SUMMARY:

• Very Passionate Sr Network Engineer having worked in projects that include Data Center refresh, Campus Redevelopment, Firewall and F5 Installations, with 8 years of experience in routing, switching, Network Security - Next-Gen Firewalls, Load Balancers, Wireless and VOIP systems design, administration and troubleshooting. Excellent communication skills with the ability to interface at all levels. A proactive team player who also can work independently.
• Senior Network Engineer having worked with multiple clients and network environments. High level understanding of switching, Routing, Firewalls, Network security, Application Delivery controllers and Wireless .
• Experience in Switching in campus and Data center environments . Worked on Migration projects from legacy to new hardware switches. Worked on IDF/MDF refresh projects, Access, Distribution and Core refresh projects in Data centers, Spine leaf Architecture.
• Experience with Cisco 2960, 3750, 3850, 4500, 6500, CAT 9K switches . Juniper EX and QFX series , Arista and Aruba Switches and Extreme network switches in Campus Environments.
• Experience working in large-scale environments on L1/L2 troubleshooting, Network Design, IDF and MDF architecture, Datacenter Architecture, Spine Leaf Architecture and support roles, IOS upgrades, downtime procedures, Migration projects to different vendor equipment.
• Configured F5 load balancer and Citrix NetScaler to monitor the network, load balancing and also GLBP, creating a site for web interface for the internal clients. Experience working in complex environments which include Switching, Routing, Network security with perimeter & VPN firewalls, F5 Load balancing & Access policy management, and Wireless LAN Controllers.
• Experience working in complex environments which include Switching, Routing, Network security with perimeter & VPN firewalls, F5 Load balancing & Access policy management, and Wireless LAN Controllers.
• Experience in installing, configuring, and maintaining Cisco Switches (2960, 3500, 3750, 3850, 4500, and 6500) in enterprise Environment and Nexus 2k, 3k, 5k, 7k and 9k in Data Center Environment.
• Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series).
• Experience in OSPF, EIGRP, RIP and BGP routing protocols. L1/L2 troubleshooting skills in Routing in complex environments. Worked with MPLS over BGP. Worked on upgrading Edge routers, failing over ISP circuits for maintenance. Knowledge in EVPN, VXLAN, VTEPS. Experience with Cisco ACI.
• Configured F5 LTM, series 5000 series for corporate applications and high availability. Implemented LTM and GTM in DMZ and Internal network. Worked on software versions up to 12.1.2. Experience with upgrading software and hotfix. Experience with APM and ASM modules.
• Experience in VSS, VRF, VPC, and VDC technologies. Experience in Gateway redundant protocols HSRP, VRRP, and GLBP. Experience with Access, Distribution & Core Layer Architecture.
• Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800, ASR 9k) and Juniper Routers (E, J, M, and T-series).
• Worked on APM module integration with RADIUS server & RSA secure ID for 2-factor authentication.
• Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Extensive Knowledge on the implementation of Cisco ASA 5500 series firewalls - 5505, 5510, 5512-X with Firepower module. Palo Alto firewall policies, panorama and Checkpoint firewalls NG, NGX. Experience with converting Checkpoint VPN rules over to the Cisco ASA solution.
• Experience with Bluecoat and McAfee Web Gateway Proxies for URL filtering and SSL Decryption, traffic flows from trust to untrusty and vice versa.
• Experience with PA 200, 500, 3020 and VM series firewalls for both Internet and internal traffic filtering. Experience with Panorama M100 series and maintaining up to 23 firewalls in large networks.
• Experience working with Aruba & Cisco Wireless LAN controllers, Configuring & Provisioning AP’s, Virtual AP’s, RTLS, Wireless SSID’s, remote & campus AP’s, upgrading WLC, worked in Active/Active Local Controllers and Master controller. (Aruba 6000, 7200 controller, Aruba AP65, 70, 124, 85, 125)
• Worked on Solarwinds NPM, NCM, IPAM, Windows DHCP and DNS. Infoblox as DHCP and DNS server.
• Proficient in using Solarwinds Network Management tools like Network Performance Monitor (NPM), NetFlow Traffic Analyzer, Network Configuration Manager (NCM) and Cisco Prime.
• Proficient using the F5 based profiles, monitors, VIP’s, pools, SNAT, SSL offload, iRules, virtual Servers, IAPPS. Migration experience from ACE to F5.
• Fortinet offers Phones, and data circuits to customers. Net fortris also provides managed cloud services such as: Hosted VoIP, Cloud Firewall Services, DNS Service, MPLS. Also provide routers and switches to customers and provided support for that equipment.
• Involved in troubleshooting network traffic and its diagnosis using tools like ping, trace route, Gigamon, Wireshark, TCP dump and Linux servers. Implementing, Maintaining, Troubleshooting & Implementation of VLAN, STP, MSTP, RSTP, PVST, 802.1Q, DTP, HSRP, VRRP, GLBP, LACP, PAGP, AAA, TACACS, RADIUS, MD5, VTP & SVI.
• Enhanced level of knowledge with, PPP, ATM, T1 / T3 Frame-Relay, MPLS. Experience with design and deployment of MPLS Layer 3 VPN, MPLS Traffic Engineering, and MPLS QOS.
• Experience with H.323 and SIP, Voice VLANS, DSCP marking for VOIP traffic.
• Hands on experience with Juniper SRX series firewalls 500 series.
• Experience with NAT/PAT, static & dynamic NAT, access lists, security zones, policies on SRX firewalls.
• Experience with next gen firewall technology like URL Filtering, SSL Forward Proxy, APP ID, Threat ID etc. on Palo Alto and checkpoint firewalls.
• Experience with creating virtual servers and application load balancing, upgrading software versions, redirect rules on NetScaler and migrating from NetScaler’s to F5.

TECHNICAL SUMMARY:

Network Configuration: Advanced switch/router configuration (Cisco IOS access list, Route redistribution/propagation).

Routing Protocols: RIP, IGRP, EIGRP, OSPFv2, OSPFv3, IS-IS, BGP v4, MP-BGP

WAN Protocols: HDLC, PPP

Circuit switched WAN: T1/E1 - T3/E3/OCX (Channelized, Fractional & full).

Security Technologies: Cisco FWSM/PIX/ASDM, Palo Alto, Cisco ASA, Checkpoint, Blue Coat proxy server. Port Security, DHCP Snooping, IP Source Guard (IPSG).

Cisco Routers: Cisco ISR-1000, ISR-4000, ASR-1000, ASR-9000, ASR-5500, Meraki VMX 100.

Redundancy and management: HSRP, VRRP, GLBP, RPR, NSF/NSR, STP, Wireshark, SolarWinds, SNMP

Physical interfaces: Fast Ethernet, Gigabit Ethernet, Serial, HSSI, SONET (POS)

Layer 2 technology: VLAN, VXLAN, HSRP, VRRP, GLBP, STP, RSTP, PVST+, MST, PVLAN, Optimizing STP (Port Fast, Uplink Fast, Backbone Fast, Root Guard, BPDU Guard)

Layer 3 Switching: CEF, MLS, Ether channel (PAGP & LACP, Load Balancing)

Switches: Catalyst 9400, 3850, 3650, 2960; Nexus 2k, 3k, 5k, 7k, 9k

Load Balancers: F5 LTM, GTM

Network Management and Monitoring: Wireshark, Infoblox, HP OpenView, Cisco Prime, Splunk, Gigamon, Security Device Manager (SDM), Cisco Works; TCP Dump & Sniffer

Scripting: Python, Ansible and TCL(F5)

Ticketing Tools: JIRA, CA Service Now

Operating Systems: Microsoft XP/Vista/7, Windows Servers 2003/2008, Windows MS-Office, Microsoft project server 2013

PROFESSIONAL EXPERIENCE:

Confidential, Folsom, CA

Sr. Network Engineer

Responsibilities:

• Migration of ASA firewalls to PA next gen Firewalls using migration tool in PA. Migrated all IPSEC tunnels, ACL’s, NAT rules and policies.
• Palo Alto design and installation (Application and URL filtering, SSL decryption, SSL Forward Proxy ). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls. Successfully installed PA-5000 series firewalls in Data Center as perimeter Firewalls.
• Spec, design & configure all Fortinet firewalls.
• Experience working on Cisco ASR 9K, Nexus 7k & 9K. Configured and designed OSPF, EIGRP and BGP at Distribution and Core layers. Configured OTV layer 2 connection between Data centers on Nexus.
• Experience with configuring BGP, OSPF in Juniper M and MX series routers. Worked on several BGP attributes like MED, AS-PATH, Local Preference for route optimization. Worked on Route-Reflector, Route-Redistribution among routing protocols.
• Experience with Juniper devices - EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX650, SRX240
• Managed AD Domain Controller, DNS and DHCP Servers and configurations.
• Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication for Wireless and Wired users, 802.1X, EAP, PEAP etc.
• Worked on Juniper M, MX, T routers on MPLS VPNs, TE and other advanced service provider technologies.
• Troubleshooting of Linux & Unix application delivery servers. Install Dockers, Cisco and HP servers.
• Maintain shell scripts for RedHat Linux servers and performed patch upgrades for RedHat Linux servers.
• Provides expert level security & networking knowledge in the planning, researching, designing, and testing of new technologies for perimeter firewall security, Intrusion Prevention/Protection System (IPS), DNS, DMZ, and Internet Security in support of established Info Security program initiatives for the next 3 years.
• Experience in deployment of network monitoring software - SolarWinds and What’sUp Gold. Worked on Orion (Solar Winds) for mapping network diagrams with commissioned & decommissioned network devices.
• Configured, troubleshoot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, software, or hardware problems.
• Implemented Citrix Access Gateway & Advance Access Control, web interface into Microsoft Share point portal
• Use Aruba Software to manage and Monitor multi sites wireless networking
• Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using Solar winds IPAM and Infoblox DNS and DHCP servers. Experience with DHCP scopes, IP reservations, DNS host entries, pointers, delegations, Zones, DNS Sec etc.
• Used App-Volumes Application to provide efficient solutions for Horizon, Citrix- XenApp and Xen-Desktop, and RDSH virtual environment.
• Technologies we deal with on a daily basis for our many clients are of VMware 5-6.5, VMware View, HP Thin client PC's & laptops, Microsoft RD Gateway, Microsoft server, SQL server, Fortinet firewalls, Meraki firewalls, Meraki Wi-Fi, Sonic wall firewalls, Citrix XenApp, Net scalers VPX 200 versions 10-12 and AWS cloud environments
• Opened, resolved, or updated Tier II Support tickets for Manage Firewall clients.
• Analyze and provide courses of action on current as well as emerging security threats like ransomware attacks by research and recommendation of other security solutions to help mitigate network security threats while preventing their outbreak across the network.
• Worked on network design improvements using BGP, EIGRP, OSPF, IP metric tweaking and load balancing.
• Designing, configuring, and troubleshooting QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Voice Gateways, Voice circuits IP /TDM, Cisco Telepresence Infrastructure, QoS, NAT, PAT, and multicast.
• Worked on Checkpoint Firewall to create new rules and allow connectivity for various Applications.
• Implemented Firewall rules and Nat rules by generating precise methods of procedure (MOPs) . Responsible for packet capture analysis, syslog and firewall log analysis.
• Experience with F5 load balancers LTM & GTM, reverse proxy design & setup. Migration from A10 to F5.
• Experience in F5, Cisco ACE 4710. Migration from ACE to F5 and Net Scalers to F5. Worked on critical applications on L4 & L7 load balancing. Experience with Virtual server, Pool, Node, Profiles - TCP, http, https, ftp, fastl4, Persistence - Source IP, SSL, Cookie, SNAT, iRules, iAPPs, SSL offloading.
• Experience with F5 GTM and in-depth knowledge of DNS, Global level load balancing, Wide IP’ s, Zones, Prober pools, Delegation from Windows DNS server to listener IP.
• High-level network troubleshooting and diagnostic experience using Packet capture tools like Wireshark .
• Configured network using RIP, EIGRP, BGP and OSPF protocols and troubleshooting L2/ L3 issues .
• Regular upgrade & maintenance of Infrastructure, Installing, configuring Cisco Switches (2960, 3500, 7600, 3750, 3850 series, 6500 series) Cisco Routers (4800, ASR 9K, 800) , Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP , Palo Alto Firewalls, Bluecoat Proxy and Riverbed Steelhead appliances.
• Assist in creating network design standards for hardware and software. Developing and maintain Network Documentation ( Visio diagrams, Excel spreadsheets, Word documents, etc .) Configure and troubleshoot network elements in a test/dev environment.

Environment: Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800), switches (6500/3750/ /2950 ), F5 Load balancing (LTM, GTM, APM, AFM, ASM), EIGRP, RIP, OSPF, Voice Gateways, BGP, VPN, MPLS, Ether Channels, Cisco Catalyst Switches, Firewalls (Cisco ASA, Palo Alto), Cisco Voice (CCM, UCCE), Shell Scripting, Citrix.

Confidential, SFO, CA

Sr Network Operations Engineer

Responsibilities:

• Installed and maintained production servers for client services (web, DNS, DHCP, mail). Experienced on working with Palo Alto Next Generation firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.
• This includes dual, separate provider Internet access points, and HA configurations of Fortinet Firewalls that utilize Site to Site VPN technologies for remote access to the core networks at each remote location.
• Managed syslog, Solarwinds on various network equipment to monitor, alert, and save network configurations
• Worked with the Network planning team on IP allocation scheme for the routers, switches, workstations, phones, APs and various other devices. Used Infoblox, Net MRI, Solarwinds IP monitor and various tools.
• Designed perimeter security policy, Implemented Firewall ACL's, allowed access to specified services, Configured Client VPN technologies including Cisco's VPN client via IPSEC
• Worked on Autopilot, an Automation tool used for code upgrades & configuring new devices at data centers.
• Migration of Palo Alto PA-500, PA-3060, PA-5060, PA-7050, PA-7080 from Cisco PIX and ASA.
• Worked on BGP routing protocol, configuring BGP sessions and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960 routers and cisco ASR routers.
• The systems I am responsible for and are proficient in include: Citrix XenApp 4 to 7.13, Xen desk top 5.6 to 7.x, Xen server 6, Citrix Net scaler VPX200 & 8500 pair, VMware 5.5, Server 2008 & 2012, DNS, DHCP, SNMP, routing protocols(BGP&OSPF), Fortinet Firewalls configuration, trouble shooting and all SSL& IPsec VPN tunnels, FortiClient server, Forti Analyzer 1000D and Multiple Forti manager servers to manage 140 firewalls across 3 states. Other applications include Microsoft AD 2003/2008, Exchange 2010, Microsoft SQL 2005/2008, Cisco switches/routers, also ADP PC Payroll system support.
• Installed and configured LAN/WAN Networks, Hardware, Software, and Telecommunication services- Cisco Routers and Switches like Cisco 3750, 3750 Gig, 6500, Nexus 7k, ASR 9k etc.
• Migration from NetScaler’s to F5 without any downtime.
• Documentation of various changes made on devices and submit them for approvals and work along with alerts team and intimate them the changes to be made.
• Worked on migration - XenApp 4.5 to XenApp 6.5 - Server 2003 (Legacy) to 2008 R2 (Gen 2) environment.
• Managed Cisco Voice Mail Unity servers. Worked in Cisco Routing & switching background w/QOS.
• Implementing IPv6 addressing scheme for routing protocols, VLANS, subnetting and mostly during up gradation of cisco ISR routers 2800/2900/3800/3900 and switches.
• Aruba wireless solution for international company. Virtual Controllers’, Clustered AP's Access points, Airwave management
• Worked on Cisco wireless LAN technologies and Switching. Configured Virtual server, service groups, Session persistence, Health monitors and Load balancing methods in new F5 and A10 LTMs. Configured WIDE IP and WIDE IP pool on F5 GTM’s to support load balancing between data centers.
• Installed & configured Microsoft Proxy Server 2.0 & Infoblox DNS, DHCP and IP Address Management
• Worked on Infoblox to update the DNS host and A records to assist the part of the migration.
• Generating audit reports through scripts on various devices to check the L2 issues - link errors, port flapping.

Environment: Routers (Nexus 1K, 5K,7K, Juniper MX-960), switches (6500/3750/ /2950 ), F5 Load balancing (LTM, GTM, APM, AFM, ASM), EIGRP, RIP, OSPF, BGP, VPN, Unified Contact Center Enterprise (UCCE), MPLS, Cisco Catalyst Switches, Firewalls (Cisco ASA, Palo Alto), Cisco Voice (CCM, UCCE, UCCX), Citrix.

Confidential, Columbus, OH

Network/Security Engineer

Responsibilities:

• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
• Enterprise and Public Safety Wireless LAN/WAN (802.11, Mesh).
• Implementing security solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520 , Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
• I have developed a seamless failover solution for our remote offices with the Fortinet firewalls for a fraction of the cost of using Cisco. This was at the request of our board, especially after a few rough and stormy years here in the north east.
• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA
• Configured & maintained IPSEC and SSL VPN's, implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wildfire feature of Palo Alto.
• Administered Cisco AMP endpoint security infrastructure and monitor endpoints for threats.
• Configuration and Maintenance of Cisco ASA, ASA 5540, ASA 5520, ASA 5510 firewalls.
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall. Provided tier 3 support for Check Point and Cisco ASA Firewalls to support customers, Backup and restore Firewall policies.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response. Configure and Monitor Cisco Sourcefire IPS for alerts.
• Manage and maintain Fortinet Firewalls through IPv4 policies, traffic shaping, IPS, web filtering, interfaces, and routing
• Strong understanding of Cisco networking technologies: ASA, IPS, WSA, ACS, VPN.
• Creating object, groups, updating access-lists on Check Point, apply static, hide NAT with smart dashboard.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• Provided support for network topologies & connections TCP/IP, ATM, VOIP(Voice-over-IP) and MPLS.
• Performs router configurations on Dedicated Internet Access (DIA) and VOIP(Voice-over-IP) products.
• Supported telephony specialist in the phased migration from PBX based systems to VOIP(Voice-over-IP).

Environment: Cisco ASA 5580/5540/5520 , Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, IEEE 802.11Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco WSA, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.

Confidential, Boston, MA

Network Engineer

Responsibilities:

• Create private VLANs, prevent VLAN hopping attacks, mitigate spoofing with snooping & IP source guard.
• Installed & configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN.
• Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include configuring firewall logging, DMZs, related security policies, monitoring, documentation and change control
• Enabled STP enhancements to speed up network convergence using Port-fast, Uplink-fast and backbone-fast.
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall. Documenting and Log analyzing the Cisco PIX series firewall.
• Troubleshooting of DNS, DHCP and other IP conflict problems. Used various sniffing tools like Wire-shark.
• Hands on experience working with security issue like applying ACL’s, configuring NAT and VPN.
• Troubleshoot problems on a day to day basis & provide solutions for problems within their Network.
• Configured SITE-TO-SITE VPN on Cisco routers between headquarters and branch locations.
• Implemented the security architecture for highly complex transport & application architectures addressing well known vulnerabilities and using access control lists on their core & failover firewalls.
• Part of Network Operation Center NOC offshore support team from India supporting HP Data Center 24x7. L2 support for Cisco PIX and ASA Firewalls.
• Selected and deployed enterprise UTM firewall ( Fortinet) for two primary sites and 20 remote sites.
• Perform daily maintenance, troubleshooting, configuration, and installation of all network components.
• Assisted in troubleshooting LAN connectivity and hardware issues in the network of 100 hosts.
• Troubleshoot and support Cisco Core, Distribution and Access layer routers and switches.
• Managed the IP address space using subnets and variable length subnet masks (VLSM).
• Point-to-Point, Frame Relay, T3, ATM, WAN, Active Directory, DNS, and DHCP troubleshooting.
• Configured BGP for CE to PE route advertisement inside the lab environment.
• Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Configuration of CISCO Routers (2600, 2800 Series) and 3550, 4500 series switches.
• Creating groups, users and policies in Active Directory.

Environment: Cisco 2600/2800/3700/7200 routers, Cisco ASA, TCP/IP, VLSM, AD, DNS, Switching/Routing.

Confidential

Network Operations Engineer

Responsibilities:

• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLANS under server mode and rest falling under client modes.
• Installed Windows Server 2003, configured IP addresses, network printers and Client Access for PCs.
• Administer and support Cisco based Routing and switching environment.
• VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
• Deployed a Syslog server to allow proactive network monitoring.
• Worked in a dynamic routing enterprise network environment - OSPF & BGP for external connectivity.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).

Environment: PIX, CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, SAN, Spanning tree, Nimsoft, Windows Server, Windows NT.