SUMMARY:

• Network Engineer & Security Analyst with 8+ years of working experience in Network Infrastructure, Security which includes designing, deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols, routing, switching, configuring, implementation, troubleshooting of complex networking system.
• Working experiences with Routers, Switches, Load Balancers, Firewalls and Proxies.
• Excellent hands on experience in configuring Cisco Nexus 2248T, 2224T, 5548P, 5596T, 6000, 7010, 7018, 7710 switches. Also, implemented VDC and VPC on the Nexus 5505, 7010, 7710 switches.
• Hands on experience in performing various configurations on Access, Distribution and Core layer switches like Cisco Catalyst 2960, 3750, 4507, 4010, 6506, 6509 switches.
• Hands - on experience in implementing and troubleshooting Switch technologies such as STP, VTP, 802.1q, VLAN and MPLS.
• Experienced in configuring, deploying, maintaining, and troubleshooting of routing protocols like RIP, OSPF, EIGRP and BGP on Cisco 1800, 2600, 3600, 7200 and 7600 routers. And also performed Policy based routing.
• Proficient in configuring and troubleshooting route Re-distribution between Static, RIP, EIGRP, OSPF, and BGP protocols and also in Route Manipulation.
• Expert level knowledge on IP Addressing, Subnetting, VLSM, OSI model, TCP/IP model .
• Using IP Address Manager ( IPAM ) provides a centralized management of the IP address space, including IPv4 and IPv6 Address Management .
• Proficient in implementing first hop redundancy protocols like HSRP, VRRP, and GLBP.
• Understand the JUNOS platform and worked with IOS upgrade of Juniper devices
• Hands-on experience in creating security zones and security policies on branch Juniper SRX 240 and SRX 100 firewalls.
• Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
• Proficient in implementing Security policies like NAT, PAT & Access lists.
• Hands-on experience in deploying Frame-relay, GRE tunnels, Remote Access VPN and Site-to-Site VPN.
• Expert in configuring and implementing proxy servers and Authorization, Authentication & Accounting (RADIUS, TACACS+).
• Experiences with Cisco Nexus Fabric Extender (FEX) (222, 2248)
• Experience in design, Deploying & Troubleshooting F5 Load Balancer Includes BIGIP Series 5050V, 10000V, 8900, 6900, and 3900.
• Hands on Experience in configuring F5 objects, components and provisioning various modules like LTM, GTM, ASM, APM
• Experience in dealing with iRules, TMSH CLI which includes TMOS 10.2.4V - 11.6.0V and various troubleshooting tools like QKview, IQdump and iHealth diagnostic tool
• Experiences in Deploying & Troubleshooting policy management on Web Proxies.
• Experiences dealing with OS upgrading/Patching for various vendors like F5 (TMOS), CISCO (IOS, NX-OS), PANOS, JUNOS, Web sense, Bluecoat.
• Experience in administration and designing web proxies which includes Bluecoat.
• Experience in dealing with centralized management tool for rule based policy like Solsoft.
• Experience with MacAfee and Splunk SIEM tools for log analysis and threat management analysis
• Experience in design, installation, configuration, maintenance, migration and administration of Check Point Firewall R55 up to R77.
• Installed SolarWinds NPM, NCM, NTA, and IPAM to implement proper network monitoring and notifications
• Experience in Policy based filtering using Palo Alto Firewalls.
• Experience working with Palo Alto GUI Panorama.
• Experience in migrating Check point to the Cisco ASA Devices. Also, migrating from Cisco to Palo Alto.
• Extensively used the packet capture tools like TCP dump, Wireshark and snoop on the devices to identify the potential network issues.
• Proficient in using Network Management Application layer software’s like SNMP, Solar winds, NTP and Syslog.
• Proficient in using MS Visio for documentation purposes.
• Hands on experience in configuring VoIP phones using asterisk.

TECHNICAL SKILLS:

Cisco Switches: Nexus 7K, 5K, 2K & 1K & Cisco Catalyst switches (6500, 4900,4507, 3850,3750, 3500, 2900series).

Routers: Cisco ASR 1002,1004; ISR 2911,2951,3925; Cisco 2600, 2900, 3600, 3900, 7200 and 7600 series

Infrastructure services: DHCP, DNS, SMTP, FTP, TFTP

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- Channel, VLANS, VTP, STP, RSTP, 802.1Q, SVI

Routing Protocols: RIP, IGRP, EIGRP, OSPF, BGP, HSRP, VRRP, & GLBP.

WAN technologies: Frame Relay, ATM, MPLS, leased lines & exposure to PPP, T1 /T3 & SONET.

Firewall Technologies: Cisco ASA 5580 series, PANOOS 2020, Juniper SRX, Palo Alto, Checkpoint.

NAT/PAT:, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, Load Balancing, IDS/IPS, SSL, IPSEC, IKE, Static, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)

Network Management: SNMP & knowledge on Cisco Works, Ethereal.

Platforms: Cisco IOS (11.x, 12.x), LINUX, Nexus OS, Windows XP.

Documentation: MS Office, MS Visio

F5 BIG: IP LTM.

PROFESSIONAL EXPERIENCE:

Confidential, Mason, OH

Sr. Network Engineer

Responsibilities:

• Configured, implemented and monitored a large WAN/LAN enterprise network that in corporate over 20 agencies.
• Part of Network Operations team that maintain a network of 35000+ employees with in Orange County California
• Support over 2000 network devices with the county of Orange including switches, routers and ISP connections
• Cisco device lists: Switch- 3850,4507. VG- 202XM,204XM, 224, 310. Routers- 1002X,1004, ISR 2911,2951,3925 configured, installed and implemented
• Daily responsibilities included monitoring network connectivity, administration of the remote location, involved in troubleshooting IP addressing issues.
• Installation and Configuration of Cisco Switches, Cisco Routers and Cisco Firewalls.
• Designing IP addressing schemes, VLAN tables and Switch port assignments and Ether-channel implementation.
• Implementation of HSRP and GLBP Routing Redundancy protocols on L3 Switches.
• Configuring and troubleshooting OSPF and EIGRP. Configuring route redistribution between OSPF and EIGRP in a multi-area OSPF network.
• Performing troubleshooting on slow network connectivity issues, Routing issues involved OSPF, EIGRP and identifying the root cause of the issues.
• Configured of LAN/WAN/WLAN links using ATM, Frame Relay, PPP, HDLC, IEEE 802.1q, VLAN, NAT, DHCP, 802.1Q-in-Q protocols and cross connections
• Setup and maintained of Virtual Local Area Networks (VLANS) using Cisco routers and multilayer Switches and supporting STP, RSTP, PVST, RPVST along with troubleshooting of inter VLAN routing and VLAN trunking using 802.1q
• Knowledge of MP-BGP and MPLS LDP protocols
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling
• Worked with network monitoring tools SevOne and Infoblox
• Extended end to end network support on L2 and L3 switches.
• Network Redesign for Small Office/Campus Locations. That included changes to both the voice and data environment.
• Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
• Installation, configuration and troubleshooting of Checkpoint (5000, 4400, 1400 series with GAIA OS) and ASA Firewalls.
• Hands on experience with SmartDashboard, SmartTracker, SmartUpdate, SmartLog applications.
• Created rules and monitor Checkpoint firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Created and implemented firewall policy to allow/block services on specific TCP/UDP ports in production firewall.
• Security infrastructure engineering experience as well as a Microsoft Windows, Juniper firewalls, Palo Alto firewalls, Juniper Intrusion Prevention devices, and wireless switch security management.
• Administering and evaluating firewall access control requests to ensure that these requests are compliant with the client's security standards and policies.
• Configuration and support of Juniper NetScreen firewalls and Palo Alto firewalls.
• Successfully installed Palo Alto PA-3060 firewall then configured and troubleshot using CLI and worked with Panorama management tool to manage all Palo Alto firewall and network from a central location.
• Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
• Administer Palo Alto Firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
• Configuring rules and Maintaining Palo Alto Firewalls& Analysis of firewall logs.
• Maintaining Checkpoint security policies including NAT, VPN, and Secure Remote access, Configuring IPsec VPN (Site-Site to Remote Access) on SRX series firewalls.
• Configuring Juniper NetScreen Firewall Policies between secure zones using Network Security Manager (NSM).
• The configuration of Palo Alto Next-Generation Firewall mainly creating security profiles and VSYS according to client topology.
• Configuration and installation of Palo Alto Networks 5050 application firewalls (NGFW).
• Expertise in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering.
• Act as first point of contact to diagnose an issue and drive it to closure Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP. worked with Nexus 7010, 5020, 2148, 2248 devices.
• Implemented changes in configuration as per task assigned within scheduled change window and ensure backups of device before and after the change.
• Co-ordinates with Vendors to replace the faulty hardware like power supply, fans, modules, cables, sfp, access points & laps.
• Identify any design issues in the existing setup and co-ordinate with design team in order to get that rectified.
• Conducting knowledge transfer sessions and training the team members.
• Mentoring newly joined engineer with the processes and involved proactively in preparation and sending Daily Reports, Weekly Reports and Monthly Reports to the supervisor.

Environment: ASR 1002, ASR 1004, ISR 2951,2911,3925; VG 310,204;Cisco ASA 5540, 5545,Cisco Nexus7k,5k; Cisco Catalyst switches 6500, 4500, 2950; Routing Protocols OSPF, BGP; STP, VTP, VLAN, VPC ; VPN, MPLS, HSRP, GLBP, Big-IP F5 Load Balancer, MS Visio, Checkpoint, Cisco ASA, ASDM, Infoblox, SevOne, ServiceNow.

Confidential, West Chester, OH

Sr. Network Engineer

Responsibilities:

• Performing troubleshooting on slow network connectivity issues, and Performance on F5 and Cisco ASA Firewalls.
• Deploying and decommissioning Cisco switches/Firewalls and their respective software upgrades.
• Hands on experience in Installing and Configuring Palo Alto PA-3060 Firewalls to protect Data Center.
• Implemented Positive Enforcement Model with the help of Palo Alto networks
• Configure outbound web flow policies on Palo Alto devices
• Implemented Palo Alto solution for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
• Hands on experience in Configuring VPN, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
• Maintained TACACS+/RADIUS Servers for AAA authentication and User authentication.
• Provided VPN services to site-to-site and, Remote access VPNs using IPSec tunneling.
• Work with IP for any vulnerabilities /ACLS and remediate as needed.
• Provided routine status updates on work performed and interpretation of security implications from performed events.
• Worked on configuration, maintenance, and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network.
• Configuring rules and Maintaining Palo Alto Firewalls& Analysis of firewall logs using various tools.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Performed upgrading of load balancers from citrix to F5 BigIP load balancer to improved functionality, reliability and scalability in the system.
• Upgrades/Downgrades of F5 TMOS, Hot-fix installations depending on need
• Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability
• Worked on troubleshooting and resolving issues escalated by the NOC and internal systems, including developing, implementing and deploying emergency hot fixes within a global network
• Configuring ASM policies for external applications
• Administrating on F5 LTM, GTM, ASM, APM on series 5050
• Created an automated backup procedure for all F5 load balance appliances
• Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
• Experience in F5 iHealth reports creating and maintaining high quality installation guides, standards documents, diagrams, run books and other engineering documentations.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Worked on Catalyst 4506E, 4507, 6503E and 6506E series switches along with Nexus 5020 switches in change of configurations and maintenance.
• VSS on 6506E switches maintenance to provide dual homing for the consumers as well redundancy.
• Configured and maintained VDCs in 7018 switches, maintained VRFs in those separate VDCs. Operated in OTV to extend L2 VLANs amongst data centers over IP on Nexus 7018 switches.
• Upgradation of nexus OS from 6.2.2a to a higher version to increase performance and support new features on both N7010 & N7710 chassis.
• Proficient in Configuring VPC between the Cisco Nexus 7k, 5k.
• Route redistribution between OSPF, EIGRP and also in required routers, between IGP and BGP.
• Creating BGP multi-homed network using BGP attributes like AS-PATH, MED and local-preference as per the environment.
• Implemented Port Aggregation using LACP and PAgP protocols.
• Configured and maintained PVST+ for L2 loop prevention on Catalyst switches.
• Scheduled maintenance of Nexus 2248, 5548 and 7010 switches so that there are no Orphan ports in the network.
• Documented migration of data center from legacy switches to nexus switches.
• Handled LAN environment involving HSRP, VLANs, Trunking and Spanning Tree protocol.
• Upgraded the remote access (VPN) and firewall environment for the entire organization
• To ensure that day-to-day Security Operations run smoothly. Change management and third level incident management being the primary responsibility, participate directly as well as take escalations from the team members as and when required.
• Created Visio Dean / Visio Documentation to give complete picture of network design for each building.
• Hands on Experience in Troubleshooting IOS related bugs based on past history and appropriate release notes.

Environment: Cisco Catalyst switches 6500, 4500, 2950; Routing Protocols OSPF, BGP; STP, VTP, VLAN; VPN, MPLS, HSRP, GLBP, Big-IP F5 Load Balancer, Cisco Works; MS Visio, Checkpoint, Cisco ASA and Palo Alto firewalls, Blue Coat Proxy.

Confidential, Norfolk, VA

Sr. Network Engineer

Responsibilities:

• Hands on experience with Catalyst L3 switches and Cisco Nexus switches: 2232, 2248, 5548, 6001 and 7018(Sup 2E).
• Operated in Administration of L2 technologies like VLANs, VTP, Trunking, RPVST, Inter-VLAN routing, Ether channeling, and Switch port Security on Access Layer switches.
• In the process of Data center fabric migration from legacy Catalyst to Nexus switches, deployed, configured and maintained 5548, 7018 switches.
• Installed Catalyst 6509E switches with 40GE and 10GE line cards containing MSFC and PFC cards and configured, maintained VSS on it.
• Operated with Sup 2E for 7018 switch and F cards for L2 switching and few M cards for L3 proxy routing purposes for F cards.
• Functioned in upgrading system images on 5k and 7k Nexus switches using kick start and FTP server.
• Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, network devices
• WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP address
• Configured and maintained OSPF, EIGRP, RIP and BGP on Cisco routers.
• Creating BGP multi-homed network using BGP attributes like AS-PATH, MED and local-preference as per the environment.
• Maintained TACACS+/RADIUS Servers for AAA authentication and User authentication.
• Provided VPN services to site-to-site and, Remote access VPNs using IPSec tunneling.
• Documented migration of data center from legacy switches to nexus switches.
• Provided hands-on support for environment including on-call support for switches, routers and servers. Used Solar winds, DHCP, DNS to troubleshoot issues.
• Experience with Firewall Administration, Rule Analysis, Rule Modification
• Experience on Check Point GAIA R77. Environment consisted of 30+ Check Point firewalls and performed configuration, troubleshooting, and maintenance.
• Worked on, groups, and updating access-lists and responsible on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Performed upgrades for all IP series firewalls from previous Check point versions (R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77) to R77.10
• Troubleshoot and resolve firewall software and hardware issues including VPNs, connectivity issues, logging, cluster configurations, hardware installations
• Experience in converting Check point VPN rules over to the Cisco ASA solution. Migration with both Check point and Cisco ASA VPN experience.
• Setting up MPLS Layer 3 VPN cloud in data center.
• Implemented all standard and non-standard ISDN and IP-VPN changes to company customer support connections.
• Responsible for administrating Bluecoat and dealing with policies for user access like Blocking/Unblocking URL's.
• Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
• Configuring policies on ASM using manual policy enforcement and auto policy enforcement with F5 ASM, LTM, APM.
• Knowledge in implementing and configuring F5 Big-IP LTM load balancers.
• Prepare test plans for checking the configuration on the CLI, and GUI,writing iRules, scripts.
• Determining the functionality with the DNS naming conventions and migrations from old load balancing environments to the F5 environment both 10.x and 11.x.

Environment: Checkpoint Firewall (1100, 1400, 4000, 5000 series), GAIA R75.xx/R77.xx. Cisco switches & routers, Meraki Dashboard (Access Points), SolarWinds, Cisco ASA, ServiceNow Ticketing tool, Visio, Bluecoat Proxy servers, IDS/IPS, SIEM and Monitoring.

Confidential, Deerfield IL

Sr. Network Engineer

Responsibilities:

• Worked on Catalyst 4506E, 4507, and 6503E, 6506E series switches along with Nexus 5020 switches in change of configurations and maintenance.
• VSS on 6506E switches maintenance to provide dual homing for the consumers as well redundancy.
• Route redistribution between OSPF and EIGRP & also in required routers, between IGP and BGP.
• Created stub areas and configured summarization for effective routing. Manipulated route updates using distribute lists, route maps & administrative distance, offset lists.
• Implemented Port Aggregation using LACP and PAgP protocols.
• Configured and maintained PVST+ for L2 loop prevention on Catalyst switches.
• Scheduled maintenance of Nexus 2248, Nexus 5548, and Nexus 7010 switches so that there are no Orphan ports in the network.
• Security issues handled related to VPN, IPSEC, NAT, and Configuring Standard, Extended and Named Access lists.
• Client VPN technologies including Cisco’s VPN client via IPSEC configured.
• Used Cisco ASA 5540 firewall for Enterprise security, configured ACL’s for Internet requests to Server Farm in LAN and DMZ.
• Configured Cisco ASA Firewall to use multiple security levels and interfaces
• Implemented numerous Firewalls polices on Cisco Firewall.
• Implementation and configuration of ASA 5520 in failover along with the CSC module as per the customer requirement.
• Implemented clientless SSL VPN on ASA 5500-x platforms.
• Preformed Firewall configuration primarily through the command line interface.
• Experience working with the Cisco IPS module which allows IDS or IPS inspection of all traffic passing through the firewall
• Configuring RADIUS and TACACS+ authentication on Cisco ASA firewalls.
• Worked on ASA routed mode and transparent mode.
• Worked on ASA 5500-x platform configuring the ACLS, NAT policies and AnyConnect VPN’s
• Upgraded the Cisco ASA firewalls from version 8.6 to 9
• Negotiate VPN tunnels using IPsec encryption standards and, also configured and implemented Site to Site VPN and remote VPN.
• Performing the ACL requests change for various clients by collecting source and destination information from them
• Work with application team and Information security for ACL renewals and ACLS aging.
• Hands on Experience on IPAM tool used for periodical scans a subnet and provides the availability status of IP addresses in that subnet.
• Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
• Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
• Worked with F5 Big-IP Product LTM in Load Balancing.
• Hands on experience with Checkpoint firewall on NGX 65 SPLAT on 65 product using CLI and web UI as well.
• Configured and maintained Cisco ACS server for AAA Authentication (RADIUS)
• Involved in configuring switch for 802.1x port based authentication.

Environment: Cisco routers and switches 6500, 4500, 2950; Big-IP F5 Load Balancer, MS Visio,, Cisco ASA 5580/5540/5520, Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Splunk and Palo Alto firewalls, Routing Protocols OSPF, BGP, STP, VTP, VLAN, VPN, MPLS, HSRP, GLBP.

Confidential

Network Engineer

Responsibilities:

• Responsibilities included taking care of the IP Addressing in the organization which included designing new subnets based on the requirements.
• Involved in implementing & Designing the switched network. Configured STP, VTP and dot.1q in switching network.
• Created VLAN& Inter-VLAN Routing with Multilayer Switching.
• Configured and Maintained TACACS for AAA.
• LAN Cabling in compliance of CAT5 standards.
• Assisted in Troubleshooting LAN connectivity and hardware issues in the network of 100+ hosts.
• Maintained Redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Performed RIP, OSPF, EIGRP routing protocol administration.
• Learned and tested various BGP parameters like Local Preference, MED, Weight, and replicated customer issues in the Lab environment.
• Involved in monitoring the performance of the network, thereby identifying the bottlenecks in the network, troubleshooting the connectivity problems using Ping, Trace route, and Telnet.
• Involved in troubleshooting IP addressing issues and Upgrading IOS images using TFTP.
• Daily responsibilities included monitoring network connectivity, administration of the remote location.
• Analyzed and studied Client requirements to provide solutions for network design, configuration, administration and security.

Environment: CISCO routers and switches, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, Spanning tree, Windows Server.