SUMMARY:

• 8 years of experience in Cisco/Juniper Networking, Security which includes designing, Deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols.
• Hands On experience Cisco IOS/IOS - XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
• Experience in Implementing Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R76, R77.10, R77.30
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Extensive work experience with Cisco Routers, Cisco Switches, Load Balancers and Firewalls.
• Configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000. Configuring VDC & VPC in Nexus 9k, 7k, 5k and 2k.
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 9000, 7010, 5000 series to provide a Flexible Access Solution for a datacenter access architecture
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Implemented Security rules, NAT rules, IP sec VPN, SSL VPN
• Configuring Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210
• Responsible for Palo Alto, Check Point (Secure Platform R70) and Cisco ASA firewall administration across global networks.
• Experienced working on network monitoring and analysis tools like, SOLAR WINDS, CISCO works and RIVER BED and Wireshark.
• Experience in converting Cisco ASA rules over Palo Alto based solution.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Experience in testing Cisco routers and switches in laboratory and deploy them on site production.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series
• Knowledge in preparing Technical Documentation and presentations using Microsoft VISIO/Office.
• Worked on MPLS while ensuring secure networking, improving the network performance by prioritizing network traffic and allocating bandwidth according to usage and service requirements.
• Worked on Multicast to use the bandwidth more effectively while reducing the load on the sender.
• Knowledge of WAN Optimization Technology, Riverbed.
• Configuring Cisco Wireless Controllers and AP’s.
• Configuring Cisco WAAS.
• Configuring the Network Admission Control (NAC).
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
• Hands on Experience testing iRules using Browser(IE), HTTP watch

TECHNICAL SKILLS:

Networking Technologies: LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP

Networking Hardware: Cisco Switches, Cisco Routers, ASA/Pix firewalls, Vmware, Ironport

OSPF, IGRP, EIGRP, RIP, MPLS, IS: IS, BGP, Multicasting

Security Technologies: PAP, CHAP, Cisco PIX, Blue Coat

Network Monitoring: Cisco Works 2000, Wire Shark, HRPing

Operating Systems: Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS XR

Routers: CISCO 2600, 2800,3600,3800,7200, Nexus 9K, Nexus 7K, Nexus 3K Juniper M & T Series, Cisco CRS-1, CRS -3, GSR

Load Balancers: Cisco CSM, F5 Networks (BIG-IP)

Capacity & performance: IXIA, Spirent, Cisco works, IPerf, IXChariot

Switches: CISCO 2900, 3500,4500,5000,6500, Nexus 7k,5k,2k

Programming Languages: C, C++, Perl, VB Script, Power Shell, Python, SQL

Simulation Tools: Qualnet Developer, OPNET IT GURU, OPNET Modelar, Cadence

Palo Alto PA: 2000/3000/4000/5000 , juniper net screen(500/5200), Juniper SRX (650/3600), Pix(525/535), ASA (5520/5550/5580 ), McAfee Web Gateway. Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R76, R77.10, R77.30

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Features & Services: IOS and Features, HSRP, GLBP,IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVR s, HLD and LLD documents, Confidential equal logics

PROFESSIONAL EXPERIENCE:

Confidential, Kansas City, MO

Security Network Engineer

Responsibilities:

• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall.
• Configured Enterprise level Cisco ISE by installing certificates, building ISE nodes, and adding to clusters using VMWare.
• Using LogRhythm to troubleshoot ISE issues that rise on the network and to monitor the entire infrastructure.
• Being focused on security, reducing risks and containing threats.
• Creating or Modifying Firewall rules on Cisco 5555, 5520, Juniper SRX and Palo alto VM-300 devices.
• Upgrading the IOS on Network Devices including cisco 6800, 6500 and Palo Alto VM-300 devices
• Experience in working in panorama, palo alto user interface version 8.0.2 and VM-300 series firewalls.
• Creating templates in panorama to manage the individual devices from it.
• Configuring HA pair for two Palo VM-300 series AWS instance firewalls and testing the failover activity as well as ENI migration.
• Responsible for configuring and implementing network, firewall and security solutions (IDS/IPS) using Palo Alto networks.
• Creating Network objects, dynamic address groups, FQDN and assigning it to rules based on the information in tickets
• Creating custom URL profile based on the expressions and assigning it to rule to perform URL filtering.
• Configuring network interfaces, static routes, NAT rules in panorama and thereafter pushing to individual palo alto devices.
• Performing the software upgrade from version 7 to 8.0.2 on panorama and VM-300 series palo alto firewalls.
• Configuration included VLANs & VTP, STP port features, Gateway redundancy using HSRP, enterprise security using Cisco Port Security and Dot1X framework.
• Configuration included deploying of new branch locations or new network devices in the existing infrastructure. Like, 4500-X in VSS mode and 3850 switches for distribution and POE-user switches
• Troubleshooting the Network failure issues and thereby making the changes to Network Infrastructure.
• Worked on maintenance and upgraded Cisco wireless WLC, LWAPP APs
• Troubleshoot issues with Wireless Access points (Cisco 3502) and configure SSID’s on 5520 Wireless LAN Controllers.
• Implemented the Core switch cut over project from Cisco 6509 to Nexus 7004 devices.
• Configured VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7k/5k devices
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Established BGP peering between onsite datacenter in Albany and AWS cloud.
• Worked with Cisco advance services to implement data center Nexus environment for new Upgraded datacenter for the NX-OS in 7004 in core layer, 6880 in aggregation layer and cisco 6800 in access layer.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Providing Technical Support and solutions for Network Problems and resolve tickets across sites and corporate offices.
• Involved in periodic IOS upgrades, troubleshooting network outages and high severity incidents
• Configuring Node, pool, VIP, SSL client, server profile in F5 LTM 4000 series Bigip and thereby adding firewall rule to bring the end servers live
• Troubleshooting when the servers are down, checking logs the identify the error and thereby taking necessary steps.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long-term planning, implementation, project management and operations support as required.

Confidential, Charlotte, NC

Cyber Security Engineer/Firewall Engineer

Responsibilities:

• Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis to analyze and triage cyber security events e.g. SIEM (Qradar, Splunk, Cylance) IDS, IPS, firewall, etc. and perform continuous hunt activities across the environment.
• Successfully migrated from Cisco over to Checkpoint and Palo Alto Firewalls in given change window.
• Configured Checkpoint Firewall in distributed deployment and also maintaining Site-to-Site VPN Connection through the Firewalls.
• Responsible for configuration and Virtualization of Checkpoint firewalls across the enterprise.
• Monitoring, implementing firewall rule requests, URL filtering, monitoring threat alerts and suggesting remediation methods.
• Enabled SSL inspection throughout the enterprise through Zscaler web proxy.
• Configured scan engines, alerts and monitor for vulnerabilities across two data centers with Rapid7 InsightVM
• Configured PA-7050, PA-5260, PA-5020, PA-3050, and PA-3020 and also configured PA-200 for lab environment.
• Upgrade the existing Panorama. Integrating the new firewalls to Panorama.
• Responsible for working on change tickets for existing Palo Alto Firewalls in the environment.
• Reconstruct cyber events, assess cyber threat and scope of impact, identify and track any internal lateral or external movement, and develop response solutions.
• Part of a Cyber Security team responsible for monitoring threats and alerts, providing remediation methods for issues to network administration and applications team, incident handling and maintenance of various security products and its infrastructure. Addressing Vulnerability exceptions and false positives reported by Audits.
• Identify threats and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancement.
• Analyze current technology capabilities and develop/produce/deliver technical enhancement plans with consideration of integration capability in a global setting.
• Research and track new exploits and cyber threats, lead containment of threats and remediation of the environment during or after an incident.
• Lead cursory and/or in-depth insider threat analysis (i.e. packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate for hand-offs/escalations.
• Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering.
• Oversee execution of established operational processes and procedures by SOC analysis to analyze, escalate, and lead remediation of security incidents.

Confidential, Houston, TX

Firewall Engineer

Responsibilities:

• To ensure that the day-to-day Security Operations runs smooth. Change management and 3rd level Incident management being the primary responsibility, participate directly as well as take escalations from the team members as and when required.
• Worked on WAN Accelerator “River Bed “for optimization of the bandwidth and file sharing on the WAN Circuit.
• Change Management: Need to make sure that all the change designs and implementations are completed and tested as per the schedule required by the customers.
• Configured virtual servers, pool, pool members and load balancing method on the F5 LTM.
• Configured SSL termination and persistence profiles on the BIG IP F5 LTM.
• Configured and monitored different monitor modules F5 BIG-IP LTM.
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates.
• F5 certificate installation, renewals, cypher suit modifications.
• Involved in managing a network with over 250 firewalls. Strong hands on experience with Checkpoints, Palo Alto.
• Firewalls, Panorama (M-500) and Cisco ASAs on a regular basis.
• Responsible for decommissioning several legacy firewalls, Checkpoints (R75, R75.40s), Cisco ASAs and migrating them to Palo Altos and Checkpoints.
• Configure URL filtering to enable and/or disable user traffic access to unauthorized web sites.
• Configure new routes for new endpoints into Palo Alto Firewalls.
• Extensive Packet level debugging and troubleshooting on Palo Alto Firewalls to resolve numerous network issues.
• Worked on firewall migration tool to automate the process of migration. The process includes, but not limited to, configuring NAT and VPN, moving network objects, policies to PAN OS, moving from ports/protocols to applications, analyzing the current policy and compressing it fewer rules wherever necessary, policy tuning etc.
• Configured and administered Palo Alto firewalls and Panorama to manage large scale Firewall deployments.
• Configure and administer security rules and policies to permit or deny user traffic based on company security policy
• Upgrading Checkpoint Gaia and Security management from R 76 and R 7 .30 and R77.30 respectively with the latest hotfix take 216
• Worked heavily on Tufin and Firemon v8 to keep track of the changes, generate the rule and object usage reports before the cleanup property and also to ensure that that the compliance requirements are met.
• Involved in the cleanup of around 40,000 rules on ASAs in a month’s time before the migration.
• Also worked on Firemon’s data collectors to fix the issue of triplicate log packets being sent from Palo Altos to the data collectors.
• Coordinating with the risk remediation team and the appropriate BUs to communicate about the legacy firewall rules being sunset and ensure that there is no outage.
• Provided assistance to management with administration and configuration of critical enterprise security systems and software like McAfee ePO, McAfee DLP, Complete Endpoint Protection, Proofpoint.
• Co-ordinated with other team members and participated in the change management process to implement the needed changes. Worked on service now ticketing system to follow the change management process.
• Clean up all legacy devices and insure all systems in the environment have been cleaned up.
• Measure the application performances across the MPLS cloud through various routing and switching methods.
• Designed, developed, maintained and supported wired and wireless networks.
• Training the new team members with product technologies and Infrastructure setups. Also to make them aware of all the processes that needs to be followed while doing the technical work.
• Periodically or as and when required, revisit the process and improve it, covering any existing gaps and making it more robust as well as practical.

Confidential, Phoenix, AZ

Sr. Network Engineer

Responsibilities:

• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
• Used “River bed” for Data Protection and Disaster Recovery for securing the backups and archives on WAN.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
• Primary responsibility is to design and deploy various network security & High Availability products like Cisco ASA other security products.
• Working on to set up OSPF dynamic routing on Cisco ASA Firewalls by using and following their current network structure.
• Monitor, operate and support network security devices such as cisco ASA, juniper firewalls
• Experience with converting 6500 to Cisco Nexus in the data Center environment.
• Configuring OSPF and Static routing on Juniper M and MX series Routers.
• Experience configuring Virtual Device Context in Nexus 7010.
• Implemented antivirus and web filtering on Juniper SRX 240 at the web server
• Design and Configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Configured VLANs with tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
• Experience in Configuring, upgrading and verifying the NX-OS operation system
• Experience with configuring OTV between the data centers as a layer 2 extension.
• Communicating with engineers on operational issues, making recommendations to engineers about network architectures, performing complex problem solving during critical network outages.
• Experience with upgrading NX-OS to version 6.1 on the cisco Nexus 7010
• Configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4.
• Deploying and decommissioning of Cisco Routers, Cisco switches and their respective software upgrades
• Performing the Firewall ACL requests change for various clients by collecting source and destination details
• Working with Network Design and implementation teams on various projects across North America.
• Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Identify, design and implement flexible, responsive, and secure technology services.
• Experience in network security in a telecommunications environment.
• Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Performing troubleshooting on slow network connectivity issues, routing issues that involves OSPF, BGP and identifying the root cause of the issues.
• Configure Corporate, Wireless and Lab Devices which includes Bandwidth Upgrade, Adding New Devices, Decom the Devices, Testing( Pilot ) .
• Converting CatOS to Cisco IOS Config Conversion on Access, distribution & Core layer switches
• Planned for the implementation of a new architecture at legacy Web Hosting Data Centers
• Experience with converting Cisco 6500 to Cisco Nexus in the data center environment.
• Experience working with Nexus 7010, 5020, 2148, 2248 devices.
• Deploying and decommission of VLANs on core ASR 9K, Juniper QFX 5100, Nexus 7K, 5K and its downstream devices.
• Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the ip addresses from Subnet.

Confidential, San Ramon, CA

Network Security Engineer

Responsibilities:

• Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) and Switches to perform functions at the Access, Distribution, and Core layers.
• Configuring, upgrading and deployment of Nexus 7010, 5596 and 2248.
• Installation and deployment of new class 9X and class 10 Server farms in multiple silos.
• Designing and installing new branch network systems. Resolving network issues, running test scripts and preparing network documentation.
• Provided full visibility and notification of authorized and unauthorized network access with integration of CISCO ASA/FWSM and NAC solution
• Experience working on network monitoring and analysis tools like, SOLAR WINDS, CISCO works and RIVER BED and Wireshark.
• Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls
• Configured L2 and L3 VLANS in Juniper EX4200, QFX 5100, Cisco 6509 and Nexus 9k
• Working with Cisco Nexus 2248 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture.
• Ensuring problems are satisfactorily resolved in a timely manner with focus in providing high level of support for all customers.
• Working with wireless technologies troubleshooting and configuration.
• Establishing VPN Tunnels using IPSec encryption standards and also configuring and implementing site-to-site VPN, Remote VPN.
• Work with Engineering on Server Farm refresh project on consolidation and increasing the bandwidth on Server Access silos.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configure BGP features such as as-override, Local pre, EBGP load sharing on client connections
• Configured and resolved various OSPF issues in an OSPF multi area environment between multiple branch routers.
• Working with Juniper JUNOS on M and MX series routers.
• Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
• Configuring GLBP, VLAN Trunking 802.1Q, STP, Port security on Catalyst 6500 switches.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
• Configuring, Monitoring and Troubleshooting Cisco’s ASA 5500 security appliance, Failover DMZ zoning and configuring VLANs/routing/NATing with the firewalls as per the design.
• Providing Level 3 support to customers, resolving issues by attending to conference calls.
• Configuring multiple route reflectors within a cluster.
• Working on HP open view map for Network Management System and Ticketing.
• Working on a broad range of topics such as routing and switching, planning and implementation, large-scale high-visibility outages, change management coordination, proactive monitoring and maintenance, disaster recovery exercise and core network repairs.
• Involved in L2/L3 Switching technology administration including creating and maintaining VLANs, Port security, Trunking, STP, Inter Vlan Routing, LAN security.
• Working on security levels with RADIUS, TACACS+.
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP.

Confidential

Network Engineer

Responsibilities:

• Managed the LAN Switching Environment including creating and maintaining VLANs, STP, Trunking, Port Security, Vlan Security etc.
• Assisted in migrating existing server and network infrastructure from HQ to a data center for optimal functionality and management.
• Involved with the Systems team to Install, configure, & maintain DNS, DHCP on Windows 2000/2003 Server, also configured a FTP server; Installed configured & maintained MS Exchange Server.
• Set up and troubleshoot secured wireless access points for broadband Internet.
• Involved in configuration of WAN connection using a 3600 series Router and Frame relay method.
• Implementation of NAT with a pool of 2 public IP addresses.
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
• Designed and implemented an IP addressing scheme with subnets for different departments.
• Support a video conferencing network of distributed video units across U.S. and optimize the network infrastructure over which they run.
• Install and maintain voice, video and data communications infrastructure systems and cabling.
• Used various Network sniffers like Ethereal, TCP dump etc.
• SNMP network management using MRTG and Cisco works. Participate in 24 x 7 incident & problem support