SUMMARY:

• 17+ years’ of routing, switching, firewall, load balancing and WAN optimization experience with designing and managing enterprise networks with Cisco, Juniper, Check Point, Palo Alto, Fortinet, A10, F5, Riverbed, etc. and managing large number of sites.
• 8+ years’ of wireless network experience in architecture designing and engineering using Aruba and Cisco/Meraki wireless solutions. Aruba Certified Mobility Professional (ACMP).
• Experience with Cisco, Meraki and Aruba WiFi design, setups and troubleshooting along with comprehensive Multicast support on it.
• Experience with implementation and administration of Next - Generation FIREWALLS of Palo Alto (PAN-OS/Panorama 7.11 & 8), Check Point (SPLAT & GAIA R8.10), Fortinet (FortiGate FortiOS), Cisco (Firepower) and Juniper (SRX).
• In-depth technical hands-on with Palo Alto (PAN-OS/Panorama 7.11 & 8) creation and customization of Device Group Hierarchy, Custom App-ID/CustomApps, Templates & Template Stacks, etc.
• In-depth technical hands-on with Check Point with versions R77.30 & R80.10, VSX and ClusterXL. Have fully working R80.10 firewall gateways lab setup at home for regular testing of features and functionality.
• In-depth technical hands-on skills with Cisco Firepower NGFW/NGIPS and Cisco StealthWatch.
• Experience with Cisco BYOD on Mobile devices Access and Security.
• Expertise in network INTRUSION DETECTION/PREVENTION SYSTEM (IDS/IPS - NIDS/NIPS) with Check Point IPS-1, Cisco IDSM-2 & HP Tipping Point N2500.
• Experience with VPN (IPSec/DMVPN/SSL) configurations of Check Point, Palo Alto, Cisco, Juniper, Fortinet FortiGates and SonicWall UTMs.
• Global Data Centers (NOC) LAN/WAN designing, implementation, maintenance and provisioning.
• Cisco NEXUS Certified Professional. Implementation experience with Cisco Nexus 7000/5000/2000 Series DC Switches, MDS, FCoE/FIP, FCIP, FICON, SAN/NAS, iSCSI, etc.
• Juniper Routers & Security Certified Engineer with design, configuration & implementation experience.
• Advance in-depth expertise in BGP & OSPF and Intermediate knowledge in EIGRP, MPLS & MPLS VPN.
• Proficiency’s with VSS/vPC, HSRP/GLBP/VRRP, UDLD/BFD, VTP/DTP/VLAN, SNMP, NetFlow/J-Flow, RPVST+/RSTP/STP, DNS/DHCP, CDP, SSH, QoS, NAT/PAT, etc.
• Troubleshooting EtherChannel/PortChannel, LACP/PagP, 802.1q & Q-in-Q tunneling, etc.
• Expertise in all aspects of SWITCHING & ROUTING with Cisco Nexus & Catalyst Switches (7K, 5K, 2K, 6500, 4500, 3850, 3750, 3650 & 2960 Series) and Routers ASR (9K/1K) & ISR (3800) Series, Arista Networks, Brocade (Foundry), HP (E-Series), etc.
• Solid expertise with LOAD BALANCERS of Cisco (ACE/CSS/CSM), A10 (AX) and F5 (LTM & GTM).
• Solid hands-on with WAN ACCELERATION/OPTIMIZATION of Cisco Wide Area Application services & Automation Engine (WAAS/WAE) and Riverbed (Steelhead).
• Expertise with large scale DNS configurations setups with InfoBlox (DNS Grid Setups) & BlueCat Networks (DNS Cache Setup) appliances.
• Experience in using extensively NeuStar UltraDNS, Cotendo (Akamai) & Mark Monitor tools & services.
• Immense knowledge of SNMP MIBs layouts and have written many SNMP MIBs browsing and walking scripts and queries to manage network devices.
• Expert in using Netflow collector tools and packet capture and analyzing with Wireshark, Sniffer, Observer and IXIA utilizing inline tapping appliances Gigafin and Gigamon, and also ZoneRanger and probes.
• Full hands-on with network tools NetMRI, Voyence Control (/EMC Smarts NCM), Bradford NAC, Splunk, ASDM/Prime, Solarwinds Orion/NPM & Cirrus/NCM, Nagios, WANDL IP/MPLSView (now Juniper), StealthWatch, Rapid7 Nexpose, Datadog, Panorama (Palo Alto), Mazu (now Riverbed), HP Openview/SiteScope, Cacti/RRDtool, PRTG/MRTG, Zenoss, DaRemedy, Spectrum,, Avaya's Converged Network Analyzer (/RouteScience ANS), WhatsUp Gold, Blue Coat ProxySG, InterMapper, AirMagnet, AirWave, RFprotect, ServiceNow, FireMon, etc.
• In-Depth technical knowledge with Cisco SDN/ACI solutions including APIC & Nexus 9000s.
• Have experience with Metro Ethernet, Dark Fiber, SONET, T3/DS3 & T1/DS1 setups and SLA metering.
• Basic experience with public cloud platform Amazon AWS, and also Arista’s SDCN.
• Extensive IT experience in Internet Search Engine, Healthcare, Health Food and Manufacturing industries. 17+ years’ of IT network experience in lead engineering role.
• Strong analytical and logical problem solving skills with ability to deep dive to obtain network resolutions and find optimal solutions that are dynamic and cost-effective, and also in maintaining in-depth knowledge of IT best practices in large-scale IT environments.
• Standardizing the documentations of network systems using IT Best Practices and following the applicable IT related sections of compliance acts such as SOX, PCI, HIPAA, etc.
• Verifying IT Standards, Best Practices, and Design and Patterns by holding security reviews against internal or external solutions being developed or maintained. Leading and managing IT Security initiatives as well as interacting with other security or compliance related internal organizations (Audit, Compliance and Examiners).
• Ability to facilitate lab workshops to evaluate current network system processes, and conduct Gap Analysis to improve the overall IT infrastructure by following ITILv3 foundations.
• Writing many IT policies and procedures by closely following IT control and governance framework and supporting toolset of COBIT 5 (Control Objectives for Information and Related Technology) and BCP (Business Continuity Plans) covering IT Disaster Recovery Planning.
• Shared Services Center Management Experience: Ability to immediately recognize system issues and respond efficiently to operational and emergency situations such as ‘Service-affecting Severity (SEV1)’ and provide immediate restoration of services, and then promptly address ‘Not Service-affecting Severity (SEV2)’ issues.
• Creating and maintaining IS Operating Procedure Guides (ISOPG): Standard Operating Procedure (SOP), Method of Procedure (MOP), and Emergency Operating Procedure (EOP). Creating Run-Books and Knowledge-Based Articles (KBAs) for the network infrastructure.
• Ability to plan, organize and prioritize project tasks and to complete independently and within time frame. Applying lean Six Sigma (6σ) tools quantify and qualify measurable customer requirements to improve process for selection, implementation, etc. of network technologies.
• Used Rally Online Software Tool for Agile project management of all network projects by creating the vision of defining backlogs, defining the roadmap of releases and iterations.
• Expertize in producing powerful and effective Microsoft PowerPoint presentations for both executive and technical members of the team.
• Highly experienced in creating impressive High-Level Design (HLD), Low-Level Design (LLD) and Detailed-Level Design (DLD) diagrams of the network in Microsoft Visio.
• Conducting with due diligence the tangible Service Level Agreement (SLA) negotiations and expert on preparing Bill of Materials (BOM) & Statement of Work (SOW) for network projects.

WORK EXPERIENCE:

Network Architect

Confidential

Responsibilities:

• Worked as the Chief Architect for LAN/Wireless transformation program for North America Region which involved a complete redesigning of the Enterprise networks at all Shell oil upstream and downstream oil refineries throughout USA and Canada to AT&T network standards and to implement a new wireless network design with multicast support using Cisco network routers & switches. Cisco BYOD on Mobile devices Access and Security.
• LAN/Wireless transformation program included reviewing thorough WLAN RF WiFi surveys, creating afresh or updating the current network topology of layer2 and layer3 diagrams and also creating them for the new network refresh designs after analyzing user traffic utilization and accessing the current and future network capacity needs.
• Lead the team of 4 senior network engineers. Was involved from project beginning to its successful end in working remotely on re-design and QA of the enterprise networks in implementing a totally new wireless network with multicast support at numerous very-large-scale-size oil refinery sites from Texas, Louisiana to Washington involving more than thousand Cisco APs, hundreds of Cisco switches, numerous Cisco WLCs, and conducted migrations and cut-overs.
• Received commendation and congratulations on my s as one of the winners in AT&T Global Business Energy Solutions 1Q 2016 Recognition Newsletter for Notable s that recognizes individuals/teams (comprised of NPWs or employees) that go above and beyond their job description.
• My team was being recognized for our work on the LAN/Wireless Transformation of the NORCO Refinery, which was completed flawlessly and ahead of schedule. NORCO is one of Shell’s largest and most complex oil refineries and the project provided a faster and more stable LAN & Wireless Network to the site. The project replaced 20 year old unstable CatOS switches with a fully redundant, high speed network. Additionally, the project transformed 4,000 ports and 123 switches, as well as required the activation of 283 wireless access points providing high speed wireless coverage for all business areas.

Confidential, Los Angeles, CA

Sr. Network Engineer

Responsibilities:

• Lead the team of 4 network engineers and 1 senior network engineer.
• Managed multiple Data Centers consisting high-end Juniper routers, A10 & F5 Load Balancers, Palo Alto Firewalls, Cisco 6509’s switches in VSS environment, and Cisco WAAS/WAE.
• Successfully migrated the data center from a large old facility to a new modern data center environment. And ensured that the cut-over went smooth.
• Implemented across four Data Centers the designing of high-end Juniper routers, A10 & F5 Load Balancers, Palo Alto Firewalls, Cisco 6509’s switches in VSS environment, and Cisco WAAS/WAE.
• Hands-on configuration and administration of Blue Coat Systems SG6000 Series with SGOS v6.
• Managed the network in a very fast-paced infrastructure services environment of heavy duty BGP & OSPF network with large number of load balancers with hundreds of VIPs setup on them and consisting of hundreds of web servers with Oracle Grids backend and Hadoop.
• Familiarity with public cloud platform Amazon AWS that was extensively utilized by the DevOps team.
• Worked closely with the SOX auditors and implemented the recommended security changes as needed.
• Installed and configured multiple Red Hat Enterprise Linux Advanced Platform v5 Servers.
• Configured and managed A10 Load Balancers, and worked closely with team for balancing and moving web traffic globally between data centers across the globe using NeuStar UltraDNS, Cotendo (Akamai) & MarkMonitor online services and tools.
• Configured and maintained Cisco WAAS architecture on Cisco WAE hardware platforms, optimizing TCP traffic across three data centers and managed them through WAAS CM.
• Managed and maintained a large network infrastructure comprising of four large data centers containing numerous Cisco 6500s/4500s/3700s, Cisco ASAs/Check PointR75/PaloAlto Firewalls, Cisco ACE & F5 GTM/LTM load Balancers, 7200/3800/2800/1000 Series Routers, Juniper VPNs, Arista Switches, etc.
• Helped the SAN group 3PAR (now HPE) StorServ iSCSI integration into the LAN by proper configurations of the EtherChannels on both ends.
• Also initiated Wireless (WiFi) refresh and redesign converting the Autonomous Wireless Access Points (WAPs) Cisco 1200 Series. Implemented Aruba wireless solution as a replacement. Implemented mobile access and security.
• Later on designed, configured and implemented Cisco Meraki cloud based solution.
• Implemented and configured HP (Now TrendMicro’s) Tipping Point IPS Solution with customized scripts.
• Configured and implemented numerous Palo Alto firewalls at the data centers.
• Advance BGP configurations on the routers at the data centers were setup, and FCAPS (fault- management, configuration, accounting, performance, and security) tool of Wide Area Network Design Laboratory (WANDL) IP/MPLSView v5 Planning and Management suites were used extensively for BGP routing simulation such as route selection rules and bottleneck analysis to troubleshoot routing failures utilizing the modification of AS-Path and MED attributes for what-if BGP route simulation. Also used it for path performance and real-time latency.
• Created numerous Configuration Templates for the routers, switches and the Load Balancers.
• Configured and managed InfoBlox DNS/IPAM appliances in Grid setup, InfoBlox NetMRI, Solarwinds NCM/NPM, Lancope StealthWatch NC w/Mgmt Console, InterMapper, Nagios, Splunk, etc.
• Used Rally Online Software Tool for Agile (Scrum) project management of all day to day network projects by creating the vision of defining backlogs, defining the roadmap of releases and iterations, planning the release through selecting the highest priority stories, defining the iteration through detailing the highest value story points, and planning daily on "What am I working on today?", "Am I meeting my commitments?" and "Am I blocked?".
• Conducted all network changes always first with creation of Pilot, Test, Cut-over and Roll- Back (Back-Out) implement plans.

Confidential, Irvine, CA

IT Specialist /Sr. Network Engineer

Responsibilities:

• Lead the team of 2 network engineers and managed a large number of sites around the country.
• Architected and designed a new network infrastructure for the whole enterprise with Cisco Nexus 7000 Series (7010) Switches and Check Point NGX-II R65 UTM Firewalls.
• Initiated lean Six Sigma (6σ) analysis and documentation for Network refresh and redesign.
• Defined, developed and tracked strategic and tactical network projects using lean Six Sigma (6σ) methodology to ensure process improvement, control implementation and cost-savings.
• Completed internal Network documentation and assessment of the current network infrastructure. Detailed current Network Diagrams and proposed Network Diagrams.
• Regularly performed a complete administration and maintenance of the current network infrastructure comprising of equipment from Cisco (6509, 3845, 2800, 7200, PIX 515E, ASA 5540, MARS 200, ACS, ACE 4710, CSS 11506, IDSM-2, 4402 Wireless LAN Controllers and Aironet 1200 Series Access Points etc. and CiscoWorks VPN/Security Management Solution (VMS) v2.3, CiscoWorks LAN Management Solution (LMS) v3.0 and Cisco Security Agents (CSA) v6; Foundry (ServerIron); and Check Point (UTM-1 2050 NGX-II R65), etc.
• Completed a design enhancements and maintenance of the WAN MPLS Network.
• Maintained the WAN connectivity of Metro Fiber Gigabit, T3/DS3, and T1/DS1 links.
• Configure and managed InfoBlox DNS/IPAM Grid, NetCordia (now InfoBlox) NetMRI, and Solarwinds Orion NPM and Cirrus NPM.
• Implemented NitroSecurity (now McAfee) ESM SIEM appliance for network devices syslog.
• Configure and managed VoyenceControl NG suite (now Dell EMC Voyence) to closely align and automate industry best practices for change management such as ITILv3.
• Performed WAN optimization with Riverbed Technology Steelhead Appliances (2020).

Confidential, Carlsbad, CA

Consultant Network Architect

Responsibilities:

• Lead the team of 2 network engineers and managed around 600+ remote sites.
• Implemented Check Point NGX-II R65 with Cluster-XL firewalls to replace Fortinet firewalls at the core WAN. And for 600+ remote sites implemented UTMs for firewall and VPN.
• Monitored the Network devices pro-actively using Foundry’s IronView, Check Point’s SmartCenter, etc.
• Designed and established an MPLS network for connectivity to trading partner vendor sites. Completed the design, setup and built-out of cage at an off-site Data Center collocation.
• Successfully migrated the in-house data center to an off-site data center in a large co-location facility to facilitate the new roll out of the ERP Oracle applications.
• Completed a business case development report for the improvement of the Network System to upgrade and replace the legacy LAN servicing WAN of 500 remote sites by evaluating its infrastructure and identifying deficiencies.
• Installed and configured multiple Red Hat Enterprise Linux Advanced Platform Servers for the Oracle CRM project.
• Performed Business Impact and Risk Analysis studies to control risky changes and reduce Mean Time to Recovery (MTTR) by addressing how the network configuration changes are to be managed and maintained, and how the problems are to be resolved.
• Identified and evaluated new products and provided network problem resolutions to create and maintain optimal network.
• Configured and managed Solarwinds Orion Fault & Performance Management, WhatsUp Gold, and Network General’s Portable Sniffer.
• Evaluated and tested Alcatel-Lucent VitalQIP (Now Nokia VitalQIP and formerly Quadritek's QIP) but selected and implemented InfoBlox DNS/IPAM solution.
• Configured and maintained multiple InfoBlox DNS/IPAM appliances in Grid setup, and also implemented BlueCat Adonis-250 DNS-Caching appliance for DNS poisoning protection.
• Implemented Tumbleweed (Axway) secure messaging and secure file transfer solutions.
• Implemented solution to address the compliance of PCI using tools of Configurations Change Management, Documentation Controls, RSA Key management and Rapid 7 Nexpose scanning.

Confidential, Irvine, CA

Network Manager/Sr. Network Engineer

Responsibilities:

• Lead the team of 3 network engineers and 2 network administrators
• Monitored and audited regularly the performance and the security of the entire Network.
• Served as an expert technical resource across functional teams of different teams.
• Migrated successfully the HQ data center to an offsite collocation.
• Oversaw network integration and installation projects. Assisted in assigning and leading work; provided guidance with regard to expertise, timeliness and completion of project objectives. Addressed performance issues within prescribed guidelines.
• Configured and implemented HP Openview to manage all aspects of network infrastructure.
• Coordinated and managed projects, budgets, and services.
• Collaborated with vendors to provide IT solutions.
• Analyzed the needs and recommended technology solutions based on specific findings.
• Developed and implemented business continuity and disaster recovery plans.
• Develop managed services offering security and compliance auditing and implementation.
• Provided product support and implementation for several network vendors including Cisco.
• Optimized & enhanced multi-homed internet connections of BGP configurations and performed pro-active end-to-end monitoring of WAN links to identify problems of BGP routes over the ISP network with the help of Avaya's Converged Network Analyzer v3.0.3 (/RouteScience ANS 5000 Series Appliance).
• Implemented and administered Check Point NGX R60 Firewall.
• Offered direction and guidance, and assisted other engineers regarding products and services.

Confidential, Newport Beach, CA

Consultant Network Architect

Responsibilities:

• Lead the team 2 network engineers and 2 data communications specialists, and managed a large number of practice management remote sites.
• Designed, configured and implemented Cisco routers & switches and Check Point NG firewall.
• Also designed a parallel network system for Picture Archiving and Communication Systems (PACS) such as CT Scanners transmitting hundreds of slice images in DICOM format. And successfully spearheaded and implemented this large scale project.
• Involved in the designing of the new data center in the lower campus building and successfully migrating the MDF data center from the main hospital building.
• Maintained day-to-day Network tuning, configuration changes and administration of all current Cisco, Check Point and some legacy Enterasys, Extreme and Nortel equipment.
• Developed programs, policies, and procedures for disaster recovery and business continuity.
• With Spectrum tool, monitored proactively Network performance and trends to resolve any developing problem and anomaly issues; and also developed remedy solutions.
• Ensured that the network supported Health Level Seven (HL7) standards, guidelines, and methodologies, and also complied with Health Insurance Portability and Accountability Act (HIPAA) Title II regulations.
• Implemented across the whole enterprise network including on firewalls the processes, the procedures and the controls for adhering to HIPAA compliancy.
• Helped the IBM Admin group connect legacy IBM System/38 Communications Controller Node to Cisco router configured as SNA gateway connected to IP LAN and also did setup of remote offices with Cisco routers to establish a DLSw+(encapsulating IBM SNA & NetBIOS frames in TCP/IP packets) tunnel with the data center over Frame Relay utilizing local-peer and remote- peer bridge-groups on both routers. Using Network General’s Sniffer, demonstrated to the IBM Admin group the decoded frame relay frames containing IP header, TCP header, SRB header, SNA PIU, MAC/ LLC, etc. Involved in the designing of the new data center and migration from the old data center.