- Around 6+ Years of experience in Designing, Implementing, Security and Troubleshooting Service Provider Network and Enterprise Network and Network administration, implementation, design, and troubleshooting Seeking a challenging and interesting opportunity in network engineering which enables me to maximize my technical and managerial skills.
- Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
- Strong hands - on experience on Palo Alto (5060, 3060), Checkpoint Firewall R77, juniper and Cisco ASA 5585 firewall and Cisco Firepower 2110, 4110 and 2130.
- Designed and configured the commands for QoS and Access lists for Nexus 7K and 5K.
- Expert working knowledge (including the ability to setup, configure, upgrade, manage and troubleshoot Cisco routers, switches, VPN concentrators, firewalls, 802.11 wireless access points and load balancers).
- Migrated firewall rules from Cisco ASA to Palo alto and Check Point Firewalls. Designing and Configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
- Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+& RADIUS)
- Worked on Load balancer F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Working knowledge in BGP, OSPF, EIGRP, RIP, IS-IS, HSRP, L2/3 VPNs in IOS, IOSXE, and IOS XR platforms.
- Strong experience on Juniper SSG series Firewalls and checkpoint R75,76 Firewalls
- Experience in configuration of Juniper security appliances SRX 220, SRX 240, SRX 550, NS 50, SSG 550M, SSG 520M.
- Provisioning and Tier 3 support for all Avaya sets that include 2400, 2500, 4600, 6300, 7400, 8400 and 9600 phone sets.
- Maintained Avaya server gateways, Modular Messaging, AES and CMS.
- Worked on Amazon AWS and Microsoft Azure could network services.
- Packets capture using bluecoat proxy and analysis the packets and communicating them with vendor for further investigation.
- Balancers, redundant Internet ISPs and dual MPLS clouds. Supported virtual cloud environment consisting of UCS and Vblock 10k/40k platforms
- Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70, R75, R77 and Cisco ASA.
- Responsible for check point, Cisco Firepower and Cisco ASA firewall administration across global networks.
- Hands on experience in configuring and supporting site-to-site and remote access Cisco, IPSec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
- Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration from Juniper Net screen SSG-550 to Palo alto 5000
- Experience in integrating identity federation with Cloud (SaaS) SAML based applications using F5 APM.
- Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
- Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
- Experience with all 7 layers of OSI.
- Expert in design, configuration and deployment of F5 Solutions with extensive experience working with APM and ASM technologies.
- Configuring rules and Maintaining Palo alto Firewalls & Analysis of firewall logs.
- Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
- Experience with Cisco UCS (Unified Computing System) and it helps storage access into a single unified system.
- Proficient with Cisco Routers and Switches such IOS, IOS-XR, NX-OS, and IOS-XE. experience on Code Upgrade for Cisco Routers including 7200, 3900, 2900, 881, 891 and Switches including 6500, 4500, Nexus 9K, Nexus 7k, Nexus 6k, Nexus 5k, Nexus 4k, ASR 9K, ASR 1K.
- Experience in configuring security technologies like IPsec VPN, DMVPN, VLAN's, policy-based routing.
- Implementation and maintained intrusion detection/ prevention (IDS/IPS) system to protect enterprise network and sensitive corporate data. For Fine-tuning of TCP and UDP enabled IDS/IPS signatures in Firewall.
- Hands-on experience with Cisco Nexus 7000, Nexus 5000 and Nexus 2000 platforms
Operating Systems: Cisco IOS, Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 Server, Windows XP/Windows 7/8, LINUX, UNIX, MS Exchange server, Solaris, Active Directory.
Equipment’s (Switches Routers): Cisco routers (7600, 7200, 3900, 3600, 2800, 2600,2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series, juniperSRX, MX, EX Series Routers and Switches.
Routing: OSPF, EIGRP, BGP, RIP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing.
Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing &Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging.
Firewalls: ASA 5500 series, Cisco firepower 2110,4110, checkpoint, Juniper Netscreen Firewall ISG100, 2000, SSG, SRX .
Load Balancer: ACE Module, GSS &F5 LTM
LAN Technology: Workgroup, Domain, HSRP, DNS, DHCP, Static, VLAN, STP, VTP, Ether Channel, Trunks.
WAN technology: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET.
Various Features &Services: HSRP, VRRP, GLBP, NAT, SNMP, SYSLOG, NTP, CDP, DNS, TFTP, FTP, IOS and Features, Management. Wireshark, IXIA chariot, Packet Sniffer, Packet Analyzer and Solar Winds Breaking Point, TCPDump, Python.
Wireless & Wi-Fi: Canopy Wireless Device (point to point/point to multipoint), DLink Wireless (point to point), DLink Access Point, CISCO 1200 series Access Point, and Linksys Wireless/Wi-Fi Router.
Confidential, Chicago, IL
Sr Network Engineer
- Design and implementation of Global monitoring and Alert system (SolarWinds)
- Configure Cisco 5508 Wireless LAN Controller and 3700 Series Access Points.
- Worked on ASA (5540/5550) Firewalls and firepower 2k and 4k. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
- Created and Designed Cisco ISE policy for iPad, tablet and mobile phone. Making sure the business and guest devices where working within Company’s wireless network.
- Integrating Panorama with Palo Alto fireballs, managing multiple Palo Alto fireballs using Panorama.
- Implementing and configuring F5 LTM's for VIP's and Virtual sewers as per application and business requirements. F5 configuration, installation, and monitoring with F5 APM.
- Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MST related issues coming in network environment
- Design, configure, and administer Juniper MX routers, SRX Firewalls, Cisco routers & switches.
- Responsible for all routing, switching, VPN, network security, and server load balancing.
- Using PBR with Route Maps for route manipulation/filtering. Troubleshooting routing issues like suboptimal routing and asymmetric routing
- Juniper Contrail SDN deployment assistance to the senior engineering team
- Configure all Palo alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Technology support for: Cisco ACI, NSX, Open Source solutions, AWS/Azure VPC, ATT Netbond, Arista VTEP & VxLAN, Hitachi UCP, and many more.
- Built an accruing network via MPLS circuits to split the trusted and un-trusted traffic via a Cisco ASR Router.
- Implemented antivirus and web filtering on Juniper SRX 240 at the web server
- Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture
- Implemented MPLS/VPLS, QOS, BGP, OSPF, VRF, IPSEC, L3VPN/ASA firewall configuration changes into Cisco 6500, 2800, switches/routers.
- Performed Avaya PBX cross connects and utilized Avaya System Administrator to issue user extensions.
- Have created lot of site to site IPSEC VPN tunnel with Checkpoint, Juniper Netscreen firewalls and Cisco PIX/ASA firewalls. Completed a project to update the patch HFA50 across all the firewall to overcome the bugs in the existing version of R65.
- Cisco ACI/SDN/NSX Multi-Tenancy Environment for Cloud using Cisco 9K and associated leaf switches both in ACI and NS-OX format.
- Installed VMware ESXi 4.0/5.0/5.5/6.0 and build VMs with Windows 7/8/2003/2008/2012 R2 OS and Centos/Linux 5, 6.0 OS .
- Added Palo alto's as TAP mode in the environment and provided the Layer 2 connectivity to them to perform IDS and IPS for Denver Community Credit Union. Also worked on upgrading the PAN-OSand schedule dynamic updates and subscriptions for the Palo alto devices.
- Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices using IKE pre-shared keys, 3DES and MD5.
- Experience with Cisco UCS to deploy applications faster. Also, to improve server performance by using Cisco UCS.
- Access control server configuration for RADIUS and TACACS+.
- Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
- Physically deployed new Cisco Nexus devices, Catalyst and Nexus replacement blades, FWSMs, Cisco ASAs, Citrix Netscaler MPX.
- Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway with other vendor security appliances devices.
- Construct DellEMC EHC Private Cloud with VMware NSX SDN globally in four regions; integrate into current DC environment.
- Experience with OSI model to communicate end to end connectivity.
- Also experience with TCP/IP model which is generalized form of OSI model.
- Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K, 2k and its downstream devices.
- Understand the JUNOS platform and worked with IOS upgrade of Juniper devices
- Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
- Implement changes on switches, routers, load balancers (F5 and Brocade), wireless devices as per engineer’s instructions and troubleshooting any related issues .
- Involved in upgrades to the WAN network from existing 7200vxr with ASR 1004 and 3845/3945 routers.
- Deploying BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application
Environment: Cisco 2948,3560,3750,3550,2960,6500 switches and Cisco 3640,1200,7200,3845,3600,2800 routers. Cisco Nexus 9K/7K/5K/2K, Cisco ASA 5500, ASA 5520, 5545-X, ASR 9K, F5 BIGIP LTM, APM, EM and GTM Series, Aruba Wireless Controllers (3200, 3400, 3600, 6000) and AP (60, 65, 70, 124, 125, 175), Cisco Prime Networks. Cisco AIRONET 1200 AG Series, Voice gateway MP-VG-124, LAN, WAN, Cisco IOS, Palo Alto PA-500, PA-2k, PA-3k & PA-5k series, Checkpoint R65/R70/R75/R77. Juniper EX2200, EX3300, EX4200, EX4550 and EX4300 series switches and Virtual MX(VMS) MX5, MX 10, MX40, MX240, MX 480, MX960 and MX 2020, SRX220, SRX240 firewalls.
Confidential, Herndon, VA
Network Security Engineer
- Designing and deploying various network security & High availability products like Cisco ASA and Checkpoint Firewall products
- Monitor and Manage Network activities from Network Management tool HP Open view.
- Designed, implemented and maintained WAN technologies like DWDM, MPLS, VPLS and tunneling technologies like L2VPN, Psuedowire, IPsec, SSL, AnyConnect.
- Configuring VPN, clustering and ISP redundancy in Checkpoint firewall
- Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls
- Configuration of Cisco (IOS, IOS XE, and NXOS), Juniper, Palo alto, and F5 Network hardware.
- Configuring, upgrading and verifying the NX-OS operation system.
- Integration of Open Contrail Controller with OpenStack Controller and Open Contrail router with Compute Node
- Worked extensively in Configuring, Monitoring and Troubleshooting Juniper security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
- Experience in configuring, upgrading and verifying the NX-OS operating system.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
- Performed troubleshooting and management of OSPF and BGP protocols on routers.
- Conducted network Packet Analysis using a variety of tools such as Wireshark, Net witness Investigator, Splunk, Bro, FireEye, McAfee, Mandiant MIR, and ArcSight.
- Deployed Nexus switches 2248, 5548, 7018 and implemented features like FEX Links, VPC, VRF, VDC, and OTV, Fabric Path.
- Implemented site to site IPSec VPN solution between our Corporate Office and the Datacenters, POPs, AWS cloud network to facilitate remote IT administration purposes.
- Configuring VMware and managing and maintenance of VMs (virtual server) and Server Virtualization using VMware vSphere, Microsoft Hyper-V.
- Working knowledge on LAN virtualization by VMware NSX and good understanding on vSphere and Citrix Xenserver.
- Developed CTI solution to integrate Avaya AES 4.2.
- Supporting customers with the configuration and maintenance of PIX and ASA firewall systems.
- Used F-5Load balancers to increase capacity (concurrent users) and reliability of applications.
- Deployed and maintained routing protocols such as OSPF, EIGRP, BGP, GRE, MPLS/VPN, HSRP and static routes on Cisco routers and switches and Juniper routers
- Responsible for troubleshooting complex networking issues in service provider MPLS & internet IP addresses and AS numbers for COLT and customers
- Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
- Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
- Configuring various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
- Implementing security Solutions using Palo Alto PA 5000, Check Point Firewalls R75, R77.20 Gaia and Provider-1/MDM.
- Involved in designing and implementation of AWS network and connectivity b/w physical and AWS DC
- Deployed the Nexus 7000/5000/2000 architecture into production securing competitive advantage across multiple verticals.
- Converting CatOS to Cisco IOS Config Conversion on distribution layer switches.
- Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to Get VPN.
- Worked closely with RIR (Regional Internet Registry) to procure PI (Provider Independent) and PA
- Experience with converting check points VPN rules over to the Cisco ASA Solution. Migration with Cisco ASA VPN experience.
Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 6500 switches and Cisco 3640 /12000 /7200/ 3845/3600/2800 routers, Cisco Nexus 9K/7K/5K/2K, JUNIPER, Cisco ASA 500, F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, lSDN, WAN, VPN, HSRP, ASM, APM., PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, Fortigate, Cisco CSM, ACL-Access Control List, IPS/IDS, NAT, PAT, Cisco ACS, Filtering, Load Balancing using f5 and Cisco ace, DMZ Setup, CBAC, IOS Firewall features, IOS Setup and Security features.
- Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
- Configure and install various network devices and services (e.g., routers, switches, firewalls, load balancers, VPN, QoS) configuring & management of VLANS, 802.1q trunks, VTP, security policies
- Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches worked with ARISTA switches like 7100, 7500 for cloud computing, datacenter and low latency networks
- Member of application Networking team focused on Network Performance Prediction, WAN optimization
- Implementing and maintaining Network Management tools (OPAS, Solar Winds, Cisco Works)
- Enable STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed
- IOS upgrade in Nexus 7010 through ISSU (In service Software Upgrade)
- Apache Web Server & MRTG, BIND DNS Server configuration and optimization over UNIX and Active directory implementation of Windows 2003 Server.
- Designed and implemented a redundant WAN solution to interface existing platform in AWS to both the datacenters in US using AWS Direct Connect and BGP to provide high availability to the customers.
- Scanning and Adding LUNS whenever Storage team assigned to UNIX server.
- Work in Unix environment, verification of Logs using Unix commands, working on Putty.
- Had a chance to troubleshoot various application issues with respect to F5.
- Have hands on exp on AWS services like EC2, Database, VPC, Route 53, Access Group, IAM, Direct Connect.
- Performed Port channeling and LACP between downstream devices for vPC configuration.
- Performed administrative support for RIP, OSPF routing protocol.
- Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
- Upgrading and investigating Cisco IOS to the Cisco router and switches.
- Configured the Cisco router as IP Firewall and firepower and for NATting, switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches
- Configured Access-lists, Distribution-lists, Offset-lists and Route Redistribution.
- Supported multi area OSPF implementations.
- Involved in configuration of OSPF Summarization (Summarizing internal and external routes).
- Scalability of OSPF by Filtering of Intra, Inter and External OSPF routes
- Used various BGP Attributes and various Route-filters such as named Access-lists, Prefix lists, Route-maps to permit or deny routes and to change various attribute
- Experienced in implementation and troubleshooting knowledge of protocols and technologies, especially in the following: BGP4, OSPF, IPv4, and Ethernet.
- Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications
- Maintained redundancy on Cisco 2600, 2800, and 3600 routers with HSRP
Environment: Cisco 3550/4500/6500 switches, Cisco 2900/3900/6500/7500/7200 routers, F5Load Balancer, ASA, VOIP, IP Phone, OSPF, BGP, RIP, EIGRP, LAN, WAN, CISCO IOS, Palo Alto firewall.
- IOS upgrades on Catalyst 1900, 2900, 3500 series switches and 2500, 2600, 3600 series routers.
- Racking, stacking, and cabling network-based, IT systems.
- Configuration of Access List ACL (Std., Ext, Named) to allow users all over the company to access different applications and blocking others.
- Configuring of IP Allocation and sub netting for all applications and servers and other needs throughout company using FLSM, VLSM addressing.
- Troubleshot the issues related to routing protocols.
- Perform routine network maintenance checks as well as configure and manage printers, copiers, and other miscellaneous network equipment.
- Installing operating systems, software and hardware on computers.
- Responsible for Data Backup, System Update, Recovery and Restore, and Spyware removal.
- Assisting Junior and Senior Engineers, on-site management of cable-wiring technicians
- Troubleshot problems on a day to day basis and documented every issue to share it with design teams.
Environment: TCP/IP, Racking, Stacking, VLSM, IP addressing, Sub netting, Routing Protocols