PROFESSIONAL SUMMARY:

• Over 7+ years of experience in Cisco/Juniper Networking, Security which includes designing, Deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols.
• Hands On experience Cisco IOS/IOS - XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Extensive work experience with Cisco Routers, Cisco Switches, Load Balancers, and Firewalls.
• Implemented security policies using ACl, Firewall, IPSEC, SSL, NAT, PAT, VPN, IPS/IDS, AAA (TACACS+ & RADIUS), CheckPoint firewall R55 up to R70 version.
• Configuration and Troubleshooting of Palo Alto Firewalls PA200, PA3000 series, PA4000 series and PA5000 series
• Experience to run independently with Checkpoint and Network Engineering like Routing/Switching and Protocols VPN along with ASA Firewall.
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 7010, 5000 series to provide a Flexible Access Solution for a datacenter access architecture
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Responsible for Check Point (Secure Platform R70) and Cisco ASA firewall administration across global networks.
• In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN/ IWAN architecture and good experience on IP services.
• Knowledge of WAN Optimization Technology, Riverbed.
• Good experience on deploying and troubleshooting of Nexus (VPC, VDC, OTV, Fabricpath), LoadBalancer (Cisco Ace, Citrix NetScaler and F5), Security (ASA/Palo Alto), Routing (OSPF, EIGRP, BGP), Switching (VLAN, VTP, STP, HSRP, VRRP, GLBP), DMVPN, MPLS VPN and QOS etc.
• Worked with hardware that includes Cisco Nexus: 7K, 3K, 5K, 2K series and ASR (1004, ASR9010, ASR5505, ASR9922 devices). LoadBalances: Cisco ACE, Citrix NetScaler& F5. Security: Cisco ASA (5505/5510/5540/5585 ) firewalls, Cisco WSA/CWS, Checkpoint IP Appliance, JUNIPER (110/210/220/550 ) Firewall, SSL VPN, Palo Alto firewall environments. Cisco Routers: 7200, 3800, 2800,2600, 2500, 1800 series. Cisco catalyst switches: 6500, 4500, 3750, 3500, 2900 series. Cisco Access Points and WLCs, Cisco ACS, Cisco ISE, IPS, Microsoft TMG, HP switches, switches and firewalls.
• Experience working with Blue Coat ProxySG.
• Supported migration projects from old Brocade Foundry, Cisco CSS to F5 load balancers V10.x and 11.x.
• Implemented security policies using ACl, Firewall, IPSEC, SSL, NAT, PAT, VPN, IPS/IDS, AAA (TACACS+ & RADIUS), CheckPoint firewall R55 up to R70 version; knowledgeable in PALO ALTO Firewalls
• System Administration and with technical expertise in Cisco Environment as well as in Data center, LAN/WAN Security, managing the complete system admin and technical support functions.
• Responsible for Checkpoint and Juniper firewall administration across global networks.
• Experience in implementing and managing Symantec Data Loss prevention, Network Intrusion detection/prevention system and firewalls within security solutions.

TECHNICAL SKILLS:

Routers: Cisco 17XX, 18XX, 26XX, 28XX, 37XX, 38XX, 39XX &72XX series & ASR 1K & 9K series

Switches: Cisco 3550, 3750, 45XX, 65XX series, Nexus 7K, 5K, 2K

Load Balancer: Cisco CSS, F5 Networks

WAN Optimization: Cisco WAAS, PPP Multilink

OSPF, EIGRP, BGP, RIP: 2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing &Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

LAN: Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring, ATM LAN Emulation

Leased lines 64k: 155Mb (PPP / HDLC), Channelized links (E1/T1/E3/T3), Fiber Optic Circuits, Frame Relay, ISDN, and Load Balancing.

EX2200, EX4200, EX: 4500, MX-480, M Series, SRX210, SRX240

Security / Firewalls: Cisco ASA Firewalls 55XX, IPSEC & SSL VPNs, IPS/IDS, DMZ Setup, CBAC, Cisco NAC, ACL, IOS Firewall features, IOS Setup & Security Features

AAA Architecture: TACACS+, RADIUS, Cisco ACS

EMPLOYMENT:

Confidential, Dallas, TX

Assistant Vice President: System Engineer

Responsibilities:

• Use tcpdump and Wireshark to trace packets across network and Firepower devices for implementation.
• Policing set for TACACS(Aruba) and SFTP and allows the ports for particular destination.
• Assisted in the creation of the network Access controls (NAC) for both wired and wireless corporate networks
• Member of profiling and posturing team for all network segmentation design.
• Conducted end to end testing for SMC to FMC to ISE for both manual and automated (AMP, failure to quarantine).
• Assisted in functionally and time testing of PX Grid integration.
• Provide customer support for Cisco Firepower Hardware and Software Product Suite including Next.
• Generation Firewall, Cisco ASA (Adaptive Security Appliance), Next Generation Intrusion Prevention Systems, and Firepower Threat Defense.
• Part of internal technical writing and publication team for known defect identification and resolution, and dissemination of process solutions for Firepower and Firewall internal knowledge base.
• Internal SME for AMP and AMP console (Advanced Malware Protection) AMP 5.1.5 and Any Connect 4.4 and 4.5
• Assisted in managing SCCM (System Center Configuration Manager).
• Periodically installed and performed cross connections and testing new cable system T-1s, T-3s (DWDM of SDH and SONET circuit design), BGP, MPLS, OSPF, VSAT, Check Point Firewall, Avaya SIP&IVR Telephony, Cisco.
• Quantitated exclusions among AMP, SCEP and Trend as part of the ISE / AMP deployment.
• Created Install and uninstall plan for various security Apps for more than 28,000 devices.
• Developed reporting based on SCCM delivery information.
• Firepower/Firewall TAC (Technical Assistance Center) Engineer, Cisco Systems.
• Recognized as in-office Firepower specialist on User Access Control and URL Filtering.
• Attended daily Change control and service desk meetings for visibility for the project team.
• Developed documentation for testing, deployment, support and remediation of the security applications.
• Developed validation PowerShell scripts for all upgrades to cisco switches.
• Participated in support (down to individual tickets assigned to users) for all ISE related applications (Any Connect, AMP) and services.
• Discovery and correction of non and miss profiled endpoints.
• Developed enterprise plan to go full endpoint DHCP with reservations.

Confidential, Dallas, TX

Firewall/Perimeter Security Engineer

Responsibilities:

• Firewall health check and monitor traffic flow, hits and alert which can cause network issue.
• Experience on Firemon to export firewall traffic flow report and observed traffic hit into the firewall.
• Communicate and assist the LOB with Remediating the Firewall rules that are aligned to their AIT which were identified within the B2B pass-through Audit.
• Document and track mitigation options (disablement of rule, obtain temporary GIS ARM exception, and re-engineer rule to become compliant) used to provide evidence of the audit of each Non-Complaint rule.

Confidential, New York, NY

Sr Network Engineer

Responsibilities:

• Responsible for implementing, supporting, and maintaining 24x7 network services.
• Coordinated efforts with Engineer s to ensure all network devices conformed to defined network standards. Guided junior engineers throughout initiatives when required.
• Configured and troubleshooting HSRP, BGP, OSPF, EIGRP, MPLS WAN, QoS and Route Maps.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series
• Experience Configuring and troubleshooting multivendor devices like Cisco ASA 5585, 5550, 5540, Juniper SRX series for Branch/Datacenter Setup. Configured Palo Alto Firewalls like PA - 7050, PA-5050, PA-3060 devices with Panaroma for Management
• Configured and maintaining Cisco 7200, 4400, 5000 and 6500 platforms.
• Troubleshoot connectivity issues involving VLAN s, OSPF, QoS etc.
• Support, monitor and manage the IP network
• Security policy review and configuration in Palo Alto and Junipers Firewall in US offices and Datacenter
• Design solutions using Cisco DMVPN/IWAN features.
• Implemented WAN connectivity to test and turn-Up IWAN link.
• Strong experience in Network Security using ASA Firewall, Checkpoint, Palo Alto, Cisco IDS/IPS and IPSEC/SSL VPN, F5 BigIP Load Balancer
• Experience to configure DNS Change requests and administration leased time.
• Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
• Provided 3rd level escalation support for DNS, Internet Email, global server load balancing (F5 3DNS and GTM), local network load balancing F5 LTM, web and ftp proxies, VPN, and other network solutions.
• Experience with F5 load balancers and Cisco load balancers (CSM, ACE and GSS).
• Gained hands on experience with VLSM, STP, VTP, VLAN Trunking.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and PALO ALTO rules.
• Configuring rules and maintaining PALO ALTO Firewalls & Analysis of firewall logs using various tools.
• Responsible for maintenance of multiple CheckPoint-1 firewalls on NT environment
• Worked with vendors and Engineering team to test new hardware and procedures.
• Prepared and maintained documentation using MS Visio and MS Office (mainly Word, Excel).
• Basic and advanced F5 load balancer configurations, general troubleshooting of the F5 load balancers.
• Route configuration and point code checks for System Technician and Network Technician.
• Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology.
• Worked with other team members in testing of the network architecture.
• Implemented, configured redundancy protocols HSRP, VRRP, GLBP for Default Gateway Redundancy.
• Upgrade multiple Checkpoint firewall and NG on distributed NT environment. And manage network security policies which include access control, NAT, content security and authentication.
• Performing network monitoring, providing analysis using various tools like WireShark, Solarwinds.
• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint, Cisco ASA other security products
• Estimated Project costs and created documentation for project funding approvals.

Confidential, WI

Network SME

Responsibilities:

• Responsible for company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions.
• Installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers, switches.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection
• Building the VPN tunnel and VPN encryption.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN
• Creating and provisioning Juniper SRX firewall policies
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Implemented TCP/IP and related services like DHCP/DNS/WINS.
• Configured various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Implemented VPC, VDC on Nexus Switches and configured FEX.
• Implementation of Access Lists for allowing/blocking desired traffic.
• Configured VLANs/ routing/ NATing with the firewalls as per the network design.
• Configured EBGP load balancing and ensured stability of BGP peering interfaces.
• Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Implement automated audit logs and protect log data, Monitor test security controls in PCI Infrastructure.
• Maintained an information security policy and incident response plan in PCI.
• Deployed and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices
• Configuration and troubleshooting of CSM, integration with ASA devices.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco ASA 5500.
• Provided proactive threat defense with ASA that stops attacks before they spread through the network.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls, CISCO PIX 506, PIX515.
• Worked extensively on Cisco ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
• Mapped, Network Diagrams and physical identification in MS Visio.
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.

Confidential, Union, NJ

Network Engineer

Responsibilities:

• Firewall Clustering and High Availability Services using Cluster XL on Check Point.
• Installed Solar winds Network Performance Monitor with traffic analysis, application & virtualization management, configuration management and other modules additionally installed. Tuned modules, customized the specific platforms used and trained staff. Support other smaller customer sites on similar analyze-recommend-implement site-wide upgrades and troubleshoot issues.
• Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
• Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
• Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
• Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
• Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
• Vulnerability Management using Security Information & Event Management
• Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
• Monitoring network platforms include IBM Tivoli Netcool management systems, Siebel CRM, WebTop, utilizing HP Service Manager 9 logging tools.
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Network design and administration experience.
• Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.

Confidential, Deerfield, IL

Network Associate

Responsibilities:

• Working with Network Design and implementation teams on various projects across related to Branch, Campus and Data Center.
• Designing and deployment of Partner IPSEC VPN tunnels.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Converting CatOS to Cisco IOS Config Conversion on distribution layer switches
• Configuration of Site-to-Site & Client to Site VPN’s on Cisco PIX/ASA Firewalls & IOS Routers.
• To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures
• NAT and access rules on PIX/ASA Firewall
• Experience configuring Virtual Device Context in Nexus 7010
• Experience in Configuring, upgrading and verifying the NX-OS operation system.
• Performed OSPF, BGP, DHCP Profile, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Configured CIDR IP RIP, PPP, BGP, MPLS and OSPF routing.
• Configuring and Troubleshooting of Multicasting.
• Performing the ACL requests change for various clients by collecting source and destination information.
• Performed Break Fix support through driving to different buildings, identifying the root causes.
• Designed, implemented and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.