SUMMARY

• Over 8 years of experience in providing solutions, implementation, configuration and troubleshooting of Cisco Routers and switches, fine tuning of firewalls, VPN configuration, troubleshooting network related problems in Enterprise Network.
• Experience in configuring Cisco switches and Cisco routers and F5 Load Balancers. Experience with various LAN and WAN technologies and protocols like: - TCP/IP, VLAN, VTP, STP, EIGRP, OSPF, BGP, IKE/IPsec VPNs, NAT and access list.
• Knowledge and experience on Protocols such as TCP/IP, SNMP, ICMP, NAT, PAT, Firewall technologies including general configuration, security policy, rules creation and modification of cisco ASA and Palo Alto.
• Experience in addressing Cisco infrastructure issues, monitoring, debugging like routing, WAN outages, Network Hardware/Software failure, configuration and performance issues.
• Practical experience in DNS, DHCP, Group policy, Replication, Active directory domain trust relationship.
• Worked on F5 LTM series like 6400, 6800 for the corporate applications and their availability. Configuring, Administering and troubleshooting the Palo Alto firewall.
• Also proficient in handling Network Monitoring tools and Packet capture tools, technical documentation and presentation tools and also has excellent analytical, organizational, problem solving & resolution skills.
• Configuring and troubleshooting CISCO catalyst 6509, 7609, 7613 with Supervisor cards, Cisco 3640, Cisco GSR 12416, 21418. Extensive experience in designing and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls. Implement/Maintain a Juniper Environment of 600 data collection units across USA.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Experience in testing cisco routers and switches in laboratory and deploy them on site production. In-depth knowledge and hands-on experience in IP Subletting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3, Firewalls.
• Responsible for configuring Fortinet & Cisco Firewall rules for Inbound and outbound network traffic Design and Implement all Security Services including URL Filtering, IPS, Firewalls, and VPN on Cisco ASAs and next gen Fortinet Firewalls (60D,90D,200D, etc.).
• Adept in preparing Technical Documentation and presentations using Microsoft VISIO/Office. Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Experience with Palo Alto Networks Next Gen firewalls. Installing and configuring FWSM and ACE modules on Cisco 6509 distribution switches.
• Experience with F5 Load Balancing. Strong hands on experience on PIX, Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ &RADIUS).
• Experience in Juniper NetScreen OS, JunOS SRX, Cisco, and Pulse Secure systems.
• Implemented firewalls using Cisco ASA, Cisco PIX, Check Point Provider-1 /SiteManager-1 NGX R65, Firewall-1/VPN-1 NGX R65 Gateways, Secure Platforms. Migration of all the PIX firewalls to ASA firewalls.
• Configuring, Administering and troubleshooting the Checkpoint, Palo Alto, Imperva and ASA firewall

TECHNICAL SKILLS

Cisco routers: 2600, 2941, 2960, 7200, 7609, ISR 4331, 4551 and CRS-100v

Cisco switches: Cisco 3550, 3750, 3850, 45XX, 65XX series

Nexus: 7k, 5k and 2k

Switching: LAN, VTP, STP, PVST+, RSTP, Inter VLAN routing & Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, MPLS

Firewalls: Juniper (Net screen 5200,5400), SRX-650, SRX-480, Cisco ASA (5510,5520,5540,5550,5580-20), FWSM, PIX (515,525,535), Palo Alto (PA-2k, 3k, 5k), Checkpoint NGX R-55, R-60, R-65, ASA Firewalls (5510, 5520, 5540 & 5585)

Network Routing Protocols: OSPF, EIGRP, BGP, VRRP, HSRP, Policy Based Routing, Route Filtering, Redistribution, Summarization, Static Routing

Security: ACL, IPsec, VPN, Port-security, Zone-Based Firewalls, NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, Load Balancing, DS/IPS, URL Filtering

Load Balancer: F5 Networks (Big-IP), ACE

IP Services: L2VPN, L3VPN, VPLS, QOS

WAN: Frame Relay, ISDN, PPP, MPLS, exposure to DS1, DS3, OC3, OC12, T1 /T3

PROFESSIONAL EXPERIENCE

Confidential

Sr. Network Security Engineer

Responsibilities:

• Working on Site migration from Partner network to separate network to SD-WAN solution.
• Documented and developed technical procedures for the maintenance, operation and sustainment of the operating environment.
• Deployed cisco switches and routers from scratch for migrated sites.
• Assisted with code upgrades for cisco environment and operational procedures.
• Assisted with legacy wireless controller and Meraki deployments.
• Experience to review and evaluate current and future design issues as required maintaining network integrity.
• Configuring and maintaining Radius and TACACS server for all network authentication and accounting of network infrastructure.
• Deploying, configuring and managing/troubleshooting the multivendor network devices/instances including Cisco, F5, Infoblox, PaloAlto, Pulse, ASA’s, Proxies.
• Establishing site-to-site IPSEC VPN tunnels on Palo’s and Cisco ASA’s. Installation, configuring and maintaining Checkpoint and Cisco ASA firewalls.
• Worked on route settings and reconfigure cisco switches (3750,3650,3900,4500,6500) to harden IOS policies according to standard operational procedures.
• Cisco Security: NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cisco, SSL and IPsec VPN and DMVPN.
• Worked on Cisco ASA 5500 series Firewall providing support and configuring for NAT, PAT & advanced Firewall rules implementation IPS/IDS on ASA’s with Botnet protection.
• Created dynamic access policies on the ASA’s for the offshore vendors to be able to VPN in and access the resources they needed for their testing purposes.
• Upgraded the code on multiple ASA’s from 9.6.3(x) to 9.6.4(X) which required a very great deal of configuration changes especially due to the change of syntax for building NAT’s on 8.4.
• Planning, designing and implementation of moving multiple DMZ’s on FWSM’s to ASA’s by creating Multi-Context Environments on the ASA.

Confidential, Miami, FL

Sr. Network Operations Engineer

Responsibilities:

• Campus LAN and WAN solutions were implemented on Cisco products, network segmentation and access control at campus.
• Supported 5 cruise ship with different architecture to every ship and worked on standardization among ships. Moreover, we have supported and administered over 10,000 devices across five ships.
• Worked on Solar winds migration project, migrated NPM from 12.3 to 12.5 with dedicated resources allocated.
• Integrated IP address management and network traffic analyzer module to solar winds to better visibility of devices at ships.
• Working knowledge of dynamic network routing protocols such as Eigrp, OSPF and BGP.
• Working knowledge and providing support with Cisco Nexus 7K, 5K, 2K, VPC, VDC, Port-channels and 802.1q trunks.
• Supported and administered with 3750 and 3850 stacks, ISR WAN 4551-X, 4331 and CSR routers
• Good experience with major routing protocols EIGRP, OSFP, BGP This includes advanced routing techniques such as Policy Based Routing, VRF, and Qos Campus network switching design and configuration including FHRPs, VSS, VTP, Multicast, and Spanning Tree.
• Hands-on technical experience working with VPN technologies like (IPSEC, SSL VPN, and DMVPN,).
• Responsible for the implementation, organization and operation of Palo Alto Firewalls based on perimeter security network (PA-3020, PA-5220). Create and maintain documentation of standards, best practices for supported technologies.
• Good experience of firewall configuration and maintenance, experience with Cisco ASA equipment such as (5525-X, 5545-X and 5585-X along with firepower services.).
• Work within established configuration and change management policies to ensure awareness, approval and success of changes made to the network infrastructure.
• Installation, configuring and maintaining Checkpoint and Cisco ASA firewalls. Responsible for building and maintaining site to site VPN tunnels with other business partners based on the business requirements.
• Supported and administered Cisco wireless and Aerohive wireless network on both ships and campus side.
• Maintaining and administering cisco network environments including systems software, hardware, and configurations. Troubleshoot remote access services like Citrix NetScaler, Cisco VPN clients and for the users to access their enterprise network. Monitoring and analyzing traffic on Check-Point and Fortigate Firewall.
• Experience in installation and troubleshooting Fortinet Firewall. Worked extensively on Palo Alto, Juniper Net screen, Fortinet. Responsible for planning, documenting and implementation of complex Firewall and VPN solutions, VMware, Fortinet.
• Troubleshooting network problems and outages and collaborating with network architects on network optimization.
• Planning, designing and implementation of moving multiple DMZ’s on FWSM’s to ASA’s by creating Multi-Context Environments on the ASA.
• Providing Level-2/3 support and troubleshooting to resolve issues and I have been on 24/7 on-call rotation support.

Confidential, Kansas City, MO

Sr. Network Operations Engineer

Responsibilities:

• Experienced in supporting Nexus 5k, Nexus 7k, catalyst 9300, 6800, 3850, 3650, ASR 1001-x, 1002-x routers and switches.
• Demonstrated success in dealing with firewalls, IDS/IPS, SEIM, access control and load-balancing.
• Configured and performed troubleshooting with routing and switching protocols, including BGP, OSPF, MPLS, and HSRP.
• Coordinated with various teams for disaster planning and performed network backup and monitored recovery processes.
• Logged, resolved and escalated on-site and off-site issues.
• Installed patches and performed backups, system builds and image updates.
• Managed and ensured the stability of all network and wireless services throughout the enterprise.
• Monitored the stability of the network and wireless services to ensure comprehensive stability.
• Monitored network performance and provided network performance statistical reports for both real-time and historical measurements.
• Managed firewall, network monitoring and server monitoring both on- and off-site.
• Maintained Cisco Wireless Network devices, to include Prime, ISE, Cisco Wireless Controllers, and configuring Aruba and Cisco Access Points in a Secure environment for the DoD.
• Migrating Cisco ASA firewalls policy to new Checkpoint appliance with support of vendor specific tool.
• Deployed Cisco FireSight, ISE using certificate authority signed certs with pxGrid remediation module.
• Worked on ISE 802.1X, ISE wired/wireless guest and ISE trustsec implementations.
• Deployed, configured, and managed of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS (Radius and TACACS+), and Cisco Prime Infrastructure.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, IDS/IPS. Responsibility is to design and deploy various Network Security & High Availability products like Check Point R 77.XX and other Security Products.
• Assistance provided with initial installation and configuration for SDA (ISE, DNAC+Assurance, Stealth watch, APIC-EM, Catalyst 9k and programmability) Assessment for the newly implementing customers.
• Firewall technologies including general configuration, optimization, security policy, rules creation and modification of Palo Alto. Experience with working on Palo Alto centralized management GUI PANORAMA.
• Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN. Exposure to wildfire advance malware detection using IPS feature of Palo Alto.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments. Palo Alto design and installation, which includes Application and URL filtering Threat Prevention and Data Filtering.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series, PA5000. Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs. Installing and Configuring Palo Alto Pa-500 series firewalls using Panorama.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments. Hands On experience in push Policy from Panorama to Firewall in Palo Alto. Worked with Palo Alto Firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the Firewall.
• Experience on Palo alto with ACLs, Firewalls, and/or Intrusion Prevention Systems (IPS)
• Experience with monitoring solutions, correlation tools, and identity and access control systems. Solid knowledge and experience with Layer 2-7 protocols and technologies
• Strong knowledge and experience with routing, security protocols, ACLs, Firewalls, and Intrusion Prevention Systems. Prioritized simultaneous projects to perform effectively under shifting deadlines in a fast-paced environment.
• Reviewed technical specifications from clients and vendors to confirm adequacy, accuracy and functionality.

Environment: ASR and ISR (ASR 1001, 1002, 1001-X, 1002-X,), Catalyst switches (9300, 3650, 3750, 3850, and 4500, 6500), Nexus 5K and 7K, Switch/Route protocols (OPSF, BGP, FHRP).

Confidential, Minneapolis, MN

Sr. Network Operations Engineer

Responsibilities:

• Configured, deployed and managed firepower/Sourcefire and legacy IPS (Intrusion Prevention System) across Ameriprise Environment.
• Installation, configuration and maintenance of Palo Alto Firewalls, Cisco ASA firewalls. Deployed and managed Varonis specifically Data Governance, Data Advantage and Data Alert modules in complex environments.
• Worked on upgrades for Legacy IPS and Sourcefire IPS from first version 5.3.1 to newest version 6.1. Worked on migration project from Palo alto IPS to Firepower IPS for guest wireless. Troubleshooting and provided solutions that would fix the problems for Legacy and Sourcefire IPS modules.
• Design, Deploy and installation wireless controller (2500) and access points high profiled site at One world trade center, NY.
• Worked on wireless controller upgrade 5508 and involved in cisco Prime infrastructure upgrade as well.
• Dealt with 3650,3750 and 3850 stack and wan router ASR 1001, 1002, 1001-X, 1002-X upgrades across all the datacenters at Ameriprise networks and Nexus 5k upgrades as well.
• Involved in major project as part of bug fixes and vulnerabilities we upgraded Next generation ASA firewalls like 5515-X, 5525-X, 5545-X, 5585-X.
• Worked as lead engineer for VPN performance to identify client bandwidth issues and worked for VPN bandwidth capacity planning for Super bowl event. Responsible for troubleshooting network and firewall problems, specifically Palo Alto and Cisco ASA’s.
• Responsible for the implementation, organization and operation of Palo Alto Firewalls based on perimeter security network (PA-5020, PA-5050). Create and maintain documentation of standards, best practices for supported technologies.
• Deployed Impulse network access controller and designed policies to prevent unknown devices from connecting to the internal network.
• Supported VoIP infrastructure and its associated software, including IP-PBXs, call management systems, voice mail, and interactive voice response.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls. Deploying of Cisco ISE on Nexus 5000/7000 routers, Cisco switches, and Cisco ASA and Firepower firewalls. Executing RADIUS pre-deployment tasks like ISE setup, loading templates into Cisco Prime.
• Worked as team member on administration, operations, diagnosis and maintenance of the Unified Communications, Call Center and Collaboration platforms.
• As part of SOC2 audit documentation, I am responsible to provide evidence for controls. Worked QOS standardization across the network and troubleshooting video pixilation issues between sites. I have used Putty to perform configuration and implementation on cisco routers and switches.
• Design, setup and configure Cisco wireless networking that supports open or secured access. Troubleshooting failed radius authentication on wired, wireless and guest Wi-Fi in Cisco ISE.
• Worked on NETMRI Infoblox network automation tool to identify standard configuration on routers and switches using Regex and CCS scripting.
• Worked closely with cisco for scrub version recommendations on weekly basis to make sure Ameriprise networks are not vulnerable. Testing and migration of corporate Internet Zscaler tunnel from Washington node and Denver node.
• Manage day-to-day networking engineering and support. Log work and track service problem tickets in centralized ticket tool (service now). Good team player capable of working independently or with other network engineers.

Environment: ASA Firewalls (5515-X, 5525-X, 5545-X, 5585-X), Palo Alto (PA-5020, PA-5050), Sourcefire/Firepower IPS, Legacy IPS, Cisco Wireless Controller, VPN bandwidth, Zscaler tunnel testing, Infoblox, Netmri, QOS, GRE tunnel testing, ASR and ISR (ASR 1001, 1002, 1001-X, 1002-X, ISR 4331), Catalyst switches (3650, 3750, 3850, and 6500), Nexus 5K and 2K.