SUMMARY:

• CCNA, CCNP, PCNSE Certified Sr. Network Security professional with total 8+ years of extensive experience in Implementing, Configuration, Migrating, Optimization, Troubleshooting, Upgrading, Testing and Documenting of Cisco, Juniper Router and Switches, ASA, Palo Alto Firewall, F5 load Balancer and P2P Wireless, all in challenging and demanding (ISP Wired and Wireless)Telecommunications and Enterprise Network environments.
• Strong and extensive experience with routing protocols (EIGRP, OSPF, BGP, IS - IS), HSRP, VRRP, GLBP for Redundancy and L2/L3 Switching (VLANS, Private Vlan, VTP. Trunking, STP, RSTP, MSTP, EtherChannel (LaGP, PaGP), VSS and VPC
• Experience in implementation, troubleshooting and resolving issues related to of DMVPN, IPSEC VPN, MPLS, QoS and Multicast.
• Experiences and Knowledge of large scale Internet Service Provider and hands-on experience in IOS, IOS-XE, IOS XR
• Extensive work experiences in planning, installing, migrating,, Upgrading configuring, and troubleshooting of Cisco Routers (ASR s, 7600, 7200), Cisco L2/L3 Switches (2800, 3500, 3600, 3700,3850, 4000, 6500 series.), Nexus 5000, 7000, Juniper MX960, MX480
• Extensively worked with Implemented and configured of Network Security devices such as Cisco ASA . Palo Alto and Cisco FTD Firewall and IP Manager (Infoblox) and Security Device Manager (SDM) and centralized management system to manage large scale firewall deployments.
• Design and configuring of OSPF, BGP ON Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550)
• Proficient in Configuring Virtual Local Area Networks (VLANS) using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trucking using 802.1Q.
• Initiated VPC Peering Connections for those VPCs authorized to talk amongst each other.
• Via AWS Direct Connect we're in the process of extending our Data Center to the AWS VPC Cloud.
• Experience in implementation of dynamic multipoint virtual private network (DMVPN) and support and resolutions to network issues, troubleshoot and resolve issues related to DMVPM.
• Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general trouble shooting of the F5 load balancers.
• Worked extensively on Data Center Palo Alto firewalls and F5 BIG-IP LTM.
• Worked on F5 LTM, GTM series like 6400, 8800 for the corporate applications and their availability.
• Experience with Cisco ASA/Checkpoint/Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Managerial experience for Build Domain Controllers, Member Servers, Disaster recovery, networking protocols, including TCP/IP, HTTP, NTP, DNS, M LLP and NDM to support Enterprise Solutions.
• Good working experience with Aruba controller configuration.
• Working Knowledge of SD-WAN technologies Such as Meraki, OpenStack and Silverpeak.
• Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP) etc.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and PBR with Route Maps and route manipulation using Offset-list.
• Monitored bandwidth and network activity by analyzing information provided by Solar winds Orion, Zabbix, Wireshark.
• Experiences in building MOPs (Method of Procedures) for deploying and implementing Core, Upgrading, Migration and Troubleshooting the complex network in Enterprise and ISP.
• Handled escalations and resolved technical issues according to SLA.
• Hands on in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
• Using Knowledge of OSI Models to troubleshoot network issues.

TECHNICAL SKILLS:

Cisco router platforms: 1900, 2500, 2600,2800, 2900, 3600, 3700, 3800, 3900, 7200, 7600, 7609, Cisco L2 & L3, Juniper routers (M7i, M10i, M320)

Cisco Switch platforms: 2900XL, 2950, 2960, 3560, 3750, 4500, 4900, 6500), Nexus (2248, 5548 &7010)

Firewalls & Load Balancers: Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800, Juniper Netscreen 6500, 6000, 5400. Juniper SSG Firewalls, Palo Alto PA- 2000/3000/4000/5000, F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810

WAN Technologies: FRAME RELAY, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, FDDI, 802.1x, Cisco Secure Access Control Server (ACS) for TACACS+/Radius

Routing Protocols: RIP, EIGRP, OSPF & BGP, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching Protocols: VTP, STP, RSTP, MSTP, VLANs, PAgP, and LACP

Network management: SNMP, Cisco Works LMS, HP OpenView, Solar winds, Ethereal

Software: Microsoft Office Suite, Windows Server 2008, 2012 R2, HTML

Language: Python, Perl and Shell scripting

PROFESSIONAL EXPERIENCE:

Confidential, San Diego, CA

Sr. Network Engineer

Responsibilities:

• Implementing security Solutions using PaloAlto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
• Deploy, configure, and support Aruba wireless controller and AP devices globally, also a direct escalation path for all wireless issues.
• Enterprise and Public Safety Wireless LAN/WAN (802.11, Mesh).
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Experienced provisioning SD-WAN service as automated failover solution for MPLS VPN by Cisco Meraki MX 80 Firewall.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Exposure to design and implementation experience primarily on Cisco WSA proxy.
• Configuration and Maintenance of Cisco ASA, ASA 5540, ASA 5520, ASA 5510 series firewalls.
• Created multiple Virtual Public & Private Clouds (VPC) within the AWS domain.
• Configure Syslog server in the network for capturing and logs from firewalls.
• Building and configuring of EC2 instance on AWS cloud platform, Configuration of Elastic Load Balancer (ELB) for traffic control for the EC2 and S3.
• Provided tier 3 support for CheckPoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
• Experience configuring and managing Cisco Web Security Appliance (WSA) in an enterprise environment
• Experience with data center migration to AWS cloud.
• AWS Cloud management to manage the servers migrated to AWS cloud.
• Worked to create Direct Connect VPN Connections from AWS back to the physical Data Center for data exchanges or migrations.
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.
• F5 BigIP iRules programming and troubleshooting.
• Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Worked with protocols such as Frame Relay, IEEE 802.11 and VLAN, OSPF and BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP and TELNET.
• Configure and Monitor Cisco Sourcefire IPS for alerts.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Worked on VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
• Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.
• Strong understanding of Cisco networking technologies: ASA, IPS, WSA, ACS, VPN.

Confidential - Loveland, CO

Network Security Engineer - L3

Responsibilities:

• Daily technical hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Implemented configuration back-ups using WinSCP, cyber fusion to automate the back-up systems with the help of public and private keys.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Demonstrated understanding of network security concepts and systems including F5, WSA, Palo Alto, ASA
• Deployed and managed Cisco Meraki products SD-WAN including Cisco Meraki Security Appliances (MX25, MX450, MX400, MX600 and MX100), Cisco Meraki switches and Cisco Meraki Wireless Aps (MR84, MR74, MR52).
• Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
• Managing & administering Cisco WSA.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series
• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Deep understanding of IDS/IPS such as Sourcefire and Foresight.
• Implementing Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM.
• Juniper Firewall Policy management using NSM and Screen OS CLI.
• Monitoring, Troubleshooting and Configure DMVPN, MPLS, MPLS-TE and VPLS
• Installing, configuring, maintaining, proactively monitoring, and repairing all network equipment consisting of, but not limited to Cisco routers and switches.
• Developed documentation on standards(MOP) and troubleshooting processes to improve overall efficiency and productivity of network operations personnel.
• Managing Cambium Fixed point to point Backhauls, Microwave, Point to multipoint APs, (ePMP), Wireless bridges, Wireless mesh, and WiMax networks allow secure and reliable access to high-speed data, voice and video services.
• Expertise in utilizing Spectrum Analyzer, Site Master, Power Meter, Power Monitor, Signal Chart Recorder, Oscilloscope, Protocol Analyzer, RF Radiation Analyzer (RADMAN) & Computer Management/Applications.
• Collaboration with equipment venders for system improvement and Strategic joint project member as NOC liaison.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Running vulnerability scan reports using Nessus tool.
• Cisco ASA security appliances including Sourcefire, Fire POWER services and Fire Sight Management Console.
• Review the client's Palo Alto configuration and map it to Cisco Fire power 9300 features
• Use configuration text files and screen shots with eventual access into the Palo Alto firewall to map objects, firewall rules, and NAT configuration to the Cisco world
• Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including crypto map, encryption domain, PSK etc.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to primary, remote site offices and VPN client users
• Editing and Changing Palo Alto Polices and Monitoring threats on firewalls.
• Analyzed traffic pattern and implemented URL filtering using the Palo Alto Firewall
• Experience with deployment of Palo Alto firewalls for different NAT, video conferencing traffic
• Troubleshooting and configuring Palo Alto FW's 3060,3020 & 5060
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.

Confidential - Dillingham, AK

Network Engineer

Responsibilities:

• Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• Worked on Check Point Security Gateways and Cisco ASA Firewall.
• Firewall Clustering and High Availability Services using Cluster XL on Check Point.
• Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
• Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
• Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
• Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
• Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
• Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time.
• Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building Fortigate High Availability using Fortigate Clustering Protocol (FGCP).
• Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Documentation and Project Management along with drawing network diagrams using MSVISIO.

Confidential

Network Engineer

Responsibilities:

• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Implementing Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM.
• Juniper Firewall Policy management using NSM and Screen OS CLI.
• Daily technical hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Deployed Next-Generation Firewall ASA-X, SonicWALL, Palo Alto and Fortinet.
• Creating and provisioning Juniper SRX firewall policies.
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
• Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Experience on ASA firewall upgrades to 9.x.
• Solved problems on case-by-case basis with deep understanding of networking/firewall concepts, particularly with Fortinet devices.
• Assisted with migrations from CISCO to Fortinet Security platform.
• Configuring/Managing Intrusion Prevention System (IPS): Cisco lPS / Fortinet & Checkpoint UTM.
• Configured Panorama web-based management for multiple firewalls.
• Worked on configuration, maintenance and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Use Tools such as SKYBOX for Firewall Policy optimization and rule base Clean up.
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Involved in Upgrading bluecoat proxy servers from SG s to SG B.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Performed Fortinet Firewall OS upgrades via Fortinet Manager.
• Support Data Center Migration Project involving physical re-locations.24 x7 on call support.

Confidential

Network System Engineer

Responsibilities:

• Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• As part of Security and network operations team I was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
• Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
• Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
• Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.
• Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
• Administer and support Cisco based Routing and switching environment.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.