SUMMARY

• Around 8 Years Experienced Network Engineer worked extensively with multiple Clients in Switching, Routing, Network Security (Firewalls and Proxies), Application Delivery Controllers, Authentication, Wireless, Collaboration and VOIP environments.
• Experience in Campus and Data Center topologies in multi - vendor equipment. Very strong team member with exposure to Operations, Deployment/Implementation, lab testing, assisting Architecture and Design. Good communication and Documentation skills. Innovative to new ideas to enhance the workflow in Network Engineering.
• Prior specific Network design experience in a large enterprise environment.
• Installation, configuration, maintenance and administration of Palo Alto Firewalls, Checkpoint Firewall R55 up to R75 version, VPN .
• Translate connectivity requests/RFC’s into security policies for internet, DMZ and internal firewalls .
• Experience in Network Security that includes perimeter security for Internet, Extranet, DMZ, Internal Server farms, Web-traffic security with Proxies, Web Application firewalls. Worked and migrated multi-vendor equipment and Next generation firewall technologies.
• Migrated previous corporate Checkpoint 4.0 Firewall-1/VPN-1 on Windows NT to Nokia IPSO appliance for increased performance and stability.
• Worked on ASA, Firepower, Checkpoint and Palo Alto firewalls. Experience on MWG, Bluecoat and ZScalar proxies.
• Implemented the Policy Rules, DMZ and Multiple VDOM's for Multiple Clients of the State on the Fortigate Firewall .
• Installation and Maintenance of Checkpoint Hardware / Software based firewalls.
• Working experience with network security design and implementation in large scale enterprise and data center network.
• Experience with WAN connectivity, MPLS circuits, leased Lines, Metro Ethernet, Site to Site IPsec tunnels, ISP circuits, Customer Edge configurations. Experience with SD-WAN solutions that include Viptela and Versa.
• Strong hands on experience in Installing, Troubleshooting, Configuring of Cisco cat 9300, ASR1k, 7200vxr, 3900, 3800, 2900, 2800 series routers and Cisco Catalyst 6500, 4500, 3850T, 3750, 2950 and 3500XL series Switches.
• Understand proxy traffic-flow from client browser thru internal DMZ infrastructure to external content server.
• Experience designing and implementing firewalls, Wireless, DDOS mitigation, content forwarding and load balancing solutions for large enterprises.
• Created Python scripts to automate selected test cases for the new feature and automate updating Oracle SQL database tables to test the new feature.
• Designed DMZ network to reduce security vulnerabilities .
• Review application flow to identify inbound/outbound traffic patterns, src/dst hosts and TCP/UDP ports for Market Data and Client DMZ connections. Work with external network groups to establish connectivity via eBGP, EIGRP, RIPV2 , static routing; filter subnet advertisements with prefix-lists/distribute lists. Distribute external networks into core. Configure respective firewall and NAT rulesets on Checkpoint R70.30 firewalls.
• Part of team to designed a build and implemented a Level - 4 Data Center for consolidation and relocation of two Data Center with a dual homed Internet and a Market Data DMZ -utilizing Cisco 6509 platform. Updated and collapsed utilizing Cisco Nexus 7710 platform .
• Experience and high-level understanding in application delivery controllers, local and global load balancing techniques, redundancy solutions, high availability options for mission critical internal, vendor and public facing applications.
• Experience with F5 LTM, GTM, APM, NetScaler’s, Cisco ACE and A10.
• Hands on experience working with Cisco Nexus 7K, 5K & 2K Switches. Configuration of VPC, VDC, Peer Gateway, HSRP and FEX on Nexus family.
• Experience with Palo Alto and checkpoint firewalls with next gen firewall features that includes app id, threat id, url filtering, user id, ssl decryption.
• Experience and exposure to Arista routers, Juniper MX, QFX and Ex series devices, Extreme network devices.
• Worked on Cloud platforms that include Azure, AWS and Meraki. Experience working with connecting multiple sites to cloud using SD-WAN solutions, Cloud Connections, Load Balancing and Security with Cloud traffic.
• Modified Python scripts to test APIC features.
• Hands on experience in Cisco IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4, MPLS, NAT, VLAN, STP, VTP, HSRP & GLBP.
• Hands on experience working with Cisco CSR1000v. Experience in fiber channel infrastructure.
• Experience with data center technologies that include spine leaf, cisco ACI, Arista cloud vision. Well versed with Nexus family switches to implement vpc and vdc.
• Integrated a DMZ security model for internet accessible applications and services .
• Experience with capacity planning, Fiber Channel and mirroring, backup/archive and recovery solutions, high availability, storage consolidation/migration, performance and tuning.
• Experience of Intrusion Detection, DMZ , encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Worked on Open software platform switches like Cumulus on Mellanox and Dell hardware in a POC. Basic Knowledge in Python and Ansible scripting for automation in configuration templates, back-ups etc.
• Implemented the Policy Rules, DMZ and Multiple VDOM's for Multiple Clients of the State on the Fortigate Firewall.
• Installation and Maintenance of routers like the Cisco 3800, 3900, 7200.
• Experience with Network Monitoring tools, SNMP, Log collectors, Splunk, ticketing tools and thorough Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP ability to interpret and resolve complex route table problems.
• Configured express routes and Nsg in could security experience with Azure cloud security center, cloud application security.
• Worked on BGP for ISP connectivity, Edge network, Internet Core. Exposure to IBGP, EBGP, Route reflector, Confederations, Local Preference, MED, AS Path, IP prefix lists, RT, RD, EVPN, VXLAN.
• Experience with Cisco ACI . Worked on Nexus 9K switches in Spine and leaf topology . Experience with Bridge domains, VNI, VTEPS, VXLAN tunneling, Asymmetric and symmetric routing IRB.
• Implemented Site-to-Site VPNs over the internet utilizing security standards such as 3DES, AES/AES-256 with ASA 5580 Firewalls.
• Experience in working with Cisco Identity Services Engine (ISE) and ACS . Worked on Security groups, tags , AAA profiles on ISE.
• Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and Checkpoint R 75 firewalls.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Worked on Next Gen Firewall features like URL filtering, SSL Forward Proxy, SSL Decryption, APP ID and ThreatID, Panorama in PA firewalls.
• Experience in F5 BIG IP and Cisco ACE Load balancers for load balancing and traffic management of business applications. Migration Experience from ACE to F5.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Experience with Virtual servers, Pools, Monitors, SNAT, proficient in iRule Persistence, Profiles, WideIP’s, Zones, Listener IP, Static and Dynamic Load balancing techniques on LTM and GTM .
• Worked on configuring policies in illumio for east west and north bound traffic flows using tags.
• Configured F5 Viprion load balancers for MS Exchange, Skype for Business, Citrix ICA, Airwatch SEG as well as other business applications. Worked on LTM guest Operating Systems and created multiple Route Domains to separate the traffic between different tenants.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls(SRX240, SRX550).
• Worked on Zscaler Cloud Proxies . Migration from IronPort Proxies to Zscaler Proxies. Configuration of Policies, URL categories, Integration with Azure AD for SAML Authentication, AD group-based policies, ZAPP configuration.
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Worked on the design, implementation, and support of IP telephony projects, such as Cisco Unified Communications Manager, Cisco Unified Messaging System, and Cisco Unified Contract Center Express.
• Installing new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations.
• Implemented Cisco Unified Communications Manager Applications like CUPS, IPMA, Extension mobility and Attendant console as per customer requirement
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Regularly review the configuration and controls of Palo Alto Networks firewalls and Sourcefire Intrusion Detection System(IDS), further follow up to mitigate the risks.
• Experience with Layer 2 and Layer 3 protocols like, FRR CEF, MLS, Ether Channel VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVSTF, HSRP, VRRP and GLBP.
• Worked on Cisco and Aruba Wireless LAN controllers, Configuration of mobility anchors, SSID, 802.1X Authentication, Integration with ISE and ClearPass, BYOD policies.
• Extensive knowledge in all Wi-Fi Standards including 802.11a,b,g, n,ac. Worked on installing of Cisco and Aruba Wireless Controllers. Worked on Cisco CWAP, LAWP, Aruba 225, 325, AP groups, SSID’s, Authentication rules, 802.1X for Wireless etc.

TECHNICAL SKILLS

Routers: Cisco 1800, 2600, 2800, 3700, 3800, 3900, 7200, 7600 series, ASR 9k, juniper ACX series routers.

Switches: Cisco Catalyst 3550, 3750, 4500, 6500 series & nexus 7k, 5k, 2k, 1000v, juniper Ex4200, Ex9208, ACX 1000

Load Balancer: Cisco CSS, F5 Networks (BIG-IP)

WAN Optimization: Cisco WAAS, PPP Multilink, Riverbed

Routing: OSPF, EIGRP, BGP, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, RPVST+, Inter VLAN routing & Multi-Layer Switching Layer 3 Switches, EtherChannels, Transparent Bridging

LAN: Fast Ethernet & Gigabit Ethernet.

WAN: Leased lines 64k - 155Mb (PPP / HDLC), Fiber Optic Circuits, Frame Relay, MPLS, DMVPN

Voice: Cisco call manager 8.x, 7.x

IP Telephony: VOIP, ISDN, PRI, Unified Call Manager

Wireless: Cisco 4400, 5500 Wireless Controller (WLC) and 3500, 3700 series Access Points

Firewalls: Cisco ASA, Juniper SRX, Palo Alto, Checkpoint FW’s

Features & Services: IOS and Features, HSRP, GLBP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, FTP and FTP Management

Network Monitor Tool: MRTG, Netbrain & Solarwinds & Cisco Prime Infrastructure

Protocol Analyzer: Wireshark, Netflow

Operating System: Windows ( XP, 7, 10), Cisco IOS/XR/XE, JunOS, Pan-OS

PROFESSIONAL EXPERIENCE

Confidential

Senior Network Engineer

Responsibilities:

• Worked on Deploying Cisco ACI using Nexus 9k switches in Spine and Leaf. Worked on BGP Underlay and VXLAN overlay technology using Cisco ACI.
• Technical Skills- with the methodologies, operational and manual skills appropriate for a senior IT security role in a large business.
• Secured and hardened Windows NT, 2000, 2003, 2008 and Unix servers in a high transaction production environment.
• Specialized on VMware ESX, ESXi, and VSphere 4 5 environments with vCenter Management, VMware View 4.5 5.1, VMware vApps, Consolidated Backup, DRS and HA.
• Creating automated scripts using Python language and also manual testing to enhance hardware performance.
• Enterprise SME for Checkpoint Firewall Operations and implementations across a diverse network with many levels of required security configurations.
• Maintain, monitor and troubleshoot physical and virtual server infrastructure specifically Windows/Linux server environment.
• Experienced in installation, configuration and maintenance of Cisco Nexus 7K, 5K switches in standalone as well as in V-BLOCK infrastructure.
• VPN and Firewall Design and implementation Engineer Utilizing Checkpoint R70.30 and R75.30 Platforms.
• Citrix NetScaler load balance scripting for web interface system and other mission critical web system .
• Proficiency in High Availability (HA), Load Balancing (DRS), vMotion, vSwitch, Disaster Recovery, Clustering and Access control through vCenter server.
• Secured and hardened Windows servers and workstations in a high transaction production environment by working with Microsoft Windows Security Developer.
• Excellent experience and knowledge with designing installing and implementing VMware ESX server, VMware virtual center, setting up V-Motion, HA, DRS, and related VMware products such as VM Workstation, VMware converter VM Backup products and other products for virtualization .
• Developed test scripts using Python and assorted proprietary software tools.
• Experience in maintenance of Cisco LANs and WAN devices.
• Extensively worked on VMware Update Manger for Host upgrades and patches.
• Worked on configuration of Tenants, Bridge Domains, EPG groups, Application templates, VRF configuration of various traffic flows. Configuration includes Arista 7000 series core routers, Border Leaf, Palo Altos for perimeter security, F5 LTM and GTM for application load balancing.
• Implementation of the routing protocols BGP (EBGP, IBGP) and EIGRP to enable MPLS on the sites.
• Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, Cisco UCS, and fabric-path technologies.
• Installed and Implemented VMware ESXI 5.0 host server with vSphere client. Configured HBAs and ISCSI San storage.
• Performed sizing calculations of VMware environments based on current systems and future growth.
• Worked on migration from ASA to Palo alto firewalls. Expereince with URL Filtering, APP ID, SSL decryption, SSL forward proxy for internet traffic flows.
• Install and configure the VMware vSphere and create clusters for High availability (HA) and Dynamic Resource Sharing (DRS).
• Creations of test plans, test cases, and automation scripts from scratch using Python.
• U pgraded distribution switches 6509 to Nexus 7010 with Sup1.
• Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
• Redundancy & Management HSRP, VRRP, Wireshark, SolarWinds, SNMP, Cisco Works, GNS3, Riverbed.
• Created Python scripts to automate the process of logging into APIC-EM web application and fabric switches to retrieve information.
• Citrix and Microsoft, Citrix and Terminal Server environments, Proficient in Citrix NetScaler, Citrix XenServer, VMware virtualization, storage design, Microsoft technologies, network infrastructure and VMWare ESX.
• Paired Nest devices on IPv6 Thread mesh network manually and using Python automation scripts.
• NetScaler assessment to insure remote user stable connection of load balancing between three web interface servers.
• Worked extensively on the Cisco Catalyst 3560, Catalyst 3650, Catalyst 4500-X series, Catalyst 6500 series, Catalyst 9200, Catalyst 9300, and Catalyst 9500 series.
• Installation, Maintenance and Troubleshooting Cisco 2900, 3500, 3700, 4500, 6500, Nexus devices.
• Switching tasks include VTP, ISL/ 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trucking, Port Security, STP and RSTP.
• Worked extensively on the Cisco2821, Cisco2921, Cisco3925, Cisco ISR 4K series routers.
• Part of project team to deploy Zscaler Cloud proxies using GRE tunnels to Zcloud from Edge routers, Azure AD SSO authentication, user group policies on Cloud based proxies for Internet traffic.
• Worked on Infoblox DNS, DHCP and IPAM configuration with Internal, External and Cache grids. Worked on Delegations, DNS forwarding. Worked on Global Load Balancing using GTM WideIP delegations from Infoblox.
• Set up and configure Citrix Web interface system in house and Internet with CAG/NetScaler .
• Implemented Quality of Service (QoS) Policy-maps, Class-maps to segregate and provide better data transmission within the enterprise network.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN.
• Experience with configuration and troubleshooting in routing protocols that include OSPF and BGP. Expereince with OSPF configuration in Data Centers and WAN. BGP attributes in ISP side on Edge and Internet core routers.
• Expereince with Vsys, Security policies, App tags, U-turn NAT, Virtual routers, Zones, URL filtering using Domains, SSL decryption, NAT policies, monitoring, Panorama, APP ID on Palo Alto firewalls.
• Worked on Virtual servers, irules, Profiles, Monitors, Persistence, WideIP, Upgrade procedures, SNAT, Network configuration, VLANS, SELF IP, Route Domains on F5 LTM and GTM.
• Worked on Citrix NetScaler to deploy VDI, load balancing store front servers and Authentication.
• Worked with LAN protocols (VLAN, VTP, STP, RSTP, MST) & Port Channel Protocols (LACP, PAGP).
• Experience on Juniper SRX 3600, 5800 Firewalls, Palo Alto 2K, 5K and 7K series Firewalls.
• Experience on monitoring network performance and implementing performance tuning when necessary.
• Installation Management Services, NetScaler, Branch Repeater and Access Gateway CAG with Advanced Access Control, Application Profiling, Streaming, Certification and Management.
• Deploying the different Network devices that include configuration of the devices and maintain and upgrade all these devices in the Network periodically for better performances.
• Hands on experience on F5 BIG-IP LTM 11.2, F5 BIG-IP GTM, F5 BIG-IP APM and F5 BIG-IP ASM.
• Creating NAT polices for the traffic facing the Internet.
• Involving in regular network design meetings and discuss about Internet, VPN, data center to data center communications for servers that are migrating as part data center migration project.
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a data center access architecture Expertise in installing, configuring and troubleshooting Juniper EX Switches EX2200, EX2500, EX3200, EX4200, EX4500 series.
• Network Infrastructure should be up to date for any bug fixes, systems improvement. For this, the network infrastructure is upgraded periodically scheduling a down time.
• Firewall expertise and Firewall Zone's Segmentation for PCI compliance.
• Creating new interfaces on Firewalls and connecting to Spine Switches and ESR Routers.
• Technology Used: ISP/OSP Engineering, OSHA, OSP, ISP, Ethernet, VLAN, WLAN, IEEE 802.11 b/g/n, Cisco Switches, Cisco Routers, FTTP, SONET, DNS DHCP, VOIP, T1, T3, ADSL, SDSL, ISDN, WAP, demarc, CAT5E, CAT6, fiber, coax, heavy lifting, ladders, cable trays, heavy lifting, equipment racks and cabinets.
• Implementing the ‘Continues Testing’ approach for end to end System to see the root cause of the issue and fix it. Different Network tools like Splunk, Wire-shark, TCP-dump etc. are used to see the root cause and fix them.
• Configuring threat prevention profiles, URL filtering, File Blocking, Wildfire profiles, security rules to the Palo Alto devices which are used as IPS.
• Upgrading the OS and creating Antivirus and Anti-Spyware Profiles for all the Palo Alto Devices.
• Monitoring the Firewalls which are configured to be monitored by Statseeker Tool through SNMP.

Environment: Cisco routers (7600, 3800, 2800) and Cisco switches (6500, 3700, 4900, 2900), Nexus (7K, 5K &2 K), Data Centers, FEX, Routing Protocols (EIGRP, OSPF, BGP), ASA, Palo Alto, Fortinet, F5 load balancing, STP, VLAN, MD5, 3DES, AES, OTV, CitrixVLANS, SNMP, NAT, cisco IO, HSRP, VLAN trunking 802.1Q, F5 Networks Big IP, CISCO ASA and Checkpoint firewall, Palo Alto 3000, 5000 series.

Confidential

Senior Network Engineer

Responsibilities:

• Designing and Deployment of Access, Distribution and Core layers in Data Center environment using Juniper QFX and MX series switches. Worked on OSPF and BGP configuration.
• Customize Layer 2 and Layer 3 networking between VMware, networking components, and storage for high availability and maximum performance.
• Involved in Troubleshooting ESX host issues with VMware.
• Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, and fabric-path technologies.
• Designed and recommended architecture of virtualization and private cloud environments based on VMware technologies.
• Extensively worked on virtual F5 LTM module on VMware for application testing.
• Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
• Provided Level-3 Network support for Cisco Switches and Cisco ASA 5500 Series Security.
• Configure and deployment of VMware Distributed Switch (VDS) and Cisco Nexus 1000v (N1K) and Cisco UCS 6248UP 48-Port Fabric Interconnect.
• Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewalls.
• Knowledge with following Citrix infrastructure components: Web interfaces, PNAServer, NetScaler setup and administration, License Server management, Edgesight. Management and configuration of RSA SecurID Server.
• Implementing routing, ACL's with ISP using OSPF and BGP.
• Provided L2 & L3 network support, Building configurations for Juniper EX 3300 and EX 4200 switches with features like P ort security, VLANs, VTP, and PVST+. Worked on SRX service gateways and MX Platform routers.
• Strong hands on experience on, ASA Firewalls, Palo Alto Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Configuring IP Networking: Security Settings, QoS, Routing Protocols (OSPF, ISIS, BGP), S ignaling protocols like RSVP, LDP etc.
• Understanding the JUNOS platform and worked with JUNOS upgrade of Juniper devices.
• Excellent Knowledge on TCP/IP, SNMP, FIBRE, Ethernet, Gigabit/10-Gigabit, RADIUS/AAA
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Cisco IOS Software Management tools /Cisco PRIME, testing and implementation in VMWare virtualized environment.
• Configure and maintain all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Hands on experience on all software blades of Check Point Firewall. 24x7 on-call step-up support as a part of the safety operations team.
• Working closely with knowledge center management to investigate the information center sites for cabling necessities of assorted network instrumentation.
• Migration from Checkpoint firewall cluster to Cisco ASA 5580 firewalls in a failover pair configuration.
• Provided application level redundancy and accessibility by deploying F5 load balancers. LTM and GTM Installation and operation.
• Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Worked extensively in Configuring, observation and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover demilitarized zone socialization & configuring VLANs/routing/NAT.
• Managing a TACACS server for VPN user authentication and network devices authentication.
• Performed Imperva Secure Sphere DAM on WAF Health Checks.
• Managing and providing support to numerous project groups with regards to the addition of recent instrumentation like routers switches and firewalls to the DMZs.
• Implementing traffic engineering on existing Multiprotocol Label Switching (MPLS) network and Open Shortest Path First (OSPF).
• Provided redundancy in a very multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
• Configured and troubleshooting River bed WAN optimization software to improve the network acceleration at the user end.
• Earlier efforts included verification of DOCSIS upstream logical channels, proprietary RF spectrum management algorithms, system high-availability, etc.
• Support vendors with product and service requirements based on Charter business needs and internal customer requests.
• Deploy, scale and automate network across multiple global datacenters supporting Amazon Web Services (AWS).
• Knowledge and skill of 802.11 a/b/g/n LAN normal for wireless Technology.
• Used Cisco ACI Fabric which is based on Cisco Nexus 9000 Series Switches and the Cisco Application Virtual Switch (AVS).
• Configure best route map configurations in the new Cisco IOS XR Routing Protocol Language (RPL).
• Supporting EIGRP and BGP supported network by partitioning level two & three issues of internal groups & external customers of all locations.
• Extensive active expertise with complicated routed local area network LAN and WAN networks, routers and switches.
• Design and Building Software-Defined Data Center environment, including Vmware, VCenter, NSX and Cisco ACI.
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
• Configured Windows Clusters, Windows NLB, H/W Load Balancers (F5, Netscaler). Deployed, configured and troubleshooting runtime errors related to .Net applications on 7.0/7.5 Web Servers and Windows Server 2008/2008 R2 in Dev, QA & Pre-prod environments.

Environment: Nexus 2k/5k/7k, Cisco 6500/7500/7200 Routers, Cisco 3550/4500/6500 switches, Juniper SRX100, Fortinet Next Generation Firewalls, LAN, WAN, OSPF, RIP, BGP, EIGRP, HSRP, PPP, VPN, Checkpoint, Cisco ASA, AWS, TCL, Riverbed, Clustered SQL server 2014/2012/2008 R2/2008/2005, DC migration, Active-Active& Active-Passive Clustering, Windows 2012/2008R 2/2008/2003.

Confidential

Senior Network Security Engineer

Responsibilities:

• Hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Demonstrated understanding of network security concepts and systems including F5, WSA, Palo Alto, ASA.
• Designed and implemented Python scripts to set up automation test environments for testing features of switches.
• Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
• Created a Python script to test Hadoop’s Streaming Map/Reduce tasks using Pytest framework.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
• Managing & administering Cisco WSA.
• Created Python scripts for stress testing: to add / delete any number of VLAN’s to any number of adapters, or any number of NIC teams (FailOver / Failback, Load Balancing), create any number of any types of NIC teams on any number of NIC adapters, backup and restore NIC teaming configurations for unlimited times, assign IP address for any new interface such as teams or VLAN’s, perform port bouncing by shut/no shut switch ports in the vPC(Virtual PortChannel)
• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Active/Standby and Active/Active HA configuration on Cisco ASA and Palo Alto Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Expert in Next Gen Firewall Techniques for traffic filtering such as URL Filtering, SSL decryption, Forward proxy, Security policies, Zones, NAT/PAT, ACL, policy-maps etc.
• Configured and deployed VPC, VSS, OTV, FABRIC PATH between Nexus 7010 and Nexus5596, 5548 switches along with FEX2248
• Performing network monitoring, providing analysis using various tools like Wireshark, Riverbed and Solar winds.
• Deep understanding of IDS/IPS such as Sourcefire and Foresight.
• Assisted with the transition from the current Cisco ASA FW platform to the Cisco Firepower FPR 4150 NGFW
• Implementing Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM.
• Juniper Firewall Policy management using NSM and Screen OS CLI.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Cisco ASA security appliances including Sourcefire, Fire POWER services and Fire Sight Management Console.
• Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including Crypto map, Encryption Domain, PSK etc.
• Implemented configuration back-ups using WinSCP, Cyberfusion to automate the back-up systems with the help of public and private keys.
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.

Environment: Cisco ASA 5580/5540/5520 , Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, Big IP F5 LTM/GTM, Solarwinds, Nexus switches, TCP/IP, VPN, Cisco Sourcefire, Splunk, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.