PROFESSIONAL SUMMARY:

• 8+ years of experience in Networking, including hands - on experience in providing network support, installation and analysis for a broad range of LAN /MAN/WAN technologies.
• Proficient knowledge in configuring and troubleshooting routing protocols like OSPF, BGP, EIGRP, RIP, MPLS, IP Multicast.
• Worked on Checkpoint and Palo Alto Firewall for security of client network.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Formulated resolution of highly visible vulnerabilities identified during Command Cyber Readiness Inspection, resulting in exceeding milestone date expectations.
• Played key role as Subject Matter Expert in ensuring security baseline met Command Cyber criteria for excellent rating during security audit. Guided leadership, peers and subordinates in tactics techniques and procedures.
• Hands on experience on dealing with Microsoft Azure cloud computing including implementing access lists in the Network Security Group.
• Identified on-board/off-board gap impacting Access Management, resolved by updating organizational procedure shortfalls.
• Executed Update Mitigation Plan for Joint Chiefs of Staff Network.
• Hands on experience on windows and Unix servers.
• Worked on REMEDY for ticket change management process.
• Knowledge on Ethernet, ISDN, ADSL and wireless technologies.
• Managing, Tuning, and Configuring Application Pools in IIS 7.0.
• Knowledge on Using Integrated and Classic Request Processing Modes.
• Excellent in documentation and updating client’s network documentation using VISIO.
• Experience on dealing with Silver Peak WAN optimization.
• Experience with Bluecoat Proxy servers.
• Conducted system security assessments based on NIST 800-53.
• Generated security documentation, including: security assessment reports; system security plans; contingency plans; and disaster recovery plans.
• Supported security tests and evaluations (ST&Es).
• Configuring Authentication, authorization, Accounting on cisco routers using RADIUS or TACACS+ protocols.
• Developed and institutionalized, strategic process to ensure accurate assessment of security baseline remains current to DOD compliancy standards.
• Provided expertise on IT-Security policies and guidelines, best practice approaches and solutions for compliance.
• Experience with designing, deploying and managing enterprise-scale Storage Technologies (SAN/NAS), including Hardware & Software (EMC/ Network Appliance/ NetApp).
• Configuring AAA on Access server. Provide guidance on security controls and best Practices for on-premise and cloud-based solutions to IT and business teams.
• Conduct security review of infrastructure and business application initiatives.
• Conduct security risk assessment and vulnerability assessments for identified areas and applications and guide stakeholders for remediation of identified risks and vulnerabilities.
• Validated and tracked security breach.

TECHNICAL SKILLS

Routers: Cisco Catalyst 6500, 4500, 3560, 3750, 2960, Nexus 7000, Nexus 6000, and Nexus 5000, and Juniper EX, QFX and Alcatel 7705 SAR series

Switches: Cisco switches (3560, 3750, 4500, 4900 & 6500), Nexus (2248, 5548 &7010), Arista 7500, 7050,7300 series

Routing Protocols: RIP, EIGRP, OSPF & BGP, Route Filtering, Redistribution, Summarization, Static routing.

Switching Protocols: VTP, STP, RSTP, MSTP, VLANs, PAgP, and LACP.

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, FDDI.

WAN Technologies: FRAME RELAY, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems.

Secure Access Control Server: TACACS+/Radius.

Firewalls & Load Balancers: Cisco ASA 5585, 5550, 5540, Juniper SRX 5400, 5600, 5800, Juniper Netscreen 6500, 6000, 5400. Juniper SSG Firewalls, Check point, Palo Alto PA-3060/2050, F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810, A10 Load Balancers.

VOIP Devices & Wireless Technologies: Cisco IP phones, QOS, Avaya, CUCM, UCCX, CIPC and UCS. Wireless LWAPP, WLC, WCS, Standalone APs, Client Roaming, Wireless Security Basics, AP groups, WLANS, Cisco Prime Site Maps.

Network management: SNMP, Cisco Works LMS, HP Open View, Solar winds, ACI, Ethereal.

Layer 3 Switching: CEF, Multi-Layer Switching, Ether Channel.

Carrier Technologies: MPLS, MPLS-VPN.

Redundancy protocols: HSRP, VRRP, GLBP.

Security Protocols: IKE, IPsec, SSL, AAA, Access-lists, prefix-lists, CyberArk.

QOS: CBWFQ, LLQ, WRED, Policing/Shaping.

Monitoring Tools: Opnet, Info Blox and Solar winds.

Operating Systems: Microsoft XP/Vista/7,10, UNIX, LINUX, Redhat.

PROFESSIONAL EXPERIENCE:

Sr. Network & System Engineer

Confidential - Boston

Responsibilities:

• Performing standard network operations via ITIL standard with Incident Management and Change Management Access Management / CyberArk.
• Providing gateway redundancy using HSRP & creating ACL for layer-3 security.
• Configuring and troubleshooting layer-3 routing protocols like OSPF, EIGRP & BGP.
• Configuring application pool settings by modifying applicationhost.config.
• Implementing Application isolation and assigning applications of IIS to appropriate pools.
• Worked with Sup 2E for 7018 switch and F cards for L2 switching and few M cards for L3 proxy routing purposes for F cards.
• Worked on OTV to extend L2 VLANs between data centers over IP on Nexus 7018 switches.
• Configured IPSEC Site-to-Site VPNs to provide secure remote access to vendors and partners using SPA modules on Cisco 6500.
• Provide guidance to the Security Operations Center (SOC) team for resolution of alerts and incidents.
• Creating IP-prefix-list, route-map, offset-list and distribution list for performing route manipulations.
• To secure configurations of load balancing in A10, F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measure.
• Cisco ASA/Checkpoint Firewall troubleshooting, McAfee proxy servers and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Develop the knowledge of other security team members by conducting knowledge-sharing sessions.
• In-depth knowledge and experience with End-Point Security, SIEM, DLP, IRM, vulnerability assessment and patch management solutions.
• Experience on SAN, NetApp, sun, EMC storage with datacenters.
• Formulated resolution of highly visible vulnerabilities identified during Command Cyber Readiness Inspection, resulting in exceeding milestone date expectations.
• Monitoring and analyzing network traffic, IDS/IPS alerts, security events and logs.
• Triage and prioritization of incident response investigations.
• System hardening and auditing against industry baselines such as CIS, DISA STIGs, NIST, etc.
• Overseeing the Authorization and Assessment (A&A) process and the development, management, and reporting of Plans and Actions Milestones (POA&M).
• Experience with convertCheckpointVPN rules over to the Cisco ASA solution. Migration with both Checkpointand Cisco ASA VPN experience.
• Deployed Cisco 6500 series switches with SUP32 & SUP720 and, implemented VSS.
• Maintained Checkpoint 41000 and 61000 systems, juniper SRX3600 and PA-5050 firewalls.
• Worked on Enterprise application load balancing using A10, F5 BIG-IP LTM 6400 and Cisco CSM. Worked with application and system teams to investigate application high availability requirements to deploy the optimum Load Balancing mechanism and provided network-oriented support for end-to-end application life cycle management.

Environment: Check point Firewalls, ASA, Blue coat, VPN, VLANs, DMZ, Cisco IOS-XR, STP, RSTP, PVSTP, Citrix NetScaler, VTP, HSRP, Ether-Channel, BGP, OSPF, EIGRP, MPLS, ATM, PPP, HDLC, SNMP, TACACS+.

Sr. System Security Engineer

Confidential - Washington

Responsibilities:

• Installation of cisco routers and switches and its configuration.
• Knowledge in implementation, analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Adding and modifying the servers and infrastructure to the existing DMZ environments in based on the requirements of various application platforms.
• Provided security support and evaluation to development teams to integrate information assurance/security throughout the System Life Cycle Development of major and minor application releases.
• Conducted system security assessments based on NIST 800-53.
• Generated security documentation, including: security assessment reports; system security plans; contingency plans; and disaster recovery plans.
• Supported security tests and evaluations (ST&Es).
• Developed and institutionalized, strategic process to ensure accurate assessment of security baseline remains current to DOD compliancy standards.
• Provided expertise on IT-Security policies and guidelines, best practice approaches and solutions for compliance.
• Validated and tracked security breach.
• Designed IP Addressing schemes and Switch port assignments, Trunking and Ether-channel implementation.
• Provided daily network support for Global wide area network consisting of MPLS, VPN and point-to point site.
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Experience with F5 load balancers andCiscoload balancers (CSM, ACE and GSS).
• Provided 2nd level support for all Linux-related issues and On-call support for SAN infrastructure and storage services.
• Configured STP for loop prevention and VTP for Inter-VLAN Routing.
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• Performing network monitoring, providing analysis using various tools like Wireshark, Solarwinds etc.
• Configure Linux servers to access SAN and NFS.
• Troubleshooting Network Issues onsite and remotely depending on the severity of the issues and handling them at the earliest.
• Troubleshooting of connectivity problems using PING, Trace route.
• Monitored traffic and access logs to troubleshoot network access issues.
• Implemented and troubleshoot (on-call) IPsec VPNs for various business lines and making sure everything is in place.

Environment: Cisco 6505/2950/3550/3500/2960 Switches, Cisco 6500/7500/7200/3800/2800 Routers, Nexus5K, 7K, LTM, GTM, F5 Load balancer, Switching Protocols STP, VTP, RSTP and VLAN; Checkpoint, ASA, OSPF, BGP, EIGRP, RIP, LAN, WAN, SSL/VPN.

System Engineer

Confidential - Boston

Responsibilities:

• Working with design and deployment of MPLS Layer 3 VPN cloud, involving VRF, Route Distinguisher(RD), Route Target(RT), Label Distribution Protocol (LDP) & MP-BGP.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
• Deployed Juniper switches EX4500 and EX4200, routers M7i and M10i.
• Designing and configuring Overlay Transport Virtualization (OTV) on Cisco NX-OS devices like Nexus 7000
• Experience working with Nexus OS, IOS, CATOS and Nexus 7K, 5K & 2K Switches
• Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
• Automation of process using Python, bash and ksh scripts.
• Monitoring the NMS system for different Network Alerts.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Coordinating with service providers for WAN link outages.
• Deployment of F5 load balancers, migrating Cisco ACE load balancers to F5 load balancers
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
• Implemented QoS for Voice traffic.
• Experience with Bluecoat Proxy servers.
• Supporting EIGRP and BGP based network by resolving level 2 &3 problems of internal teams & external customers of all locations.
• Configuration of Access List ACL (Std, Ext, Named) to allow users all over the company to access different applications and blocking others.

Environment: Cisco 4510, 4948, 4507 switches, F5, NGX R55 and R65, Checkpoint, Fortinet, Bluecoat, Nexus 2148, 2224T, 5548, 6018, 7010 Cat 6509, VPC, VDC, VRF, VSS, Cisco ASA, BGP,VPLS, OSPF, EIGRP, QOS, VPM, andSwitch Stacking.

Jr. Network Engineer

Confidential - Dallas, TX

Responsibilities:

• Performed IOS upgrades/Password recovery on Catalyst 1900, 2900 series switches and 2500, 2600 series routers.
• Did racking, stacking, and cabling network-based, IT systems.
• Configured Access List ACL (Std., Ext, and Named) to allow users all over the company to access different applications and blocking others.
• Configuring of IP Allocation and sub netting for all applications and servers and other needs throughout company using FLSM, VLSM addressing.
• Troubleshot the issues related to L1 and L2 levels.
• Network maintenance checks, configure and manage printers, copiers, and another miscellaneous network equipment.
• Involved in trouble shooting of DNS, DHCP and other IP conflict problems.
• Configuration, LAN/WAN, Switch/Routing protocols.
• Troubleshooting complex LAN /WAN infrastructure that include routing protocols EIGRP, OSPF.
• Configured Access-lists, Distribution-lists, Offset-lists and Route Redistribution.
• Configured Ether channels, Trunks, VLans, HSRP in a LAN environment. Configured STP for loop prevention and VTP for Inter-VLAN Routing.
• Configured PVSTP+ for loop prevention and VTP for Inter-VLAN Routing.
• Implemented port aggregation & link negotiation using LACP and PAGP.
• Responsible for Data Backup, System Update, Recovery and Restore, and Spyware removal.
• Assisting Junior and Senior Engineers, on-site management of cable-wiring technicians.
• Troubleshoot problems on a day to day basis and documented every issue to share it with design teams.
• Providing documentation by creating MOPs and VISIO diagrams for the network designing team.

Environment: Cisco Routers 2500, 3600; Cisco Switches3500, 2900 and 1900 series; Catalyst 1900,2900 series switches; Routing protocols RIPv2, EIGRP, OSPF; Firewall Security Protocols: ACL, NAT, PAT.

IT Security Analyst

Confidential

Responsibilities:

• Performed IOS upgrades on Catalyst 1900, 2900, 3500 series switches and 2500, 2600, 3600 series routers.
• Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 Series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN, MAN, router/firewalls.
• Implemented and configured routing protocols like EIGRP, OSPF and BGP.
• Connected switches using trunk links and Ether Channel.
• Assisted in network engineering efforts consistent with the infrastructure of an Internet Service Provider.
• Helped in designing and implementation of VLAN for the inexperienced users.
• Used Network Monitoring tool to manage, monitor and troubleshoot the network.
• Resolving tickets raised by using IBM Internal CIRATS Tool.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
• Implemented redundant Load balancing technique with Internet applications for switches and routers.
• Support Network Technicians as they require training & support for problem resolution including performing diagnostics & configuring network devices.

Environment: Cisco 7200/3845/3600/2800 routers, Routing Protocols EIGRP, OSPF, BGP including VPN, MPLS and Ether Channels, IBM internal Tools