PROFESSIONAL SUMMARY:

• 7 years of diversified experience in designing, implementation and troubleshooting of LAN/WAN along with the sophisticated security features.
• Hands on experience in configuration and troubleshooting of various IP Routing Protocols i.e., RIP, EIGRP, OSPF, BGP and also switching protocols & technologies i.e., ARP, STP, DTP, VLAN, VxLAN, VDC, VPC/MLAG, SVI, DHCP and DNS.
• Implemented security policies on the firewalls using ACLs, URL filters, IPSec VPN, IDS/IPS and also experience with migration of firewalls & policies between the two vendors.
• Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NAT, sub - netting including DNS, WINS, LDAP, DHCP, TFTP, HTML, HTTPS, SMTP, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP.
• Experience in configuring and managing Web/URL filters on High Availability(HA) Proxy servers.
• Experience in working with Cisco Nexus Switches in creation and management of VLANs, VPCs, VDCs and VRFs for Nexus 9K, 7K, 5K, 2K devices.
• Profound Experience with the Cisco ACI with Spine and Leaf architecture to support SDN and NFV technologies.
• Strong Knowledge and experience on SDN(Software Defined Network), NFV(Network Function Virtualization) and SD-WAN(Software defined WAN).
• In depth understanding of IPv4, IPv6, implementation of Subnetting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Worked on the Global-Site Load balancing(GTM/GSS) and Server Load balancing(LTM/SLB) technologies using F5 BIG IP and Netscaler.
• Good understanding for virtualization technologies like Confidential /Openstack and KVM Implementations.
• Knowledge on Cisco Meraki WLAN portal for the monitoring of health and follow-up the alerts generated based on the severity.
• Installation, configuration and troubleshoot of Aruba ACS and wireless Access-Points equipments.
• Good experience with the network automation using Ansible tool and scripting language Python, C and C++.
• Working knowledge on SolarWinds network management and monitoring tools such as NPM, NTA and NCM.
• Hands on experience with installations and management of Public Key Infrastructure(PKI) s on network devices.
• Strong knowledge and experience on vulnerability scanning tools such as Nexpose and Nessus.
• Good understanding of VoIP implementation and protocols such as H.323, RTP and SIP.
• Excellent problem solving, debugging and documentation skills using Microsoft Office and Microsoft Visio.
• Worked with the ticketing tools like JIRA, ServiceNow and remediate the issues with the appropriate action.
• Advanced knowledge in the Cisco WLAN technology such as design, installation, troubleshooting and configuration.
• Extensive knowledge on working experience on complex environments along with multiple ISPs.

TECHNICAL SKILLS:

Routers: Cisco 7200, 7600, Cisco ASR 1K, 9k, ISR 4K Series and Juniper MX104, MX240, MX480, MX960, MX2010 series, Arista, HPE.

Switches: Cisco Catalyst 2901/2960/3650/3750/4500/4948/6500 , Cisco Nexus 9k/7k/5k/3k/2k and Juniper EX2200, EX2300, EX4300, QFX5100, QFX5200 series, Arista, Dell, HPE.

Security Devices: Cisco ASA 5500 Series, Cisco FWSM, Cisco PIX, Check-Point, Juniper SRX, Palo Alto NG firewalls, Cisco SourceFire, Cisco FirePower.

Authentication Tools: Cisco ACS(RADIUS, TACACS+), Cisco ISE, LDAP, AD.

Routing/Routed Protocols: TCP/ UDP, RIP, EIGRP, OSPF, BGP, MP-BGP, MPLS.

Infrastructure Services: WINS, DNS, DHCP, SMTP, SFTP.

Load Balancing: Citrix Netscaler, F5 BIP-IP, HA-Proxy, Cisco CSS/ACE.

Virtualization: Confidential (OVS), Openstack(Open vSswitch, linuxbridge, Security Groups/iptables), AWS, Azure, Docker.

Monitoring Tools: Cacti, Statseeker, OpenNMS, HP NNMi, Nagios, HP NPS, Stealthwatch, Splunk, ELK, Thousand Eyes, Wireshark, Gigamon, Panorama.

Automation: Ansible, Python, Rest-API, Chef, Puppet, Jenkins.

Operating System: Linux (CentOS, RHEL, Ubuntu), Windows, Mac OS.

PROFESSIONAL WORK EXPERIENCE:

Confidential, Sunnyvale, CA

Network Engineer

Responsibilities:

• Implemented, configured and provided support to the Palo Alto firewall for HA(High-Availability) in Active/Active and Active/Standby failover with different modes of deployment.
• Design, configure and troubleshooting of Palo Alto Central Management Platform with Panorama , Deployment mainly using VSYS according to client topology, working on Content-ID, User-ID and App-ID.
• Configured and troubleshoot the MP-BGP over DMVPN on Cisco ISR 4000 series routers and also configure PfR(Performance Routing) on branch routers (MPLS and DMVPN) for iWAN for the purpose of mission critical applications.
• Successfully replaced INET(DMVPN) and MPLS circuit branch routers (18xx, 19xx, 29xx series) with Cisco ISR 44xx series without impacting any ongoing traffic by failingover the traffic using BGP manipulation.
• Design dual homed WAN access by deploying the VRF technology, thereby load-balancing and increasing the bandwidth in Cisco routers.
• Configure and troubleshoot the routing policies using route-filters to change the BGP attributes like MED , AS-PATH Prepend .
• Configured and troubleshoot OSPF route redistribution in multiple areas environment and also configured OSPF Stubs .
• Installed and Managed F5 Big-IP LTM / GTM for providing high availability and configured virtual IP ( VIP ), Pools , nodes , irules for load balancing and Packet filters for security.
• Configure and troubleshoot BFD timers to improve the route convergence in the environment and Upgraded the capacity and bandwidth by upgrading the Line cards .
• Strong experience with working on datacenter switches such as Cisco Nexus 9k,7k, 5k and 2k(Fex) series switches.
• Remotely configured and deployed new network gear on various branch offices using the Cyclades serial console server.
• Worked on Infoblox for creating the DNS entries, and also maintaining name lookup for A records and CNAMEs in DNS servers for security devices.
• Designed and configured WAN optimization and acceleration using Riverbed SteelHead 5070H, 3070,1050L, 770, 570 models and BlueCoat Packetshaper appliances.
• Deployed, configured and troubleshoot the Juniper PulseSecure SSL VPN gateways (MAG series) with remote access.
• Experience on Managing/Monitoring provisioned circuits to the clients and implementing QoS(Class maps/Policy maps/Route maps/IP SLAs) for effective service.
• Experience with deployment, administration and monitoring of Solarwinds, Splunk and reporting the log and audit files.
• Strong working experience on Aruba Clear Pass Policy Manager(CPPM), wireless mobility controller and Airwave.
• Good understanding and knowledge about Openstack public and private cloud technology with immense knowledge in Neutron.
• Installed and managed the Public Key Infrastructure(PKI) s on DMVPN routers in order to provide security.
• Actively working with application teams to fix the application/network latency issues using wireshark / packet analyzer .
• Worked with Python scripting language, which would evaluate list of IP addresses against the NS lookup to increase the productivity and also for automation of configuration files on the network devices.
• Working on proposed changes and handling service requests assigned through ticketing systems BMC Remedy and resolved accordingly to meet SLAs(Service Level Agreements).

Confidential, Palo Alto, CA

Network Security Engineer

Responsibilities:

• Configuration, troubleshooting and maintenance of Palo Alto Firewalls - PA5000, PA7000, PA-3020 and PA-220series.
• Implemented, configured and provided support to the Palo Alto firewall for HA(High-Availability) in Active/Active and Active/Standby failover with different modes of deployment.
• Design, configure and troubleshooting of Palo Alto Central Management Platform with Panorama , Deployment mainly using VSYS according to client topology, working on Content-ID, User-ID and App-ID.
• Experience with implementation and troubleshooting of URL filters , threat prevention , data filtering and security rules on Palo Alto Firewalls & Analysis of firewall logs.
• Strong working knowledge and experience on the Palo Alto Global protect VPN services configuration and troubleshoot.
• Exposure to wild -fire advance malware detection using IPS feature of Palo Alto.
• Experience on the migration of other vendor firewalls to Palo Alto by manually or using the migration tools.
• Hands-on experience with management of security rules based upon the NAT/PAT , ACL and VPN on Palo Alto firewalls.
• Configured VLANs and created zones on the Palo Alto firewalls and also implemented Fortinet Firewalls on the other side.
• Replace out-dated and old firewalls architecture with new next generation Palo Alto firewalls serving as URL and application inspection.
• Good experience with the installation and configuration of Citrix Netscalar SLB / CS / GSLB for High Availability and Load Balancing.
• Strong experience with Aruba ClearPass Policy Manager (CPPM) ACS for managing the access of users and network devices.
• Working experience on Software Defined Network(SDN) controllers Cisco ACI, OpenDaylight and SDN protocols Openflow and Netconf, SD-WAN and Network Function Virtualization(NFV).
• Hands-on experience working on remediating security issues on firewalls to comply with yearly PCI DSS audit.
• Worked on Infoblox for creating the DNS entries, and also maintaining name lookup for A records and CNAMEs in DNS servers for security devices.
• Strong experience on Ansible for network configuration automation and management using built-in libraries.
• Working on network monitoring systems like HP NNMi, HP NPS for Netflow tools, ELK for log search.
• Working on proposed changes and handling service requests assigned through ticketing systems Global Servicenow.

Confidential, San Bruno, CA

Network Engineer

Responsibilities:

• Responsible for Checkpoint firewall management and operations across our global networks.
• Configuring rules and providing access on checkpoint Firewalls R77, R76, R75 devices on SPLAT & GAIA plat forms. & Analysis of firewall logs using various tools.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls and perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Configured Site to Site IPSec, VPN tunnels to peer with different clients and each of the client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA & Checkpoint firewalls.
• Strong experience on migration of Cisco and Juniper firewall to Checkpoint firewalls and also updating the versions.
• Working on F5 LTM versions from 9.X to 11.X.X series & GTM versions from 9.X.X to 11.5.0 and higher versions for load balancing between various data centers involved.
• Configuring various advanced features, Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances.
• Experience on Configuration, troubleshooting and support of MPLS L2 and L3 VPN on Cisco ASR series routers.
• Strong Experience on deploying, Configuration and troubleshooting of MP-BGP over DMVPN on Cisco hardware devices.
• Design dual homed WAN access by deploying the VRF technology, thereby load-balancing and increasing the bandwidth in Cisco routers.
• Experience with configuring Nexus 2k Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5k series.
• Designed and implemented VxLAN on Cisco Nexus series switches and configured port-profile for VxLAN VTEPs.
• Experience with BGP EVPN (Ethernet Virtual Private Network) Routing and VXLAN Protocol data center technologies.
• Strong working experience on Cisco IOS, IOS-XE, IOS-XR and Cisco NX-OS operating systems.
• Working experience on the Cisco Meraki cloud access points and Switches.
• Configured Bluecoat SG proxy for black-listing, white-listing and filtering of web URLs, thereby providing security.
• Strong knowledge on experience on Mutli-cast protocols such as PIM, OMP, PIM-SM and PIM-DM.
• Strong knowledge and experience with Infoblox and IPAM for updates and allocation of IP address in the DNS systems.
• Good understanding and knowledge about Openstack public and private cloud technology with immense knowledge in Neutron and also experience with virtualization using Confidential and KVM.
• Experience with deployment, administration and monitoring of Splunk and reporting the log and audit files.
• Experience with SOC team about the alert definitions and mitigation plans.
• Responsible for responding to documenting and resolving service tickets in a timely manner according to SLA (Service Level Agreement).

Confidential, Irving, TX

Network Engineer

Responsibilities:

• Design, Installation, Implementation of highly scalable data centers to meet next generation workloads.
• Implementing and troubleshooting the routing protocols BGP and OSPF in the core Data Centers.
• Experience in configuring route-filtering using prefix-lists , route-maps , as-path filtering and MED values in BGP.
• Configure and troubleshoot the STP , VPC ( MLAG ), VDC technologies on Cisco Nexus 7K, 5K, 2K series.
• Hands-on experience with Nexus spine and leaf architecture using Cisco ACI and also worked remotely on Cisco APIC .
• Working on Cisco ASR 1K series and 9k Series routers at service edge tier.
• Configuring the VLAN pruning on the trunk links to reduce the layer2 broadcast domain.
• Good understanding on VPC , STP in large L2 domain and Configure the Spanning-tree , port-fast , edge / trunk on the interfaces to minimize the spanning-tree issues.
• Design and implement the Cisco ASA 5500 Series firewalls in routed mode with Cisco FirePOWER services.
• Deployed and worked on Active/Standby Failover with Cisco ASA firewalls in order to provide High-Availability(HA).
• Involved in migrating Cisco FWSM and PIX to Cisco ASA as part of the tech refresh and Worked on configuring IPSec VPN tunnels on Cisco ASA between third party vendors.
• Deployed LDAP and Active Directory (AD) for identifying the user group to provide security and access control.
• Hands-on experience with Cisco Sourcefire NGIPS and Cisco Adaptive Security Device Manager ( ASDM ).
• Ha d experience with the VPN Concentrator to support the s plit tunneling for the clients, in order to mitigate the VPN processing on the devices.
• Configure Dynamic and static NAT , extended access-list on Cisco ASA firewalls.
• Design and implement the highly available/distributed syslog server infrastructure for network devices.
• Experience with the Cisco ISE (Identity Services Engine), ACS (Secure Access Control Server) and Cisco Prime Infrastructure.
• Basic understanding and knowledge on implementation of DMVPN using multi-point GRE tunneling in the enterprise network.
• Experience with configuration of DHCP snooping and also troubleshooting Gratuitous ARP issues at layer 2 level.
• Involved in implementation of Splunk deployment for syslog and enabled alerts based on highly critical messages.
• Working with application teams to troubleshoot application issues using packet sniffers and Wireshark .
• Involved in troubleshooting network issues using NetFlow and SNMP based tools like Cacti / Statseeker .
• Experience on traffic generating tools such as Ixia and Spirent for testing the network gear in the lab environment.
• Strong experience on troubleshooting and verification of route tables, checking protocols and internet connectivity issues on network hardware and end devices.
• Created the documentation for every change and upgrade, and also performed the log analysis for each and every change.

Confidential

Network Engineer

Responsibilities:

• Experience and understanding of tiered architecture in a campus environment (Core, Distribution, Access) layers.
• Implementing and troubleshooting the routing protocols like EIGRP and BGP on Cisco routers 7200 series, Catalyst 6500 series.
• Configuring and troubleshooting port-channels( LACP , PAgP ), HSRP , SVI inter-vlan routing and DHCP relay on distribution switches.
• Configuring and troubleshooting the Layer 2 related protocols like Spanning Tree Protocols( STP ), VLAN and VTP , as well as VLAN creating across L2 domain.
• Troubleshooting the layer 2 related issues like Vlan configuration , trun k/ access port configuration on interfaces and physical issues Modules Crash / reset , Error disables issues , cable issues .
• Strong working knowledge and experience on network switching protocols such as STP, 802.1q, 802.1s,w,, 802.3ae
• Standardized and Configuring the interface configuration across the environment like spanning-tree Port-fast , Uplink-fast and spanning-tree root guard .
• Configured TAP , SPAN and RSPAN ports on the switch for monitoring, traffic analyzing and IPS/IDS devices.
• Updated Documentation with latest network diagrams with help CDP / LLDP protocols using Microsoft visio tool and standard configuration snippets for Syslog , SNMP , TACACS+, NTP , DNS , VTY lines.
• Configuring and validation of all network devices in tools like Syslog server , OpenNMS and Cisco ACS .
• Troubleshooting application and network latency issues using Wireshark , Curl , TCP , Ping , tracerout e and tracepath .
• Knowledge on working with testing of network hardware and topology using the traffic generating tools Ixia and Spirent.
• Working with vendors to file a service Requests to replace hardware and report the bugs.
• Working with vendors to get a recommended code version to upgrade the network devices.