Network Engineer Access Control
Resume:
Candace Evilsizor
Sr NETWORK ENGINEER ******.*****@*****.***
Professional Summary:
Having 10 years of experience in configuring, managing, and troubleshooting enterprise LAN/WAN infrastructure using Cisco routers, switches, and firewalls.
Specialized in managing firewalls such as Cisco ASA, PIX, Checkpoint, Palo Alto, and Fortinet, with a strong focus on access control, VPN setup, and policy enforcement.
Skilled in configuring and maintaining F5 LTM, GTM, ASM, and Citrix NetScaler for application load balancing, SSL offloading, and high availability.
Proficient in dynamic and static routing protocols including BGP, OSPF, EIGRP, and RIP, supporting enterprise-grade network performance and optimization.
Extensive knowledge of switching technologies, including VLANs, Spanning Tree Protocol (STP), HSRP, and Layer 2/3 Cisco Catalyst switches.
Deployed and supported Cisco Integrated Services Routers (ISR) and various models including 3750, 3850, 4500, 2960, and 6500 series.
Designed and implemented VPN solutions such as IPsec, DMVPN, EasyVPN, and site-to-site tunnels using Cisco ASA and Palo Alto platforms.
Experienced in wireless networking with Cisco Aironet and Meraki access points, Cisco 5500 controllers, and wireless virtual/hardware-based controllers.
Strong expertise in security architecture design, implementation, and compliance, aligned with corporate and industry standards.
Hands-on experience with SIEM tools for threat detection, web traffic analysis, and security event correlation.
Performed proactive monitoring of network traffic and device logs, optimized performance by tuning.
Worked on multivendor platforms including Cisco, Fortinet, Checkpoint, McAfee, F5, Blue Coat, and Brocade for seamless network interoperability.
Designed, deployed, and supported Microsoft Azure and AWS environments, including virtual networks, subnets, and Office 365 cloud migration.
Administered core network services like DNS, DHCP, FTP, SNMP, and remote device access via SSH/Telnet for enterprise environments.
Configured and maintained Access Control Lists (ACLs) to control network traffic and enhance security posture.
Experienced in monitoring and tuning network devices, applying security patches, and optimizing performance through proactive analysis.
Provided 24x7 support for network operations, managed ISPs, led critical migrations, and collaborated across teams for infrastructure reliability.
Demonstrated strong analytical, documentation, and communication skills, with the ability to manage complex projects and deliver high-availability solutions.
Technical skills:
skills Category
Technologies / Tools
Routers
Cisco ASR, 7200, 4300, 4400, 3900, 3800, 2900, 2800, 810 (4G), 2811, 2921, 3640, 3745, 7200
Switches
Cisco Nexus 9K/7K/5K/3K, Catalyst 6500/4500/3850/3750/2900/3500XL, Cisco IOS 4900
Firewalls
Check Point, SideWinder, Blue Coat, Cisco FWSM, Cisco Pix, Cisco ASA, Juniper Firewall
Load Balancers
F5 LTM, GTM, Cisco ACE, Nortel Alteon
Proxy Solutions
Bluecoat, Squid
Access Control & AAA
Cisco ACS, TACACS+, RADIUS, Gigamon, GigaTap
Routing & Network Protocols
BGP, OSPF, EIGRP, RIP v1/v2, QoS, HSRP, VRRP, IPsec, IGMP, PIM, Spanning Tree, VPN (SSL/IPSec), TCP/IP, DHCP, DNS, FTP, TFTP, SSH, SNMP, NTP
VOIP Technologies
SIP, H.323, MGCP, SS7, TDM, Avaya Gateways
Network Monitoring Tools
Splunk, HPNA, Infoblox IPAM, SolarWinds Orion, Wireshark, HP OpenView, Netscout, Snort, MRTG, McAfee ePO, tcpdump, Visio, SIEM, Cisco Works
Scripting & Automation
Python (Netmiko) for configuration pushes, scrubbing, ping sweeps, pre/post check
Operating Systems
Windows NT/2000/2003/7, Linux (RedHat, Debian), UNIX, Junos, SPLAT, Secure Platform
LAN/WAN Technologies
MPLS, Metro Ethernet, SONET, T1, DS3, OC3, CSU/DSU
Network Equipment
Cisco 800/1600/2500/2600/3700/7200 Series Routers, Cisco 2950/3500/4500/6500 Switches, Cisco Wireless
Cloud Platforms
AWS (EC2, VPC, S3, IAM, Route 53, ELB, EBS), Microsoft Azure, AT&T Net Bond
Authentication &Directory Services
Active Directory, Kerberos, LDAP, OSI, DES, 3DES, AES, MD5
Education Details:
Bachelor of Information, Technology in George Mason University, VA 2013
Master of Computer science in University of Madison, WN,2015
Certification Details:
Certified AWS Advanced Networking
Certified Cisco Network Associate
Professional Experience:
Amgen, CA Dec 2024 - Present
Senior Network Security Engineer
Responsibilities:
Serving as a Senior Network Security Engineer, leading multiple enterprise-level network migration and infrastructure transformation projects across diverse environments.
Directed the migration of SIP services from Bell to Genesys, involving the redesign and implementation of BGP and OSPF routing protocols to support a high-availability network architecture.
Engineered a robust failover strategy for SIP routing, ensuring seamless continuity during provider cutover and improving network resiliency across dual links.
Led the migration of legacy mainframe database servers from the Dallas data center to newly established facilities in New Jersey and Columbus, supporting business continuity planning.
Successfully transitioned existing VPN tunnels to the new data centers, ensuring minimal disruption and maintaining secure interconnectivity during cutover.
Designed a comprehensive VPN migration strategy, replacing legacy IPsec tunnels with GRE over IPsec to enable dynamic routing and enhance redundancy across dual data centers.
Implemented advanced routing solutions using Cisco ASR1000, Nexus 5K, and IOS-XE-based 4331 routers, improving core routing performance and operational scalability.
Configured High Availability protocols including HSRP and implemented VLAN trunking on Catalyst and Nexus switches to support seamless Layer 2/3 failover.
Built and deployed Site-to-Site VPNs and GRE over IPSec tunnels using Cisco routers and ASA firewalls to interconnect distributed enterprise locations securely.
Upgraded Palo Alto firewalls and Panorama management appliances to the latest stable releases, resolving legacy compatibility issues and enhancing security posture.
Designed and deployed Cisco ASA firewall high availability (HA) configurations, providing redundancy and ensuring zero downtime during maintenance windows.
Acted as a technical escalation point for daily operational issues, providing Tier 3 support and resolution for routing, switching, and security-related incidents.
Collaborated closely with the operations team to troubleshoot network outages, optimize routing policies, and reduce mean time to resolution (MTTR).
Guided the planning and execution of Dynamic Multipoint VPN (DMVPN) migrations, supporting over 200 spoke sites transitioning to new hub locations.
Worked with cross-functional teams to evaluate and test new hub configurations, ensuring compatibility and stability across the DMVPN infrastructure.
Developed detailed project documentation including low-level designs (LLDs), migration runbooks, and rollback plans to support execution readiness.
Created comprehensive Visio network diagrams capturing logical and physical topologies, aiding in planning, troubleshooting, and stakeholder communication.
Conducted post-migration reviews and validation tests to ensure successful cutovers and compliance with change management policies, Plan, design, and implement future installations of network equipment and capacity planning
Optimized routing designs to align with enterprise network standards, reducing latency and improving overall application performance.
Implemented routing policy filters and route maps during BGP and OSPF migrations to control route propagation and enforce security policies.
Led troubleshooting sessions with vendors and internal teams to resolve complex firewall, routing, and VPN issues encountered during migration phases.
Performed pre- and post-checks for all configuration changes, ensuring consistent network behavior and minimizing service disruption,
Mentored junior engineers and provided hands-on training during migration projects to build internal knowledge and team self-sufficiency.
Validated configurations using packet captures and log analysis to verify protocol behavior and confirm tunnel stability post-implementation.
Ensured all documentation was aligned with audit and compliance requirements, supporting both internal IT governance and external regulatory reviews.
Environment: Cisco routers ISR 4000, ASR 1001 and switches Catalyst 9300/9500 – IOS XE 17.12, Nexus 9300 – NX-OS 10. Palo Alto PAN-OS 11.1., Cisco ASA v9.1, and FortiGate v7.4., and VPN technologies like DMVPN Phase 3, AnyConnectv4.10, and Global Protect 6. 3.. Hands-on with F5 BIG-IP TMOS v1
Providence Health, WA Oct 2023 - Apr 2024
Senior Network Engineer
Responsibilities:
Designed and documented both physical and logical network topologies for enterprise LAN/WAN projects, ensuring scalability, high availability, and security compliance.
Deployed and supported end-to-end enterprise network infrastructure at the corporate headquarters, including routing, switching, and firewall configurations.
Executed detailed design and implementation plans for complex routing, subnetting, switching, and network segmentation across large-scale data center and branch environments.
Administered and maintained Cisco switches, routers, and firewalls across enterprise core, distribution, and access layers, supporting dynamic routing protocols and VLAN segmentation.
Deployed and managed Check Point firewalls (both virtualized and SPLAT-based), ensuring secure perimeter defense and policy-based traffic inspection.
Performed software and hardware upgrades on network devices including Cisco ASA firewalls, Check Point appliances, routers, and switches to address vulnerabilities and enhance features.
Participated in firewall policy audits and cleanup initiatives to standardize rule sets, optimize performance, and ensure alignment with customer security policies.
Configured BGP sessions with upstream providers and implemented local preference attributes to influence outbound routing decisions for optimal traffic paths.
Integrated Cisco Systems with PSTN through voice gateway configurations, ensuring end-to-end QoS policies and accurate Call Detail Record (CDR) logging for accountability.
Collaborated with WAN engineering teams to transition legacy Frame Relay and ATM circuits to modern MPLS-based VPN infrastructures, enhancing bandwidth and service flexibility.
Designed and implemented site-to-site IPsec VPN tunnels with automatic backup failover, ensuring encrypted communication and high network availability.
Utilized Wireshark for in-depth analysis and resolution of complex network and application performance issues, contributing to root cause identification and performance tuning.
Installed and configured Cisco Secure ACS server to enable centralized AAA authentication services using RADIUS and TACACS+ for secure device access.
Configured Blue Coat proxy appliances to enforce web security, content filtering, and user access control policies in accordance with enterprise standards.
Demonstrated excellent project coordination by tracking task-level details, maintaining strict adherence to deadlines, and ensuring stakeholder follow-ups for timely project completion.
Created and maintained comprehensive documentation of physical and logical network topologies, device configurations, patch panel layouts, and cabling diagrams.
Engineered QoS policies to prioritize voice and critical data traffic across LAN and WAN segments, ensuring optimal performance of latency-sensitive applications.
Conducted root cause analysis and coordinated incident resolution with cross-functional teams during high-severity outages or network degradations.
Assisted in consolidating firewall rule bases to improve security posture and reduce complexity, eliminating redundant rules and implementing best practices.
Supported data center migrations by planning IP schema, configuring interconnects, and validating routing paths before and after cutover.
Monitored network performance using SNMP-based tools and flow analysis, proactively identifying congestion points and recommending corrective actions.
Worked with service providers to troubleshoot and resolve WAN circuit issues, including latency, jitter, and intermittent disconnections.
Configured static and dynamic NAT on Cisco ASA and Check Point firewalls to support internal services and remote access needs, participate in audit compliance efforts (e.g., PCI) and ensures that remediation is completed in a timely manner
Ensured all network changes followed change management policies, including risk assessment, peer review, and rollback planning.
Played a key role in DR testing and business continuity planning by validating network failover and backup communication paths across primary and secondary sites.
Environment: LAN/WAN using Cisco Catalyst 9500, Nexus 9300 NX-OS 9.3, and ISR 4000 routers. Managed security with Cisco ASA 5525-v9.16 and Check Point R81.10, IPsec VPN, NAT, NPM 2023.2, Wireshark v4.0, and Blue Coat ProxySG 6.7 Python 3.10 and Netmiko, AAA via Cisco Secure ACS 5.8 BGP/OSPF
OCHIN, OR Nov 2021-Sep2023
Network Security Engineer
Responsibilities:
Monitored security events, analyzed results, and escalated issues to appropriate teams for remediation, leveraging Splunk for event tracking and reporting.
Conducted in-depth analysis of application bandwidth traffic using Splunk, providing insights for network optimization and security compliance.
Updated circuit documentation, including SPF, DKIM, DMARC records, and ensured decommissioned Cisco 2800 series routers were properly wiped and flash memory cleared.
Coordinated with network and security teams globally to resolve network-related security incidents and performance issues.
Designed, deployed, and administered Check Point Unified Threat Management (UTM) and Endpoint Protection systems, ensuring network security.
Managed the deployment, upgrades, and administration of Check Point Firewalls, ensuring optimal security posture across enterprise networks.
Deployed Cisco Identity Services Engine (ISE) 2.0, configuring profiling policies to enhance network access control and security.
Investigated and mitigated email phishing attacks using FortiSandbox, performing malware analysis to identify and neutralize threats.
Wrote Windows, UNIX, and Python scripts to automate network administration tasks, improving efficiency and reducing human error.
Developed and published vulnerability scans using SCAP tools, prioritizing remediation based on risk and exposure.
Effectively communicated technical information to both technical and non-technical stakeholders through written and verbal reports.
Managed multi-vendor firewall environments, including Check Point, Fortinet, and Cisco, configuring net flow, firewall rules, and troubleshooting security incidents.
Maintained and configured non-Microsoft mail gateways, ensuring spam filtering, malware checks, and proper DNS, DKIM, DMARC, and SPF configurations.
Configured and troubleshooted FortiGate firewalls (40/60/80/100 series, 5101C cloud series), and FortiAnalyzer (4000 series) for security logging and reporting.
Administered FortiManager (3000/4000 series) for centralized firewall policy management, ensuring security compliance and operational efficiency.
Ensured security policies on Fortinet firewalls and managers were consistently updated and enforced, maintaining optimal protection across network layers.
Led the planning and execution of complex network security projects, including migrations and upgrades, ensuring timely completion and minimal disruptions.
Demonstrated advanced knowledge of Cisco routing hardware, software, and protocols to design and troubleshoot secure network environments.
Managed and troubleshooted Check Point Security Gateway appliances (Power-1 series), ensuring seamless deployment and performance.
Oversaw the operation of Check Point Security Management appliances (Smart-1 series), optimizing centralized security management and policy enforcement.
Expert in TCP/IP networking, troubleshooting protocols, and conducting protocol analysis to resolve network performance issues.
Applied network security fundamentals to design and implement robust security architectures, ensuring compliance with industry standards.
Developed and maintained security policies across multiple firewall platforms, ensuring consistent threat protection and regulatory adherence.
Conducted network security audits and penetration tests, identifying vulnerabilities and recommending corrective actions for network hardening.
Stayed current with emerging security threats and trends, proactively implementing measures to protect network infrastructure from evolving risks.
Environment: Splunk 8.2.3, Cisco ISE 2.7, FortiGate 7.0.5, and Check Point R81.10 6.4.4, Cisco ASA 9.16.3, and Forti Analyzer 7.0.4 for threat detection, in Python 3.9 for automation, Wireshark 3.6.2 for packet analysis, and SCAP 1.2 SPF, DKIM, DMARC for email security and Cisco Umbrella 2023.1.
Switch, NV Jan2018-Oct2021
Technical Support Engineer
Responsibilities:
Provided Tier 3 escalation support for McAfee Intrushield network security appliances, resolving complex technical issues impacting enterprise customers.
Utilized Unix-based tools to perform advanced diagnostics and troubleshooting across multi-vendor network environments.
Recreated customer-reported network issues in a lab setting using Intrushield devices with routers, switches, servers, and client systems.
Conducted deep packet inspection and traffic analysis using Wireshark (formerly Ethereal) and hardware sniffers to identify anomalies and malicious behavior.
Diagnosed and resolved protocol-related issues including HTTP, SNMP, TCP, UDP, and others within the TCP/IP stack.
Collaborated across cross-functional teams to investigate and resolve complex networking issues requiring multi-disciplinary expertise.
Created reproducible test cases in controlled environments to isolate and verify software and hardware bugs in McAfee Intrushield products.
Documented technical findings and filed formal bug reports with the development team, ensuring timely remediation of issues.
Authored and maintained technical knowledge base articles to assist internal support staff and external clients with recurring issues.
Interpreted and analyzed network behavior from live packet captures to support threat detection and mitigation strategies.
Provided expert-level technical support in restoring network services impacted by Intrushield device behavior or misconfigurations.
Engaged in post-mortem analysis to determine root cause and provide guidance on preventing future incidents.
Delivered regular updates to customer contacts and stakeholders to manage expectations and maintain high satisfaction levels.
Ensured all troubleshooting steps and outcomes were accurately captured in the CRM system for case traceability.
Participated in special engineering projects related to protocol optimization, performance benchmarking, and new feature evaluations.
Reviewed and updated internal documentation and troubleshooting guides based on case resolution experiences.
Analyzed trends in incoming support cases to provide feedback to product teams for improving firmware stability and usability.
Developed in-depth technical reports for internal and external stakeholders, outlining test results and recommended resolutions.
Maintained compliance with security best practices during testing and simulations in the network lab environment.
Conducted training and mentoring for junior support engineers on Intrushield products, Unix tools, and advanced networking protocols.
Coordinated with QA and Engineering to validate fixes before deployment to production environments.
Provided guidance on network architecture improvements based on findings from escalated cases and lab reproductions.
Acted as the escalation point for unresolved support tickets requiring deep protocol analysis and advanced troubleshooting skills.
Participated in customer calls and technical briefings to explain root causes and preventive measures for major incidents.
Ensured adherence to SLA requirements by efficiently closing cases and providing thorough case-level documentation.
Environment: McAfee Intrushield v4.5–v5.1, Wireshark v2.6–v3.4, Unix Solaris 10, RHEL 7., Cisco Routers/Switches 2900/3900, 3750/3850.BMC 2020, JIRA v7., Bugzilla v5., Git v2.20+, Confluence, MS Word 2016–2019.TCP/IP stack protocols IPv4/IPv6, TCP, UDP, SNMP v2/3, HTTP 1.1, iPerf v2.0.5, 12., Riverbed 11..Scripting with Bash v4., Python 3.6; network with GNS3 v2.2, NIST/CIS.
Nordstrom, WA Jun2017-Dec2018
Network Administrator/ Engineer
Responsibilities:
Designed and configured Cisco 819 series 4G routers for over 1000 branches and ATMs, ensuring seamless connectivity across multiple locations.
Deployed and activated 4G routers for branch networks in multiple states, enhancing network performance and availability.
Configured WAN infrastructure, including MPLS connectivity (50 MB), to upgrade back-office operations for improved efficiency.
Deployed and administered Next-Generation Firewalls, including ASA-X, SonicWALL, Palo Alto, and Fortinet, ensuring secure network environments.
Configured and troubleshooted remote access and site-to-site VPN connections using Check Point and Palo Alto firewalls.
Utilized SIEM tools like SolarWinds and Symantec Endpoint Security for malware detection, threat analysis, and overall security monitoring.
Managed T1, T3, and fiber site-to-site connectivity, ensuring robust communication between various network segments.
Implemented and maintained DKIM, DMARC, and all LEC installation and management functions for email security and domain protection.
Gained experience configuring and maintaining Fortinet FortiGate physical firewalls, ensuring high levels of network security.
Administered F5 Load Balancers, IDS/IPS, and Bluecoat Proxy servers to manage network traffic and improve application performance.
Configured and managed virtual firewalls, including Check Point VSX, IDS, and IPS, utilizing encryption techniques for enhanced security.
Managed global and local traffic using F5 BIG-IP LTM and GTM Load Balancers for optimized network performance and reliability.
Automated network and security processes in Azure Cloud using Azure Automation, PowerShell, Chef, and Puppet for streamlined operations.
Resolved networking and firewall issues, with a focus on Fortinet devices, to ensure continuous network uptime and security.
Assisted in migrating from Cisco to Fortinet Security platforms, ensuring smooth transitions and minimal disruptions to network services.
Configured and managed Intrusion Prevention Systems (IPS), including Cisco IPS, Fortinet, and Check Point UTM to protect network assets.
Developed architecture plans for Azure Cloud environments, hosting IaaS VMs and PaaS role instances for refactored applications.
Configured and managed F5 Load Balancer and Citrix NetScaler for network monitoring, load balancing, and internal client interfaces.
Configured Cisco ASA firewalls, ensuring robust security and seamless connectivity for corporate networks.
Provisioned firewall policies on Fortinet FortiGate appliances using FortiManager, ensuring security consistency across the network.
Implemented DKIM and DMARC for O365 tenant inbound and outbound email security, ensuring secure communication.
Installed and configured Chef Server, Workstation, and nodes for automated deployment to AWS environments.
Utilized AWS Route53 to route traffic between multiple regions, ensuring optimal performance and reliability.
Supported Infoblox appliances for DNS, DHCP, and IP Address Management (IPv4) for the State Farm enterprise network.
Performed network security, administration, and problem resolution for networks across multiple platforms, including Windows, UNIX, Cisco, and Check Point firewalls.
Environment: Cisco 819 4G routers, Next-Gen Firewalls ASA, Palo Alto, Fortinet, F5 Load Balancers, and FortiGate firewalls, Utilized SIEM tools SolarWinds, Symantec, configured VPNs, IPS, and DKIM/DMARC Azure Automation, Chef, and AWS Route53, DNS, DHCP.
Gap Inc.CA Sep 2015- May 2017
Network Administrator
Responsibilities:
Monitored, analyzed, and troubleshooted hardware, software, and network-related issues, providing technical expertise for performance and configuration optimization across global networks and systems.
Performed software and hardware installation, configuration, and support for desktop systems, ensuring seamless operations across the organization.
Replaced outdated Cisco switches and routers in data centers and deployed new Cisco network hardware to enhance system performance and reliability.
Responsible for implementing Layer 2 security by configuring dedicated VLAN IDs for trunk ports, setting user ports to non-trunking, and deploying port security where feasible.
Implemented, monitored, and troubleshooted network security features, including Juniper firewall filters, Cisco access lists, TACACS+, and other security measures to safeguard network infrastructure.
Participated in the firewall rule cleaning process, optimizing and streamlining firewall configurations to improve network security.
Utilized a variety of scanning and sniffing tools, including packet sniffers, to analyze network traffic and detect potential security threats.
Conducted data backup and disaster recovery operations to ensure business continuity and minimize downtime in case of network failures.
Continuously monitored, evaluated, and reported on the health and performance of both WAN and LAN networks, identifying and resolving issues proactively.
Provided expertise in network performance optimization by analyzing network components and addressing inefficiencies or bottlenecks in both local and wide-area networks.
Worked closely with cross-functional teams to ensure proper integration of new hardware and software into existing network infrastructure, facilitating smooth transitions.
Configured and maintained network access controls, including the use of TACACS+ for secure authentication and authorization across network devices.
Leveraged network monitoring tools to ensure optimal performance and availability, minimizing downtime and maximizing efficiency.
Coordinated and executed network troubleshooting and problem resolution for both hardware and software-related issues, ensuring minimal disruption to network services.
Supported network upgrades and migrations, ensuring seamless integration of new systems and hardware components into existing network environments.
Analyzed network traffic patterns and usage to identify areas for improvement, applying necessary configurations and optimizations to enhance network efficiency.
Collaborated with other IT teams to ensure the seamless operation of network security policies and the integration of best practices across the enterprise.
Managed and documented network configurations, backup procedures, and disaster recovery plans, ensuring quick restoration in case of system failures.
Supported the implementation and management of network security protocols, including the setup of virtual LANs (VLANs) and secure access configurations.
Participated in root cause analysis for network incidents, providing timely resolutions and recommendations for preventing similar issues in the future.
Assisted in the development and enforcement of network security policies, ensuring compliance with industry standards and organizational requirements.
Conducted routine maintenance checks and audits on network equipment, ensuring hardware and software are up to date and functioning optimally.
Provided training and guidance to junior network engineers and support staff, fostering a culture of collaboration and continuous improvement.
Worked with external vendors to ensure timely resolution of hardware and software issues, ensuring optimal functionality of network components.
Evaluated and implemented new networking technologies and solutions to enhance network performance, security, and scalability.
Environment: Linux Ubuntu, CentOS– Cisco Packet Tracer 7.0, Wireshark 2. Nmap 7.40 – Python 2.7/3.5, SRX Series, Cisco ASA 5500-X, TACACS+ 9.0, Fortinet FortiGate 5.4 – VMware vSphere 6.5, Hyper-V 2016 AWS EC2, Route 53 2017, Backup 9.5 – Git 2.8, GitHub –Docker 1.12, Jenkins 2.7.
Contact this candidate