| Contact Information | |
| Name: | CJ Ondeck |
| Email: | cj.jobsearch (at) sbcglobal (dot) net [email concealed] |
| Location: | Bridgeport, Connecticut, United States |
| Resume | |
| Position/Title: | Sr. Security Engineer |
| Resume: |
PROFILE A senior network security engineer whose proven abilities are used to analyze problems, diagnose causes, and develop solutions that will increase security and productivity in a technically advancing environment. -- 12+ years of network engineering experience with the last 8+ years in network security engineering. -- Formulated, recommended, wrote, and provided the corporate network security policies and "best practice" procedures used by the corporate and country data centers in 200+ international countries and territories. -- Completed SANS Track 2: Firewalls, Perimeter Protection and VPNs course work and preparing to complete SANS GIAC GCFW certification. -- Knowledgeable in network security design “best practices” through hands-on implementation and SANS training. -- Ensured network security corporate policies and “best practices” standards were followed during design, installation, and configuration of firewall DMZ, Intranet, Extranet, and Internet connections. -- Experienced in the network design, installation, configuration, troubleshooting, and maintenance of CheckPoint Firewall-1 2000 (v41SPx), NG (R5x), and NGX (R6x) firewalls and their corresponding policy definitions operating on the Nokia IP series Network Appliance Platform (NAP) and within the CheckPoint SecurePlatform operating system (OS) in small to international network environments. -- Installation, configuration, and maintenance of F5 BIG-IP Local Traffic Manager (LTM) load balancers in a high availability environment. -- Experienced in network design, configuration, installation, and operation of Cisco Routers and Cisco Catalyst Switches in multiple large corporate environments. -- Successfully achieved CheckPoint Certified Security Expert (CCSE) and Cisco Certified Network Associate (CCNA) status. -- Demonstrated technical aptitude and highly motivated to understand new technologies. PROFESSIONAL EXPERIENCE Commerce Technologies – Albany, NY Network Security Engineer Mar. 2006 – Oct. 2007 -- Design, configuration, installation, & maintenance of CheckPoint NGX FW-1, VPN-1, and SecurePlatform (SPLAT) solutions in a high availability (HA) network environment. -- Design, configuration, installation & maintenance of 50+ CheckPoint NGX SecureClient users with varied reserved DHCP IP addresses and rules policies using RSA SecureID and Secure Domain Login for two factor authentication. -- Installation, configuration, and maintenance of F5 BIG-IP Local Traffic Manager (LTM) load balancers in a high availability environment. -- Detailed troubleshooting of EDI file transfers via ftp, SOAP, and http using programs such as Wireshark (Ethereal) and tcpdump. -- Ensured network current corporate security policies and new “defense in depth”, “defense by diversity”, and “best practices” standards were followed during design, installation, and configuration of new firewall cluster and network redesign project planning. -- Initiated new equipment procurement cost savings by testing and incorporating new network infrastructure equipment from Foundry Networks into network redesign. -- Testing, selection, and design of demo IPS/IDS systems with final selection and purchase of NitroSecurity IPS/IDS system. -- Worked with vendors to ensure the company was receiving the most cost effective solutions and support on network and network security equipment. -- Maintenance and upgrades of F5 BigIP Content Switches. -- Completed project to configure Internet routers into HSRP high availability and use BGP for Internet routing. -- Provided 7x24 support for all Network infrastructure equipment and to EDI production teams. Consulting Assignments Network Security Engineer Consultant Aug. 2003 – Mar. 2006 -- Varied length network security engineering assignments using the qualifications and experience listed. -- Boston Scientific – Framingham MA – (Outsourced to EDS) – Design, configuration, installation, & maintenance of CheckPoint NGX FW-1 and VPN-1 solutions in a large corporate environment. Included input into the design of CheckPoint Provider-1 management server. -- Simplex Grinnell (div. of Tyco Safety Products) – Westminster, MA – Installation and configuration of agents and policies for Symantec Enterprise Security Manager (ESM) and Symantec Enterprise Security Architecture (SESA). Design of policies paid particular attention to Sarbanes – Oxley (SOX) regulation and compliance. Work included scheduling of policy runs, report delivery, and agent troubleshooting. -- Bank of America – Kingston, NY – Design and installation of a new secure Internet accessible network using Cisco 3745 routers, Cisco 11501 CSSs, and Nokia IP530 w/ Checkpoint NG (R5x) AI firewalls. Design followed “defense in depth”, “defense by diversity”, and “best practice” security principles. -- Hall Kinion Consulting & TCA Consulting – Various Locations – Varied assignments involving design, installation, configuration, and troubleshooting Nokia IPxxx and CheckPoint NG (R5x) installations. Work included checking and validating the anti-spoofing, Application Intelligence (AI), and VPN features for the CheckPoint firewalls as well as the security settings on the Nokia IPxxx’s. -- DHL – Darien, CT – Network consolidation work after data center closure and layoff. Prep remaining equipment for shipment to Phoenix, AZ. -- Other Confidential Assignments – Various Locations – Used many of the qualifications and experiences related above and below. Due to the nature of the confidentiality agreements, complete details cannot be given. DHL (Formerly AIR EXPRESS INTERNATIONAL & DANZAS AEI) – Darien, CT Network Security Engineer Aug. 2000 – Aug 2003 -- Formulated, recommended, wrote, and provided the corporate network security policies and "best practice" procedures used by the corporate and country data centers in 200+ international countries and territories. -- Ensured network security corporate policies, “defense in depth”, “defense by diversity”, and “best practices” standards were followed during design, installation, and configuration of firewall DMZ, Intranet, Extranet, and Internet connections. -- Managed the network design, installation, and configuration of 60+ CheckPoint Firewall-1 2000 (v41SPx) and CheckPoint Firewall-1 NG (R5x) firewalls and their corresponding policy definitions operating on the Nokia IPxxx series Network Appliance Platform (NAP) in corporate and country data centers. -- Configured and maintained CheckPoint Firewall-1VPN connections to external company and customer sites to allow EDI traffic while adhering to strict Service Level Agreements (SLAs). -- As one of three lead contacts in our group for firewall troubleshooting and maintenance issues, responsible for resolving the issues from company and/or vendor documented resolutions. -- Supplied data on irresolvable firewall issues to the vendor Technical Assistance Centers (TAC) and, with assistance from the vendor technicians, advanced towards full resolution of the issues and documentation of the process(es). -- Configured and maintained hardened RedHat Linux and Sun OS servers used for CheckPoint Provider-1 Management Station (SmartCenter) and Log servers -- Updated corporate policy and procedure documents pertaining to firewall procedures for procurement, design, installation, configuration, and “best practices” standards. -- Configuration changes of CheckPoint MetaIP including zone adds and reconfiguration. -- Assisted group members with design and implementation of pilot program IDS systems. -- Mentored less experienced members of network security engineering group in new firewall troubleshooting and security design procedures. -- Provided technical assistance and documentation to members of international IT departments on network security corporate policies and “best practices” standards. -- Assisting IT representatives in different international IT departments, responsible for the troubleshooting, diagnosis, and resolution of any issues between remote location firewalls and network design. -- Provided lead 7x24 fourth level network design and problem resolution support to our group as well as the other networking and systems groups throughout the international IT organization. -- Monitored regularly posted e-mail lists for new and potentially dangerous security vulnerabilities to the corporate data environment and sending e-mail notifications to the appropriate department heads. -- Installation and maintenance of Cisco 25xx/35xx/60xx routers and Catalyst 29xx/35xx/65xx switches. -- Collated data of initial and recurring costs from our selected vendors to be used in the yearly budgetary process. -- Placed original orders and managed renewal contracts for CheckPoint FW-1 and Nokia software / hardware licensing and maintenance contracts. WILLIAMS COMMUNICATIONS GROUP – Wethersfield, CT Sr. Network Analyst Feb. 1998 – June 2000 -- Provided 7x24 technical support of LAN/WAN operations for a 125+ site Frame Relay WAN and their associated site 10/100/Gigabit Ethernet LANs. Equipment included DSU/CSUs, Cisco 25xx/35xx/55xx/60xx routers and Catalyst 29xx/35xx/40xx/65xx switches. -- Troubleshooting, diagnosis, and resolution of LAN/WAN issues, including, although not limited to, T-1 provider problems, EIGRP routing issues, dial-up access (RAS) concerns, and LAN switch configuration flaws. -- Engineering and designing of remote site networks in current and relocating offices, overseeing process from initial design and budgeting straight through to installation. -- Installed and managed CheckPoint FW-1 (v4.0) Internet firewall. -- Managed CiscoWorks software on HP OpenView Network Management station. -- Collated data of initial and recurring costs from our selected vendors to be used in the yearly budgetary process. -- Duties included updating Cisco IOS versions on remote site routers and switches, checking new and current router and switch configurations for potential problems, and downloading and testing of new software images from the vendor support sites. CHASE MANHATTAN BANK – New York City, NY Consulting Network Engineer Apr. 1997 - Oct. 1997 -- Position through TAC Nationwide Staffing, Newton, MA, working for Bay Networks, Northeast Services Division, NYC. -- Upgrading Bay Networks equipment on several different sites with new EEPROMS and software images. -- Building of network maps with Bay Networks Optivity in SunNet Manger environment using network auto-discovery application. -- Updating Cisco Router access lists (ACLs) to allow SNMP management and IP network discovery. -- Troubleshooting configuration and image file update problems using Distributed Sniffer and Sun UNIX software applications PFIZER, INC. - Groton, Connecticut LAN Hardware Installation Specialist Feb. 1996 - Dec. 1996 -- Position through EDP Contract Services, Farmington, CT. -- Configuration and installation of Cisco Catalyst 1200 and 5000 series switches with Bay Networks 5000D Network Management Modules and Hubs in a 3000+ node multiple ring FDDI/Ethernet environment. -- Project work included Fiber Optic cable patching from Digital Gigaswitch to Cisco 7000 series routers, continuing on from there, to the switches and hubs. -- Troubleshooting of problem equipment and network irregularities -- Duties also included inspection of newly constructed MDF/IDF equipment closets verifying that written specifications were met and providing full documentation of work completed. Hardware / Software Installation Specialist Dec. 1995 - Feb. 1996 -- Position through EDP Contract Services, Farmington, CT. -- Installation of Macintosh & PC systems within a laboratory environment. -- Responsibilities included data transfers, software installations, and Macintosh and/or PC configuration. -- Reporting of system problems to appropriate support personnel for warranty repair or correction of system deficiencies. -- Configuration included TCP/IP Network addressing, ccMail, Netscape, MeetingMaker, and VersaTerm Pro. EDUCATION RECENT TRAINING – Various Locations 2003 – SANS Track 2 - Firewalls, Perimeter Protection and VPNs (currently working on GIAC GCFW certification) 2001-2002 – CheckPoint v41SPx Plus and CheckPoint NG (R5x) Plus – Nokia. 1999-2000 – Cisco ICRC(ICND), ACRC(BSCN), IMRC, CLSC(BCMSN), BCRAN SOUTHERN CONNECTICUT STATE UNIVERSITY – New Haven, CT Studies include ANSI “C”, 4GL/SAS, Pascal (Turbo), and Organization Information & Retrieval (DBMS's). TECHNICAL KNOWLEDGE CheckPoint Connectra NG/NGX CheckPoint FireWall-1 NG/NGX CheckPoint FireWall-1 NG/NGX Log Server CheckPoint Firewall-1 VPN CheckPoint MetaIP CheckPoint Provider-1 NG/NGX CheckPoint Secure Platform NG/NGX (SPLAT) CheckPoint SecuRemote/SecureClient NG/NGX Cisco Routers/Switches/IOS Cisco Content Service Switch Cisco CiscoWorks DSU/DSU EIGRP/IGRP Ethereal F5 BIG-IP LTM Fast Ethernet Foundry Fluke Enterprise LANMeter Gigabit Ethernet HP OpenView Metasploit Microsoft Visio Microsoft Office 2000 Microsoft Windows 2000 NAI Distributed Sniffer NAI Sniffer Pro NAT Nessus NetViz NitroSecurity IPS/IDS systems Nmap Nokia IPxxx(120/3xx/440/530/650) Nokia IPSO v34-v40 Nortel Networks Switches Nortel Networks Optivity OSPF RSA SecureID Mgmt SW RSA SecureID HW/SW Tokens RIP v2 RedHat Linux Snort Sun Solaris Symantec SESA Symantec ESM TCP/IP TCPDUMP VRRP Wireshark |