SUMMARY:

• Experience in Designing, Implementing, Security and Troubleshooting Service Provider Network and Enterprise Network and Network administration, implementation, design, and troubleshooting Seeking a challenging and interesting opportunity in network engineering which enables me to maximize my technical and managerial skills.
• Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Strong hands - on experience on Juniper and Cisco ASA 5585 firewall and Cisco Firepower 2110, 4110 and 2130.
• Designed and configured the commands for QoS and Access lists for Nexus 7K and 5K.
• Expert working knowledge (including the ability to setup, configure, upgrade, manage and troubleshoot Cisco routers, switches, VPN concentrators, firewalls, 802.11 wireless access points and load balancers).
• Experience in Cisco Routing and Switching with strong Cisco hardware/software experiences with Routers such as 2900, 3800, 3900, 4000, 7200, 7600, 3900; Cisco Multilayer Switches 2960, 3850, 4500, 4900, 6500;
• Experience on Cisco ASR 9K series related routers, Juniper Firewalls (SRX5400, SRX5600, and SRX5800) devices and Bluecoat Packet shapers 2500,7500, 12000, S200, S400, Cisco Firewalls (ASA 5505, 5506-X, 5585), Checkpoint firewall and Palo alto firewall PA-5050, 220 and 850
• Hands on experience on NAT (Network Address Translation) configurations and its analysis on troubleshooting issues related access lists (ACL).
• Migrated firewall rules from Cisco ASA to Palo alto. Designing and Configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+& RADIUS)
• Working knowledge in BGP, OSPF, EIGRP, RIP, IS-IS, HSRP, L2/3 VPNs in IOS, IOSXE, and IOS XR platforms.
• Strong experience on Juniper SSG series Firewalls and checkpoint R75,76 Firewalls
• Experience in configuration of Juniper security appliances SRX 220, SRX 240, SRX 550, NS 50, SSG 550M, SSG 520M.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Cisco ASA.
• Responsible for check point, Cisco Firepower and Cisco ASA firewall administration across global networks.
• Hands on experience in configuring and supporting site-to-site and remote access Cisco, IPSec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
• Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration from Juniper Net screen SSG-550 to Palo alto 5000
• Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Experience on Code Upgrade for Cisco Routers including 7200, 3900, 2900, 881, 891 and Switches including 6500, 4500, Nexus 9K,7k, 6k, 5k,4k, ASR 9K, ASR 1K.
• Experience in configuring Site-to-site(S2S) and client to site (C2S) VPN tunnels.
• Experience with all 7 layers of OSI.
• Configuring rules and Maintaining Palo alto Firewalls & Analysis of firewall logs.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Proficient with Cisco Routers and Switches such IOS, IOS-XR, NX-OS, and IOS-XE. experience on Code Upgrade for Cisco Routers including 7200, 3900, 2900, 881, 891 and Switches including 6500, 4500, Nexus 9K, Nexus 7k, Nexus 6k, Nexus 5k, Nexus 4k, ASR 9K, ASR 1K.
• Experience in configuring security technologies like IPsec VPN, DMVPN, VLAN's, policy-based routing.
• Hands-on experience with Cisco Nexus 7000, Nexus 5000 and Nexus 2000 platforms
• Experience with traffic monitoring on LiveNx and SolarWinds.

TECHNICAL SKILLS:

Operating Systems: Cisco IOS, Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 Server, Windows XP/Windows 7/8, LINUX, UNIX, MS Exchange server, Solaris, Active Directory.

Equipment s (Switches Routers): Cisco routers (7600, 7200, 3900, 3600, 2800, 2600,2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series, Juniper SRX, MX, EX Series Routers and Switches.

OSPF, EIGRP, BGP, RIP, RIP: 2, PBR, Route Filtering, Redistribution, Summarization, Static Routing.

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing &Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging.

ASA: 5500 series, Cisco firepower 2110,4110, checkpoint, Juniper Netscreen Firewall ISG100, 2000, SSG, SRX .

Load Balancer: ACE Module, GSS & F5 LTM

LAN Technology: Workgroup, Domain, HSRP, DNS, DHCP, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN technology: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET.

Various Features &Services: HSRP, VRRP, GLBP, NAT, SNMP, NNT, SYSLOG, NTP, CDP, DNS, TFTP, FTP, IOS and Features, Management. Wireshark, IXIA chariot, Packet Sniffer, Packet Analyzer and Solar Winds Breaking Point, TCPDump, Python.

Wireless & WiFi: Canopy Wireless Device (point to point/point to multipoint), DLink Wireless (point to point), DLink Access Point, CISCO 1200 series Access Point, and Linksys Wireless/Wi-Fi Router.

Tools: LiveNx, SolarWinds, Cherwell, Wireshark, ServiceNow

PROFESSIONAL EXPERIENCE:

Confidential, Lexington, KY

Network Security Engineer

Responsibilities:

• Establishing the networking environment by designing system configuration, directing system installation, defining, documenting and enforcing system standards
• Designing and implementing new solutions and improving resilience of the current environment
• Hands on experience with Cisco 3560, 3750X, 4500, 9300 & 9407 series switches, Cisco ASA 5512, 5525, 5525-X firewalls and routers configuring, deploying and fixing them with various modules like Gig card, NIC, WIC card and Network Modules.
• Expert knowledge on the Firewall Hardenings , Patching , Firewall Remediation and Segmentation issues.
• Maximizing network performance by monitoring performance, troubleshooting network problems and outages, scheduling upgrades and collaborating with network architects on network optimization
• Undertaking data network fault investigations in local and wide area environments, using information from multiple sources
• Securing network systems by establishing and enforcing policies, and defining and monitoring access
• Supporting and administering firewall environments in line with IT security policy.
• Configured SNMP, NNT, NTP and TACACS configurations as part of Network device hardening issues.
• Worked on device vulnerabilities and solved most of the issues in Cisco routers, switches and firewalls.
• Reporting network operational status by gathering and prioritizing information and managing projects
• Upgrading data network equipment to the latest stable firmware releases
• Responsible for configuring and Installing infrastructure devices provided with engineering resources including network audits, design, implementation, and maintenance.
• Provided with the optimized services to the data customers and used solar winds as primary toolset for portscans of required hosts.
• Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
• Layer 2 switching technology architecture, implementation and operations including L2 and L3 switching and related functionality includes the use of VLANS, STP, VTP.
• Supporting EIGRP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.
• Supported Data Center migration and consolidation project. Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Analyzing the build documentation, workflow process, software and hardware requirements.
• Estimated Project costs and created documentation for project funding approvals.
• Managed various teams involved in site surveys, cabling specifications, portscans, physical port-mapping, cabling management, Network equipment installation and configuration.
• Performing upgrades on Cisco Routers, Switches and Firewall (ASA) IOS using TFTP Server.
• Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network.
• Provide consultation support to departmental project teams with network firewall Cisco ASA and Firepower design, implementation, and security-related development projects.
• Proficient in usage of Cisco ASDM and Fire power Management Center.
• Identify the obsolete or unnecessary configurations, object groups, access control lists, network address translations, SSH clients, and the hosts on all firewall, and create a procedure to remove the findings.
• Checking the health status & vulnerability of Network devices involves IOS upgrades on every quarter, verifying and reviewing the configuration with latest version of IOS images and replacing the End-of-Life switches.
• Responsible for cabling and labeling based on day to day requirement, racking & stacking of various network equipment and made sure that there is no connectivity issues using ping and trace route.
• Configuration and troubleshooting of Cisco catalyst 4500k series switches with supervisor cards (6-E/6L-E, 7-E/7L-E, 8-E).
• Participated with the deployment and operation of information security systems, including integration, testing, troubleshooting, and updating/upgrading of various security tools and appliances such as antivirus, IPS, malware detection tools.
• Used various scanning and sniffing tools like SolarWinds, LiveNX.
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
• Working on ServiceNow ticketing tool & responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.

Confidential, Downey, CA

Security Engineer

Responsibilities:

• Provide consultation support to departmental project teams with network firewall Cisco ASA and Firepower design, implementation, and security-related development projects.
• Configure and administer Cisco ASA 5506,5506-X,5508,5508-X,5555,5555-X and Firepower-2100,4100,9300, including access control list, IOS software code upgrades, firewall availability and performance monitoring.
• Document firewall implementation plans, operating procedure, processes, and configuration as necessary to support the operational activities related to network firewall infrastructure.
• Identify, troubleshoot and resolve complex network connectivity problems.
• Identify the obsolete or unnecessary configurations, object groups, access control lists, network address translations, SSH clients, and the hosts on all firewall, and create a procedure to remove the findings.
• Plan and execute the installation of new network firewalls that will replace the current equipment due to the end-of-support.
• Provide knowledge transfer to the ISD firewall operations team through and mentoring.
• Provide written and verbal communications to internal and external customers, management and technical staff.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Configure and install various network devices and services (e.g., routers, switches, firewalls, load balancers, VPN, QoS) configuring & management of VLANS, 802.1q trunks, VTP, security policies.
• Performed administrative support for RIP, OSPF routing protocol.
• Upgrading and investigating Cisco IOS to the Cisco router, switches and firewalls.
• Configured the Cisco router as IP Firewall and firepower and for NATting, switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches
• Configured Access-lists, Distribution-lists, Offset-lists and Route Redistribution.
• Supported multi area OSPF implementations.
• Involved in configuration of OSPF Summarization (Summarizing internal and external routes).
• Scalability of OSPF by Filtering of Intra, Inter and External OSPF routes
• Used various BGP Attributes and various Route-filters such as named Access-lists, Prefix lists, Route-maps to permit or deny routes and to change various attribute
• Experienced in implementation and troubleshooting knowledge of protocols and technologies, especially in the following: BGP4, OSPF, IPv4, and Ethernet.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications
• Working on Cherwell and ServiceNow ticketing tool & responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.

Environment: Cisco 3550/4500/6500 switches, Cisco 2900/3900/6500/7500/7200 routers, Cisco ASA 5500,5500X,5555X, Firepower-2100,4100,9300, VOIP, IP Phone, OSPF, BGP, RIP, EIGRP, LAN, WAN, CISCO IOS, Palo Alto firewall.

Confidential, Chicago, IL

Client Deployment Network Engineer

Responsibilities:

• Design and implementation of Global monitoring and Alert system (SolarWinds)
• Configure Cisco 5508 Wireless LAN Controller and 3700 Series Access Points.
• Worked on ASA (5540/5550) Firewalls and firepower 2k and 4k. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Created and Designed Cisco ISE policy for iPad, tablet and mobile phone. Making sure the business and guest devices where working within Company’s wireless network.
• Integrating Panorama with Palo Alto fireballs, managing multiple Palo Alto fireballs using Panorama.
• Implementing and configuring F5 LTM's for VIP's and Virtual sewers as per application and business requirements. F5 configuration, installation, and monitoring with F5 APM.
• Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MST related issues coming in network environment
• Design, configure, and administer Juniper MX routers, SRX Firewalls, Cisco routers & switches.
• Responsible for all routing, switching, VPN, network security, and server load balancing.
• Using PBR with Route Maps for route manipulation/filtering. Troubleshooting routing issues like suboptimal routing and asymmetric routing
• Juniper Contrail SDN deployment assistance to the senior engineering team
• Configure all Palo alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Built an accruing network via MPLS circuits to split the trusted and un-trusted traffic via a Cisco ASR Router.
• Implemented antivirus and web filtering on Juniper SRX 240 at the web server
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture
• Implemented MPLS/VPLS, QOS, BGP, OSPF, VRF, IPSEC, L3VPN/ASA firewall configuration changes into Cisco 6500, 2800, switches/routers
• Have created lot of site to site IPSEC VPN tunnel with Checkpoint, Juniper Netscreen firewalls and Cisco PIX/ASA firewalls. Completed a project to update the patch HFA50 across all the firewall to overcome the bugs in the existing version of R65.
• Added Palo alto's as TAP mode in the environment and provided the Layer 2 connectivity to them to perform IDS and IPS for Denver Community Credit Union. Also worked on upgrading the PAN-OSand schedule dynamic updates and subscriptions for the Palo alto devices.
• Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices using IKE pre-shared keys, 3DES and MD5.
• Experience with Cisco UCS to deploy applications faster. Also, to improve server performance by using Cisco UCS.
• Access control server configuration for RADIUS and TACACS+.
• Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Physically deployed new Cisco Nexus devices, Catalyst and Nexus replacement blades, FWSMs, Cisco ASAs, Citrix Netscaler MPX.
• Experience with OSI model to communicate end to end connectivity.
• Also experience with TCP/IP model which is generalized form of OSI model.
• Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K, 2k and its downstream devices.
• Understand the JUNOS platform and worked with IOS upgrade of Juniper devices
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Implement changes on switches, routers, load balancers (F5 and Brocade), wireless devices as per engineer’s instructions and troubleshooting any related issues
• Involved in upgrades to the WAN network from existing 7200vxr with ASR 1004 and 3845/3945 routers.
• Deploying BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application

Environment: Cisco 2948,3560,3750,3550,2960,6500 switches and Cisco 3640,1200,7200,3845,3600,2800 routers. Cisco Nexus 9K/7K/5K/2K, Cisco ASA 5500, ASA 5520, 5545-X, ASR 9K, F5 BIGIP LTM, APM, EM and GTM Series, Aruba Wireless Controllers (3200, 3400, 3600, 6000) and AP (60, 65, 70, 124, 125, 175), Cisco Prime Networks. Cisco AIRONET 1200 AG Series, Voice gateway MP-VG-124, LAN, WAN, Cisco IOS, Palo Alto PA-500, PA-2k, PA-3k & PA-5k series, Checkpoint R65/R70/R75/R77. Juniper EX2200, EX3300, EX4200, EX4550 and EX4300 series switches and Virtual MX(VMS) MX5, MX 10, MX40, MX240, MX 480, MX960 and MX 2020, SRX220, SRX240 firewalls.

Confidential, Herndon, VA

Network Security Engineer

Responsibilities:

• Designing and deploying various network security & High availability products like Cisco ASA and Checkpoint Firewall products
• Monitor and Manage Network activities from Network Management tool HP Open view.
• Designed, implemented and maintained WAN technologies like DWDM, MPLS, VPLS and tunneling technologies like L2VPN, Psuedowire, IPsec, SSL, AnyConnect.
• Configuring VPN, clustering and ISP redundancy in Checkpoint firewall
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls
• Configuration of Cisco (IOS, IOS XE, and NXOS), Juniper, Palo alto, and F5 Network hardware.
• Configuring, upgrading and verifying the NX-OS operation system.
• Integration of Open Contrail Controller with OpenStack Controller and Open Contrail router with Compute Node
• Worked extensively in Configuring, Monitoring and Troubleshooting Juniper security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Experience in configuring, upgrading and verifying the NX-OS operating system.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Performed troubleshooting and management of OSPF and BGP protocols on routers.
• Conducted network Packet Analysis using a variety of tools such as Wireshark, Net witness Investigator, Splunk, Bro, FireEye, McAfee, Mandiant MIR, and ArcSight.
• Deployed Nexus switches 2248, 5548, 7018 and implemented features like FEX Links, VPC, VRF, VDC, and OTV, Fabric Path
• Supporting customers with the configuration and maintenance of ASA firewall systems.
• Used F-5Load balancers to increase capacity (concurrent users) and reliability of applications.
• Deployed and maintained routing protocols such as OSPF, EIGRP, BGP, GRE, MPLS/VPN, HSRP and static routes on Cisco routers and switches and Juniper routers
• Responsible for troubleshooting complex networking issues in service provider MPLS & internet IP addresses and AS numbers for COLT and customers
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
• Configuring various BGP attributes such as Local P, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Implementing security Solutions using Palo Alto PA 5000, Check Point Firewalls R75, R77.20 Gaia and Provider-1/MDM.
• Deployed the Nexus 7000/5000/2000 architecture into production securing competitive advantage across multiple verticals.
• Converting CatOS to Cisco IOS Config Conversion on distribution layer switches
• Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to Get VPN.
• Worked closely with RIR (Regional Internet Registry) to procure PI (Provider Independent) and PA
• Experience with converting check points VPN rules over to the Cisco ASA Solution. Migration with Cisco ASA VPN experience.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/ switches and Cisco / 7200/ 3845/3600/2800 routers, Cisco Nexus 9K/7K/5K/2K, JUNIPER, Cisco ASA 500, F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, lSDN, WAN, VPN, HSRP, ASM, APM., PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, Fortigate, Cisco CSM, ACL-Access Control List, IPS/IDS, NAT, PAT, Cisco ACS, Filtering, Load Balancing using f5 and Cisco ace, DMZ Setup, CBAC, IOS Firewall features, IOS Setup and Security features.

Confidential

Network Engineer

Responsibilities:

• Responsible for design & management of Juniper Netscreen Firewalls, Juniper Switches, Cisco Switches.
• Experienced working with security issues related to Cisco ASR 9K, Firepower 4K and 2K, Checkpoint and Juniper Netscreen firewalls.
• Design, install, configure, troubleshoot and maintain varies load balancers including Citrix Netscaler, Riverbed STM.
• Designed firewall solutions to include zones, policies, NAT & PAT, address-groups, and network objects.
• Performed security audits to ensure optimal network functionality and hardening.
• Created and design network layout and documented the network system design with detail information.
• Responsible for creating, modifying, removing VLAN configs as per the need.
• Configuring standard and extended access-lists for security purpose.
• Provide timely and accurate progress status on all ongoing support issues, with an emphasis on problems, issues, and concerns.
• Proficient with F5 LTM and Cisco CSM load balancer in-between the servers inside the server farm and DMZ. Dealt with F5 load balancing of web traffic and data center environment failover for HA servers.
• Hands on experience with new next generation Palo alto appliances serving as firewalls and URL and application inspection.
• Troubleshoots Different technologies problems involving to Cisco routers, Firewalls, APs, Switches, Fortinet and Meraki.
• Firewall filtering and NAT, Adding and modifying the policies in juniper SRX.
• Configured policy-based and route-based IPSEC-VPNs for Juniper ISG And ACX devices
• Designed and implemented McAfee 4010 and Cisco 4200 series Intrusion Prevention and Detection System solutions
• Configured data center switches for network backup, replication, and storage and resolved related technical issues.
• Managed and maintained high-availability firewall clusters utilizing NetScreenOS (NS5200 & ISG1000), JunOS (SRX 240, 1400, 3400), Palo Alto (3050) and Cisco ASA (5585x)
• Architected ACS TACACS+ solutions for client networks and administered user permissions
• Configure / Troubleshoot CISCO 12000, 7500, 3800, Juniper MX 480, MX960 series routers and EX4200 & EX3200, 3560 series switches for LAN/WAN connectivity.
• Configured network services equipment Riverbed accelerators in compliance with security policy.
• Used Citrix Netscalar for VPN.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.

Environment: Cisco Router & Switch 4506 Series, 6500 Series, Nexus Switch 5000, ASA 5520, 5545-XCisco AIRONET 1200 AG Series, Voice gateway MP-VG-124, LAN, WAN, Cisco IOS, Juniper EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240, Cisco Call Manager, Call Manager Express.