OBJECTIVE:

• Seeking a challenging position in a dynamic environment to apply my consulting and network design expertise to large enterprise environments.

SUMMARY

• Security/Network Engineer with 10+ years of experience in secure platform with Enterprise Network Infrastructure Design and Deployment.
• In depth experience of Core Routing and Switching design, configuration, implementation and support on high end Cisco devices like Nexus 7000, Nexus 5000, Catalyst 6500 and Cisco 4500x
• Efficient use of Microsoft VISIO and MS Project as technical documentation and presentation tools.
• Good understanding of wireless network and utilization of Autonomous Access Point and Light Weight WAP, Wireless Controllers
• Working knowledge of SDWAN using Cisco Routers/Switches, Viptela Virtual Routers

TECHNICAL SKILLS

Scripting automation: Python, Ansible and yaml

IP Routing Protocols: EIGRP, OSPF, IS - IS, MP-BGP, BGP Attributes/Communities. (Prefix-list / distribute-lists / route-maps)

Routers: Cisco 9K/1K ASR’s, ISR 4000/3800/2900/1800/800 , Cisco IOS 1800, 2500, 2600, 2800, 3600, 3800 Series Routers running IOS v.12.4: Switches Catalyst WS- 6513/6509/6506 , WS- 4507/4506/4503 , WS-3750, WS-3560/3550, WS-2960XR/2950 Cisco, 4200, juniper EX2200, EX3200, EX3300 EX4200,Aggregation (LACP, PAGP, VPC, MEC ),Multicast, Nexus 7010 / 7018 / 5578 P / 5548 UP / 2232 PP / 2248 TP:

Wireless: Wi-Fi, 802.11b, 802.11g, WEP/WAP

Juniper platforms: MX80, MX240, MX 480, MX960,M320 and T640 routers, EX 2200, EX 4200, EX 4500, MX-480 and SRX210

LAN Switching: VTP, NAT/PAT, HSRP, VRRP, GLBP, VACL, RSTP, STP,MST, LACP, BFD, PAgP, Ether Channel, VSS,DHCP snooping, Dynamic ARP inspection, IP source guard, IEEE802.1x, MAB

MPLS: VRF, LDP, RSVP, L2VPN, VPLS, L3VPN, MPLS TE, MPLS LDP/TDP frame mode

AAA Architecture: TACACS+, RADIUS

VMware: VMware ESX & VCenter Server

Network Management Tools: SolarWinds, Wireshark

Load Balancer: F5 Big IP - LTM

PROFESSIONAL EXPERIENCE

Confidential - Paramus, NJ

Network Design Engineer

Responsibilities:

• Develop and build networks to serve an organization’s business purposes.
• Typical responsibilities are designing system configuration, improving the performance of current environments, securing network systems, updating job knowledge.
• Create high level design, low level design, evaluation, implementation plan, migration plan and procedures for projects involving migration of core technologies like BGP and OSPF.
• Creating automated scripts using Python language and also manual testing to enhance hardware performance.
• Automate the configuration using REST API calls to various security devices.
• Automate the configuration on Network and Systems using the Ansible
• Intergrade the existing Palo Alto devices with Panorama and deploy the new devices using Panorama.
• Performed 802.11a/g/n Wireless Site Survey and Design for using Ekahau suite of tools that included Wireless Survey Pro and Spectrum Analysis.
• Working knowledge of Cisco Prime.
• Designing RTLS-Ready Networks using Cisco AP 4800 Platforms ( signal strength, Placement of Access Points and RF Profiles)
• Configuration of cisco WLC 8540.
• Create custom Antivirus, AntiSpyWare, Vulnerabilities profile per organization standards and apply them to security policies.
• Create the custom URL filtering rules and apply them appropriately to Security policies.
• Create multi-VSYS and multi-VR environment using the PA firewalls.
• Implement the BGP routing protocol on Palo Alto firewalls.
• Design, implement and troubleshoot networks which included Routing, Switching, WAN, LAN, MPLS, QoS, Multicast, Spanning tree, and HSRP technologies.
• Provide tier-4 escalation support to client operation teams.
• SD WAN conversion project portion of a 8 person crew on 100 branch Viptela over VMware and Cisco network, each site served by Private MPLS.
• Protocols used on project: iBGP eBGP MLPPP PPP VRRP HSRP 802.11 SSH HTTPS
• Designed and implemented high availability purpose of site-to-site IPSec VPN between head office and remote branch offices by combing Hot Standby Router Protocol (HSRP) with IPSec protocol. VPN devices at the remote branch offices peer with virtual IP address of HSRP in head office. So, in case that the Active HSRP router fail, standby HSRP router will take over connection of site-to-site IPSec VPN.
• Designed Fail Over IPSec Site-to-site VPN With Dual WAN Links and IP SLA on Cisco ASA Firewall 9.x
• Deploy and support new and flexible data center network incorporating technologies such as Spine/Leaf, virtual route forwarding (VRF), VXLAN, Fabric Path and OTV for VLAN extension.
• Involved in a project for a re-design of the LAN network (Cisco Catalyst 2960 and Nexus 5000 switches) and the virtualization of some systems
• Design and implementation of Main Data Center Move project from one location to another location with minimal down time using traditional DCI with vPC and In-box configurations with same HSRP group for redundancy on four Nexus 7k switches, two on each side.
• Design and Implementation of DR Co-location consisting of Nexus 7K switches.
• Configured Nexus 7010 including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0.
• Attending customer meetings and providing complex solutions as per Cisco Best practices.
• Acts as a technical liaison to service desk team, project and the architectural design
• Responsible for performing the engineering lifecycle functions of detailed design, implementation and hand over to production for part or all of a network technical solution to the client, in accordance with an agreed technical architecture.
• Responsible for the planning, design, implementation, organization and operation of Palo Alto Firewalls based perimeter security network including but not limited to 5xxx and 2xx series FW’s.
• Software Upgrading for Palo Alto Devices and Integrating of Active Directory/LDAP with Palo Alto s Next Generation Firewalls.
• Implemented User ID, custom App-ID and security policies for Palo Alto series.

Confidential - Edison, NJ

Network Security Engineer

Responsibilities:

• Design, implement, and troubleshoot customer data infrastructure technologies
• Perform analysis and prepare reports in support of data network monitoring, improvement, and regulatory compliance.
• Migration from Dell SonicWALL zone-based firewall configuration file to a Cisco Firepower 5512-x platform with Firepower services.
• Provide technical support for cisco router configurations and installation for EIGRP and OSPF.
• Provide professional services to deploy the Cisco ACI Datacenter fabric. This fabric consist of three (3) APIC controllers in cluster mode, Two (2) Nexus 7010 Spine switches and Four (4) Nexus 7018 leaf switches.
• Configured Cisco Nexus 5010/5020 switches, and 2000/2200 fabric extender.
• Configured fabricPath for high availability and Virtual Port Channel (vPC) on Nexus
• Created vPC domain, design single sided vPC, double sided vPC, vPC peer-keepalive,vPC peer-link,vPC member port, configure single and dual home fex
• Created and configured VDCs, applied AAA, SNMP, ACLs, SVIs, HSRP, L2/L3 port-channels.
• Configured port channel on dual ASA for connecting dual N7K in Colorado and Maryland DC
• Configured ASA to act as DHCP server for customer remote sites
• Configured PPPoE on the ASA remote sites for connecting the customer branches.
• Troubleshooting by packet flow and packet capture diagnostics for firewall configurations solutions remotely
• Implemented and update security principles supporting customer migrations, configurations and implementations for Access list, NAT rules, Remote Access, IPSEC Site2Site and AnyConnect
• Installed and configured Firepower Management Center 6.0 on VMware and added ASA Sourcefire Agents as well as Firepower NGIPS for monitoring and management.
• Added licensing to Firepower Management Center to cover NGIPS as well as 5512-x.
• URL, and Malware Policies on FMC and deployed to security endpoints.
• Reconfigured/updated DMVPN HUB connected to 15 sites supporting 20 spoke Routers in total
• Work together with BU IT and site contacts to schedule migration window for the DMVPN spoke routers cutover.
• Configured Cisco Security Manager for managing all the data centers and branches firewalls. leveraging F5 LTMs & GTMs to improve web application delivery speed and replication through and between distributed global data centers. Load balancing and application acceleration solution triples server capacity through a rich set of infrastructure optimization capabilities and reduces bandwidth costs through intelligent HTTP compression and bandwidth management by implementing CPU centric SSL offloading and acceleration.
• Deploying, configuring & maintaining F5 3DNS(Global traffic Manager) Controller and BigIP -LTM(local traffic manager) for wide area load balancing and global redirection using various load balancing techniques
• As part of the Disaster Recovery project, users are directed transparently to the appropriate data center, during disasters or any other critical or unexpected large-scale outage, protecting business deliverables from DDoS attack outages and unforeseen volume spikes.
• Responsible for Configuring and Troubleshooting of SSL VPN and IPSec L2L connectivity.
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTM

Confidential

Responsibilities:

• Deploying ISE in wired environment to perform Dot1x port based authentication configure the Posture polices perform Change Of Authorization CoA for users connecting to the corporate network
• Configuring Cisco Catalyst Switches for Dot1x support testing the IOS compatibility with ISE
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users.
• Integrating Configuring Cisco ASA Firewalls with ISE to the Posture policy compliance perform CoA for remote VPN IPSec, SSL AnyConnect users.
• Integrating ISE with external identity stores such as Windows AD, Cisco ACS LDAP.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers and Catalyst Switches
• Configured and Implemented Cisco Identity Services Engine (ISE) with connectivity to Microsoft Active directory & CA Third party for Authentication including Certificate Based Authentication.
• Designed and Configured Cisco Identity Services Engine (ISE v2.0) to support corporate connectivity to a new wireless environment utilizing Active Directory Authentication and Authorization with EAP-TLS client certificates.
• Provide knowledge transfer and informal training to clients
• Experience with Authentication Protocols (EAP-TLS, PEAP, EAP-FAST)

Confidential

Network Security Engineer

Responsibilities:

• Obtained current rules from existing Sidewinder Firewalls and Migrate existing rules to be installed in an active cluster and Created twelve (5) DMZ’s as per Customer request and Migrate NAT pools from Sidewinder to Cisco ASA 5525X’s
• Tested configurations prior to cutover from existing Sidewinder Firewall to new Cisco ASA 5580’s and Monitored to ensure all rules and NAT pools are operating properly over the shoulder training during entire evolution
• Obtained current VPN rules in existing Juniper VPN concentrator and Configured VPN NAT pools and Created VPN rules on new Cisco ASA 5525x and tested configuration prior to cutover from existing Juniper VPN concentrator to new Cisco ASA 5520 VP
• Ensured licensing for five hundred (500) SSL Any Connect premium SSL VPN participants are loaded on the primary and secondary VPN appliance
• Implemented IPSEC Site-to-Site VPNs between ASA Firewalls
• Developed a complete test plan documentation package which includes a document detailing test resource requirements, procedures, and expected results.
• Configured ASA SSL VPN remote access from Microsoft Windows Mobile cellphones, equipped with Cisco AnyConnect VPN client & digital certificate issued by external CA server
• Delivered Customer Requirement Document (CRD), High-Level Design (HLD), Pre-Deployment (PDG), Low-Level Design (LLD), Acceptance Testing Procedures (ATP) and As-Built Documentation.
• Configured Routers for OSPF, EIGRP, BGP protocols for Point-to-Point links, Frame Relay, and MPLS connectivity
• Configured routers to redistribute EIGRP as well as OSPF into the BGP routing protocol.
• Configured Qos on L2/L3 platforms.

Confidential - Manhattan, NY

Network Engineer

Responsibilities:

• Member of a team of engineers responsible for providing end to end LAN/WAN solutions. Provide day to day firewall/VPN support which spans across multiple firewall platforms, including Cisco ASA
• Configured Nexus 2148, 2248 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7k.
• Configured and extension of VLAN from one network segment to their segment between Different vendor switches (Cisco, Alcatel)
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Implemented IPS, DLP and UTM features on the firewall for added security purposes.
• Replacements of the 6500 Platform external switch stack with Nexus 7k 10gb data rates.
• Migrated Servers from to Nexus without any application outage
• Deployed Service Switching layer with 6500 platform for Firewall and Load Balancing Services for WEB and APP server Cloud on the Nexus platform
• Configured an IPSec Site-to-Site VPN between the Cisco ASA5545 at small office location and Cisco 1841 ISR with a security IOS image at the main office.
• Configured Zone-Based Policy Firewall on the Cisco 1841 ISR with three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps' traffic, zone-pairs, and application of policy to zone pairs.
• Working on Cisco NAC ISE to authorize users based on protocols PEAP and EAP-TLS, also manage and monitor user's access privileges.
• Re-Configured policy based routing BGP routing (Route Maps, AS-Path prepend, MED, Local Preference) to load balance traffic across customer multiple links.
• Analyzes BGP and OSPF network problems and coordinates resolutions. Develop work plans, migration plans, and conversion scripts needed to integrate proposed solutions.

Confidential

Network Security Engineer

Responsibilities:

• Provided Customer Managed services (MS) for a based cellular network solution of IPRAN (Radio Access Network for 3G, 2G and 2.5G mobile data) on huawei platforms. worked with customer solution architects and engineering team to upgrade and improve network infrastructure and security
• Network Backbone Upgrade project. Successfully achieved main goal of the project: migrate off of older supported Huawei networking Routers (18) NE40 per site to a newer Huawei (16 ) NE40E platform environment. The end goal of the project is to ensure that all network traffic has been migrated and no longer flows through any current NE40 equipment. The migrated traffic will go to (2) provider Huawei router NE80.
• Configured Juniper M320s as PE's, NE80E-1 as Core, Huawei NE40 as CE’s
• Configured Huawei NE80E-1, Juniper M10i Routers as Route-Reflectors in Core BackBone.
• Configured OSPF, BGP, LDP, MP-BGP on Juniper M320 and NE80E-1 in the Core.
• Built the swap cutover and the redundancy load sharing solutions and the rollback plans for 1-NE40/2-NE40Es per each IP-RAN Site.
• Implemented the cutover from the NE40 to the NE40Es while insuring minimum downtime per service.
• Troubleshooting of all IP related faults of IPRAN routing protocols such as OSPF tuning(failure detection, BFD, VPNV4(MP-BGP,),MPLS(LDP), QOS (Diffserv) DSCP,IPP, PHB EF,CS,AF,BE, VPN-MPLS, L2 Gb traffic, 2G Traffic & Signaling and MPLS-TE by RSVP-TE/FRR.
• Implemented traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network Open Shortest Path First (OSPF).
• Implemented Hot Standby Router Protocol (HSRP) by tunning parameters like preemption.
• Configured of Gb/IP, A/IP, Abis /IP services from BSC & RNC CE sides.
• Configuration of VLAN's, VRF's on CE side for logical separation of high bandwidth interfaces and LACP for increasing the bandwidth.
• Troubleshooting QOS involving policing, shaping and queuing towards Core and towards CE and PE routers.