SUMMARY

• Around 8+ years experienced Network Engineer having worked extensively with multiple Clients in Switching, Routing, Network Security (Firewalls and Proxies), Application Delivery Controllers, Authentication, Wireless environments.
• Experience in Campus and Data Center topologies in multi - vendor equipment. Very strong team member with good communication and Documentation skills.
• Innovative to new ideas to enhance the work flow in Network Engineering.
• Experience with Interior and Exterior routing protocols that includes RIP, OSPF, EIGRP, IS-IS and BGP. Worked on Cisco, Juniper and Arista routers.
• Experience in Network Security that includes perimeter security for Internet, Extranet, DMZ, Internal Server farms, Web-traffic security with Proxies, Web Application firewalls.
• Worked and migrated multi-vendor equipment and Next generation firewall technologies. Worked on ASA, Firepower, Checkpoint and Palo Alto firewalls.
• Experience on MWG, Bluecoat and Zscaler proxies.
• Working knowledge and demonstrated experience on the PAN-OS 6, 7.1, and 8.0 versions; PA 220, PA 820, PA-2K, PA-3K and PA-5K firewalls.
• Worked on the URL filtering and upgradation of Palo Alto firewall from PAN-OS 7.1 to PAN-OS 8.0.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Configured and implemented VDC, VPC, and OTV on Nexus 7K and 5K. Configuration of FEX mode in access layer using Nexus 5K and 2K.
• Experience in designing and implementing F5 web based solutions.
• Daily Support of F5 environment to include Creation of new VIPs/WIPs and irules.
• Expertise with Installation of Arista 7250QX series switches on Spine Platform
• Experience Arista Cloud Vision on a POC. Knowledge on Spine leaf Architecture in Data center. Worked on EVPN, VXLAN, VTEPS, Bridge Domains, MP-BGP etc.
• Experience operating high-density AP and client deployments
• Experience designing mission critical wireless infrastructure
• Work with our Business Unit partners to better understand their wireless needs, and deliver products to meet those needs in a timely and cost effective manner
• Experience with Aruba WLAN infrastructure in large scale global deployments
• Experience with 1100, 1200, 3 700and 3800 series cisco Wireless Access Points,
• Experience with setting up aws direct connect to amazon S3, Amazon EC2, Amazon VPC
• Experience working on Security groups in aws in vpc for traffic flowing between various virtual nets for dev, prod and uat instances.
• Worked on traffic flows from on premises to Aws, aws to internet via virtual palo alto firewalls for services that include PAAS and IAAS
• Experience with TACACS/RADIUS severs, migration from ACS and Aruba ClearPass to ISE.
• Experience with windows and Infoblox DNS and DHCP servers, IPAM, internal and external grids.
• Experience with WAN connectivity, MPLS circuits, leased Lines, Metro Ethernet, Site to Site IPSec tunnels, ISP circuits, Customer Edge configurations.
• Experience with SD-WAN solutions that include Viptella and Versa.
• Knowledge and operational experience with SDN, Cisco ACI, VXLAN, VTEPS, VNI, Bridge Domain, Arista Cloud Vision, EVPN, MP-BGP, Spine and Leaf Architecture.
• Experience with Network Monitoring tools, SNMP, Log collectors, Splunk, ticketing tools and thorough understanding of work flows in corporate environments that include Financial, Healthcare, Retail clients

TECHNICAL SKILLS

Router and VoIP Platforms: Cisco Routers series ASR9k, 7300, 4000, 3800, 2000, 1900; Juniper MX, Arista 7000 series.Routing Fundamentals and Protocols Routed and Routing protocols RIP, EIGRP, IS-IS, OSPF, BGP, IPX; MPLS, Static routing, ICMP, ARP, HSRP, VRRP, Route Filtering, Multicast, Policy-Based Routing, Redistribution, Port forwarding.

Switch Platforms: Cisco Catalyst series 2960, series 3560, 3850, 4500, 6500, 7000; Nexus series 2K,5K, 7K; Juniper EX, QFX, Aruba 2000, 3000 series.

Switching Fundamentals and Protocols: Ethernet technologies, LAN networks, MAC, VLAN and VTP, STP, PVST+, Multicast, RSTP, Multi-Layer Switching, 802.1Q, EtherChannel, PAgP, LACP, CDP, HDLC, RARP

Firewall Platforms: Checkpoint (NGX R65, 3100, 5100, 5900), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks (PA series 2K, 3K and 5K) with panorama 8.0, WAF

Security Protocols: Standard and Extended ACLs, IPsec, VPN, Port-security, SSH, SSL, IKE, AAA, Prefix-lists, Zone-Based Firewalls, NAT/PAT, HIPAA standards, Ingress & Egress Firewall Design, Content Filtering, Load Balancing, IDS/IPS, URL Filtering, L2F, IDS, TCP Intercept, Router Security, SNMP trap

Network Management and Monitoring: Wireshark, Infoblox, HP OpenView, Cisco Prime, Splunk, Security Device Manager (SDM), Cisco Works; TCP Dump and Sniffer; SolarWinds Net Flow Traffic Analyzer, NetScout, Network Performance Monitor (NPM), Network Configuration Manager (NCM), SAM, IP Address Manager, Additional Polling Engine.

Load Balancers and Proxies: F5 (BIG-IP) LTM 2000, 3900, 6400, 6800, AV 510, Citrix NetScaler, MWG, Zscaler Proxies, Bluecoat Proxies.

WAN and SD-WAN technologies: MPLS, ISP Leased Lines, SONET, Viptella, Versa.

Other Networking Protocols and Fundamentals: DHCP and DNS server, Active Directory Management, NTP, NDP, TCP, UDP, FCP, Network Implementation, Troubleshooting techniques, NHRP, NetBIOS, NFS, FTP, TFTP, HTTP, PAP, PPTP, SIP Trunking, SNMP logging, SMTP, RADIUS and TACAS+, PBX servers, SDN, IPV4, IPv6

Operating Systems: Windows 10/7/XP, MAC OS, Linux, NX-OS, IOS XR, XE.

Wireless and Radius Technologies: Canopy Wireless Devices, CISCO 1200 series APs, Aruba wireless and APs, Cisco Meraki, Linksys Wireless/Wi-Fi Routers, Prime Infrastructure, Ekahau, Air Magnet, AirWatch and WLC’s (8510, 5508, 5706), Cisco AironetAP’s (2600, 3600, 3700), ISE, MSE, Aruba 225, Aruba 3000 controller & Airwave, ISE, Clear Pass 6.0,6.2,6.5, 802.11a,b,c,g,n,ac

PROFESSIONAL EXPERIENCE

Confidential, Scottsdale, AZ

Sr. Network Engineer

Responsibilities:

• Update customer networks by configuring routers, switches, and in corporate the SDWAN into the network design.
• Worked on issues with IPS/IDS servers, Zscaler and Bluecoat Proxies.
• Firewall policy provisioning on Fortinet FortiGate appliances using Forti Manager.
• Change control/ITIL Service Controls/PCI compliance. Coordinating with various teams to perform Network Changes.
• Migrated to Juniper EX series switches from Cisco 3500, 3700 series and 6500 series switches.
• Worked on setting up Cisco ASR as edge routers. Worked on BGP for inter Data center connectivity.
• Experience in upgrading IOS in the Data center switches and routers. Worked on change controls and cut overs during weekend on routing, switching and security.
• Worked on setting up lss and NSS servers for log streaming and feed to local SIEM servers.
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x.
• Cisco PRIME to manage WLC’s.
• Documenting the network design using Microsoft Visio and GNS3.
• Identification of Vicious Data Injections in WSN Using EADA NS2
• Installed and ConfiguredFirepowerManagement Center within new corenetwork.
• Installed and configuredfirepowerIDS/IPS and came up with the baseline configuration for the organization
• Well Experienced in configuring protocols HSRP, GLBP, PPP, PAP, CHAP, and SNMP.
• Work with Load Balancing team to build connectivity through F5 Big IP LTM load balancers.
• Perform WLAN testing of newly installed WLAN controllers and Aps.
• Interface daily with customers and NOC reporting production milestones and any issues
• Performed virtualization and deployed various VMs using VMware ESXI 6.5
• Configuration and Administration of Cisco and Juniper Routers and Switches
• Working with Juniper JUNOS on M and MX series routers.
• Instrumental in the planning and architecture development of SDN based virtual enterprise gateways (infrastructure as a service -IaaS) reducing the customer time to deployment from months to days.
• RESTful API, Multi-vendor OSS Integration experience
• Network Management of IP and WAN networks (includes HP-OV, SNMP, and CLI knowledge).
• Configuring IP Networking,Security Settings, QoS, Routing Protocols (OSPF, ISIS, BGP),
• Configuring signaling protocols like RSVP, LDP etc.
• Involved in working with Data Center hardware and management software.
• Performed Virtualization (compute, storage, network) e.g. VMWare, KVM.
• Setting up Layer 3 VPN cloud in data center and working with BGP WAN towards customer
• Configured VTP to manage VLAN database throughout the network for Inter-VLAN Routing.
• Worked in setting up Inter-VLAN routing, redistribution, access-lists and dynamic routing.

Confidential, Irvine, CA

Sr. Network Engineer

Responsibilities:

• Implemented the Policy Rules, DMZ and Multiple VDOM's for Multiple Clients of the State on the PaloAlto Firewall.
• Configure and worked on Static IP address. No routing protocol.
• Experience working with Nexus 7010, 5020, 2148, 2248 devices
• Worked on the migration from Cisco ASA to the Palo Alto firewall and the configuration of User-ID’s, App-ID’s, SSL Decryption, URL Filtering, Policies, Zone Protection, High Availability, Certification Management, Migrated all IPSEC tunnels, ACL’s, NAT rules and policies.
• We use Static IP Address to configure any devices in this environments.
• Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network.
• Configuration of router based and Policy based VPN, SSL VPN, NAC, IDS/IPS, IPSEC Tunnels on Palo Alto firewalls.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to Palo Alto Wildfire.
• Participated in Configuration of Palo Alto Next-Generation Firewall to create security profiles and VSYS based on client topologies and Palo Alto Networks 5050 application firewalls (NGFW)
• Extensively worked on TCP/IP protocols and transport protocols like TCP and UDP.
• Worked on implementation of the basic F5 LTM (Local Traffic Manager)
• Troubleshooting on Cisco devices, F5 Load balancer, Palo Alto Firewall.
• Managed Palo Alto/ASA Firewall for security policies and rule base of security control points, device mapping using network address translation, objects management, other administrative tasks.
• Responsible for layer 2 securities which were implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports
• Worked on Infoblox to update the DNS host and A records to assist the part of the migration.
• Working on Firemon for network security policy audit and PCI/DSS compliance audit
• PCI and ISO compliant security implementations on the firewalls and perimeter devices figuring Wide IPs and pools to load balance the client traffic between the two data centers
• Setup separate ESX 3.0 environment to facilitate the migration from NSX 2.5.1
• Implemented VMWare's NSX-T management software Virtual Center 2.0 to manage the new environment
• Managed and maintained VmwareNSX hosting environment
• Worked on deploying AWS outbound proxy server with domain services and content filtering services.
• Configured various linux and windows services to use proxy server for outbound traffic from aws vnets and logging enabled to aws cloud watch logs
• Worked on Proxy services in aws include DNS based domain whitelisting using SNI, url whitelist and blaclist policies.
• NSX and Virtual Palo Alto’s installation and configuration of cisco switches (2950, 2960, 3550, 3750, 4500 and 6500) and cisco routers (2500, 2600, 3000, 3800, 4331, 6500, 7200, 7500 and 7600).
• Worked of Active Directory, DNS, DHCP, DFS & Printing services
• Configured Checkpoint and Cisco ASA firewalls to secure the infrastructure for the Data Center.
• Remote implementation of Palo Alto firewalls PA-500 and PA 200 firewalls

Confidential

Sr Network Engineer

Responsibilities:

• Worked as Senior Network Engineer at Confidential in Data Center and remote Sites environment.
• Worked on complete hardware recycle project in access and Distribution switches in Campus and remote sites. Migrated from cisco 3850 to Cat 9K switches.
• Worked on Cisco 4500 series switches in Distribution with VSS.
• Worked on SD-WAN implementation for remote site connectivity over MPLS.
• Worked on Viptella Solution in assisting architecture team in deploying vManage, vEdge, vBond and vSmart components.
• Worked on Fortigate firewalls. Worked on migration from cisco ASA to Fortigate Firewalls.
• Worked on deploying site to site VPN tunnels, Security policies, NAT policies, URL filtering, VDOM, Forti Manager, User ID based Security policies, SSL forward proxy, SSL decryption.
• Worked on Zscaler cloud proxies. Migration from Bluecoat Proxies to Zscaler cloud solution.
• Implemented GRE tunnels from Data Centers on F5 to Zcloud.
• Configuration of Policies, AD groups, Azure AD authentication, Whitelist, Blacklist and SSL inspection rules.
• Configuration and troubleshooting experience in Cloud based apps like office365, Box, WebEx, Workday, Service-now etc. Installation of Pzens for Source IP anchored traffic.
• Operations on F5 LTM, GTM, APM, ASM modules for internal and external load balancing of vendor based and proprietary applications.
• Worked on Netscalers for Citrix based applications like XenDesktop, Xenweb, VDI, remote access gateway. ICA proxy.
• Worked on Cisco WLAN controllers for configuration of AP profiles, Access points, RF parameters, 802.1x integration with ISE, SSID, BYOD policies, wireless VLANs on Distribution switches.
• Worked on Infoblox DHCP, IPAM and DNS solutions. Worked on SolarWinds for SNMP monitoring for Alert triggers, adding nodes, SNMP v3.
• Worked on Ansible for automating configuration templates and other process.

Confidential, Long beach, CA

Sr. Network Engineer

Responsibilities:

• Worked as Senior Network Deployments and Operations Engineer.
• Worked in Life Cycle projects that include Data Center, Campus Switching and Routing Hardware upgrades.
• Installation of Cisco CAT 9K series, Nexus 9K, Nexus 5K and 2K in FEX, Arista 7k Series Routers.
• Worked on Cisco ACI with VXLAN tunneling, Spine Leaf Architecture in DR Data Centers.
• Deployment of VPC, VDC, software upgrades of multivendor equipment, maintenance windows, on call rotation.
• Migration project that includes migration from ASA to Palo Alto Firewalls.
• Installation, configuration of Palo Alto Firewalls, Panorama, Vsys, Zones, Virtual routers, APP ID, User ID.
• Operational role with F5 LTM, GTM, BIGIQ, APM and ASM.
• Troubleshooting various application traffic flows with respect to http, https, TCP, SSL, connectivity, DNS, Authentication and security profiles.
• Assisted in projects related to Infoblox, ArcSight, Solarwinds, Viptella SD-WAN, Cisco Wireless, Cisco ISE in Design, Operations, Documentation and Troubleshooting.
• Deployment and troubleshooting on Nexus 9k switches in Non-ACI mode.
• Configuration of OSPF routing, VPC, VDC, FEX on Nexus 5K and 2K in access layer.
• Worked on Juniper MX series router and cisco ASR.
• Configured BGP, Prefix lists, redistributions in to OSPF, ISP connections fail -over.

Confidential

Junior Network Engineer

Responsibilities:

• Monitored the performance of the network devices. Performed Troubleshooting and observed directing conventions such as OSPF, EIGRP & BGP.
• Installation and configuration of the Network of Cisco Router and Switches for EIGRP and VLANs etc.
• Worked on the Cisco switches 2950, 3560 and the Cisco routers 2500, 2600, 2800
• Initially involved in installations, technical support, troubleshooting and maintenance of network equipment.
• Good knowledge in Configuring Access Control List(ACL).
• Configured VLANS on different impetus switches performed investigating on TCP/IP system issues, Administered Frame-Relay and systems.
• Configured IPv4 VPNs using IPSec VPNs.
• Worked on WAN and LAN infrastructure. Worked on Cabling in IDF/MDF and in Data centers with Copper and Fiber.
• Managed system backup and restoration protocols. Escalating issue to higher network teams.

Environment: Cisco 3500, 3700, 3900 series Routers, Cisco ASA Firewalls, WLC, Fortigate Appliances, F5 ADC, Cisco ACI, VMware, Web Application firewall (WAF), VTP, Juniper SSG-140, Palo Alto Wildfire, Juniper EX series switches, Cisco Firepower,Bluecoat, zscaler, Nexus9k,7k,5k,ASR 9k, ASR 1k, AWS, F5 Load Balancer Cisco Nexus7K/5K, Cisco ASA, Nexus 2000 FEX, Citrix NetScaler, Infoblox Juniper SRX, Routing Protocols: BGP, OSPF, AAA (TACACS+ & RADIUS), TCL Scripting, ACL Configuration.