SUMMARY

• CCNP certified professional with around 7 years of extensive experience in network design, implementation, troubleshooting, engineering, managing and providing security which includes designing, deployment and providing network support.
• Investigate and troubleshoot all phases of network security issues using Managed Security Services which include, but are not conclusive of Firewalls, IDS, Proxies and Routers to ensure the security of client’s networks.
• Excellent knowledge of Juniper EX/SRX/J - Series platform, Routers/ASA/7K Nexus devices,Palo Alto Firewalls, Silver peak& Riverbed WAN optimization.
• Administer and configure F5 BIG-IP hardware load balancers.
• In-depth experience in implementing and troubleshooting VLAN’s, VTP, STP, RSTP.
• Experience on PIX firewalls, ASA (5540/5500) firewalls, NX-OS. Implemented security policies using ACL, firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Implementation of HSRP, VRRP for Default Gateway Redundancy
• Experience working on F5 load balancer in order to reduce the burden on the network.
• Experience Using Smart Update, User Management and Authentication in Checkpoint Firewall. Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point (R65, R70, and R77), Palo Alto,Juniper SRX and Cisco ASA.
• Well experienced in configuring URL whitelist and managing the Bluecoat Proxies.
• Experienced in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.
• Experience in implementing and troubleshooting routing protocols RIP, RIPv2, EIGRP, OSPF, ISIS and BGP to avoid delays and congestion in network.
• In-depth experience in areas related to L2 technologies which includeVLAN’s, VTP, STP, and RSTP.
• Experience with hosting SSL certificates on Citrix NetScaler and F5 platforms.
• Experience working with high performance data center switch like Nexus, ASR and Cisco ACE.
• In-depth knowledge and hands-on experience in Tier II ISP routing policies, network architecture, IP subnetting, VLSM, TCP/IP, NAT, DHCP, ARP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits.
• Exposure and hands on experience on Frame Relay, ISDN, Dial T1/E1, Point to Point Protocol, Authentication Authorization and Accounting (AAA) with different platforms of Cisco routers.
• Experience in layer-3 routing and layer-2 switching. Dealt with Nexus models like 7K, 5K, 1K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4900, 3750, 3500, 2900 series switches).
• Working knowledge with monitoring tools like Solar Winds, Zenoss, Spectrum, Cisco Security manager and network packet capture tools like Net scout, Wire-shark, SpectrumandSplunk.
• Experience on working scripting languages Python and Perl for code upgrades and configurations of devices.
• An efficient and adoptable person who follows an organized and well planned approach for troubleshooting engineering issues.
• A good team player and compatible to the system of company, who is ready to take up any responsibility given at any time.

TECHNICAL SKILLS

NETWORKING PROTOCOLS: HTTP, FTP, DHCP, DNS, TCP, SIP, VTP, STP, SNMP, ICMP

ROUTING PROTOCOLS: RIP, IGRP, IGMP, OTV, MPLS, EIGRP, OSPF, IS-IS, BGP, PIM.

REDUNDANCY AND MANAGEMENT: HSRP, RPR, NSF/NSR,GLBP

NETWORK MONITORING: Wireshark, solar winds, TCP dumps

LAN TEHCNOLOGIES: Ethernet, Fast -Ethernet, Giga -Ethernet, VLANS

WAN TECHNOLOGIES: Frame Relay, ISDN, ATM, MPLS, WAAS, leased lines & exposureto PPP, DS1, DS3, OC3, T1 /T3 & SONET and Riverbed

NETWORK SECURITY: Palo Alto PA 3060,Checkpoint(R65, R70, and R77),NAT/PAT, JunOSCisco ASA Firewalls, IPS/IDS, Juniper EX, SRX, MX, QFX,DMZSetup, CBAC, Cisco FWSM, ACL, L2VPN, L3 VPN, Netscreen, IOS Firewall

CISCO EQUIPMENTS: Cisco routers (7600, 7200, 3900, 3600, 2900, 2800 series) Cisco Catalystswitches (6500, 4900, 3750,4500, 2900, 2800 series)PIX Firewall (506/515/525/535 ),Cisco ASA, Firewall (5500/5510), Cisco ASR 9000 series,CiscoACE load Balancers.

OPERATING SYSTEM: Confidential XP/Vista/7, UNIX, Linux (Redhat, Ubuntu, Fedora)

SCRIPTING TOOLS: Python, Perl, HTMl, VBA &Powershell.

PROFESSIONAL EXPERIENCE

Confidential, Bellevue, WA

Sr. Network Engineer

Responsibilities:

• Worked as a part of network team where my daily tasks included configuring, monitoring and troubleshooting of IP networks.
• Design, implement, and develop network designs for applications used in TMO.
• Configured (Layer 2 & Layer 3) multi-vendor Routers, Ethernet switches and Load balancers (F5, A10 and etc.) to meet application requirements and Project demands.
• Worked on Checkpoint Firewall to create new rules and allow connectivity for various Applications.
• Implemented Firewall rules and Nat rules by generating precise methods of procedure (MOPs)
• Responsible for packet capture analysis, syslog and firewall log analysis.
• Experience with F5 load balancers and reverse proxy design and setup.
• Implemented Changes on Existing configurations for the applications on F5 and A10 load balancers.
• Configured Virtual server, service groups, Session persistence, Health monitors and Load balancing methods in new A10 LTMs.
• Configured WIDE IP and WIDE IP pool on F5 GTM’s to support load balancing between data centers.
• Configuring white listed websites in Bluecoat proxy SG devices. Added rules, static bypass and Proxy/URL filtering on bluecoat proxies.
• High-level network troubleshooting and diagnostic experience using Packet capture tools like Wireshark.
• Supported Operations team when complex changes are done by developing MOPs for network devices (routers, switches and A10 Load balancers) code upgrades, VLAN/IP migrations from old to new network topology without any service disruption.
• Worked on InfoBlox to create DNS Records (CName, A-Record and Host records) for corresponding Wide IP’s and Hosts as required.
• Developed detail template-based plans including: implementation, testing andbackout procedures for all network implementations, upgrades and modifications.
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms
• Assist in creating network design standards for hardware and software. Developing and maintain Network Documentation (Visio diagrams, Excel spreadsheets, Word documents, etc.) Configure and troubleshoot network elements in a test/dev environment.
• Gained extensive knowledge of GSM 1900 wireless technology performance application and various platforms, including Ericsson, Nokia, Nortel, Tellabs, Alcatel/Spatial, Comverse, and ATM technology.
• Managed all operations support documents and ensured that all applicable network management systems are integrated and tested prior to launch.
• Responsible for the successful delivery of all new products and services (voice, data and core) to Operations in compliance with release planning guidelines and reliability standardsfor Confidential .
• Participated in projects with cross-functional teams in contributing with feasibility analysis of new technologies and products as well as review functional designs and deployment procedures.

Confidential, Redmond, WA

Sr. Network Engineer

Responsibilities:

• Worked as part of delivery team where my daily tasks included code upgrades, prefix-list addition, and access-list addition using python script and on Linux platform based on tickets generated by customers.
• Worked on Automation tool called Autopilot an internal tool used for code upgrades and configuring of new devices at different data centers.
• Worked on BGP routing protocol, configuring BGP sessions and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960 routersand cisco ASR routers.
• Configuring firewall rules in Juniper SRX firewall using cli and NSM.
• Working on configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between different data centers.
• Implementing IPv6 addressing scheme for routing protocols, vlans, subnetting and mostly during up gradation of cisco ISR routers 2800/2900/3800/3900 and switches.
• Configuration and deployment of cisco ASA 5540 firewall for internet Access requests for servers, Protocol Handling, Object Grouping.
• Worked on Cisco wireless LAN technologies.
• Security configuration on Wireless LAN using protocols PEAP, EAP-FAST.
• Assigning RADIUS and TACAS for new deployments in production environment. AAA for users to implement changes on production devices. Most of these devices are cisco propriety.
• Worked along with Confidential operation center for monitoring traffic on the devices going to up-linksand divert traffic on to different routes after traffic level reaching threshold value.
• Generating audit reports by running automated scripts on various devices in order to check the layer 2 issues like errors on the links, port flappings.
• Analyzing the Audit report and work along with Data center teams to check the optics and troubleshoot issues.
• Coordinating along with Global data center teams located at different locations and work along with them for troubleshooting layer 2 issues.
• Worked onCitrixNetScalerloadbalancerforloadbalancing and failover across data center and between web servers
• Implemented IPv4 and IPv6 on PTX platforms.
• Assisting off-shore teams located in India in upgrades, VLANs configurations, in troubleshooting layer 3 issues and routing protocol issues mostly BGP.
• Documentation of various changes made on devices and submit them for approvals and work along with alerts team and intimate them the changes to be made.

Confidential, Bloomington, IL

Network Security Engineer

Responsibilities:

• Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls, installing and configuring new juniper EX,MX,SRX series firewalls to meet day to day work
• Adding and removing checkpoint firewall policies based on the requirements of various project requirements
• Worked on load balancers like F5 10050s, 10250v, GTM 2000s, 2200s to troubleshoot and monitor DNS issues and traffic related to DNS and avoid DDoS
• Deployment of Palo Alto firewall into the network. Configured and wrote Access-list policies on protocol based services
• Configured network access servers and routers for AAA security (RADIUS/ TACACS+)
• Troubleshooting of protocol based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow
• Worked on DNS server involving configuration and resolving DNS related issues
• Writing rules for NAC servers as per the authentication and authorization of systems within the company.
• Monitoring the network access points with the help of IBM QRadar and Cisco prime infrastructure.
• Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place
• IPv6 is implemented at a larger scale using cisco ASR 7200 and 9000 series routers delivering flexible service
• Installing and configuring new cisco equipment including Cisco 1900, 2900, 3900 series routers,Cisco catalyst switches 6807, Nexus 7010, Nexus 5500 and Nexus 2k as per the requirement of the company
• Worked on regular troubleshooting of BGP, EIGRP routing protocols
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms
• Developed CTI applications with CTIOS
• Managing and providing support to various project teams with regards to the addition of new equipment such as routers, switches and firewalls to the DMZs
• Working closely with Data center management to analyze the data center sites for cabling requirements of various network equipment

Confidential, Napa, CA

Network Engineer

Responsibilities:

• Experience with Firewall administration, Rule analysis, Rule modification
• Experience on F5 load balancer in order to maintain balance in the network systemwith application specific usage
• Troubleshoot traffic passing managed firewalls via logs and packet captures
• Installing and configuring juniper M series router along with juniper switches QFX series
• Configured and resolved various OSPF issues in an OSPF multi area environmentmostly on IPv4 and to some extent on IPv6
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team
• Hands-on experience with WAN (ATM/Frame Relay), routers, switches, TCP/IP, routing Protocols (BGP/OSPF), and IP addressing
• Configured CIDR IP RIP, PPP, BGP and OSPF routing
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, OTV, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms
• Deployed 7613 as PE and CE router and configured and troubleshoot the edge routers
• Excellent troubleshooting knowledge on T1, T3, OC-3 and OC-12
• Configured egress and ingress queues for ISP facing routers using CBWFQ
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems
• Experience with implementing and maintaining network monitoring systems (Cisco works and HP open view) and experience with developing complex network design documentation and presentations using VISIO
• Estimated project costs and created documentation for project funding approvals

Confidential

Network Engineer

Responsibilities:

• Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include
• Configured firewall logging, DMZs, related security policies and monitoring
• Creating private VLANs & preventing VLAN hopping attacksand mitigating spoofing with snooping & IP source guard
• Installed and configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN on Cisco PIX Firewall
• Enabled STP enhancements to speed up the network convergence that include Port-fast, Uplink-fast and backbone-fast
• Other responsibilities included documentation and change control
• Responsible for Configuring SITE-TO-SITE VPN on Cisco routers between headquarters and branch locations
• Implemented the security architecture for highly complex transport and application architectures addressing well known vulnerabilities and using access control lists that would serve as their primary security on their core & failover firewalls
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems
• Used various scanning and sniffing tools like Wire-shark
• Hands on experience working with security issue like applying ACL’s, configuring NAT and VPN
• Documenting and Log analyzing the Cisco PIX series firewall
• Configured BGP for CE to PE route advertisement inside the lab environment