SUMMARY:

• Accomplished network and security engineering professional with over seven years of real time experience in designing, deploying, migrating and supporting critical multi - site redundant network environments.
• Extensive hands-on experience with complex routed LAN and WAN networks, Cisco routers, switches, ASA and PIX firewall deployment.
• Extensive knowledge of deploying & troubleshooting L2/L3 TCP/IP, Multilayer Switching, IPSec, UDP, WLAN, MPLS, Multicasting, Ethernet, IP Routing Protocols RIP, OSPF, EIGRP & BGP Cisco routers, switches, ASA and PIX firewall deployment.
• Extensive knowledge of related industry specifications and standards IEEE, ANSI, Fiber (Multimode, Single mode, UTP, etc.), Bridging, Switching, Routing, Ethernet and Transport technologies and protocols.
• Excellent customer management/resolution, problem solving and debugging skills with good verbal/written communications and presentation skills.
• Worked on cisco 3900, 2900, 2800, 800, 1700,7600 series routers and 1000 series ASR's.
• Worked on cisco 3500, 3700, 2900, 6500, 4500, 3500X series, POE and non-POE switches.

TECHNICAL SKILLS:

LAN Technologies: VLAN, VTP,vPC, Inter-VLAN routing, STP, RSTP, PVST,Active Directory

WAN Technologies: Frame Relay, ISDN, PPP, ATM, MPLS, exposure to DS1, DS3, OC3, OC12, OC48, NAT, PAT T1 /T3 & E1/E3

WLAN Technologies: Autonomous AP s, Lightweight AP s, WLC, WDS, WLSE, Standards - 802.11a, 802.11b, 802.11G

Server Technologies: Cent Os, Linux/Unix, Scripting in Perl,Python,Ruby,Shell Network Hardware

Cisco and other vendor equipment: Cisco routers (10008, 7200, 3800, 3600, 2800, 2600, 2500, 1800 series), & Cisco Catalyst switches (6500, 4900, 3750, 3500, 2900,4500 series), Cisco Nexus 5000 7000 series ; PIX Firewall 506/515/525/535, ASA Firewall 5520/5550, CatOS, Junos Os, Cisco IOS 11.x, 12.x, PIX OS 6.x, 7.x; Load Balancers (Cisco), Junipers M320, T640,CHECKPOINT firewall

Network Security: NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration(L2 and L3), Internet Content, Tenable Network Security, Filtering, Load Balancing, IDS/IPS, URL Filtering, MSS

Routing Protocols: RIP, IGRP, EIGRP,HSRP, SVI,LISP, OSPF, and BGP.

Infrastructure Services: DHCP, DNS, SMTP, FTP, TFTP, IIS.

IP Telephony: SIP, H.323, RTP, voice gateways, CCM, VoIP

Documentation: MS Office, Microsoft VISIO

Network Monitoring Tools: Wire shark,Splunk, Cisco works, Cisco Prime, Lancope, SolarWinds,Splunk, Vitalqip, View Point

PROFESSIONAL EXPERIENCE:

Confidential, Albany, NYC

Network Data Center Engineer/ Security Engineer

Responsibilities:

• As a member of Global Data Center Engineering and Development, which is responsible for designing, Implementing and troubleshooting of all kind of network requirements pertaining to the data center.
• Design and implementation of the LAN IP infrastructure using Layer 2 / Layer 3 switching, VLAN, VPC,HSRP and Trunking / channeling technologies and routing protocol EIGRP and OSPF.
• Primary responsibilities include but not limited to implementation and troubleshooting of all LAN/WAN solutions.
• Designing, implementing and configuring virtual device contexts (vDCs), virtual port channels (vPCs), and virtual routing and forwarding instances (vRFs).
• Instrumental in administrating a Security and Information Event Management(SIEM) solution with Cisco IPS to automate correlation of Windows and network devices.
• Routing and Switching with Cisco IOS (Cisco 2900, 3900, ASR, 3750, 4500, 6500,7600).
• Designing, configuring and Handling complaints for intranet and extranet VPNs over MPLS backbone. Checking the connectivity between different locations.
• Automated the deployment process in test for developers to deploy their applications into portal server without any administrator involvement.
• Developed shell scripts to automate the maintanence process.
• Configured and administrated VLAN Trucking Protocol to reduce administrative overhead. Enable secure sharing of VLAN information to prevent the introduction of rogue devices from affecting the VLAN database. Shutdown unused switches ports following Layer 2 security best practices.
• Administrated Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trucking using Pap for layer 2 forwarding. Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches. Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.
• Effectively utilizing complex lab setups to duplicate and solve Enterprise and Cisco Partners voice and video problems as well as possible interoperability issues between Cisco Video and Voice Platforms and third party video and voice platforms.Troubleshooting large video and voice networks on a daily basis, where protocols such as H323, SIP, ISDN are in use.
• Utilizing Wireshark and SMART in order to analyze output traces from multiple Cisco Voice and Video Platforms and Solutions.
• The data centers consisted of various Cisco platforms Cisco 3550, Cisco 4510, Cisco 6509, Cisco Nexus 5000 & 7010 series switches and LoadBlancer Cisco ACE, CSS, CSM, GSS and Big IP.
• Analysis of more than 200 firewalls which comprised of CISCO ASA, FWSM, PIX to check if configurations comply with design.
• Managing and implementing Layer 4 Cisco ACE and CSS load balancer, Migration of CSS to ACE load balancer and creating of SSL and Digital Certificates.
• Expertise in Routing & Switching technologies to provide advanced troubleshooting and escalation support with Cisco Nexus 7K/ 5K / 2K Products.
• Installation, configuration and maintenance of Cisco ASR9K,7200, 3900, 2800, 2600, 2500 and 1800 series Router / Cisco Nexus 7010,5548,2148 Catalyst Cisco 6500 (sup 720), 4500 (SUP 6), 3750, 2950 series Switches and juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP and f5LTM.
• Creation of fire wall policies as per the requirements on Checkpoint, ASA, FWSM, Juniper firewalls.
• Configuring ASA and PIX Firewall to allow site to site VPN access and configuring authentication, encryption, compression ,ACL to ensure better security.
• Administered multiple PIX firewalls throughout WAN to ensure LAN integrity from external threats and usage of PaloAlto firewall devices.
• Led the implementation of McAfee Network Security IPS/IDS Platform.
• Multi-user support, system integrations and PCI ASV scanning to Nessus in an easy-to-deploy cloud-hosted package.
• Detection, scanning and auditing features with Nessus multi-user support for enterprise teams. Provides a solution for aPCI DSS Approved Scanning Vendor (ASV) solution.
• Working with Palo Alto Next gen 5550 firewalls with Panorama appliances.
• Configured standard and extended ACL’s on the servers to limit its access.
• Complete replacement of BIND/Linux DNS solution with BlueCat internally and UltraDNS externally.
• AAA,PAP and CHAP implementation using Cisco Secure ACS (TACACS+, RADIUS).
• Proposed, installed, and configured Solarwinds Network Performance monitoring for networkinfrastructure monitoring purposes. This includes, but is not limited to, availability, protocol usages (via NetFlow), and VoIP quality metrics (using IP SLA).
• Installation/Configuration/Administration of SolarWinds NCM, NPM, NTA & Vman.
• Configuring policy based traffic shaping and troubleshooting of Bluecoat WAN Accelerators, and Bluecoat packet shapers and bluecoat proxies.
• Configuring all the end ports as access ports using port fast and implementing BPDU guard.
• Working on Cisco ACS, Cisco works, HP NNMI tools for ticketing system and authentication.
• Configuring the back end in the call manager for Paging and GateBox, the Analog gateway and PRI depend on the site requirement in VoIP environment and installation and maintainenace of VoIp infrastructure components.
• Installation and troubleshooting of Cisco LAN products such as 6k, 4k, 3850.
• Worked on inter-operability issues involving 3rd party firewalls like Cisco ASA/PIX, Juniper, and Cisco IOS routers.
• Architected and deployed new wireless network including vendor selection( Aruba Networks), site survey, and deployment of back-end services for secure 802.1x authentication.
• Deployed the Cisco 3500 Access Points using Cisco Wireless controllers 5500 and 2500 and WCS System and Network access enforcement for multivendor Wi-Fi, wired and VPN networks and advance policy management using Aruba Clearpass.
• Provided other staff with weekly hour-long training sessions on TCP/IP. Topics included network principles, communication layers, addressing and subnetting, routing and ICMP, TCP and UDP, DHCP, multicasting, SNMP, and security.
• Managed successful delivery of massive security response portfolio including Splunk, Cisco WSA, Cisco IPS, Sourcefire FirePower and AMP, Cisco ESA, FireEye, Passive DNS collection, DNS-RPZ, Cisco ISE, Lancope StealthWatch, and Mandiant.
• Deployed Palo Alto Firewalls for web filtering and application control.
• Writing Engineering work orders as per the changes going in data center and implement the changes as per the schedule.
• Efficient use of Microsoft VISIO as for technical diagrams, technical documentation and presentation tools.
• Conducting research on network products, services, protocols and standards.
• Providing support for teams in activities such as Load testing, troubleshooting an managing VIP, Sticky Ness and to evelop, implement and maintain policies, procedures and associated training plans for network administration, usage and disaster recovery.
• Analyzed reports and key network health indicators to identify exception conditions; takes corrective action to resolve issue.
• Providing assistance and consulting to other groups and departments in support of improving customer service and provides 7X24 on-call pager support based on a rotation schedule.

Confidential, Bohemia, NYC

Network Engineer.

Responsibilities:

• My accomplishments are Network Administration and Security Infrastructure with Cisco hardware which includes data center and campus network.
• Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists etc.
• Managing Cisco Routers3600,7200 series routers And Cisco Switches 3800 and 6500 series.
• Project involved was upgrading Cisco nexus 2000 series switches with Cisco nexus 5000 series switches.
• Configuring Net Screen Firewall to allow site to site VPN access and configuring authentication, encryption, compression ,ACL to ensure better security.
• Network security monitoring: analysis and identification of incident activities and system log files by Tenable Security Center.
• Designed and installed Solarwinds Network Performance Monitor SNMP management stationfor continuous and proactive monitoring of server and network equipment.
• Eliminating network blind spots by continuously monitoring network traffic in real-time to discover active assets by Tenable Passive Vulnerability Scanner.
• Assist with security incident research and reporting: Malicious network activity mitigation, IP Spoofing prevention measures, DDOS and netflow monitoring, Comprehensive monitoring and alarming of infrastructure components.
• Applied effectively various routing protocols including EIGRP, OSPF and BGP.
• Isolate and diagnose network problems,SSH,HTTP,HTTPS,involving TCP/IP, DHCP, DNS, Group Policy, Deployment & support of Active Directory Services.
• Used DHCP to automatically assign reusable IP addresses to DHCP clients.
• Administration of QIP and Infoblox security groups and users (build, create, assign, bind, and delete subnets).
• Responsible for the stability, functionality, and protection of company's DNS, DHCP, and WINS infrastructure. .
• Migration to virtual servers in F5 Load balancer as part of web.
• Involved in implementation of Wireless LAN, Wireless Access Point and Hotspots for our various clients and troubleshooting of Wi-Fi related problems faced.
• Designed configuration and layout of WAN to include IPT Internet facing VPNs and wireless subnet.
• Palo Alto Firewall, Global protect VPN, Cisco switch and router management.
• Routing between Riverbed Steelhead WAN Optimization Controllers and Cisco and Juniper router platforms.
• Experience configuring/administrating technologies including: Checkpoint and Palo Alto.
• Troubleshooting in unity: auto attendant, call handler, subscriber and MS Exchange.
• Configuration of Callmanager Express (CME) on 2800 series Routers and design, implementation, ongoing management and troubleshooting of Cisco Unified Communications Systems, including Call Manager / Unified Communications Manager 6.x, 7.x Unity .
• Troubleshooting Call Manager Express and IPCCX, SRST issue in VoIP environment.
• Experience in a broad range of networking tasks including planning, design, test, integration and deployment of high-speed, secure, highly survivable, voice, data & video networks.
• Maintaining and updating inventory using Network Management Application layer softwares like SNMP, Wireshark, NTP, and Syslog.
• Managing Servers using Hardware Load balancerF5and Cisco ACE load balancer by managing internal customized tools and creating of SSL and Digital Certificates.
• Provided support for teams in activities such as Load testing, troubleshooting, and performance tuning.
• Worked on Installation, configuration and maintenance of Juniper M320, Juniper M7i, and Juniper M10i RoutersConfigured standard and extended ACL’s on the servers to limit its access.
• Configured static NAT, dynamicNAT, inside global address overloading, TCP overload distribution, overlapping address translation.
• Provided routing support including configuration and troubleshooting of various routers.
• Implemented IP, RTP, TCP, UDP, IPV4 Packets capture and analysis using WIRESHARK (ethereal).
• Configured and supported multiple remote site installations.
• Worked along with the team in ticketing issues by ServiceNow ; responsibilities included documentation and support other teams.

Confidential, Murrysville, PA

Systems/ Network engineer

Responsibilities:

• Installation and Configuration of Cisco 2800, 3600, 4500 Series Routers.
• Assisted in troubleshooting LAN connectivity and hardware issues in the network.
• Studied and analyzed client requirements to provide solutions for network design, configuration, administration, and security.
• VPN configuration, routing, NAT, access-list, security contexts.
• Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
• Configured SolarWinds Orion NPM to monitor performance and health of all enterprise network infrastructure.
• Monitor performance of network and servers to identify potential problems and bottlenecks.
• Configuration & maintenance of Cisco 2600 series routers with OSPF protocols.
• Performed RIP & OSPF routing protocol administration.
• Interacted with support services to reduce the downtime on leased lines.
• Involved in SNMP Network management and performance evaluation.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and trouble shooting on LTMs and GTMs.
• Upgrading call manager from 4.1 to 6.1.
• Access Control Lists to enforce security or QoS policies.
• Troubleshoot problems on day to day basis; provide solutions to fix the problems both hardware and software.
• Troubleshoot firewall policy issues on Palo Alto.
• Monitor the operability and reliability of the network.
• Maintenance and Troubleshooting of connectivity problems using Ping, Trace route.
• Managed IP address space using subnets and variable length subnet masks (VLSM).
• Ensured trouble tickets from Hotline and Network Operations Center are prioritized and addressed within severity guidelines by the department.
• Worked along with the team in ticketing issues; responsibilities included documentation and support other teams.

Confidential

Network Security Engineer

Responsibilities:

• Design and Implement DMZ for FTP, Web and Mail Servers with CISCO PIX 506, PIX515.
• Configured NAT and PAT on the Cisco PIX Firewalls for the Internal Systems.
• Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).
• Configuring and implementing VirtualLANs.
• Troubleshooting of VLAN.
• Hardware installations using Fiber cable, Ethernet,copperwiring etc.
• Expertise in VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
• Placed access control list (ACL) on inside and outside interfaces on the PIX Firewall.
• Fine-Tuning/ Optimization of Firewalls rule base againt Non-compliance.
• Experience with different Network Management Tools and Sniffers like SNMP, HP-Open view, and Cisco works to support 24 x 7 Network Operation Cente
• Understanding the Firewall clusters and IPSEC VPN and working on the service requests from the customers.
• Network security related incident management and troubleshooting.
• Configured Turbo ACL.
• Migration of PIX to ASA.
• Configured Failover for high availability.