Jesus Sandoval

Led NSX-T micro-segmentation design and implementation for a large-scale GCVE migration, enforcing Zero Trust segmentation with distributed firewall rules. Centralized Palo Alto firewall policy management using Panorama and resolved migration/network firewall issues to reduce downtime.

Deployed and managed Fortinet FortiGate firewalls across government locations using FortiManager for centralized NGFW policy enforcement. Integrated FortiGate with Splunk/QRadar SIEM via FortiAnalyzer and implemented advanced threat protection (IPS, antivirus, web filtering) for real-time threat visibility.

Delivered multi-vendor firewall policy provisioning and complex application migrations using Palo Alto Panorama, Check Point Smart Console, Juniper Junos Space, and FortiManager within Zero Trust architectures. Implemented cloud security for AWS/GCP that increased data protection compliance by 80% and reduced breach risk.

Managed Palo Alto PA-7050/PA-5060 firewalls via Panorama 9.1 alongside Guardicore micro-segmentation and VMware NSX. Conducted incident response and event log monitoring, and reviewed Tufin Orchestration Suite change requests to ensure firewall policy changes met security and business requirements.

Designed and commissioned a newly built data center in Santo Domingo by implementing network and multi-vendor security infrastructure from the ground up. Managed Palo Alto/Check Point/FortiGate operations, SIEM log collection with ArcSight ESM and Splunk, and change accuracy using AlgoSec FireFlow before deployment.

Migrated 5 sites from remote access VPN to IPsec site-to-site using IKEv2 and certificate-based authentication between Cisco ASAs to improve security and performance. Designed and deployed Microsoft security stack (Azure Sentinel and Microsoft Defender products), upgraded Cisco ISE, and implemented Cisco SD-WAN across sites and data centers.

Built and migrated two data centers (Waterloo to Barrie) using Cisco Nexus switching, Juniper SRX firewalls, and A10 load balancers with minimal downtime. Designed SD-WAN modernization and deployed Juniper vSRX on AWS with full VPC networking (ENI/EIP, routing, NAT, security groups).

Supported Rogers network engineering projects by developing design alternatives and optimizing network cost and performance. Troubleshot multi-vendor security environments (Juniper, Check Point, Palo Alto, Fortinet, and Cisco) during incidents and implementations.

Provided network engineering support for Rogers national network, developing design/provisioning and capacity plans for IPv4/IPv6 infrastructure. Troubleshot multi-vendor firewall environments and supported incidents using Microsoft Azure.