SUMMARY:

• Utilizing more than 11 years of Information Technology experience to work in a quality - centric environment with a team using latest technologies; while being in a growth-oriented position utilizing my technical, analytical, designing, and implementation skills to bring project to a successful conclusion.

TECHNICAL SKILLS:

Hardware Routers: Cisco 800, 1800, 2800, 2900, 7200 Series Routers, ASR 9000 Series

Switches: Cisco 6500, 4500, 3560, 3550, 2900 Series, Dell PowerConnect, HP. Nexus Series

Security: ASA 5500 Series, PIX5XX Firewall Series, IPS4200 Series, Cisco Secure ACS, Cisco ISE, Cisco Prime, VPN Concentrator, Cisco NAC, Cisco CSC, SonicWall Firewall TZ205, TZ210

Software: Nmap, Wireshark, Cisco Packet Tracer, GNS3, Microsoft Office Suite (Word, Excel, PowerPoint), Application Software, Utility Software (McAfee, Norton, Kaspersky), VMware, Active Directory, Cisco Works

Routing: Static Routing, RIPv1, RIPv2, EIGRP, OSPF, BGPv4, IS-IS, ODR, GRE, MPLS, IPv6, Traffic Engineering, Policy Based Routing PBR, NAT, HSRP, VRRP, GLBP, DHCP, NTP, SNMP, IP SLA, AAA (RADIUS/TACACS+), QoS, Route Filtering, Redistribution, Multicasting, Summarization

Switching: STP, RSTP, MSTP, VTP, DTP, VLANs, Trunking, Layer 3 capabilities, Etherchannel

Security: Site- to-site VPNs, Remote Access VPNs, GRE, IPSec, NAT, AAA (RADIUS/TACACS+), Access Control Lists, Traffic Filtering, Failover, Transparent Firewall, Security Contexts, IOS Security Features, Cisco Secure ACS, Cisco CSA, DMZs, CBAC, IDS, IPS, SSH, TELNET

PROFESSIONAL EXPERIENCE:

Confidential, Arlington, Virginia

SENIOR NETWORK/SECURITY ENGINEER

Responsibilities:

• Lead in the deployment of new switching technology such as Virtual Switching System (VSS) in the data center on Cisco 6880
• Deployed FabricPath, Overlay Transport Virtualization (OTV), Port-Channel, and virtual Port-Channel (vPC) technology on Nexus NX-OS Switch
• Deployed and monitored Cisco Identity Service Engine (ISE) and Cisco Secure ACS for the implementation of port-based authentication (DOT1X), profiling and AAA (TACACS+ & RADIUS).
• Designed and deployed networks using static and dynamic routing protocol (IP, RIP, EIGRP, OSPF and BGP)
• Reviewed and monitored access control lists (ACLs) on network switches, routers and ASA as needed to maintain security standards
• Upgraded Cisco IOS and NX-OS as needed to maintain security standards and mitigate software security vulnerabilities
• Configured and troubleshoot VLANs, 802.1q trunks, VTP, high availability solutions like HSRP, ether channels (Layer 2 and Layer 3).
• Monitored Cisco devices health and reachability with network monitoring and management tools such as Solar Winds
• Performed extensive penetration and vulnerability testing using Nessus security scanner, Retina network scanning tool, Wireshark, and Nmap.
• Designed and configured Cisco Adaptive Security Appliance (ASA) and Cisco Router to implement IPSec Site-to-Site VPN, GRE Tunnel VPN, multihoming using Policy-Based Routing

Confidential, Baltimore, Maryland

SENIOR NETWORK/SECURITY ENGINEER

• Develop Systems Security Plan (SSP), Security Test and Assessment (ST&A) plan, Security Requirement Traceability Matrix (SRTM), Security Assessment Report (SAR). NIST RMF 800-18, NIST RMF 800-37, NIST RMF 800-53, NIST RMF 800-53A, NIST RMF 800-60.
• Establish and maintain a professional relationship with System Owners (SOs) and Technical Leads (TLs) of information systems under my purview. Interview SOs and TLs about the operations and maintenance of their systems as part of assessment efforts. Co-ordinate the security analysis of quarterly security scans and remediation of security findings documented in POAMs in collaboration with Systems Owner and Technical leads.
• Deployed and monitored Cisco Identity Service Engine (ISE) and Cisco Secure ACS for the implementation of port-based authentication (DOT1X), profiling and AAA (TACACS+ & RADIUS).
• Implementing security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, and SonicWALL firewalls. Designed and deployed networks using static and dynamic routing protocol (RIP, EIGRP, OSPF and BGP). Implementation & troubleshooting of VLANs, 802.1q trunks, VTP, high availability solutions like HSRP, ether channels, SSL VPN, site-to-site VPN, ACL, NAT, PAT and routing related issues install, upgrade, backup, monitoring and troubleshoot all Cisco equipment’s using Cisco IOS features, Cisco Configuration Professional and Security Device Manager. Performed penetration and vulnerability test using tools such as Nessus security scanner, Retina network scanning tool, Wireshark, and Nmap. Experience with network monitoring and management tools such as Solar Winds. Experience with security concepts and technologies - stateful packet filtering, access lists, DDOS and other risk mitigation strategies.

Confidential, Bethesda, Maryland

NETWORK SECURITY ENGINEER

• Develop Systems Security Plan (SSP), Security Test and Assessment (ST&A) plan, Security Requirement Traceability Matrix (SRTM), Security Assessment Report (SAR), Security Impact Assessment (SIA), Risk Assessment Report (RAR) and other Security Package artifacts towards annual reassessment/ FISMA compliance efforts.
• Designed and deployed networks using static and dynamic routing protocol (IP, RIP, EIGRP, OSPF and BGP)
• Implementing security policies using ACL, Active/Standby & Active/Active Firewall, IPSEC, SSL, VPN, IPS/IDS, implementation & troubleshooting of VLANs, 802.1q trunks, VTP, high availability solutions like HSRP, ether channels, SSL VPN, site-to-site VPN, ACL, NAT, PAT and routing related issues
• Deployed and monitored Cisco Identity Service Engine (ISE) and Cisco Secure ACS for the implementation of port-based authentication (DOT1X), profiling and AAA (TACACS+ & RADIUS).
• Install, monitoring and troubleshoot all Cisco equipment’s using Cisco IOS features, Cisco Configuration Professional and Security Device Manager, performed penetration test using tools such as wireshark, and nmap on RioRey proprietary devices, replay of pcaps using a dedicated server and analysis of Pcaps using wireshark
• Experience with network monitoring and management tools such as SolarWinds and Cacti. Remote and on-site troubleshooting and diagnosis of network connectivity issues. Experience with security concepts and technologies - stateful packet filtering, access lists, DDOS and other risk mitigation strategies
• Experience with TFTP, FTP, SFTP, mapping network drives and general operations procedures for Windows and Linux Servers, upgrading and backups of Cisco router configuration files.

Confidential, Greenbelt, Maryland

NETWORK ENGINEER

• Designed and deployed networks using static and dynamic routing protocol (IP, RIP, EIGRP, OSPF and BGP)
• Design and implementation of a well-structured LAN, implementation of DHCP on the network
• Configuration and troubleshooting of Network Address Translation (NAT), VLANS, VTP, Trunking and Pruning on switched networks
• Enabling port-security for preventing unauthorized network access, enabling port fast, uplink fast, and backbone fast for fast convergence.
• Password recovery of networking devices using configuration register
• Installing and configuring computer hardware operating systems and applications;
• Troubleshooting system and network problems, diagnosing and solving hardware or software faults;
• Replacing parts as required;
• Providing support, including procedural documentation and relevant reports;
• Rapidly establishing a good working relationship with clients

Confidential

Network Solutions Engineer

• Network and IP design for clients. Advanced configuration of Cisco Routers and Switches
• Configuration of VLANs, VTP, Etherchannel, inter-VLAN routing on routers and Layer3 switches
• Securing Cisco Switch access, implementation of traffic filters using Standard and Extended Access Control List, Distribute-list and Route Maps. Troubleshooting hardware and LAN related issues - TCP/IP, DNS, DHCP, Layer2/3 network devices. Planning & scheduling the network and service down time for various upgrades and maintenance
• Design and implementation of Cisco IPSec Site-to-Site VPN, GRE Tunnel VPN, multihoming using Policy-Based Routing, DHCP, NAT, VLAN, VTP and Ether-channel, inter-VLAN routing on routers and Layer-3 switches
• Deployed and monitored Cisco Identity Service Engine (ISE) and Cisco Secure ACS for the implementation of port-based authentication (DOT1X), profiling and AAA (TACACS+ & RADIUS).
• MPLS design and Implementation. Design and Implementation of enterprise VoIP telephony network
• Provide technical support to customers on-site and remotely using team-viewer.
• Installed, configured and maintained network services, hardware systems and peripheral equipment/devices
• Analyze, monitor and troubleshoot software and hardware related issues
• Developed help desk documentation with a step by step guide on resolving operating system, software, hardware and network related problems
• Installed operating systems, software, anti-virus and software patches