SUMMARY:

Lead Network and Security Engineer with 15+ years of experience specializing in network & security technologies in Cisco, Juniper, CheckPoint, Cisco, Palo Alto, load balancers, InfoBlox, WAN accelerators and Confidential web proxy. A Dural CCIE ( R & S and Security with Lab: CCIE#9236), Palo Alto ACE, MCSE and CNE

PROFESSIONAL EXPERIENCE:

Confidential

Lead Network/Security Engineer

Responsibilities:

• Install/Upgrade/Configure/Troubleshoot Checkpoint physical and virtual firewalls (VSX with Gaia R77, R80 with appliance type of 13500 and 4800 series) and firewall central management appliance Smart1
• Configure/ troubleshooting redundant VPN tunnels over Checkpoint, ASA, Palo Alto and Juniper firewalls
• Involved actively on networking and security devices auditing and compliance report
• Checkpoint firewall IPS, Geo protection, URL filtering, threat prevention, DLP, SmartEvent and auto - update
• Packet capture on Checkpoint, ASA, Plao Alto and Juniper firewalls
• MarketData vendors network connections over private links using BGP and MPLS with VRF features
• MarketData, DMZ and Internet redundancy design and implementation over IBGP links between data centers
• Redesigned multiple remote offices network LAN and WAN as well as DMVPN networks
• Involved in data center relocation design and implementation and testing using Cisco nexus 7k/5k/3k/2k using VPC, VDC and OTV technologies
• Install/upgrade/configure/troubleshoot Juniper firewalls (Netscreen/SRX), ASA firewalls (7.x, 8.x, 9.x versions) and Palo Alto firewalls with panorama with VPN tunnels and URL filtering and SSL inspection
• Network vulnerability scan and assessment with Eeye and other network scanning tools
• Documented network security infrastructure using Microsoft Visio, power point or spread sheet including more than 50 site to site VPN vendor tunnels peer IPs, vendor contact info and business tester contact info.
• Support URL filtering and SSL decryption and inspection using Palo Alto Firewall
• Support virtual data center using Microsoft Azure network by setting up redundant VPN tunnels to Azure cloud network using BGP and IPSec vpn
• Installed and maintained low latency network using Arista 7148s and Cisco nexus 3548 switches
• Configured and support Multicast network using IP PIM sparse mode, Anycast redundant RP and MSDP
• Managed enterprise wide network infrastructure upgrade including redundant data centers to support
• DATA/voice/video network: migration of Layer 2 to Layer 3 core switched network, distribution network, users access network and server farm network using Nexus 7010/5548/2248 series, catalyst 6500 switches with redundant Sup 720s and 10-Gig modules: building from scratch by designing the redundancy architecturephysical and logical diagrams, DHCP/IP addressing schemes, redundant UPS power distribution and calculationfiber patch panel design, pre-cutover testing and post-cutover support for Avaya IP telephony network, Cisco wireless network, Video network and switch virtualization (VDC and VPC and or VSS ) using Cisco nexus 7010 r 6800 as aggregation layer, Nexus5548/2248 or 6800IA switches as server access layer.
• Metro-Gigabit Ethernet network in 4 locations: secure LAN-to-LAN VPN IPsec tunnels with QoS enabled as well as layer 2 encryption using Safe net encryptions.
• Implementing Cisco Identity Based network Service (IBNS) using 802.1x and MAC Authentication Bypass
• WAN traffic optimization/acceleration using Cisco WAAS and Silver Peak appliance
• Extensive working experience with Cisco ASA/PIX firewall version 6.x/7.x/8.x/9.x, IDS/IPS appliances, ACS software/appliances, VPN concentrator load balancing or VRRP redundancy as well as site-to-site /remote VPNWeb and Anyconnect SSL VPN, Nokia IPSO380 Check Point firewall (R55), IP350(R65), Checkpoint UTM-1
• 2070s series SPLAT platform, Cisco CSS load balancer installation/configuration for web and database server
• Load balancing as well as SSL offloading and CA SSL certificates management, Websense and Confidential Proxy appliances for users internet connection.
• Cisco switching/routing protocols: VTP, STP, LACP, HSRP, RIP, EIGRP, BGP, OSPF, DLSW, etc

Confidential

Lead Network Security Engineer

Responsibilities:

• Design/implement/troubleshoot secure redundant Data Center Network for Government Medicare Programs: Failover FWSM in 6500 IOS switch with redundant Sup 720s and DMZ network using Juniper SSG350/550 series and ASA 5550 firewalls providing remote IPsec/Any connect SSL VPN access with user authentication/authorization/accounting by ACS (4.x and 5.x) and RSA token.
• Design/implement/troubleshoot CMS (Center for Medicare & Medicaid Services) RDS/COB and HHS ERRP collocation redundant network and VPN remote access network: Presentation zone: Redundant Juniper SSG350M/550M, SRX/ 550/650/3600 firewalls, Cisco 11501 Content Service Switch (CSS) and Radware ODS AppDirector/AppXcel load balancers with FIPS complaint. Application zone: redundant Check Point firewalls (Nokia IPSO R65, R55 packages, and UTM-1 2070 series SPLAT platform R70/R71 package), migrated with redundant pair of Palo Alto PA- 3030 by consolidating firewall objects and rules. Data Zone: redundant Cisco ASA5555-x firewalls. IPsec VPN tunnels with remote DR Site using redundant ASA firewalls; IPS intrusion prevention system (4240), Syslog, and AAA support using Cisco ACS appliance.
• Involved closely with outside auditors (MITRE) for FIPS compliance and hardening of all network devices using NIST DISA checklist, etc.
• Remote SSL VPN and dedicated secure management network design/ implementation based on CMS Technical Reference Architecture (TRA) using Juniper (SSG350M) and Cisco ASA and Juniper SA4500 as VPN devices with AAA support and RSA token authentication as well as advanced endpoint security assessment enforcement for anti-virus/anti-spyware /system OS checking with FIPS complaint.
• Corporate and co-location firewalls, routers, switches, and VPN devices upgrade
• Corporate identity based network access implementation( 802.1x/MAB with MDA)
• Install/configure/troubleshoot Checkpoint firewall NGX (R61,R65) on Nokia IP390
• Install/configure/troubleshoot Cisco ASA 5510/ 5520/5550/5580 as firewall and VPN
• Install/configure/troubleshoot Juniper SSG350M/SSG550M, SRX 550/650/3600 , SA4500
• SSL VPN, MAG 4610 and 2610 as SSL VPN gateway and licensing server. Upgrade SSL VPN from SA4500 to MAG 4610.
• Using NSM for Juniper device management (SSG and SRX) and IDP for intrusion detection.
• Install/configure/troubleshoot Palo Alto application firewall with 2 different virtual routers.
• Manage and utilize Cisco Call Manager (5.1), Voice Gateway and Unity Express (2800 series router) and Cisco Mobility Server for telecommuters using Cisco IP phone and softphone services
• Network monitoring tools setup and utilization: CiscoWorks with VMS, Solarwinds with Orion network performance monitor, netflow traffic analyzer and configuration manager, What’sUpGold, Fluke products, Sniffer software (Ethereal, Wireshark)/Niksun NetVCR appliances for network related root cause analysis, Juniper SDX-300 advanced service gateway (ASG) service deployment system.
• Upgraded WAN/Internet Model using Cisco 3845/3945 and 7200/7600 series Routers, Site to site IPSec VPNs and Aggregated/Channeled TDM and SONET Metro-Ethernet links with features of Voice over IP, Siemens PBX Toll bypass and QoS(LLQ) . Layer 2 encryption using Safenet appliances.
• Designed and implemented SSL VPN services using Juniper NetConnect and Cisco Anyconnect SSL VPN Technology
• Network management and analysis using Spectrum, NetMRI (network monitoring, configuration management), NetBrain for network documentation and troubleshooting, CA’s Concord eHealth, SolarWinds,Orion products NCM and NCP, Nixon’s NetVCR, NetQoS as traffic analysis tools. Using Infoblox as DHCP server, DNS server and NTP server, Path view network topology analysis from Apparent Networks, Network security vulnerability assessment using eye scan appliance.

Confidential

Lead Network/security Engineer

Responsibilities:

• Design/implement/ troubleshoot Local Area Network(LAN)/Metro Area Network(MAN)/Wide Area Network(WAN): Core/Distribution/Access/Server Farm/Extranet/Internet/Management modular network Design/Implementation
• Enterprise Data center network design using Cisco 6500 series switches with redundant sup 720 and Henpeck 10-Gig modules.
• VLAN, VTP, STP, HSRP, Fiber Channel, Ether-Channel, trunking, Gigabit and 10 Gigabit Ethernet, layer 2 /3 Switching/Bridging /Routing using Cisco catalyst 6500/5500/5000/ 3700/3500/2900 switches with Cat OS or Native IOS, Sup720, MSFC redundancy (SRM/SSO and RPR+), port-based security, 802.1x layer 2 security, 6500 switch firewall security module (FSM), Private VLAN, DHCP snooping, RFC2827 filtering, TCP intercept, Dynamic ARP inspection, 802.3 AP for inline power and Multicast routing, QoS support for VoIP, Video Conferencing and Mission-Critical data traffic.
• Design/implement/troubleshoot Metro-Area Network (MAN): Transparent Line Service (TLS), Dedicated Wavelength data multiplexing (DWDM) and Wireless Laser network between buildings (FSONA) for Metro Ethernet to support SAN.
• Design/implement/troubleshoot Wide-area Network(WAN): Frame Relay, ISDN,
• Remote Dial-in /dial-out Access by AS5300, T1/T3, remote VPN client access,
• DMVPN tunnels and Multiple Protocol Label Switching (MPLS)/VPN network
• Design/implement PIX firewall security infrastructure with State full-failover, stealth interface and DMZ feature and inbound/outgoing Packet filtering, NAT and PAT based on security policy requirement. Content-based Access Control (CBAC), Cisco intrusion detection system (IDS) and prevention system (IPS) 4200 series sensors. ISS Proventia IDS/IPS products. Wormscout tool for virus and reconnaissance attack detection and prevention.
• HIPAA compliant implementation: VPN through PIX and checkpoint firewall, through Cisco VPN Concentrator, and Cisco IOS router with AIM VPN module and using Juniper Netscreen firewall. Design/Implementing Cisco’s DMVPN VPN using CA certificates for remote office and telecommuters in a redundant hub-spoke design using centralized management tool CiscoWorks VMS and or SDM.
• SSL secure access VPN using Juniper’s remote access VPN (clientless virtual extranet and web conferencing) and Cisco’s 3060 concentrator with version 4.1.7 for Web Access VPN. VRRP for concentrators
• Design/implement/troubleshoot Extranet using 6500 switches with FWSM
• Design/implement/testing Enterprise-wide disaster recovery using AT&T MPLS/VPN with backbone running EIGRP/BGP routing protocols for PE and CE
• Routers across geographical multiple sites.
• Design/implement network/security management module and monitoring tools (distributed sniff for LAN/WAN links, CiscoWorks2000 for resource and configuration management, MRTG and Private I for bandwidth and syslog analysis, Nelson’s NetVCR and NetProtector, Concord and Unicenter ANO products, What’s Up Gold, ); IP address management using IP Control product.
• Cisco ACS server (Radius and TACAS server) appliance, RSA SecurID, SSH, ACL and AAA for security access management, CiscoWorks VMS and SDM for security device management, Cisco security agent (CSA) implementation for desktop and server security
• EIGRP, BGP routing protocols; CIP, DLSW for SNA bridging over IP tunnel.
• Implementing/testing Cisco Enterprise-wide wireless LAN and using Airespace ACS management server, Airespace controllers and APs
• Implementing/testing IP telephony network: Voice over IP network (Avaya IP phones and gateways), QoS (Quality of Service) implementation for Voice/Video/Data network by classifying traffic, marking Confidential value and policy mapping. Testing with traffic generator like IXIA and SmartBits appliance
• Using Network Appliance product (Netcache) for Web proxy: Websense support
• Redundant Load Balancers: Muiti-homing to ISPs load-balancing (inbound and outbound) using Radware Linkproof products: SmartNAT, redundancy, Mirroring, DNS support

Confidential, New York

Network Engineer

Responsibilities:

• Implementing corporate and co-location VLANs using RSM, VTP and HSRP
• Install/configure Cisco 7500/7200/4000/3600/2500 routers and Catalyst 5000
• Configure/troubleshoot WAN: T1/T3, DSL, ATM, Frame relay, ISDN
• Configure/troubleshoot OSPF, BGP, routing metric/cost and path manipulation
• Provide day to day customer support of the Global Data Network

Confidential, New York

Network Administrator

Responsibilities:

• LAN/WAN network and system design, implementation, administration and
• Troubleshooting in Windows NT and Novell NetWare network environment
• Install/configure PDC, BDC and setup/troubleshoot HP network printers
• Implementing and maintaining computer training labs in a Microsoft network