating application security while engaging with appropriate teams to discuss mitigation efforts. Adopted NIST and OWASP framework to improve application security and engaged with the development team to promote secure application coding practices.
Implemented MFA using RSA SecurID Authentication Manager.
Established a process of security testing for all web applications, systems, both on-prem and in the cloud to assess system and application security and remediate all findings prior to going into production.
Proficiency with Inspector for Amazon Web Services (AWS) and Qualys for Google Cloud Platform (GCP).
Responsible for the management of different cloud service providers (CSP) using Palo Alto Networks’ Prisma Cloud. Performed regular security assessment of all systems, identified IoT devices, and worked with the network team to isolate authorized IoT into its own isolated networks while blocking unauthorized IoT and other devices. Engaged and acted as an extension of the Incident Responder team when responding to incidents in an effort to respond to, and contain, threats or unauthorized access.
Deployment and management of NextGen firewalls, Intrusion Prevention Systems (IPS), Endpoint Security (EDR/XDR), Network Access Control (NAC) and integrating various security technologies together. Conducting triaging and investigation of potential threats using various technologies such as SIEM (Splunk), Carbon Black App Control, Palo Alto Cortex XDR, Microsoft Defender for Endpoints and Email, etc.
TAOS, San Jose, CA 2016 – 2017
Cloud Security Engineer
Responsibilities:
Headed cloud migration projects for various clients starting with extensive architectural and design discussions to the actual implementation of various cloud solutions across multiple regions and availability zones to provide geographical redundancy and fault-tolerance.
Proper implementation of Identity and Access Management (IAM) and other AWS cloud-native security capabilities such as AWS Shield, WAF, Amazon Guard Duty to provide advanced threat protection, Amazon Inspector for analyzing cloud application security, AWS CloudTrail for logging and monitoring, etc. and the utilization of AWS Cloud Formation templates to automate the provisioning of cloud services and eliminate the possibility of human errors.
Riverbed, Sunnyvale, CA 2015 – 2016
Network Engineer
Responsibilities:
Responsible for the deployment, configuration, and management of various Cisco and Juniper routing and switching technologies as well as Aruba Wireless Controllers. Troubleshooting complex network issues to ensure continuous business operations. Configuring of both dynamic and static routes in production and lab environments such as OSPF and BGP.
Lead the migration effort from Aruba Wireless to Xirrus to meet business needs and identified and eliminated single point of failures that existed in the network.
Configuring and administering Palo Alto firewalls and configuring Panorama Device Groups and Templates to automate the provisioning and configuration of new firewalls and centrally manage configuration and backup.
Hewlett Packard Enterprise (HPE), Mountain View, CA 2015 – 2015
Sr. Network Engineer
Responsibilities:
Responsible for the network operations, configurations of routers and switches, upgrade IOS and championed the Data Center consolidation efforts to reduce cost and overlapping of resources.
Participated in the integration of various Data Centers as a result of mergers and acquisitions, and architecture secure network designs in Data Centers.
Responsible for the connectivity and operations of campuses and remote branches and addressing IP address space overlaps due to mergers and acquisitions.
Autodesk, San Francisco, CA 2013 – 2015
Sr. Network Engineer
Responsibilities:
Architected large scale Data Centers to support Autodesk business needs, responsible for the upgrade of the San Rafael HQ campus as well as San Francisco branch offices, lead various hardware refresh projects for Data Center hardware to accommodate growth and the utilization of newer security technologies to protect Autodesk’s intellectual property.
Responsible for designing and implementing WAN solutions to replace higher cost MPLS and expedite the deployment and connectivity of remote offices.
Implemented Palo Alto Networks NextGen PA3020 in the HQ campus and Data Centers and PA200 series in remote offices.
Arista Networks, Santa Clara, CA 2011 – 2013
Network Engineer
Responsibilities:
Lead the effort to migrate on-premise applications to various cloud service providers such as AWS for internet-facing and critical business applications and the utilization of vmware technologies and Microsoft Azure Cloud for SaaS apps and internal applications.
Responsible for designing, planning, and deploying of Arista Networks technologies in the HQ campus as well as remote offices/Mfg. sites, and Data Centers.
Migration of Arista Network infrastructure firewalls from PFSense to an enterprise solution like Palo Alto Networks utilizaing PA5005 for HQ and Data Centers and PA3020 and PA500 for remote offices and lab environments.
Responsible for the implementation and maintenance of Arista’s wireless, VoIP, and VPN technologies and integrating with security solutions to detect and block threats.
Walmart GEC, San Bruno, CA 2011 – 2011
Network Engineer
Responsibilities:
Supported Walmart’s global e-commerce business and IT infrastructure, deployed and managed IDP/IPS solutions, fine-tuned IPS policies, and responded to security alerts on a daily basis.
Deployed and configured various Palo Alto Networks solutions to detect and block threats and configured the solutions to provide maximum protection without impacting the business while providing required visibility to the NOC.
Implemented Cisco firewall security module (FWSM) as well as Cisco ASA in Data Centers and remote offices.
Migrated legacy and End of Life hardware to Palo Alto Networks hardware. Managed firewall rules to support the business and block unauthorized access. Worked on various regulatory and compliance projects including but not limited to VISA PCI-DSS.
Implementing and troubleshooting MPLS issues and configured dynamic routing protocols such as OSPF, BGP, and EIGRP.
Managed and configured Nexus 3k, 5k, and 7k. Managed various switching and routing devices, firewall technologies, and Citrix NetScaler/ACE Load Balancers. Configuring SPAN and RSPAN to meet network and business needs.
Participated in Change Control process for both production and QA related changes.
Performed and analyzed packet capture for application and network troubleshooting.
Globe Wireless, Port St. Lucie, FL 2008 – 2010
Network Security Engineer
Responsibilities:
In charge of the operation of multiple 24 x 7 Network Operation Centers (NOC) and for the configuration and maintenance of LAN and WAN networks, interconnectivity of multiple remote sites with main campus and Data Centers. Performed network troubleshooting and worked with network engineers in other remote office to resolve connectivity issues.
Provided network and server support as well as managed a large number of systems, both Windows and Linux servers to support the business operations.
Worked with the DevOps team to address application related issues and to increase performance through software coding optimization.
Responsible for the patching of various operating systems and applications residing on those systems, assisted in installation and configuration of VoIP systems and other related telco WAN issues.
Configured and managed CheckPoint firewalls and migrated to Palo Alto firewalls due to limitation with in CheckPoint’s HA cluster configuration.
Managed a team of 14 system admins responsible for the administration and maintenance of various systems as well as vmware infrastructure.
Bearing Point International, Baghdad, Iraq 2006 – 2008
Sr. Network Engineer/Manager
Responsibilities:
Managed a team of 5 engineers and collectively managed and configured routers, switches, LAN/WAN connectivity, Wireless AP, VoIP telephony, network printers, file servers, and application servers.
Implemented and maintained Data Centers for the Iraqi Ministry of Labor and Social Affairs to provision a secure network to handle the National IDs information for Iraqi citizens.
Designed and implemented the Data Center network for the Central Bank of Iraq and implemented Data Security measures to include but not limited to the implementation of sophisticated multi-layer Cisco switches, ISA servers, and Cisco PIX firewalls.
Designed, planned, and implemented Microsoft Active Directory and Exchange servers installations, application servers, and secure file transfer servers.
Lucent Technologies, UK, Austria, and Baghdad, Iraq 2004 – 2006
Network and Systems Engineer
Responsibilities:
Acted as a team lead and site engineering manager for Baghdad’s Advanced First Responder Network (AFRN), responsible for the supervision of installation and quality inspection of HF Network projects. Managed the AFRN systems and Governmental Dispatch Center (GDC), Mobile Switching Office (MSO), and Command and Control (CC) installation in both MOI and Lucent.
Lead the installation project of a major Network Operation Center compound and provided hands-on training for Voice Communication Systems (VCS) and Dimetra IP (Tera) systems. Responsible for the restoration of a complex switching system in the event of a failure or during scheduled maintenance.
US Army Corps of Engineers, Baghdad, Iraq 2003 – 2004
Network Administrator
Responsibilities:
Managed Windows NT4.0 and Windows 2000 Active Directory environment, Lotus Notes application servers, configuration and maintenance of VPN tunnels, responsible for the communication infrastructure for offices in Iraq, including but not limited to VSAT equipment, lead the installation efforts of a wireless network for the Gulf Region Division project, acted as the IT manager for the Contrack Inc. HQ in Baghdad.
Contact this candidate