SUMMARY:

• Certified Professional with 10 years of experience in routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• Strong knowledge in Cisco Routing, Switching and Security with Cisco hardware/software (heavy Cisco shop) experiences.
• Installed and administered ASA, Checkpoint FW products.
• Experience in site - to-site and remote access VPN solutions.
• Experience working in NERC CIP environment and NERC CIP certified.
• Evaluate the weaknesses and vulnerabilities of various routers, switches and Firewall before deploying them in the field; detect limitations of the hardware and firmware; coordinate with vendors to resolve these issues before actual project implementation.
• Experience on AWS cloud services like EC2, S3, RDS, ELB, EBS, VPC, Route53, Auto scaling groups, Cloud watch, Cloud Front, IAM for installing configuring and troubleshooting on various Amazon images for server migration from physical into cloud.
• Experience with F5 load balancers - LTM and GTM series like 5000, 2000 for the corporate applications and their availability.
• Added, removed or modified FW object like node, network and group.
• In depth understanding of IPV4 and IPV6 and implementation of Subnetting.
• Responsible for implementation, and operational support of enterprise IPS/IDS systems Checkpoint IPS.
• Extensive knowledge in security policies including NAT, PAT, and VPN, Route-maps, Prefix lists and Access Control Lists.
• Experience in WAN Technologies, Switching Technologies along with Failover Mechanisms and Inter Vlan Routing types.
• Strong hands on experience in installing, configuring and troubleshooting of Cisco 3900, 3600, 2900, 2600, 2500 and 1800 series routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Access Control Server configuration for RADIUS and TACACS+ .
• Experience with Project documentation tools & implementing and maintaining network monitoring systems and experience with developing network design documentation and presentations using VISIO.
• Expert in Routing and Switching experience with Cisco NX-OS (Nexus 9k/7k/5k/2k)
• Excellent communication and inter-personal skills, quick learner, self-motivated and good team player along with leadership qualities.
• Experience in Cisco: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay & MPLS), Routing protocol configurations (RIP, EIGRP,OSPF, BGP).
• Experience in internal and external DNS server.
• Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using WireShark protocol analyzer and recommended solution for better performance.
• Strong general management, negotiation, inter-personal, communication and team building skills.
• 24/7 on call support provided on a bi-weekly rotational basis.
• Mentored summer interns for 1 year.

TECHNICAL SKILLS:

Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC and ISDN.

Languages/Web Technologies: C#.Net, VB.Net, ADO.NET, Java, J2EE, J2ME, Perl, C++, SQL, PL/SQL, HTML, XML, JSP, VB, ASP, Web Logic, JavaScript, VB Script, WebSphere Application Server, IIS.

IP Routing: RIPv1, RIPv2, BGP, OSPF, IGRP, EIGRP.

Network Peripherals: Hubs, Cisco switches (2900, 2924, 2950, 3550, 3560, 4000, 5500, 6500, 6509, 6513,), Cisco routers (2600, 2800, 3640, 3700, 3825, Nexus 9k, 7k, 5k, 3k ), Cisco PIX 500 series, Cisco ASA 5500 series, Cisco 1200 Aironet Access Points, CSU/DSUs, network cards and Modems. SDN, AWS, Microsoft Azure, Cisco WAN manager, Cisco works 2000. F5 (5000, 2000)

Sniffers: Ethereal (wireshark).

Topologies: Frame Relay, T1, T3, Ethernet, Cable Modem, xDSL and Wireless.

Operating Systems: Windows 95/98/2000/NT/XP/Vista/7, Unix, Linux, and DOS.

PROFESSIONAL EXPERIENCE:

Confidential, New Jersey, NY

Sr. Network Engineer/Security/Cloud/Architect

Responsibilities:

• Configured and implemented SCADA system, NERC/CIP standard and related hardware.
• Design and implemented Cisco ASA firewall 5585x, 5506x for internal network and external network.
• Minimized the access list for future Trouble Shoot and maintain best practices throughout the network.
• Configure redundancy protocols HSRP Cisco device.
• Responsible for the creating and maintaining of standard configurations for all network devices with the Audit recommendation and bring other team on board to follow best practices.
• Migrate ASA firewall x and x run them in virtual lab environment to test prior to production environment.
• Prevent loop between BGP and EIGRP, configured route map, access list to implemented to production and customer remote site.
• Provide network access control( NAC) solution for the organization using Cisco Identity Service Engine(ISE).
• Configured and maintained user accounts for dev, QA, and production teams and created roles for EC2, RDS, S3, CloudWatch, EBS resources to communicate with each other using IAM.
• Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
• Performed implementation and support of F5 Big-IP LTM devices for system load balancing.
• Created VIP and Pool members in the F5 LTM
• Participated production roll out project for F5 LTM
• Added, removed and modified FW rules once ticket get approve.
• Provided Maintenance support to F5 load balancers. Created new or changed Irules based on the functionality of the company's application and business demands change.
• Coordinated with network team to troubleshot FW or network related issues.
• Provided network engineering design for the ASA Firewall and MPLS to achieve optimal solutions for the clients.
• Establishing VPN Tunnels using IPSec encryption standards and also configuring and implementing site-to-site VPN, Remote VPN.
• Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning and configuring VLANs/routing/NATing with the firewalls as per the design.
• Configured Cisco 3700 series Wireless Access Point and 2500 series Wireless Controller.
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.

Confidential, New York

Network Security Engineer

Responsibilities:

• Design and implemented a remote access solution using Checkpoint Firewalls Site to Site VPN blade.
• Implemented and maintained various VPN solutions (IPSEC/S SL) for clients& associates.
• Lab planning and setup test lab for test environment.
• Implemented and maintained log detect threats and potential risks. Analyze data from these events to make recommendation to all levels of management, and to mitigate discovered threats.
• Identify areas of improvement in the network. Developed detail engineering plans to make improvements in the network. Scheduling and completing maintenance outage to accomplish the improvements managed defects and provided written communication and metrics on testing progress of application systems.
• Troubleshot FW related issues day to day basis.
• Responsible for the creation and maintaining of standard configurations for all Checkpoint Firewall s. This included policy and other standard changes. Also, implemented SSL VPN tunnels to remote sites.
• Extensive knowledge in Cisco Catalyst switches 6500, 3750 & 3550 series and knowledge in routing protocol OSPF, EIGRP, BGP with Access Control lists.
• Configure redundancy protocols HSRP Cisco device.
• Performed implementation and support of F5 Big-IP LTM devices for system load balancing.
• Created VIP and Pool members in the F5 LTM
• Terminated and renewed ssl certificate on https vip.
• Participated production roll out project for F5 LTM
• Deal with end users F5 related issue over the phone, email or IM
• Added, removed and modified FW rules once ticket get approve.
• Converting PIX rules over to the Cisco ASA solution.
• Provided Maintenance support to F5 load balancers. Created new or changed Irules based on the functionality of the company's application and business demands change.
• Coordinated with network team to troubleshot FW or network related issues.
• Establishing VPN Tunnels using IPSec encryption standards and also configuring and implementing site-to-site VPN, Remote VPN.
• Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning and configuring VLANs/routing/NATing with the firewalls as per the design.
• Knowledge in GLBP, VLAN Trunking 802.1Q, STP, Port security on Catalyst 6500 switches.
• Configuration and maintenance of PIX and ASA firewall systems.

Confidential, Denver, CO

Sr. Network Engineer

Responsibilities:

• Added, renamed or removed DNS A, CNAME record in the forward and reverse look up files. Validated DNS record by using nslookup.
• Build IPSec based Site to Site VPN tunnels with Business Partners and 3rd parties.
• Checkpoint on SPLAT and IP Appliance with packages including R65, R70, R71 and R75.
• Designing, configuring, implementing and troubleshooting (LAN) VLAN's, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
• Configuring VPN for site-site and remote access.
• Identified, determined communicated scope and limitations of testing.
• Interface with clients, work with vendors and Project managers to plan, design and deploy new LAN/WAN sites.
• Cisco 2924 switches, Cisco 5500 series Layer 3 switches, Cisco 7200 series routers, Cisco Pix firewall 500 series and Wireless Access points Cisco 1230.
• Setup, configure and manage Remote Access VPN (IPsec/SSL) with Cisco ASA 5550 to support over two thousand end-users.
• Assisted in troubleshooting complex WAN/LAN connectivity issues using various NM tools Fluke Netflow Tracker, Syslog server, Network Instruments GigaStore and WireShark protocol analyzer and recommended solution for better performance.
• Supporting project test teams in analyzing the bandwidth utilization.

Confidential, Buffalo, NY

Network Engineer

Responsibilities:

• Performed Layer I, II and III troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications.
• Implement secured Firewalls for IDC network with Multiple DMZ and 3rd party zones.
• Worked On Unix, Linux, Windows Platforms and also involved in capacity planning of Network Maintenance.
• Knowledge in redundancy on Cisco 2600, 2800 and 3600 router with HSRP.
• Managed network IP access via Dynamic Host Configuration Protocol (DHCP)
• Providing technical support on hardware and software related issues to remote production sites.
• Monitoring performance of network and servers to identify potential problems.
• Resolve Macbook Pro/Air VPN issues, Wi-Fi, printer, MS Office 2011 .
• Managed in AAA using Tacacs + and ACS server.
• Successfully completed office expansion project involving racking 6500 Cisco chassis, cyclides, IP camera, configure UPS with IP address .
• Set up Cisco Catalyst 3750 layer 3 Switch .
• Work with Help Desk for circuit troubleshooting to give Support to the Tech persons at the site.
• Support development team for the access to corporate network and outside world. Provide access to specific IP, Port filter and port access.
• Other responsibilities included documentation and support other teams.