SUMMARY:

• Network Security Engineer with 8+ years of professional experience in field of Network engineering, performing Network analysis, design, Implementing, capacity planning with focus on security, performance tuning and support of large Networks.
• Experienced on working with Palo Alto Network firewalls (7K,5K,3K) for URL filtering (PAN - DB), Anti-virus, IPsec, VPN, SSL-VPN, IPS, Log Management, Zone Security, Threat prevention.
• Strong knowledge and hands on experience on Panorama and Wildfire.
• Strong experience on Juniper SRX 550/220 & Netscreen 500/5200 Firewalls and Checkpoint R75, 76, R77 Firewalls.
• Worked on Extensively on Cisco Firewalls ASA 5500 Series.
• Extensively implemented and maintained intrusion detection/ prevention (IDS/IPS) firewall system to protect enterprise network and sensitive corporate data. IDS/IPS signatures are configured in Firewall for TCP and UDP fine tuning.
• Experience on configuring RADIUS, TACACS+, LDAP, AAA for client authentications in various scenarios.
• Network security including NAT/PAT, ACL, VPN Concentrator.
• Experience in creating polices, alerts, extracting logs and performing real time analysis using SIEM tools like Splunk, Qradar, Solar winds.
• Experience with F5 load balancers and Cisco load balancers (ACE and GSS).
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyses results and implement and delivering solutions as an individual and as part of a team.
• Experience in configuring and troubleshooting Cisco ISE (Identity Service engine)
• Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Cisco Security: Telnet, SDM, NAT/ACLs, Layer 2 Security, Layer 3 Security, IPS/IDS, Cisco (ASA) 5500, Cryptography, VPN, IPsec.
• Worked extensively on Juniper MX 104,240,480 Series Routers and EX 3300, 3400, 4200 series Switches.
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture
• Experience working with OTV & FCOE on the nexus between the datacenters
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Experience with different Network Management Tools and Sniffers like Wireshark (ethereal), HP-Open view, RSA envision, and Cisco works to support 24 x 7 Network Operation Center.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP .
• Moderate knowledge in configuring and troubleshooting Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics.
• In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS, Fiber optic circuits and Frame Relay
• Hands on experience on Up-gradation of Cisco IOS & Firmware of different Cisco devices & modules.
• Hands on experience on Cisco wireless access points and VMWare Virtual Infrastructure (ESX server).
• Black listing and White listing of web URL on Blue Coat Proxy servers.
• Involved in Disaster Recovery activity, like diverting all the traffic from production data center to Disaster Recovery data center
• Knowledge on PKI (Public and Private Key) Encryption, Decryption.
• Excellent in documentation and updating client's network documentation using VISIO.

TECHNICAL SKILLS:

Routing: OSPF, EIGRP, BGP, PBR, IS-IS, Route Filtering, Redistribution, Summarization, Static Routing, PBRSwitching VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Network security: Cisco (ASA) 5500, ACL, IPSEC, VPN, Security context

Load Balancer: Cisco ACE load balancer, F5 Networks (Big-IP)

LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet

WAN: Leased lines 64k - 155Mb (PPP / HDLC), Channelized links (E1/T1/E3/T3), Fiber Optic Circuits, Frame Relay, ISDN, Load Balancing

Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, Windows 7), Basic Linux

Routers: Cisco 26XX, 28XX, 37XX, 38XX, 39XX &72XX series, Juniper MX 104,240,480

Switches: Cisco 3550, 3750, 45XX, 65XX series, and Juniper EX 3300, 3400, 4200,Nexus 5000,7000.

Firewalls: PALO ALTO 3K,5k,7KCisco ASA 55XX series, Juniper SRX 220/550 NETSCREEN 500/5500, Checkpoint R75, R76 & R77

Various Features & Services: IOS and Features, HSRP, GLBP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, LLDP, TFTP and FTP Management

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Network Management: SNMP, Cisco works LMS, HP open view, Etherenal, MRTG/PRTG server, Nexus 2000, 5000, 7000 series, Zenoss, Ionix and Opalis

Reports: Microsoft (Visio pro.), Checkpoint (Eventia reporter, Smart view)

PROFESSIONAL EXPERIENCE:

C onfidential, Chicago, IL

Sr. Network Security Engineer

Responsibilities:

• Experience on working with Palo Alto Network firewall (7040,5060,3060) with security, networking and management features such as User ID, App ID based firewalling, Security Policies, URL filtering, Anti-virus, Log Management etc.
• Implemented Zone based firewalling and authentication profiles and PAN Firewall.
• Firewall deployment, rules migrations, firewall administration and migrating existing rule based onto Palo Alto Firewalls.
• Experience with working on Palo Alto using centralized management GUI PANORAMA for logging sessions, creating reports and managing different firewall devices.
• Worked on Site to Site IPsec VPN configuration.
• Configured HA in Active Passive mode including HA links of the PAN firewall.
• Responsible for configuring the Palo Alto to mitigate DOS, Data leak attacks and to have Threat Prevention, Data Filtering.
• Configured Palo Alto to connect with Wildfire cloud to prevent Zero-day and Malware Attacks.
• Upgraded PAN OS from 7.0.17 to 7.1.11.
• Implemented security policies by creating groups (objects) and specific policies as per the user levels.
• Experience in Migration from Checkpoint Firewalls to Palo Alto Firewalls.
• Worked on S2S VPNs Implementations; Providing support for Checkpoint R75 and R76.
• Monitoring Traffic and Connections in Checkpoint and network operations.
• User authentication and resource allocation using Cisco ACS server using TACACS+ and RADIUS for administrative control.
• Worked on Checkpoint VSX platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Experience with Remote access management to help with troubleshooting for remote direct access clients and Check Point VPN.
• Hands on Experience testing iRules using Browser (IE), HTTP watch on f5 load balancers.
• Managed F5 BigIP LTM appliances to load balance server traffic in critical serval access silos
• Configuration of Virtual Servers, Nodes, and load balancing Pools.
• Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000
• Involved in upgrading switches from 6500 E to 4500-X
• Implementation of BGP to optimize WAN routing on the core and edge routers.
• Mutual redistribution of OSPF and BGP routes using route maps.
• Involved in upgrades to the WAN network from existing 7200vxr with ASR1004 and 3845/3945 routers.
• Upgrading branch network connectivity with total refresh of the network infrastructure with new 3845 routers and 2960 switches.
• Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MST related issues coming in network environment
• Implementation and configuration of GLBP/HSRP on multilayer switches for first hop redundancy.
• Configuration and extension of VLAN from one network segment to their segment between Different vendor switches.
• Convert Campus WAN links from point to point to MPLS and to convert encryption from IPSec/GRE to GetVPN.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed
• Performed basic security audit of perimeter routers, identifying missing ACL’s, writing and applying ACL’s
• Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices.
• Engineering the configurations for the different branches, campus locations
• Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-Trunking, deployed port security when possible for user port.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP.
• Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
• Involved in the modification and removal of BGP from the MPLS routers.
• Worked on Orion for analysis and monitoring purposes
• Also prepared documentation for various VLAN’s and Voice subnetworks and worked on Visio for the same.
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling

Confidential, Charlotte, NC

Network Security Engineer

Responsibilities:

• Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA 5500and Juniper SRX220/550series firewalls.
• Configured authentication Protocols (Radius and TACACS+) for cisco ASA firewalls.
• Good understanding on Kerberos (authentication protocol).
• Managed VPN, IPsec, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Cisco ASA Firewalls.
• Working experience with Natting techniques on firewalls such as Juniper SRX Firewalls. traffic and Administration of ASA firewalls in the DMZ and FWSM in the Server Farm to provide Security and controlled restricted access.
• Expertise knowledge on Siem tools like Qradar to get real time analysis of security alerts generated by network hardware and applications
• Configuring failover of CISCO ASA 5500 in Active/stand-by mode
• Experience with CSM, F5 (LTM) Load balancers to provide efficient switching and routing for local and global traffic.
• Configuring objects such as Load Balancer pools for local traffic management on F5 Load Balancers.
• Configuring, upgrading and deployment of Nexus 7010, 5596 and 2248.
• Working with Cisco Nexus 2248 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture.
• Configuring Cisco Routers 7200, 3925, 3800 and switches 6500, 4510, 3750, 2811 and Juniper MX 104,240,480 Series Routers and EX 3300, 3400, 4200 series Switches.
• Configuring, maintaining and troubleshooting routing protocols such as OSPF, EIGRP and BGP
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst switches
• Configuring PAGP and LACP protocol along with BFD link detection protocol
• Experience in design and implementation of new branch test and turn up.
• Analyzing and resolving a high percentage of initial customer contact in the areas of PC/LAN.
• Escalating customer problems to management and support groups utilizing standard escalation model.
• Experience on designing and troubleshooting of complex BGP and OSPF routing problems,
• Configuring DNS /NIC card issues and wall jack issues while troubleshooting IP addressing problems.
• Responsible for creating, modifying, removing VLAN configuring as per the need.
• Tracking overall network
• Configuring Wireless utility for all employees.
• Design and implementation of IPSEC VPN/GRE architecture used for multicast and unicast communication on an existing IP VPN.
• Troubleshooting IOS related bugs based on past history and appropriate release notes. Planning and configuring the entire IP addressing plan for the clients' network.
• Implementing & Troubleshooting of T1, MUXES, CSU /DSU and data circuits. capacity issues that are impacting throughput, bandwidth, and quality
• Pinpointing physical network conditions that are contributing to call quality issues
• Engaged in branch turn up’s, helped in identifying network requirements of new building, installed new networking hardware, and coordinated with vendors for cabling/wiring
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external Escalation procedures and customer notifications.
• Configured Cisco Routers for OSPF, IGRP, EIGRP, Static and default route.
• Worked on HSRP and GLBP for first hop redundancy and load balancing.
• Configured the Cisco router as IP Firewall and for NATing.
• Prepare, update, and maintain technical and logistical network documentation
• Decommission serial T3 circuits and replace with MPLS circuits. MPLS clouds were provided by Level 3.
• Trouble-shooting end-user reported problems, thoroughly and accurately documenting problem in trouble management tool.

Confidential, Omaha, NE

Sr. Network Engineer

Responsibilities:

• Configuration and support of Juniper Net screen 500/5500 firewalls, Cisco ASA 5500 series Firewalls, web application firewalls.
• Managed multiple security devices in order to protect the Enterprise's network - Vulnerability Scanners, Malware Detection, Intrusion Detection; Host based Firewalls, SIEM, Web Application Firewall, Cisco UCS.
• Enabled GSR RPR+ mode, installed Engine 5 SIP cards, Upgraded Cisco GSR routers GRP-Bs to PRPs (RPP+), PRP 1 to PRP 2 and IOS levels as well.
• Tested various BGP features like local-preference, MED, Weight and replicated customer issue problems in the testing environment lab.
• Performed various Line card memory upgrades, PRP memory upgrades and fabric upgrades on Cisco 12000 series routers.
• Worked on Juniper MX 104,240 Series Routers and EX 3300, 3400 series Switches.
• Configured policy maps, class maps and access lists on GSRs.
• Worked with JTAC and Cisco to troubleshoot various problems.
• Handle customer escalations related to Internet connectivity issues, VPN issues (OSPF sync issues), etc; work with various technical teams to find a resolution in a timely fashion.
• Created load balancing policies using BGP attributes such as Local Preference, AS-Path, MED, Community etc.
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
• Configuring objects such as Load Balancer pools for local traffic management on F5 Load Balancers.
• Extensively used TCP/IP tool like TELNET for remote login to the routers and SSH for secure login.
• Has expertise in LAN/WAN technologies (fast Ethernet, Layer2 & 3 switched/routed LAN, and Frame Relay).
• Installed and maintained Cisco and F5 Load Balancer and documentation.
• Improving OSPF convergence by controlling SPF algorithm, LSA/SPF throttling.
• Participate in all technical aspects of LAN, WAN, VPN and security internetworking projects including, short and long term planning, implementation, project management and operations support as required.
• Experience working with SONET controller interfaces in the Cisco IOS-XR.
• Writing rules in such a way that they append various properties that define pool selection process.

Confidential

Network Engineer

Responsibilities:

• Implementing new/changing existing data networks for various projects as per the requirement.
• Troubleshooting complex networks layer 1, 2to layer 3 (routing with MPLS, BGP, EIGRP, OSPF protocols) technical issues.
• Providing support to networks containing more than 2000 Cisco devices.
• Performing troubleshooting for IOS related bugs by analyzing past history and related notes.
• Carrying out documentation for tracking network issue symptoms and large scale technical escalations.
• Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
• Worked on the security levels with RADIUS, TACACS+.
• Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
• Commissioning and Decommissioning of the MPLS circuits for various field offices.
• Preparing feasibility report for various upgrades and installations
• Identify, design and implement flexible, responsive, and secure technology services
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configured switches with port security and 802.1 xs for enhancing customer’s security.
• Monitored network for optimum traffic distribution and load balancing using Solar winds.
• Validate existing infrastructure and recommend new network designs.
• Created scripts to monitor CPU/Memory on various low end routers in the network.
• Installed and maintained local printer as well as network printers.
• Handled installation of Windows NT Server and Windows NT Workstations.
• Handled Tech Support as it relates to LAN & WAN systems
• Configuring and troubleshooting multi-customer network environment.
• Involved in network monitoring, alarm notification and acknowledgement.
• Subnetting networks. Troubleshooting DHCP and DNS Servers.

Confidential

Network Support Engineer

Responsibilities:

• Upgrade Cisco 7200, 3600 Router IOS Software, backup Routers and Catalyst 3560, 4500 switch configurations
• Support 24x7 operations and answer calls from the customers on network emergencies and resolve issues
• Install and manage Cisco Catalyst 3500XL, & 2960 series Switches and Cisco 3900 series routers
• Hands on Experience in Inter-vlan routing, redistribution, access-lists and dynamic Natting
• Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network
• Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management and operations support as required
• Conduct through analysis, problem solving, and infrastructure planning
• Provide assistance to Network Manager and serve as Secondary Network support.
• Troubleshoot and fix any backup and monitoring systems related issues in conjunction with Systems team and external vendors