SUMMARY

• Cisco Network Engineer with 8+ years of extensive experience in Network Engineering, performing Network analysis, design, implementation, and capacity planning with a focus on performance tuning and support of large Networks.
• Extensive experience in Cisco Routing, Switching, and Security with strong Cisco hardware/software experiences with Cisco Routers such as 1900, 2900, 3900, Cisco ASA, Cisco Multilayer Switches 4500, 6500, and knowledge of Cisco Nexus 2k/5k/7k.
• Experience with deploying and troubleshooting LAN, WAN, Frame - Relay, and Ether-channel Experience in Configuring & implementing VLAN, VTP, LAN switching, STP, and 802. X authentication in access layer switches.
• Strong understanding of DNS, NFS, SMTP, HTTP/HTTPS, TCP/IP, and UDP upgrades & configurations for Cisco products.
• Experience configuring and troubleshooting routing protocols RIP, OSPF, EIGRP, BGP, and MPLS.
• Good experience monitoring and troubleshooting Cisco's ASA Firewalls and Checkpoint firewalls.
• Hands-on experience on Cisco 2960, 3650, 3750, 3850, Cat 4500X, Cat 6500, Cat 6880, and Cat 9k series switches in an Enterprise environment. Experience Installing, configuring, and troubleshooting Nexus 2k, 3K, 5K, 7K, and 9K in Datacenter.
• Experienced in resolving, creating, and repairing tickets.
• Good understanding of F5 APM, AFM, and ASM modules.
• Managed URL filtering, File blocking, and Data filtering by Palo Alto firewall, and Barracuda NG Firewalls
• Good knowledge and hands-on experience in IP Addressing, Subnetting, and Ping Concepts and Traceroute.
• Hands-on experience configuring Viptela devices and creating device and feature templates on vManage required for SD-WAN implementation.
• Providing troubleshooting solutions to the second level and resolving randomly occurring problems.
• Sound knowledge of Routing and Switching concepts and MPLS design.
• Monitoring of firewalls and Configuring and Managing Firewall Clusters.
• Strong hands-on experience on PIX Firewalls, ASA (5540/5550) Firewalls, and Palo Alto Firewalls.
• Configured Citrix ICA policy for multiple apps on NetScaler and F5 APM devices.
• Working knowledge on configuring access lists. Troubleshooting DNS/DHCP issues within the LAN network.
• Worked on the configuration and installation of Cisco Nexus 3k, 5k, and 7k series switches.
• Expertise in IP subnetting and worked on various designing and allocating various classes of IP addresses to the domain.
• Upgrading system images on Nexus 5k and 7k multi-layer switches using kick start and FTP server.
• Efficient use of Microsoft VISIO/Office as technical documentation and presentation tools.
• Extensive knowledge of computer hardware and software applications.
• Involved in Configuring and implementing of Composite Network models consists of Cisco 7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 3550, 3750, 5000, 6500 Series switches.

TECHNICAL SKILLS

LAN/WAN Technologies: IEEE 802.1q, HSRP, GLBP, Ether-Channel, NAT/PAT, IPSEC VPN, SSL VPN, AAA, BGP, OSPF, MPLS, WAAS

Routing Protocols: OSPF, EIGRP, BGP, RIP for IPv4/IPv6, PBR, Route redistribution, Route filtering, Summarization, Static route

Routers/Switches: Cisco 7200, 3845, 3660, 2921, 2691 series routers/3500, 3800, 4500, 6500, 6880 switches, JUNOS, IOS, IOS-XR, Arista EOS

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning Tree Protocols like PVST+, RSTP+, Multi-Layer Switching, Port security

Network Security Technologies: Cisco ASA, Cisco Firepower, Checkpoint, Palo Alto (PA-4000/PA-2000), Fortinet

Cloud: AWS, Azure

Networking Concepts: TCP/IP, DNS, STP, NAT, PAT, DHCP, VPN, FTP, VLAN

Operating Systems: Windows XP, Vista, Windows 7, 8, 10, Linux, Mac

Monitoring Tools: Wireshark, Splunk

Virtualization: VMware

PROFESSIONAL EXPERIENCE

Confidential, Goshen, NY

Network Engineer

Responsibilities:

• Designed, configured, and trouble-shoot protocols such as MP-BGP, OSPF, LDP, EIGRP, BGP v4, VLANs, Trunking, and VTP for new network infrastructure.
• Worked on Cisco Layer 3 switches 6513, 4510, 3948, and routers in a multi VLAN environment.
• Experience with enterprise routing/switching within large data center enterprise customers.
• Integrate networks with Public Cloud providers (e.g., Azure, Google Cloud Platform) using transit VPC, IPsec, and other Secure Cloud Interconnects.
• Working as a team player with a constructive perspective and commitment to the success of the business.
• Configure and troubleshoot OSPF and EIGRP.
• Involved in troubleshooting DNS, NTP, DHCP, and other IP conflict problems.
• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
• Create a Change request and incident request in Cherwell Client.
• Resolve all ticketing issues relating to network problems and application performance issues associated with them.
• Design and implement new solutions and improve the resilience of the current environment.
• Maximize network performance by monitoring performance, troubleshooting network problems and outages, scheduling upgrades, and collaborating with network architects on network optimization.
• Secure network systems by establishing and enforcing policies and defining and monitoring access.
• Support and administer firewall environments in line with IT security policy.
• Report network operational status by gathering and prioritizing information and managing projects.
• Upgrade data network equipment to the latest stable firmware releases
• Provide remote support to on-site engineers and end users/customers during installation.
• Provide remote troubleshooting and fault finding if issues occur upon initial installation.
• Undertake capacity management and audit of IP addressing and hosted devices within data centers.
• Liaise with project management teams, third-line engineers, and service desk engineers on a regular basis
• Analyzing the technology environment and documenting requirements.

Confidential

Network Engineer

Responsibilities:

• Complete configuration, installation and support of equipment to the specifications of the business.
• Maintain software applications and operating systems through regular maintenance.
• Maintain configuration and support documentation.
• Manage assigned projects and program components to deliver services per established. bjectives.
• Supervise the administration of systems and servers to ensure the availability of services to authorized users.
• Worked on replacing Checkpoint VPN and Bluecoat proxy with Zscaler and worked on implementing Zscaler in Production.
• Successful Data Center Migration Planning and Successfully developed Python automation scripts to perform Cisco firewall rule assessments.
• Experience in Azure public cloud technologies including Managed Database services, Storage, Networking, Docker, AKS, Security, Azure Functions, Logic Apps, and Logging and Monitoring and in AWS skills (Networking: Route53, Direct Connect, etc.) and (Security: WAF, Config, CloudWatch, etc.)
• Experience in migrating policies from Cisco ASA to FTD & Checkpoint & Palo alto firewalls. Auditing security policies with existing configuration and add/whitelist, modify & delete/blacklist networks Confidential on-prem and cloud firewalls.
• Maintain multi-site network operations, software applications, and operating systems through regular maintenance.
• Developed scripts for build, deployment, maintenance and related tasks using Python.
• Implementation Site-to-Site VPNs, GRE over IPsec VPNs on Cisco Routers, Cisco ASA Firewalls
• Troubleshoot malfunctions of hardware, software applications, and security systems to resolve operational issues and restore services.
• Involved in the Network Segmentation project, multiple VLANs were moved behind the firewall.
• Configured VLANs with IP addresses and DHCP-Relays using CLI and published and pushed the policies in Checkpoint FW using Smart Console.
• Cleaning up unnecessary configuration in Cisco routers and switches manually and using scripts in HPNA.
• We have Migrated ACS to ISE.
• Worked with HPNA (Network Automation) tool to run a compliance report and clean up the ones that were non-compliance.
• Upgraded Cisco ASR 1000, CAT 9K, CAT 3650, 4500, ISR 4300, and 2960x switches to a new Cisco IOS software code.
• Create a Change request and incident request in Cherwell Client.
• Resolve all ticketing issues relating to network problems and application performance issues associated with them.
• Understanding of cloud based micro-services that utilize Kubernetes, Service Fabric, and swarm.
• Opening Cisco TAC cases for escalation and raising the priority and working with TAC (Technical Assistance Center) to solve the issues.
• Provide technical support for workstations/Laptops/tablets, printers, mobile devices, and office infrastructure.
• Configuration and Integration of Confidential Identity Services Engine (ISE) 2.0.
• Support client network connectivity through wireless, wired, guest, DMZ and mobile networks with NAC policies.
• Have an eye for detail, ability to multitask, organize priorities, and work in a systematic style following Standard Operating Procedures (SOPs) and guides.

Confidential, Atlanta, GA

Sr. Network Engineer

Responsibilities:

• Assisting in the design, implementation, troubleshooting, and maintenance of the network (Layer 2 & Layer 3) and network security system in the Energy management system environment (EMS).
• Comprehensive knowledge of the methodologies and principles of the Change Control Process.
• Involved in LAN and WAN development including IP address planning, designing, installation, configuration, testing, maintenance, etc.
• Worked on Cisco Layer 3 legacy switches 6509, 4510, 3948, and Cisco ASR 02, 1001 WAN platforms) routers in a multi VLAN environment.
• Providing support to multi-site critical EMS networks with MPLS L3VPN connectivity.
• Designed, configured, and trouble-shoot protocols such as MP-BGP, OSPF, LDP, EIGRP, BGP v4, VLANs, Trunking, and VTP for new network infrastructure.
• Administered Local VLANs based on department requirements, and configured switch static VLAN assignment, static 802.1Q trunks for layer 2 forwarding.
• Utilize VLAN Spanning Tree in conjunction with PVST+ for Cisco switches. Configure edge ports for fast transitioning into the forwarding state to fasten workstation startup connectivity delays.
• Modify spanning tree parameters for manual root bridge assignment. Implement ether channels between each switch. Modify the ether-channel load balancing method.
• Security Device - Palo Alto/ASA Firewalls, Fortinet, Source fire IPS/IDS, Cisco Identity Services Engine (ISE), VPN.
• Successful Data Center Migration Planning and Successfully developed Python automation scripts to perform Cisco firewall rule assessments.
• Have hands on exp on AWS services like EC2, Database, VPC, Route 53, Access Group, IAM, Direct Connect.
• Worked on most of the main technology brands such as Cisco, nexus, Palo Alto, Fortinet, F5, bluecoat, Silverpeak, A10, AWS, Aerohive, Aruba, Meraki.
• Worked with Juniper (Netscreen/SRX), Proofpoint, IronPort, Bluecoat (Proxy/Reverse Proxy), Zscaler, Barracuda.
• Configuring all the devices per their traffic type with AAA commands for the device authentication using AD, and the ISE internal users.
• Performed Rack/Stack, mounting, cabling of switches, Cisco UCS B/C servers, and IT hardware in EMS Data Center for network refresh project.
• Working closely with the Network architect to migrate Cisco EOL/EOS switches with new next-gen Nexus 9K (93108, 93180 EX/FX) in the production data center.
• Implementing features like FEX Links, VPC, VRF, VDC, OTV, and FabricPath on Nexus-based data centers.
• Experienced in validating logs using Azure sentinel and work with concerned departments/teams to educate and mitigate vulnerabilities.
• Experienced in deploying Palo alto, F5 load balancer in Azure and control traffic flow back and forth in Hybrid cloud model.
• Configured HSRP between Layer 3 devices to avoid single-point-of-failure issues Confidential access layer switches and servers.
• Working on scripting language Python to create scripts for Data center and ranch networks.
• Regularly update Cisco IOS, NX-OS, and FX-OS on different Cisco Switches, Routers, and Firewalls with zero downtime to avoid vulnerabilities.
• Deployed FTD code on ASA platform, Firepower appliances (4110, 2110) running on FXOS and managed through Firepower Management Center (FMC).
• Migrated 10 production Cisco legacy Firewall modules including FWSM, ASA 5515, 5525,5540 with Next generation Cisco Firepower 2110 and 4110 (ASA, FTD code) for deep packet inspection.
• Implemented standard, extended ACL, object groups, and NATs to control traffic and configured VPN (SSL, IPsec, AnyConnect, and Site-to-Site) for remote connectivity and work-from-home users.
• Designed and deployed DMZ for SMUD’s corporate Web and Application servers.
• Implemented Cisco ISE (Standalone, Distributed Setups) for delivering consistent, highly secure access control across wired and multi-vendor wireless networks and remote VPN connections.
• Upgraded Cisco ISE 2.0 version with ISE 2.2 code.
• Integrated Cisco ISE with LDAP server and configured different features such as wireless onboarding (BYOD), posture assessment settings, wired/wireless NAC, etc.
• Configured profiling, probing, and MAB (MAC Address Bypassing) for different categories of devices using Cisco ISE.
• Installed and configured various Cisco wireless equipment such as 4400 and 5500 series Controllers (WLC), 1850, 28and 00, and 3800 series APs, and various wireless antennas such as omnidirectional and panel-type antennas.
• Worked on AWS and Azure cloud configurations with respect to network connectivity and Security.
• Setting up Palo Alto firewalls as Cloud exchange firewalls between on-prem and cloud environments which include AWS, Azure and GCP.
• Prepared documentation for site surveys such as site and building floor plans and diagrams and the development of heat maps for current and future wireless deployments.
• Managing and monitoring all network devices using Solar Winds and IBM QRadar solution.
• Performed fault analysis, availability, and performance review of SMUD’s critical infrastructure using SolarWinds SNMP tool.
• Worked on ISE 802.1X, ISE wired/wireless guest and ISE trustsec implementations.
• Managing IP addresses, and DNS/DHCP server IP reservations through SolarWinds centralized solution.
• Prepared and updated documents and network diagrams using Microsoft Visio for new installation and design updates.

Confidential, MN

Network Engineer

Responsibilities:

• Experience upgrading JUNOS on juniper devices.
• Hands-on experience upgrading SCB and RE cards on the juniper devices.
• Configuring Cisco, Aruba, and Juniper devices (Router & Switches) in the Service provider field.
• Network Design/Implementation of large network projects for multiple customers.
• Configure and troubleshoot OSPF and EIGRP.
• Involved in troubleshooting DNS, NTP, DHCP, and other IP conflict problems.
• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
• Hands-on experience with Cisco VSS switching.
• Troubleshooting and configuration of UNIX/LINUX.
• Network Design to meet client’s requirements.
• Configuration of Cisco ASA5585, 5525, 5510, and 5505 for IPsec VPNs and Inside/Outside NAT Rules.
• Implementation of HSRP, IPsec, Static Route, IPSEC, and Dynamic routing protocol
• Configuration of Role-based network access policies to implement security standards.
• Network Monitoring using SolarWinds for any suspicious network activity.
• Configuration of Cisco/Windows TACACS+ Servers.
• Involved in designing and implementation of AWS network and connectivity b/w physical and AWS DC.
• F5 license key upgrades, Configuration, and Implementation for network load balancing.
• Implementation of QoS, Policies, and Security to achieve the highest level of Quality and security.
• Traffic shaping and load balancing using Routing protocols and load balancers.
• Configuration of MPLS/VPNs, and IPsec for Data Networks.
• Configuration of PVST, MSTP, and L2/L3 Port channels, SVI, subnetting, Ethernet switching, and VRF configuration using BGP, OSPF, EIGRP, MPLS, and MP-BGP to offer multi-tenancy features.
• Configuration/Management of Cisco ISE.
• Configuration and testing of first Hop Routing Protocols such as HSRP and VRRP.
• Solar Wind and Wireshark for Network monitoring, Configuration backup, and Net flow.
• Experience in Infoblox for managing DNS and DHCP.
• RSA Token configuration for dual-factor authentication.

Confidential, Newark, NJ

Network Engineer

Responsibilities:

• Installed and configured routers/switches, performed network testing, secured network system by establishing policies, defining and monitoring access.
• Resolve tickets daily, requiring skilled troubleshooting and detailed attention for configuring remote site VPNs & improving poor WAN performance or connectivity failures Confidential multiple remote networks & Metro WAN infrastructure.
• Responsible for configuration and troubleshooting issues related to F5 GTM/LTM devices such as 4200v, 5200v, Viprion 2200, and F5 APM.
• Design, configure and debug Data Center cloud Network traffic with ESXi hosts, using APIs/tools DCNM, DFA Data Server using Nexus N9K(9300, 9500), N7K, N6K, N5K/ & N2K (Fex)
• Upgrading code on Palo Alto firewalls PA 5050/3020 to meet the company security policy.
• Coordinated with senior engineers regarding BGP/OSPF routing policies and designs.
• Directed technical operations within a fast-paced environment with a concentration on reviewing technical LAN/WAN issues and developing appropriate solutions.
• Assisted the Network Architecture team in configuring and deploying new environments and core network upgrades.
• Performed computer troubleshooting, installations, and performance tests.
• Deploying and decommission of VLANs on core ASR9K, Nexus 9K, 7K, 5K and its downstream devices
• Experience with Cisco ASA/Checkpoint/ Palo Alto Firewall (PA200, PA2000 series, PA3000 series, PA4000 series, PA5000), troubleshooting and policy change requests for new IP segments that either come online or may have been altered during various planned network changes on the network.
• Troubleshoot the Network Issues onsite and remotely depending on the severity of the issues.
• Configure Cisco routers performing password resets when required, and configure routing protocols EIGRP, OSPF, or static routing.
• Support, maintain, and troubleshoot WAN sites with Frame Relay.
• Resolve all ticketing issues relating to network problems and application performance issues associated with them.
• Work with Team Leaders to set up network devices on infrastructure racks, configure switches & routers, perform Subnetting based on specifications as per request, and be available for on-call rotation when required.
• Design, configure and debug Data Center cloud Network traffic with ESXi hosts, using APIs/tools DCNM, DFA Data Server using Nexus N7K, N6K, N5K/ & N2K (Fex).
• Experienced in troubleshooting both connectivity issues and hardware problems on Cisco-based networks.
• Provided 24x7 on-call technical support and served as the point of escalation for emergency projects and disaster recovery.
• Worked on Nexus FEX-2K (2248, 2232), 3K (3064), 5K (5548, 5020, 5010), 7K (7018, 7010) and-9K (9300) series switches.

Confidential

Network Engineer

Responsibilities:

• Responsible for PIX 7.x/8.x & ASA 8. x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, and Overlapping Address Translation.
• As part of the Security and network operations team, was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, and 3 problems)
• VLAN implementation, Spanning Tree Implementation, and support using PVST, R-PVST, and MSTP to avoid loops in the network. Trunking and port channel creation.
• Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPsec VPN Implementation and Troubleshooting, and DMZ Implementation and Troubleshooting.
• IOS Upgrades from 7. x to 8. x as well as backup and recovery of configurations.
• Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
• Configured Switches with proper spanning tree controls and BGP routing using community and path-prepending attributes.
• Install Windows Server 2003, configure IP addresses, and network printers, and configure Client Access for PCs.
• Work with BGP routing protocol for communication with business partners and influence routing decisions based on AS Path Prepend and other attributes.
• Administer and support Cisco-based Routing and switching environments.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and the rest falling under client mode.
• Configured Client VPN technologies such as Cisco’s VPN client via IPSEC.
• Configured Firewall logging, DMZs, and related security policies and monitoring.
• Switching-related tasks included implementing VLANS and configuring the ISL trunk on the Fast-Ethernet channel between switches.