SUMMARY:

• 7+years of experience in networking, including hands - on experience in routing, switching, security and cloud technologies.
• Experience with Cisco IOS, Cat OS, Cisco IOS-XR, Cisco NXOS.
• Experience with Cisco ASR 9K/1K, Cisco GSR, Cisco CSR, Cisco 7200vxr, and Cisco 7600, 7200, 6500,4000,3800,3600 and 3200 routers.
• Expertise in configuring Datacenter switches Cisco Nexus 9k,7k, 6k, 5k, 3k series as well as Catalyst switches3k, 4k, 6k series.
• Design and Build SDN Data Center environment, including Cisco ACI .
• Enhanced level of experience in configuration &troubleshooting of routing protocols: RIPv1, RIPv2, EIGRP, OSPF, MP-BGP, IS-IS BGPv4, LDP and MPLS.
• Expertise on Juniper T-Series, J-series, M-Series, MX-Series routers and Juniper: M320, MX80, MX480, MX960 and EX4200, EX8200 switches.
• Worked with LAN protocols (VLAN, VTP, STP, RSTP, MST) & Port Channel Protocols ( LACP, PAGP).
• Experienced in handling and installing Cisco ASA 10/5540/5585 ) Series, Cisco Firepower suite, Palo Alto Firewalls and Checkpoint firewalls .
• Profound experience deploying BIG-IP F5 LTM/GTM/ASM- 6400, 8900 ( 11.x, 10.x), A10, Citrix Load balancers for load balancing and traffic management of business application.
• Experience working with Cisco ISE to design, implement, and support Cisco-based security solutions, as well as other providers
• Working with AWS Cloud platform and its various services, which include IAM, EC2, S3, ECS, EBS, CLI, SNS, and RDS, Redshift and CloudFormation etc .
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, VLSM, TCP/IP, NAT, DHCP, DNS, FT1/T1/FT3/T3 Sonet POS OCX/GigE circuits, ACL’s, Firewalls.
• Have knowledge on various advanced technologies like VOIP, H.323, SIP, QOS, IPv6, and Multicasting.
• Experience on Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R80, UTM, In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM, Summarization and ARP, reverse & proxy ARP and Ping Concepts .
• Completed daily/weekly/monthly/quarterly tasks to maintain PCI Compliance.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users .
• Excellent expertise in network management tools and sniffers like IBM Qradar,Azure Sentinel, TANIUM, SPLUNK, Arc sight SIEM, Fore scout, HPCA,Tufin,Firemon,Netflow HP-Open view, Wireshark and Cisco works to network Operation Center.

TECHNICAL SKILLS:

Networking Protocols: RIPv1, RIPv2, IGRP, EIGRP, OSPF, BGPv4, MP-BGP, TCP-IP, UDP, HTTP

Cisco Routers: 2500,2600,3200,3600,3800,4000,7200,7600, ASR9000, ASR 1000 Series

Cisco Switches: Catalyst 6500, Nexus 7k/5k/2k.

WAN Technologies: Frame Relay, HDLC, PPP, MLPPP, ISDN, ATM.

LAN Technologies: VLAN, Spanning tree, VTP, VMPS, ISL, Dot1q, DTP,PVST

T1/E1: T3/E3/OCX

Load Balancer: F5 BIG IP LTM/GTM/ASM/APM, A10, RADWARE, Citrix

VSX, IDS, IPS, Palo Alto PA: 500, PA-2k, PA-3k, PA-5k & PA-7050Checkpoint R65/R70/R75/R76/R77/R80, Cisco ASA, Firepower 4100.

Redundancy Protocols: HSRP, VRRP, RPR, NSF/NSR

Tools: SNMP,Firemon,Tufin,HP-Opsware, Wireshark, Solar WindsSplunk, IBM/QRadar,Nagios,Netflow,OpenDNS,Azure Sentinel.

Wireless Technologies: Cisco WLC 2504, 4404,5508.

Infrastructure Services: DHCP, DNS, SMTP, POP3, FTP, TFTP, NAT/PAT, PIM, IDS, SPAN Ports.

Routed Protocols: TCP/IP, IPX/SPX

Languages/Tools: C, C++, VB script,Ansible,Python, Perl, Shell.

Operating System: Windows XP, Vista, Windows 7, Unix, Linux, MS VisioTECHNICAL SKILLS

EXPERIENCE:

Confidential, Los Angeles, CA

Sr. Network Security Engineer

Responsibilities:

• Involved in configuration of routing protocols and deployment of OSPF, EIGRP, BGP and Policy routing over Cisco Routers, Switches ( Nexus 7Ks, Catalyst 6500 ).
• Designed the migration from Cisco Catalyst 6513 switches with Sup 720 to Nexus 7009 with Nexus 7000 Supervisor 2E, F&M line cards in data center with features like VPC and VDC's .
• Planned and deployed of MPLS Layer 3 VPN cloud , involving VRF, Route Distinguisher (RD), Route Target (RT), Label Distribution Protocol (LDP) & MP-BGP.
• Upgraded the NX-OS in Nexus 7018,7009 and Nexus 5548 and 5596 .Consolidated multi-tiered environment into a pair of Nexus 7000 switches using VPC and VRF.
• Configured EBGP load balancing and Ensured stability of BGP peering interfaces.
• Implemented, Configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing)
• Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Install and maintain Palo Alto firewall configuration to protect secure data as part of PCI and SOX compliance.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configuration of Palo Alto firewalls , access policies, Application & URL filtering, Security Profiles, Global Protect VPN, Data filtering and file blocking.
• Provides updates and upgrades to the Palo Alto Firewall and Panorama devices. Involved in upgrade of Panorama to version 8.1.10.
• Policy Reviewing, Audit and cleanup of the un-used rule on the Firewall using Tufin and Splunk. Rule and URL filtering remediation for Palo Alto devices. Maintain and manage Splunk related issues.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall and Executed changes on various Firewalls proxies and scripts over entire network infrastructure using Service Now ticketing tool.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Provide Load Balancer expertise on F5 BigIP LTM and GTM devices like 7050 and 2200 and Troubleshoot application slowness.
• Worked on F5 BigIP GTM/LTM/ASM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Addressed technical issues and questions regarding Cisco ISE including troubleshooting and feature changes and modifications.
• Troubleshoot issues with Wireless Access points (Cisco 3502 ) and configure SSID's on 5520 Wireless LAN Controllers.
• Cloud migration networking for applications to AWS, MS Express route/Azure, O365 .
• Strong Analytical, Problem Solving, Technical Troubleshooting, Decision-Making, Customer Service Skills, Results-Driven.

Environment: Cisco Nexus 7k/5k, Palo Alto, F5,Blue Coat, Cisco ISE 2.3,AWS,PCI,Python.

Confidential, Cincinnati, OH

Sr. Network Security Engineer

Responsibilities:

• Expertise in Cisco ACI, NX-OS and IOS , other SDN products Tiered Domains, QoS, Data center network design, cloud infrastructure design and management, OSPF, BGP,EIGRP VLAN Trunking.
• Extensively worked with configuration of Network and Security devices such as Cisco routers and switches ( ASR9K/1K, ISR, Cisco Nexus 9K/7K/5K/2K), Firewall ( Cisco ASA, Cisco Firepower and Checkpoint ), Load Balancers, DNS and IP Manager (Infoblox) .
• Worked in for the NextGen Datacenter Cloud Architecture, using Cisco ACI and Nexus 9K .
• Developed ACI (Cisco Application Centric Infrastructure) based Cisco Validated Designs for Enterprises and Service Providers to transform Traditional 3 Layer Architecture to ACI based (Spine, Leaf and APIC) Architecture
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 .
• Responsible for configuring VPC, VDC and ISSU software upgrade in Nexus 7010, 9k.
• Configured various BGP attributes such as Local P, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Configured ASA 5500-X series firewalls to provide highly secure high-performance connectivity between the sites, firewall administration, Rule Analysis, Rule Modification.
• Configuring and maintaining Site-to-Site VPN's, DMZ's, Remote access VPN's (SSL), ACL's, Security Zones and TLS/SSL s.
• Experienced provisioning SD-WAN service as automated failover solution for MPLS VPN by Cisco Meraki MX 80 Firewall.
• Experienced to Implementation of Cisco ISE and the Migration from old ACS to Cisco ISE Environment.
• Deployments of Cisco cloud service for a large user base including AnyConnect client and services, Cisco Umbrella / OpenDNS and, and Cisco FireAMP for Endpoints .
• Deployment, and support of Cisco Firepower and FMC 5.x and 6.x with URL filtering and AMP inspection .The Next Generation Data Center project consists of planning and implementing new Cisco Firepower 4100/4150 Security Appliances.
• Deploy Cisco Firepower solutions for IPS/URL/Malware detection and prevention. Configured Cisco AMP (Advanced Malware Protection) for endpoint security systems.Optimized IPS signatures on the Cisco Firepower management center to reduce false positives by disabling unnecessary rules and using the threshold, suppression, and pass rules features.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication using Cisco ISE Radius Server on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication for Wireless and Wired users, 802.1X, EAP, PEAP etc .
• Experienced in using Ansible to manage Web Applications, Config Files, Data Base, Commands, users mount points, and packages. Ansible to assist in building automation policies.
• Hands on experience on Viptela SD-WAN and integrated with Zscalar cloud security platform.
• Configuration & Maintenance of Cisco ISE for based authentication for BYOD and Corporate Mobile Device Authentication using Air watch MDM.
• Worked on Load Balancer F5 LTM, GTM,ASM series like 8800, 6900, 6400, for providing application redundancy and load balancing the corporate applications purpose using iRules.
• Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, IRules) for managing the traffic and tuning the load on the network servers.
• Configuring Cloud platform (Virtual Networks Multi-site, Cross-site, VMs, VNETs, Azure, Load Balancers, Azure SQL, Service Bus, Azure API gateway/Management.
• Developing Python libraries and tools to automate hybrid physical and virtual machines and network infrastructure.
• Created different application policies in the ACI including Tenants, Application Network Profile (ANP), End Point Group (EPG), Contracts, Subjects, and Filters & Labels

Environment: Cisco ASR 9K/1K, Cisco ASA5585, Cisco Firepower,ACI, F5, Citrix, A10, Blue Coat, Cisco ISE 2.3, Python.

Confidential, Ridgeland, MS

Sr. Network Security Engineer

Responsibilities:

• Planning, installing, configuring and troubleshooting of networking infrastructure including Cisco Routers, Switches, load balancers - ASR9K/1K, ISR3925e, 2951, 6880 Series, Nexus9k/7k/5k/2k, VPC/VDC, Cisco 7600 Series, Cisco 6500 Series, cisco 4500 series, 3650, 3750 series, 2960 series.
• Deployed Inline inspection architecture using Palo Alto Firewall PA250, PA4050, PA3020 series to protect data center.
• Deployed advanced features like vPC, VDC, Fabricpath, OTV in Nexus and VSS in catalyst 6800.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Integrating the Palo Alto firewalls with Wildfire cloud inspection engine to protect against zero-day APT and Malware threats. Provided threat protection with Palo Alto IPS/IDS solutions of Firewalls & open source tools like Snort.
• Determined the VPN connectivity requirement for users, VPN pool and gateway information, integration of RSA for VPN authentication, defined rules for non-console administrative access, implemented and tested non-console admin rules for firewalls
• Implemented Cisco Firepower solutions based on ASA and FTD chassis hardware
• Configure the FirePOWER chassis in clustered and then after HA mode to meet the clients ever changing design requirements.
• Knowledge of Cisco Meraki Cloud managed Switches (MS250, MS350, MS410) and SDWAN (MX 65, MX100, MX400 ).
• Implemented a Cisco Identity Services Engine (ISE) solution (wired, wireless, and VPN users) for a commercial client with converged access switches and Cisco ASA firewalls.
• Deployment, configuration, and management of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS (Radius and TACACS+), and Cisco Prime Infrastructure.
• Worked on different series of APM,ASM, LTM, GTM of F5 models like 2400,4200,5200,3400,8900,1600, 6400, 6800, 8800 and Versions like 11.5.x(11.5.1,11.5.3,11.5.4),10.1.0,10.2. x.
• Accessed Cisco Prime NCS/WCS. Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404,5508 for Wireless Network Access Control integration with Cisco ISE.
• Configured enterprise anti-virus/anti-spam/anti-malware solutions, including Symantec Endpoint Protection .
• Installing, configuring, administering, implementation, troubleshooting of VMware ESX i 5.0 host servers with vSphere Client, vSphere CLI, vMotion.
• Implemented AWS Virtual Private Cloud (VPC ) ,AWS EC2 , IP address management, ENI, EIP, DNS, private subnets, firewall configuration, security groups created a VPC, its subnets, internet gateway and added the routing tables, traffic filtering, security groups.
• Designed & configured for Citrix NetScaler MPX 5550 Primary and secondary node, upgraded v9.3 to v10.0, Configured MIP/VIP/SNIP/NSIP configurations on the NetScaler, s deployment of NetScaler, Licensing for NetScaler, Logo editing for External CAG site through NetScaler.
• Worked on SPLUNK SIEM tool for monitoring and analyzing the firewall logs to identify IDS/IPS signature attacks and malicious activities on the network.

Environment: Cisco ASR 9K/ 1K/7200/3640 routers, Cisco ASA5585, Cisco Firepower, Cisco ISE, Palo Alto, F5, Citrix, A10,Nexus 7702,7010, 5548 switches.

Confidential, Bellevue, WA

Sr. Cisco Network Engineer

Responsibilities:

• Installing and configuring Datacenter switches- Cisco Nexus 7k, 6k, 5k, 3k series.
• Deployed ASR 9K, Cisco GSR, Cisco CSR, Cisco 7200vxr, Cisco 7600, 7200, 6500,4000,3800,3600 and 3200 Routers with Cisco IOS-XR as the Campus Edge Routers in the network.
• Configured OSPF, BGP on ASR 9010 Routers Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 10/5540/5585 ).
• Had been responsible for Firewall Administration, Rule Analysis, Rule Modification on Cisco ASA 5585 Firewalls, Juniper SRX550 devices , Palo Alto Firewalls. Implemented Security Policies using ACL, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS ).
• Configuring routing protocols RIP, EIGRP, OSPF, MP-BGP, MPLS, IS-IS, LDP and BGPV4.
• Worked on Configuration, implementation and maintenance of Palo Alto firewalls like PA-200, PA-500, PA-3000, PA-5000 and PA-7000 series.
• Worked on Fortinets new FortiGate release the 3950B and 3951B to implement unified threat management (UTM).
• Using FortiGate next-gen firewall like FG2000E perform intrusion prevention and user visibility, SSL inspection, and unknown threat.
• Worked on Cisco ISE with Access control and AAA protocols .
• Experience on Firewall rule set migration from Cisco firewalls to newly implemented Palo Alto firewalls using PAN migration tool V3.3.
• Experience in working with checkpoint security gateways which are running R76, R77.
• Experience with A10 EFL (SLB and GSLB), F5 load balancers - LTM, GTM series like 6400, 6800, and 8800 for corporate applications.
• Configuring various advanced features, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital s, Executed various migration/upgrade projects across F5 and hands on experience with F5 BIGIP LTM.

Environment: Cisco 3750/3550/3500/2960 switches and Cisco ASR 9K/ 7200/3640//3845/3600/2800 routers, Cisco ASA5510, Juniper, Firewall SRX210, SRX240, Checkpoint, F5, Citrix, VMware.

Confidential, Alpharetta, Georgia

Network Engineer

Responsibilities:

• Installing and configuring new cisco equipment including Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per the requirement of the company.
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 switch at access layer, Cisco 6513/6509E switches at distribution/core.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4.
• Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Experience in configuration of AAA with ACS protocols TACACS+, RADIUS and LDAP .
• Configured Security policies including NAT, PAT, VPN, Route-maps and Access Control Lists.
• Experience in Checkpoint IP Appliances R65, R70, R75, R77 & Cisco ASA Firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Experience in creating Nodes, Virtual servers and applying iRules for servers like cookies and URL redirection on F5 .
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configuring DNS and DHCP configuration in INFLOBOX .

Environment: Cisco 6509/ 3750/3550/3500/2950 switches, Cisco 7200/3845/3600/2800 routers, Juniper EX-Series, EIGRP, RIP, OSPF, BGP, VPN, MPLS, Wireshark, VMware, F5 load balancers

Confidential

Cisco/Juniper Network Engineer

Responsibilities:

• Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series routers and Cisco 2950, 3500, 5000, 6500 Series switches .
• Implementing Routing using the following protocols; IS-IS, OSPF, BGP on Juniper M series routers.
• Design, installation and troubleshooting networks with hand-on experience with OSPF, ISIS, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering
• Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding.
• Involved in design, implementation and configuration of HSRP for load balancing on L3 switches on different location of office on the switched network.
• Experience working with JUNOS OS on Juniper Routers and Switches.
• Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewall 5505 .
• Hands on Experience working with security issue like applying ACL's, configuring NAT and VPN .
• Worked and configured on the security levels of Cisco IOS AAA with TACACS+ and RADIUS and Local privilege authorization fallback.
• Installation and configuration of DNS, DHCP and FTP servers.

Environment: Cisco ASA 5500(5510/5540) Series, Cisco (3500, 3750, 4500, 6500) routers