OVERVIEW:

Network and security engineer with almost 8 years of hands on experience with vast knowledge and wide exposure among various technologies and platforms. Worked in leading global IT organization’s currently looking for a challenging role where I can exhibit my technical skills and knowledge.

PROFESSIONAL SUMMARY:

• Nearly 8 years of professional experience in Network and Security, including hands - on experience in providing network support, installation and analysis for a broad range of LAN / WAN communication systems.
• Experience in Migrating firewalls from checkpoint to Palo alto.
• Support the Arista EBGP Spine and leaf deployment.
• Assist in Data center migration.
• Experience with config, deployment of Bluecoat, Zscalar proxies.
• Experience with configuring Nexus 7k’s, 9k’s, FEX fabric Extenders.
• Experience in working with the multiple business partner circuits.
• Knowledge on Unix, VMware, Kubernetes platforms.
• Experience with designing, deploying and troubleshooting LAN, WAN, Frame-Relay, and Ether-channel.
• Experience in Configuring & implementing VLAN, VTP, LAN switching, STP and 802.x authentication in access layer switches.
• Switching tasks include VTP, ISL/802.1q, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.
• Experience securing and managing remote access using various VPN technologies like IPsec, SSL, and GRE.
• Utilizing management tools cisco works, solar winds, HP, IMC, Riverbed/mazu, Visio, Sniffer and Network Analyzer.
• Implementation, Configuration and Support of Checkpoint NGX R65, R70 and R71, Cisco Firewalls ASA 5505, 5506-X, 5585, Palo Alto Networks Firewall models PA-2k, PA-3k, and PA-5k, pA-7k’s.
• Knowledge on security attacks like DoS, DDoS, Spoofing, Nessus & Cisco IOS, Cisco Works.
• Installing and configuring F5 Load balancers and firewalls with LAN/WAN configuration.
• Designed and implement security strategies with Cisco and Palo Alto firewalls.
• In-depth understanding of IPV4, IP Sub netting, VLSM and ARP, Ping Concepts.
• Have Extensive knowledge of OSI and various network protocols (DNS, DHCP, TCP/IP, FTP, TFTP, UDP, ICMP, IPv4/IPv6, NFS, HTTP, SMTP etc.).
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms.
• Troubleshoot network and application issues by collecting the data from Gigamon taps, tcp dumps and expert level analysis using the packet sniffer tools like Wireshark, Tshark etc.
• Expert level hands on experience in configuration & troubleshooting of routing protocols and deployment of OSPF, EIGRP, BGP, HSRP and Pbr, Pfr on Cisco Routers.
• Experience deploying BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experience with IP Address Management (IPAM) systems such as Infoblox, SolarWinds.

TECHNICAL PROFICIENCY:

WAN Technologies: BGP, MPLS, IPSEC VPN, DMVPN.

WLAN Technologies: Autonomous AP’s, Lightweight AP’s, WLC, WDS, Channels - 802.11b/g.

Router Platforms: cisco 12000, 7600, 7200, 3800, 3600, 2800, 2600, 2500, 1800 series, ASR 1000 series

Cisco Switch Platforms: 6500, 5000, 4900, 4500, 3750, 3500, 2900, 1900 series, Arista 7300 X series switches. Nexus - 9000, 7000, 5000, 2000 FEX extenders.

Firewalls & Web Proxy: Cisco ASA (5520, 5540, and 5550), Palo Alto Panorama, PA-500, PA-3060, PA-7050, Checkpoint NG & NGX R60, R75, R77 Gaia, R80, Provider-1/MDS 4800, 12400 vsx, Bluecoat SG’s S500, S900’s, Zscalar cloud solution with ZAPP & VZEN’s, Cisco Source Fire IPS/IDS.

Load Balancer: f5 load balancers BIG-IP LTM’s, GTM’s application delivery controllers.

Routing Protocols: RIP, IGRP, EIGRP, OSPF, BGP, IBGP and IS-IS

L2 Protocols: VTP, STP, RSTP, MSTP, PVST, RPVST+, ISL, 802.1q, Vxlans, Mlag, LACP etc

Switching: Vxlan’s, Mlag’s, Port channels, CEF, VLANs, Private VLANs, Ether-Channel, Stack wise, FCOE, Fabric Path, OTV, SPAN, RSPAN, VSS, VPC, VDC, Eth analyzer.

Redundancy Protocols: HSRP, VRRP, GLBP, VOIP, QOS, VSS, VMPS, PBR

Network Management: Cisco ISE, Splunk, Cisco Works, HP Open view, Cisco Prime Riverbed Netim, ORION -SolarWinds, Riverbed Opnet, Aperture.

PROFESSIONAL EXPERIENCE:

Confidential, Reston, Virginia

Network/Security Engineer

Responsibilities:

• As a part of Enterprise Network Engineering/Operations team, involved in transformations, migrations, infrastructure builds and development of necessary documentation.
• Upgrade configuration changes, implement the Firewall Rules, configure the NAT, implement the new VPN, troubleshooting and handling the incident on number of vendor's Firewalls and other security products
• Security infrastructure engineering experience as well as a Microsoft Windows, UNIX, Checkpoint firewalls, Palo Alto firewalls, Bluecoat Proxies, and wireless switch security management.
• Perform checkpoint firewall OS upgrades using CLI, Splat and Voyager GUI.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances, serving as firewalls and URL and application inspection
• Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access, Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Worked with checkpoint appliances like 12400, 13500 series firewalls and creating IPsec VPN tunnels for many remote sites.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for Stateful replication of traffic between active and standby member
• Troubleshooting complex Checkpoint issues, Site-to-Site VPN related.
• Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments.
• Design and deployed F5 LTM and GTM load balancer infrastructure per business needs.
• Configured and troubleshoot the F5 local traffic manager. Performed TCP dump captures for advanced troubleshooting.
• Providing Root Cause Analysis for various outages and service failures
• Cisco ASA Firewall configuration, VPN configuration and Troubleshooting
• Providing support for Cisco firewalls, IPsec VPN, IPS (Intrusion prevention system) platform), ZBF (zone-based firewalls) on Cisco Routers
• Configured Nexus 9k/7k/5k/2k in Core/Aggr/Access Top of Rack & End of Row Architecture for a Scalable Production Network that supports Rack & Blade server architecture using VPC, VDC & VRF on a 10G backbone in Production and DR Data Center.
• Troubleshooting of complex LAN/WAN infrastructure that include routing protocols OSPF, & BGP.
• Performed upgrades for checkpoint gateways/MDS/MLM from R75.40VS/R70 to R77.30 checkpoint firewalls running Gaia.
• Successfully installed Palo Alto PA-3050, PA-5050 firewalls to secure zones of network.
• Managed and configured all Palo Alto PA 3000 series, PA 5000 series, PA 7000 series firewalls.
• Palo Alto design and installation (VSYS, Application and URL filtering, Threat Prevention, Data Filtering).
• Expertise in checkpoint suite, deploying/troubleshooting standalone, cluster or VSX environments.
• Implemented identity awareness in production environment using checkpoint Identity agent and AD query resulting in intelligent access design aided by active directory integration.
• Creation and troubleshooting IPSEC tunnels on checkpoint and CISCO ASA.
• Configured, deployed and upgraded bluecoat SG 5500 SG900 Web proxy appliances, BCAAA servers and proxy client.
• Trouble shoot application and network issues using Riverbed Opnet, SPAN and RSPAN. Good with analyzing TCP dumps using Wireshark & Infinity stream.

Environment: Cisco 6k’s, Nexus 7k’s,9k’s, Arista 7300 X series switches, Bluecoat Proxy SG 500,900’s, Zscalar cloud proxy, PA 5k’s, PA 7K’s, ASA ‘s, Source fire IDS/IPS, Gigamon.

Confidential, Boston, MA

Network Engineer

Responsibilities:

• Installed, and maintained various WAN technologies and applications connecting remote sites to corporate headquarters.
• Configured, implemented, and troubleshoot routers and switches with various account settings, permissions, and parameters including security firewalls.
• Installed various network hardware including concentrators, bridges, and hubs to establish communication connections with remote locations.
• Configured multiple domain name services (DNS), email services (Exchange Server), web, and file transfer protocol services (FTP) for various platforms including line leasing through DHCP servers.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM
• Upgrade Cisco 6500, 3750, 2960s, Nexus 5000, Nexus 2000, Nexus 7000 switch IOS software
• Worked extensively with Nexus 7000, 5000, 2000, Cisco 6500 series multilayer switches, Cisco 2960s series switches and Cisco 3560/3750s switches
• Identify, design and implement flexible, responsive, and secure technology services
• Responsible for Check Point, Cisco ASA firewalls configuration and administration across global networks. installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in the core network
• Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
• Experience in deploying EIGRP/BGP redistribution and the changing the metrics for the primary and backup
• Configured the VPC’s on Nexus 7010, 7018, 9k’s
• Experience working with High performance data center switch like nexus 7000 series
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.

Environment: IDS/IPS, 6500/3750/3550/3500/2950 switches, Juniper (M320, T640), Load balancing, Cisco 7200/3845/3600/2800 routers, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, Ether Channels, Nexus 7k’s,9k’s.

Confidential, Wilmington, DE

Network Engineer

Responsibilities:

• Worked on Cisco Layer 2 switches (spanning tree, VLAN).
• Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• In depth knowledge on AAA protocol.
• Racking, installation and configuration of datacenter switches - Nexus 9508 and 9332.
• Configure and troubleshot OSPF and BGP protocols in the environment.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
• Design and configuring of OSPF, BGP on Cisco Routers and SRX Firewalls.
• Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN.
• Troubleshooting IOS related bugs based on history and appropriate release notes.
• Worked on different connection medium like Fiber and Copper Connectivity.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Planning and configuring the routing protocols such as OSPF, EIGRP, RIP, and Static Routing on the routers.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs.
• Performed and technically documented various test results on the lab tests conducted.
• Planning and configuring the entire IP addressing plan for the clients' network.
• Supported networks, which are comprised of 2000+ Cisco devices.
• Supported nationwide LAN infrastructure consisting of Cisco 4510 and catalyst 6513.
• Deployed the switches in high availability configuration with HSRP.
• Support Complex 0 Series Switches.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Worked on ASA (5540/5550) Firewalls and Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.

Environment: Cisco 6506/4948/4510 switches, Cisco 3660/3845/7609 Routers, VLAN, Checkpoint, F5 Load Balancers, OSPF, RIP, RIRP, BGP, MPLS, HSRP, VRRP, GLBP, ASA 5500, Nexus 2K,5K,7K.

Confidential, Waltham, MA

Network Security Administrator

Responsibilities:

• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Implementing security Solutions using Palo Alto Pa-5000/3000.
• Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks
• Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Configuring various advanced features (Profiles, monitors, i-Rules, Redundancy, SSL Termination, persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Digital s)
• Worked on Cisco ISE service engine.
• Resolved network connectivity issues within the corporate Data Center in Cisco Nexus 7k, Nexus 5k, and Cisco FEX 2248.
• Building up the infrastructure in new data center such as F5, Cisco Switches. .
• Handling new application load balancing requirements through F5 devices.
• Performing network monitoring, providing analysis using various tools like Wireshark, Solar winds, riverbed etc. .
• Daily monitoring of network traffic using sniffers (Wireshark) and access logs to troubleshoot and identify network issues.
• Worked with vendors and Engineering team to test new hardware and procedures.
• Consulted with engineering team to resolve tickets and troubleshoot L3/L2 problems.

Environment: PA 7k, 5k’s, BIGIP 4800 chassis Cisco 6509/ 3750/3550/3500/2950 switches, Cisco 7200/3845/3600/2800 , F5 LTM & GTM, Wireshark, Net Flow, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, CSM, SUP720, Ether Channels, Fluke and Sniffers.

Confidential

Network Administrator

Responsibilities:

• Created network diagram under senior Network Engineers using the Microsoft Visio.
• Perform daily maintenance, troubleshooting TCP/IP problems, configuration, and installation of all network components and connectivity Issues.
• Configuration of CISCO Routers (3600, 4000, 7200, 7600 Series) and 3550, 4500 series switches.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).
• TCP/IP network planning, Implementation and Management with subnets.
• Enabled SNMP traps for our Cacti Monitoring tool to monitor traffic and check the regular health of Servers and Network Devices
• Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Troubleshooting network systems and performance, and remediating issues professionally and concisely.
• Implemented and Configured IP Routing Protocols such as RIP, EIGRP.
• Implemented and configured LAN Protocols: Ethernet, VLANs, VTP and STP.
• Worked with Remedy Ticketing tool in maintaining and keep a track of logs/monitor.
• Designed and implemented IP Addressing, Sub netting, Route Summarization and Route Distributions.
• Troubleshooting complex networks layer 1, 2(frame relay, ATM, Point to Point, ISDN) to layer 3 (routing with BGP, EIGRP, OSPF and RIP protocols) technical issues.
• Working on creating new load balancing policies by employing BGP attributes including Local P, AS-Path, and Community, MED.
• Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500 series Cisco Catalyst switches.
• Performed IOS upgrades on 2900, 3500 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP.
• Performing RIP, OSPF, BGP, EIGRP routing protocol administration.

Environment: LAN, WAN, Sub netting, VLAN, VTP, VPN, NAT, OSPF, BGP, EIGRP, Cisco 3600, 4500, Windows NT Workstations, NT servers, RIP, OSPF, BGP, and EIGRP