SUMMARY

• 8+ Years of experience in networking, security, installing, configuring and maintaining network devices.
• Proficient in configuration, troubleshooting of MP - BGP, OSPF, EIGRP, RIP, BGPv4, MPLS, HSRP, VRRP, DNS & DHCP, SNMP, VLAN’s, ACL’s, VTP, MPLS, DMVPN, IPS/IDS, VPN, IPv4/IPv6.
• Expertise in Configuration of VLANS, using Cisco Multilayer switches and supporting STP, ether channel (LACP, PAGP), RSTP, PVST, RPVST along with troubleshooting of inter-VLAN routing and VLAN Trunking using 802.1Q. In-depth understanding of UDP and TCP protocols.
• Highly experienced in VPN implementation IPsec VPN and SSL VPN Server-to- Server and Client-to Server.
• Experience in designing MPLS VPN and QoS for architecture using Cisco multi-layer switches.
• Well Experienced in configuring protocols TCP/IP, Frame Relay, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
• Hands on experience with Cisco ISR, ASR routers, Catalyst 2900, 3700, Nexus 2K, 5K and 7K Switches. Cisco’s Application Centric Infrastructure (ACI) implementation (Nexus 9K, APIC).
• Proficient in using firewall technologies including general configuration, security policy, rules creation and modification of Cisco ASA, Juniper SRX and checkpoint.
• Excellent experience in Virtualization with VMware Products (ESXI 5.5).
• Configured Citrix NetScaler ADC for load balancing and assigned virtual server IP (VIP) address to virtual servers Implementation of Data Center migration from 6500 based datacenters to Nexus based data center with 7k-5k- 2k dual home design with multiple VDC’s, VPC, OTV and FEX.
• Responsible for check point and Cisco ASA firewall administration across global networks.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500, Juniper SRX, Palo Alto and Checkpoint, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Manage and maintain ASA firewalls, FirePOWER, and VPN network services.
• Worked on Multi-vendor platform with Check Point, Fortinet and Cisco firewalls requesting net flow for security compliance, coding, and pushing firewall rules after approval and troubleshoot incidents.
• Hands-on experience with installing and managing IT services such as Active directory, site replication, DNS, SSH, DHCP, DNS, NAT and VMware.
• Configuring/Managing IPS/IDS, IPSEC VPN, URL filtering, Threat prevention, Security policies on Checkpoint, Juniper SRX, Palo Alto and Cisco ASA firewall.
• Configure, maintain, and troubleshoot Dell Networking MXL 10/40GbE blade switches.
• Big IP F5 Load Balance experience; setting up, monitoring and configuring F5 load balancer.
• Support enterprise internal/external BIND and Infoblox DNS/DHCP environment.
• Adept in handling network monitoring tools such as Wireshark, Solar Winds, Net flow, SNMP and SYSLOG.
• Having good experience in Microsoft Office applications (Word, PowerPoint, Excel, Visio, etc)
• Provide Cyber Security Assessments reporting utilizing flow thru and one-armed sniffer configurations on Fortinet NGFW
• Experienced in DNS, DHCP, SMTP, FTP, HTTPS and web security architecture.
• Complete Devices installations, maintenance and perform regular upgrades and patch work on F5 load balancer devices.
• Configuring and Troubleshooting Cisco Firewall/ASA, Checkpoint FW, Bluecoat ProxySG and Cisco IronPort.
• Configure and deploy Dell Z9500, Z9000, S4810, and S55 network switches for high availability including EVLT, domain configuration, and VLT configuration.
• Supported Cisco switching, Cisco routing, Cisco wireless controllers, Cisco wireless APs, and a limited deployment of Cisco Meraki, HP H3C/Aruba switching & wireless.
• Working on CISCO Prime and Wireless controller to Manage all WAPs.
• Ensured high availability and worked on smart Net contract of all cisco devices.
• Hands on experience in configuring and supporting site to site and remote access Cisco, IPsec, Cisco VPN client addition to providing RADIUS services.
• Managing the Volumes on Storage & Servers using SVM & VXVM, Solaris OS installation, Root & Swap Mirroring, Hardening, Package& Patch installation, IPMP Configuration.
• Configure various routing protocols including RIP, EIGRP, OSPF and BGP. Optimize the settings and network routing switches to increase data transfer rates.
• Step up to Layer 2 Cisco switches for VLAN and Trucking. Determine the requirements of the network as well as capacity constraints, reducing capacity issues.

TECHNICAL SKILLS

Routing Protocols: RIP, RIPV2, IGRP, EIGRP, OSPF, BGP, TCP/IP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS HSRP, VRRP, GLBP, SMTP, TACASS+, Radius, AAA.

SCO Routers: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series) Huawei AR Series Routers

Antivirus & Endpoint protection: Cisco CSA, Symantec Enterprise Edition, MacAfee Enterprise Edition.

Security & VPN: PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC, SSM, FWSM, FortiGate, Cisco CSM, ACL-Access Control List, IPS/IDS, NAT, PAT, Cisco ACS, and Juniper Netscreen firewall, Windows Patch Management (WSUS).

LAN Technology: Workgroup, Domain, RSTP, VLAN, STP, VTP, Ethernet, Fast Ethernet, Gigabit Ethernet&10 Gigabit Ethernet,802.1q

WAN Infrastructure: Leased Line, ISDN/Dial-Up, and Frame Relay circuits, Metro Ethernet.

WAN Technologies: HDLC, PPP, ATM, SONET, MPLS, VPN, IPsec-VPN.

Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240

Operating Systems & Tools: Cisco IOS, Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 Server, Windows XP/Windows 7/8, LINUX, Solaris, Active Directory, Apache Server

Network Security: ACL, IPsec VPN, Port-security, AAA, Zone-Based Firewalls, IOS based router security firewalls, IDS/IPS, Palo Alto firewalls.

Network Technologies: MANET, SONET, TDMA, FDMA, CDMA. DSL, POP3.

Programming Languages: C, C++, C#, JavaScript, Node.js, HTML, CSS, Python, Vmware, PowerShell & Command Prompt.

PROFESSIONAL EXPERIENCE

Confidential, Irvine, CA

Sr. Network/Security Engineer

Responsibilities:

• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 4507, 3850, 3750 at access layer, Cisco 6500 at distribution/core.
• Responsible for configuring, installing, and managing remote installations of LAN / WAN hardware for remote offices.
• Configured and Troubleshooting OSPF, EIGRP, BGP, VRRP, HSRP, NAT, ACL’s, MPLS, DMVPN, Frame Relay, SNMP, STP, VLAN’s, VTP, IPSEC VPN, Port Security, NTP, IPv4/IPv6, DNS, DHCP, compression, traffic shaping etc.
• Involved in setting up the isolated Disaster-Recovery network in the backup datacenter using VDC's and VRF's on Nexus 7K, 5K and 2K devices.
• Expert level knowledge in troubleshooting Network Connectivity issues in Local Area Networks (LAN), TCP/IP, and VPN Dial-up connections. Expert level knowledge about TCP/IP and OSI models.
• Effectively isolated WAN (network) from LAN (customer)network issues, troubleshooting OSI 1-3 layers for data communication effectively and according to SLA refering to techology type.
• Deploying and decommission of VLANs on core Nexus 7K, 5K and its downstream devices as needed.
• Deployed Dell Force 10 platform in Enterprise network infrastructure.
• Cisco Nexus 2k, 5K, 7k deployment, Dell S4810 VLT deployment with Dell unified S5000 & S55 series in Data Center switches deployment for Core & distribution layer.
• Diagnose MPLS protocol problems including VRF and COS issues to full resolution.
• Network migration of Terminal Server to Out of Band Switches.
• Assisted on VLAN configuration for Cisco UCS chassis integration in support of VMware environment.
• Performed racking, stacking and cabling to accommodate the equipment.
• Cisco Vpn & PKI Cisco AnyConnect Client for remote login & PKI entrust for outlook.
• Provided full visibility and notification of authorized and unauthorized network access with integration of CISCO ASA and NAC solution.
• Restrict connections initiated from DMZ to the only necessary protocols and sources (DNS from DNS server, SMTP from the mail server, HTTP/SSL from Cisco IronPort ESA).
• Setup the company's first next generation firewalls with Firepower.
• Implemented Cisco FirePOWER Services IPS, AMP, and URL Filtering to facilitate NGFW capabilities for traffic traversing the firewall.
• Responsible for implementing firewall technologies including general configuration, optimization, security policy, rules creation and modification of ASA and Palo Alto Firewalls.
• Configuration of Palo Alto Next-Generation Firewall mainly creating security profiles and VSYS according to client topology.
• Responsible for network component configuration and administration on the following platforms: (Juniper routers/switches/firewalls, Dell Force 10 MXL blade switches).
• Configuration and installation of Palo Alto Networks 5050 application firewalls (NGFW).
• Expertise in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering.
• Configured ACI Policies, Tenants, Bridge Domain, Private Networks, Contracts and Filters.
• Worked on integrating existing Layer 2 and Layer-3 networks with ACI.
• Integrated of layer 4 - 7 services(ASA) with ACI.
• Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment.
• Concept testing in datacenter lab with Open Contrail as SDN controller, OpenStack for web/app/database server virtualization, and vSRX firewall as VNF.
• Upgraded the old infrastructure to a new one replacing CISCO routers with Aruba switches.
• Configured Aruba WAP, Cisco Meraki and wireless controller, Cisco PRIME, Cisco Mobility Services Engine (MSE) for proper access of Gilead wireless internet.
• Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series and Palo Alto firewall.
• Cisco ASA, and Palo Alto (PANOS) installation, upgrade, Monitoring and patch management.
• Configured F5 GTM Wide IP, Pool Load Balancing Methods, probers and monitors recreating Http and https redirect VIP's to client from data servers.
• Configuring of Virtual Servers, Pools, Nodes and load balancing methods on F5 LTM. SSL offloading, Cert management and Troubleshooting experience on F5 using TCP and SSL dumps and Wireshark analysis.
• Configuring and Installing Open Gear (AMC 5508-2) on site to configure the new devices remotely and have out of band access to devices.
• Installation and troubleshooting of Cisco 5508 and 2504 WLAN controllers and Aruba Mobility controllers.
• Distributed Firewall, Distributed Logical Router, Edge Services Gateway, and Cisco switches and routers.
• Responsible to work on Ticketing System like SERVICE NOW to perform and track the work done on various devices as per requestors.
• Troubleshoot, support and configure Microsoft Office 365 for users on windows, mac and mobile devices.
• Proficient in Python scripting and SQL. Have utilized Python to automate firewall configuration.
• Extensively automated new testing scripts, testing suites and modifying the scripts and test suites using Perl and Python.
• Maintain Solaris and Linux based servers for various security related tasks.
• Network monitoring and packet capture analysis using NetScout, solar-winds, and Opnet.

Environment: Cisco Routers (IOS), Cisco Switches, LAN/WAN, Nexus 7k/5k/2k Routing protocols, F5, Load Balancer HSRP, VRRP, IPSEC VPN, VPN, Load balancer, Palo Alto 5050 (PANOS), MPLS, VLANS, VTP, RSTP, ACL, NAT, IDS/IPS, SIP, RTP, RADIUS, TACACS+, Cisco WiFi technologies, Juniper(JUNOS) SRX, EX4200, EX3200, ASR 9000, Catalyst 6500, CRS, Cisco ASR Firewall, Cisco Firepower, VMware, Service Now, Cisco's ASA 5500, NetFlow, Solar-winds, Opnet.

Confidential, Denver, CO

Network Security Engineer

Responsibilities:

• Deployed and decommissioned the VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
• Worked with layer 2 switching technology architecture. Implemented L2 and L3 switching functionality, which includes the use of VLANS, STP, VTP and their functions as they relate to networking infrastructure requirements including internal and external treatment, configuration and security.
• Setup Kiwi Syslog as well as Kiwi CatTools for daily network configuration backup NOC Manager, Veracity Networks, Provo, UT.
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF.
• Configured EIGRP and OSPF as interior gateway protocols with route filtering and route redistribution. Troubleshot complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF and BGP.
• Configured and administered Mail Server/SMTP server on Linux.
• Implementation of QOS for VOIP and Layer 2 Security Features for LAN.
• Working OSI layer 1 for transmitting bits, data packet, and changes bit stream and coding for electronics signal. Working as a network design and deployment engineer also all OSI layer operation with designing, implementing different protocols RIP, OSPF, EIGRP, BGP.
• Trouble shooting using various command tools on CISCO routers and network segments at various OSI layers.
• Had hands-on experience with WAN (ATM/Frame Relay, MPLS), Routers, Switches and IP addressing.
• Data center migration was involved in Access, Distribution and Core layers.
• Worked on configuration and commissioning of the MPLS circuits for various branch offices.
• Responsible for all aspects of TCP/IP functionality across multiple enterprise environments.
• Dealt with the configuration of Standard and Extended ACLs for Security. Configuring ACL to allow only authorized users to access the servers.
• Performed OSPF, EIGRP, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Experienced in configuring firewall solutions such as Watchguard, Cisco Meraki, SonicWall,
• Fortinet, Ubiquity & others.
• Worked with Active Directory group to have groups created to be used for the 802.1x authentication.
• Deployed McAfee agents through GPO in active directory integrated environment.
• Customer interfacing, results oriented resolution on Sensors/Managers (Network Support Platform), McAfee Web Gateway (MWG), Advanced Threat Detection (ATD), Network Threat Behavior Analysis (NTBA), Passive and Active Fail-Open Kits.
• Implementation of DNS and DHCP protocols and Configure Protocols MPLS: TDP, LDP, L2VPN, VPLS, AToM, RSVP-TE, and QOS.
• Used DHCP to automatically assign reusable IP addresses to DHCP clients.
• Troubleshoot, conduct scans and assess Network issues, then patch vulnerabilities and mitigate DDOS attacks.
• Design and develop infrastructure software for network management system and monitoring for one of the largest networks, containing SDN, traditional routed and traditional optical mode.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Provide training and ongoing support to customers in best practices with configuring a next generation Palo Alto firewall including URL Filtering, Antivirus, Intrusion Prevention, Wildfire, and Application control.
• Cisco ASA and Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Responsible for design VPN technologies including concepts, VPN configuration, and VPN deployment with good understanding of networking and application protocols (TCP/UDP, IPv4/IPv6), and security protocols (SSL, IPSEC, IKEv2, PKI).
• Performed NAT on Cisco ASA 8.2 and 8.3 and Palo Alto Firewall.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and Cisco ASA firewall.
• Install and maintain Solar Winds Orion to monitor switches across the network.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Comprehensive elementary configurations on the F5 Big-IP LTMs load balancer on prevailing network to divide traffic on web- servers.
• Specialized in supporting Microsoft Office suite.
• Specialized in MS Office 2000/2003 applications, including Outlook 2000, Blackberry and Custom-developed applications. Trained, troubleshot, and explained all software issues.

Environment: Cisco Routers 7200, Cisco Switches, Nexus 7k/5k/2k Routing protocols, Load Balancer HSRP, VRRP, IPSEC VPN, VPN, QOS, ASA firewall 8.2 and 8.3, Load balancer, MPLS, LDP, TDP, VLANS, VTP, RSTP, ACL, NAT, IDS/IPS, Monitoring tools (PRTG, HP Openview), SIP, RTP, RADIUS, TACACS+, Cisco WiFi technologies, VMware Palo Alto, Juniper SRX, Juniper MX-480, ASR 9000, Catalyst 6500, Cisco ASR Firewall, Checkpoint, IPV6, Linux, Cisco IP phones.

Confidential, Austin, TX

Network Engineer

Responsibilities:

• Configuration and troubleshooting of Cisco Routers such as Cisco 3640, Cisco GSR 12416,21418 (with PRP and RPR processors), Cisco catalyst 6509,7613 with supervisor cards.
• Involved in the configuration of the Nexus 2248 Fabric Extender (FEX) module on the Nexus 5000 to connect servers and storage devices.
• Installation and management of overall administration of LAN, WAN, systems involving design of network layouts, configuration and maintenance, Commissioning Routers & Switches, firewalls, IPS/IDS and ensuring maximum uptime during site deployment.
• Replaced old 6500 and WAN routers from DR testing site and Installed Nexus 7K and ASR 1006 routers.
• Migration of RIP V2 to OSPF, BGP routing protocols. Configured EIGRP for Lab Environment.
• Supported Core Network consisting of Cisco routers running multi area OSPF. Implemented stub/Totally stub areas as per requirements.
• Deployed Cisco ACS using TACACS+ for Authentication, Authorization and Accounting of access to network devices
• Designed and implemented LAN infrastructure using L2/L3 switching, VLAN, VTP, Spanning tree and Gigabit Ethernet. Created VLAN and Inter-VLAN’s routing with Multilayer Switching.
• Maintain and implement Domain Name Services, TACACS privileges, and VPN accounts.
• Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Creating Private VLANs and preventing VLAN hopping attacks and mitigating spoofing with snooping and IP source guard.
• Implemented NAT (Network Address Translation) & PAT (Port Address Translation) to share public address. Defined IP sub-netting for a valid range of network addresses.
• Configured Cisco IOS backup, uploading & downloading IOS using TFTP server.
• Configured Frame-relay tunnel for layer 2 connectivity between main branch and new branch.
• Administered day-to-day activities like resource allocation, creating and giving permission to users and uploading user data into FTP.
• Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of inter-VLAN routing.
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing). Configuring and resolving various OSPF issues in an OSPF multi area environment.
• Worked in projects converting P2P circuits into MPLS circuits, commissioning and decommissioning of the MPLS circuits for branch offices.
• Responsible for taking calls of Page customers (Higher Priority Customers) around the globe related to networking and AAA Server issues for Aruba ClearPass.
• Tested Aruba WAP on iperf server and IXIA breaking point by python automation script.
• Understanding of enterprise Data Center technologies including networking, UCS, SAN, Storage Cloud Computing and physical datacenter practices.
• Configuring, Monitoring and Troubleshooting Checkpoint R77.30 and Juniper SRX firewall security appliance.
• Configuring IPSEC VPN on SRX series and Checkpoint firewalls.
• Experience with devices Checkpoint R77.30 and Juniper SRX firewalls such as security NAT, Threat prevention URL filtering.
• Commissioning and decommissioning, configuring, URL and Web filtering, SSL Certificates, monitoring, SNMP traps, logging, blocking on Checkpoint R77.30 and Juniper SRX firewall devices, migrating from one network to other.
• Good Experience in deploying BIG-IP F5 LTM load balancers for load balancing and traffic management of business application.
• Configured and installed F5 New Virtual Servers, Profiles, iRules, Pools, Nodes, Generate CSR Certificate, SSL Certificates Etc.,
• Good work experience with Bluecoat Proxy.
• Configure/Manage/Troubleshoot Cisco ACS (AAA) for both TACACS (Device Access) and RADIUS (Network Access) with Policy Elements, Multiple Access Policies, SSL VPN connection and AD identity.
• Used DHCP to automatically assign reusable IP addresses to DHCP clients via Infoblox IPAM.
• Experience with Project data and voice documentation tools & experience with developing network design documentation and presentations using VISIO.
• Maintained End of Life reports for Cisco prime infrastructure.
• Monitor and evaluate operational network to optimize performance. Perform day-to- day support of deployed systems in a tier 3 engineering role for an operational NOC.
• Used the Wireshark tool to study HTTP, telnet, and SSL traffic. Experience working with NCM and Infoblox. Administered Cisco ACS and NETMRI and Solarwinds Orion.
• Responsible for implementing and documenting Change Management Request system changes and procedures in the UNIX environment.

Environment: Cisco 2600, 3600, 7200, 7204 (IOS), and 7206 Routers, Switches: Cisco Distribution layer switches such as 4510, 4948, 4507, 7k, 5k and 2k series(NX-OS). LAN/WAN, Firewalls 5GT, 208, EIGRP, RIP, OSPF, CISCO ASA, Net MRI, DHCP, DNS, SAN, Spanning tree, MPLS, Windows Server, Windows NT, Wireshark, Palo Alto (PANOS), Infoblox.

Confidential

Network Engineer

Responsibilities:

• Migration of RIP V2 to OSPF, BGP routing protocols. Configured EIGRP for Lab Environment.
• Supported Core Network consisting of Cisco routers running multi area OSPF. Implemented stub/Totally stub areas as per requirements.
• Deployed Cisco ACS using TACACS+ for Authentication, Authorization and Accounting of access to network devices
• Designed and implemented LAN infrastructure using L2/L3 switching, VLAN, VTP, Spanning tree and Gigabit Ethernet. Created VLAN and Inter-VLAN’s routing with Multilayer Switching.
• Maintain and implement Domain Name Services, TACACS privileges, and VPN accounts.
• Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Creating Private VLANs and preventing VLAN hopping attacks and mitigating spoofing with snooping and IP source guard.
• Implemented NAT (Network Address Translation) & PAT (Port Address Translation) to share public address. Defined IP sub-netting for a valid range of network addresses.
• Real time monitoring and network management using Cisco Works LMS.
• Implemented site VPN on managed Cisco ASA and Juniper SRX.
• Network hands-on installation experience of (ASA 5505 firewall, and Juniper SRX)
• Plan Design and assist in deploying enterprise wide Network Security and High Availability Solutions for Cisco ASA and Juniper SRX.

Environment: Cisco Routers 2500, 2600, 2800, 3600 Cisco Switches 2950, 2960, 3550, Frame Relay Windows firewall, Windows 2000/2003 Servers, MS Office, LINUX/UNIX, ECC 6.0, 802.11 a/b/g, OSPF, EIGRP, RIP, TACACS+ VMware