Senior Network Security Analyst @ From November 2015 to Present (2 months) Network and Security Engineer @ • Designed and implemented Information security methodologies and Technologies.
• Maintained information security vulnerability and threat management
• Designed, implemented, and maintained company production and office network.
• ISO27001, WAF/Modsecurity, OSSEC(HIDS), OSSIM(SIEM), Zabbix, ELK(Elasticsearch, logstash, Kibana)
• Linux (CentOS, Kali), Windows Server 2012, ESXi, Nginx, Tomcat, MySQL
• Burp Suite, OpenVAS, Nmap, SQLmap, NetSparker, OWASP, Wireshark, TCPDUMP, Shell Script
• Fortinet Firewalls, Cisco ASA, Cisco Switches
• SSL(VPN, HTTPS), OSPF, LACP, RST, HSRP, Syslog, SNMP, DNS, DHCP etc. From January 2015 to September 2015 (9 months) Toronto, Canada AreaSenior Network and Security Engineer @ • Designed, implemented network and security infrastructure in SSE.
• Designed and implemented Internet-faced business and trading processing platform.
• (HTTPS and SSL VPN)
• Designed and maintained ISO27001 ISMS (Project manager); maintained ISO20000 as coordinator.
• Designed and maintained the information security baselines.
• Provide Tier-2 Network and security support (NOC)
• ISO27001, ISO20000, PRINCE2(PMP)
• WAF/Modsecurity, OSSEC, ClamAV, Nessus, Burp, Nginx, Apache, Tomcat, MySQL,Nagios
• Cisco Switches (Nexus 5000/2000, Catalyst6500, 4948), IPS, Firewalls(ASA, Juniper SRX), NetScout, IXIA
• HTTP/HTTPS, SSL VPN, IPSec VPN, OSPF, HSRP From June 2012 to July 2014 (2 years 2 months) Network Security engineer @ • Designed, implemented, and maintained the SSE next generation trading networks.(with 60+ switches, 10+ routers and 20+ firewalls), Maintained and managed network devices in trading system including Routers/switches, Firewalls (PIX/ASA/FWSM) and DWDM system.
• Designed and implemented the NAC(Network Admission Control) and Cisco ISE in SSE
• Updated and upgraded the trading network devices and trading hosts smoothly and successfully( 50+switches, 36+ HPUX hosts, 300+ cables, DWDM, and firewalls).
• Installed, setup and maintained trading communication hosts, maintained and managed the communication hosts’ emergency recovery plan, scripts, and operation
• Designed, proposed and tested the layer 3 network architecture for the New Generation Trading System in SSE. Designed, tuned and tested network performance including OSPF, RST, PIM, HSRP etc.
• Led internal forensic investigation on insider sensitive data leaks and system audit.
• Renovated a new method to improve the fault recovery performance for trading hosts from 5 minutes to 10 seconds. .
• Excellence Award for “Continuous Degree Study” in 2009
• Routers(Cisco 2900/3900, 12000, 7206, ASR1000), Switches(Catalyst 6500, 4500, 4948, 3750,2950, and Nexus 5000, 2000), Firewalls(Cisco PIX/ASA/FWSM, Juniper, Checkpoint), IDS(4125), WLC 4400, AP(1010,1250), DWDM(Cisco 15454), HP ArcSight(SIEM), Cisco NAC Framework, ISE, ACS, Cisco Call Manager Express(VoIP)
• 802.1x, EAP/EoU, Radius, HSRP, OSPF, EIGRP, RST, Multicast(PIM, IGMP), IPSec, SSL, AAA, QoS, MPLS VPN, NAT, Netflow, Syslog, SNMP, EAP, WAP2/WAP, AES etc.
• Nkisun, Wireshark/TSHARK, TCPDUMP, TCPDUMP, FTP, Telnet, Rlogin, DNS, DHCP
• HPUX, Linux, Windows, HP OVO, IR Prognosis, Shell(Awk/Sed)
• ISO20000/ITSM From September 2002 to August 2010 (8 years) Network and System Admin @ The main responsibility is to maintain the whole R&D environment.
• Setup and maintain HPUX systems based R&D environment.
• Install, maintain, and support the application environment, etc
• Responsible for Sablime system (version control and build system)
• Maintain local network devices.
• Setup and maintain local Email/DNS/NIS/Web servers
• HPUX, Linux, Windows
• Perl, Shell (awk/sed)
• DNS(Bind), Email(Sendmail), Apache Web Server, NIS, NFS From April 2000 to August 2002 (2 years 5 months) Shenzhen, Guangdong, China
Master's degree, Information Security Institute (Information Security Technology Track) @ The Johns Hopkins University From 2010 to 2012 Master's degree, Computer Engineering @ Shanghai University From 1997 to 2000 Bachelor's degree, Computer Communication @ Nanjing University of Posts and Telecommunications From 1993 to 1997 XiaoMing(Frank) Li is skilled in: Computer Security, CISSP, EIGRP, RIP, OSPF, Security, Network Architecture, HPUX, Shell Scripting, Network Security, Firewalls, VPN, Networking, TCP/IP, Switches
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension