Jacinda Duffy
Alvord,TX
Summary
Experienced professional with over a decade of expertise in firewall, route/switch, network management, and troubleshooting. Strong collaboration and communication skills, adept at working independently and as part of large-scale projects. Committed to delivering high-quality results and consistently exceeding expectations.
Overview
11
11
years of professional experience
Work History
Network Security Engineer
The Judge Group/Discover Financial
08.2022 - Current
- Upgraded and renewed SSL/TLS CA certificates for all Panorama devices and Palo Alto firewalls from G2 to G3 and imported same to all hardware (about 60 devices)
- Ran SecOps project with Palo Alto for reviewing best practices and discrepancies within our Panorama and Palo Alto environment
- Major audit cleanup work to remove rules in incorrect zones on Cisco ASA firewalls as well as remediate an open “any” rule on Palo Alto firewall
- Also worked with PCI QSA auditors on last audit to remediate over 450 callouts
- Network security resource for new UCCM/IVR AWS project migrating IVR applications and SIP traffic from onsite to the cloud
- Architected and installed new firewall for office move in Phoenix site that previously did not have a firewall or VPN
- Created firewall policies and VPN back to datacenter for onsite users
- Firewall rule remediation for PCI audit – remediated two open any/any rules on a DC firewall by reviewing traffic logs, tracking down application owners and creating necessary rules and eventually disabling and deleting open rules
- Learned GitHub and Ansible for automating SGOps and internal website
- Researching App-ID implementation – writing Jira stories for steps needed to test and implement App-ID into DFS environment
- Automation research – Researched ways to automate existing audit work involving reviewing every firewall every 180 days for unused rules and disabling them
- Tested using XSoar to automate this process
- Panorama Log Collector troubleshooting/upgrades – worked with vendor to resolve issues with M600 devices
Sr. Security Engineer
Collabera/IBM-Kyndryl/Delta Airlines
02.2022 - 07.2022
- Built new Palo Alto firewalls and migrated policies
- Cisco Stealthwatch – took over project to get 18 devices from version 7.0 to 7.4, worked through licensing issues and sync issues with SMC
- POC with Palo Alto for most TAC cases, replaced both Panorama and log collector hardware as well as taken lead in version upgrades for hardware and AWS (Panorama)
- Worked in Algosec and Palo Alto as automation for firewall rules had previously been implemented
- Trained offshore in processes
- Worked on project to implement Palo Alto Global Protect to replace Pulse Secure VPN
Sr. Network Engineer
JPS Health Network
12.2021 - 01.2022
- Worked to build more secure rules on existing firewalls and advise as to security updates and architecture upgrades needed for upcoming year
- Assisted junior engineer with upgrades and data center moves
Network Security Engineer
Softtek/Southwest Airlines
08.2020 - 11.2021
- Worked on redesign of URL policies and filtering
- Did all troubleshooting for URL policies and content filtering
- Set up tickets with Palo Alto and made all requests for URL category changes
- Configured new firewalls (usually PA-600s) for implementation as HA pairs and pushed templates onto Panorama, which was recently upgraded to version 10
- Did migrations of Cisco ASA firewalls to Palo using Expedition
- Configured new site-to-site VPNs from both Cisco ASA to Palo Alto and Palo Alto to Palo Alto
- Also migrated VPN tunnels from Cisco ASA to Palo Alto
- This included configuring rules for applications and the VPN tunnel itself and troubleshooting if any issues occurred while bringing the tunnel up
- Also have engaged Palo Alto support for live troubleshooting during Production moves
- Took requests for firewall rules from start to finish – this would mean writing the implementation plan from a Service Now request, sending it for peer review and Cyber review, then scheduling and implementing the rule during a scheduled change window and documenting any and all changes made and if necessary, following up with the customer for any troubleshooting if something was missed or not working as requested
AVP AAA Engineering
Bank of America
10.2016 - 09.2019
- AAA (Authentication, Authorization, Accounting) Engineer
- Part of team architecting new Cisco ISE application to replace ACS throughout enterprise
- Wrote HLD/LLD as well as involved in failover planning and device testing for all authenticating devices
- Lab testing for products including Cisco ISE and ACS and Aruba Clearpass (CPPM)
- Tested and implemented all new devices for TACACS or RADIUS authentication and MFA
- Also part of on-call for troubleshooting production issues on the network
- Application/Portfolio (AIT) Owner for all AAA applications (10 concurrently)
- Kept all applications in compliance which included technical recovery documentation and testing, firewall rule remediation, access reviews (IAM) for entitlements, review Qualys/Nessus scans for server vulnerability remediation, prepare ERPs for exceptions and write requests for server patching
- Also managed certificates for all AAA-owned devices using Venafi
SME
Bank of America
02.2016 - 10.2016
- SME for Network Access Control (NAC) Project
- Helped create RFP, technical questions and slide decks for vendors and BISOs
- Looked up technical product device owners for information-gathering and created Excel documentation
- This product eventually replaced all Cisco ACS infrastructure within BofA
SME Contractor GIS
Teksystems/Bank of America
09.2015 - 02.2016
- SME for NAC Project
- Helped create RFP, technical questions and slide decks for vendors and BISOs
- SME for B2B Firewall Proxy SIM/SEG project
Sr Information Security Engineer Team Lead Interim Info Sec Mgr
Brinks
03.2015 - 09.2015
- Security reviewer for global change management
- Managed Service Now ticketing for Info Sec group
- Managed Server 2003 ACS remediation project
- Managed project to re-architect global network for firewalls
- Managed POCs for firewalls including ASA Firepower and Fortinet, Tufin mgmt software
- Implemented, configured and managed Tufin firewall management software
- Managed Ironport ESA and WSA appliances
- Managed licensing for all equipment managed by Info Security
- Managed TLS and CA certificates for all devices using Venafi
Sr. Information Security Engineer
Matrix/Brinks
11.2014 - 03.2015
- IDS/IPS management, ticketing review
- Ironport Web and Email filtering
- RSA 2Factor Authentication for VPN and Servers
Network Architect
Neovia Logistics
07.2014 - 11.2014
- Architected networks for new business projects in US including switches, routers and wireless equipment
- Took specs from start to finish writing network diagrams and documentation, ordering equipment and configuring switches and wireless hardware
- Firewall rule troubleshooting, changes and group object additions for new business sites
Education
Information Technology with Emphasis in Network Management -
National American University
Rapid City, SDSkills
- Palo Alto
- Panorama
- Cisco ASA
- Sonicwall
- Fortinet
- VPN connections
- Access rules
- Cisco Stealthwatch
- Cloud Security
- Firewall management tools
- Tufin SecureTrack
- Tufin SecureChange
- Wireshark
- AAA - Network Access Control
- Cisco ACS
- Cisco ISE
- Aruba Clearpass
- Splunk
- Qualys
- Nessus
- BMC Remedy
- ServiceNow
- Venafi PKI Certificate Management
- SIEM investigation
- IDS/IPS
- Snort
- Snare Server
- Networking
- LAN
- WAN
Specialcredentials
DOD Secret Clearance (no longer active)
Jobskills
- Configuring, managing, upgrading and troubleshooting Palo Alto including Panorama, Cisco/ASA, Sonicwall and Fortinet firewalls and VPN connections, access rules and logs.
- Replacement/migrations/upgrades and configuration of Palo Alto log collectors/Panoramas/gateways.
- Cisco Stealthwatch support and upgrades.
- Cloud Security and Cloud server builds and Operation support.
- Firewall management tools including Tufin SecureTrack and SecureChange and Wireshark.
- AAA - Network Access Control administration using Cisco ACS, ISE and Aruba Clearpass.
- Splunk for log evaluation and troubleshooting.
- Qualys and Nessus server scan remediation.
- BMC Remedy and ServiceNow change management systems.
- Venafi PKI Certificate Management.
- SIEM investigation through third party vendor.
- Configuring, managing and troubleshooting IDS/IPS, Snort, and Snare Server/Agents.
- Networking LAN and WAN, routing and switching, architecture, documentation and security.
- Network monitoring, configure hardware including routers, switches, firewalls, SAN, tape backups, printers, laptops and desktops.
- Maintain Active Directory domains, user accounts, groups and GPOs.
- Large project experience from start to finish including building requirements to writing HLD/LLD documentation, choosing sizing of final product and implementing into production.
Accomplishments
AWS Cloud Economics Accreditation
AWS Technical Professional Accreditation
Timeline
Network Security Engineer
The Judge Group/Discover Financial
08.2022 - Current
Sr. Security Engineer
Collabera/IBM-Kyndryl/Delta Airlines
02.2022 - 07.2022
Sr. Network Engineer
JPS Health Network
12.2021 - 01.2022
Network Security Engineer
Softtek/Southwest Airlines
08.2020 - 11.2021
AVP AAA Engineering
Bank of America
10.2016 - 09.2019
SME
Bank of America
02.2016 - 10.2016
SME Contractor GIS
Teksystems/Bank of America
09.2015 - 02.2016
Sr Information Security Engineer Team Lead Interim Info Sec Mgr
Brinks
03.2015 - 09.2015
Sr. Information Security Engineer
Matrix/Brinks
11.2014 - 03.2015
Network Architect
Neovia Logistics
07.2014 - 11.2014
Information Technology with Emphasis in Network Management -
National American University