SUMMARY:

• Network Engineer with 7+years’ experience in Network Security, Design, installation, support, troubleshooting including a broad range of LAN/WAN/MAN, enterprise networks and service provider systems.
• Strong hands on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers, ASA Firewall (5505/5510), Load Balancers using Cisco ACE, F5 LTM/GTM, Security Device Manager (SDM), Cisco Works, HP Open View, Solar Winds, Sniffer, Palo Alto Networks Firewall models (PA - 2k, PA-3K and PA-5K).
• Hands on experience in implementation and deploying BIG-IP F5 LTM load balancers for load balancing and network traffic management for business applications.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experience in Design and assistance for deploying enterprise-wide Network Security and High Availability Solutions for ASA.
• Experience in troubleshoot Cisco Meraki solutions remotely including 802.11a/b/g/n/ac Wireless networks and Stateful Firewall.
• Implementation and maintenance of Sourcefire intrusion detection/ prevention (IDS/IPS) system.
• Worked extensively in configuring, monitoring and troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/Routing/NAT with the firewalls as per design.
• Installed and configured Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA 10/5540) series
• Experience with Linux Command Line Interfaces for logging into access points, etc.
• Strong knowledge of Cisco and Juniper software (IOS/XR and JunOS) and hardware.
• Experience with hardware load balancer administration and support, preferably with F5 and Cisco ACE load balancers.
• Experience with the conversion of Checkpoint VPN rules over to the Cisco ASA technology. Migration experience with both Checkpoint and Cisco ASA VPN.
• Experience in layer-3 Routing and layer-2 Switching.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users.
• Deployment and management of Bluecoat proxies in the forward proxy scenario as well as for security in reverse proxy scenario.

TECHNICAL SKILLS:

Router platforms: Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series), Nexus 7K, 5K, 2K & 1K.

Switch platforms: Cisco 2900XL, 2950, 2960, 3560, 3750, 4500 and 6500, Nexus (2K, 5K, 7K and 9K), Meraki Switches: MS220& MS 320, Meraki Access Points: MR26, MR34, MR42, & MR66

Juniper Platforms: SRX, MX, EX Series Routers and Switches, MX40, MX80 and MX240

Networking Concepts: Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi

Cloud Concepts: AWS- IAM, VPC, S3, EMR, Route53, Cloud Front, Cloud Front Distribution VPN, Data Migration, Cloud development tools, CI/CD tools, SCM

Firewall: Juniper Netscreen 6500, 6000, 5400, Juniper SSG, SRX5600, SRX5800, CheckPoint (NGX, R65, R70 and R71), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks (PA-2K, PA-3K and PA-5K), Meraki Firewall MX80

Network Management/

Monitoring: Solar winds, HP NNMi 8xi (Network Node Manager), Net flow and Cisco prime, Ethereal / Wireshark, TCP Dump, AAA (Authentication, Authorization, Accounting), RADIUS, TACACS+, ISE

Load Balancers: F-5 BIG-IP LTM 2000, 3900, 5000, 6400, 6800 AND 8900, Bluecoat SG8100, AV 510.

WAN technologies: ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

Security: Protocols: IKE, IPsec, SSL, AAA, Access-lists, prefix-lists, SSL-VPN

Checkpoint: Checkpoint UTM-1 Edge, 4000, 12000, 13000 Appliance Firewall, Open Server

Cisco: ASA 5505, 5510, 5550

Juniper: 3000 series, 4200

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6

IDS/IPS: Cisco (4240,4255) like VLAN-pair, Interface-pair, Signature tuning, monitoring, logs etc.

VPN: Site-Site VPN, Remote Access VPN, DMVPN, GETVPN, SSL-VPN, FLEX VPN

Web Security: Iron-Port, Worked on technologies like URL filtering, bandwidth management, malware protection, AD integration, Proxy authentication etc

Tools: IP Solution Centre (ISC), Putty, Secure-CRT, Microsoft Outlook. Sevone-Performance Management, Juniper-Wandl

WAN Technology: HDLC, PPP

NMS: AMS (Alarm monitoring system), Cisco prime LMS, PRGT, Nagios.

Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix

PROFESSIONAL EXPERIENCE:

Confidential, Pittsburgh, PA

Sr. Network Security Engineer

• Deployed and maintained security/network devices and data centers for Service provider network.
• Involved in the configuration & troubleshooting routing protocols like MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and MPLS.
• Experience with the connectivity of Cisco Networking Equipment with F5 Load Balancer.
• Configuration and providing management support for Palo Alto and Checkpoint Firewalls (R75, R76 and R77).
• Configuration, Troubleshooting, and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Involved in deployment of corporate upgrade: migrating from legacy equipment to Cisco Meraki indoor/outdoor wide area mesh networks (Cisco’s largest Meraki rollout to date)
• Successfully configured and maintained Site to Site IPSEC and SSL VPN's on Palo Alto firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Evaluated risks & threats while adopting adaptive security policies, processes, & technologies.
• Helped installed F5 VIPRION load balancers for one of our new data centers.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Researched, designed and replaced aging Cisco ASA firewall architecture with the new Next Generation Palo Alto appliances serving as firewalls for URL application inspection.
• Performed installation and configuration Cisco Secure Access Control Server (ACS) configuration for AAA (RADIUS) authentication.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Worked on design, configuring and managing of Blue Coat Proxy Servers.
• Deploying Cisco ASA and Bluecoat ProxySG (Web Security Appliance) S170 for URL Filtering Policies.
• Worked on Blue Coat Proxy SG to safeguard web applications (Blacklisting and Whitelisting of web URL) in extremely untrusted environments such as guest Wi-Fi zones.
• Worked hands-on AWS with on- premises Network Engineers.
• Collaborated in moving on-premises Data Networking Configuration to AWS Cloud.
• Working on Enterprise AV Solutions, IDS\IPS, Firewalls, and SIEM (IBM QRadar\HP ArcSight, Splunk ) tools.
• Expertise in networking technologies like LAN, MAN, WAN and peripheral devices.
• Develop Engineering Documentations to record F5 environment and change processes LTM/GTM/iRules.
• Provide content creation and policy tuning for multiple security detection and alerting tools, including CISCO ISE, McAfee DLP and Websense
• Experience with installing and troubleshooting Data center migration with 24/7 support.
• Expert in configuring Cisco Routers, Catalyst Switches, Nexus Switches.
• Architect WAN solution using the AutoVPN technology with Cisco Meraki MX security appliances including DC to DC failover and SD-WAN capabilities.
• Collaborated in moving on-premises Data Networking Configuration to AWS Cloud.
• Established routing protocols, Inbound & outbound rules on AWS VPC
• Worked hands-on AWS with on- premises Network Engineers.
• Utilized Network protocols on AWS cloud Deployment such as BGP, ECMP, ACL, VIP, NIC on AWS VPC.
• Worked on AWS hardware VPN access on Public, Private Subnets.
• Upgraded Cisco 6500, 3750, 2960s, Nexus 5000, Nexus 2000 and Nexus 7000 switch software.
• Worked extensively with ASR 9K (9010/9922), Nexus 7000, 5000, 2000, Cisco 6500 series multilayer switches, Cisco 2960s series switches and Cisco 3560/3750s switches.
• Monitor performance of network appliances and WAN utilizing using network analyzer like Wireshark.
• Stake holder management, scoping tests, raising change requests, deliver testing, create summary reports and advise on remediation installing, deploying and testing COTS IA Products for HBSS, ArcSight, ACAS.
• Investigated cyber threats, and managed policy for Host Based Security System (HBSS) using ePolicy Orchestrator, performing asset discovery and compliance scans using eEye Retina.
• Integrated multiple data feeds from local network devices and forwarded into HP ArcSight ESM via HP ArcSight Logger and HP ArcSight Connector Appliances for analysis by CSIRT/SOC
• Install and upgrade Cisco Wireless LAN equipment including but not limited to: 1100, 1200, 1300 and 3500 series Access Points; 4400 and 5500 series Wireless LAN controllers; 6500 & 3750 Core switch routers; 2960, 3560 & 3750 series switches.
• Assisted with site certification and accreditation process including policy development, C&A package review, and ST&E testing.
• Experience with configuring Hot Standby Routing Protocol (HSRP) and VLAN Trunking Protocol (VTP).
• Monitor and troubleshoot BGP, EIGRP, TI circuits, and cellular backup circuits via ICMP and SNMP ticketing systems.
• Experience with installing and configuring Spanning Tree Protocol, BPDU Guard, Port-Fast, Up-Link Fast, Trunking (dot1q and ISL) and Ether channel on Campus Network Design Architecture.
• Working on Cisco 6509 and 4507 series switches for LAN requirements that include managing VLANs, Port Security and troubleshooting LAN issues.
• Implemented highly secure network solutions leveraging networking tools including Cisco IOS-XR, IOS-XE, Cisco ASA and SD-WAN solutions.
• Implementing Citrix NetScaler 10 for Networking and Traffic Optimization (CCA) (BETA).
• Extensive Knowledge on the implementation of Cisco ASA 5500 series firewalls.
• Knowledge on Amazon Web Services (AWS), VPC peering, configuring servers on AWS, establishing connectivity to AWS through direct connect.
• Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 3900.
• Experience with design and implementation of Data center migration at NBC Universal.

Confidential, WA

Network & Security Engineer

• Installation and configuration of Composite Network models consisting of Cisco 7600, 7200, 3800 series routers and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 5000, 6500 Series switches.
• Configured routing protocols such as OSPF, EIGRP, and BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy. It also includes the configuration of the port channel between core switches and server distribution switches.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that includes routing protocols EIGRP, OSPF & BGP.
• Experience configuring Virtual Device Context & Virtual Port Channel in Nexus 7010.
• Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
• Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS.
• Implemented various OSPF scenarios on networks consisting of 7600 routers.
• Configured policy-based routing for BGP for complex network systems.
• Configured Multiprotocol Label Switching (MPLS), VPN with Routing Information Protocol (RIP) on the customer’s Site.
• Configuring and deployment of Juniper ERX310 router.
• Provided application level redundancy and availability by deploying F5 load balancers LTM.
• Upgrading system images on Nexus 5 and 7 multi-layer switches using kick start and FTP server.
• Configured Multicasting by using protocols such as PIM and IGMP.
• Router Microsoft VPN Server to access certain limited network resources from customer locations
• Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
• Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
• Hands on Experience with Cisco Wireless Controllers 5500’s and 2500’s and coming to access points, worked on 3700’s, 3500’s and 1142 access points.
• Implemented Zone-Based Firewalling and security rules on the Palo Alto Firewall.
• Installed and configured PIX 525 and ASA 5505 in customer locations. In addition to that, configured PIX firewall for the guest access.
• Good Knowledge in using IPS/IDS devices.
• Implemented a large number of security policy rules and NAT policy rules on Palo Alto, created zones, implemented Palo Alto Firewall interface and Palo Alto IDS.
• Create/delete/modify Firewall rules in order to provide access or block unwanted traffic to/from external, internal and DMZ network.
• Implementing and Troubleshooting tier 3 security issues for different security platform including Check point, Juniper (JunOS and NetScreen), and Fortinet.
• Maintaining MOP (Method of Procedure), Raising CRQ (Change Request), creating NCD (Network Change Document) to implement the change request.
• Managed Infoblox Grid Manager to manage DNS Forward and Reverse Lookup zones.
• Involved in the redistribution into OSPF on the core ASA firewall.
• Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
• Involved in the modification and removal (wherever necessary) of BGP from the MPLS routers.
• Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
• Tuned BGP internal and external peers with manipulation of attributes such as metric, origin and local Preference.
• Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.
• Configuring, Installing and troubleshooting on Check Point Devices and Involved in the migration of Cisco Pix Firewall to Cisco ASA.
• Good knowledge on Intrusion Detection and Intrusion Prevention System.
• Knowledge on multiplex techniques such as DWDM.
• Configured networks using routing protocols such as RIP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
• Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
• Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
• Used Tcpdump to analyze packets on the TCP/IP and provides brief display of packet.

Confidential, NJ

Network/Security Engineer

• Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4.
• Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the IP addresses from Subnet.
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst Switches.
• Switches Replace branch hardware with new 2851 routers and 2960 switches.
• Configuring and troubleshooting Juniper Netscreen Firewalls using NSM.
• Migrate, upgrade and patch management for Fortinet and checkpoint Firewalls
• Conversions to BGP WAN routing, which converts WAN routing from OSPF to BGP (OSPF is used for local routing only) that involves new wan links.
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIG-IP appliances SSL termination and initiation, Persistence, Digital Certificates, Executed various migration/upgrade projects across F5 and hands-on with F5 BIG-IP LTMs/EM.
• Configured various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Actively participated in upgrading fast Ethernet, Layer 3-switched/Routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Converting CatOS to Cisco IOS Config Conversion on distribution layer switches.
• Configuring VLANs, VTP & enabling trunks between switches.
• Install, configure, manage and troubleshoot Cisco SourceFire IPS appliances and defense Center.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configured various Router interfaces like ATM interface, T3 & Channelized T1 interfaces.
• Configuring and troubleshooting Cisco catalyst 6509, 7609, 7613 with Supervisor cards, Cisco 3640, Cisco GSR 12416, 21418 (with PRP and RPR processors).
• Worked Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA 5500(5510/5540) Series.
• Involved in Data center migration at Access, Distribution and Core layers.
• Assist with Implementing IEEE 802 Standards.
• NS-3 simulations for performance comparison with IEEE standard 802.15.6.
• Wi-Fi (IEEE 802. 11a/b/g/n) network architecture, configuration, security, network management, and RF planning and mesh network.
• Active in IEEE 802.19, IEEE 802.21, and IEEE 802.16m, 3GPP TSG RAN WG2, TSG SA WG1, 2 and 3 and Google TV Whitespace database WG.
• Deployed and implemented Wireshark, HPING, Retina Iris, Nessus, NMAP, Netflow, Device Engine Firewall Analyzer and Solarwind for security vulnerability event monitoring, packet and traffic analysis.
• Reviewed and analyzed application codes for Cross-Site Scripting, CSRF, SQL Injection, parameter manipulation and brute-force attacks.
• Coordinated and managed Network, Systems and Application security vulnerability activities with developers and engineers to evaluate and analyze software and application codes security threats and risk.
• Analyzed and Coordinated security vulnerability activities with Cisco Security Incident Management Team on latest and emerging security vulnerabilities.
• Conducted and Performed Vulnerability Assessment and Penetration Test on the perimeter network, systems and applications based on SOX, ISO 27001 and PCI DSS Compliance Standard.
• Configured, managed, monitored and analyzed IDS/IPS Signatures Attacks, Firewalls log, Systems, Applications and Security Event Log for comprehensive security monitoring and vulnerability management.
• Deployed, implemented and managed Web Application Firewall to block intrusion attempts before they interact with back-end web application.
• Wrote IOS and CAT OS upgrade procedures and Pre/Post checks for customer production upgrades.
• Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
• Created MOPS and get approval from peers to perform configuration add/ remove changes.

Confidential

Network Engineer

• Responsible for the configuration of Cisco Routers (7000, 5300, 4000, 2500, 3000, 2600) using RIP, IGRP, OSPF, EIGRP, BGP.
• Implemented Cisco IOS Firewall IDS using 2600 series router.
• Configured and installed multi-protocol (IP, IPX) multi-interface Cisco routers.
• Managed office network with Cisco devices with network devices including 2500 and 3600 series routers and 3500, 2900, 1900 series switches.
• Extensive experience in configuring and implementing OSPF and BGP.
• Supported core network consisting of Cisco 7200 series routers running multi-area OSPF.
• Configured EIGRP and OSPF as interior gateway protocol with route filtering and route redistribution, installed and maintained Cisco 3600, 2600 and 7200 backbone routes with HSRP.
• Implemented stub/Totally stub areas and various OSPF features like route-summarization and SPF throttling.
• Hands-on experience with WAN technologies like T1/T3, DS3, STM1 and STM4 circuit types
• Implemented Cisco Secure Access Control Server (ACS 3.0) for TACACS+/RADIUS.
• Worked on redistribution of routing protocols and Frame-Relay configuration
• Handled Network Migration from RIP to OSPF.
• Implementation of TCP/IP and related Services (DHCP/ DNS/ WINS)
• Worked with Aruba Access point as a Public Wi-Fi and successfully implemented Wireless Access Point (WAP).
• Experience working with Active Directory (as a centralized system) to automate network security management and user data.
• Worked extensively on Cisco ASA 10/5540) Series.
• Involved in Configuration of Access lists (ACL) on ASA firewall for the proper network routing for the B2B network connectivity.
• Experienced in securing configurations of SSL/VPN connections, troubleshooting Cisco ASA firewalls and related network security measures.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• Acted as Tier 3 support for connectivity, failures, configuration, implementation, and troubleshooting.
• Design, test, and implement global Next Generation MPLS network (150 sites) using Cisco 3800, 2800, 2600, and 1721 routers using BGP and EIGRP protocols.
• Implementing traffic policy changes with Cisco PIX Firewall appliance WAP configuration and installations.

Confidential

Network Support Engineer

• Responsible for monitoring the Network performance based on company’s Service Level Agreement (SLA).
• Documented the company’s design, implementation and troubleshooting procedures.
• Configured VLANs with 802.1Q Tagging according to the Server team’s requirements.
• Tested the new zone for failover capabilities and redundancy. Connected the Distribution routers to the Core routers via OSPF Areas.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Responsible for cabling and labeling based on day to day requirement and Racking & Stacking of various network equipment and made sure that there are no connectivity issues using ping and tracer.
• Provided Helpdesk support that involved identifying and escalating the tickets to specific groups.
• Supported various LAN environments consisting of Cisco 6500 switches with Sup-720.
• Designed and implemented Cisco 7500, 7200, 6500, 3600, 2600 Series routers in lab environment to reproduce various issues and test fixes for them.
• Configured Ether channels, Trunks, Vlans, HSRP in a LAN environment.