SUMMARY

• Certified Network Engineer with around 8 years of experience in network design, planning, strategy, network security, NOC, SOC, implementation, incident & change management, and service delivery.
• Strong knowledge in Routing, Switching, Wireless, Load Balancing, and Security concepts.
• Hands - on experience in installing, configuring, and troubleshooting IP networks with wide range of routers including (Cisco: ASR 9k,1000, 7200 VXR, ISR 4000, 3900, 3800, and 2800 and Juniper: ACX 500, ACX 1000, PTX 1000) and Switches including (Cisco: Nexus 7K and 5K, 2K, Catalyst 6500, 4500, 3850, 3650, and 2900, Juniper: EX 2200, EX 4550, and EX 4600) and HP ProCurve switches.
• Experience in setting up and maintaining perimeter security by using Cisco ASA/PIX, ASA Firepower, Fortinet 3340, 900D and Palo Alto firewalls.
• Hands on Experience in implementing and maintaining Interior gateway routing protocols such as RIP, OSPF, EIGRP, and Exterior gateway protocol BGP.
• Hands on experience in setting up enterprise level Wi-Fi Networks by using Cisco Wireless and Aruba Wireless.
• Experience in designing and setting up high availability networks by using various redundancy protocols (HSRP, VRRP, GLBP).
• Experience in troubleshooting IP services like DHCP, DNS.
• Implemented traffic filters using Standard and Extended ACL’s, Distribute-Lists, and Route Maps.
• Managed firewall policies that employ NAT, application layer gateways, and policy-based VPNs.
• Experienced in configuring Site-to-site IPSec, and Remote SSL VPN on router IOS platforms and different vendor firewalls.
• Experience in creating virtual domains and multiple contexts for running multiple instances of firewalls on single hardware firewall box.
• Hands on experience in switching concepts VLAN’s, Private VLAN’s, DHCP Snooping, VTP, STP, port aggregation, and stacking of switches.
• Capable of planning and implementing WAN technologies including E3, E1, T1, T3, ISDN, HDLC, PPP, Frame Relay, ATM and MPLS VPN.
• Performed backup of device configuration by using TFTP server and ARCSERVE tape backup.
• Implemented IPv4 migration to IPv6 (NAT-PT, Tunneling, etc.).
• Experience in using various network traffic analysis and network management systems (CA Spectrum, Solarwinds, and Wireshark).
• Day-to-day administration, management, maintenance and monitoring of network and network security devices using CiscoWorks, SDM, PDM, ASDM-IDM.
• Experienced in setting up Syslog server for network log collection and analysis.
• Implemented RADIUS/TACACS+ servers to administer user accounts.
• Experience in configuring F5 LTM load balancers.
• Worked in a Data center environment. Handled critical outages and developed different ideologies to reduce the network downtime.
• Ensure all backup data configurations are in-place and working when needed in case of a network failure to speed up network recovery.
• Good knowledge in IT security governance and compliance standards for different industries such as HIPAA, SOX, NIST, and COBIT frameworks.
• Can clearly differentiate between priority tasks. Capable of executing tasks in an orderly fashion.
• Good knowledge in vulnerability assessment.

TECHNICAL SKILLS

Routers: Cisco (ASR 9k, 1000, 7200 VXR, ISR 4000, 3900, and 3800) Juniper (ACX 500, ACX 1000, PTX 1000)

Firewalls: Cisco (ASA 5510, 5520, 5540, Firepower 5516-X), Fortinet (3040B, 900D), Palo Alto (PA3020, PA3050, PA 3060).

Switches: Cisco Nexus 7K, 5K, and 2K, Catalyst 6500, 4500, 3850, 3650, 2900Juniper EX 2200, 4550, and EX 4600

Load balancers: F5LTM and GTM.

VOIP devices: Cisco IP phones

WAN technologies: Frame relay, ISDN T1/E1, PPP, ATM, MPLS, leased lines

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, 10G, Token ring, FDDI.

Carrier technologies: MPLS, MPLS-VPN

Routing Protocols: RIP, OSPF, EIGRP, BGP

Switching protocols: VTP, STP, RSTP, PVSTP, PAgP, and LACP

Redundancy protocols: HSRP, VRRP

Security protocols: IKE, IPsec, SSL, AAA, Access-lists, prefix-lists.

Network management: SNMP, Cisco Works, Solar winds, Wireshark, CA Spectrum, HP Airwave, Firepower Management Center (FMC).

Ticketing tools: CA service desk, Remedy

PROFESSIONAL EXPERIENCE

Confidential, Sacramento, CA

Network Infrastructure Consultant

Responsibilities:

• Senior Network infrastructure consultant Confidential & Confidential consulting.
• Provide support for network and security operations for multiple accounts.
• Supported a network consisting of data center & 140 remote sites.
• Reviewing existing WAN Network and proposing changes for improving the stability and security posture of the network.
• Troubleshooting network issues related to MPLS VPN WAN, EIGRP, and BGP routing protocols.
• Troubleshooting network issues related to L3 and L2 switching (Nexus 7k, 2k, and Catalyst 6500).
• Performing network data and security log audits.
• Performed a complete switch refresh for upgrading existing remote site switches to new HP 2530 POE switches.
• Developed complete configuration files for all the new HP switches.
• Maintained LAN with flat network and WAN with MPLS.
• Designed a VLAN solution for migration of existing flat network into hierarchical network.
• Working with Panorama security manager for managing Palo Alto firewalls.
• Performing changes to Fortinet firewalls by using Forti Manager.
• Creating, monitoring, and troubleshooting IPSEC site to site Tunnels, and SSL VPN’s.
• Design and Implement new wireless solution with HP Aruba Wireless.
• Implemented a complete project for migrating from Cisco wireless to Aruba wireless.
• Installed Aruba Airwave for management and Clear Pass policy manager for policy management and authentication.
• Configured Aruba wireless IAP’s for meeting the specified requirements of the client.
• Created a design solution for incorporating Riverbed WAN optimizers into the network.
• Configured and verified the Riverbed WAN optimizers for optimizing the MPLS WAN traffic between data center and remote sites for client.
• Worked with Riverbed Cascade Gateway for collecting data from network devices using NetFlow.
• Worked with Solarwinds NPM, Confidential & Confidential digital Hands & Security on demand for network monitoring and troubleshooting environment.
• Created new Network design for incorporating ASA next gen firewalls (ASA 5516-X) into network.
• Configured and Implemented complete firewall deployment project which consists of Cisco ASA 5516-X firewalls with IPS functionality, and Firepower Management Center (FMC) for centralized management of firewalls.

Environment: LAN, WAN, Data Center, MPLS, Cisco 7206 VXR, Cisco ISR 4431 routers, Cisco ASA 5516-X, Fortinet 3000D and 900D firewalls, Palo Alto firewalls, Cisco Nexus 7010, 5596, Nexus 2K FEX, Cisco Catalyst 6509 switches, HPE 2530 POE Switches, Cisco wireless controller, Cisco WAP’s, Aruba Wireless controller, Aruba IAP’s, Access-lists, IPSEC tunnels, FORTINET IPS, VPN, NAT, Solarwinds NPM, Cisco Firepower Management Center (FMC).

Confidential, Portland, OR

Senior Network Engineer

Responsibilities:

• Provides support for existing network technologies/services & integration of new network technologies/services.
• Resolving network performance and connectivity issues on the wireless and wired network.
• Designing, Provisioning, Implementing, and Managing Network &Security devices.
• Played responsible role in implementing, and configuring new Fortinet firewalls in the existing network.
• Created virtual domains in Fortinet firewall for rendering proxy services.
• Created virtual IP’s for NAT.
• Configured IPSec, SSL, and site to site VPN’s on cisco ASA and Fortinet firewalls.
• Performed IOS Software upgrades on nexus switches and catalyst 6509, 4510, 3750 switches.
• Modifying UTM policies for applying to separate groups by using next gen firewalls.
• Administration of Cisco 4200 series IPS sensors.
• Monitoring traffic logs from IPS devices and analyzing traffic by using Wireshark.
• Configuring and implementing F5 BIG-IP LTM load balancers to balance local traffic.
• Created iRules for diverting traffic to required pools.
• Used iRules for separating and targeting respective pools based on traffic type.
• Written iRules to divert traffic to a specific server in the pool.
• Implemented Infoblox DDI for rendering seamless DNS, DHCP, and IP management services.
• Network/Security related responsibilities:
• VDC, VLAN configuration in switches
• Trunking, port aggregation in switches
• Resolving connectivity issues with IP telephones.
• LAN cabling Confidential the data center and IDF rooms.
• Configuring VPN’s Cisco ASA and Fortinet firewalls.
• NAT and ACL rules in routers and Monitoring data center devices and links.
• Operate and maintain the following networking equipment:
• Cisco ASR 9010, 1006 and 7200 VXR routers.
• Cisco Nexus 7000 switches for core.
• Cisco Nexus 5597 with nexus 2000 fabric extenders (FEX).
• Cisco catalyst 6500 switches.
• Cisco catalyst 4500 and 2900 switches.
• Cisco 5500 Wireless LAN controller.
• F5 LTM for local traffic load balancing.
• Infoblox DDI for managed network services.

Environment: LAN, WAN, Data Center, Cisco 7206 VXR and ASR 9010, 1006 routers, F5-LTM, Infoblox, Cisco ASA5505, 5506-X, Fortinet 900D firewalls, Cisco Nexus 7018, Nexus 56128P, Nexus 2338TQ FEX, Cisco Catalyst 6509, 4510, 3750, 2900 switches, Cisco 4200 IPS sensors, Cisco 5500 wireless controller, Cisco Aironet WAP’s, Access-lists, VPN, NAT.

Confidential, Kalamazoo, MI

Network/Security Engineer

Responsibilities:

• Responsible for maintaining and ensuring the proper functioning of all network devices (i.e. Juniper routers/switches, Cisco Routers/Switches, Juniper Netscreen firewalls, Cisco ASA Next generation firewalls, and F5 load balancers (LTM)).
• Configured and provided support for juniper Netscreen firewalls.
• Configured and provided support for cisco ASA next gen firewalls and FWSM modules.
• Processed creation of VPN requests for remote users and site to site services.
• Implemented and maintained Bluecoat proxy for rendering proxy services for end users.
• Created granular configurations in bluecoat proxy for assigning specific internet resources to each user.
• Implemented F5 LTM and created iRules for load balancing the traffic.
• Written iRules for redirecting HTTP traffic in F5 load balancers.
• Escalating and working with product vendors for unresolved issues and following up with them till the closure of the issue.
• Worked on Change Control tickets, prepared knowledge base for all the incidents, change and problems resolved.
• Prepared SOP (Standard Operations Procedures) and shared it with customers and internal teams for resolving issues.
• RSA - Assigning RSA Token & Configuration of RSA secure ID for the users.
• Implementation of IDSM module in catalyst 6500 for IDS services.
• Analyzed logs in Syslog server generated by IDS, IPS, firewall, router and switch devices.
• Created reports of network utilizations.
• Participated in Planning, designing, and documentation of projects and movements for the global networks:
• Migration of network segments from flat to hierarchical architecture.
• Migration of network connections from unsecured connections to securedconnections.
• Upgrade of LAN connections, such as adding switches for redundancy, capacity planning, and stacking of switches.
• VPN design for remote offices.
• Implementation of Client IT network security policy:
• Configuration of TACACS+ (Cisco ACS) on network devices.
• Configuration and support for OSPF and BGP protocols on routers.
• Configurationand support for VLANs on switches.
• Implement VPN connections for the following:
• Site-to-site VPN connection for each major office.
• SSL VPN connections for third parties connecting to client offices.
• Configured Remote access VPN for employees.
• Monitor Client’s global network:
• Juniper Netscreen and Cisco ASA Next Gen Firewalls.
• Cisco Routers (2600XM, 3600, 3700, 7200).
• Cisco Catalyst Switches (2950, 3550, 4500, 6500).
• Cisco Wireless Access Points (1235AP).
• Traffic from leased lines.
• Cisco IDS/IPS.
• Trouble Ticketing and Problem Escalation:
• Router, switch, and WAP connectivity.
• Internet access for each site.
• VPN connectivity (site-to-site, and RAS).
• Works closely with international carriers and local admins for troubleshooting the network.
• Implementation of IDSM module in catalyst 6500 for IDS services.
• Analyzed logs in Syslog server generated by IDS, IPS, firewall, router and switch devices.
• Migration of firewalls:
• Worked with team for designing migration plan from juniper Netscreen firewalls to Cisco ASA 55XX-X firewalls.
• Created rule base for cisco ASA 55XX-X firewalls for access control and IPS.
• Implemented cisco fire power management for management of cisco ASA next gen firewalls.

Environment: LAN, WAN, Cisco 7200, Juniper ACX 1000, PTX 3000, Juniper Netscreen, Cisco ASA, Bluecoat Proxy, F5 Load Balancer, Cisco catalyst 6509, 4510, 4506, 2900 series switches, IPSec VPN, SSL VPN, Site-Site VPN, Access-Lists, and NAT.

Network/Security Engineer

Confidential

Responsibilites:

• Data centre environment for a client and responsible for NOC and SOC operations.
• SOC operations including: resolving change tickets of VPN, virtual IP’s, NAT and ACL’s.
• Installed, and configured Cisco routers (7200, 3600, and 2800) and Cisco switches (6500, 4500, 2950 and 1900 series).
• Implemented static routing, routing protocols (OSPF, and BGP), switching (VLANS, VTP Domains, STP, and trunking).
• Implemented 3 tier architecture in the network segregating and deploying core, distribution, and access layer switches.
• Implemented and maintained SYSLOG and AAA server.
• Maintained Datacentre LAN.
• Configured and maintained Cisco ASA and Fortinet firewalls.
• Installed and configured Cisco and Ubiquity wireless devices.
• Configured and managed VLANs and Inter-VLAN communication.
• Monitored Leased Lines using PRTG.
• Monitored network devices (routers, switches, firewalls, and wireless access points) using one click spectrum software.
• Monitored and maintained backbone Optical Fibre Cable (OFC).
• Performed backup operation of routers, and switches configuration by using TFTP.
• Implemented migration project of updating Cisco ASA firewalls to Fortinet firewalls.
• Installed and configured Fortinet firewalls from scratch.
• Configured HA between Fortinet firewalls.
• Configured IPSec and SSL VPN’s on Fortinet firewalls

Environment: LAN, WAN, Cisco ASA, Cisco PIX, Fortinet 3340B, Cisco 7200 and 3945 ISR routers, Cisco catalyst 6509, 4510, 4506 switches, Cisco 2900 access switches, Cisco WAP’s, Ubiquity wireless devices, IPSec VPN, SSL VPN, Site-Site VPN, Access-Lists, and NAT.

Confidential

Network Administrator

Responsibilities:

• Implementation and maintenance of WAN connectivity using Leased line setup as primary links and ISDN as a backup.
• Generated daily, weekly, and monthly reports of machine stations that are down due to leased line failure.
• Worked with the onsite engineers to address and resolve the network issues.
• Documented all the root causes for occurred network issues and implemented necessary preventive measures.
• Resolved common LAN problems such as Cable issues, IP conflicts, DHCP renewals, and switch port errors.
• Installed and configured standalone and network printers.
• Coordinated and executed software and hardware updates for cisco switches and D-Link vendor modems.
• Coordinated with service providers for resolving link related problems.
• Commissioned, Installed, and maintained Channelized E1 networks and ISDN.

Environment: LAN, WAN, leased lines, ISDN, channelized E1’s, D-Link Modems, Cisco 3600, 2600 routers, Cisco catalyst 3550, 2900 switches

Confidential

Jr. Network Administrator

Responsibilities:

• Level 1 system and network administrator for solving common technical difficulties for users with assistance from senior engineers.
• Identifying and correcting common problems associated with IP addressing and host configurations.
• Configuring, verifying & troubleshooting of static and default routes for a given specific requirement.
• Manage IOS configuration files. (Including: save, edit, upgrade, restore).
• Implementing basic router security. (Assigning user mode, privilege mode passwords)
• Configuring and verifying a basic WAN serial connection.
• Configuring and verifying a PPP connection between Cisco routers.
• Troubleshooting WAN connectivity issues.
• Verifying router and switch operations using basic utilities (including ping, traceroute, telnet, SSH, ARP, ipconfig), SHOW & DEBUG commands.
• Installed operating systems in client desktops and updated patches.
• Installing new routers, switches, and wireless access points Confidential the client location and performing the basic configuration.

Environment: LAN, WAN, Initial configuration, Cisco 2600, 2800, 2811XM routers, Cisco catalyst 3550, 2900 switches, Cisco WAP’s, Windows operating systems.