SUMMARY

• Extensive experience in Networking and Security, including hands - on experience in providing network installation, network integration, network support, End Point security and analysis for a broad range of LAN/WAN/MAN communication systems.
• Experience with End point Security, DLP, Threat analysis, Tuning, Assessment, Risk Analysis, Security Breach investigations and patching, Vulnerability testing.
• Experience with ALIEN VAULT, SEIM, N-CENTERAL, ORION, SONIC FIREWALL’S, WATCHGURD, McAfee/Norton Virus Protection Utilities.
• Experience in Penetration Testing using manual/automatic tools
• Providing Technical help to customers on various issues of Symantec Endpoint Protection. Implementation of Symantec Endpoint Protection.
• Advanced Security Analytics and Endpoint Detection and Response solutions.
• Experience with industry recognized SIEM solutions such as NITRO, Splunk, Forcepoint and many other tools. Solarwinds, Extrahop, Thousand Eyes
• Highly skilled in configuring, maintenance, Support, troubleshooting, and issue remediation for WSUS and Solar winds.
• Good understanding of network, server and storage devices in SolarWinds
• Detailed knowledge and hands on experience in configuring and troubleshooting Layer 3 Interior Gateway Routing protocols such as Link-State routing protocols (OSPF and IS-IS), Distance Vector routing protocols (RIPv1, RIPv2 and EIGRP), and Exterior/Path-vector routing protocol (BGP).
• Hands-on experience on implementation and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, EtherChannel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Hands on Experience on Cisco 2960, 3650, 3750, 3850, Cat 4500X, Cat 6500, Cat 6880, Cat 9k series switches in Enterprise environment. Experience Installing, configuring and troubleshooting Nexus 2k, 3K, 5K, 7K, 9K in Datacenter. Thorough with VPC, VDC and FEX.
• In-depth knowledge and hands-on experience in ISP Routing Policies, Network Architecture, IP Addressing and Subnetting, ARP, VLSM, TCP/IP, MPLS, NAT, ACL, DHCP, DNS.
• Worked on Zscaler and Bluecoat proxies. Experience with PAC file, Access Policies for Web traffic, Log feed to SIEM, ArcSight, Policies for Internet WEB security based upon location, User ID, Department, AD group etc.
• Worked on Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, BGP v4.
• Hands on experience in configuring and supporting site-to-site and remote access Cisco IPSec, VPN solutions using ASA/PIX firewalls, Cisco AnyConnect and VPN client.
• Responsible for Palo Alto and Cisco ASA firewall, FortiGate administration across global networks. Experience with Palo Alto 5K series firewalls. Worked on URL Filtering, SSL Forward Proxy, SSL Decryption, APP ID, Threat ID on Palo Alto Firewalls. proficient in Tufin Orchestration Suite and Bluecoat Proxies, ticketing tools like HP Service manager, BMC Remedy, Service Now, Python/scripting and Knowledge of Incident management and change management
• Working knowledge and demonstrated experience on the PAN-OS 6, 7.1, and 8.0 versions; PA 220, PA 820, PA-2K, PA-3K and PA-5K firewalls.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Worked on Application load balancing with Cisco ACE, F5 LTM, GTM, APM, Citrix NetScaler’s and A10 . Worked on software and Hardware load balancers. Well versed with TCP, UDP, Http/Https, SSL, tcpdump, cur and TCL scripting for iRules.
• Hands-on experience on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Experience on AWS cloud, Virtual Servers, Pools, Persistence, iRules, Listener IP’s, WideIP’s, SSL, HTTP and TCP headers.
• Worked on Application traffic security with WAF, F5 ASM, F5 APM for Authentication , Citrix NetScaler’s for ICA proxy, Citrix VDI, Microsoft Office 365, Azure AD, AWS, Zscaler Cloud based proxies, Cisco IronPort proxies and Blue Coat.
• Experience in testing Cisco routers and switches in laboratory and deploy them on site production.
• DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks. Implemented DMVPN for remote site connectivity. Experience with mGRE tunnels, NHRP, IPSEC tunnels. Experience with Junos Pulse, Cisco AnyConnect SSL VPN Solutions.
• Hands on experience and demonstrated knowledge on Software-Defined Networking (SDN), SD-WAN. Experience with Cisco ACI on Creating VXLAN’s, VTEPS, VNID’s, EVPN, Bridge Domains, Tenants, Application profiles, Contracts etc on ACI. Thorough understanding of Spine-Leaf Architecture.
• Demonstrated ability to work with technical and non-technical staff to identify user requirements and translate them into technology-based solutions.
• Working knowledge of testing practices and troubleshooting procedures associated with network support.
• Demonstrated ability to interpret and apply regulatory standards and technical specifications.
• Exposure to multiple ticketing tools , workflows, monitoring tools that include ServiceNow, Jira, Remedy, SolarWinds, Wireshark, NetCool, Whatsup Gold, SNMP v2c and V3.

TECHNICAL SKILLS

Network Configuration: Advanced switch/router configuration Cisco IOS access list, Route redistribution/propagation, IPv4, IPv6.

Routing Protocols: RIP, IGRP, EIGRP, OSPFv2, OSPFv3, IS-IS, BGP v4, MP-BGP

WAN Protocols: HDLC, PPP, MPLS, DS1, DS3, OC3, T1 /T3 lines, SONET OC3-OC192, SDH, POS, PDH

Circuit switched WAN: T1/E1 - T3/E3/OCX (Channelized, Fractional & full).

Security/Firewall Technologies: Cisco FWSM/PIX/ASDM, Palo Alto, Cisco ASA Fire Power, Fortigate, Checkpoint, IDS/IPS, Blue Coat proxy server, Standard/Extended ACLs, Port Security, DHCP Snooping, IP Source Guard (IPSG).

Cisco Routers: Cisco ISR-1000, ISR-4000, ASR-1000, ASR-9000, ASR-5500, Meraki vMX 100; Juniper T4000, MX10, MX40, ACX2200, ACX5000

Redundancy and management: HSRP, VRRP, GLBP, RPR, NSF/NSR, STP, Wireshark, SolarWinds, SNMP

Physical interfaces: Fast Ethernet, Gigabit Ethernet, Serial, HSSI, Sonet (POS)

Layer 2 technology: VLAN, VXLAN, HSRP, VRRP, GLBP, STP, RSTP, PVST+, MST, PVLAN, Optimizing STP (Port Fast, Uplink Fast, Backbone Fast, Root Guard, BPDU Guard)Layer 3 Switching: CEF, MLS, Ether channel (PAGP & LACP, Load Balancing)

Switches: Cisco Catalyst 3650, 3850, 6500, 6880, 9k series; Nexus 2k, 3k, 5k, 7k, 9k; Juniper EX3300, EX4600, EX4300, EX3400

Load Balancers: F5 LTM, GTM, BIG-IP, iRules

Network Management and Monitoring: Wireshark, Infoblox, Cisco Prime, Security Device Manager (SDM), Cisco Works; TCP Dump and Sniffer; SolarWinds Netflow Traffic Analyzer, Network Performance Monitor (NPM).

Cloud Computing and Automation: Azure AD, AWS, Python, Ansible, TCL

Operating Systems: Cisco IOS, JunOS, Microsoft XP/Vista/7, Windows Servers 2003/2008, Windows MS-Office, Microsoft project server 2013, macOS, Linux (Kali, RedHat, Ubuntu)

PROFESSIONAL EXPERIENCE

Confidential

Senior Network / Security Engineer

Responsibilities:

• Worked in Operations and deployment team on firewalls, proxies, Information security and Load Balancers.
• Worked on Palo Alto, Cisco ASA, Check point firewalls in Data Centers and Remote sites. Worked on F5 LTM, GTM, APM and ASM for application load balancing, Authentication and Security.
• Worked on migrating from Bluecoat to Zscaler cloud proxies. Migration of Policies and coordinating between CIS and Network Security team on DLP, Whitelist, blacklist policies.
• Implementing security Solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520 , Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
• Participate in planning, implementation, and growth of the infrastructure on Amazon Web Services (AWS) Gov Cloud.
• Manage full application stacks from the OS through custom applications using Amazon cloud-based computing environments.
• Work closely with the AWS architect and engineers to design networks, systems, and storage environment that effectively reflect business needs, security requirements, and service level requirements.
• Manage a continuous integration/continuous deployment methodology for the server-based AWS technologies.
• Work with AWS engineering and architecture teams to design and implement scalable AWS software services.
• Work with the AWS architecture team to design and implement a cloud management solution to potentially span multiple CSP and private clouds.
• Configuration and administration industry recognized SIEM solutions such as NITRO, Splunk, Forcepoint and many other tools. Solarwinds, Extrahop, Thousand Eyes.
• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
• Deploy, configure, and support Aruba wireless controller and AP devices globally, also a direct escalation path for all wireless issues.
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Exposure to wildfire feature of Palo Alto.
• Exposure to design and implementation experience primarily on Cisco WSA proxy.
• Configuration and Maintenance of Cisco ASA 5580-20, ASA 5540, ASA 5520, ASA 5510 series firewalls.
• Configure Syslog server in the network for capturing and logs from firewalls.
• Provided tier 3 support for Checkpoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
• Experience configuring and managing Cisco Web Security Appliance (WSA) in an enterprise environment
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk. proficient in Tufin Orchestration Suite and Bluecoat Proxies, ticketing tools like HP Service manager, BMC Remedy, Service Now, Python/scripting and Knowledge of Incident management and change management
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Highly skilled in configuring, maintenance, Support, troubleshooting, and issue remediation for WSUS and Solar winds.
• Implementation of SDWAN, Meraki and AWS transit gateway
• Good understanding of network, server and storage devices in SolarWinds
• Installation and Configuration of Cisco Catalyst switches 6500, 3850 & 2960, 9300 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy it also includes the configuration of port channel between core switches and server distribution switches This included Meraki MX/MS/MR/Z3 devices and design/configuration Cloud solutions - AWS setup and deployment for SDWAN solutions.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.
• Strong understanding of Cisco networking technologies: ASA, IPS, WSA, ACS, VPN.
• Monitoring the organization’s networks for security breaches and investigate a violation when one occurs and ensure security of network systems.
• Create security assessment of security controls on Information Systems by interviewing, examining and testing methods using NIST 800-53A rev4 as a guide.
• Review and update System Security Plan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53A rev4 and NIST SP 800-53
• Performed continuous monitoring on Information Systems using NIST SP 800-137.
• Tuning - regularly performing tuning and filtering SIEM alerts and monitoring components to ensure only relevant security data is gathered and manage the SIEM infrastructure.
• Conduct network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedure.
• Monitoring current security alerts to patch software such as operating systems with the latest versions install and use software, such as firmware and data encryption programs to protect sensitive information.
• Prepare reports that documents security breaches and the extent of the damage caused by the breaches

Environment: Cisco ASR1002-HX, Cisco ISR 4451/4351/4321/4221 , MPLS-BGP, Nexus 9504/9508, Nexus 93600CD-GX, ACI, Ciena 3903/3930/6500 , Cisco ME-3600X, Cisco Catalyst 6500 series/9k switches, BGP, OSPF, EIGRP, GNS3, Microsoft Visio, MetroEthernet

Confidential

Senior Network Engineer

Responsibilities:

• Working Knowledge and demonstrated experience on the Cisco, and Alcatel-lucent equipment in an enterprise environment.
• Worked on the configuration and installation of Cisco Nexus 3k, 5k, and 7k series switches.
• Worked on the configuration of vPC (Virtual Port Channel), VDC (Virtual Device Context), FCOE in Nexus 5k and 7k series switches.
• Experience with the configuration of Nexus 2000 Fabric Extender (FEX) for the Nexus 5k to connect servers and storage devices.
• Cisco Nexus (N7K,N5K,N1K) in addition to IOS and a number of Cisco switch and router platforms
• Worked on the configuration of Cisco 6500 VSS in Distribution layer of the Data center network.
• Worked and responsible for managing VPN systems for site-to-site and remote access.
• Worked on the installation and configuration of Cisco ISR 800, 1000 series and ASR 1000 series routers.
• Working knowledge and demonstrated experience on the implementation of Quality of Service (QoS) through Shaping, Policing, Diffserv, Priority Queuing, QoS Tools, and QoS Algorithms.
• Hands on experience on the automation framework using Python scripting.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk. proficient in Tufin Orchestration Suite and Bluecoat Proxies, ticketing tools like HP Service manager, BMC Remedy, Service Now, Python/scripting and Knowledge of Incident management and change management Participate in planning, implementation, and growth of the infrastructure on Amazon Web Services (AWS) Gov Cloud.
• Manage full application stacks from the OS through custom applications using Amazon cloud-based computing environments.
• Work closely with the AWS architect and engineers to design networks, systems, and storage environment that effectively reflect business needs, security requirements, and service level requirements.
• Worked on the URL filtering and upgradation of Palo Alto firewall from PAN-OS 7.1 to PAN-OS 8.0.
• Worked on the configuration of DMZ, PAT, SSL Encryption, App-IDs on the Palo Alto firewall.
• Worked on the migration from Cisco ASA to the Palo Alto firewall and the configuration of User-ID’s, App-ID’s, SSL Decryption, URL Filtering, Policies, Zone Protection, High Availability, and Certification Management.
• Migration and implementation of Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080 from Cisco PIX and ASA.
• Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network.
• Worked on BGP routing protocol, configuring BGP sessions and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960 routers and cisco ASR routers.
• Worked on the Inflobox DNS Traffic control, DHCP, and IPAM for the Network control; Worked on the implementation of Domain Name Service and BIND.
• Worked on Infoblox to update the DNS host and A records to assist the part of the migration
• Security configuration on Wireless LAN using protocols PEAP, EAP-FAST.
• Dealing with TCP/IP, OSPF, EIGRP and BGP, MPLS.
• F5 LTM appliances and Aruba wireless
• Assigning RADIUS and TACAS for new deployments in production environment. AAA for users to implement changes on production devices
• Assisted team in rolling-out Cisco Identity Services Engine (ISE) for network administration & admission control.
• Involved in configuring ISE endpoint profiling policies and enforcing them in the network.
• Designed perimeter security policy, Implemented Firewall ACL's, allowed access to specified services, Configured Client VPN technologies including Cisco's VPN client via IPSEC.
• Maintain, Upgrade, and Implement improvements to the VMware ESXi infrastructure.
• Great exposure to SDN and network virtualization technologies like Cisco ACI.
• Migrated VMs across hosts within a HA cluster to perform maintenance tasks on ESXi hosts.
• Deployed VMs from Templates and customized the necessary configurations.
• Created clones from existing VMs and worked on migration of VMs during the server upgrade.
• Experience in Cisco Unified Communication Manager (CUCM), Call Manager Express (CME), Cisco Unity Connection (CUC), Unified Contact Center Express (UCCX), Unified Contact Center Enterprise (UCCE), IM and Presence, SRST and Voice Gateways.
• Hands on experience with Cisco Meraki switching and wireless LAN. Switching, VLANs, spanning-tree, 802.1q, channeling
• Worked on the installation of Meraki MR42E and MR53 wireless access points for the cloud management.
• Manage operational monitoring of equipment capacity/utilization and evaluate the need for upgrades; develop methods for gathering data needed to monitor hardware, software, and communications network performance.
• Worked towards the key areas of the project to meet SLA’s and to ensure business continuity. Involved in meetings with engineering teams to prepare the configurations according to the requirement.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
• Creating change tickets according to the scheduled network changes and implementing the changes.

Environment: Cisco 2k, 3k, 5k, 7k series; Catalyst 2960, 3650, 3850 series switches; ISR 800/1000 series, ASR 1000 series, 3600/2800 routers, Alcatel-lucent, Red Hat Enterprise Linux, SDN, EIGRP, BGP, DMVPN, SSL VPN, Cisco Meraki, Cisco ACI, Cisco ISE, EtherChannel, VMware ESXi.

Confidential

Senior Network Engineer

Responsibilities:

• Worked on 2900, 3900, 7613 Routers, implemented OSPF and BGP and performed route filtering and route manipulation by applying distribute-lists, route-maps & offset lists.
• Translating Cisco IOS Route maps to Cisco IOS XR Routing policies .
• Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
• Upgrading the IOS on the ASA 5550, 5585 and have done IOS upgrades on Cisco routers and switches.
• Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 3550, 3750, 5000, 6500 Series switches.
• Mutual redistribution of OSPF and BGP routes using route maps for WAN optimization.
• Configuring VLAN, STP, VSTP, SNMP on EX series switches.
• Working Knowledge and demonstrated experience with the Cisco Firepower Next Generation Firewall (NGFW).
• Worked on the configuration of VPN tunnels for the DMVPN and remote access on the Cisco ASA firewall.
• Worked on the configuration of QoS, URL filtering, and other features on the Cisco ASA firewalls.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Configuration and administration industry recognized SIEM solutions such as NITRO, Splunk, Forcepoint and many other tools. Solarwinds, Extrahop, Thousand Eyes.
• Experience working with migration from 4500 series devices to 6500 Series switches in Campus deployments at Core and Distribution Layers.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
• Provided tier 3 support for Check Point and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
• Worked with team on the migration from Citrix NetScaler to F5 Load Balancer.
• Manage a continuous integration/continuous deployment methodology for the server-based AWS technologies.
• Work with AWS engineering and architecture teams to design and implement scalable AWS software services.
• Experience in the deployment & Troubleshooting F5 Load Balancer Includes BIGIP Series 5050V, 10000V, 8900, 6900, and 3900.
• Demonstrated experience with BIG-IP environment utilizing the GTM, LTM, APM or ASM.
• Hands on experience on F5 BIG-IP LTM 11.2, F5 BIG-IP GTM, F5 BIG-IP APM and F5 BIG-IP ASM.
• Experience with configuring virtual server and load balancing in F5 Networks BIG-IP LTM.
• Worked on F5 Load Balancer for managing F5 LTM Application Load Balancing.
• Worked on the implementation of Inflobox DNS, DHCP, and IPAM (DDI) for the network.
• Implementation of SDWAN, Meraki and AWS transit gateway
• Assisted Voice team in the configuration of Cisco Unified Communications Manager (CUCM).
• Hands on experience with the working of protocols such as SIP, RTP, RTSP, IGMP, and IP Multicast for supporting the Voice, Data, and Video networks.
• Assisted the networking team on the installation of 7800, 6900, and 3900 series IP phones.
• Assisting offshore teams located in India in upgrades, VLANs configurations, in troubleshooting layer 3 issues and routing protocol issues mostly BGP.
• Moved Core switches and several non-Cisco devices under strict deadlines without compromising the existing parameters to maintain network functionality
• Upgrading system images on Nexus 5k and 7k multi-layer switches using kick start and FTP server.
• Worked on the configuration of BGP and advertisement of routes to the ISP network.

Environment: Cisco Router 7613, Cisco Switch 6500, Nexus 2K, 5K, 7K, RIP, OSPF, BGP, EIGRP, VLAN, MPLS, 802.1x, Cisco ASA 5550/5585, Cisco ASA FirePower, Inflobox, SDN, Blue Coat Proxy, PIX Firewall, F5 Load Balancer 6400/6800, F5 Load Balancer, BIG-IP, LTM, GTM.