- 9+ years of IT experience in implementation, troubleshooting and maintenance of complex Network & Security devices.
- In - depth Cisco technology experience/knowledge in design, implementation, administration and support.
- Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
- Network security including NAT/PAT, ACL, VPN Concentrator.
- Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
- Worked on Load BalancerF5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
- Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology.
- Working experience on tools and devices like Gigamon, SourceFire, Fireeye, Aruba, Cisco ASA, Cisco ISE
- Configuration and troubleshooting of CISCO & ARUBA wireless devices.
- Well experienced in configuring gateway redundancy protocols like HSRP, GLBP, PPP and SNMP.
- Juniper: EX-2200,EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240
- Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience
- Implementing and Troubleshooting Cisco Routers (2800,2900,3900,3800,7600) using Static, RIP, IGRP, OSPF, EIGRP& experience with Checkpoint, Cisco PIX & ASA devices
- Configured Aruba WAP and Wireless controller 66xx/57xx on Cisco Prime, VMWare NSX for proper access of Boingo wireless internet
- Extensive Experience in System Testing of Wireless LAN Products. Good understanding of IEEE 802.11a/b/g/n Technologies. Understanding and debugging the problems.
- Experience with Troubleshooting tools for example protocol analyzers, load generators & network traces
- Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NAT’ing, sub-netting, also including DNS, WINS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP& Multicasting protocols
- Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches
- Implementing 3750 Stackable switches using Cisco Stack Wise technology. Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow.
- Good domain knowledge in Linux source code 2.6x & Shell scripting
- Network Security - Anomaly Detection in Attack Prevention System, Network and Host IPS/IDS, Cisco PIX firewall, Vulnerability scanning, Penetration testing, Buffer Overflows, Cross Site Scripting,
- Cisco Pix Firewalls (525, 520, 515, 506), VPN Concentrator 3000 series, Cisco IOS Firewall feature set (IOS 12.X).
- NetScreen Firewalls (NS-5XP, NS-5GT, NS-500)
- Palo Alto Firewalls (PA-3000 and PA-6000 series)
- Implemented QoS using FIFO, Weighted Fair Queuing, Priority Queuing, Custom Queuing, RSVP, RED, CAR.
- Implemented SNMP on devices to allow for network management
- Implementation of HP Open view Server for network management.
- Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
- Excellent Verbal, written communication skills and Interpersonal skills with ability to work with large teams as well as independently with minimum supervision & Team Player
Security: Anomaly Detection in attack prevention system, IPS/IDS, Penetration Testing and Web application testing, Buffer Overflows, Session Management, Cisco PIX, and Security attacks like DoS, DDoS, Spoofing, Nexus & Cisco IOS, Cisco Works
Protocols & Standards: TCP/IP Protocol Suite, Ethernet, Token Ring, FDDI, OSPF, EIGRP, Rip, BGP, HSRP, L2/L3/L4/L7 Switching, VLAN s, VTP, IPv4, IPv6, ATM, VoIP, LAN, SSL, SNMP V1, V2. T1, DS3.
Networking: Operations Research, Cisco Routers (800, 2600, 2800, 3800, 4331, 4500), Switches (2950, 3560, 6500), Snort network intrusion detection systems (IDS). Network penetration testing tools like NMAP, Netfilter, IPTables, Ethereal, SONNET, MPLS, DSU/CSU
Confidential, Urbana, MD
Sr Network Engineer
Responsibilit i es:
- Participatedinmeetingswithbusines sunitsandsolutionarchitecttogath erinformationfor new projects.
- Worked on c ommissionin g of catalyst 2900, 4500, 6500series switches, Nexus 5K/7K/9Kalong with FEX. U pgraded IOS/NX-OS from default version to c ompany standard s.
- Worked with SiteOp s team to get the servers and sw itches racked/sta cked and cabled.
- Involved in configur ing ACS for TACA CS+ authentication for n ewly added n etwork devi ces.
- Configured L2 sw itching techno logy including n ew VLAN s, VTP, STP, inter VL AN routing, HSRP/VRRP.
- Involvedinconfigurationofvarious7200seriesrouters with WAN team to include newly added networks in ex isting routing policy.
- Configured ACE/ CSS/F5loadbalancersforserverloadbalancing, healthcheck, and SSL offloading.
- Commissioned Checkpoin t Firewalls: Virtual a s well as SPLAT firewa lls.
- Designed and implement ed various Rule Base Pol icies, NAT, and Anti-spoofing for Checkpoint and Netscreen Firewalls.
- Exposure of large complex Checkpoint, Cisco ASA & Palo Alto Firewalls Environment.
- Checkpoint, Cisco ASA Firewalls, Catalyst 6509 Switch/Routers, Palo Alto & Juniper SRXs. Routed/Routing Protocols: BGP, OSPF, and MPLS
- Experience with F5 load balancers and reverse proxy design and setup.
- Utilized working knowledge of Smart View Monitor, Smart View Tracker, Smart Dashboard and Audit tools of Che ckpoint Firewalls.
- Utilized expertise of reading Firewall logs along with tools such as TCPDUMP and FW monitor on command line to monitor active traffic on firewalls in order to troubleshoot many connectivity issues.
- Actively worked w ith LAN/WA N engineering as a t eam to resolve ID CN connectiv ity issues.
- Helped new team members to understand existing infrastructure as well as process to bring them up to speed.
- Prepared/updated Visio runbook diagram for support as well as helped different groups to update BU specific runbooks.
- Researched, designed and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
- Successfully installed Palo Alto PA 3060 firewalls to protect datacenter and provided L3 support for routers/switches/firewalls.
- Working with the rule base and its configuration in Cisco ASA, Palo Alto, Juniper and Checkpoint firewalls.
- ActivelyParticip atedinChangeControlmeetingstopresenthighimpactchangestobecarried out.
- Exhibited strong Project Management skills, Conducted network ba selines and made necessary recommendation s.
- Provided 24X7 pr oduction supports during handover of proj ects to SBU and provided 2nd level on-call support on routinely basis.
Environment: CiscoCatalyst6500, 4900, 2900seriesSwitches, Nexus5500, Checkpoint/ Juniper Firewalls, Cisco.ACE (ACE20), CSSandF5LoadBalancers, GIGAMON/GTAP, Cisco ACS for authentic ation, Routing Protocol (BGP), DNS Infoblox, IPAM, HPNA, Cisco Works.
Confidential, Berkeley Heights, NJ
Sr. Network Engineer
- Experience in working with Nexus 7010, 5548, 5020, 2148, 2248 devices.
- Experience in configuring vdc, fex pinning, fex port-channel, port-channel, peer keep alive, peer link.
- Implementing and Maintaining Network Management tools (OPAS, Solar Winds, Cisco Works)
- Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed
- Experience with migrating the Partner IPSEC VPN tunnels from one data center to another data center.
- Implemented Positive Enforcement Model with the help of Palo Alto Networks
- Experience with deploying the Layer 3 MPLS VPN in all the Branches and Campus locations.
- Replace Campus Cisco 6509 End of Life hardware with new 4507/4510 devices.
- Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations.
- Handling Modern related issue like that of RAD & Aruba.
- Work with the Cisco Meraki Sales team and on strategic sales initiatives like customer outreach and channel training to grow business in targeted regions.
- IOS upgrade in Nexus 7010 through ISSU (In service software upgrade)
- Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tuning AS-path.
- Worked on Juniper J series j230, M 320 routers and EX 3200 series switch.
- Involved in the modification and removal (wherever necessary) of BGP from the MPLS routers.
- Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
- Responsible for Checkpoint firewall management and operations across our global networks.
- Working with Checkpoint Support for resolving escalated issues.
- Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
- Involved in knowledge Migration to Cisco Meraki in wireless and connect with cloud security and management
- Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
- Subject matter expertise supporting and maintaining F5 Big-IP load balancers
- Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
- Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches.
- Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment
- Experience with Project documentation tools & implementing and maintaining network monitoring systems and experience with developing network design documentation and presentations using VISIO
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX
- Security appliance, Failover, DMZ zoning, & Configuring VLANs/routing/NATing with the firewalls as per the design.
- Decommission serial T3 circuits and replace with MPLS circuits. MPLS clouds were provided by carriers ATT, Verizon or Level 3.
- WAN Pilot project to convert branch from dual T1 circuits to iWAN only broadband circuit. To Enable Internet WAN connectivity for the Lab in Hauppauge. Test and turn-up IWAN link and disable the 2 existing T1 circuits, running branch on IWAN only. After testing was completed site will be placed back on either dual TDM circuits or TDM with IWAN backup circuit.
- Experience Branch Relocation: Connect workstation, servers, etc. Rack and stack Pre-configured new hardware and connect the circuits. Work with Carrier to test and turn-up circuits.
- Experience in design and implementation of new branch/New Campus test and turn up.
- Experience on troubleshooting of complex BGP and OSPF routing problems,
Environment: Router 2800, 3800; Cisco Catalyst Switch 3550, 2960. T1 Controllers, DS3 Lines (T3 Lines), Fiber and Ethernet cabling.
Confidential, Folsom, NJ
Sr. Network Engineer
- Experience in configuring routing protocols like EIGRP,RIPv2, OSPF & BGP and Cisco ACS protocols like RADIUS and TACACS
- Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS And IOS on CAT6500 in a complex data centre environment
- Coordinated with senior engineers with BGP/OSPF routing policies and designs, worked on implementation Strategies for the expansion of the MPLSVPN networks
- Working knowledge of Firewall service module FWSM UPGRADE, FWSM RULESET conversion
- Converting access-lists to Firewall rule sets on FWSM module with 6509-E Catalyst switches
- Involved in setting up Voice VLANs on distribution switches, and configuring access switches ports for AVAYA IP PHONES
- Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst switches
- Configuring PAGP and LACP protocol along with BFD link detection protocol
- Experience with hybrid CatOS to Native Cisco IOS code migration involving Catalyst 6503 to Catalyst 6504 switches
- Upgrading IOS on 2960 and using 2960 switch as a PAGP between VSS
- Working knowledge of PPP Protocol with Enhanced Flex WAN module on 6500 catalyst switch
- Involved configuring ppp multilink group, dialer group, PPP authentication protocols like PAP, CHAP
- Working knowledge of Terminal server and the configurations
- Installation of L3 Switching Engine policy Feature Card & Distributed Forwarding Card DFC3C
- Experience with design and implementation of Data center migration at NBC Universal
- Data center migration was involved in Access, Distribution and Core layers.
- Working knowledge with 10 gigabit Supervisor Engine 720 on 6500 catalyst switches
- Implementing 3750 Rack/Stack switches using Cisco Stack Wise technology
- Experience with migration Hybrid based Cisco CatOS and Native Cisco IOS on 6500 catalyst switches.
- Involved in migration of WLAN segment on the LAN Core. Also, involved in configuring wireless VLANS
- Working knowledge of configuring VOICE VLANS on core, Distribution layer switches
- Configured Access ports with Voice VLANS and Service Policy for VOIP Phones
- Experience in working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a flexible Access Solution for datacenter access architecture.
- Hands on experience installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in the core network
Environment: 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, 7206, 2611, 6748, 6708, 2960, T1 Controllers, DS3 Lines (T3 Lines), Fiber and Ethernet cabling
Confidential, Newark, NJ
- Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
- Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
- Experience in configuring routing protocols like EIGRP, RIP v2, OSPF & BGP and Cisco ACS protocols like RADIUS and TACACS
- Experienced in WAN environments, installing and troubleshooting data circuit problems (MPLS, T1)
- Involved in designing and applying QOS and policy map to 2800 series routers for all the branches
- Involved in designing GRE tunnels for encryption of data flow from source to destination
- Experience in migration of Frame-relay based branches to MPLS based technology using multi layer stackable switch like 6500 series and 2800 series router
- Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
- Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
- Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS
- Implementing & Troubleshooting of T1, MUXES, CSU/DSU and data circuits.
- Experience on designing and troubleshooting of complex BGP and OSPF routing problems,
- Involved in configuring IP Quality of service (QoS)
- Have experience with Cisco Works LAN Management Solution
- Implementing VoIP solutions using SIP & H.323, also have sound knowledge of Avaya VoIP products
- Experience with Project documentation tools & implementing and maintaining network monitoring systems (Cisco works & Netinfo, Infoman Virtual Change) and experience with developing network design documentation and presentations using VISIO
- Understanding & Implementation of IPSEC & GRE tunnels in VPN technology
Environment: Branch office environment with Cisco1900,2900 series switches, C isco 2500,2600,2800 series routers, Juniper and Cisco ASA Firewalls, CSS/ACE load balancers.
Confidential, Clifton Park, NY
- Involved in redesign of traffic anomaly system to increase the detection method and algorithm efficiency.
- Capturing data in the kernel stack and analyze the packets in various locations on the network stack
- Hands on experience with firewalls, firewall rules & Tool NetCool
- Distributed denial-of-service (DDoS) attacks on public servers have recently become more serious. A detection and defense mechanism against SYN flood Attacks has been proposed in previous work.
- Experienced in WAN environments, installing and troubleshooting data circuits (OC, T1, E1, T3, MUXES)
- Experience with SONET Multiplexing protocols and DWDM technologies.
- Understanding current vulnerabilities attacks and counter measures, assessing the impact of traffic on customer networks, conducting research on emerging security threats.
- Mentoring and training security analysts, creating and maintaining documentation for Traffic anomaly Sys.
- Experience testing of a prototype Traffic Anomaly system that monitors TCP/IP network traffic. Each network packet is characterized by the (source host, Source port, destination host, Destination port, Flag). The system monitors the network for the occurrence of mismatch, which represent unusual traffic patterns within the network.
- Experience installing & configuring of Cisco PIX, ASA & FWSM(Firewall service module)
- Evaluate, Analyze & Implement firewall policies to meet business requirements
- Experience in creating and maintaining firewall configurations, updating documentation and log analysis.
- Responsible for the implementation and maintenance of firewall based security zones (DMZ*s).
- Provide support to internal project teams by adding firewalls, switches and routers to managed DMZs.
- Assist internal project teams by determining rules that need to be added to the firewalls and identifying the proper routing and addressing for new devices in managed DMZ*s.
- Experience in troubleshooting of complex BGP and OSPF routing problems
- Experienced in SYSLOG analysis & Proxy servers
- Experience with network based F5 Load balancers with software module GTM & Checkpoint
- Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
- Experience with GTM F5 component to provide high availability with providing services across data centers
- Experience with Using LTM F5 component to provide 24“7 access to applications
- Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance
Environment: Corporate office architecture with highly reliable &secured network including Router Series(2800, 3600,7204), Catalyst Switch Series(2900, 4500,6500), ASA Firewal l(5505), Juniper Netscreen and Checkpoint firewalls, Cisco ACE Modules, Cisco ACS Server for Authentication, Web Application and Database servers, WLC (4402), AP ’s (1142, 1252) and Mon itoring Tool Ci sco Works.
Confidential, Rochester, MN
Jr Network Engineer
- Provide high level technical support, including identifying and resolving problems on Cisco supported products for e-Commerce infrastructure. This included external routing and internal/intranet routing for DMZ servers.
- Implemented cable multi-service operator (MSO) to capture traditional Telco subscribers with IP telephony and provide relevant QOS.
- Configured EIGRP, BGP, and MPLS.
- Configure Firewall, QOS by SDM and provide security by Prefix list, Access- List and By Distribution List.
- Moved Core switches and several non-Cisco devices under strict deadlines to maintain network functionality
- Implemented new ultra-secure networks in multiple data centers that included Cisco, Juniper security devices.
- Designed VLAN’s and set up both L2 and L3 logical to have it communicate to the Enterprise network.
- Scheduled preventive maintenance for fire-protection systems, including new protocols. Utilize MS Windows, Word, and Excel for reporting/documenting process.
- Satisfactorily Resolved Problems in timely manner with focus on providing a high level of support for all customers.
Environment: Assists the IT Manager to plan, direct, and control the technology infrastructure to include systems and services of the network infrastructure, Internet, security, desktops, Web server, and other network services provided to internal users, and the telephone systems.