PROFESSIONAL SUMMARY:

• Skilled Engineer with over 6+ years' experience refining workflow processes and improving organizational efficiency. A problem solver that eagerly tackles complex networks drawbacks to reveal their most useful insights. My background has consistently proven a strength; providing a unique perspective and process for understanding complexity. Identifying inefficiency and offering creative solutions.
• Demonstrated experience focusing on Network Operations, Security, Risk Assessments, System Administration, Security Control Assessments, IT audits and managing Data Centers. Long term committed to information security. Focused and detail - oriented problem solver with strong organizational and communication skills.
• Experience working on Installation, Configuration and Troubleshooting of Routers and Switches.
• Expertise in working with IP addresses, wireless networks.
• Thorough knowledge of OSI & TCP/IP layered architecture.
• Knowledge about VPN, Firewalls and Load Balancers.
• Proficient knowledge of Cisco Routers and Switches.
• Security architect with working knowledge of cyber security management industry standards and controls such as ISO and NIST 800-53 Rev 4.
• Security compliance manager with working knowledge of industry regulations such as GDPR, PCI, SOX, and FISMA.
• Deployment of enterprise firewalls (Palo Alto Networks, Cisco ASA, Check Point) in production environments.
• Check Point Firewall Deployment, Upgrade and Administration.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
• Configuration of Access lists (ACL) on Checkpoint firewall for the proper network routing for the B2B network connectivity.
• Detail-oriented and proactive with strong troubleshooting communication and analytical abilities.
• Passionate about keeping abreast with new technologies, adept at root cause analysis and finding optimal solution.
• Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7k, 5K, 2K series, Cisco router models like 12k, 10k, 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
• Experience in working with Cisco Merkai routers, switches and access points.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Collaborated, as part of a project team, to automate SOC procedures through implementation of new tools such as Splunk, Phantom and Resilient while integrating functionality with existing security tools and infrastructure.
• Protocols Awareness: OSPF, EIGRP, RIP, BGP, HSRP, ACL, VTP, NAT/PAT, CDP, SSH, HTTP, HTTPS, NTP, SNMP, ARP, STP (802.1D), SNMP, DNS & DHCP.
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, HP Web Inspect, Hp Fortify, Accunetix
• Experienced in performing risk assessments, penetration testing, and performing network / application vulnerability assessments.
• Extensive knowledge of Switching concepts, platforms Spanning - tree protocol (RSTP, PVSTP+, 802.1q trunking), CEF, ARP, DHCP snooping, TCAM, Dynamic ARP inspection, IGMPv2/3, 3k, 4k, 6k platforms, SUP720/32, SUP6E/6LE/7E/7LE/8
• Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit and and HP Fortify.
• Hands on experience on Azure VPN-Point to Site, Virtual networks, Azure Custom security, Endpoint security and firewall. Hands on experience on Backup and restore Azure services.
• SIP gateway deployments focused on Audio Codes, SBA, SBC.
• Experience designing and implementing load balancing solutions for large enterprises F5 Big-IP LTM and GTM load balancing concepts including pools, VIPs, SNAT and iRule development
• Experience designing global DMZ architectures across Tier 2,3 and 4 datacenters.
• Carrying out installations and configuration of multiple DMZ's on Juniper and Palo Alto firewalls, NATing and regularly overseeing the firewall logs and other activities to ensure the security of the data.

TECHNICAL SKILLS:

Programming Languages: C, C++, Java 6/7/8, Java/J2EE, Scala, Python, UML, Shell Scripts, HTML, PHP, JavaScript, SQL and MATLAB

Routing Protocols: OSPF, EIGRP, HSRP, VRRP, GLBP, BGP, HTTP, Frame Relay, RIPv1/v2, NTP, PPP multilink, VoIP, QoS, RIP, RIP-2

Layer 2 protocols: VTP, STP, RSTP, MST, VLANs, 802.1Q, ISL.

Security: ACL, NAT, PAT, GRE Tunnel, IDS, IPS, RADIUS, TACACS+, Firewall Design, VPN Configuration

IP suite: DHCP, DNS, FTP, SNMP. SMTP, TFTP, HTTP, HTTPS, IP SLA, SYSLOG, NTP,CDP, L2VPN, L3VPN, VPLS, VPRN

Hardware: Layer 3 Switch: 6500, 4300, 3700, 3600, 3500, 2900, 1900 series.

Routers: 4300, 3800, 2800 series.

AAA Architecture: TACACS+, RADIUS, Cisco ACS

LAN: VTP, Inter-Vlan routing, STP, RSTP, PVST, 802.1x, TCP/IP, Trunks, Ethernet channel.

WAN: PPP, HDLC, Channelized links (T1/T3), Fiber Optic Circuits, Frame Relay, MPLS, VPN

CISCO Router platforms: 2600, 2811, 3640, 3700, 3825, 7200, 7204, 7206, ASR1002X, ASR9K

CISCO Switch platforms: 2900XL, 2950, 2960, 3560, 3750X, 4500X, 4510, 6509E, Cisco PIX 500

Juniper Platforms: MX80, MX240, MX 480, MX960, M320 and T640 routers, EX 2200, EX 4200, EX 4500, MX-480, M Series, SRX210, QFX, Q-FABRIC, PTX series

Aruba Platforms: S2500 switches, 7200, 3600 series wireless controllers, Aruba IAP 105

Operating systems: Windows XP,7,8,10, MAC OS, Oracle Solaris UNIX

Linux: Debian, Ubuntu, RedHat 4/5, Kali(Backtrack)

PROFESSIONAL EXPERIENCE:

Confidential, CHATTANOOGA, TN

NETWORK SECURITY ANALYST

Responsibilities:

• Responsible for testing and certifying intra and extranet design and deploy mentation.
• Responsible for ongoing support of netbond product line and to work with the design team follow up on that emphasis on developing comprehensive test plans from designs
• Developing test scenarios that stress and validate new feature and protocols from Network vendors
• Building lab test beds from cabling to logical configuration
• Using equipment to simulate customer traffic and data flows at high volumes
• SME level in OSPF, BGP; MPLS/LDP; BGP Strong Software Defined Network
• Worked extensively in Configuring, Monitoring and Troubleshooting MX960/EX series switches configuring VLANs/routing/NATing with the firewalls as per the design.
• Responsible for certifying Junos 15.1 15.2 15.2 x 16.1 16.2R1 16.2X according to the client’s requirement.
• Responsible for supporting customers over Skype for business and IP phone.
• Involved in complete LAN, WAN, Extranet redesign (including IP address planning, designing, installation, pre-configuration of network equipment, testing, and maintenance)
• Experience working with BGP attributes such as Weight, Local-Preference, MED and AS-PATH to influence inbound and out bound traffic
• Responsible for certifying MPC7E and MPC3E line cards with desired protocols and test scenarios.
• Capturing packets and analyzing using Wireshark.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Utilized the Blue Coat Proxy, SIEM, SOC, Tufin, Algosec, IPS/IDS.
• Experience working with MX960 and traffic generators like Spirent and Ixia.
• Create Proof of concept, conduct trials, automate provisioning with performance monitoring, IoT/M2M, provisioning, mobile service management, real-time engagement, support diagnostics, billing and business automation for SDN /NFV, IOT for ALU Nuage networks, Cisco ACI, Jasper control center, Axeda, DSC, Ayla cloud IOT platform, Juniper contrail, HP SDN controller.
• Extensive knowledge and troubleshooting in data communication protocols and standards including TCP/IP, UDP, IEEE 802.3
• Experience in Configuring, upgrading and verifying Junos operation system
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configuring IPSEC VPN on SRX series firewalls
• Worked on Junos switches EX4550 and EX4600.
• Configuring ASA Firewall and accept/reject rules for network traffic.
• Other responsibilities included documentation and supporting other teams
• Involved in Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, InterVlan routing and LAN security.
• Experience in both SAML based and Agent Based configurations in PingFederation
• Worked on multi-factor Authentication integrations like RSA PingID and Yubikey and engaging in the usage of other protocols like OAuth.
• Integrated with third party application using SAML 2.0 protocol, OAuth and managed both IDP and SP connections using PingFederate
• Performed user acceptance testing on Intel chips with Cisco 1200 wireless access points to test AES, WEP encryption and RADIUS authentication using tools e.g. Spirent, IXIA chariot and WL proprietary VB scripts.
• Setting up and troubleshooting 802.11*, 802.1x security mechanisms, wireless data technologies, RF analysis equipment, sniffers, TCP/IP protocol, PC platforms, device drivers.
• Use and maintain routing protocols OSPF and BGP on the Routers in the network
• Experience with in designing, architecting, deploying and troubleshooting Network & Security infrastructure on routers, switches (L2/L3) & firewalls of various vendor equipment.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550)
• Expertise in configuration of routing protocols and deployment of OSPF, BGP and policy routing over Juniper routers.
• Experience with design and deployment of MPLS Layer 3 VPN, MPLS Traffic Engineering, MPLSQOS

Confidential, CHICAGO, IL

ASSOCIATE NETWORK ANALYST

RESPONSIBILITIES:

• Involved in configuring IP Quality of service (QoS)
• Experienced in WAN environments, installing and troubleshooting data circuit problems (MPLS, T1)
• Involved in designing and applying QOS and policy map to 2800 series routers for all the branches
• Involved in designing GRE tunnels for encryption of data flow from source to destination
• Implementing VoIP solutions using SIP & H.323, also have sound knowledge of Avaya VoIP product
• Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
• Deployed the final product on Cleardata cloud services that has server hardening to support HIPPA applications.
• Deployed Avaya VoIP enabled PBX equipment running on a Cisco IP network. In addition, rolled out IP Telephony and QOS throughout the network to support VOIP and Video applications on various Cisco PoE switches.
• Participated in a team performing the design, installation, configuration and administration of PKI Services
• Integrated PKI with Airwatch, Cisco ISE and Secureauth SAML applications
• Deployed Key Management Solution for the Data at rest project to encrypt physical Storage systems using Safenet Key Secure, IBM Secure Key Life Cycle Manager (SKLM) solution and HP Enterprise Secure Key manager (ESKM).
• Deployed the migration from SHA-1 to SHA-2 certificate signing algorithm to drive the NIST /NSA initiative for compliance and audit purpose.
• Configured VOIP Peer - Used for handling connections to the IP network & POTS Peer - Used for handling connections to the E1/T1 trunks. Full redundancy was provided using HSRP (Hot Standby Routing Protocol) and redundant links using OSPF or Per-VLAN spanning tree
• Hands-on experience on Checkpoint Firewall R77, Palo Alto and Cisco ASA 5520 firewalls.
• Experience on Check Point Firewalls NG, NGX R65, R70, R75, R77, NSX (VMware Network).
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server.
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Implementing SDN /NFV technologies like SR-IOV, DPDK, NFV, and VNF and providing solution for Contrail Networking, vRouter and Orchestration (NSO) framework.
• Duties include training on SDN /NFV, open flow, Red Hat Open stack, Install, build and run IaaS Cloud ( AWS Cloud ) Design and deployment.
• Implemented an SDN like architecture in the research lab using Open Daylight/HP VAN SDN controller on OpenStack. Involved in the complete software development cycle of "Zero touch provisioning".
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS, switching (VLANS, VTP Domains, STP, and trucking)
• Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
• Experience with Project documentation tools & implementing and maintaining network monitoring systems (Cisco works & Net info, Info man Virtual Change) and experience with developing network design documentation and presentations using VISIO.
• Design NFVsolution (VNF's(Open vSwitch, vRouter, VCloud, vCPE, vFW) using orchestrator & SDN controllers (openstack, ODL, Juniper Contrail,)
• Administration, monitoring, alarming, and KPI scripting of Nokia Siemens MMSC, ECA, Open wave SMTP, Cloud mark Ant spam, AGW, and NEMS platforms &prevention AS for email to SMS/MMS and vice versa.
• Understanding & Implementation of IPSEC & GRE tunnels in VPN technology.
• Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
• Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS.
• Implementing & Troubleshooting of T1, MUXES and CSU/DSU and data circuits.
• Have experience with Cisco Works LAN Management Solution.
• Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.

Confidential, SPRINGFIELD, IL

NETWORK SECURITY ENGINEER

RESPONSIBILITIES:

• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE), VPN
• Configured Firewall and updated rules (Palo Alto/Cisco ASA)
• Handling incident management and change management.
• Configured, troubleshoot and maintain site to site IPSEC VPN connectivity between Checkpoint to Checkpoint and Checkpoint to ASA.
• Hands on in connecting VM with remote Desktops, adding Virtual HDD to VM's, managing and Scaling the VM's and capturing image from VM and Managing Azure Services from Cross-Platform Command Line Interface.
• Managed, operated and analyzed results from Sourcefire (Cisco Firepower) & NGIPS.
• Configured and performed troubleshooting routers and switches.
• Join-me, Tivoli, LDAP, etrust RSA Secure ID, Tivoli ITIM, VPN client, Remote Desktop within a W2008 Server, Windows 20012, Win7, Win8 and UNIX environment. Use of Google Chrome books, Chrome OS, Mac IOS 10.x 8, Virtual Box, VM Workstation.
• Working knowledge of digital signatures, Certificate Services, Hashes, Federated Identity management (FIM) and SAML. Direct experience with e-Government(e-Gov), e-Authentication(e-Auth) Initiative Level 1 and Level2 authentications.
• Tivoli Identity Manager v.4.5, IBM Secureway LDAP, Fiscal Services LDAP, TAM, Michigan Tool Ldap, Siteminder, TAM, AIX, Secure Shell(ssh), Connect Direct, Sybase, etrust PKI, RSA Secure ID), Rational Clearquest, Sun Identity Manager(IDM5).
• Worked with various IRS in-house backend application programs: Mef, IRFOF, E-Services, IFS, ITNS, TDS, etc. Additional work included: SiteMinder, Etrust, WebSphere, Tivoli Packaging, etc.
• Updated routes and ACL (Access Control List)
• Initial requirements analysis, NIST SP 800-53A rev4 and NIST SP 800-63-2, FISMA Compliance.
• Configuring iRules on network based F5 Load balancers with software module GTM
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
• Configuring, Administering and troubleshooting MPLS, Cisco routers and ASA firewall
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of MPLS, DHCP and VPN networks
• Technically supported in configuring, troubleshooting and analysis of customer’s networks related to Cisco Identity Services Engine (ISE)
• Experience with deployment of Symantec DLP - Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
• Monitor and investigate SOC incidents and alerts with Splunk, SourceFire and McAfee EPO
• Provide consultation services on multiple security solutions including FireEye, SourceFire, FirePOWER, Cyance, & InfoBlox.
• Experience in working on Symantec HIDS / HIPS CSP solution for FIM (File Integrity Monitoring) and prevention policies including detailed policy creation/ application and Alert configuration
• Experience in McAfee SIEM Security Event Monitoring and incident response activities in Security operation center ( SOC )
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Build Site to Site IPsec based VPN Tunnels between various client and business partner sites
• Troubleshooting connectivity issues with in the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third-party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
• Implement Cisco Secure Access Control Server ( ACS) for TACACS+.

Confidential

Jr. NETWORK SECURITY ENGINEER

RESPONSIBILITIES:

• Maximized network performance by monitoring, troubleshooting network issues and outages, upgrades and optimized performance of complex network, end user support.
• Performed the review of a newly implemented Security Incident and Event Management (SIEM) system. Reviewed technical specifications for SIEM, logging and proposed recommendations to improve the overall deployment of the solution.
• Assisted in the installation, configuration and maintenance of heterogeneous multivendor network.
• Proactively worked with ISPs to address bandwidth expansion need and for rectification of network outages.
• Configured protocols: RIP, OSPF, EIGRP, BGP, IGP, MPLS, VTP, SNMP, SMTP, ARP, TCP, UDP, IS-IS, VPN, VLAN, VTP, SSH, FTP, SFTP, VOIP.
• Used Monitoring Tools/Hardware: VMware, SolarWinds, F5, Cisco Works, Logic Monitor, Cisco Security Manager Suite, DNS Servers, DHCP Servers, NTP Server, TFTP Server, Exchange Server, Blade Servers, Web Servers.
• Set new network security objectives along with outline of current network; Choose associated security technologies, software and hardware, including the Cisco IOS firewall, PIX Firewall, AAA service with TACACS+ and RADIUS, Cryptograph method, VPN, VPDNs, IDS, CBAC/CAR/RPF; Implement Security system installation, configuration and test
• Assisted in the installation, configuration and maintenance of internal network at the organization.
• Experience in configuration, diagnosis and troubleshoot for Web and Application filtering, Antivirus - Antispam, IDS-IPS, VPN, Bandwidth management and Multiple link management.
• Troubleshooting skills and experience in using network security tools: Wireshark, TCP Dump.
• Reported security findings, recommendations and presented to the business users, executive committee and Compliance departments
• Responsible for building, installing operating systems and business as usual troubleshooting and support/administration of Sun and IBM UNIX systems. Hardware support included Sun E220, E420, E450 and Sunfire V240, V440 and V480 systems as well as IBM H70, B80, M80, S80 and eServer P650, P690 and P590/595 systems, EMC SAN with Symmetrix and CLARiiON storage with virtualization
• Implemented IBM AppScan standard, source editions, HP WebInspect and QualysGuard cation scanners. In addition, the security tools Metasploit and BurpSuite were utilized for manual penetration testing
• Performed Static and Dynamic Analysis and Security Testing (SAST and DAST) for various applications as per firm's security standards (i.e., OWASP, SANS 25)
• Working knowledge of networking concepts: TCP/IP, HTTP, HTTPS, FTP, DNS, DHCP, NAT, ARP, VLAN etc
• Provide administration, security, backup and recovery of all system data, email, anti-virus and database.
• Successfully installed and configured Palo Alto PA-3050, PA-5050, PA 7000 series firewalls to secure zones of network (Application and URL filtering, Threat Prevention, Data Filtering).
• Configured and maintained IPSEC, SSL Decryption, high availability, port mirroring, SSL VPN's on Palo Alto Firewalls.
• Implemented Zone Based Firewalling and Security Rules.

Confidential

INTERN NETWORK ENGINEER

RESPONSIBILITIES:

• Worked on firewall Policy administration and user requests.
• Centrally managed all firewalls using Palo Alto Panorama M-100 management server.
• Researched, designed, and replaced aging with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Configured firewalls for wild fire feature of Palo Alto.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Troubleshooting connectivity issues within the server zones of the Data center
• Amplifiers & Base station, networking elements, interface & protocols, IPv4/v6, TCP/UDP, SSH, SSL/ TLS, and DNS with knowledge of test and emulation equipment for mobility networks.
• Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).
• Worked on Upgrade from 3550 series switches to Cisco 6509 Catalysts. Design, implementation and support of the core network (Spanning tree re-design, Trunking, VLAN setup). 3rd. level support for both LAN (Gigabit Ethernet) and WAN mainly consisting of Frame-Relay and ATM circuits
• Responsibilities also include technical documentation of all upgrades done
• Design, execution of installation and configuration of VPN, LAN/WAN as per organizational requirements.
• Used DHCP to automatically assign reusable IP addresses to DHCP clients
• Involved in troubleshooting of DNS, DHCP, and other IP conflict problems
• Upgrades and backups of Cisco router configuration file to a TFTP server
• Troubleshooting connectivity issue between PE-To- CE Devices.
• Hands on experience in Maintaining and troubleshooting of Cisco Devices (Router, Switch & ASA)
• Coordinating and Escalating of issues to Different Service Providers for the WAN outages to resolve the issue well within the SLA.
• Coordinating with Data Centre Engineers for replacement, reseating, break fix of faulty devices and changing of the cabling related issue.
• Engaging with the service provider in performing the tests on the live network to isolate the issue