Sr. Network Engineer/ Vpn Implementation Engineer Resume
South, CarolinA
SUMMARY:
- Extensive experience in Switching, Routing, Network Security - Firewalls, Load balancers and Wireless Controllers. Experience working in enterprise and data center environments. High level network architecture view of Service Provider.
- Experience with Cisco, Juniper, F5, Arista, Dell, HP, Palo Alto, Checkpoint, Aruba hardware and software platforms. Experience in Design, troubleshoot and high level view of Access, Distribution and Core Model and Spine Leaf Model.
- Experience with Cisco 3750, 3850, 2960, 4500, 6500, Nexus 2k, 3k, 5k and 7k switching ware. Experience on Juniper EX and Arista 7000 series Switches in Data Center Environment.
- Experience with Level 1/2/3 troubleshooting in OSPF, BGP, ISIS, VPC, VDC, OTV, MPLS, and Port-Channel. Design and troubleshooting experience in VLAN, Trunking, VTP, STP, RSTP, PVST, 802.1X, LACP, PAGP, HSRP, GLBP, VRRP.
- Designed redundant ISP circuit using BGP, Internal routing with OSPF and Static routes.
- Experience working with Virtualization and Storage team in Network resource Provisioning. Experience configuring IPV4/IPV6 Multicast to support VMware hosts and Storage hosts. Stretching layer 2 VLAN’s on OTV across Data centers for VMotion.
- In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and valuable experience on IP services.
- Cisco ASA, PA and Checkpoint Firewall troubleshooting and policy change requests, ACL and NAT for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
- Worked on Creating zones on PA firewalls, SRX firewalls and writing policies for URL filtering and SSL decryption.
- Experience with access lists, IPsec tunnels, NAT, SSL headers, HTTP headers for layer 7 traffic filtering.
- Experience with migration tool in PA and migration experience.
- Worked on Wide IP’s, DMZ zones, F5 LTM and GTM in DMZ for external Applications. Multifactor Authentication for External applications in DMZ using F5-APM.
- Extensive Knowledge on the implementation of Cisco ASA checkpoint R75 and Juniper SRX firewalls.
- Comprehensive knowledge of wireless networking systems and protocols. 802.11 a, b, g, n in Cisco and Aruba environments. Experience with Local and Master WLC config with over 1000 Campus AP’s with various SSID’s and Authentication methods like Certificate, WPA-PSK etc.
- Experience in F5, Cisco ACE 4710 Load balancers. Migration Experience from ACE to F5 and NetScalers to F5. Worked on critical applications on Layer 4 and layer 7 load balancing. Experience with Virtual server, Pool, Node, Profiles - TCP, http, https, ftp, fastl4, Persistence - Source IP, SSL, Cookie, SNAT, iRules, iAPP, SSL offloading.
- Basic experience with troubleshooting Riverbed, Steelhead WAN optimizer for slowness issues, writing policies and in path rules for traffic ingress and egress, deep packet inspection for delay sensitive traffic.
- Strong hands on experience in installing, troubleshooting, configuring of Cisco 7200, 3800, 3600, 3400, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
- In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM, DNS, DHCP and ARP, reverse & proxy ARP, Ping, Traceroute Concepts. Worked on windows DHCP, Infoblox and IPAM for IP reservations
- Responsible for network design, projects and support across the globally co-located data center networks. Well versed with maintenance windows, Cutovers in production environment, working with other teams on requirements, communicating with Management on required resources and Change controls.
- Facilitating the automated collection, Analyzing, alerting, auditing, reporting and secure storage processing of all the logs using RSA envision solution.
- Excellent qualities such as Teamwork, Negotiation, Analysis and Communication.
TECHNICAL SKILLS:
Switching: LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, STP, RSTP, PVST, LACP, PAGP, HSRP, GLBP, VRRP.
Routing Protocols: OSPF, IGRP, EIGRP, RIP, IS-IS, BGP, EVPN (Spine Leaf Architecture), MPLS
Security Protocols: NAT, ACL, Security Policies VPN, IPsec and GRE tunnels, Firepower, Panorama, F5 ASM, MWG, Bluecoat Proxy.
Switches: Cisco 3750, 3850, 2960, 6500, 4500, Nexus 2K, 3K, 5K, 7K, Juniper EX and QFX Series, Arista 7500 and 7010 series.
Routers: CISCO 2600, 2800, 3600, 3800, 7200, ASR-1k, 9k Juniper M & T Series, Cisco CRS.
Firewalls: ASA 5500 series, RX series, PA 200 and 5000 Series, Panorama M100, Checkpoint 4400, Juniper SRX and net screen.
Load Balancers: Big IP F5 LTM, GTM (versions11.4, 11.6,12.1) and APM, ACE, NetScaler 7900.
Layer1: Vast knowledge on structured cabling, data & voice networks, Fiber (SM and MM), SFP.
Operating Systems: Windows 7, Vista, XP, 2000, CentOS LINUX, Puppet, Cisco IOS, Solaris, IOS XR, NXOS.
Network Monitoring: Cisco Works 2000, Wire Shark, Network sniffer & packet analyzer, HR Ping, SolarWinds, NCM, NPM, IPAM.
PROFESSIONAL EXPERIENCE:
Confidential, South Carolina
Sr. Network Engineer/ VPN implementation Engineer
Responsibilities:
- Worked on Juniper SRX- firewalls 5400,5800 and Juniper M &T series of routers for the VPN and extranet Migration.
- Worked on juniper EX & QFX series switches & CISCO switches., SRX firewall environment, Worked in JUNOS 15.1x49.
- Configuration VPN (site-to-site) connectivity of Phase -1 and Phase-2 with the client requirements for the migration from CISCO router, Net screen firewall to the Next generation juniper SRX firewalls.
- Hands-on experience on the MPLS Extranet migration from CISCO router to Juniper SRX firewalls.
- Worked on troubleshooting VPN (site-to-site) and Extranet connectivity in juniper SRX firewalls.
- Worked on troubleshooting OSPF and routing issues internal network and BGP for external network.
- Worked on design and configuring juniper MX-480, T-400,1600 routers on the Next generation infrastructure.
- Experience working on EVPN using BGP for the Spine Leaf Architecture. Configuring Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210, 1400,5400.
- Worked on Extranet GRE migration from CISCO and Net screen to the Juniper SRX firewalls.
- Experience on implementing firewall rules in Juniper SRX and deployment the Extranet migration from CISCO devices to Next generation Juniper SRX firewalls.
- Implementing NAT rules for both VPN (site-to-site) and Extranet to allow traffic from one to another.
- Worked on Juniper Junos Pulse for remote SSL VPN.
- Creating and updating the support documentation of implementation plans, risks and mitigation.
- Experience on Creating, submitting and implementing changes relating to Extranet and VPN connections, including validation of functionality post migration.
- Coordinated with external and internal parties to arrange approvals and maintenance windows including asset management tools, diagrams, implementation and operational processes.
Confidential, San Jose, California
Network Engineer
Responsibilities:
- Worked on upgrading the Nexus 7k Core, Distribution Switches in VDC. Documentation of upgrade Plan, All the IP ranges, Access switches, OSPF routing instances, VPC, VDC and OTV.
- Experience working with F5 LTM, GTM pair for internal and external applications load balancing. Worked on F5 APM for multifactor Authentication using Improvata and ADFS.
- Worked on windows DHCP, infoblox for IP address management and reservation. Worked on windows DNS to create Alias names and C names for the GTM WideIPs and Delegations.
- Worked on Layer 2 switching VLAN, Trunking, LACP, STP, and RSTP. Configured VPC for the access layer switches that connects to Distribution N7K’s in VPC.
- Experience working on perimeter firewalls. Worked on PA 200/5000 series of firewalls for both Internet and internal traffic filtering. Upgrading the code from PanOS 7.1.X to 8.0.X. Experience working on Panorama M100. Migration from Cisco ASA to PA firewalls.
- Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
- Hand-on experience on Cisco firewalls (ASA 5500 series) and prior experience with firewall migrations.
- Experience with Access policies, NAT Policies, wild fire, threat prevention, anti-virus, anti-spyware profiles and apply them to policies and pushing to various firewalls through Panorama.
- Writing IPsec parameter to build IPsec tunnels in PA firewalls for connecting remote sites where we don’t have MPLS infrastructure. Experience Upgrading from PanOS 7.1.X to 8.0.X. Experience working extensively in 8.0.6
- Experience on adding device certificate for forward trust and forward un trust SSL decryption also SSL forward proxy and URL filtering in PA firewalls.
- Installed PA 200, 500 and 3020 from scratch from console, MGMT config, licensing the required profiles, interface configuration, VLAN assignment, routing etc. Worked with PA log collector.
- Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices and configured Juniper EX-series switches in new data center.
- Implementing and troubleshooting (on-call) IPsec VPNs for various business lines (site-t-site and remote) and making sure everything is in place for both Palo alto firewalls and Juniper SRX firewalls
- Involved in Data center migration from three layered network architectures to Spine Leaf Architecture on Arista Hardware. Introduced to EVPN. Configured VTEPS, MLAG, VXLAN, and BGP for routing in Spine Leaf Architecture.
Confidential
Network Engineer/ F5 Expert
Responsibilities:
- Worked in both Enterprise and Data Center Environments, worked on Cisco 3750, 3850 and 2960 in Access layer, 3750 Gig and 4500 in Distribution Layer.
- Worked on 6500 series in Core layer and ASR 9k as Edge routers. Worked on OSPF, EIGRP. Experience in troubleshooting and design in OSPF and EIGRP.
- Worked in Nexus 2k, 3k, 5k and 7k in Datacenter environment. Worked on VPC, VDC, FEX, port-channel, VLAN trunking.
- Worked on designing DMZ environment with F5 LTM and GTM for external application load balancing.
- Worked on providing network resources for ESXi hosts, storage hosts like ISILON, RP, VMAX, VNX etc.
- Designed a Two Arm Architecture for LTM pair in DMZ with a segregated server VLAN.
- Configured load balancing for Citrix ICA servers using NetScaler’s.
- Experience in using migration too also experience working on Palo Alto and checkpoint perimeter firewalls.
- Configured of routes and interfaces, DMZ inside and outside security levels etc. also experience in installation from scratch.
- Configured F5 LTM for applications like Exchange 2016, Skype for Business 2015, EPIC, Citrix, AirWatch, and MWG etc. Configured WCCP on Edge routers to route the Internet traffic through MWG.
- Experience setting up physical VE F5 BIGIP Versions. Upgrading Hotfix and IOS. Worked on LTM, GTM (Wide IP, Zones, Listener IP, Generic servers etc.), and APM (Basic) modules. Integrating APM with ADFS and Improved for 2 Factor Auth.
- Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event of core router becoming unreachable.
- Designed, Configured and implemented VPN tunnel with IPsec and GRE and Cisco ASA based security infrastructure.
- Migrated from Cisco ACS to Aruba Clear pass. Configured 802.1X on all access layer switch ports for port security. Implemented MAC based, and Certificate based authentication to the end hosts.
- Worked on SolarWinds Monitoring tool with NCM, NPM and IPAM modules. Worked on Confidential ticketing tool for change controls and tickets for any issues.
- Troubleshooting issues related to Cisco Routers, Switches, and ASR, Nexus 5K, 2K, ASA5595, ACE 4710, MPLS and critical network links by coordinating with the vendor
- Troubleshoot the Network Issues onsite and remotely depending on the severity of the issue. Used the network analyzers like Wireshark, ethereal and sniffer for packet analysis.
- Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, routers.