PROFESSIONAL SUMMARY:

• A dedicated Professional around 7 years of expertise in Implementation, Administration, Designing, Operations and Troubleshooting of enterprise data networks as a Network Security Engineer.
• Good knowledge about security operations on Palo Alto PA 5000 series, PAN OS 8.0, Cisco ASA 5500 series firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Installations of Palo Alto PA - 3000 series firewalls to protect Data Centre and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC on PA-5000 series Palo Alto Firewalls.
• Experience in setting up Cisco ASA firewalls Cisco ASA 5500 series with restricted security policies, NAT implantation, configured DMZ interfaces to restrict traffic flow.
• Checkpoint Firewall Log review and analysis and troubleshoot connectivity issues.
• Built a suite of tools to monitor and manage AWS cloud resources by using AWS CloudWatch, Lambda, and SNS etc
• Automation Security controls to ensure the best security practices are followed and enforced by using IAM, MFA and Security Policies.
• In-depth knowledge of AWS networking services like VPC, NAT Gateway, IGW, Route table, Bastion host etc
• Knowledge on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Configuration, implementation of F5 BIG-IP LTM, GTM series like 3900, 6900, 8900 and cisco CSM.
• Dealt with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency and redirection of URL and F5 ASM cookies issues and configures ASM policies.
• Strong production experience in managing F5 BIG-IP APM, ASM, AFM and LTM. Used F5 BIG-IP Local Traffic Manager (LTM) and provided a flexible, high-performance application delivery system to increases operational efficiency and ensures peak network performance for critical business applications.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels on cisco routers for third party connectivity.
• Provided VPN services to site-to-site and, Remote access VPNs using IPsec and GRE tunneling mechanisms.
• Experience with Vulnerability Management tool Qualys, Nessus and SIEM tool RSA, LogRythm.
• Expertise in configuration and deployment of routing protocols like OSPF, EIGRP, BGP, Policy-based routing over Cisco Routers, configuration and troubleshooting of route redistribution.
• Assisted in internal- BGP swap from confederations to route-reflector based architecture.
• Projects included large scale metro and intra-city OSPF and BGP redesign, and equipment.
• Proficient experience in configuring Cisco Catalyst 2900, 3500, 3700, 4500 & Legacy Cat 6500 series and Nexus 9k, 7k, 5k and 2k switches and deep understanding of architecture and successful deployment of VPC, VDC and OTV.
• Expertise in monitoring all network hardware inventory by the use of SSH, Syslog, SNMP and NTP.
• Windows Server 2008 & 2012 experience in small to medium enterprise set up, managed about 50+ servers, experience with Active Directory, Disaster Recovery, Print Server, DHCP, DNS, Remote Desktop and Terminal Services.
• Experience with Network design, deployment and establishing a site with full-fletched network access.
• Hands on experience in troubleshooting of inter-VLAN routing and VLAN Trunking using 802.1Q.
• Expertise in the implementation of Layer 2 technologies including VLAN’s, VTP, STP, RSTP, Trunking and Port-security, expertise on working with Ether channel technologies (LACP, PAGP).
• Expertise in Cisco IWAN, DMVPN, Site to Site VPN design, deployment and troubleshooting.
• Expertise in Cisco Meraki WAPs management, Solarwinds, PRTG Network Monitors.
• Continuous industry knowledge upgrade per the SD- WAN products, Cloud resources and firewall for enterprise and service provider to ensure SD- WAN clients/ISP expectations are met.
• Created python scripts, Shell to automate some time-consuming configuration jobs.

TECHNICAL SKILLS:

Network Security: Palo Alto, Cisco ASA, Checkpoint, Sophos

Load Balancer:: F5 Networks (Big-IP) LTM 8950.

Routers: Cisco 7600, 7200, 4321, 4331, 4431, 3800, 3900, 3600, 2900, 2800

Routing: OSPF, EIGRP, BGP, RIP v1/v2, PBR, DMVPN, Route FilteringRedistribution, Summarization and Static Routing.

Switches: Nexus 2K/5K/7K/9K, Catalyst 6500, 4500, 3850, 3650, 3560, 3750, 2960

Switching: LAN, VTP, STP, PVST+, RPVST+, Ether Channels, L3 Switches

Network Security: Cisco ASA, Checkpoint, Sonicwall, Sophos, Fortigate, Palo Alto

Load Balancer:: F5 Networks (Big-IP) LTM 8950.

LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet

WAN: PPP, HDLC, Channelized links(T1/T3), Fiber Optics, Frame Relay, MPLS

Gateway Redundancy: HSRP and GLBP

Features & Services: IOS and Features, SNMP, SYSLOG, DHCP, CDP, TFTP, FTP

Network Management: Solarwinds, PRTG, Wireshark, Netflow Analyzer, Cisco Prime, Cisco Works, HPNA, IBM Remedy

Others: Cisco Meraki WAPs, ECM, ACM, ACS, Callrex, Cisco UCS

Programming Skills: Python, Shell

PROFESSIONAL EXPERIENCE:

Network Security Engineer

Confidential - Dallas, TX

Role & Responsibilities:

• Enforce security policies and standards using ASA 5585, Palo Alto PA 5060, design secure architecture for Database vlan, troubleshoot encryption, url filtering and access related issues
• Centralized monitoring of the Palo Alto firewalls - PA 5050, 5060 using Panorama. Experience in working with PAN-OS 8.0 Firewalls
• Worked with Palo Alto firewalls PA 3050/5020/5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Experience Working on Checkpoint Firewalls to monitor traffic drops, implemented NAT rules and monitored logs for traffic. Working on Checkpoint firewalls implementing rules, monitoring traffic and troubleshooting
• Working on configuring failover to secondary firewalls, troubleshooted various bugs and obtained fixes.
• Building Site-to-Site VPN tunnels between Cisco ASAs at spokes and hubs at datacenters, routers and firewalls.
• Designing and implementing DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Built, deployed & maintained Cisco Meraki WAPs. Created Networks, Implemented Firewall Policies for various SSIDs, Access Lists, maintained all devices on Meraki Cloud in separate networks
• Configuration, deployment of cloud services like AWS, monitoring, metrics, and logging systems on AWS
• Implementing and managing continuous delivery systems and methodologies on AWS.
• Configures cloud-based systems based on defined standards/policies to optimize automation, integration and cost. Good understanding of AWS Cost-optimized Architectures. Good understanding of AWS Architecture performance.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTM, GTM, APM, ASM, AFM.
• Working on F5 BIG-IP Local Traffic Manager (LTM) to automate, and customize applications in a reliable, secure, and optimized way
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
• Configuring various advanced features (Profiles, monitors, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Configuring F5 GTM Wide IP, Pool Load Balancing Methods, probers and monitors recreating Http and https redirect VIP's to client from data servers.
• Maintain customer's SIEM (Splunk / ArcSight) in accordance with customer policy and best practices, including
• Use Splunk ES SIEM to respond to incidents detected on the VA network
• Perform enterprise refresh on Switch block that involved replacing legacy Catalyst 6509, 4507 devices with Cisco Nexus 2000 series fabric-extenders, 5500 series Fabric Interconnects and Nexus 6000, 7700, 9000 series core switches with Supervisor 2E
• Responsibilities include performing changes to network, security following standard ITIL ticketing process, design and implementation, troubleshooting of networks.
• Responsible for configuration & troubleshooting of protocols like OSPF, BGP, EIGRP, DMVPN, IWAN, MPLS, QoS
• Focused primarily on the edge BGP requirements and policy as well as the network-edge ACLs.
• Using BGP Multipath / eBGP multi-hop for large NNTP wholesale customers.
• Implementing Cisco IWAN at 35 sites until date. Worked on provisioning of MPLS & Internet circuits, Circuit Activations, DMVPN over MPLS & DMVPN over Internet.
• Worked with Verizon, ATT and other ISPs on MPLS and Internet Circuit activations, BGP, MPLS
• Involved in switching such as creation & management of VLANS, Port security, trunking, RPVST+, LAN security
• Deep technical troubleshooting on customer SD WAN Edge connect device, Firewall Cisco ASA, Palo Alto
• Created Operational, Standard & Emergency Changes, raised demands, worked on P1, P2, P3 tickets
• Experience with Network Automation using Python and Rest API.
• Port aggregation, link negotiation using LACP & PAGP, Port-security, Private-VLANS to be secure and loop-free
• Building, configuring PRTG Network monitoring probes. Deployed probes with VMWARE-ESXi OS & established communications with main PRTG servers at Datacenters. Uploaded sensors to monitor traffic utilization
• Managing devices using Cisco Prime, Cisco Works, ServiceNow, HPNA, IBM Remedy, SolarWinds, PRTG
• Building network from scratch, cabling for User desks, MPOE to MDF & IDF, POTS lines for security alarms, fire, fax
• Working on Full Stack reconfigurations, Core, Down-level Switch Upgrades and Migrations, AP migrations.

Network Engineer

Confidential - Stow, MA

Role & Responsibilities:

• Involved in migration from Cisco Catalyst 6513 switches with Sup 720 to Nexus 7009 with Nexus 7000 Supervisor 2E, F&M line cards in data center with features like VPC and VDC’s.
• Performed Nexus In-Line Service upgrades and deployed advanced nexus features VPC and VDC.
• Deployed Nexus 2248 Fabric Extenders, 5596 series Fabric Interconnect and 7010 with f3 modules, with features like VPC, VDC, and Fabric Path for high availability and redundant server farm environment.
• Set up VSS cluster, ether channel, VTP and inter - VLAN routing on Catalyst 6509 and 6513 switches.
• Created ACL policies for Cisco 5580 ASA firewall with access control to NAT & object grouping functions.
• Worked extensively on Cisco Firewalls, SANS SIFT, Cisco (506E/515E/525/) & ASA 5500(5510/5540) Series
• Configured IPSEC Site-to-Site VPNs to provide secure remote access using SPA modules on Cisco 6500
• Performed Route Filtering, Manipulation using distribute-lists, route-maps, AD and offset-lists.
• Built the Datacenter right from the scratch until turning up devices and getting into Production.
• Worked with both the Catalyst switches like 6800 and Nexus Switches like 7710, 5596 and 56128.
• Designed, constructed, implemented, tested and launched various network nodes featuring BGP, OSPF, MPLS and VLANS using RSTP, gateway redundancy protocols HSRP, GLBP and VRRP
• Deployed new data centers with Cisco 6506’s, F5 load balancers.
• Experience in working with F5 BIG-IP LTM and Cisco CSM load balancing technologies.
• Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM, GTM series like 3900, 6900, 8900 and cisco CSM
• Worked on commissioning WAN links and troubleshooting WAN outages.
• Designed WAN structure to prevent single point of failure in case of link failure.
• Configured STP, RSTP in the Access Layer Switches (2950, 2960, 3750 and 3550) as a loop prevention mechanism. Configured Port-security, Private-VLANS for maintaining loop free and secure environment.
• Expertise in deploying BGP multi-homed network using AS-Path, MED, etc.

Network Associate Engineer

Confidential

Role & Responsibilities

• Installed and configured Cisco
• Configuration and troubleshooting of RIP and EIGRP on 2600, 2900 and 3600series Cisco routers
• Configured and troubleshooted various CSU/DSU devices
• Configuration and troubleshooting of OSPF, BGP and EIGRP. Tested authentication in OSPF and BGP. Tested BGP features such as override, local preference, EBGP load balancing.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems
• Performed Route Filtering, Manipulation using distribute-lists, route-maps, administrative distance, offset-lists
• Configured WAN Infrastructure running OSPF as a core routing protocol.
• Streamlined OSPF costs in the network to account for network delay.
• Implemented VTP, trunking protocols (802.1q, ISL) on 3560, 3750 and 4500series Cisco Catalyst switches
• Implemented Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
• Configured & maintained IPSEC &SSL VPN's on Palo Alto, configured Palo Alto Wildfire, URL filtering PAN DB
• Configured Standard, Extended, and Named Access Lists to allow users all over the company to access different applications and blocking others
• Planned and implemented Subnetting, VLSM to conserve IP addresses
• Configuration ofSTP for loop prevention and VTP for Inter-VLAN Routing
• Provided Technical support for improvement, upgradation, and expansion of the existing network architecture
• Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment