SUMMARY

• Network Engineer with around 8. 8 years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Strong hands on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers, PIX Firewall (506, 515, 525, 535), ASA (5505/5510), Load Balancers using Cisco ACE, F5 LTM/GTM, Security Device Manager (SDM), Cisco Works, HP Open View, Solar Winds, Sniffer, Palo Alto Networks Firewall models (PA - 2k, PA-3K and PA-5K).
• Implementation of SSG Series, Netscreen Series ISG 1000, SRX Series.
• Worked on Cisco PIX 535, 520, 515, ASA -5500 and 5505
• Expert Level Knowledge about TCP/IP and OSI models.
• Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
• 5+ years of experience in Install and configure Bluecoat Proxy in the network for web traffic management and policy configuration.
• Implementation, working analysis, troubleshooting and documentation of LAN, WAN& WLAN architecture with excellent work experience on IP series.
• Working knowledge with Load Balancers F5 LTM like 3900, 6900 for various application.
• In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS and Frame Relay
• Monitored Network Activity using Cisco Prime 2.2, Splunk, Ops Manager, IPAM, Wire Shark, TufinSecure Track, ePo, HIPS.
• Having knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Hands on Experience in Bluecoat -Proxy set up, troubleshooting production issues and analysis.
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS, switching (VLANS, VTP Domains, STP and trucking).
• Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
• Installed and configured Network Automation System (NA) to validated compliance checks on Cisco routers, switches.
• Worked on configuring the Nexus 5K Aggregation Switch and Nexus 2K Fabric Extenders.
• Implemented VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches.
• Substantial knowledge, including the configuration, of Spanning Tree Protocol (STP), Per VLAN Spanning Tree (PVST), Rapid STP (RSTP) and Rapid per VLAN Spanning Tree (PVST+), TCP and UDP protocols, Next generation data center oriented technologies such as virtual port channels (VPC), Fabric path, Fiber channel over Ethernet (FcoE), virtual switches, network virtualization.
• Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800).
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
• Experience in installing and configuring DNS, DHCP server.
• Experience in Checkpoint IP Appliances R65, R70, R75, R77 &Cisco ASA Firewalls.
• Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1
• Upgraded the platforms using the Checkpoint upgrade tools.
• Provide L3 support for checkpoint and Palo Alto firewalls.
• Involved in the integration of F5 Big-IP load balancers with Checkpoint firewalls for firewall load balancing and was responsible was trouble shooting and maintenance.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Successfully installed Palo Alto PA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall.
• Managed Configuration, Logging and Reporting of Palo Alto firewall through the Panorama.
• Managed URL filtering, File blocking, Data filtering by Palo Alto firewall, Barracuda NG Firewalls.
• Implementation and maintained intrusion detection/ prevention (IDS/IPS) system to protect enterprise network and sensitive corporate data. For Fine-tuning of TCP and UDP enabled IDS/IPS signatures in Firewall.
• Performed Installation of Cisco ASA 5585 & 5520 series firewalls as well as Palo Alto 3500 series.
• Review daily log data gathered from various resources such as sensors, alert logs, firewall logs, content filtering logs.
• Developing Powercli Scripts to automate Operations, configuration of 2500+ Esxi hosts and more than 20000 VM’s hosted on Cisco UCS Blade chassis and VMware vSphere infrastructure suite 6.7
• Monitoring the health of the Virtual environment and performing day to day administration and troubleshooting on CISCO UCS and VMware vSphere 6.7 environment.
• Deploy Cisco Nexus 1000V to VMware Infrastructure
• Proficient in using SolarWinds Network Management tools like Network Performance Monitor (NPM), Net flow Traffic Analyzer, Network Configuration Manager (NCM) and Cisco Prime.
• Provide 24/7 support

TECHNICAL SKILLS

Cisco Platforms: Nexus 9k,7K,5K,2K & 1K, Cisco routers (7600, 7200, 3900,3600, 2800,2600,2500,1800 series & Cisco Catalyst switches (6500,4900,3750,3850, 3500, 4500,2900 series) ASR1001,2900,3900,7200,7600 & ASR9000 series

Juniper Platforms: MX, EX series Routers and Switches

LAN Technologies: SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.

WAN Technologies: MPLS, VPLS, Frame Relay, PPP, HDLC, (E1/T1/E3T3), DS3, OC192

Network Security: Cisco ASA, Juniper SRX.

OS products/Services: DNS, DHCP, Windows (2000/2003/2008 , XP), UNIX, LINUX

Routing: RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing

Gateway Load Balancing: HSRP, VRRP, GLBP

Various Features / Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP.

Network Management Tools: Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP open view

Load Balancers: F5 Networks (Big-IP) LTM 6400

Security Protocols: IKE, IPsec, SSL-VPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, and GLBP. TACACS+, Radius, AAA, IPv4 and IPv6.

Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, 7, 10), Linux.

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Firewall & Security: Checkpoint (NGX R65, R77-80), Cisco ASA, Palo Alto, ASA 5505 Firewall, Juniper Net Screen firewall

Languages: Perl, C, C++, SQL, HTML/DHTML, Python scripting

PROFESSIONAL EXPERIENCE

Confidential, Bedminster, NJ

Network Security Engineer

Responsibilities:

• Manage Net scaler Load balancer SDX, VPX in multiple data center.
• Router, Citrix Application FW, Citrix MPX 5500,VPX 1000,2000,5000
• Experience deploying BIG-IP F5LTM, Cisco ACE and A10 Load Balancers for load balancing and Implementation traffic filters on Cisco routers using Standard, extended Access list
• Lead network engineer on a project to build out a software defined data center based on Cisco ACI, VMware NSX and F5 load balancers.
• Performed all maintenance tasks on the Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers InfoBlox DNS and Cisco ACI
• Customers focusing on A10 Load Balancer AX series and current and future products. Duties include first line troubleshooting, acting as an escalation for customer 1st level engineers, and full engagement with A10 Load Balancer TAC for situation control and resolution.
• Mature network management and troubleshooting skills; understand, troubleshoot, diagnose and resolve customer issues on A10 Load Balancer equipment.
• Hands on Experience on Extreme, Arista and Cisco Switches.
• Configuration and troubleshooting F5 LTM, GTM series like 6600, 6800 for different applications and monitoring the availability
• Designed and configured Fortinet FortiGate 90D for RMV branches.
• Experience working with Fortinet/Fortigate firewalls of different ranges from entry level Fortigate 60 series Midrange Fortigate100, 500, 900 and high level Fortigate 9000 series and mostly dealed with End-to-end security across the full attack.
• Maintenance, Support & Monitoring of clients MPLS Network via HP- NNMi tool.
• Hands on experience in migrating/Upgrade of NNMi and iSPI.
• Ability of troubleshooting and support for NNMi related issues, Integration of NNMi with LDAP, NA with LDAP, SSL configuration for NNMi and NA.
• Experienced in Cisco Unified Communications Manager (CUCM) (6.x, 7.x, 8.x, 9.x, 10.x), Cisco Call Manager (CCM), Cisco Unified Presence (CUPs, IM & Presence), Cisco Unified Call Manager Express (CUCME), Cisco Unity Connection (CUC) (7.x, 8.x, 9.x, 10.x), Unified Contact Centre Express (UCCX).
• Replicate the DNS records with the new provider.
• This global role helped expand my expertise into other areas such as Cisco UCS, Checkpoint Firewalls, Cisco ASA, and VMware NSX.
• Deploying ISE in wired environment to perform Dot1x port based authentication configure the Posture polices perform Change Of Authorization CoA for users connecting to the corporate network
• Configuring Cisco Catalyst Switches for Dot1x support testing the IOS compatibility with ISE
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users.
• Configuring various Wireless authentications like PEAP, EAP-FAST EAP-TLS
• Configuring Aruba Controllers integrating with Cisco ACS and RADIUS severs for Dot1x authentication.
• Integrating Configuring Cisco ASA Firewalls with ISE to the Posture policy compliance perform CoA for remote VPN IPSec, SSL Any Connect users.

Confidential, Fremont, CA

Network Security Engineer

Responsibilities:

• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
• Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
• Configured VLAN’s, Private VLAN’s.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
• Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
• Experience working with Nexus 9k, 7K, 5K and 2K.
• Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment.
• Configured laptops for testing; Dell switches and Cisco Nexsus.
• Manage Cisco and Dell Switches, and Firewall
• Experience with SAN switches (Cisco and Brocade) and optical Ethernet switches (Dell, Brocade, and Mellanox)
• Implemented Policy Based routes on the DELL switches- S4048 ON, S3048 ON. Working on with switching and routing for the switches.
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer.
• Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers Created Network, Load Balancer, and Linux Automations for a large scale managed services provider using Ansible, Python, JavaScript, Java, Bash, PowerShell, MySQL. Automations were triggered by our event-driven automation framework called IPcenter.
• Wrote Python applications to allow users to query into Network and Load balancers devices without engaging the NOC or Network Engineering group and automated firewall upgrades to improve accuracy, speed, and success of upgrades.
• Develop automation test cases for regression, load and feature testing of MME, SGW, and various other components of the EPC and wireless network.
• Worked on Design implementation of new data center with products ranging from cisco, ASA with Firepower, Dell Switches, Cisco Meraki, Vmware NSX.
• Configured and Created wireless sites using the Cisco Meraki System dashboard.
• Implemented site to site VPN on Cisco Meraki MX64, MX65, MC84, and MX400.
• Implementing Cisco Meraki Wireless network.
• Deployed and managed Cisco Meraki products SD-WAN including Cisco Meraki Security Appliances (MX25, MX450, MX400, MX600 and MX100), Cisco Meraki switches and Cisco Meraki Wireless Aps (MR84, MR74, MR52).
• Worked as a lead consultant for a consultation project to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall.
• Experienced in configuring and maintaining Security Policies, NAT policies, IPSEC tunnels on various firewalls like Palo Alto, Cisco ASA/ Firepower, Checkpoint firewalls and SIEM solutions like LogrRhythm and McAfee.
• Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of Cisco ISE Appliances in all WAN Consolidation Points, and Data Centers.
• Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
• Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018, FCOE using Cisco nexus 5548.
• Configuring ASA Firewall and accept/reject rules for network traffic. Configured ASA 5555 to ensure high-end security on the network with ACLs and Firewall
• Worked on providing management connectivity, HA configuration, license and updates management, VSYS support, L3, aggregate ethernet and sub interfaces configuration, configuration of ECMP- OSPF on both Nexus and Palo Alto, moved several Server VLANs (SVI) interfaces from Brocade core to Palo Alto
• Responsible for Juniper SRX firewall management and operations across our corporate networks.
• Removing old unused ISP ACL’s from the routers on MX 960'S and ASR 9K.
• Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
• Implemented site to site VPN in Juniper SRX as per customer. Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps
• Worked on wild fire advanced malware detection using IPS feature of Palo Alto.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configured rules and maintained Palo Alto Firewalls & analysis of firewall logs using various tools.
• Design for Guest Network and Mobile Access Network for NAC Solution, comprising of a Wireless LAN Controller solution in DMZs/Internet Gateways with Cisco ISE Appliances for NAC.
• Monitored infrastructure with Nagios like Firewalls, Servers, Services, Network devices, applications, web portals etc. Resolution of tickets fresh & pending.
• Worked on Cisco ISE v2.1, ACS for providing secure network access.
• Configured virtual servers, nodes and load balancing pools on the F5 LTM 6400, 6800, Viprion devices for various medical/biomed applications and their availability
• Experience using Identity Authentication technologies, including Active Directory, LDAP, RADIUS TACACS, RSA, 802.1X, NAC, and token-based systems.
• Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
• Configure various LAN switches such as Cisco catalyst 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Maintained and created scripts in Python that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements
• Part of SIT test team in Service Provider Networking and Software Automation group, worked on IOS-XR emergency releases in 6.1.x, 6.2.x and 6.3.x release train, and developed.
• Carrier Ethernet (CE-L2VPN) profile test suite testing various knobs and feature configurations of L2VPN for IOS-XR ecosystem including ASR9K, NCS6K, NCS55K and SunStone platforms on scope as well as scale.
• Validated Cloud-Scale networking platforms/routers with virtualized IOS XR operating system to prepare and transform customer networks and successful wins in 5G, IoT, video, mobile products.
• Worked on Datacenter Migration project to migrate the existing 6509, 4509 devices to a Nexus 7010, 5010 and Nexus 2248 FEX based solution
• Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
• Perform ISSU upgrade on Nexus 7010 devices by operating the supervisors in active/standby mode on the devices by determining ISSU compatibility.
• Experience on working scripting languages Power Shell and Perl for code upgrades and configurations of devices.
• Testing and Verification of Cisco core routers CRS-1 and GSR-12000
• Configured Cisco ISE for Domain Integration and Active Directory Integration.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Configured and troubleshooting Aruba Wireless products like Access Points and Mobility Access Switches.
• Responsibilities include the installation of Cisco 5520 wireless LAN controllers
• Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
• Configured EBGP load balancing and ensured stability of BGP peering interfaces
• Conducted on site QOS testing and prepared reports for the engineering team on ways the networks could be improved
• Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
• Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators.
• Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex Connect.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404, 5508 for Wireless Network Access Control integration with Cisco ISE.
• Upgrading Cisco ISE Appliances Company wide. Recently rolled out OpenDNS including onsite VM appliances.
• Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.

Environment: Nexus switches 2k, 5k and 7k, Cisco Catalyst switches 3850, 2960x, 9500; Checkpoint, Cisco ISE.

Confidential, San Francisco, CA

Sr. Network Security Engineer

Responsibilities:

• Design, deployment and maintenance of security/network devices and datacenters of enterprise.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Successfully installed Palo Alto PA-5000, PA-3000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls and also configured and maintained IPSECand SSL VPN's on Palo Alto firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.
• Built and support VRRP/Cluster based HA of Checkpoint firewalls.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Adding agents (IDS/IPS) at Host and Network level to Sentinel.
• Working on Enterprise AV Solutions, IDS\IPS, Firewalls and SIEM (IBM QRadar\HP Arcsight) tools.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s
• Black listing and White listing of web URL on Blue Coat Proxy servers.
• Worked on Blue Coat Proxy SG to safeguard web applications (Black listing and White listing of web URL) in extremely untrusted environments such as guest Wi-Fi zones.
• Create service profiles on the Cisco Unified System (Cisco UCS) platform and manage Service Profiles.
• Configure VMware switching, Install and configure a Cisco Nexus 1000V Switch & Networking.
• Cisco UCS configuration and troubleshooting.
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer.
• Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
• Helped installed F5 VIPRION load balancers for one of our new datacenter.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches.
• Experience with SAN switches (Cisco and Brocade) and optical Ethernet switches (Dell, Brocade, and Mellanox)
• Experience in Deploying and decommissioning Cisco switches, Cisco Meraki Products and their respective software upgrades.
• Deployed and managed Cisco Meraki products SD-WAN including Cisco Meraki Security Appliances (MX25, MX450, MX400, MX600 and MX100), Cisco Meraki switches and Cisco Meraki Wireless Aps (MR84, MR74, MR52).
• Implemented Policy Based routes on the DELL switches- S4048 ON, S3048 ON. Working on with switching and routing for the switches.
• Worked on Design implementation of new data center with products ranging from cisco, ASA with Firepower, Dell Switches, Cisco Meraki, Vmware NSX.
• Provide Design, Troubleshooting, and Support regarding the following for LAN (Ethernet, Ether-Channel, STP, 802.1q, trunks, VTP, Private VLAN, SPAN) Tier 2 and 3 Support Onsite and Remotely for over 200 Sites in the Dallas Fort Worth Area with the following support for (Cisco Router and Switches, HP Switches, Dell Switches, VOIP PBXs, Cisco Wireless Access Point) to the ongoing support for the following groups (Data Center NOC, Help-Desk NOC, and Customer Support/ End-User).
• Monitor and troubleshoot BGP, EIGRP, TI circuits, and cellular backup circuits via ICMP and SNMP ticketing systems. Cisco IOS upgrades.
• Working on Cisco 6509 and 4507 series switches for LAN requirements that include managing VLANs, Port Security and troubleshooting LAN issues.
• Implementation of various protocols like RIP, OSPF, BGP and STP.
• Expertise in networking technologies like LAN, MAN, WAN and peripheral devices.
• Working with VPN tunnels, DS1, DS3 & T1 links.
• Used to handle efficiently a workload of nearly 60 Layer 3 MPLS VPN provision orders which included, MPLS network resource reservation & VPNV4, EBGP configuration checking, Troubleshooting of EBGP sessions with customer carriers in the MPLS cloud which is made up of routers Cisco housed in different datacenters (Cisco 7609).
• Configure and upgrade Cisco IOS XR 6.2.3, create and update network document . Conduct peer review of network documents certifying network hardware, software, IOS and configurations.
• Cisco IOS-XR and extensive Juniper JunOS operating systems • BGP, IS-IS, OSPF, MPLS, and LDP protocols • Performed upgrades on International routers • Responsible for hardware upgrades on edge routers control boards • Ran NNI migrations from obsolete routers and monitoring systems to new ASR9k devices.
• Strong knowledge of LAN/WAN network topologies and protocols including TCP/IP, OSPF, ISIS, BGP, and MPLS. Hands-on experience with Cisco 12000, 7600, ASR9k, and CRS-1, using IOS-XR and Juniper MX Series using JUNOS.
• Experience configuring Catalyst (2900, 3500, 3700 and 6500 Series), Nexus (7000, 5000 and 2000 Series) Switches, and Routers (2800, 3600, 4400 Series) and Wireless AP's (1260, 3600) using CLI and GUI.
• Used Cisco ACI (Application Centric Infrastructure) for fabric implementation, operations, and integration with external bridged networks and Cisco Unified Communication Systems.
• Hands on experience in building Cisco ACI fabric (policy groups, switch profiles, etc.), tenants - VRFs, Endpoint Groups, Contracts
• Lead network engineer on a project to build out a software defined data center based on Cisco ACI, VMware NSX and F5 load balancers.
• This global role helped expand my expertise into other areas such as Cisco UCS, Checkpoint Firewalls, Cisco ASA, and VMware NSX.
• Deployed Cisco ISE 1.2 with 8 nodes in deployment, initially in learning mode increasing methodically to 802.1x on wireless and wired.
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users.
• Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
• Performed all maintenance tasks on the Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers InfoBlox DNS and Cisco ACI.
• Supported Infoblox appliances grid environment for DNS, DHCP and IP Address Management tools (IPv4)
• Provided technical assistance for LAN/WAN management & troubleshooting and complex customer issues using Network monitoring tools such as Solar winds.
• Implemented Network packet level monitoring using Wire shark, Solar winds.

Environment: Cisco routers 7200; Cisco Catalyst switches 6500, 4500, 2950; Cisco PIX Firewalls 535, 525 Routing Protocols OSPF, BGP; STP, VTP, VLAN; VPN, MPLS, HSRP, GLBP, Big-IP F5 Load Balancer, Cisco Works; MS Visio, Checkpoint, Cisco ASA and Palo Alto firewalls, Juniper SRX, Blue Coat Proxy, Infoblox, Solar winds, Cisco ACI, VMWare NSX.

Confidential, Phoenix, AZ

Network Engineer

Responsibilities:

• Security infrastructure engineering experience as well as a Microsoft Windows, UNIX, Palo Alto firewalls, Bluecoat Proxies, Intrusion Prevention devices, and wireless switch security management.
• Administering and evaluating firewall access control requests to ensure that these requests are compliant with client's security standards and policies.
• Configuration and support of Palo Alto firewalls.
• Successfully installed Palo Alto PA-3060 firewall then configured and troubleshot using CLI and worked with Panorama management tool to manage all Palo Alto firewall and network from central location.
• Administer Palo Alto Firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
• Configuration of Palo Alto Next-Generation Firewall mainly creating security profiles and VSYS according to client topology.
• Configuration and installation of Palo Alto Networks 5050 application firewalls (NGFW).
• Expertise in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering.
• Gained experience on working with migration to Check Point and Palo Alto next generation firewalls.
• Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.
• Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration.
• Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access, Configuring IPSEC VPN (Site-Site to Remote Access).
• Maintained and updated Active Directory for authentication purposes.
• Configured laptops for testing; Dell switches and Cisco Nexsus.
• Manage Cisco and Dell Switches, and Firewall
• Configured 3560, 3750, Dell N1524 and N1548 switches to Fairway Mortgage standards.
• Configured 3750 and Dell switches in stack configuration for the larger branches.
• Ability to perform configurations and backup on the following products following (Cisco Routers and Switches, Dell Switches, HP Switches, ZyXel Switches)
• Configuration and troubleshooting F5 LTM, GTM series like 6600, 6800 for different applications and monitoring the availability.
• Deployment of data center LAN using Nexus 7k, 5k, 2k switches.
• I was involved in migration projects, which involves replacing legacy devices to new Nexus devices and introduced VPCs in the new architecture.
• Worked on Nexus platform 7k series, 5K series (5548, 5020 and 5010), 2248 and successfully implemented VSS on the Cisco catalyst switches.
• Used FireEye to detect attacks through common attack vectors such as emails and webs.
• Configuring OSPF as IGP in the network and eBGP between Service Providers and Internal Edge Routers.
• Upgrading IOS, troubleshooting network outages.
• Install Wireless Access Points (WAPS) in new and existing commercial sites.
• Experience in Wireless LAN (IEEE 802.11) and deployment of light weight access point.
• Experience with wireless 802.11a/b/g/n/ac experience for increased wireless LAN speeds (WLAN), improved reliability and network performance.
• Experience on cisco wireless management systems which includes cisco 8540 Wireless controller, cisco 5520 Wireless LAN controller, and virtual wireless controllers.
• Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.
• Implemented and administered Websense Web Security Gateway for web content filtering and DLP.
• Improved network and system security through setup and ongoing maintenance of Riverbed IPS and FireEye.
• Allocation and designing appropriate virtual IP for F5 ADC through IPAM InfoBlox.
• Troubleshooting issues specific to DNS, DHCP, IPAM, TFTP, FTP, HTTP, Anycast DNS, VRRP, and maintenance of Infoblox Grid.
• Handling various trouble tickets, firewall rule changes, assisting other teams to bring the device to production, making DNS changes in InfoBlox and routing changes.
• Worked as part of a team to manage Enterprise Network Infrastructure, involved in configuring and implementing of Composite Network models consists of Cisco Nexus 7k, 6K, 5K, Cisco 6500's, CiscoASR/ISR routers, Cisco ACI (Cisco Application Centric Infrastructure) SDN solutions, DWDM (ONS).
• Experience in Installation and Configuration of different modules of Service-Now.
• Created reports, workflows, and data imports for Incident, Problem, Service Request and Change Service Now modules.
• Configured Applications using Service-Now tool used in ITIL Management. Strong understanding of ITIL V3. Deep functional and technical knowledge of the Service Now platform as well as experience delivering medium Service Now implementations.
• Provide design, configuration and support of VMware NSX proof of concept project.
• Configured VOIP phones (Cisco), Cisco switches.
• Troubleshooted VoIP and Network issues using tools like Wireshark, and Putty
• Maintained and troubleshoot Cisco Call Manager VoIP System

Environment: Palo Alto PA-3060 & 5050 Firewalls, Bluecoat Proxies, Panorama, F5 LTM, GTM 6600, 6800, Nexus (2K, 5K, 7K and 9K), Splunk, Cisco ISE, Websense, Solar Winds NPM, Service Now.

Confidential, San Jose, CA

Network Engineer

Responsibilities:

• Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /WAN
• Involved in the deployment of Content Delivery Networks (CDN).
• Experience working with Network-attached storage (NAS) to provide Local Area Network (LAN) nodes with file-based shared storage through a standard Ethernet connection.
• Configuring HSRP between VLANs, Configuring Ether-Channels and Port Channel on Cisco6500 catalyst switches.
• Cisco Secure Access Control Server (ACS) for Windows to authenticate users that connects to a VPN 3000 Concentrator.
• Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPsec/GRE to GET VPN.
• Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IPsec VPN tunnels.
• Involved in Configuration of Access lists (ACL) on ASA firewall for the proper network routing for the B2B network connectivity.
• Experienced in securing configurations of SSL/VPN connections, troubleshooting Cisco ASA firewalls and related network security measures.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• Experience working with Active Directory (as a centralized system) to automate network security management and user data.
• Worked with Aruba Access point as a Public Wi-Fi and successfully implemented Wireless Access Point (WAP).

Environment: Cisco Catalyst 2960/3750/4500/6500 Series Switches, Linux, Cisco 2800/2900/3000 Series ISR's and Cisco 3640/12000 /7200/3845/3600/2800 routers, SQL, Cisco ASA 5500, Active Directory, Windows Server 2003/2008, ACL, SIP, RIP, OSPF, MPLS, BGP, EIGRP, Wi-Fi, LAN, MacAfee, WAN, WAP, IDS, IPS, Aruba WLAN, VPN, HSRP.