SUMMARY:

• 8 years of experience in Configuring, Implementing and Troubleshooting routers, switches and complex network designs.
• Strong hands on experience in installing(rack and stack), configuring, CSM and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500, 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950, 3500XL series switches.
• Familiar with Cisco Security Telnet, SDM, NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cisco (ASA, PIX) 5510, Cryptography, Checkpoint, VPN, IPsec.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, ISL/ 802.1q, Ether channel, Port Security, STP, RSTP and MST.
• In depth understanding of IPV4 and implementation of Subnetting.
• Well Experienced in configuring protocols RIP, OSPF, EIGRP, BGP, HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
• Experienced in DNS, DHCP, SMTP, FTP, HTTPS and web security architecture.
• Proficient in Cisco IDS/IPS, Cisco PIX 525,535, ASA 5520, 5540, 5550, Checkpoint NGX R65, R70,R75, R77 Gaia, VSX, Provider - 1/MDM/MDS, SPLAT, Nokia IPSO, Juniper Netscreen Firewall, Juniper SRX, Snort IDS, Syslog analysis and Windows/Linux/Unix Security configurations.
• Expertise in Cisco ACS and Cisco ISE Authentication, Authorization and Accounting Protocols. Expert Hands On Experience in Cisco ACS & Cisco ISE for 802.1x, AAA Configurations.
• Proficient in Manage and maintain Check Point VPN-1 firewall, strong abilities in installation and configuration of Check Point security Gateway, SmartConsole and SmartCenter server
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.
• Configure and managing Wireless NAC.
• Network Monitoring using SNMP and other management tools such as SPLUNK, IBM Qradar, wireshark, Tufin, Algosec, Solarwinds, Remedy, Service Now, HSPM, HP NAS and Cyber Ark.
• Involved in troubleshooting network traffic and its diagnosis using tools like wire shark, TCP dump and Linux operating system servers.
• Experience in testing Cisco routers and switches in laboratory scenarios and then deploy them on site for production.
• Excellent communication skills, Enthusiastic, motivated and a team player
• A highly organized individual who adopts a systematic approach to problem solving, effectively analyzes results and implements solutions
• Hands on experience working with Cisco Nexus 7K, 5K & 2K Switches.
• Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP

PROFESSIONAL EXPERIENCE:

Confidential, Baltimore, MD

Network Security Engineer

Responsibilities:

• Worked extensively on firewalls and VPN gateways Checkpoint, CISCO ASA and Palo Alto.
• Adding security policies and security rules on checkpoint, Palo Alto and ASA firewall.
• Knowledge of PAN-OS 5.0 to 6.0
• Configuration, Troubleshooting and Maintenance of Checkpoint Firewalls (20 firewalls) - IP395 and IP560.
• Knowledge on Checkpoint- management and logging server R75, R77 Gaia OS.
• Experience on Checkpoint firewalls with R65, R70, R75, and R76 version IPSO 6.2 OS.
• Hands-on experience on Cisco ASA Firewalls - ASA 5550.
• Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
• Troubleshooting the VPN tunnels by analyzing the debug logs and syslogs.
• Firewall Policy Optimization using third party tool Tufin.
• Network change automation workflows using Tufin software.
• Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
• Hands On experience in push Policy from Panorama to Firewall in Palo Alto.
• Knowledge of modifying and maintaining the Bluecoat Proxy Pac file.
• Worked on Cisco ISE 3300 series -wireless access and sponsor portal.
• Planning, designing and Configuration of various Policy Configurations, Profile Authorizations, End device Profiling, User Identities, Cisco ISE and AD mapping with various attributes and levels of authorizations and Network Access.
• Knowledge of ISE version 1.2.0.
• Maintenance of Cisco ACS server - Authenticating, Authorization and Accounting for several Network Devices in the environment. Versions 4.2 to 5.2
• Managed LAN & WAN and Bluecoat proxy servers.
• Black listing and White listing of web URL on BlueCoat Proxy servers.
• Adding Websites to the URL filtering block list in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
• Detailed technical understanding, manage and support of multicast, QoS, NAT, routing protocols (EIGRP, OSPF, and BGP) in an enterprise environment.
• Responsible for Security Devices configuration backup and software updates/bug fixes.
• Ticket management on Service-Now and Change request process.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960, 6500 switches and Cisco 3640/12000/7200/ 3845/3600/2800 routers, Cisco Nexus 7K/5K, Cisco ASA 500, Checkpoint, windows server 2003/2008: F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP

Confidential, Irving, TX

Network Security Engineer

Responsibilities:-

• Providing support, configuration and maintenance of Checkpoint Firewall R71, R75 on SPLAT Platform.
• Implemented and troubleshooting the Virtual firewalls (Contexts) solutions in ASA, Configuring access-list on CISCO ASA Firewall.
• Worked on the migration of Juniper SSG firewalls to SRX firewalls.
• Configure juniper routers/firewalls (M and SRX) - setup authentication, IPsec VPNs, NTP, SNMP, DHCP helper, RADIUS, and firewall filters.
• Implementing NAT technologies on CISCO ASA Firewall and Checkpoint firewalls.
• I worked with the different models Cisco ASA, checkpoint and Juniper ScreenOS and JunOS firewall devices on a daily basis.
• Responsible by controlling the Network and security device login by using the Cisco ACS server with RADIUS and TACACS+ protocol.
• Worked on Firewall optimization tool Firemon in analyzing unused rules and optimizing firewall policies.
• Adding security rules and pushing the security policy on Checkpoint firewalls using smart dashboard.
• Using SmartUpdate, User Management and Authentication in Checkpoint Firewalls.
• Migrations included and not limited to Cisco to Cisco and Cisco to Checkpoint and Checkpoint to Checkpoint
• Monitoring Traffic and Connections in Checkpoint and ASA Firewalls.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design
• Configured redundant interfaces, DHCP server, DHCP relay, ntp settings, and sub interfaces on firewalls
• Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
• Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
• Adding Websites to blocked list on the bluecoat proxies based upon business requirements.
• Experience supporting load-balancer solutions with F5, Cisco Ace or Citrix NetScaler.
• Configure Cisco IPsec VPN clients to have enterprise VPN connectivity and also troubleshoot issues with Cisco VPN client connectivity issues.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960, 6500 switches and Cisco 3640/12000/7200/ 3845/3600/2800 routers, Cisco ASA 500, Cisco ISE, Checkpoint, Juniper SRX/M series, Splunk, SIEM, Firemon, Infoblox, F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP

Confidential

Network Engineer

Responsibilities:

• Duties included monitoring network performance using various network tools to ensure the availability, integrity and confidentiality of application and equipment and to provide support for Cisco network infrastructure.
• Installed and configured Cisco ASR 1000, 4000-X, 3845, 3945and 2911series routers and Cisco 2960, 3750, 4500, 4948, 6500 Series switches.
• Configured network using routing protocols such as EIGRP, OSPF and BGP along with troubleshooting L2/L3 issues.
• Experience configuring VDC (Virtual Device Context) in Nexus 7000 series and VPC (Virtual Port Channel) in Cisco Nexus 5K’s.
• Responsible for Configuring SITE TO SITE VPN on Cisco ASA 5500 series firewall between Client and Vendors.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Designed and installed new Branch network systems. Resolved network issues, ran test scripts and prepared network documentation.
• Designed and Implemented Cisco ASA5550 firewall’s interfaces with FTP, DNS, HTTP servers on DMZ with different security levels.
• Implemented and maintained Big-IP F5 load balancing solution across multiple datacenters.
• Management tools, SNMP, Sniffer, and Wireshark.
• Provided on call supports 24/7 and worked in NOC (Network operations center) involving in management team.

Environment: Cisco Routers ASR1002X/ 3945/3845/2800/3600, Load Balancer (BIG-IP), Cisco ASA Firewalls, STP, VLAN, VTP, VPN, NAT, OSPF, BGP, EIGRP

Confidential

Jr. Network Engineer

Responsibilities:

• Provided Level 1 Support for Broadband Connection to Virgin Media customer
• Worked As a Technical Support Executive under Virgin Media.
• Received inbound calls of technical nature, independently resolved customer complaints, concerns and inquiries regarding their Internet connection.
• Managed LAN and Wireless Network and performed troubleshooting On LAN, WLAN, Customer Modems (NTL 250, TERAYON, and MOTOROLA) And CPE Router (Cisco-Linksys, Belkin, D-LINK and Dynamode).
• Set up Home Network and provided troubleshooting and full support on virgin- media security Software (PC-guard).
• Implemented IP Telephony and Cisco VOIP 7960 phone systems in the company
• Troubleshoot a wide range of technical support issues and connectivity problems such as authentication, connection speed, e-mail configuration, and loss of synchronization.
• Experience in new employee mentoring, training and coaching.

Environment: LAN, WAN, Subnetting, VLAN, VTP, VPN, NAT, OSPF, BGP, EIGRP