Compétences Fortes en réseaux et sécurité Datacenter avec 15 ans de travail dans les grands comptes (Cisco, Société Générale, Axa, BNP, Fortis, etc.). Aussi à l'aise dans la production et le MCO que le Design et les projets. J'aime les missions longues et je suis disponible avec 3 semaines de préavis.
PS: j'ai une préférence pour les missions qui offrent un minimum de télétravail.
Expériences professionnelles
Cisco Network Engineer and F5 loadbalancer
AXA insurance France
mai 2022 - aujourd'hui
Context:
Assist in the migration of the Core network to the ACI infrastruction
Tasks:
- Configure the ACI infrastructure to integrate the migration of the Firewalls from Checkpoint to Palo
Alto with Ansible, Python and terraform
- Coordinate the task on the updates of the F5 Load-balancer to improve resilience and mitigate issues
with the ACI Fabric.
- Troubleshoot and resolve complex Network related (or not) incidents.
High touch expert:
Cisco Systems France
février 2018 - 2021
Worked as a Datacenter and MAN expert for multiple customers:
- Societe General Bank, Orange Business Service, European Commission :
Context:
Following a series of major switching incidents (layer 2 storms broadcast, MAC flooding, and spanning-tree
loops) on their aging Datacenter Network, the Societe General Bank decided to make a full refresh of the
infrastructure to get rid of the Layer two risks. They dedicated to Cisco the Job of designing, validating and
assisting on the implementation of the different infrastructures that would replace the Classical switching
network based on catalyst equipment and spanning-tree technology.
My tasks were four folds:
1- Design and document the implementation of vPC, OTV, VXLAN and SDWAN infrastructures (HLD, LLD);
OTV was used to extend the Layer 2 network addressing across DataCenter while isolating they Broadcast
domain therefore protecting broadcast storm from crossing across DataCenters. It was also used to allow a
gradual the Migration from one DC to another with little to no impact on the IP addressing.
2- Assist the SG engineers on the migration from the old infra to the new one;
As an on site enginie
3- Evaluate and guarantee the impacts of the changes linked to our deployment or any other technical change on
which the customer requests and guarantee from Cisco and assist them during the changer if needed;
4- Follow and assist the resolution of all P1 (Major and impacting incident on the customer production
environment) and produce a post-mortem when requested.
Network Datacenter Engineer
Vinci Construction France
avril 2017 - décembre 2017
WIFI deployment with ISE Project
- Migrating a NPS based WIFI Architecture to an ISE Based architecture
- Moving from on Domain authentication to two Domain within the same platform
- Integrating multiple WIFI environment (IOT, Domain, and Guest Users)
- Integration an external Guest authentication platform for internet access through a VPN (CLOUDI-FI)
- VLAN Segmentation for WIFI users separate WIFI et Cabled VLANs and avoid VLANs saturation
- Securing the network by Separating the GUEST infrastructure from the Users Infrastructure
- Producing architecture and Run documents and procedures.
HP Data-storage Migration project
- The storage Infrastructure was Migrated from an HP 3PAR 7400 to 8450
- Configured and interconnected the New MDS switched with the all ones to migrated the configurations
- Cabling and configuration of the new Storage Bays on both Datacenter
- Configuring the Aliases and zoning of servers on the new MDS to allow the Disk migrations
- Configuring the UCS to migrated boot WWPN to point on the new 3PAR Storage
- Producing configuration documents and procedures for Zoning.
Network and Security Support to Run Team
- UCS Provisioning and configuration
- ASA configuration for VPN interconnection
- Cisco 2960 and 3750 Lan Infrastructure support to N2 team
- Cisco 7000 and 2000 Lan Infrastructure support to N2 team (ports, VLANs and routing configuration)
- Fortinet FW support to N2 team (New rules, DMZ, VPNs)
CAPGEMINI Network and security team Leader at Credit Agricole Bank (over 10 000 users)
mars 2015 - février 2017
Leading a team of 22 Network and security engineers on customer site:
******** +33182880067/+33650408464
- The onshore team Handled all the firewall major Incidents and complex changes
- The team also Handle all impacting request on switching and routing platforms
- We also processed all new partners and affiliates connection trough VPN tunnels or Dedicated links
- We handle all the transaction with the telco service providers (New links, migrations and
decommission.)
- We took care of the MCO of the Hardware platforms (F5, Cisco, Juniper, Fortinet, Checkpoint)
- We maintain the versioning and watch for security alerts and installed patches accordingly
- We mostly Troubleshot and resolved all types of incidents with routing, proxy, and Load-balancing.
- We shared part of the workload with an offshore team of over 20 IT engineers located in India who took
care of all standard day to day request and low impact incident troubleshooting through a tick
- Producing report for all impacting incident with root cause, mitigation action, and propose long term
solutions
Load Balancers project
CAPGEMINI Network Project Manager on the GEFCO project (10000 users)
août 2013 - février 2014
Driving the Migration of the BIGIP/F5 LTM 2000 load balancers Appliances in high availability configuration
over two Datacenters from previous maintainer into CAPGEMINI infrastructure
- Basic configuration of F5 appliances (naming, license activation, management IP setup)
- Migrating pool and objet configuration from obsolete appliances to the new platform
- Advance BIGIP configurations with Irules and custom health monitor
- VDOM creations and maintenance on the DMZ load balancers
- Create and propagate VLANs for the Internet DMZ in the core switches.
Other Projects:
- Designed and deployed the Load Balancer service for the new MS Exchange Messaging architecture.
- Driving the migration of the TREND and SQUID Proxy platforms To a cluster of IRONPORT S670
with an M670 Management appliance.
- Designed and deployed the Load Balancer service for the MS Lync infrastructure (7 servers in 3 DMZ).
Writing the technical architecture document for the Load balancers and Proxies
Training of level 1 & 2 support team for load balancing and Proxies
BNP CIB BANK Network Architect (2500 users)
mars 2013 - août 2013
In charge of redesigning and segmenting the management network of the BNP CIB 6 Datacenters.
Writing the Technical Architecture document (access switches were 3750 while the Backbone switches were old
catalyst 6500)
- Setup and configuration of the equipments
- Setup up of the monitoring and daily backups
- Production of the new Network Diagrams
Assist the supplier Netscout in the Validation phase of a network sensors architecture specifically designed for
the financial market network traffic.
Providing 3rd level support for the network infrastructure (Nexus 3000 and Catalyst 6500 in VSS SSO mode)
MTN (south african telecom company) Network Engineer (2000 users)
février 2012 - décembre 2012
Level 2 and 3 support for Network switching and routing
Setup and configuration of the network backbone in two datacenters (Double Catalyst 6500) in two data center
in central Africa (Douala, Cameroon and Togo)
Training the local administrators to manage the new infrastructure
Setup and configuration of two WLAN 2100 appliances with 48 access points
Level 2 et 3 network support.
Network Architect
RSI (Insurance)
novembre 2010 - décembre 2011
Level 3 support for Network switching and routing
Completed a project to activate Dynamic routing (OSPF) Between the group Datacenters Fiber links and the
ISP SDSL Access.
In the scope of the videoconference project, I was in charge of network bandwidth needs and provisioning, QOS
configuration, and writing the procedures for the activation of the service.
I produced the procedure for the migration of the Datacenter core routers. We migrated from two stacks of
Catalyst 3750 to a cluster of Catalysts 6509 in Very high availability (NSF SSO).
Network & Security Engineer (6000 Users)
ALD international (Branch of SG BANK)
octobre 2008 - octobre 2010
Deployed and managed Juniper compression Boxes in 22 of the 40 Branches
Day to day management of the CheckPoint and Juniper Firewalls
Management of the Network Infrastructure deployed over two Datacenter and the Head office. 80 switches and
9 routers (WAN, DMZ, MAN et LAN)
Interaction with our 3 ISPs (Infonet, Orange, and Verizon) for the deployment, and the management of our
MPLS, VPN, et Internet infrastructures.
Build of Homemade VPN for emergency situation when ISP’s could not provide
Network Architect and advisor on project concerning the network merge of with 4 other small branches of the
Societe General Group.
Business Services
Orange Network Production Engineer (on the Network of GDF)
avril 2008 - septembre 2008
CE (Customer Edge) Router configuration
Backbone Router configuration updates
Implementation of Routing protocols Scheme (MPLS, OSPF, RIP , BGP)
Tagging of packets IP for QOS and TOIP
ADSL, SDLS and LAN Manager Deployment.
IPSEC and GRE Tunnels Setups
Nortels Baystack and Cisco switches Configuration
Cisco, Bintec, Wan Access routers Configuration.
TECHNICAL SKILLS (condensed)
System Windows, Linux, Cloud, automation (Python, Ansible, Terraform)
Network Cisco routers, switches, Wifi
Security Firewalls: Juniper, Checkpoint, Fortinet ASA:
IPSec, OpenVPN, SSLVPN
(old experience)
English
/french Fluent spoken and written
PROFESSIONNAL SKILLS
ï¶ Added values
ï¼ Projet mode :
o Identify the needs (Network, security, VoIP)
o Designing and implementing complex Datacenter architecture
o Producing service delivery specifications
o Managing timelines, resources, and anticipating delays
o Testing the design and implementation before Final delivery
ï¼ Production Mode :
o Strong troubleshooting skills
o Incident management (evaluation & escalation)
o Strong Communication skills to management / Customer
o Interfacing and coordinating the involved resources
o Excellent and Reporting Skills
******** +33182880067/+33650408464
SKILLS (detailed)
Cisco routing :
Expertise on 1600, 1800, 2500, 4500, 6500, 7200 and ASR family routers
Routers provisioning, setup and install
Good Expertise on the following routing protocols: RIP, EIGRP, OSPF, BGP, MPLS
Route redistribution and route-maps
Multicast protocol deployment, day to day management and troubleshooting
Routers security (authentication servers, access levels)
Cisco switching :
Expertise on Catalyst, Nexus, ASR and ISR. (LAN, DC, MAN, WAN)
Network Segmentation: VPC, VXLAN, FabricPath, Vlan, ACI.
Spanning Tree: setup, security and optimization (i.e., RSTP, PVST, MSTP)
High availability (i.e., HSRP, VRRP, and GLBP)
Security: Access-lists, access-group, private VLAN,
Other technology: trained on ACI, SDWAN, Scripting
Juniper Firewalls : (four years ago)
Day to Day management of the SSG140 (Rule processing, NAT, logs Analysis, Backups)
Versions Upgrades and patches installations.
Checkpoint Firewalls: (six years ago)
Install and deployment of « smartcenter server » and « enforcement modules »
Creating and sequencing security rules (entities, network, protocols and groups)
Supervise and analyze network traffic and connections
setup and management of the smartdefense module.
Configuration of NAT
Configuration of anti-spoofing
User management (locale database, LDAP, Radius, RSID etc.)
Backup, upgrades and maintenance of checkpoint modules
Setup of Backup and restore processes
