SUMMARY

• 7.3 years of experience in CISCO Routers & Switches, Security Firewalls and Network Security.
• Deployment and configuration of Palo Alto (PA - 7050, PA-5050, PA-5000, PA-4000, PA-3000 series) firewalls, Checkpoint R65, R76, R77, R80 series and CISCO ASA 5000/5500 series firewalls.
• Experience in deploy and configuration of Nexus 9k, 7K, 5K and 3K series data center switches with application centric infrastructure (ACI) solution fabric.
• Worked with Cisco routers (7200, 4330, 3800, and 2800) and Cisco switches (6500, 3700, 4900, 2900, 9300 and 9500).
• Executed the Silver Peak SD - WAN implementation solutions for customer networks.
• Performed troubleshooting and Configuration of Aruba wireless LAN infrastructure devices.
• Configuration and monitoring of Automation scripting language using Ansible Scripting.
• Worked on AWS Key Vault services to protect and secure the data for cloud applications.
• Implemented and configured F5 BIG IP 3900 GTM, BIG IP 8900, 4000 and 4200 series load balancers.
• CCNA - Switching and Routing Certified Associate

TECHNICAL SKILLS

Security Firewalls: Palo Alto (PA-7050, PA-5050, PA-5000, PA-4000, PA-3000), Checkpoint (R65, R 76, R 77, R 80) and Cisco (ASA 5000/5500 )

CISCO routers & switches: 7200, 4330, 3800, and 2800 routers & 6500, 3700, 4900, 2900, 9300 and 9500 switches and Nexus 9k, 7K, 5K and 3K data center switches

Programming & Scripting: Ansible Languages

Cloud Platform: AWS cloud platform

Load Balancer: F5 BigIP LTM & GTM series (BIG IP 3900, BIG IP 8900, BIG IP 4000 and BIG IP 4200)

System Administration: Windows 2000/XP/2003/7/9/10, Linux

PROFESSIONAL EXPERIENCE

Confidential, Cincinnati, OH

Senior Network Security Engineer

Responsibilities:

• Creating VLANs and configuring port security on Cisco 9200 and 9300 switches.
• Maintenance of VLAN, VTP, RSTP, VLAN’s Trunking, TCP/IP, SNMP, FTP, TFTP ether channel (LACP and PAGP) and troubleshooting inter-VLAN routing.
• Replacing Cisco 3750 switches to 9200 series switches.
• Configuring Ether channel’s / Port channels on switch ports to increase bandwidth and load balancing.
• Configuration, Troubleshooting, and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000
• Firewall Migrations from Legacy to Palo Alto firewalls using migration tool from PAN
• Performed the installation and configuration of Palo Alto 5k,7k series firewalls using Panorama
• Implemented security profiles such as Threat prevention and PAN-DB in security policies on Palo Alto
• Support in maintaining Aruba VPN connectivity.
• Configured/Automate 500+ Dell S4048/S6000 bare metal network switches with Cumulus open platform for data center using Ansible and Python.
• Proficient in Checkpoint, Cisco, Juniper, Lucent, Fortinet, and Blue Coat technologies.
• Collaborated with users to resolve network connectivity issues both wired and wireless for Aruba Networks.
• Performed Design, implementation and maintenance of AWS backend infrastructure.
• Executed the set up of VMware VDI and integrating it with the Microsoft Active Directory for Authentication and Cisco ACI for Network.
• Understanding of Cisco ISR4000 router series (SD-WAN a plus), Catalyst 9000 switching including MGig for wireless, stack connectivity and VLAN's.
• Worked with VM segmentation (VMware NSX, Illumio, vArmour, GuardiCore), Firewall management and auditing (Fire Mon, Tufin, AlgoSec, RedSeal, Skybox, etc.) Sandboxing and Analytics (FireEye, Damballa, Check Point, Fortinet, Panorama and Palo Alto) Network packet brokers (Gigamon, IXIA and NetScout)
• Developed an executable application that securely transfers files and creates folders in AWS S3.
• Created Lambda functions in AWS for Application development to manage S3 security.
• Created Server-less Architecture for on-premise Application Migration to AWS cloud.
• Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a Spine and Leaf architecture.
• Involved in software upgrade on illumio firewalls.
• Implementing and managing F5 BIG-IP load balancing, including GTM, APM, ASM, and custom I Rules development.
• Provided (ODL) Open daylight, Dockers Swarm container support using LINUX and Heat Orchestration and also controlling network flows for Automation update using Dockers, Ansible Playbooks Yang model and NETCONF Devops tools.
• Deployment of the Azure Cloud infrastructure and integrating it with Cisco ACI Fabric including the APIC Cluster, Leaf and Spine Switches and integrate them with different Cisco Nexus 2232, 2248 fabric extender for better Network Performance and Manageability.
• Configured, managed, and troubleshooting of remote Cisco routers, switches and ARUBA access points.
• Implemented Hot Standby Router Protocol (HSRP) to provide the high availability.
• Experience working on Cisco ASR 1001, 1001X, 1002, 1002HX, 1002X, 1009X series routers and ISR 900, 1000, 4000 series routers.
• Built out and managed the Windows/VMware Virtual and Cloud Infrastructures and also integrated them with Cisco ACI.
• Expertise in Palo Alto, checkpoint, illumio and Fortigate firewalls.
• Hands-on knowledge on Citrix NetScalar, F5 Big-IP Load balancing (LTM & GTM) method implementation and troubleshooting.
• Redistribution of OSPF and EIGRP into BGP with the correct tagging parameters.
• Implemented the BGP configuration for redundant internet by using BGP attributes, Route maps, and prefix-lists.
• Performed all maintenance tasks on the Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers Infoblox DNS and Cisco ACI
• Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
• Participated in data center architect for future fabric protocol including Cisco ACI/APIC pilot
• Configured Aruba access points and performed troubleshoot connectivity issues with Aruba access points.
• Deployed VXLAN on Nexus 9000 to map the physical VLANs to the Virtual Overlay VLANs.
• Deployed the Nexus 9000 Application Virtual switch to support network telemetry applications and 9000 Core with VPC and 3172 TOR.
• Upgraded the load balancers from Radware to F5 BigIP v9 which improved functionality and scalability in the enterprise.
• Involved in modifying, creating and deleting security policies and troubleshooting traffic flows in illumio firewall
• Collaborated with Cisco Channel partners to build practices around Cisco ACI
• Knowledge of DOS/Terminal functionality, Windows XP/7/8, iOS devices, Unix/Linux, Basic Perl/Python, Nmap, ESXI 5.1, VMware vSphere 5.0, Metasploit with Armitage, Penetration Testing, and usage of Qualys Guard Vulnerability Management/Policy Compliance/WAS/ Asset Management / PCI.
• Integrated all the network devices into Solarwinds using SNMP discovery protocol.
• Worked on updating the SSL certificates to the application URL using the F5 LTM and F5 GTM.
• Configured policies on ASM using manual and auto policy enforcement with F5 ASM, LTM, and APM.
• Worked on load balancers F5 to troubleshoot and monitor DNS issues and traffic related to DNS.
• Developed a python script, which will parse all trace files and calculate throughput, latency and drop rate.
• Deployed SD-WAN solution using VIPTELA Router.
• Configured and administered firewalls which includes Checkpoint, Juniper and Cisco ASA.
• Participated in Python and automation Rest APIs integrations.
• Involved in the Neaten Datacenter Cloud Architecture using Cisco ACI and Nexus 9K
• Automated network implementations and tasks design monitoring tools using python scripting.
• Examined the 3rd party audits to validate compliance with customer (HIPPA, PCI) standards.
• Maintenance and expansion of the Cisco ACI Network Centric infrastructure including ASRs, ISR, ASAs, Source file, 9k and 7k switches.
• Configured F5 Big-IP LTM 6400 and performed the troubleshooting of F5 load balancers.
• Configured and implemented Network Infrastructure monitoring, alerting, backups, and system management solutions built on Linux Firewall and ACL security implementations.
• Worked on segmenting the applications by using Illumio firewalls and reduce the risk of data breaches.
• Created end to end documentation of projects using Visio and Word.

Confidential, NYC, NY

Senior Network Security Engineer

Responsibilities:

• Experience on Operating in panorama, Palo Alto user interface version 8.0.2 and VM-300 series firewalls
• Creating or Modifying Firewall rules on Palo Alto VM-300 and Juniper SRX-240 devices.
• Performed Migration of firewall and VPN platform to Palo Alto for Private cloud solution.
• Experience in Migration of VPN solution from Cisco ASA 5540 to Palo Alto PA-3020 with the Global connect VPN client.
• Configured Cisco ISE and switches to authenticate and authorize devices and users.
• Experienced in performing backups and upgrades from time to time on different type of firewalls mostly on Palo Alto and Cisco ASA firewalls.
• Configuration and provided support for Nexus 5548, 5596, 5010, 2020 and 9372 switches in a Fex based architecture.
• Network security including NAT/PAT, ACL, and ASA/SRX/Palo Alto/Fortinet Firewalls.
• Developed the NGFW (NextGen Firewall) Datacenter Cloud Architecture, using Cisco ACI and Nexus 9K.
• Worked on Cisco ACI, NXOS and IOS, QoS, data center network design, cloud infrastructure design and management, OSPF, BGP, VLAN Trunking.
• Configuration of RF devices such as subscriber units, access points and also the troubleshooting of customer WAN issues.
• Implemented the Gold Standard configuration to Cisco IOS-XR/NX-OS, 7609, 7606, 6500, OAM routers, Bearer routers and Juniper M320/MX960 routers according to the MOP in to MIPE network which is connected to the Common Backbone (CBB) network
• Configured and tested the ACI, distribute-list, prefix-list and route-map for on-demand routing and use of sub-optimal timers and link aggregation for failover providers.
• Trained the team in designing SD-WAN (Viptela) solution for Customer Networks.
• Experienced on Enabling Azure Defender on subscriptions to protect our Azure and hybrid resources to protect management ports of VMs with just-in-time and adaptive applications controls.
• Experienced in defining cloud security controls for an Azure environment at an Enterprise level for DecOps.
• Performed troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Involved in Azure Security including RBAC, Azure Security Center and Azure Monitor
• Developed Python scripts for version upgrade of routers and day to day maintenance.
• Installed and configured Meraki wireless device.
• Implemented Packet capture Analysis like TCP dump, Wireshark and SolarWinds and curl commands to troubleshoot F5 issues.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Provided application level redundancy and availability by deploying F5 load balancers LTM.

Confidential

Network Engineer

Responsibilities:

• Joined as an Intern and got promoted as an Associate with having experience in Cisco Wireless Controllers (2500/5500), Cisco Routers (2800, 1900), Cisco Switches (2960, 3850).
• Performed proactive monitoring of Cisco Wireless Controllers and Access Points, Cisco Routers and Cisco Switches across the world.
• Executed IOS code upgrade of the Wireless devices (WLC) through Cisco Prime Infrastructure Tool and remotely using console / TFTP with the help of FE.
• Engaged in taking backup of devices (WLC / Routers/ Switches/Firewall).
• Configured IPSEC tunnels on Firewall and Router. Configuring rules/policies on firewall.
• Configured Remote VPN for required Users.
• Performed Configuration of Radius, Tacacs Authentication on devices.
• Configuration of Switches and Routers.
• Involved in ITIL disciplines such as Incident, Problem Management.
• Created various reports (Health, Memory Utilization, CPU Utilization and Bandwidth Utilization).
• Communicated with the clients on a daily basis for live troubleshooting.