SUMMARY

• Cisco, Palo Alto and BIG - IP F5 Professional Network engineer over 7+ years of experience in Routing, Switching and Firewall Security including network planning, implementing, configuring and troubleshooting network devices.
• Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 series, and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Cisco Nexus 7000 series, 5000 series, 2000 series data center switches, Juniper EX/ MX/ SRX series.
• Implemented and configured Palo Alto Networks Firewall models, Cisco PIX (506E/515E/525), ASA Firewall (5505/5510), Juniper SSG series Firewalls, Checkpoint R75, 76 Firewalls, Security Device
• Designed & implemented Fortinet network & third-party equipment as per ISP SR (service request) the included Juniper, F5, Cisco Catalyst, Cisco Nexus 7K and higher end FortiGate.
• Administrate and maintain Fortinet Fortigate Firewalls, Forti Analyzer and Forti Manager.
• Manager (SDM) and centralized management system to manage large scale firewall deployments.
• Extensive knowledge and experience in configuring protocols like TCP/IP, Routing Protocols (RIP v1/v2, OSPF, BGP, IGRP and EIGRP).
• Proficient in Configuring Virtual Local Area Networks (VLANS) using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trunking using 802.1Q.
• Experience with Cisco ASA/Checkpoint/Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network
• Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP) etc.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps and route manipulation using Offset-list.
• Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP, NTP.
• Responsible for Check Point and Cisco ASA firewall administration across global networks
• Strong Working knowledge of access control server configuration for RADIUS & TACAS+.
• Hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
• Exposed to handling and troubleshooting issues on NAT.
• Strong Knowledge in WAN technologies including T1, T3, ISDN, HDLC, Point to Point, ATM and Frame Relay.
• Working knowledge on configuring access lists. Troubleshooting DNS/DHCP issues within the LAN network.
• AWS Cloud Deployment and Support on EC2, IAM, S3, ELB, Snapshot, volumes, VPC, Route53, cloud watch, Security etc.
• Planning, Designing and implementing Network and security solutions like Firewalls (Palo Alto, Check Point, and ASA), Data Center Switching, Bluecoat Proxy and F5 Load Balancers.
• Troubleshooting issues post migration of Internet traffic via Bluecoat Proxy by tracing traffic on Bluecoat or by capturing traffic.
• Experience with F5 load balancers for load balancing and network traffic management for business applications.
• Worked extensively in Configuring, Monitoring and Troubleshooting F5 BIG-IP load balancer, Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design
• Provided troubleshooting and diagnostic support at layer2/layer3 level using different technologies and tools such as Splunk (Log tool), server monitoring and Service Now and CA ticketing tool.
• Experienced working on network monitoring and analysis tools like SOLAR WINDS, CISCO works, RIVER BED and Wireshark.
• Experience in installation, configuration, backup, recovery, maintenance and support of Red Hat Linux
• Experience on Red Hat Linux Server & Desktop Environment using through virtual machine under VMware
• Expertise in writing scripts for automation and monitoring using Shell (bash), Python scripts
• Independent problem solving and a good team player with strong interpersonal and communication skills.
• Experience supporting 24x7 production computing environments. Experience providing on-call and weekend support.

TECHNICAL SKILLS

Routers: (2800, 2900, 3600, 3900, 3800, 7200)

Cisco Switches: (2800, 2911, 3750, 4500, 6500, Nexus 93128, 9504).

Firewall: Checkpoint (R65/R70/R75/R77) Palo Alto(PA-500, PA-3060, PA-5060, PA-7050, PA-7080)

Access Point: Cisco (Air Cap 35021, Universal AP Air Cap 2700)

Routing Protocol: (BGP, OSPF, EIGRP, IGRP, RIP), Routed Protocol TCP/IP, Multicasting.

Management tools: Cricket, Syslog, Infoblox, IPAM, hp NCM, Splunk, Cisco Prime 3.1

LAN Protocol: VLAN, VTP, Inter-van routing, ISL, dot1q, STP, RSTP, PVST, HSRP, Ethernet, Port security.

Network Management: SNMP v2, SolarWinds, Cisco ACS

Network Security: Knowledge of Firewall, Checkpoint, PA3020, ASA, Cisco ASDM IPSec, IPS/IDS (snor), Cisco NAC, NAT/PAT, Ingress &Egress Firewall Design and VPN Configuration.

Application Protocols: DHCP, DNS, FTP, TFTP, HTTP, FTP SMTP, SSL.

Documentation: Microsoft Office, Visio, Cisco TAC Cases

Languages: Linux

PROFESSIONAL EXPERIENCE

Confidential, Henderson, NV

Network Security Engineer

Responsibilities:

• Worked as part of a team to manage Enterprise Network Infrastructure as a Senior Network Engineer responsible for troubleshooting operational issues and perform new implementations across multiple projects.
• Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
• Experience with configuring FCOE using Cisco nexus 5548.
• Performed migrations from Checkpoint firewall to Palo Alto using the PAN Migration Tool.
• Configured Nexus 5020 with multiple distribution VDC's running EIGRP for route propagation between the devices.
• Migrated the policies from Cisco ASA firewall to Palo Alto Firewall
• Managed Configuration, Logging and Reporting of Palo Alto firewall through the Panorama.
• Experience with Network Automation using Python
• Experience configuring VPC, VDC and ISSU software upgrade in Nexus 7010.
• Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 switches to Juniper Layer 3 EX4300 & EX3300 switches.
• Performing administrative tasks with Palo Alto Networks (Panorama) including Security, NAT policy definitions; application filtering; Regional based rules; URL filtering, Data filtering, file blocking, User based policies.
• Successfully installed Palo Alto PA-3060 firewall then configured and troubleshot using CLI and worked with Panorama management tool to manage all Palo Alto firewall and network from central location.
• Worked with Palo Alto firewalls using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall
• Configure/Troubleshoot Juniper: EX-3300, EX-4300,and EX-4500, EX 6200 series switch for LAN /WANconnectivity.
• Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
• Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
• Help customers build scalable, resilient, and high-performance applications and services on AWS
• Monitoring and running ISE reports
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Working on Cisco ISE to authorize users based on protocols PEAP and EAP-TLS, also manage and monitor user's access privileges.
• Actively involved in Switching technology Administration includingcreating and managingVLANS, Port security- 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Nexus Switches 2232, 5596, 7009.
• Involved in the configuration of MX-80 routers at hospital sites with OSPF and peer with BGP to service providers for redundancy.
• Responsible for implementation of security policies on SRX 240, SRX 550 series of firewalls at branches and datacenter.
• Responsibleforconfigure, testand implementnetwork,firewalland securitysolution with appliancessuch as Cisco, Juniper net screen and Palo AltoNetworks application firewalls
• Configured SRX HA cluster for vendor DMZ migration project for high availability and to support multiple vendors connecting to the organization.
• Experience with F5 GTM/LTM installation and assist in configuration of F5 APM LTM modules for BIG IP networking equipment.
• Configured custom monitors, virtual servers, pool members and load balancing algorithms on F5 Load balancers.
• Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.
• Deployed and configured Cisco AIR-CAP 3502 wireless access points across various health systems as a part of the refresh from the 1841 WAP’s.
• Configured SSID’s on WLC 5502 wireless LAN controllers and experience troubleshooting using WCS.
• Worked on configuration and commissioning of the MPLS circuits for various branch offices to replace the existing point to point circuits
• Providing Daily network support for all branches and sits in the organization’s WAN consisting of MPLS, VPN and point-to-point (P2P) circuits.
• Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
• Configuration of ACL’s in Cisco 5520 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT.
• Responsible for Documenting workflow process, Visio drawings and implementing changes following the change management guidelines.

Confidential, Cincinnati, Ohio

Network Security Engineer

Responsibilities:

• Responsible for design, Implementation and Maintenance of datacenter on CISCO ISR 4300, CISCO 3560.
• Migrated legacy Catalyst 6509 distribution switches to Nexus 18.
• Responsible for configuring, maintenance and troubleshooting of cisco 3650, 4948.
• Installed new software releases, system upgrades. Evaluated and installed patches resolved software related problems. Performed system backups and recovery.
• Configured Cisco routers provided technical support for the configuration and installation for the customers.
• Migration and implementation of Palo Alto Next-Generation Firewall seriesPA-500, PA-3060, PA-5060, PA-7050, PA-7080
• Duties included monitoring network performance using various network tools to ensure the availability, integrity and confidentiality of application and equipment.
• Planned migration of servers from traditional Nexus environment to Application Centric Infrastructure (ACI).
• Configuring rules and Maintaining Checkpoint, Palo Alto & Analysis of firewall logs using various tools.
• Worked on migration of HP Blade chassis to ACI.
• Administer Palo Alto Firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
• Configuration of Palo Alto Next-Generation Firewall mainly creating security profiles and VSYS according to client topology.
• Configured and implemented various protocols on 2800/2900/3600/3900/7200/7600 series router for efficient performance of network.
• Configuration and installation of Palo Alto Networks 5050 application firewalls (NGFW).
• Expertise in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering.
• Migrated juniper firewalls to Palo Alto network firewalls and carried out troubleshooting and configuration of the same.
• Gained experience on working with migration to Check Point and Palo Alto next generation firewalls.
• Upgraded HP Procure switches to cisco 3650’s which support ISE.
• Created Interface profile and Interface policy groups on ACI.
• Configured Access policies, static bindings, EPG’s, Bridge Domain and VRF.
• Worked on remote site switch replacement project where I replaced HP Switch to cisco 3650 along with Access points.
• Audited all the VLAN’s and found servers to migrate them to ACI.
• Took part in migration of core routers from legacy to Nexus 9508.
• Providing Layer-3 redundancy by implementing HSRP in the network.
• Expert Level Knowledge about TCP/IP and OSI models.
• Configure the layer 2 and layer 3 on Cisco Nexus 7K, 5K, 6500, 3850, 3950, ASR and 2960.
• Design and implement networks including physical connections, layer 2 topologies and layer 3 topologies.
• Experience in Python scripting.
• Created Visio diagrams documentation to give complete picture of network design for each site.
• Experience in Configuring, upgrading and verifying the NX-OS operation system.
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.

Confidential, St Paul, Minnesota

Network Engineer

Responsibilities:

• Working with Cisco Nexus 2248 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture
• Configuring, upgrading and deployment of Nexus 7010, 5596 and 2248.
• Worked on upgrading Cisco ISE 3300 Appliances and 1.0.4 Cisco ISE software on VM ware's.
• Worked with Cisco ISE to identify threats in the network for rapid containment and remediation.
• Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA 5500(5510/5540) Series.
• Experience with converting PIX rules over to the Cisco ASA solution.
• Configuring VPN, clustering and ISP redundancy in Checkpoint firewall.
• Worked on Checkpoint Platform including Provider Smart Domain Manager.
• Worked on configuring, managing and supporting Checkpoint Gateways
• Experienced with Checkpoint VPN rules over Cisco ASA VPN. Which filters traffic by inspecting the application layer.
• Implementation configuration and troubleshooting of Checkpoint Firewall R 77.
• Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
• Worked with Host Master for shared web hosting and managed Web Application firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark.
• Provided level 2 phone and email support and troubleshooting of networking and VoIP issue.
• Configured the automatic policy builder using the deployment wizard tool in ASM.
• Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies.
• Experience in Deploying and decommissioning Cisco switches, CiscoMerakiProducts and their respective software upgrades.
• Implemented site to site VPN on CiscoMerakiMX64, MX65, MC84, and MX400.
• Deployed and managed Cisco Meraki products SD-WAN including Cisco Meraki Security Appliances (MX25, MX450, MX400, MX600 and MX100), Cisco Meraki switches and Cisco Meraki Wireless Aps (MR84, MR74, MR52).
• Working with BGP, OSPF protocols in MPLS Cloud.
• Establishing VPN Tunnels using IPSec encryption standards and configuring and implementing site-to-site VPN, Remote VPN.
• Experience in white listing webpages and blocking webpages with Blue Coat Proxy SG and Blue Coat reporter.
• Configured and resolved various OSPF issues in an OSPF multi area environment between multiple branch routers.
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.
• Configuring BGP, MPLS in Cisco IOS XR.
• Working on HP open view map for Network Management System and Ticketing.
• Involved in L2/L3 Switching technology administration including creating and maintaining VLANs, Port security, Trunking, STP, Inter VLANS Routing, LAN security.

Confidential

Network Engineer

Responsibilities:

• Worked with Cisco Layer 3 switches 6500, 4948; Cisco Nexus 9396 and 7010 with the use of inter-VLAN routing, 802.1Q trunk, ether channel.
• Installation of core Cisco Catalyst 4948 to Nexus 9396.
• Worked on TACACS/RADIUS server for VPN user authentication and network devices authentication.
• Troubleshooting & implementation of VLAN, STP, MSTP, RSTP, PVST, 802.1Q, DTP, HSRP, VRRP, GLBP, LACP, ACL, PAGP, AAA, TACACS, RADIUS, MD5, VTP & SVI.
• Experience in L2/L3 protocols like VLAN, STP, VTP, ISL, MPLS, 802.1q and Trunking protocols
• Migrated whole datacenter environment from Cisco Catalyst 6500 to Nexus 9K’s and 2K’s.
• Installing and configuring Cisco ASA 5520 to ASA 5585-X with Firepower Module.
• Migration of Checkpoint to ASA 55XX-X.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance
• Failover DMZ zoning & configuring VLANs/Routing/NATing with the firewalls as per design.
• Implementing, maintaining and troubleshooting switching tasks such as VLANs, VTP, VLAN
• Trunking using ISL & 802.1Q, STP, RSTP, PVST+, Ether channel using LACP, Inter-Vlan routing.
• Worked on migration of Inter Datacenter routers from ASR X.
• Extensive experience with Cisco IOS, IOS-XR, NX-OS Windows client/server operating systems, Linux, Networking technologies, Firewalls.
• Hands on experience in configuring Cisco Nexus2232, 2248, 5548, 6001 and 7018(Sup 2E) and worked on Nexus protocols VPC, VRF, VDC and FEX Links.
• Worked on troubleshooting port issues regarding QSFP, CRC errors, Cable replacements in Production environment.
• Providing technical support on Nexus 2000/9000 switches and operating systems (NX-OS) create vpc domain, design single sided vPC, design double sided vPC, design vPC peer-keep alive, vPC peer-link, vPC member ports.
• Tier 3 Troubleshooting of Layer 3 issues related to EIGRP, BGP.
• Migrated servers connected from Legacy Switch environment to 9K’s.
• Involved in planning and design of various environments.

Confidential

Network Support Engineer

Responsibilities:

• Documented and updated the network physical and logical layout.
• Hands on experience with Network diagnostics, monitoring, and analytical tools.
• Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
• Configured/Troubleshoot issues with Cisco routers, switches, NAT, and DHCP, as well as assisting with customer LAN /WAN.
• Configured IP access filter policies and Network Analysis Tools.
• Created Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
• Experience with different Network Management Tools and Sniffers like Wireshark (ethereal), RSA envision, Net flow to support 24x7 Network Operation Centre.
• Strong knowledge and experience in implementing, configuring VPN technologies like IPSec, SSL.
• Performed DNS and DHCP troubleshooting.
• Troubleshoot layer1, layer2 and layer3 technologies for customer escalations.
• Basic knowledge of wireless networking and web browsing content filtering.
• Provided support for installation and troubleshooting of configuration issues.
• Implemented & Integrated Cisco switches, routers, and security devices.
• Involved in L2/L3 Switching Technology troubleshooting.
• Creating and managing VLANs, Port security, Trunking, STP, INTER-VLAN routing, LAN security.
• Configured/Troubleshoot issues with Cisco routers, switches, NAT, and DHCP, as well as assisting with customer LAN /WAN.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support using BMC Remedy online ticketing tool.