SUMMARY

• Around 7 years of IT experience in design, development, implementation, troubleshooting and maintenance of complex Network & Security devices, Network Security.
• Expertise in network protocols, Firewalls and Communication Network design.
• Hands on experience in migration of Cisco TACACS+ to Cisco ISE
• Good knowledge on ansible scripting.
• Knowledge on Network security including NAT/PAT, ACL, VPN Concentrator.
• Good hands on experience on ASA, Palo alto & checkpoint firewalls.
• Possess hands - on experience with Cisco VPN Concentrators, site to site VPN & IPsec VPN
• Experience in implementing cisco DNA center, Cisco live action and Net brain
• Strong hands on experience in Designing, configuring, and troubleshooting of Cisco Routers, Catalyst switches & Nexus Switches
• Good hands on experience in data center migration from legacy to new Cisco ACI fabric infrastructure.
• Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience.
• Experience on Zscaler cloud security.
• Worked on Load Balancer F5 LTM, series like 6400, 6800, 8800 for the corporate applications and their availability.
• Set up maintained a source fire IDS/IPS system to control network security.
• Experience on Network Security - Anomaly Detection in Attack Prevention System, Network and Host IPS/IDS, Cisco ASA firewall, Vulnerability scanning, Penetration testing, Buffer Overflows, Cross Site Scripting (CSS)
• Provide overall management of the SPLUNK platform.

TECHNICAL SKILLS

Routers: Cisco 1800, 2600, 2800, 3700, 3800, 3900 ISR 4331, 4431 & ASR 1001x, 1001HX series, ASR 9k

Switches: Cisco Catalyst 3550, 3750, 4500, 6500,9300 & 9500 series & nexus 9k,7k, 5k, 2k

Load Balancer: Cisco CSS, F5 Networks (BIG-IP)

WAN Optimization: SD-WAN, Cisco WAAS, PPP Multilink, Riverbed

Routing: OSPF, EIGRP, BGP, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, RPVST+, Inter VLAN routing & Multi-Layer Switching Layer 3 Switches, EtherChannels, Transparent Bridging

WAN: MPLS, DMVPN, T1 circuits, DSL

Wireless: Cisco 4400, 5500 Wireless Controller (WLC) and 3500, 3700 series Access Points

Firewalls: Cisco ASA, Juniper SRX, Palo Alto, Checkpoint FW’s, Cisco Firepower, IDS/IPS

Network Monitor Tool: Net brain & SolarWinds, Cisco Prime Infrastructure & Cisco DNA center

Protocol Analyzer: Wireshark, Netflow

Ticketing tool & Data Center Tool: Service Now & BMC remedy

PROFESSIONAL EXPERIENCE

Confidential, Atlanta, GA

Sr. Network security Engineer

Responsibilities:

• Designing and Configuring of the LAN & WAN networks for different airport, enterprise locations and data center locations.
• Configuration and installation of various network devices and services (e.g., routers, switches, firewalls, load balancers, VPN, QoS)
• Configured site-to-site and client VPNs and identify and resolve firewall and VPN connectivity issues.
• Configured and troubleshoot VPN's on infrastructure VPN devices. Provided support for infrastructure FW/IPS platforms.
• Worked on Palo Alto design and installation of Application and URL filtering, thereat prevention, Data Filtering
• Upgrading the code from Pan OS 7.1.X to 8.0.X. Experience working on Panorama M100.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Managed firewalls using Palo Alto's Panorama Central Management Software
• Prepare MOPs to assist installation teams to ensure successful changes to Palo alto firewall code upgrades
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls
• Actively participated in network refresh by migrating switches from Catalyst 3650 to Catalyst 9300, 9500 and Routers from ISR 4431 to ASR 1001-x
• Design, recommend and implement new solutions to improve the resilience of network operations like Cisco live Action and DNA center tools.
• Implemented IP SLA and SD-WAN traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Open Shortest Path First (OSPF).
• Designing and directing system configuration and installation to accommodate network needs of client.
• Involved in migration of switches from catalyst 6500 E to catalyst 4500-X, 9500 and Nexus 9k, 7k & 9k
• Good hands on experience in data center migration from legacy to new Cisco ACI fabric infrastructure.
• Worked on Implementation of new sites from scratch and projects with phases, like project planning, considering needs and requirements for completion and then implementing to connect with existing network.
• Securing Internet facing products and corporate infrastructure (load balancers, DMZs, remote access VPN, proxies, gateways)
• Network security administrator for all user and B2B VPN configuration standards and implementations on production Cisco ASA 5520 and Cisco 5540 appliances Advise management of options, risk vs. cost, benefits and other impacts of infrastructure solutions
• Set technical standards for network infrastructure, security baselines, policies and procedures
• Coordinate with AT&T and Verizon Business and the Local Exchange Carrier for circuit testing and troubleshooting.
• Configuring IPAM, DNS and DHCP on Infoblox.
• Preparing Migration procedures, assisting with deployment and troubleshooting issues during migration call.
• Implementing Quality of Service (QoS ), Policy Maps, ACI , SOAP, Class-maps , and Policy Routing in the network infrastructure throughout all the different sites.
• Troubleshooting network connectivity between branch office and regional office with multiple link paths and routers running HSRP, EIGRP in unequal cost load balancing.
• Good hands on experience with Palo alto SP3 architecture.
• Deployed the Palo alto in Prisma cloud services.
• Migration from Cisco firewalls to Palo Alto firewalls platforms PA -5000, series (5060/5050/5020 ), PA 4000 (4060/4050/4020 ) and PA 500 and PA- 200 firewalls
• Configuring rules and maintaining Cisco ASA and Palo Alto Firewalls & Analysis of Firewall logs.
• Writing SOPs Work Instructions for Level-1 and Level-2 support teams regarding different Network Element installations, configurations and quick resolution procedures during outages.
• Participate in planning, implementation, and growth of our infrastructure on Amazon Web Services.
• Involved in designing and deploying a multitude application utilizing almost all of the AWS stack (Including EC2, Route53, S3, RDS, Dynamo DB, SNS, SQS, IAM) focusing on high-availability, fault tolerance, and auto-scaling.
• Experience in implementation of network automation through Ansible scripting.
• Managing day to day activity of the Azure cloud environment, supporting development teams with their requirements.
• Managed SPLUNK user accounts (create, delete, modify, etc.)
• Create data retention policies and perform index administration, maintenance and optimization
• Work with third party application, hosting and CDN providers to integrate data feeds to a centralized Splunk platform.
• Provide overall management of the SPLUNK platform.
• Good hands on experience in Palo Alto Firewall migration support & policy/rules configuration
• Tufin Secure Track for policy change management, policy analysis, auditing, compliance and reporting
• Assisted field technician over the phone to install and connect the LAN & WAN connections.
• Raise & Implement Break Fix Changes that come from incidents.
• Participating in troubleshooting the F5 LTM and APM and provided level 2 and 3 support.
• Configuring networks using routing protocols such as RIP, OSPF, EIGRP and BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
• Configuration of IP-Sec VPN tunnels to remote sites using IKEv2.Using tools like cisco works, we can monitor the remote sites connectivity
• Experience on Zscaler cloud security.
• Creating automated scripts using Python language and also manual testing to enhance hardware performance.
• Developed test scripts using Python and assorted proprietary software tools.
• Conduct network modeling and analysis to construct a reliable, high-performance integrated network and recommend new solutions to improve the resilience of network operations
• Created Python scripts to automate the process of logging into APIC-EM web application and fabric switches to retrieve information.
• Modified Python scripts to test APIC features.
• Utilized REST API’s in Python scripts to post policies to configure test environments as neede

Confidential, NC

Network security Engineer

Responsibilities:

• Experience working with Nexus 9508, 9504, 7018/7010, 5020, 5548, 2148, 2248 devices
• Implementation of BGP to optimize WAN routing on the core and edge routers.
• Troubleshooting and installing of ISR, GSR, ASR9000 and Nexus devices. Managed rules on Checkpoint NGX firewall.
• Managed VPN, IPSec, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam and Smart Provisioning.
• Configured site-to-site and client VPNs and identify and resolve firewall and VPN connectivity issues.
• Configured and troubleshoot VPN's on infrastructure VPN devices. Provided support for infrastructure FW/IPS platforms.
• Worked on Palo Alto design and installation of Application and URL filtering, thereat prevention, Data Filtering.
• Set up maintained a source fire IDS/IPS system to control network security.
• Experienced with Configuration and implementation of High Availability (A/P, A/A) on firewalls.
• Extensive Knowledge on Wildfire feature of Palo Alto and Fire Power feature of Cisco.
• Perform installs, configure and troubleshooting on stateful inspection firewalls and inline/passive IPS/IDS sensors.
• Subject Matter Expert in network security, Cloud computing security and SDN security applications.
• Specialized in Network Security technologies (Firewall, IPS/IDS, Content Filtering, Proxy and Cisco network products).
• Mutual redistribution of OSPF and BGP routes using route maps.
• Involved in upgrades to the WAN network from existing 1001x with ASR1004 and ISR 2800/4331 routers.
• Setting up and Managing Virtual Machines on AWS Cloud including working on EC2, Route53, RDS, Lambda.
• Deployed applications and host websites on AWS cloud involving blackboard.
• Migrated Virtual Machines and applications from on premises cloud to AWS.
• Set up maintained a source fire IDS/IPS system to control network security
• Strong experience Working with the following routing/switching protocols: BGP, OSPF, EIGRP, LDP, HSRP, VRRP, GLBP, VTP, 802.1d, and 802.1q, ISL, VLAN’s and Port-Channels.
• Worked on F5 BIG-IP LTM, configured profiles provided and ensured high availability.
• Hands on Experience testing iRules using Browser (IE), HTTP watch on f5 load balancers.
• Configuration of Virtual Servers, Nodes, and load balancing Pools
• Administer and Troubleshoot Cisco ISE and Cisco TACACS
• Configuring IPSEC VPN on SRX series & Palo alto firewalls
• Convert Campus WAN links from point to point to MPLS and to convert encryption from IPSec/GRE to DMVPN.
• Experience with configuring IPAM on DNS Infoblox like adding the already existing networks and
• Hands on experience with Cisco IOS, NX-IOS, IOS-XR.
• Performed security audit of perimeter routers, identifying missing ACL’s, writing and applying ACL’s
• Engineering the configurations for the different branches, campus locations
• Responsible for Cisco ASA firewall administration across our global networks
• Implemented traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Open Shortest Path First (OSPF).
• Installed, configured and set security policies on Cisco and checkpoint firewalls, VPN.
• Monitored and tested network protocols (Ethernet, TCP/IP) using Wire shark tool.
• Worked with Aruba/Cisco wireless AP 205 series supporting 802.11 ac.
• Worked on Windows server 2012 active directory and like deletion of user accounts and creation managing access controls.
• Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
• Also prepared documentation for various VLAN’s and Voice subnetworks and worked on Visio for the same.
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling
• Implemented Zone Based Firewalling and security rules on the Palo Alto Firewall.

Confidential, Boston, MA

Network Engineer

Responsibilities:

• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco ASA's 5585.
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.
• Implementation of Access Lists for allowing/blocking desired traffic.
• Packet capturing, troubleshooting on network problems, identifying and fixing problems.
• Experience working in Datacenters environment, configuration changes as per the needs of company.
• Support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process.
• Configured Policies to allow customer traffic in Juniper Netscreen/SRX firewalls
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls
• Configuring objects such as Load Balancer pools for local traffic management on F5 Load Balancers
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls
• Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and also configure 2k, 3k,7k series Routers
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing).
• Installed and maintained Cisco and F5 Load Balancer and documentation. .
• Implementing, configuring, and troubleshooting various routing protocols like RIPv2, EIGRP, OSPF, and BGP etc.
• Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network
• Experience configuring Virtual Device Context in Nexus 7k series switch.
• Strong knowledge on networking concepts like TCP/IP, Routing and Switching.
• Designed, configured, implemented site-site VPN on cisco ASA 5500 firewall.
• Implemented, configured redundancy protocols HSRP, VRRP, GLBP for Default Gateway Redundancy.
• Experience with configuring Load Balancing methods in F5 LTM and also configured the virtual server.
• Working with Checkpoints, ASA’s (Other Remote sites), Palo Alto’s FW’s
• Worked in projects converting P2P circuits into MPLS circuits, commissioning and decommissioning of the MPLS circuits.
• Performing network monitoring, providing analysis using various tools like Wire shark, Solar winds etc.
• Provided proactive threat defense with ASA that stops attacks before they spread through the network.
• Designed, Validated and implemented LAN, WLAN & WAN solution to suite client’s needs.
• Configured and designed LAN networks with Access layer switches such as Cisco catalyst 6500, 4510, 4948, 4507 switches.
• Experience with Project documentation tools & implementing and monitoring systems. Experience with developing network design documentation and presentations using VISIO.

Confidential, Meadows, IL

Network Engineer

Responsibilities:

• Involved in configuring IP Quality of service (QoS)
• Experienced in WAN environments, installing and troubleshooting data circuit problems (MPLS, T1)
• Involved in designing and applying QOS and policy map to 2800 series routers for all the branches
• Involved in designing GRE tunnels for encryption of data flow from source to destination
• Implementing VoIP solutions using SIP & H.323, also have sound knowledge of Avaya VoIP product
• Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
• Juniper NSM and Juniper CLI for SSG and SRX, Juniper SSL-VPN, OS upgrades, CLI changes, troubleshooting, configurations, rule re-ordering and optimizations
• Hands-on experience on Checkpoint Firewall R70, Palo Alto and Cisco ASA 5500 firewalls.
• Experience on Check Point Firewalls NG, NGX R65, R70 and VDs (VMware Network).
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Provided support for internal network and system related trouble tickets.
• Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
• Understanding & Implementation of IPSEC & GRE tunnels in VPN technology.
• Involved in designing L2VPN services, VPN-IPSEC authentication & encryption system.
• Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS.
• Have experience with Cisco Works LAN Management Solution.
• Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.

Confidential

Network Engineer

Responsibilities:

• Worked on Cisco 2500, 2600, 2800 series routers and 1900, 2900 series switches
• Designed the IP addressing scheme using VLSM and configured IP addressing Performed activities such as initial user account creation, established LAN connectivity, file and resource sharing management, internet connectivity, FAX and email service setup
• Expanded LAN to accommodate 200 plus users. Coordinated installation and repair work. Diagnosed and corrected clients network related issues
• Installed and configured LAN/WAN as per organizational / client requirements, governed by communication protocols
• Performed tasks that include Configuring and constant administration of Static routing, Default Routing & dynamic Routing Protocols like RIPv2, OSPF & EIGRP.
• Implemented dedicated VLAN ID for all trunk ports, set user ports to non-trunking, and deployed port security when possible for user ports for layer 2 security
• Worked to set up the TFTP server for backing up the IOS images and configuration files of Cisco Routers and Switches and troubleshooting the file servers.
• Performed network evaluations, troubleshooting a variety of network problems, and implementing various software and hardware upgrades efficient performance.
• Troubleshoot Cisco hardware: Inspected devices, Read device LEDs, loose connections, cards, IOS upgrade, switch configuration usage of Visual Switch Manager, Switch port configuration, Port monitoring.