Open to opportunities

Jason Thomas

@jasonthomas

I’m a senior network & security engineer delivering zero-trust, compliant infrastructure across hybrid cloud environments.

United States

Message

What I'm looking for

I’m looking for a security-forward team where I can own zero-trust privileged access, incident readiness, and compliant hybrid networking end-to-end—working directly with stakeholders, documenting decisions, and improving resiliency and automation.

I’m a senior network and security engineer with 25+ years architecting, securing, and operating enterprise infrastructure across SaaS, healthcare, and financial compliance environments, supporting up to 5,000 users across 25+ locations. I’m especially focused on zero-trust privileged access, hybrid identity, and resilient network architecture spanning Cisco, Fortinet, and AWS.

In my most recent roles, I’ve architected and deployed KeeperPAM to eliminate standing privileged credentials and strengthened incident response with Microsoft Purview audit log workflows across Exchange Online, SharePoint, OneDrive, and Azure AD. I also lead enterprise compliance aligned to PCI DSS v4.0—driving controls like IPv6 hardening, FortiGate policy enforcement, and segmentation reviews—while running least-privilege redesigns through formal change runbooks and credential rotation.

I bring a practical, documentation-driven approach: I’ve built automation (including a PowerShell WinForms app for Active Directory inactivity audits), implemented forced password resets across hybrid Active Directory and Entra ID with Duo MFA, and managed complex multi-site routing, SD-WAN, and datacenter fabrics like Cisco Nexus VXLAN/EVPN and VMware vSphere. Earlier, I led greenfield AWS Transit Gateway and Direct Connect for a 50+ VPC global SaaS environment, and I continue to apply that same ownership to cloud networking, segmentation, and monitoring.

Experience

Work history, roles, and key accomplishments

Current

Senior Network & Systems Engineer

Current

Highwoods Properties

Feb 2026 - Present (3 months)

Architected and deployed KeeperPAM zero-trust privileged access, removing standing privileged credentials and enabling contractor provisioning with Duo MFA. Led digital forensics and incident-response capabilities using Microsoft Purview audit logs and drove PCI DSS v4.0-aligned network hardening and segmentation across enterprise endpoints and Fortinet infrastructure.

KeeperPAM Zero Trust Architecture Privileged Access Management Microsoft Purview PCI DSS Active Directory Entra ID Fortinet PowerShell

Network Engineer (Consulting)

Robert Half

Aug 2025 - Feb 2026 (6 months)

Owned network design, implementation, and operations for a 5-site medical robotics environment as the sole network engineer. Deployed Cisco Catalyst 9300 switching and managed Cato SASE SD-WAN and Dell SonicWall firewalls to maintain resilient site-to-site VPN connectivity, while monitoring performance with PRTG.

Cisco Catalyst Sonicwall Site To Site VPNs Active Directory PRTG

Network & Systems Engineer

Brightly Software

Sep 2019 - Jul 2025 (5 years 10 months)

Architected AWS greenfield Transit Gateway and Direct Connect connectivity to interconnect 50+ VPCs, eliminating peering sprawl for a global multi-tenant SaaS environment. Owned AWS networking and implemented hybrid identity (Active Directory and Entra ID), Cisco ASAv remote access VPN, VMware Cloud/NSX micro-segmentation, and production infrastructure support for 24/7 critical workloads.

AWS Transit Gateway AWS Direct Connect Active Directory Entra ID Cisco ASAv HA VPN ThousandEyes Route 53 Micro Segmentation

Lead Network & Security Engineer

Hillrom

Apr 2019 - Sep 2019 (5 months)

Designed and implemented Cisco ASAv high-availability pairs in Azure to secure DoD QA environments with site-to-site VPN and Meraki connectivity. Conducted DISA STIG assessments and used Tenable Nessus vulnerability scanning to remediate security gaps while automating Azure micro-segmentation with Azure CLI and PowerShell.

Azure DISA STIGs Nessus Site To Site VPNs Micro Segmentation PowerShell Cisco Meraki

Senior Network Engineer

Dude Solutions

Feb 2016 - Apr 2019 (3 years 2 months)

Architected and deployed production SaaS infrastructure using Cisco Nexus/Catalyst switching and ISR routing to deliver high availability for a 500–1,000 user environment. Owned datacenter perimeter security (Cisco ASA with Firepower, VPN/AnyConnect) and implemented VMware vSphere/vCenter/NSX micro-segmentation, plus AWS infrastructure and disaster recovery design.

Cisco Catalyst Cisco Firepower Cisco AnyConnect VMware VSphere Pure Storage Disaster Recovery

Network & Systems Team Lead

RegEd, Inc.

Jun 2005 - Feb 2016 (10 years 8 months)

Promoted to Team Lead and owned network and systems engineering for a SaaS compliance platform supporting 100–500 users across production and disaster recovery environments. Administered enterprise network security and identity services, including Cisco firewall HA, VPN/AnyConnect, Active Directory/DNS/DHCP, and VMware vSphere infrastructure, while maintaining endpoint protection and related secur

Meraki MX & VPN (AnyConnect)VMware VSphere