SUMMARY:

• Cisco Certified Network Engineer with 8 plus years of professional experience, performing Network analysis, design, implementing, capacity planning with focus on performance tuning and support of large Networks.
• In - depth knowledge and hands-on experience on OSI model, TCP/IP, Subnetting, VLSM, ARP, reverse & proxy ARP, Ping Concepts.
• Experience in configuring and troubleshooting of static and dynamic routing protocols such as RIP v1/v2, EIGRP, OSPF, IS-IS BGP and MPLS.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
• Worked on NX-OS, IOS, IOS-XR BXB to N7K-NX-OS (MPLS) system test.
• Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment.
• Experience in Cisco Routing and Switching using 3600, 3700, 3800, 5300, 6500, 7200, 7600, Nexus 7K,5K, &2K, ASR 9000, 1000 series routers.
• Expertise in Data Center Core layer, Access layer, Aggregation layer, Services layer.
• Strong work experience with MPLS, VPN, WLAN and Multicast technologies.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
• Advanced knowledge installation, configuration, maintenance and administration of Palo Alto firewalls, Panorama, Checkpoint, Fortinet Firewalls.
• Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
• Configure Palo Alto Networks Firewall models (PA-2K, PA-3K, PA-5K etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Automated network implementations and tasks and designed monitoring tools using python scripting.
• Network monitoring and testing from Operation Center (NOC) from a network management perspective.
• Good knowledge on DMZ zone-based security configuration on Cisco routers.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
• Network security including NAT/PAT, ACL, IDS/IPS, and Cisco PIX, ASA/ Firewalls.
• Proficiency in monitoring and analysing the load balancing of network traffic using Wireshark and SolarWinds and Netflow.
• Scripting for automation of processes for Windows Servers. Familiarity with main script languages like Power Shell, PHP, Shell, Perl, Python.
• Experience in Physical cabling, IP addressing, configuring and handling network failure issues.
• Excellent communication and interpersonal skills with excellent problem-solving capabilities.

TECHNICAL SKILLS:

Cisco Routers: 3900, 3800, 3700, 7206VXR, 7500, ASR 1K,9K

Cisco Switches: 6500, 4510, 3750X, 3550, 3650, 3750G, 2960

Routing Protocols: EIGRP, OSPF, BGP, RIPv2

Switching Concepts: VLAN, STP, RSTP, VTP, Ether Channel, Port Fast, IP access Control lists, Uplink Fast and Backbone Fast, HSRP, VRRP.

Network Securities: NAT/PAT, VPN, Filtering, Load Balancing using f5 and Cisco ACE, Cisco ASA Firewalls 5580-20, IPSEC and SSL VPNs, IPS/IDS, DMZ Setup, CBAC, Cisco NAC, ACL, IOS Firewall features, IOS Setup and Security Features.

Network Topologies: Frame Relay, ISDN, Gigabit Ethernet, OSI and TCP/IP layered architecture.

LAN: 10/100/1000 & 10 GBPS Ethernet

WAN: MPLS, Frame Relay, Dialup, VoIP, Cisco Routers and Switches, CSU/DSUWLAN: IEEE 802.11, PHY and MAC layer functionality, WLAN controller/Aruba/Meru

Operating Systems: Windows Servers 2003/2008/2012, Windows 7, Windows Vista, Windows XP troubleshooting.

Sniffers: Solar winds, Wire shark.

Scripting: Python and Shell scripting

Tools: Tufin, Rank, Firemon, Fluke, MS Visio.

PROFESSIONAL EXPERIENCE:

Confidential, Irvine, CA

Sr. Network Security Engineer

Responsibilities :

• Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
• Configured VLAN’s, Private VLAN’s.
• Migrated complex, multi-tier applications on AWS. Defined and deployed monitoring, metrics and logging systems on AWS. Migrated existing on-premises applications to AWS
• Monitored infrastructure with Nagios like Firewalls, Servers, Services, Network devices, applications, web portals etc. Resolution of tickets fresh & pending
• Selecting appropriate AWS service to design and deploy an application based on given requirements.
• Experience with MP-BGP and MPLS LDP protocols.
• Worked as a lead consultant for a consultation project to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall.
• Review and optimize firewall rules using Tufin SecureTrack and run firewall audit reports. Migrated datacenter firewall rules for Yum Global based on Tufin Analysis/query and Reports.
• Managed and Supported all of Bluecoat ASG S500-20, S400-40, Reporter and Management Center devices in the Yum Network.
• Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
• Worked on wild fire advanced malware detection using IPS feature of Palo Alto.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configured rules and maintained Palo Alto Firewalls & analysis of firewall logs using various tools.
• Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
• Design for Guest Network and Mobile Access Network for NAC Solution, comprising of a Wireless LAN Controller solution in DMZs/Internet Gateways with Cisco ISE Appliances for NAC.
• Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of Cisco ISE Appliances in all WAN Consolidation Points, and Data Centers.
• Configured virtual servers, nodes and load balancing pools on the F5 LTM 6400, 6800 devices for various medical/biomed applications and their availability
• Experience using Identity Authentication technologies, including Active Directory, LDAP, RADIUS TACACS, RSA, 802.1X, NAC, and token-based systems.
• Worked on Cisco ISE v2.1, ACS for providing secure network access.
• Responsible for Juniper SRX firewall management and operations across our corporate networks.
• Design, and configuring of OSPF, BGP on Juniper Routers and SRX 5400/5600Firewalls
• Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
• Configure various LAN switches such as Cisco catalyst 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Worked on Datacenter Migration project to migrate the existing 6509, 4509 devices to a Nexus 7010, 5010 and Nexus 2248 FEX based solution.
• Maintained and created scripts in Python that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements
• Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018, FCOE using Cisco nexus 5548.
• Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
• Perform ISSU upgrade on Nexus 7010 devices by operating the supervisors in active/standby mode on the devices by determining ISSU compatibility.
• Experience on working scripting languages Power Shell and Perl for code upgrades and configurations of devices.
• Testing and Verification of Cisco core routers CRS-1 and GSR-12000
• Configuration and troubleshooting of EIGRP, OSPF, BGP, CSM, integration with ASA devices.
• Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
• Configured EBGP load balancing and ensured stability of BGP peering interfaces
• Conducted on site QOS testing and prepared reports for the engineering team on ways the networks could be improved
• Implemented site to site VPN in Juniper SRX as per customer. Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.

Confidential, Washington DC

Sr. Network Security Engineer

Responsibilities:

• Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E.
• Involved in Firewall Policies implementation to meet access requirements of various teams. Worked on Cisco ASA/Juniper SRX Firewalls primarily with tasks involving policy changes, policy management as per vendor/client requirements add/design policies
• Worked on OSPF, BGP and EIGRP routing protocols, sub-netting, NAT, DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP, RTSP & Multicasting protocols
• Implementing 3750 Stackable switches using Cisco Stack Wise technology. Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow.
• Design and implement Catalyst/ASA Firewall Service Module for various LAN’s.
• Working on Cisco ASA 5525,5580, Juniper NS5400, SRX550
• Deploy and support network load balancers, such as F5 LTM/GTM and configuration (Profiles, I Rules) of F5 Big-IP LTM-6400 load balancers
• Configured Virtual servers, pool, pool members, worked on load balancing methods for LTM
• Built B2B VPN connections to 3rd party vendors for access to branch facility and Data Center applications.
• Designed 10 gigabit networks using Cisco Nexus 7000 series switches, Cisco 3800 series routers
• Configuration, troubleshooting of Palo Alto Firewalls - PA200, PA 2K, PA 3K, PA 4K and PA5K series as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Created VSYS Builds from ASA to Palo Alto Panorama Database Zone, Access Zone.
• Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
• Monitoring and configuring Cisco 7600 routers and replaced old 6500 and WAN routers from DR testing site at data center.
• Used Fluke tool for monitoring WAN (both MPLS & ST) traffic and Wireshark for LAN traffic.
• Working Knowledge on wireless devices (5508,7500 WLC Controllers and 2500,3600,3700 Access points.
• Worked on Solar winds Orion for analysis and monitoring purposes.
• Performing SIP protocol packets flow using Wireshark.
• Worked on Infoblox for creating the DNS entries, A records and CNAMEs.
• Configuring VDC, VPC and FCOE, upgrading NX-OS for Nexus Family Switches.
• Provided proactive threat defence with ASA that stops attacks before they spread through the network.
• Maintaining and troubleshooting SAN backup networks.

Confidential, Plymouth Meeting, PA

Network Engineer

Responsibilities:

• Deploying Cisco routers and switched such as 7200, 3800, 3600 and 3500, 4500, 5500.
• Escalating customer problems to management and support groups utilizing standard escalation model.
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• Correlates call issues with WAN performance for advanced troubleshooting
• Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices
• Configured and maintained SSL VPN, IPSEC VPN on ASA, Palo Alto and SRX series firewalls, Site-to-Site VPN between ASA Firewall and router
• Responsible for Data Center Migrations and its operations.
• Secure authentication, redundancy and troubleshooting issues on BIG-IP LTM, ASM, APM and edit policies on F5 network access control.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experienced in configuring Cisco ASA firewalls in various contexts and modes to have the network secure.
• Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN.
• Experience in migration from Cisco infrastructure to Juniper MX routers and switches such as EX and QFX-3500, QFX-5100
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall
• Implement changes to the firewall rule base, network routing tables and ACL to allow only authorized users to access the servers.
• Check for DNS issues by pinging the server’s name. Experience with Wireshark, Test TCP& OPNET
• Created security policy according to user’s requirement in Cisco ASA-5580, Juniper-SRX-5800 and ISG-1000 Fire-wall using CLI & GUI.
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a data center access architecture
• Installed Juniper firewalls to replace existing Firewalls which increased network uptime.
• Experience in Layer 3 Routing protocol configurations: EIGRP, OSPF, BGP.
• Worked as senior engineer with Avaya System PHI migration, merging Voicemail system, custom dial planning.
• Provided installation and initial user configuration of Nexus switches at the data center and providing IP addressing and different user session priorities on the switch.
• Designed and deploy various network security & High Availability products like Cisco ASA other security products
• Coordinate and perform VPN Lan2Lan as well as Remote VPN and Firewall security policies as well as NAT Configurations.
• Implemented Security policy by Configuring PIX firewalls.
• Implemented TCP/IP,TFTP and related services like DHCP/DNS/WINS

Confidential

Network Engineer

Responsibilities:

• Develop and implement strategies to support the current and future needs of the company.
• Configured Cisco 2600/3600/7200 series routers using RIP, OSPF, EIGRP and tested authentication.
• Worked extensively on Checkpoint firewalls for analyzing firewall change requests and implementing changes into existing firewall policies, maintaining security standards
• Troubleshooting complex Checkpoint issues, Site-to-Site VPN related. Performed upgrades for all IP series firewalls from R75-R77.
• Migrated the rules from Checkpoint firewalls to ASA firewalls
• Identifying technical problems and debugged hardware and software related to LANs/ WANs.
• Implemented redundancy in Big IP F5 loads balancers to provide uninterrupted services to clients.
• Implementing and configuring F5 LTM for VIP and Virtual servers as per business needs.
• Switching related tasks included implementing VLANS, VTP and configuring ISL trunk on Fast - Ethernet channel between switches.
• Configured and implemented Nexus 5K and 2K in lab environment
• Created network diagrams under senior supervision using MS VISIO.
• Resolved all computer related problems, monitored and maintained system functionality and reliability by identifying ways to prevent system failures.

Confidential

Support Engineer

Responsibilities:

• Configuring RIP, EIGRP protocols and IP sub netting.
• Troubleshoot connectivity issues involving VLAN's, OSPF, QoS etc.
• Resolving routing and switching related real time performance issues.
• Performance monitoring of various applications and web servers to maintain quality of service and network stability.
• Connected switches using trunk links and Ether Channel.
• Designed ACLs, VLANs, troubleshooting IP addressing issues and backing up of the configurations on switches and routers.
• Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with PIX Firewalls
• Troubleshoot and Worked with Security issues related to PIX firewalls
• Experience with converting Cisco 6500 IOS to Cisco Nexus NX-OS in the data center environment.
• Provided testing for network connectivity before and after install/upgrade
• Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
• Responsible for creating and maintaining diagrams and documentation of network systems.