SUMMARY

• Network Engineering professional with 8+ years of experience. Proficient and skilled individual in various aspects of networking, security, computer hardware, server engineering, design, installation, and maintenance. Currently possess CCNA, CCNP & PCNSE Certified Network Engineer.
• Experience in designing, configuring, implementing, and testing of LAN, WAN, Wi - Fi and IP routing protocols such as OSPF, RIP, BGP, EIGRP.
• Advanced knowledge of OSI model, TCP/IP system security, firewall infrastructure, network architecture including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience.
• Installing, configuring, and troubleshooting Cisco routers ASR 1K, 2901, 2911, 4200x, 2800 and 2600 Series and Cisco Catalyst Switches 2960X, 3750, 3850, 3950, 4500 and 6500 series & Nexus 2k,5k,7k & 9k
• Strong hands-on experience and knowledge on Software Defined WAN (SDWAN) and its architecture including like Cisco Viptela.
• Experienced in working on cloud AWS cloud EC2, S3, RDS, Load Balancer, Auto Scaling with AWS command line interface and AWS python SDK.
• Experience on F5 LTMs & GTMs to improve web application delivery speed and replication through and between distributed global data centers.
• Experience in configuring all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience in configuration of Checkpoint 600, 1100,4800,12000 appliances. Implement duo security two factor authentications for remote access VPN on Cisco ASA.
• Experience working on network security protocols such as IPSEC tunnels, GRE tunnels, NAT/ PAT, ACLs and VPN - MP-BGP.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX series security appliance. Worked on various blades like IDS/IPS, URL filtering on Cisco ASA.
• Expert Hand-on-Experience in working on Cisco ISE and configuring 802.1x & MAB authentication.
• In depth knowledge with network monitoring and performance tools such as Solar Winds, Whatsup Gold.
• Working experience on Zscalar cloud security ZIA & ZPA
• Worked on various security tools like Splunk, extra-hop, Cyber Ark, Qualys Guard and Bluecoat Proxy.
• Experience in Python script automation, Cisco ACI, Spine/Leaf, VMware NSX, vPC, VDC.
• Excellent Analytical, Organizational problem solving & resolution skills.

TECHNICAL SKILLS

Routers: Cisco 2800, 3600, 3800, 3900, 7200, GSR 12000, ASR-901,903,1002x,5500, ISR 4300, 4400

Switches: Cisco Catalyst 3750, 3850, 4500, 4900, 6500, 9300,9500, Nexus 5k,7k and 9k

Firewalls & Load Balancers: Cisco ASA, Checkpoint, Palo Alto IPSEC and SSL VPN, IPS/IDS, DMZ set up, F-5 LTM.

Routing: OSPF, EIGRP, BGP, RIP, PBR, Route Filtering, Redistribution, Summarization, Static routing

Switching: VLANs, Dot1Q, VTP, STP, RSTP, VLAN Maps, HSRP, GLBP, CEF, DCEF, Port Security

LAN/WAN Technologies: Ethernet, Frame relay, MPLS, HDLC, PPP, T1, T3, OC Standard, DSL, ISDN

Protocols: IP, TCP, UDP, ICMP, NAT, DHCP, SNMP, IPSEC, SSL, HTTP, SSH

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Cloud: AWS

Operating Systems: Windows Server 2008 R2/ 2003, Red hat Linux, Unix

Network Monitoring & Management: Solar winds, Wire Shark, SNMP, Elastic Search, Sevone and WhatsUp Gold

PROFESSIONAL EXPERIENCE

Confidential, Burr Ridge, IL

Sr. Network Engineer

Responsibilities:

• Hands-on experience in configuring Viptela devices and creating device and feature templates on vManage required for SD-WAN implementation.
• Worked, configured, and troubleshoot Cisco ACI, Layer 2/Layer 3-out, BGP and OSFP.
• Designed and worked on VxLAN BGP-EVPN Cisco N9K and Extended Leaf in Cisco ACI.
• Designed ACI fabric to ensure each tenant is secured and has separation from other tenants. Use L3/L2 outs via common tenant to reduce TCAM and RAM utilizations
• Implemented DHCP, DNS, IPAM configuration on the Infoblox servers to allocate, resolute the IP addresses from subnet.
• Advanced knowledge in Design, Installation & configuration of Palo Alto & Checkpoint Provider Environment.
• Responsible for Checkpoint and Cisco ASA firewall administration across global networks. Familiar with Cisco firewalls PIX 515, ASA 5500 series and Checkpoint Firewalls.
• Migration from Cisco to Palo Alto firewall & Cisco to Checkpoint firewall.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Installing, Maintaining and Troubleshooting of Cisco ASR 1K, 7200, 3925E and 2951E Routers and Cisco 6500, 4510, 3560X, 9300 and 9500 Switches for deployment on production network.
• Experience working on Cisco Meraki Wireless Switches (MX 33) and (MX100).
• Implemented Site-to-Site VPNs, GRE over IPsec VPNs on Cisco Routers, and Cisco ASA Firewalls.
• Upgraded Palo Alto Firewall and Panorama codes and design and deployed ASA High Availability
• Configuring rules and maintaining Cisco ASA and Palo Alto Firewalls & Analysis of Firewall logs.
• Cisco code upgrade for IOS/NXOS platform for all core data centers included Catalyst 3750,3850,4500,2960X and NEXUS 5K,9K and Routers ISR 4300 and 4400 Series.
• Designed and configured MPLS solution for remote sites as well as DMVPN solution to provide network redundancy.
• Deploying ISE in wired environment to perform Dot1x port-based authentication configure the Posture polices perform Change of Authorization CoA for users connecting to the corporate network
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches.
• Implemented Duo Security two-factor authentication as a service to access data centers via VPN.
• Using solar winds Orion platform to monitor networking and systems management products.
• Integrating Configuring Cisco ASA Firewalls with ISE to the Posture policy compliance perform CoA for remote VPN IPSec, SSL AnyConnect users.
• Involved in designing and developing Amazon EC2, Amazon S3, Amazon RDS, Amazon Elastic Load Balancing, Amazon SWF, Amazon SQS, and other services of the AWS infrastructure.
• Configure a Site-To-Site IPSec VPN to the Amazon AWS VPN Gateway with other vendor security appliances devices.
• Involved in designing and implementation of AWS network and connectivity between physical and AWS DC
• Worked on F5 LTMs & GTMs to improve web application delivery speed and replication through and between distributed global data centers.
• Deployed Solar winds Kiwi cattools in the client network which is used to run daily backups of all network devices across in the environment.
• Mitigating any vulnerabilities in the Web application firewall and set rules for each of the applications.
• Implemented Pro IPS System to diverse set of networked applications requiring application traffic management solutions, including HTTP, HTTPS, SSH, FTP, DNS, NTP, ANYCAST services
• Deploying SDN/NFV POC's for application team for migrating the high reality network for latest technology.
• Maintaining Project documentation & implementing and maintaining network monitoring systems (Cisco works & Solar winds) and experience with developing network design documentation and presentations using VISIO.

Environment: Cisco Routers, Switches, Palo Alto Firewalls, OSPF, EIGRP, BGP routing protocols, SDWAN, AWS,VLANs, F5 Load Balancers, checkpoint, Palo Alto,WAP,Solarwinds,IP, TCP, UDP, ICMP, NAT, DHCP, SNMP, IPSEC, SSL, HTTP, SSH protocols.

Confidential, Atlanta, GA

Sr. Network Engineer

Responsibilities:

• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Experience in Spine Leaf Architecture, EVPN, VXLAN. Worked on software Defined Network solutions using Cisco ACI.
• Worked on design & implementation of Cisco Multisite ACI configuring BDs and EPGs to migrate VMs and provisioned vPCs.
• Integrated separate DCs ACI via Multisite ACI and migrated/extended L2 traffic between them.
• Created ‘Contracts’ in Cisco ACI between migrated EPGs and existing VMs in new DC.
• Collaborate with application owners to define dependencies, map dependencies for better application workflow within ACI or public cloud use.
• Migration from Cisco firewalls to PaloAlto firewalls platforms PA 4000 and PA 500 and PA- 200 firewall.
• Configuring rules and Maintaining PaloAlto Firewalls & Analysis of firewall logs.
• Implemented Cisco 5500-X Firepower and Cisco Sourcefire IPS &Fire Eye, managed Cisco IDS and IPS modules with Firepower Management Center.
• Created additional site-to-site IPsec VPN to connect SD-WAN to Zscaler for cloud based Security.
• Built Site to Site IPsec based VPN Tunnels between various client and business partner sites.
• Design, installation and support of Cisco ISE, Identity Services Engine for use in Wireless environment and with LAN connected devices for 802.1x NAC authentication.
• Cisco ISE implementation for Guest access with Cisco Wireless Controllers using EOIP guest wireless services
• Cisco ISE implementation for 802.1x authentication.
• Created scripts in Python for manipulating, parsing and converting data in excel sheets
• AWS VPC design and recommendation of best Security practices.
• Design of AWS VPC using services like AWS Direct Connect, AWS IAM, AWS ACLs.
• Security Control assessment for AWS migrations including evaluating the AWS services and recommending additional security controls required.
• Involved in troubleshooting network traffic and its diagnosis using tools like ping, trace route, Wireshark, and UNIX operating system servers.
• Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series.
• Monitored network and provided analysis, improvement scopes & support using monitoring tools as WhatsUp Gold and Application Manager.
• Configured Access List ACL (STD, Ext, and Named) to allow users all over the company to access different applications and blocking others.
• Installed and implemented Digital guardian DLP (Data Loss Prevention), network DLP and Data visibility and control.
• Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series)
• Responsible for configuration, monitoring and troubleshooting of LAN, VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel on Cisco Cato's and IOS Switches (2960,3500,3570,3850, 4948,6500/E, 7600).
• McAfee antivirus, spam, spyware protection, virus protection, virus removal and application security
• Analyses of NSESSUS Vulnerability Management Scanning
• Opening the change requests (CR) and working on the assigned tickets in the SNOW requests and following up with the appropriate teams and have meetings with them to solve the tickets.

Environment: Cisco Routers, Switches, ACI, Cisco ISE, ACS, Palo Alto, Cisco ASA, Firepower, WhatsUp Gold, Application Manager, BGP, EIGRP, VLANS, Wireshark, Infoblox, IP, TCP, UDP, NAT, DHCP, HTTP and SSH.