Palo Alto Network Engineer
Resume:
EBENEZER TAKPOR
**************@*****.***
linkedin.com/in/ebenezer-takpor-391a7181/
PROFILE SUMMARY:
Results-driven cloud network engineer/architect with vibrant experience in AWS and Azure cloud platforms. A passionate professional dedicated to leveraging cloud-agnostic expertise to help transform clients' IT infrastructure, operations, and containerized applications. Proficient in utilizing Kubernetes with Docker orchestration to manage platform microservices. I specialize in architecting the most innovative, scalable, highly available, secured, fault-tolerant cloud ecosystems while ensuring cost-effectiveness. Well-versed in both Cisco Router, Switch, Firewall configuration and Active Directory, Windows, and Linux administration. Experienced in implementing Panorama-managed Palo Alto VM-Series Next-Generation Firewalls, securing applications with security groups, NACL, SSL decryption, custom dynamic security feeds, and establishing VPC-to-VPC connectivity via Transit Gateway/AWS Routing/Firewall Routing, AWS Organizations, VNET, and Direct Connect. In-depth knowledge of DNS for efficient traffic routing and management. Strong experience with Active Directory, securing S3 buckets, CloudFront, and Azure Front Door, and enforcing compliance with frameworks like FISMA, HIPAA PCI-DSS, and GLBA while optimizing for performance and cost-efficiency. Skilled in securing applications/accounts with SSO, multi-factor authentication, advanced IAM practices such as RBAC, ABAC, privileged identity management, and encryption in transit and at rest. Conduct thorough investigations and analyses of security incidents, using security information and event management (SIEM) and intrusion detection/Prevention systems (IDS/IPS) for threat detection, prevention, and management. Establish a plan to deal with security incidents and put it into action.
SKILLS
Cloud Platforms: AWS, Azure.
Infrastructure as Code: Terraform, CloudFormation, Ansible.
Configuration Management: Systems Manager, Ansible.
Containerization: Docker, Kubernetes, EKS/ECR, Nodeport/Replicant/Load Balancer/Services
Continuous Integration/Continuous Deployment (CI/CD).
DevOps Tools and SCM: Jenkins, Git, Bitbucket, AWS CLI.
Storage: S3 buckets, Azure Blob Storage.
Scripting Languages: Python, Bash, Yaml.
Networking: VPC, VPN Gateway, DMVPN, VNET, DMZ, Subnets, Network Security Groups, Transit gateway, Route Tables, Bastion Hosts, Load Balancers, Endpoints, DNS, IPAM with Infoblox.
LAN Switching – VLAN, VTP, STP, EtherChannel, QoS, WAN –MPLS, MPLS/VPN, MP-BGP
Monitoring and Logging: VPC flow Logs, Sentinel, CloudWatch, CloudTrail, ELK Stack, Prometheus, Splunk, Statseeker.
Security and compliance: Secret Keys Management, IAM, RBAC, Encryption, Palo Alto, ISE, CloudFront, Security Best Practices, IPsec, SSL/TLS, Site-to-Site VPN, HIPAA, PCI-DSS, FISMA, NIST.
Security Tools: WAF, IDS/IPS, Palo Alto, OKTA, MFA, conditional access
Problem-solving and troubleshooting.
Excellent Communication and Team Collaboration.
Operating Systems: Windows and Linux.
EDUCATION AND CERTIFICATIONS
Masters in Cybersecurity, Harvard University, Cambridge MA, (In Progress)
Postgraduate Certificate in Cloud Computing (University of Texas, Austin) Feb 2022 (https://vrfy.digital/lgTVp
Network Technology and Administration, Bunker Hill Community College, May 2020
Bachelor’s in Political Science and Public Administration, University of Benin, Nigeria, Nov 2011
Certified Cloud Security Professional (CCSP), (In-view)
Microsoft Certified: Azure Security Engineer Associate
AWS Certified Solutions Architect (Associate)
Cisco Certified Network Associate (CCNA)
CompTIA Security+
FISMA certified for working in highly secured US Federal Information environments.
RECENT PROJECTS AND ACHIEVEMENTS:
Automated deploying a highly available, secure web application infrastructure using Terraform and Ansible. Configured EC2 instances, VPC, Security Groups, and Route 53, and deployed containerized applications via Docker and Kubernetes in the FISMA environment.
Azure Point-to-Point VPN Gateway for Microsoft Entra ID Authentication
Designed and implemented a multi-region disaster recovery architecture on AWS using S3 replication, Route 53 for DNS failover, and RDS cross-region replication to ensure high availability and business continuity.
Hybrid networking using tools like ExpressRoute, Direct Connect, VPN, and VPC to ensure low-latency, secure connectivity for mission-critical workloads.
Built Compliance into the infrastructure with Azure Policy and AWS Config.
Implemented cloud monitoring and threat detection solutions using AWS GuardDuty and Azure Sentinel. Configured automated alerts for suspicious activities, and vulnerability management, and integrated Splunk for log aggregation.
Led a cloud cost optimization initiative by automating instance right-sizing, implementing Reserved Instances, and using AWS Cost Explorer and Azure Cost Management tools to reduce cloud expenditure by 25%
Configured and maintained Palo Alto Next-Generation Firewalls and Panorama Management Devices.
Architected zero-trust cloud security architecture using AWS IAM policies, conditional access, Azure Privileged Identity Management (PIM), and multi-factor authentication (MFA) with Active Directory and OKTA integration to secure access to cloud resources, ensuring compliance with PCI-DSS.
Built a secure data lake on AWS using S3, AWS Lake Formation, and encryption in transit and at rest to store and manage large volumes of sensitive data.
Created Documentation for upgrading, Infoblox, Palo Alto Firewalls, and Panorama management devices to the latest versions.
Configured and deployed routers/switches using the Netmiko library.
Configured Wireless Controllers and deployed over 1,200 Wireless Access Points on the Harvard Medical School Campus.
WORK EXPERIENCE
Cloud Network Engineer (Sept 2022 – Till Date)
Harvard Medical School, Boston, MA
Ensured that the best security practices were followed by configuring IAM policies, Security Groups, and SSL/TLS certificates for secure environments.
Deployed modules for application execution within the FISMA Environment.
Proficient in vulnerability management and remediation utilizing WAF, IPS/IDS, Tenable Nessus, Splunk, etc.
Regular management of WAF endpoint, CDN, and sensor rotation.
Developed a low latency website by storing content in an S3 bucket and utilizing CloudFront/Global Accelerator as a Content Delivery Network (CDN)
Constructed an infrastructure that facilitates rapid disaster recovery, Data Loss Prevention (DLP), and point traffic in an AWS environment using route 53.
Proficient in the secure configuration and troubleshooting of Direct Connect connections to data centers and Site-to-Site VPNs.
Configured high availability Palo Alto VM-Series load-balanced firewalls using an AWS GWLB (Gateway Load Balancer) w/GENEVE traffic encapsulation, AWS Overlay Routing and dynamic IP address/URL/Country/Virus/Malware Block/Allow lists to secure application ingress/egress traffic
Configured high-availability Palo Alto Panorama firewall management devices with redundant Splunk/AWS logging
Created documentation for updating the Palo Alto firewalls/management devices and other network devices/nodes.
Configured and updated Palo Alto Global Protect VPN (GPVPN) created an enhanced security HIP object and Global Protect VPN profile.
Connected VPC to VPC (East-West Traffic) utilizing AWS Transit Gateways, AWS Routing and Palo Alto Firewall VM-Series routing.
Created infrastructure on AWS and Azure using Terraform.
Network Monitoring: Infoblox Alerting, Cisco ISE, Cisco Prime, Intermapper, Splunk, Statseeker, SNMP configuration.
Configured and used Palo Alto dynamic feeds (Malware, Virus, Vulnerability, IP Address, etc.) in firewall security policies
Created and managed IAM accounts and role-based access control (RBAC) policies for access to AWS services by the creation/administration of user permissions, directories, and files in a Linux environment.
Experience configuring Cisco ISE for network device management and configuration of endpoint devices.
Experience with on-premises and cloud network configuration, automation, and troubleshooting, as well as using Python scripts aligned with Netmiko Library for network automation projects.
Designed and implemented network configurations, such as VLANs, subnets, and routing protocols (e.g., OSPF, BGP), to improve efficiency and security.
Configured a DMZ to segment the internal network from external access.
Implemented Data-in-Transit Security with VPN (IPSEC/TLS), Data-at-Rest Security with Encryption, and Data-in-Use Security with Proper User Orientation.
Configured TACACS+ and Radius for authentication and authorization on routers/switches and end-user devices.
Analyzed network traffic and host activity across all platforms and technologies.
Provisioned new IT assets, such as firewalls, routers, and load balancers in adherence to the NIST Cybersecurity framework.
Excellent working knowledge of network concepts and protocols (TCP/IP, UDP, DNS, DHCP, HTTP, HTTPS).
Configured and directed DNS traffic (Infoblox, Route 53, Windows)
Server Migration from on-premises to AWS with AWS Migration Services (AMS)
Created DNS Records, Zones, Delegation and Subzones
Assumed responsibility for and promptly resolved any escalated issues that arose from leadership, consumers, or vendors.
Network Specialist January 2021 – September 2022
Hanscom Airforce Base (Contractor)
Installed and configured IT assets, including firewalls, routers, and load balancers, ensuring compliance with the NIST Cybersecurity Framework.
Conducted comprehensive log analysis to monitor bandwidth, system performance, and security, identifying inefficiencies and implementing optimized solutions.
Deployed and managed VLANs, subnetting, and routing protocols (BGP, OSPF, EIGRP), enhancing network segmentation and operational efficiency.
Designed and implemented WAN connections using site-to-site VPN, MPLS, and Cisco DMVPN.
Improved WAN performance by implementing QoS policies and monitoring traffic patterns.
Automated network administration tasks using Python, Ansible, and Netmiko, achieving an 80% reduction in manual workload.
Enforced secure communication standards, such as SSH and HTTPS, across the network infrastructure.
Designed and implemented network segmentation strategies with supporting firewall and access policies to achieve PCI, PII, and PHI compliance.
Implemented port security mechanisms to restrict unauthorized devices, preventing MAC address spoofing and other network-based attacks.
Configured 802.1x port security with RADIUS authentication for enhanced endpoint security.
Managed network access control policies, ensuring role-based access to sensitive resources.
Utilized open-source tools like Nagios and Splunk for proactive network performance monitoring, troubleshooting, and security analysis.
Conducted packet captures using Wireshark to analyze and resolve connectivity issues.
Investigated and resolved escalated incidents using SIEM platforms, IDS/IPS tools, and OSINT methodologies, achieving an 80% faster resolution time than SLA requirements.
Performed SCAP compliance scans and applied STIG protocols to validate remediation and secure control implementation.
Conducted phishing investigations and simulated phishing campaigns, enhancing employee security awareness by 80 %.
Created and updated network topology diagrams using Visio and documented configurations for audit readiness.
Authored network design plans, ensuring scalability and adherence to enterprise requirements.
Upgraded router and switch firmware, ensuring alignment with security best practices and vendor recommendations.
Integrated Zero Trust Architecture principles to improve security posture and minimize attack surfaces.
Participated in real-time incident response, including host triage, malware analysis, and remediation, improving organizational resilience.
Configured Active Directory policies and Windows GPO updates, enhancing user and system management.
Investigated and mitigated security incidents involving SIEM, IDS/IPS, anti-virus, and user-reported alerts, ensuring comprehensive response and recovery.
Recognized and escalated potential intrusions by analyzing IOCs, enabling prompt stakeholder action.
Maintained situational awareness of evolving cybersecurity threats and applied relevant countermeasures effectively.
Trained team members and provided after-hours support for incident investigation and validation.
Network Administrator, Tufts University, Somerville MA Sept. 2019 – June 2020
Maintain LAN and WAN Network Infrastructure.
Network design, administration, and troubleshooting.
Subnet/VLAN configuration and Problem Diagnosis.
Maintain network services, including file servers, VPN gateways, and intrusion detection and protection systems.
Keep an eye on server event logs, performance logs, network data growth, and server backups.
Provide management with comprehensive project status reports as directed.
Performs day-to-day maintenance and installation of server, network equipment, virtual machines, messaging, backups, and storage.
Resolving security issues; testing systems for hardware and software vulnerabilities; administering virtual private networks, firewalls, and security programs.
Contact this candidate