- 8 years’ experience as a Senior Network/Security Engineer responsible for designing, integration, implementation and support of LAN, WAN, F5 and Citrix load balancers, Cisco and Aruba Wireless, ACS, NAC, ISE, Call manager VOIP, SDN, SD - WAN, ASAs, Palo Alto Firewalls, Cisco Firepower and Network Security.
- Worked extensively in Configuring, Monitoring and Troubleshooting Checkpoint, Cisco’s ASA 5500 series security appliance, Failover DMZ zoning & configuring VLANs/routing/Natting with the firewalls as per the design.
- Have deployed and configured Cisco Wireless Controller 5508,5520 series and integrated them with Cisco Access points 2700s, 2800s, 3800s access points which supports 802.11 AC Wave 1, 802.11 AC Wave 2.
- Deployed 16 Next generation Palo Alto Firewalls 5200s( 5280 and 5260),3200s and 3000s and integrated them to Panorama (Centralized management center), configuring S2S tunnels, ACLS, NATs and static routes with Wildfire enabled on it for Sandboxing Malware viruses. Good Hands-on knowledge on PAN-OS.
- Deployed 51 Different ASA and Firepower Next Generation Firepower Threat Defence with IPS, IDS, AMP and URL filtering such as 5508-X,5516-X,5525-X,5545-X, 2100 and 4100 series as well in FMC.
- Hands on experience on Identity service engine ISE, Web application Firewall (WAF), Splunk SIEM, Symantec and Mcafee Endpoint Malware protection,Web content filtering, Vulnerability scanning,File integrity monitoring and Network Access Control (NAC) for AAA.
- Hands on experience in Migrating Cisco IOS switches to Nexus NX OS code in multiple projects.
- Configured and deployed Nexus 2k,5k,7k and 9K in spine and leaf topology configuring VPC, VDC and OTV on NX-OS.
- Deployed Cisco Catalyst switches 6500s,6700s and 6800s at core switches and 9300s,9400s as Access switches in Core-distribution- access and Collapsed core design.
- Deploying and troubleshooting internetworking such as eBGP/iBGP, OSPF, EIGRP, VPC+, OTV, Cisco Fabric Extender (FEX), STP, VLAN, VSAN, HSRP, MPLS - VPN, DMVPN, Site-to-Site VPN, EasyVPN, AnyConnect VPN
- Installing, configuring and troubleshooting Cisco routers ASR 1K, 2901, 2911, 4200x, 2800 and 2600 Series, NEXUS 9K/7K/5K/2K, Cisco Catalyst Switches 2960X, 3750, 3850, 3950, 4500 and 6500 series, Cisco UCS Storage
- Deployment, Manag ement and Administering Cisco ASA FTD, Next Generation PaloAlto, SonicWALL, Fortinet Firewall, Juniper and Checkpoint series
- Deployed F5 LTM/GTM using One arm/two arm and N-path deployment methods and have migrated Citrix Netscalar from MPX 7500 to SDX 8920 Series.
- Deploying Cisco Aironet 2700, 3700 Series, Cisco 5507 and 5520s wireless controllers Cisco Meraki Enterprise Cloud Access Points and Wireless Bridges/Repeater for LAN Expansions.
- A team player with excellent communication and organizational skills, combined with flexibility, creativity and exceptional analytical and problem-solving skills.
- Estimate costs and determine IT Budget by allocating contingency reserves, performing Earned value analysis and reserve analysis. Proficient in Risk Management methodologies by identifying risks, performing Qualitative/quantitative risk analysis to Mitigate risks.
- Prepare RFPs, bid proposals, approve Project charters, contracts, work reports, and other documentation for IT projects and its associated efforts along with my PMP certification in process.
- Aligning project implementations with Business Case and Benefit management plan to achieve best results and customer satisfaction while working closely with PMO following PMI standards.
Cisco Routers: 2600, 2900, 3600, 3800, 7200 and 7600
Cisco L2 & L3 Switches: 2900, 3560, 3750, 3850, 4500, 4900, and 6500 series, Nexus 5K/7K, Cisco 6509.
LAN Technologies: Ethernet, Fast Ethernet, and Gigabit Ethernet, SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
WAN Technologies: Frame Relay, MPLS, PPP, HDLC, (E1/T1/E3T3), DS3, OC192.
Network Security: Cisco ASA, ACL, IPSEC, SSL, Juniper SRX, ACL, IPsec, VPN, Port-security, AAA, Zone-Based Firewalls, IOS based router security firewalls, IDS/IPS, Palo Alto firewalls.
OS products/Services: DNS, DHCP, Windows … XP), UNIX, LINUX.
Routing Protocols: RIP v1/v2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.
Load Balancers: Gateway Load Balancing HSRP, VRRP, GLBP
Security and VPN: PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC, SSM, FWSM, FortiGate, Cisco CSM, ACL-Access Control List, IPS/IDS, NAT, PAT, Cisco ACS, and Juniper Net screen firewall, Windows Patch Management (WSUS), YARA rules
Various Features / Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP.
Network Management Tools: Wireshark, Net flow Analyzer, Cisco Works, Ethereal, SNMP, Solar winds Orion and HP OpenView, Ethereal.
Security Server Protocols: TACACS+, RADIUS
Facilities: DS0, DS1, DS3, OCX, T1/T3
Wireless: Cisco, Meru and Aruba.
Wireless LAN controller: CISCO AIR-CT2504-5-K9 2504 WIRELESS CONTROLLER - Network management device, CISCO AIR-AP1702I-A-WLC 2504 WIRELESS CONTROLLER.
Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240
Load Balancers: Cisco CSM, F5 Networks (Big-IP) LTM 8900, Cisco ACE 4710, GTM.
Operating Systems Windows: (98, ME, 2000, XP, Server … Vista, Windows 7), Linux
Firewall & Security: Checkpoint, Cisco ASA, Palo Alto, Splunk, McAfee SIEM
Optimization: Silver peak
Operating systems and Tools: Infoblox, Cisco IOS, Windows NT 4.0 (Desktop/Server), puppet, Windows 2000/2003/2008 Server, Windows XP/Windows 7/8, LINUX, Solaris, Active Directory, Apache Server, VMware V realize.
Network technologies: MANET, SONET, TDMA, FDMA, CDMA. DSL, POP3, VERSA, HP Archsight.
Confidential, Jersey City, NJ
S enior Network Engineer
- Configured and Deployed 18 Firepower Threat defense with IPS, IDS, AMP and URL filtering and integrated with Firepower Management Center FMC for 5516-X,5545-X,2100 and 4100 series.
- Deployed 5200s and 3200s Palo Alto Firewalls with Wild fire feature integrated to it. Configured Static/Dynamic NATS, access-lists and static routes and integrated them to Panorama centralized management center.
- Configured and added multiple Cisco Access points 1142N, 3502i, 2700s,2800s using Aerohive networks, Air magnet by looking Heat Maps, RF maps and placing them at right location for maximum through put.
- Integrated Cisco access points from multiple floors to Cisco 5508 and 5520 wireless controllers WLC and Cisco Wireless service Modules (WiSM) as well.
- Upgraded Cisco Wireless controller 5508 version to 184.108.40.206. and created WLANs, Guest access and use Identity service engine(ISE) for complete visibility.
- Configured, troubleshoot and migrated to Cisco ASA 5506,5516,5525,5545, 5555 and 5585 Models from Palo Alto, Juniper and Sonic wall.
- Managed I-WAN SD-WAN and added rules for high priority traffic based on the QOS parameters.
- Have deployed Cisco Unified communication manager (Call manager) version 12 with 4 publishers and 4 subscirbers for redundancy and integrated Cisco 7490s VOIP phones.
- Hands on experience on Web application Firewall (WAF), CASB, Symantec and McAfee Endpoint Malware protection with McAfee E- Policy orchestration 10.
- Designed and Configured Nexus 7k/5k/2k along with VPC, VDC and OTV configured and integrated them to the centralized management center called Nexus fabric manager.
- Configured and deployed 6500s,6800s and 9400 Catalyst switches with VSS running on it.
- Configured NATS, ACLS, Static routes, URL, AMP, S2S VPN and Remote access VPN in Firesight management center and ASA CLI.
- Configured and implemented Aruba Clear Pass, HP Aruba Switches 8400 chassis, 8320s (10gig), 2930s(1gig) in VSX pairs on a multichassis lag design to improve redundancy.
- Designed and Deployed Service Switching layer with 6500 platform for Firewall and Load Balancing Services for WEB and APP server Cloud on the Nexus platform
- Redesigned and Implemented Campus LAN with 6500 Platform on Core/Distribution/Access /Perimeter model on 10G backbone
- Designed and Implemented Cisco UCS pods in Nexus 7000 and Cisco 6500 Platform
- Configure and Install F5 New Virtual Servers, Profiles, I Rules, Pools, Nodes, Generate CSR Certificate, SSL Certificates Etc.,
- Have executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
- Hands-on experience with ASAv and AVS along with Cisco ACI Infrastructure.
- Have worked with ACI Fabric path and also connected ACI to Layer 3 external networks.
- Deployed Identity Service Engine Basic and Advanced package with ACS, NAC guest, NAC posturing and NAC appliance
- Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wire shark, and Splunk, solar winds and Cisco Prime infrastructure to support Network Operation Center.
- Analyze and Troubleshoot Network Performance issues with Cisco NAM & Distributed Sniffer
- Installed and Configured Cisco ASA 5516,5525,5545,5585 Firewalls with Sourcfire code running on it.
- Configured/Troubleshoot Site to Site VPN tunnels with our clients on Cisco ASA 5500 Platform.
Confidential, Dallas, TX
Senior Network Engineer
- Deployed Cisco ASA Firewalls and Sourcefire Cisco ASA along with Intrusion Detection system (IDS), Intrusion prevention system (IPS), Advanced Malware protection system (AMP) and URL Filtering for 19 Branches across the globe.
- Managed Cisco Wireless environments which had Cisco Wireless controller 5520 along with Aironet 3702i, 2602i,1142N and 3502i series access points.
- Managed Palo Alto Firewalls 5280 and 5160 series and handled day to day tickets and changes to the configuration , S2S tunnels and Remote access VPN through CLI and panorama.
- Integrated multiple Nexus 2k,5k,7k and 9k switches to Nexus Fabric manager (GUI) a centralized management center at Head quarters to configure Overlay VX-LAN broadcast domains, VRFs, VPCs.
- Responsible for Implementing Avaya Aura and Cisco Unified Communication Systems (CUCM) Call manager VOIP telephony system, IVRs, Cisco contact center (for call center operations).
- Hands on experience in managing Mcafee Epo for DLP, End point malware protection, Cisco Network access control (NAC) and Web application firewall.
- Hands on experience on Viptela SD-WAN and integrated with Zscalar cloud security platform.
- Worked as Senior Network Security Engineer in various capacities of Cisco technologies such as Nexus Data Center Management, Routing and Switching, Security, Acquisitions, Integration, New and Existing projects deployments.
- Troubleshoot and configured HP Aruba 8320s, 8400s and 2930s along with multiple Aruba wireless access points.
- Migrating Cisco ASA firewall AnyConnect with secured VPN Users Group, including deployment of Two-Factor Authentication (LDAP+Soft Token) for VPN Clients.
- Provisioning PaloAlto based DMZ and L2L VPN between Corporate HQ and Co-Locations, partners and 3rd party cloud hosting services.
- Participating in multiple projects such as data center build, DMVNP for 500+ branches, ASA to PaloAlto firewall migration.
- Drive the project for implementing Viptela Software Defined WAN (SD-WAN) solutions and reduced Cost on MPLS for every fiscal year.
- Cisco code upgrade for IOS/NXOS platform for all core data centers included Catalyst 3750,3850,4500,2960X and NEXUS 2K,3K,5K,9K and Routers ASR-1K, 2900 Series, 4300 Series.
- Running migration cutovers of MPLS-VPN and DMVPN for newly acquired offices, including traveling to country-wide offices.
- Migrate and provisioned existing MPLS circuits for newly accusation’ s branches and corporate office to dedicated High-Speed WAN circuits from Verizon, Comcast and with all other local service providers.
- Design and Built the new Data Center in Flint, MI with multi-homing strategies and new accusation’ s corporate offices prior to full cutover to John Deere’ s corporate network.
- Securing the core infrastructure by migrating the access level from Local to RADIUS+NPS authentications.
- Securing all 500+ branches and corporate offices from Brute-Force attack by locking down the remote access.
Confidential, St. Louis, MO
Network Security Engineer
- Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewalls.
- Responsible for Cisco ASA firewall administration across our global networks.
- Have Applied ACLs for Internet access to servers using Cisco 5550 ASA firewall and performed NAT.
- Configured and Handled Cisco IPS, IDS, Cisco Access control system, Cisco Network access control (NAC) and Cisco Identity service engine (ISE version 2).
- Configured Virtual switching switching system (VSS) with Virtual switching link for keep alive and configured multiple Port channels both in LACP and PaGP .
- Have upgraded Cisco call manager CUCM from version 11 to Version 12 and provided day to day support.
- Dealing with the Cisco ASA 5550 providing the advanced application-aware.
- Remediation of the firewall rules from checkpoint firewalls to Cisco ASA firewalls and also performed their implementation.
- Deployed Sourcefire and FTD and managed them Firesight management center.
- Involved in Providing Technical Support and solutions for Network Problems.
- Experience in Implementation of NAT solutions on WAN applications.
- Configured HSRP and VLAN trucking 802.1Q, Spanning Tree, VLAN Routing on Catalyst 6500 switches.
- Managed cisco access points 1142N,2700s and 3502i runs in 802.11 AC Wave 2 and added them to Cisco wireless controller 5508.
- Experience working Juniper T-Series, M-Series, MX-Series, J-Series Routers
- Hands on experience in Upgrading IOS, troubleshooting network outages.
- Worked on various Nexus Products Nexus 7010, Nexus 7009, Nexus 5548 and Nexus 2248.
- Proficient in Cisco IOS for configuration troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS
- Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, NOKIA Firewalls, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
- Possess Data Center Design Experience, installing and Configuring Network Devices in a Data Center including patching the cables in the Patch Panel.
- Design and implemented 8320 HP Aruba switches in VSX pair as Core Switches and 2930 Aruba switches stacked as access switches in a collapsed core model
- Good Knowledge on security information and event managemnent (SIEM) and playing a key role in deploying SIEM at Head Quarters .
- Deployed Splunk servers at multiple client locations, the Security information and event management SIEM tool and worked with Guide Point vendor for vulnerability assessment.
- Experience on Configuring Cisco ASR 9K/1K 7600 Series Routers.
- Responsible for implementing, engineering, level 3/4 support of existing network technologies / services integration of new network technologies / services.
- Worked on troubleshooting customer related issues related to router Configuration, Layer 1/Layer 2 issues.
- Worked on Migration of Juniper SRX firewalls for isolation of network segments and VPN's
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Palo alto VPN experience
- Worked on OSPF using features like TSA, SA, NSSA and route summarization.
- Configured EBGP/IBGP policies, also tested BGP attributes such as Local preference, MED, AS-PATH, Community and Weight.
- Working knowledge of Firewall service module FWSM UPGRADE, FWSM RULESET conversion
- Experience with WCS predictive maps and RF Engineering Planning.
- Worked on networks with WAN protocols such as MPLS, HDLC, PPP Frame Relay.
- Configured BGP load balancing and ensured stability of BGP peering interfaces.
- Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
- Configured Virtual-link between discontinuous backbone areas in the network and also established authentication between all OSPF routers using MD5 authentication.
- Involved in effective communication with vendors, peers and clients in resolution of problems.
- Monitor network performance accompanying company's service level agreements SLA using Network management tools such as Cisco works and also provided necessary recommendations to improve network performance.
Jr. Network Engineer
- Managing and Maintaining a Microsoft Windows Server 2008 Environment.
- Planning, Implementing, and Maintaining a Microsoft Windows Server 2008 Active Directory Infrastructure.
- Provided functional and troubleshooting and diagnosing hardware and software problems, including desktop, laptop, WAN, LAN, and remote systems.
- Configured, managed and deployed group policies.
- Installed and maintained software through group polices.
- Configured, managed File server, Printer server on the network.
- Configured and managed domains on Windows 2003/2008 platforms.
- Planned, implemented and maintained critical network infrastructure services (i.e. WINS, DNS and DHCP).
- Monitored and troubleshot LAN, installed and configured routers, hubs and switches, and generated weekly reports.
- Produced backup software for distribution and maintenance all computers and peripherals.