Ernesto Flores

• Utilize SAML, OIDC, and SCIM to modernize identity management between all major cloud providers, SaaS applications, and On-Premises.
• Manage Azure Active Directory (Entra ID) and Conditional Access
• Advise Product and Engineering teams on the usage of modern authentication within the Alteryx product stack
• Manage private PKI platform for certificate management (AppViewX)
• Develop and maintain automation for systems integration in a variety of languages
• Work within the Agile framework and assist with Product Owner, Solutions Owner, and Project Manager roles
• Responsible for Performance Management of Associates
• Represent Systems group in a variety of audits including SOX and SOC2
• Advanced usage of PowerShell, GraphAPI, Alteryx Designer, and various OAuth 2.0 APIs
• Created custom integrations between disparate systems
• Lead implementation of Private PKI solution (AppViewX)
• Migrated SSO configurations for 200+ applications
• Implemented InTune Autopilot to add drop-shipping capabilities for Windows workstations
• Modernized IT code deployment with GitLab
• Implement process and quality improvements through task automation. Leverage infrastructure as code, security automation, and automation or routine maintenance tasks for clients.
• Perform data migration from on-premises environments into Azure
• Migrations include On-Premise Data Centers to Azure Cloud, Intune AADJ/AADHJ and MECM (SCCM).
• Strong experience with Windows10 and Intune Experience
• Assessment of existing mobile management solution/ SCCM/ application & OS deployment solution with MECM.
• Implement Intune migrations including Autoilot.
• Operating System Deployment (OSD) MECM MDT Task Sequences. Developed proactive patching/updating schedule as needed.

· Provide Tier 2 or 3 support of all things Microsoft 365 or Azure.

· Provide technical expertise on Microsoft 365 services including Exchange Online, SharePoint Online, Teams, Active Directory, Multi-factor Authentication, and Seamless Single Sign On.

· Serve as subject matter expert (SME) resource on Office 365 environment.

· Manage sharing settings across organization (e.g., SharePoint, Teams, Yammer, etc.) as well as add/remove site admins as required.

· Practical knowledge of Active Directory Federation Services (AD FS), Windows Server, Azure, and Microsoft 365 solutions.

· Experience with advanced functions of Microsoft 365 Security and Compliance center.

· Provide technical expertise on Microsoft Azure service administration and communications.

· Resolve issues and provide technical assistance in Azure cloud-hosted environment.

· Create and maintain Cloud security strategies, policies, procedures, and documentation.

· Manage and configure SaaS, IaaS, and PaaS environments and subscriptions.

· Optimize Azure subscriptions for cost and performance.

· Creating and maintain accurate documentation of processes for areas of responsibility including documenting issue resolutions and changes in our cloud or system configurations.

· Research various security incidents, their cause and effects. Work with Service Desk, Desktop Support, Server, Information Security, and Network Operations team members as appropriate to troubleshoot, resolve, and document specific internal incidents and/or breaches within established SLAs.

· Experience with administration and configuration of Microsoft 365 Exchange Online.

· Help produce training and education on O365 capabilities and collaboration tools such as SharePoint, OneDrive, Teams, OneNote, and Outlook.

· Functional knowledge of Microsoft 365 backup solutions.

· Strong knowledge of PowerShell scripting.

· Strong knowledge of Microsoft System Center products (SCCM, SCOM, SCOrch, SCSM).

· Functional knowledge of Intune / MEM

· Conduct routine monitoring and analysis to include Audit Log Reports evaluation, system and storage utilization reports, site and system usage, growth reports, and manage site collection quota settings.

· Support creation and management of security groups, email-enabled security groups, and distribution lists, including restricting and moderating distribution lists.

· Responsible for maintaining alignment with existing Standards and Policies as well as inputting on their maturation.

· Analyze and develop innovative resolutions for complex problems involving high availability and/or performance at system level.

· Ability to work in a team environment; strong interpersonal skills and adaptability are a must.

· Ability to maintain open and constant communication with internal employees, contractors, customers, managers, and others as needed.

· Escalate issues to management as appropriate in on-call rotation and possibly respond immediately to emergency situations.

• Responsible for managing Windows infrastructure including DHCP, DNS, Exchange migration to O365, and all of NTT Global Networks Azure cloud technologies (M365/O365/Intune/Co-Management with MECM and CMG).

• Responsible for AD management in two domains across five sites. Advanced group policy experience.

• Advanced level of understanding of numerous security products such as CrowdStrike Falcon, Qualys, Nessus, and processes that align with remediating vulnerabilities across the Enterprise.

• Planned and implemented Crowdstrike, Cisco Umbrella, to accomplish DNS security and security posture across the enterprise for Windows and Linux systems.

• Identify, test, implement, and maintain the necessary security products and processes to cost-effectively and uniformly protect information systems assets from intentional or inadvertent modification, disclosure or destruction.

• Interpret and review scan results to manage mitigation and remediation across enterprise environments with SCCM, and Qualys.

• Utilize Patch My PC application to patch all 3rd party (Adobe, Chrome, Java, Firefox,) applications to deploy with Windows patching deployments.

• Configure patches, scripting (Batch, Powershell, RegEdits, GPO, etc.) packages, and Application packages across multiple enterprise environments in server and workstation mediums through SCCM and manage deployments.

• Strong background and experience working with Microsoft OSes and applications, virtual networking including VMware and Windows Virtual Desktop (WVD),

• Strong background and experience working with M365/O365/Intune/Azure technologies to integrate with SSO and MFA for various applications across the Enterprise.

• Administrator for SCOM 2012/2016 to customize alerts support all servers and applications on each of those end points to remedy the issue accordingly.

• Interface with both the business and user community to understand their security needs.

• Partner with our IT shared services team to understand NTT Global Networks technology and security roadmap.

• Review, analyze, implement and administer vendor and internally developed security software, products and procedures to address CIS standard and control security requirements.

• Experience maintaining SQL Server databases for SCCM server and reporting (SSRS) for customer reports and also maintenance tasks for SCCM primary site(s).

• Advanced level of understanding of numerous security products such as Risk Sense, Rapid 7, Nessus, Splunk, and processes that align with remediating vulnerabilities across the Enterprise.

• Identify, test, implement, and maintain the necessary security products and processes to cost-effectively and uniformly protect information systems assets from intentional or inadvertent modification, disclosure or destruction.

• Strong ability to Interpret and review scan results to manage mitigation and remediation across enterprise environments (Nexpose and SCCM).

• Strong ability to configure patches, scripting (Batch, Powershell, RegEdits, GPO, etc.) packages, and Application packages across multiple enterprise environments in server and workstation mediums through SCCM and manage deployments.

• Interface with both the business and user community to understand their security needs.

• Partner with our IT shared services team to understand Nelnet’s total technology roadmap.

• Understand the policy, standards and procedures found in the Nelnet enterprise as well as understanding appropriate laws and regulations that our business.

• Review, analyze, implement and administer vendor and internally developed security software, products and procedures to address security requirements.

• Designs, implements, analyzes and supports Microsoft System Center Configuration Manager (SCCM Current Branch) across 5 different domains not including OT & Gas Scada.

• Simplifying and improving monitoring across the enterprise to increase proactive monitoring and increase outage-troubleshooting efficiency.

• Defines system objectives and prepares system design specifications.

• Responsible for architecture, engineering and problem management for SCCM services including: Software Update Patching Deployments, Application Deployments, OSD Deployments for all OS needs.

• Monthly scan reports from Rapid 7/Nexpose for vulnerability remediation planning with ESS and various server/application owners across the organization.

• Responsible for gathering analyzing client business requirements in order to identify and solve problems.

• Acts as communication liaison between business and IT teams.

• Fulfills technical leadership role within SCCM team to drive process improvements and to meet project schedule requirements.

• Design, implement, and engineer our entire migration of SCCM 2012 R2 environment to a new SCCM 2016 Hub and Spoke Network Infrastructure model.

• Microsoft SCCM 2012 and SCCM Current branch versions 151 +, including: Architecture ,Sites, Collection, Distribution points, SCCM database

• installation, configuration, and utilization of MS SCCM 2012 and SCCM versions 151 + to deploy/patch software packages and images to thousands of desktop workstations, laptops, and servers.

• Utilize Ivanti/Shavlik SCCM plug-in tool to patch all 3rd party (Adobe, Chrome, Java, Firefox,)applications to deploy with Windows patching deployments.

• Monthly scan reports from Risk Sense (Qualys and Nexpose) for vulnerability remediation planning with Security Team and various server/application owners across the organization.

• Build, Upgrade, and Maintain VMware and Hyper-V servers using vSphere/View Administrator and/or Remote Desktop for over 5,000 servers across the U.S.

• Administrator for SCOM 2012/2016 servers to customize alerts support all 5,000 servers and applications on each of those end points to remedy the issue accordingly.

• Responsible for all AD management in two domains across five sites. Advanced group policy experience, with approximately 150 individual GPOs.

• Simplifying and improving monitoring across the enterprise to increase proactive monitoring and increase outage-troubleshooting efficiency.

• Top tier for desktop support, also training helpdesk and desktop support technicians to improve operational efficiency through hands-on learning and extensive documentation.

• Design, engineer, and deploy new workstation solutions and enhancements.

• Design, implement, and administer Active Directory Group Policies and company security policies.

• Create and maintain documentation as it relates to workstation architecture, integration design, system configuration and technology road maps.

• Collaborate with desktop staff to ensure smooth and reliable operation of software and systems for fulfilling business objectives and processes.

• Outstanding of Windows 7/10; Server 2008/2012/2016, SCCM and Acronis/SCCM imaging.

• Design, implement and administer security audits and vulnerability scanning.

• Gauge the effectiveness and efficiency of existing systems; develop and implement strategies for improving or further leveraging these systems.

• Installed and patch updated hardware and software utilizing SCCM for all Windows 7/10; Server 2008/2012/2016.

• Installed and patch updated hardware and software utilizing JAMF Server/JSS with Casper Suite for all Apple Devices.

• Ensured maintenance of system data security all end points using Carbon Black Defense.

• Perform monthly patching for DEV/UAT/TEST environment servers.

• Responsibilities including: Office 365 Exchange Admin; Okta SSO/MFA duties; Aruba Clear Pass/OnGuard Posture duties.

• Work with VMware vSphere/View Administrator for our VDI environment.

• Monitor performance and capacity of all components supporting the applications.

• Implemented Cisco ISE, responsible for server administration and all client deployments, including ~350 Windows and ~40 MAC workstations. Implemented two-factor authentication using both PKI certificate verification for machine authentication and AD integration for user authentication. Worked closely with the Network and Security teams to split the end users into ~50 separate VLANs, by job function, for added security.

• Strong desktop system internal support experience.

• Resolved all problems and questions in a timely manner.

• Extensive proficiency with computer software, hardware and associated operating systems.

• Outstanding grasp of Windows 7/10 Server 2008/2012/2016, SCCM and Acronis/SCCM imaging.

• Strong knowledge of HTTP, SMTP, SNMP, DNS, DHCP and Exchange Server.

• Exceptional familiarity with networked and computer based systems.

• Superior troubleshooting abilities for desktop operating systems and software.

• Installed and patch updated hardware and software utilizing SCCM for all Windows systems.

• Installed and patch updated hardware and software utilizing JAMF Software Server/JSS with Casper

• Suite for all Apple Macs.

• Ensured maintenance of system data security using Trend Micro and BitLocker encryption along with

• Office Scan and FireAmp Anti-Virus programs.

• Work with VMware vSphere/View Administrator for our VDI environment.

• Administrator for CrashPlan PROe for maintenance and deployment purposes.

• Assistant Admin with NICE Audio Recording Systems maintenance and deployment.

• Extreme focus on Customer Service and delivery of IT Services.

• Responsible for Tier I1 level application, system and service support.

• Focus on Customer Service through phone, email and personal interaction.

• Diagnose and resolve technical hardware and software issues.

• Research questions using available information resources such as: eAGLE, Q- Law/Citrix, Governance

• Portal, MS Exchange, Active Directory, RSA, Jira, or any other programs and applications that we utilize on a daily basis.

• Quality incident or request creation, classification, prioritization and escalation in Cherwell application.

• Prepare and support applicable IT reports utilizing Cherwell, Active Directory, or MS Exchange 2010 Server.

• Manage accounts with Verizon to ensure best cost savings is always in site on a Quarterly and Annually basis.

• Troubleshoot Mac Book Pro/Retina (Mavericks & Yosemite) OS', iPad (Multiple Generation iPads).

• Provide support and manage Xerox copiers, Xerox/HP printer and fax functionalities.

• Troubleshoot Windows 7 laptop models including E6400, E6410, E6420, E6430, M4700/4800.

• Troubleshoot Mac Book Pro/Retina (Mountain Lion & Mavericks) OS', iPad (Multiple Generation iPads).

• Backup user data, rebuild computers, and restore user data as needed on Mac and Windows systems.

• Provide support and manage Xerox copiers, Xerox/HP printer and fax functionalities.

• Developed Windows 7 and Mac OS images for faster deployment of systems to end user(s).

• Customize desktop hardware and software to meet user specifications and

corporate standards.

• Support end users to familiarize with the hardware, software, and peripherals requirements per corporate standards.

• Perform data migrations using Sharegate software to MS Sharepoint for all departments within the company.

• Train departments across organization on MS Sharepoint on whether their role is either as an Admin or End User.

• Manage accounts with T-Mobile and AT&T to ensure best cost savings is always in site on a Quarterly and Annually basis.

• Support mobile users by creating, troubleshooting technical questions/issues with Blackberry, Windows, and iPhones.

• Provide the same level of support at the desk side or via phone and utilize BOMGAR to remote in systems with in the United States or United Kingdom.

• On a daily basis creating and managing Microsoft Exchange, Active Directory, RSA Security, ShoreTel Communication,.

• Use Dameware on a daily basis to create, edit, or delete security badges.

• Ability to prioritize work and handle multiple tasks simultaneously in a fast paced, diverse and growth oriented environment.

• Troubleshoot Windows and Mac operating systems on a daily basis.

• Backup user data, rebuild computers, and restore user data as needed on Mac and Windows systems.

• Provide support for printers, phones, and faxes.

• Customize desktop hardware and software to meet user specifications and corporate standards.

• Familiarize end users with hardware, software, and peripherals.

• Perform data migrations using Sharegate software to MS Sharepoint for all departments within the company.

• Train departments across organization on MS Sharepoint on whether their role is either as an Admin or End User.

• Assist with Blackberry and iPhone account creations, troubleshooting, and technical questions/issues.

• Provide the same level of support at the desk side or via phone whether anyway in the United States or United Kingdom.

• On a daily basis using using Microsoft Exchange, Active Directory, RSA Security, ShoreTel Communication.

• Ability to prioritize work and handle multiple tasks simultaneously in a fast paced, diverse and growth oriented environment.

• Use DameWare on a daily basis to create, edit, or delete security badges.

• Provide general program & system user support.

• Client user management (new users, proxies, reset passwords, approval workflow updates/delegations).

• Provide support to sourcing consultants for system transaction updates (contract assignment extensions/rate changes, project milestone edits, accounting code changes, on-boarding/off-boarding activities, etc.).

• Tracking active contractor population (tenure, end dates, budget).

• Transaction auditing (timecards/expenditures, expired agreements, approvals hung in process).

• Address issues related to time entry and approval.

• Address billing issues, including adjustments & invoice validation, error reconciliation, and invoice/payment inquiries by applicable contacts.

• System administration & maintenance (rate cards, job templates, accounting codes, supplier setup).

• Conduct ongoing user training, when applicable.

• Provide reporting support to various constituents.

• Perform supplier audits (insurance certificates, background/drug checks, etc.) and report findings.

• Special data administration/maintenance projects.

• Perform UI and UAT Testing for the new software version before it is released into Production.

• Use SQL, File Transfer Protocols, and querying for each client's requirements to either gain system access or to resolve RBAW (Rule Based Approval Workflow) issues within the system, and to extract specific data out of the system for reporting purposes.

• Troubleshooting and answering difficult system questions and bugs.

• Resolves product or service problems by clarifying the customer's complaint; determining the cause of the problem; explaining the best solution or workaround to solve the problem; expediting the escalation of the issue, if needed; and following up to ensure resolution.

• Responsible for conducting/monitoring activities in the Software and Infrastructure Change

• Management program for each of the programs I support.

• Provide functional troubleshooting, working closely with Tier2/Tier3 on system issues requiring client background and understanding of customer specific use cases.

• Served as liaison with management to obtain requirements in terms of reporting around variety of areas using various tools such as Oracle Discoverer, Excel, and in-house reporting tools.

• Created text script files utilizing Oracle Discover to extract data for billing and collection reports.

• Exported data from the Oracle production database into Excel spreadsheets to create ad-hoc reports for end users.

• Generated customized financial Accounts Receivable summary reports utilizing VLOOKUPS, Pivot Tables, and various formulas for national and commercial accounts.

• Responsible for credit memos, write-offs, custom billing, and special handling billing.

• Generated old and new invoices and updated customer information in various Oracle Application modules.

• Proficient in third-party applications for customer inquiry such as EZ Readings and ICR.

• Followed-up with billers and collectors to ensure completion and accuracy of reports prior to billing run.

• Accessed backend system to rewind Status Monitor in Oracle to resolve and re- assign disputes with system related issues in order to ensure completion of workflow disputes by billers and collectors.

• Received certification training in Oracle 1 i, Legacy AS400 Mainframe systems.

• Supported Sales Representatives in the processing of Rental, Sales, and Lease orders for the Central Region for national and commercial Accounts.

• Utilized a range of programs and systems such as Across the Desk, Rumba

Mainframe, and Oracle for financial marketing, billing, and auditing purposes.

• Performed quality control checks incoming orders for legal obligations pertaining and adherence to master contracts.

• Fixed contracts for our Regional Central Districts including dollar amounts on invoices, maintenance coverage, and determining buy-out amounts for individual customer's equipment.