SUMMARY

• Overall 7 years of experience in Networking, including hands - on experience in IP network design providing network support, installation and analysis.
• Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP ability to interpret and resolve complex route table problems.
• Experience working with Nexus 7K, 5K, 2K devices also configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card (module) for the Nexus 5000.
• Well experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
• Worked extensively on firewalls and VPN gateways Checkpoint, CISCO, Juniper, FortiGate GUI and Arista equipments.
• Migrated firewall rules from Cisco ASA to Palo Alto and Checkpoint Firewalls. Designing and Configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Advanced knowledge in installation and configuration of Juniper Netscreen Firewall.
• Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls.
• Design, Build, and Implement various solutions on Check Point Firewalls, Blue Coat Proxies, F5 Load balancers and F5 Global Traffic Managers.
• Hands on experience with configuration management tools: Ansible.
• Experience in Ansible to manage Web applications, Environments configuration Files, Users, Groups and Packages.
• Expert in the use of Ansible as automation tool on VMs, Onsite Servers as well as on the Cloud.
• Expert on Ansible for server deployment and configuration on VMware.
• Deployed Cisco FireSight, ISE using certificate authority signed certs with pxGrid remediation module.
• Strong hands on experience on Checkpoint Firewalls, ASA (5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Good Understanding of Python scripts for system automation, monitoring and security reporting. Maintain existing Perl scripts and migration existing Perl scripts to Python.
• Strong hands on experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, and 2K series.
• Manage administration of Juniper Firewall, connecting offices worldwide through VPN tunnels to two HA Juniper SSG520's. The VPN provides 24/7/365 connectivity for corporate needs of all remote offices.
• Sound knowledge of virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.
• Configured policies on F5 ASM Created rules and scripts for the automation of the environment. Reengineered Firewall policies on Juniper SSG320 and SSG140 Firewalls
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Implement changes on switches, routers, load balancers (F5 LTM and CSS), Wireless devices as per Design engineers.
• Hands on experience in OpenStack deployment both manual and automation installations.
• Checkpoint level 3 operations support with hardware operation and fixed all problems.
• Excellent communication skills with ability to interact effectively with employees Confidential all level of the organization.
• Cisco Security: Telnet, NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cisco (ASA, PIX) 5510, Cryptography, VPN, IPSec.
• Installed Operating System and configured kernel parameters for Linux /UNIX servers.
• Strong understanding and experience on cloud based services like AWS & Azure platforms.
• Using Ansible for deploying of Instances on AWS .
• Experience with EC2, CloudWatch and managing securities on AWS.
• Involved in configuring proxy servers using Bluecoat proxy.
• Use of network tools such as Clearpass, The Dude, Aruba AirWave and Junos Space/Network Director .
• Analysis and support of DDoS mitigation through use of Arbor devices and VeriSign proprietary Athena platform.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70, R75, R77 and Cisco ASA.
• Supporting and troubleshooting Checkpoint/Cisco site-to-site VPN/IP Sec functionality.
• Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)

TECHNICAL SKILLS

Cisco Platforms: Nexus 7K, 5K, 2K, 1K

Cisco Routers: ASR 901, 903, 1700,1800,2500,2600,2800,3600,3800,3900,7200,7600, ASR 9010

Cisco L2 & L3 Switches: 2900,3500,3560,3750,4500,4900,6500

Juniper Platforms: SRX, MX, EX Series Router and Switches

Networking Concepts: Access-lists, Routing, Switching, Sub netting, Designing, CSU/DSU, IPsec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi

Firewall: Cisco ASA Firewall (5505/5510), Checkpoint

Network Tools: Solar Winds, SNMP, Cisco Works, Wireshark

Load Balancers: Cisco CSM, F5 Networks (Big-IP)

DDoS mitigation platforms: A10, Arbor SP, Arbor TMS, Incapsula, Radware, Fire Eye, Arbor APS

Wan Technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3,0C3, T1 /T3 & SONET

Lan Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPSEC, SSL-VPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6

Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix

Wireless: Cisco wireless access points AIR-CAP3702, AIR-CAP3502, AIR-CAP2602, AIR-CAP2702, WLC 5508, 4404 and WLC 4402 wireless LAN controllers Catalyst 6513, 6509, 4006, 4003, 3750, 3560, 3550, 2950G switches

PROFESSIONAL EXPERIENCE

Confidential, Middletown, NJ

Network Integrity Designer

Responsibilities:

• To Support network security designs for mobility, cloud/VoIP, VPN, network engineering and enterprise solutions.
• Working on WAN network design in a service provider environment/network function virtualization systems.
• To write design documents, software, router configuration and has to perform debugging of applications using programming languages and technologies in router OS (i.e. Cisco/Juniper), Unix/Linux, VM and web environments.
• Experience in configuring Nokia 7750/7705 routers. Design, implement and administer IPv4/IPv6 enterprise network infrastructure for Nokia routers.
• Worked on Nokia 7750/7705 MSN and SIAD, worked on IOS upgrade of Nokia Devices.
• Documented the user test cases for the low-level design.
• Responsible for router security requirements for Nokia, Cisco, Vyatta and MAR routers.
• Experience Configuring and troubleshooting on Cisco ASR 901, ASR 903 and ASR9K routers for enterprise networks.
• Experience as an OpenStack administrator in creating, managing users, roles, groups, domains, services, endpoints; managing instances, creating new images; managing and creating networks, routers, subnets, time stamps, using heat templates and troubleshooting.
• Creating, managing multiple tenants in a cloud, creating quotas, triggering alarms when certain thresholds are reached, creating network, customizing heat templates.
• Working experience of MPLS services, OSPF, BGP and eBGP routing protocols, NAT, also TCP/IP, UDP, SNMP, RIP, IPSEC, VLAN, STP (spanning tree protocol), RSTP and multicasting protocols.
• Experience with high performance Network IDS, IPS and Network Security Monitoring engine ( Suricata ).
• URL filtering and URL Blocking for different countries using Suricata (IDS /IPS ) .
• Deploying the OpenStack components on multi-node with High availability environment.
• Provisioning and optimizing of compute, network, and storage services with OpenStack through dashboard, command-line and API utilities, especially for Suricata Project. This is for migrating Palo Alto to OpenSource IDS/IPS.
• Creating, managing deployment guides, creating network connectivity and service interface for Non-OpenStack components to access cloud network and creating scripts to customize flavors and quotas.
• Experience with building up a POC lab and troubleshooting between HEPE and server.
• Experience Migration of Palo Alto Firewalls to Suricata (Open Source IDS/IPS) UBD.
• Palo-Alto user-identification implementation with Dell server’s user Palo-Alto user-id agents.
• Verify network connectivity and routing. Documentation work for routers and firewalls for data centre.
• IOS upgrade on Nokia 7750/7705 SIAD and MSN routers. GRE tunnel traffic between MAR router and Nokia MSN router. GRE tunnel traffic between MAR and cisco 9010 router. eBGP configuration between MAR and MSN, TCP-ao with AES-128-CMAC-96, and also enabling TTL security between MAR and MSN.
• Rate limiter to protect Confidential &T CSBH traffic from SXM traffic over using its bandwidth and affecting Confidential &T traffic traversing CSBH traffic.
• Configuration for Ingress ACL to SIAD interface facing to the SXM router, which allows Echo ICMP traffic to the subnet of the interface between SIAD and SXM router.
• Enabling the OSPF passive interface on SIAD interface to SXM router.
• Configuration of Firstnet Rural Partner ACLs on MSNs to allow additional traffic flow between SXM routers and SIADs.
• Working on WAN network design to implement security policies (i.e. ACL and routing protocol design).
• Working on most of the security part (For Cisco Products) for the different projects and also testing in lab.
• Experience with configuring and troubleshooting OSPFv2 SHA-256 authentication for ASR-901, ASR-903, ASR 9010, NCS 5501, NOKIA 7750, Nokia 7705 and vyatta routers.
• Experience configuring Nokia 7750 and 7705 series.
• Experience on software upgrade for Nokia 7705 SAR-8v2 SIAD upgrade to Release 9.
• Software upgrades for Nokia 7750 SR-12 to Release 16.0R6.
• Experience with configuring OSPF/BGP and using BGP as a WAN protocol and manipulating BGP attributes.
• Worked with different vendors (Vendors like Palo Alto, Samsung) for ONAP VNF security requirements and comparing their product compliances for the each and every requirement with Confidential &T ASPR security requirements.
• Requirements gathering and analysis; architect solutions with network/system design, network engineering, appropriate process flow and implementation using agile technologies.
• To Design and develop software (web based or otherwise) for SDN transformation of security related systems (i.e. DDOS) and their support systems.
• Implementation of data modeling, statistical/mathematical analysis techniques, process management and SDN programming models.
• To develop a automated script for test purpose using Python >2.7
• Involved in a software development for Shim to block the URLs sending by SSC to Suricata.
• Experience with creating and installing Debian packages for different software (like Suricata, Shim, Iptables, ldap and iptables-persistent).
• Working with India Government agency in regarding to URL Blocking.
• Involve in Development of high performance, distributed network computing tasks.
• Deployment and configuration of VMs on the VMware, manually but mostly with the use Ansible.
• Using Ansible for deploying Windows and Linux servers on VMware using the vm guest module.
• Working on Development of web and backend applications with multiple levels/dimensions of security, inside/outside firewalls, Cloud/eCommerce functionality with encryption and other security technologies.

Confidential, Roanoke, VA

Sr. Network Engineer

Responsibilities:

• Currently working on future CRAN architecture and design and Small cell migration to NFV.
• Provide Tier II Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls , and related network security measures.
• Creating load balancer using Ansible to funnel multiple servers and for Autoscaling.
• Configured Cisco routers for MPLS VPN connectivity and VRF tables on edge routers for customer usage of the MPLS network.
• Juniper Contrail SDN Cloud Computing Open Networking Openflow/ODL
• Configured Cisco ASA 5510 for VPN Network Access Control integration with Cisco ISE (Inline PEPs).
• Designing MPLS VPN and QoS for architecture using Cisco multi-layer switches.
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Knowledge in new technologies like SDN, Openflow protocol and NOX controller Python based.
• Training sessions for OpenStack, Open Contrail, SDN and NFV Confidential domestic and international level.
• OpenStack Mitaka with integration of Open Contrail 3.1.0.
• Juniper Contrail SDN deployment assistance to the senior engineering team.
• Worked extensively on lab build for POC comprising of Cisco Catalyst Switch 6500s, 4500s, 3750, Nexus 7000s, and Cisco ISE 3300 Appliances and 1.0.4 Cisco ISE software on VMware's.
• Juniper Contrail SDN solution provisioning in test labs.
• Deploying BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Configuring VPN, clustering and ISP redundancy in Check Point Firewall.
• Asset management, keeping inventory of every device in the data center.
• Hands on experience with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• NX-OS upgrade in Nexus 7010 through ISSU (In service software upgrade).
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE
• Deployed and managed central management, monitoring, and alerting system with Aruba Airwave and Cisco Prime Infrastructure.
• Optimized configuration of Aruba Mobility Controllers, Clearpass and supporting network infrastructure to improve wireless security and performance.
• Performed troubleshooting on vehicle, tools and client-side wireless connectivity issues leveraging network monitoring tools like Nyansa, Aruba Airwave and Wireshark.
• Migrating Cisco ASA firewalls policy to new Checkpoint appliance with support of vendor specific tool.
• Experience with Network Redesign of branch and Campus Networks. This includes changes to both the voice and data environment.
• Good knowledge of CISCO firewalls, CISCO PIX and ASA 5500 series, Palo Alto Firewalls.
• Configuring virtual chassis for Juniper switches EX- 4200 and firewalls NS 5200.
• Handled load balancing using F5 Network Load Balancers.

Confidential, Commack, NY

Network Security Engineer

Responsibilities:

• Working with VPN tunnels, DS1, DS3 & T1 links.
• Experience with designing and deployment of MPLS Traffic Engineering.
• Worked extensively on policy design and implementation for ISE solution various Network.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• BGP/OSPF/EIGRP Automation of Flows NFV/SDN Confidential &T Open stack.
• Designed, implemented and maintained WAN technologies like DWDM, MPLS, VPLS and tunneling technologies.
• Implemented Cisco site to site VPN for partnering with different partners around the world.
• Juniper Contrail SDN Cloud Computing Open Networking Open flow/ODL
• Responsible for Checkpoint and Cisco ASA firewall administration across global networks.
• Experience with configuring BGP in the data center and using BGP as a WAN protocol and manipulating BGP attributes.
• Implemented and supported Cisco PIX, Cisco ASA, and Cisco ACS/ISE with AD/LDAP.
• Successfully deployed and turned up routing on carrier-class Cisco CRS PE's to COIN's CRS PE's routers to support transport for new "state of the art" Mobile.
• Configure all Palo alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized
• Installation and configuration of Cisco Nexus 9k, 7k, 5k, 2k, ASRs, 6500s, 4510s, 3800s, 2900s.
• Deploying and decommission of VLANs on core ASR 9K, Nexus 9k, 7K, 5K and its downstream devices.
• Provided technical assistance for LAN/WAN management & troubleshooting and complex customer issues using Network monitoring tools such as Solar winds.
• Implementing security Solutions using Palo Alto PA 5000, Check Point Firewalls R75, R77.20 Gaia and Provider-1/MDM.
• Coordinate with customers to alert them of incoming DDoS attack on the OSI level (level 3 and level 7 attacks).
• Performed customer scenario tests, measured CPU and memory usage with DDoS feature enabled, reported results and analysis for development team.
• Implement network off ramping procedure for DDoS attacks larger than existing infrastructures capacity.
• Configured VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches.
• Hands on Experience with blocking of IP's on Checkpoint which are suspicious.
• Good knowledge on juniper SRX240, SRX220 and SRX550 series Firewalls.
• Configure all Palo Alto Networks Firewall models and Panorama to manage large scale Firewall deployments.
• Implemented the network segmentation for PCI network which utilizes MPLS VPN and VRF Lite.
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to point site.

Confidential

Network Engineer

Responsibilities:

• Worked on Cisco Layer 2 switches (spanning tree, VLAN).
• WAN Infrastructure running OSPF & BGP as core routing protocol.
• Created virtual network overlays, tenants and VM's using IPAM's setting up security policy using Juniper Contrail in conjunction with Open stack.
• Implemented and configured BGP, BGPv6, using policy route-maps, prefix list to regulate advertise routes from specified Autonomous Systems. Verified BGP neighbor establishment and prefix received and converged with transit providers.
• Worked on migrating the F5 LTM 5100 version 9.2 to 5100 LTM version 9.4 and F5 GTM configurations
• Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access
• Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Worked as a part of data center deployment where we converted from Cisco 6500 to Nexus.
• Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
• Operated with Network Operations Wireless team to design, configure, management of enterprise wireless hardware, software and management systems using Aruba Access Points, Controllers and Juniper Switches.
• Administration and Operation support for TACACS and RADIUS Appliances
• Implemented the network segmentation for PCI network which utilizes MPLS VPN and VRF Lite.
• Provide design and SDN/NFV networking support using Open-Stack, Juniper Contrail and Big Switch Networks
• Juniper Contrail SDN Cloud Computing Open Networking Open flow/ODL
• Configured ACI for remote Authentication in the respective organization, Manage project task to migrate from Cisco ASA firewalls to Checkpoint firewalls.
• Review the existing process and recommend changes to increase productivity and efficiency such as SDN, Deep packet analysis.
• Assisted installing cisco ISR 2900 series routers, Cisco 5520 ASA appliance, Wireless LAN upgrade project. Assisted infrastructure team with the installation of 60 cisco 3700 series AP, around the building.
• Leading and supporting role regarding technical topics and solutions within a network implementation organization.
• Configured Security policies including NAT, PAT, VPN's and Access Control Lists.
• Configured VDC's on nexus 7K for creating multiple logical switches and HSRP and VLAN trunking 802.1Q, VLAN Routing on Catalyst 6500 switches.