PROFESSIONAL SUMMARY:

• Over 8 years of experience in Network design, Security, Tier support of Networks in various environments.
• Experience working with security devices such as Firewalls, VPN switches and Intrusion Detection Systems.
• Extensive experience working on Palo Alto and Cisco ASA Firewalls.
• Responsible for the installation and configuration of Cisco ASA and Palo Alto Firewalls
• Configure and implement Palo alto Wildfire and URL filtering PAN DB
• Expert in dealing with Networking Protocols and Standards such as TCP/IP, OSI, UDP, Layer 2 (VLANs, STP, VTP), Routing Protocols (RIP, EIGRP, OSPF,BGP)
• Configured and maintained IPSEC and SSL VPN's on Palo Alto  and Checkpoint Firewalls
• Designed security policies on Palo Alto network firewall for controlling what traffic needs to be allowed or blocked based on customer requirements. 
• Experience on Network Monitoring & Testing tools such as Wireshark/Ethereal, Cisco Works.
• Experience in troubleshooting NAT configurations, Access - Lists (ACL), and DNS/DHCP related issues within the LAN network.
• In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
• Knowledge of Subnetting IPv4/IPv6 addresses and IP address management.
• Experience in configuring HSRP and redistribution between routing protocols troubleshooting them.
• Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Cisco ASA/Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Technical Knowledge on Cisco ASA 5500 and Checkpoint 5800 firewalls.
• Knowledge on Cisco Nexus 5010 Switch.
• Experience in F5, Cisco ACE 4710 Load balancers.
• Expert Level Knowledge about TCP/IP and OSI models.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Excellent communication skills to interact with team members and support personnel and also can act as a mentor to less experienced personnel

Operating Systems: Windows (Server 2003/2008, Vista, Windows 7), Linux OS

Routers Cisco GSR12016, ASR1001, 2900, 3900, 7200, 7600 & ASR9000

Switches: Cisco 3750, 4507, 4510 & 6500 series switches, Nexus 7010, 5548

Routing: MPLS, OSPF, EIGRP, BGP, RIP-2, PBR, IS-IS, Route Filtering, Redistribution, Summarization, Static Routing

Switching: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging.

Network security: Cisco (ASA, PIX) 5510, ACL, IPSEC VPN, GRE VPN, Palo alto PA 200,2000,4000, Checkpoint 5800

Load Balancer: F5 Networks (Big-IP) LTM Module, Cisco ACE 30 load balancer

LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.

WAN: Leased lines 128k - 155Mb (PPP / HDLC), Channelized links (T1/DS3/OC3/OC12), Fiber Optic Circuits, Frame Relay, ISDN, Load Balancing. Various Features & Services IOS and Features, HSRP, GLBP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP Management

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Network Management: SNMP, Solar Winds, HP open view, and Wire shark

Reports and Network Diagrams: Microsoft (Visio pro.)

PROFESSIONAL EXPERIENCE:

Confidential, El Segundo, CA

Sr. Network Security Engineer

Responsibilities

• Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Migrating access policies from Cisco ASA to Palo alto firewalls.
• Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
• Configured VLAN’s, Private VLAN’s.
• Design, and configuring of OSPF, BGP on Juniper Routers and Palo alto Firewalls
• Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
• Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Designed and Implemented Firewalls, F5 Viprion  deployments to Front end and DMZ customers
• Configured inside ACL, outside ACL, inside, outside interfaces.
• Configured NAT and PAT policies.
• Configuration and troubleshooting of EIGRP, OSPF, BGP.
• Configuration and troubleshooting of CSM, integration with ASA devices.
• Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
• Installed and configured DNS, DHCP. Responsible for creating and configuring FORWARD LOOKUP ZONE AND REVERSE LOOKUP ZONE
• Redistributed required routes from OSPF in to BGP. OSPF cloud is present in US and is connected to all our customers over Sprint’s Frame Relay backbone
• Managed Plan of Record with PLMs/SE/Sales/Marketing and followed up and monitor product lines of Juniper  routing/switching/security portfolio (MX, PTX, EX, SRX ) 
• Proficient with F5 LTM and Cisco CSM load balancer in-between the servers inside the server farm and DMZ.
• Implementation of Access Lists for allowing/blocking desired traffic.
• Configured EBGP load balancing and ensured stability of BGP peering interfaces
• Implemented site to site VPN with Palo Alto Firewalls as per customer Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Netscreen devices for easier management and common configurations.
• Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
• Extensive use of NSM (Network and Security Manager) and CSM (Cisco Security Manager) for adding or modifying firewall policies for the firewalls in use.
• Worked extensively on Cisco ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
• Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0.
• Implemented F5 hardware refresh of older 3600 hardware to Viprion .
• Design and Implement DMZ for FTP, Web and Mail Servers with CISCO PIX 506, PIX515
• Worked extensively on Cisco ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
• Building the VPN tunnel and VPN encryption.
• Mapped, Network Diagrams and physical identification in MS Visio.
• Preformed IOS upgrades on cisco routers and switches
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 6500 switches and Cisco 3640/1200/7200/3845/3600/2800 routers, Cisco ASA 500, Checkpoint, windows server 2003/2008: F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP

Confidential, Dallas, TX

Network Engineer

Responsibilities:

• Implement Cisco IOS Firewall IDS using 2600 series router
• Responsible for the installation and configuration of Palo Alto Firewalls
• Configure and implement Palo alto Wildfire and URL filtering PAN DB
• Palo alto firewall rule base review and fine tuning recommendation.
• Configuring RIP, OSPF and BGP Static Routing on Juniper M and MX series Routers.
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
• Configured and debugged policy based routing for special traffic, route filtering with route maps, route redistribution.
• Configured VLAN Trucking 802.1Q, STP, and Port Security on Catalyst 6500 switches.
• Performed OSPF, BGP routing protocol administration.
• Router memory & IOS upgrade with TFTP.
• Network Assessment and Documentation (including technical, operational, and economic assessment)
• Responsible for designing and implementation of customers network infrastructure
• Help negotiate hardware, software, and circuit contracts for customers
• Redesign customers office copper and fiber cable plant for scalability
• Build and maintain Visio documentations for Clients
• Was Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches, fixes, and all around technical support.
• Ensured network, system and data availability and integrity through preventative maintenance and upgrade.
• Configuring, Monitoring and Troubleshooting Cisco’s ASA 5500 security appliance, Failover DMZ zoning and configuring VLANs/routing/NATing with the firewalls as per the design.

Confidential, Memphis, TN

Sr. Network Engineer

Responsibilities:

• Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) and Switches to perform functions at the Access, Distribution, and Core layers.
• Configuring, upgrading and deployment of Nexus 7010, 5596 and 2248.
• Installation and deployment of new class 9X and class 10 Server farms in multiple silos.
• Designing and installing new branch network systems. Resolving network issues, running test scripts and preparing network documentation.
• Working with Cisco Nexus 2248 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture.
• Ensuring problems are satisfactorily resolved in a timely manner with focus in providing high level of support for all customers.
• Working with wireless technologies troubleshooting and configuration.
• Working with BGP, OSPF protocols in MPLS Cloud.
• Establishing VPN Tunnels using IPSec encryption standards and also configuring and implementing site-to-site VPN, Remote VPN.
• Work with Engineering on Server Farm refresh project on consolidation and increasing the bandwidth on Server Access silos.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configure BGP features such as as-override, Local pre, EBGP load sharing on client connections
• Configured and resolved various OSPF issues in an OSPF multi area environment between multiple branch routers.
• Working with Juniper JUNOS on M and MX series routers.
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.
• Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
• Configuring GLBP, VLAN Trunking 802.1Q, STP, Port security on Catalyst 6500 switches.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
• Configuring, Monitoring and Troubleshooting Cisco’s ASA 5500 security appliance, Failover DMZ zoning and configuring VLANs/routing/NATing with the firewalls as per the design.
• Providing Level 3 support to customers, resolving issues by attending to conference calls.
• Configuring BGP, MPLS in Cisco IOS XR.
• Configuring multiple route reflectors within a cluster.
• Working on HP open view map for Network Management System and Ticketing.
• Working on a broad range of topics such as routing and switching, dedicated voice access, planning and implementation, large-scale high-visibility outages, change management coordination, proactive monitoring and maintenance, disaster recovery exercise and core network repairs.
• Involved in L2/L3 Switching technology administration including creating and maintaining VLANs, Port security, Trunking, STP, Inter Vlan Routing, LAN security.
• Working on security levels with RADIUS, TACACS+.

Confidential

Network Engineer

Responsibilities:

• Performed network engineering, design, planning (WAN & LAN) & implementation. Studied single point failures & designed WAN structure in such a way that there are no failures in network in case of any device or link failure.
• Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches.
• Setting up VLANS and configuring ISL trunk on Fast-Ethernet channel between Switches.
• Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event a core router became unreachable.
• Configuring Virtual Chassis for Juniper switches EX-4200,Firewalls SRX-210
• Implementing, Monitoring, Troubleshooting and Convergence in Frame-Mode MPLS inside the core.
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
• Understand the JUNOS platform and worked with IOS upgrade of Juniper devices
• Designed and implemented security policies using ACL, firewall.
• Worked on Extensively on Cisco Firewalls, Cisco (506E/515E/525/) & ASA 5500(5510/5540) Series
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configured routing policy for BGP. Switching related tasks included implementing VLANs and configuring ISL trunk and 802.1Q on Fast-Ethernet channel between switches
• Implemented Cisco IOS Firewall IDS using 2600 series router.
• Troubleshooting on network problems with Wire shark, identify problem and fix.
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for
• Understand the JUNOS platform and worked with IOS upgrade of Juniper devices
• Redistribution of routing protocols and Frame-Relay configurations.
• Configuring and troubleshooting type of routing to route traffic flow per customer requirement as primary, backup/load balanced and load splitting.
• Performed the maintenance of Active Directory and replication scheme, DNS/DHCP services and time services; wrote step-by-step procedures for implementing upgrades.
• Dealt with creating VIP(virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL
• Configured VLANs on a switch for inter-VLAN communication. Configured VLAN Trunking Protocol (VTP) on Core Switches. Configured various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches for STP, VTP Domain, VLAN, Trunking, Fast Ether Channel configuration.
• Documented all the work done by using Visio, Excel & MS word.