PROFESSIONAL SUMMARY

• Network/Security Engineer with over 9 years of experience in design, installation, configuration, administration and troubleshooting of LAN/WAN/MAN infrastructure and security using Cisco routers/Switches/firewalls.
• Strong hands on experience in configuring and troubleshooting of Load Balancers (Big - IP F5) & Cisco ASA Firewall such as 5545, 5585-X, Palo Alto and checkpoint devices.
• Knowledgeable and good hands on experience in data center practices (i.e. basic fault tolerance, cable routing, calculating power usage)
• Responsible for Check Point, Palo Alto and Cisco ASA/PIX firewall administration across global networks.
• Experience working with OTV & FCOE on the Nexus between the Data centers.
• Competent in configuring Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 7k,5k,2k series switches and Cisco 2600, 2800, 3600, 3800, 7200, 7600, Asr-9004 series routers.
• Proficiency includes checking server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, troubleshooting, analyzing and resolving security breaches and vulnerability issues.
• Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting including DNS, WINS, LDAP, DHCP, FTP, TFTP, HTTP, HTML, HTTPS, SMTP, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.
• Hands on experience in configuring and supporting site-to-site and remote access server, IPSec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
• Proficient in Cisco IOS & cat OS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP v1/v2, BGP v4 and MPLS.
• Involved in Data Center migrations from one data centre to other.
• Experience in working with Cisco Nexus Switches in creation and management of VLANs, VPCs, VDCs and VRFs for Nexus 7K, 5K, 2K devices.
• Experience in working with Juniper routers such as MX-480, MX-960 and switches EX-4200, EX-4300, EX-8200 and Juniper firewalls such as Juniper SRX-610, SRX-3600
• Basic understanding of SAN technologies FC, FCoE, NPV, NPIV, FSPF, iSCSI with SAN storage solutions EMC, EqualLogic/Compellent, NetApp, HP/Lefthand, IBM.
• Advanced proficiency in designing, deploying, and maintaining perimeter security devices such as IPS, IDS, Radware, FireAMP, Lancope etc.
• Experience in Checkpoint firewalls, Palo Alto Firewalls, Juniper Firewalls, Cisco WSA/CWS, Cisco ASA, SSL VPN, Cisco Nexus, Cisco ACS, Cisco ISE, IPS, Microsoft TMG and Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Involved in troubleshooting network traffic and its diagnosis using tools like ping, traceroute, Wireshark, TCPdump, and Linux operating system servers.
• Worked on VOIP on Session Initiation Protocol to provide a comfortable abstraction to the VOIP application layer, so that it may focus on the application logic and communications protocols
• Involved in topology diagrams of network environment and network infrastructure. i.e., creating Network diagrams, standard operating procedures and work flows, UML diagrams etc. Have excellent proficiency with MS Office suite.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyses results and implement and delivering solutions as an individual and also in team.
• Advanced knowledge in Linux and Unix Operating Systems, web security devices or proxy - Cisco WSA/CWS and Bluecoat, understanding of globalsecuritypolicies
• Providing offshore support on Checkpoint firewalls on Nokia boxes and UTMs, Cisco ASA, Palo Alto, Bluecoat Proxy and directly interacting with customer and work with them for any new request comes.
• Proficient in installing and configuring Windows Server 2003, 2008, 2012 and Windows XP, 7 & 8 Professional Client Operating Systems.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience on scripting language Perl, Python and Bash to create scripts for network inventory.
• In depth understanding of IPV4 & IPV6, implementation of Subnetting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Moderate knowledge in configuring and troubleshooting Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP and Switching tasks include VTP, ISL/802.1q, IPSec and GRE Tunnelling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.
• Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)

TECHNICAL SKILLS:

Cisco Platforms: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series)

Juniper Platforms: SRX, MX, EX Series Routers and Switches

Networking Concepts: Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi

Firewall: PIX Firewall (506/515/525/535), ASA Firewall (5505/5510), FWSM firewall (6500), Palo Alto (PA-5000/3000), Check Point (R77/R76/R75)

Network Tools: Solar Winds, SNMP, Cisco Works, Wireshark, TCP Dump,Netflow

Load Balancers: A10 Networks(AX2500), Cisco CSM, F5 Networks (Big-IP), cisco ACE

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPSEC, SSL-VPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA

Languages: Perl, C, C++, SQL, HTML/DHTML, Python (Testing Automation)

VPN: IPsec, Remote access SSL, VPN, Access-lists, Regular expressions, content based filtering, Failover, Load Balancing (F5 Networks) IDS, IPS, PPTP L2TP, Packet filtering etc.

Virtualization: Microsoft Virtual Server 2008 R2, VMware

Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix

Switching: VLANs, VTP, STP, RSTP, Inter VLAN routing and Multi-Layer Switching, Layer3 switches, Ether channels, Dot1Q, HSRP, Port Security.

Routing: OSPF, BGP, EIGRP, RIP-2, Route Filtering, Redistribution, Summarization, Static Routing

PROFESSIONAL EXPERIENCE

Confidential

Senior Network Engineer

Responsibilities:

• Responsibilities included not limited to upgrading, maintaining Infrastructure, Installing, configuring various Cisco, Arista, Juniper Routers, Switches, Checkpoint, Palo Alto’s FW, Citrix NetScalar Gateways, BlueCoat Proxy SG, Riverbed Steelhead appliances.
• Performed OSPF, BGP, ISIS, DHCP, HSRP, IPV6 implementation on Cisco IOS 1800, 2800, 3600, 3800, 4500, 6500, 7000, 7200, 7609, ASR 9K, 1K, ISR 4K, 3K, 2K Juniper MX (960, 480), M routers.
• Efficient in configuring, maintaining, upgrading Cisco IOS on network devices routers3800, 3900, 4331, 7200, 7600,Cisco Catalyst & Multilayer 6500, 4500, 3850, 3750, 3650, 3500 XL, Nexus 2k/5k/7k.
• Experience configuring routing protocols such as OSPF, BGP, EIGRP, IS-IS, ACL’s, Static route policies, Edge & Tunnel routing policies on Cisco, Juniper M320 and MX80, MX960, MX480 Routers.
• Configured & troubleshoot routing/switching, wireless protocols: OSPF, ISIS, EIGRP, LDP, RIP, Multicast, PIM, BGP, RADIUS, TACACS+, DMVPN, CDP, VRF’s, 802.11 (a, b, g, n).
• Responsible for configuration, installation, troubleshoot, & maintenance of Juniper, Cisco router, switch network devices,MPLS technologies like LDP, TDP, MPLS L2/L3VPN's, analyze, troubleshoot & resolve LAN/WAN, firewalls, Layer-2/3 network issues.
• Extensively worked in network performance testing, administration,installation, maintenance, troubleshoot of Advanced TCP/IP management, IP Addressing & subnetting VLSM, CIDR, LAN/WAN.
• Analyzed logs, user activity, traffic on Palo Alto, Checkpoint, SRX, ASA firewalls after configuring policies, VPN’s & NAT rules, also configured Cisco Juniper Router, Switch, LAN/WAN environment.
• Configured, monitored Palo Alto PA-3K, PA-5K models, implemented Policies, URL filtering, App, User ID, & threat Prevention on the internal network via Panorama also configured policies on Cisco ASA, Checkpoint WEB Gateways for Site-to-Site, Web & SSL VPN purpose.
• Configured STP, VSTP, PVST+, VLAN, SNMP, HSRP, ARP, SPAN, RSPAN, 802.1 (q, s, w), 802.3 ae Tagging on Cisco catalyst 6500, 4500, 3750, 3500, 2900, EX-4500, 4300, 3k series Ethernet switches.
• ProvidedBGProuting protocols for implementing multi-homing connection and carried out Route-redistribution between different routing protocols like OSPF,BGP, EIGRP for increased efficiency.
• Maintained complex LAN/WAN networks with multiple VLANS & provided support for OSPF, RIPv1, v2, EIGRP, BGP routing protocols, Static &default route, Multicast, MTU throughput, Jumbo frames.
• In the process of implementing network security policies for remote access configured site-to-site & client-to-site VPN tunnels on Cisco ASA 5500, Checkpoint (13K, 12K), Juniper SRX (1500, 3400, 3600, 5800), Palo Alto PA-3K, 5K firewalls.
• Installs, configures and maintainsJuniperEX, QFX series switches and MX, and M seriesrouters, SRX firewalls worked in JUNOS platform and with IOS upgrade ofJuniper, Cisco devices
• Installed and configured of Cisco Routers (1700, 1800, 2500, 2600, 3200, 3600, 3700, 3800 and 7200, 7609) & Cisco L2 & L3 Switches (2900, 3560, 4500 & 6500)
• Efficient with Layer 2 protocols STP, VSTP, PVST+, VLAN, SNMP, HSRP, ARP, SPAN, RSPAN, 802.1 (q, s, w), 802.3 ae and associated enhancements related to LACP, L2 ECMP, 802.1d/w/s, 802.1X, 802.1Q
• Performed Installation, configuring, troubleshootProxy, DHCP, DNS, VPN, and Protocols, Subnetting.
• Configured MPLS, VPN (IPsec, Web, SSL, Remote, Site-to-Site), NAT policies in integrated networks also improved transmission rates using Checkpoint, Cisco ASA, PIX 6.X, Juniper SRX.
• Worked on Layer2 switching technology implementation, operations included L2 and L3 switching and related functionality. This also includes VLANs, STP, VTP, RSTP, PVST+, HSRP, VPC, VDC, OTV.
• Monitored & administer perimeter security systems including firewalls and IDS/IPS systems like Checkpoint IPS, Cisco SourceFire, HP Tipping Point, FireEye on Checkpoint, Palo Alto’s
• Worked on Traffic generating, monitor, troubleshoot & testing tools IXIA, Splunk, Spirent Test Center, Netscout, iTest, Wireshark, TCP dump. Effectively handled problem on pre and post production issues.
• Monitorand analyze network traffic with QRADAR, Cisco ISE, Cacti, SolarWinds Orion, tcpdump, Firemon, Wireshark for Packet capturing, logging to resolve network bottleneck and reduce downtime.

Confidential, Miami, FL

Sr. Network Security Engineer

Responsibilities:

• Analysing the list of open vulnerabilities and determining the action/change required to close each vulnerability.
• Scheduling the change - working with the IT system owners to determine and gain approval for a change window and managing the change lifecycle.
• Responsible for Checkpoint firewall management and operations across our global networks.
• Upgradation of nexus OS from 6.2.2a to a higher version to increase performance and support new features on both N7010 & N7710 chassis.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Configuration and troubleshooting link state protocols like OSPF in multiple areas.
• Provided routine status updates on work performed and interpretation of securityimplications from performed events.
• Experience in Enforcing network securityto DMZ & external Market Data vendors via ASA 5500 series firewall rules, and NAT.
• Design the firewalls rules on Cisco ASA 5520 and 5540-X and implemented different NAT policies.
• Implemented numerous Firewalls polices on Cisco Firewall.
• Implementation and configuration of ASA 5520 in failover along with the CSC module as per the customer requirement.
• Implemented clientless SSL VPN on ASA 5500-x platforms.
• Preformed Firewall configuration primarily through the command line interface.
• Configured Cisco ASA Firewall to use multiple security levels and interfaces
• Experience working with the Cisco IPS module which allows IDS or IPS inspection of all traffic passing through the firewall
• Configuring RADIUS and TACACS+ authentication on Cisco ASA firewalls.
• Worked on ASA routed mode and transparent mode.
• Worked on ASA 5500-x platform configuring the ACLS, NAT policies and AnyConnect VPN’s
• Upgraded the Cisco ASA firewalls from version 8.6 to 9
• Configured, monitored and troubleshoot Cisco's ASA 5500/PIX 515 security appliances, failover DMZ Zoning.
• Hands on experience in Configuring Cisco ASA 5500-x platform with FirePower Services.
• Experience in AMP, URL Filtering and IPS with Cisco FirePOWER
• Hands on experience in managing vulnerabilities, threats, client-side applications, files, and websites using FireSIGHT manager
• Negotiate VPN tunnels using IPsec encryption standards and, also configured and implemented Site to Site VPN and remote VPN.
• Work with application team and Information security for ACL renewals and ACLS aging.
• Implemented Positive Enforcement Model with the help of Palo Alto networks
• Configure outbound web flow policies on Palo Alto devices
• Implemented Palo Alto solution for remote and mobile users and for analysing files for malware in a separate (cloud-based) process that does not impact stream processing.
• Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
• Configuring policies on ASM using manual policy enforcement and auto policy enforcement with F5 ASM, LTM, APM.
• Knowledge in implementing and configuring F5Big-IP LTM load balancers.
• Prepare test plans for checking the configuration on the CLI, and GUI. writing iRules, scripts
• Determining the functionality with the DNS naming conventions and migrations from old load balancing environments to the F5 environment both 10.x and 11.x.
• Configuration of Wide IP's, Pools, virtual servers, profiles, rules and other F5features and customize based on the network and application requirements.
• Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
• Dealt with F5 iHealth reports creating and maintaining high quality installation guides, standards documents, diagrams, run books and other engineering documentations.
• Good Experience in writing IOS and CAT OS upgrade procedures and Pre/Post checks for customer production upgrades.
• Hands on Experience in Creating MOPS and getting approval from peers to perform configuration add/ remove changes.
• Working on scripting language Perl, Python and Bash to create script for Data centre and ranch network.
• Configuring rules and providing access on checkpoint Firewalls & Analysis of firewall logs using various tools.
• Working with Check Point R77, R76, R75 devices on SPLAT & GAIA plat forms.
• Working on F5 LTM versions from 9.X to 11.X.X series & GTM versions from 9.X.X to 11.5.0 and higher versions for load balancing between various data centers involved.
• Working with various Vulnerabilities associated with F5 configuration and remediating them accordingly.
• Troubleshooting with Wireshark identifying Session Initiation Protocol Errors and identify separate TCP conversation with TCP stream index
• Perform advanced troubleshooting using Packet tracer, Wireshark and Tcp dump on firewalls.
• Working on Servicenow to create Incidents tickets and change requests to apply the remediation identified.
• Identifying the host locations and device proto types to address the associated vulnerability.
• Understanding Remediation practices and going through vulnerabilities provided.
• Configured Firewall logging, DMZs& related security policies& monitoring
• Confirm remediation - Confirm completion of the requested change and review the monthly report to confirm the vulnerability no longer exists.
• Discover and Monitor device status in the Network using HPNNM.
• Participate in remediation efforts on Cisco & Extreme routers/switches, Checkpoint and Cisco ASA Firewalls, F5 Load Balancers.
• working with OTV & FCOE on the Nexus between the Data centers
• Work with AbbVie peers and the AbbVie system owners to evaluate risk mitigation options (ex. network segmentation, host based intrusion detection, etc.) and develop the exception request in conjunction with system owner.

Confidential, Doral, FL

Network Security Engineer

Responsibilities:

• Support Secure Access Engineering department in the implementation of security services.
• Provide Project support, technical consultancy and actual implementation of new network solutions into existing infrastructure.
• Troubleshooting build and deployment issues related to firewalls and other security devices.
• Working with Check Point R77, R76, R75, R71 devices on SPLAT & GAIA plat forms.
• Migration of BIG-IP F5, LTM 3600 (v 11.5.4) to LTM 2000 (12.1.0) devices holding Internal Applications.
• Providing 3" level support for security technologies like firewalls, forward and reverse proxies and load balancing.
• Configuration and Administration of Bluecoat proxies in the global Data centers.
• Support Wireless Team - WLAN Design, Implementation, Health Check, Site Survey, Assessment, Troubleshooting, Gap Analysis, Root Cause Analysis, Tier 2 Support.
• Migration of F5, LTM 3600 to ASM 2000.
• Manage & configure various checkpoint, cisco ASA firewalls on various GAIA platforms.
• Managing & configuring DNS entries through BT Diamond IP control.
• Liaise with vendors to discuss and address infrastructure problems, projects and administrative issues.
• Network Administration, Installation, Upgrading, Migration, Configuration, Troubleshooting.
• Security, Backup and Disaster Recovery, Analysing, troubleshooting and correcting network problems remotely and onsite.
• Managed the F5 Big-IP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of Configuring devices accordingly on various models of BIG-IP F5 3600/6900/2000/4000.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls and perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Black listing and White listing of web URL on Bluecoat Proxy servers
• Implementing and troubleshooting complex layer 2 technologies such as VLANs, VTP, Ether channel, STP, RSTP and MST and gateway redundancy protocols like HSRP, VRRP, GLBP.
• Performance Monitoring of the Network devices and ensure all solutions following the agreed standards.
• Design and implementWirelessIntrusion Prevention Systems (WIPS), Cisco PRIME, Cisco Mobility Services Engine (MSE) to enforce security policies.
• Configured Site to Site IPsec, VPN tunnels to peer with different clients and each of the client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA & Checkpoint firewalls.
• Work with RADIUS, TACACS, TACACS+ to accomplish security levels as per the requirement.
• Maintaining and administering perimeter security systems such as firewalls and intrusion detection systems.
• Working on proposed changes and handling service requests assigned through ticketing systems Global Servicenow & IBM Lotus Notes.