SUMMARY:

• Certified professional; with expertise 8+ years of experience with networking installations, Configurations testing, troubleshooting, implementing, optimizing, maintaining enterprise data network and service provider systems.
• Hands - on experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Strong experience with routing protocols (RIPv1/2, IGRP, EIGRP, OSPF, BGP), IEEE 802.11, switching (VLANS, VTP Domains, STP and Trunking),
• Extensively worked with Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager (Infoblox).

TECHNICAL SKILLS:

Cisco router platforms: 2500, 2600, 2800, 3600, 3700, 3800, 7200, 7609.

Cisco Switch platforms: 2900XL, 2950, 2960, 3560, 3750, 4500, and 6500.

Firewalls & Load Balancers: Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800, Juniper Netscreen 65006000, 5400. Juniper SSG Firewalls, Palo Alto PA- 2000/3000/4000/5000 , F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810.

Routers: Cisco routers (1900, 2600, 2800, 2900, 3600, 3800, 3900, 7200, 7600), Cisco L2 L3, Juniper routers (M7i, M10i, M320)

Switches: Cisco switches (3560, 3750, 4500, 4900 & 6500), Nexus (2248, 5548 &7010)

Routing: RIP, EIGRP, OSPF & BGP, Route Filtering, Redistribution, Summarization, Static Routing

WAN Technologies: FRAME RELAY, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems.

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, FDDI, 802.1x, Cisco Secure Access Control Server (ACS) for TACACS+/Radius.

Routing Protocols: RIP, OSPF, EIGRP, and BGP.

Switching Protocols: VTP, STP, RSTP, MSTP, VLANs, PAgP, and LACP.

Network management: SNMP, Cisco Works LMS, HP OpenView, Solar winds, Ethereal.

Software: Microsoft Office Suite, MS SQL Server 2008, HTML.

Language: UNIX, Turbo C / C++, basics in Perl and Shell scripting.

PROFESSIONAL EXPERIENCE:

Confidential, Peoria, IL

Sr Network Engineer

Responsibilities:

• Daily technical hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Implemented configuration back-ups using WinSCP, cyberfusion to automate the back-up systems with the help of public and private keys.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Demonstrated understanding of network security concepts and systems including F5, WSA, Palo Alto, ASA
• Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
• Managing & administering Cisco WSA.
• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Deep understanding of IDS/IPS such as Sourcefire and Foresight.
• Implementing Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM.
• Juniper Firewall Policy management using NSM and Screen OS CLI.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Running vulnerability scan reports using Nessus tool.
• Cisco ASA security appliances including Sourcefire, Fire POWER services and Fire Sight Management Console.
• Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including crypto map, encryption domain, PSK etc.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to primary, remote site offices and VPN client users
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.

Environment: Cisco ASA 5580/5540/5520 , Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco Sourcefire, Splunk, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.

Confidential, Miami, FL

Sr. Network Engineer

Responsibilities:

• Implementing security Solutions using PaloAlto PA-5000/3000, Cisco 5580/5540/5520 , Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
• Deploy, configure, and support Aruba wireless controller and AP devices globally, also a direct escalation path for all wireless issues.
• Enterprise and Public Safety Wireless LAN/WAN (802.11, Mesh).
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Exposure to design and implementation experience primarily on Cisco WSA proxy.
• Configuration and Maintenance of Cisco ASA, ASA 5540, ASA 5520, ASA 5510 series firewalls.
• Configure Syslog server in the network for capturing and log’s from firewalls.
• Provided tier 3 support for CheckPoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
• Experience configuring and managing Cisco Web Security Appliance (WSA) in an enterprise environment
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.
• F5 BigIP iRules programming and troubleshooting.
• Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Worked with protocols such as Frame Relay, IEEE 802.11 and VLAN, OSPF and BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP and TELNET.
• Configure and Monitor Cisco Sourcefire IPS for alerts.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Worked on VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
• Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.
• Strong understanding of Cisco networking technologies: ASA, IPS, WSA, ACS, VPN.

Environment: Cisco ASA 5580/5540/5520 , Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, IEEE 802.11Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco WSA, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.

Confidential, New York, NY

Sr Network Engineer

Responsibilities:

• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Implementing Security Solutions in Juniper SRX and NetScreen SSG firewalls by using NSM.
• Juniper Firewall Policy management using NSM and Screen OS CLI.
• Daily technical hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Deployed Next-Generation Firewall ASA-X, SonicWALL, Palo Alto and Fortinet.
• Creating and provisioning Juniper SRX firewall policies.
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
• Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Experience on ASA firewall upgrades to 9.x.
• Solved problems on case-by-case basis with deep understanding of networking/firewall concepts, particularly with Fortinet devices.
• Assisted with migrations from CISCO to Fortinet Security platform.
• Configuring/Managing Intrusion Prevention System (IPS): Cisco lPS / Fortinet & Checkpoint UTM.
• Configured Panorama web-based management for multiple firewalls.
• Worked on configuration, maintenance and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Use Tools such as SKYBOX for Firewall Policy optimization and rule base Clean up.
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Involved in Upgrading bluecoat proxy servers from SG s to SG B.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Performed Fortinet Firewall OS upgrades via Fortinet Manager.
• Support Data Center Migration Project involving physical re-locations.
• 24 x7 on call support.

Environment: Juniper (SRX, JUNOS, ScreenOS, NetScreen SSG), Cisco (CheckPoint, ASA Firewalls), Palo Alto Firewalls, Big IP F5 LTM/GTM, TCP/IP, FortiGate.

Confidential, NYC NY

Network Engineer

Responsibilities:

• Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• Worked on Check Point Security Gateways and Cisco ASA Firewall.
• Firewall Clustering and High Availability Services using Cluster XL on Check Point.
• Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
• Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
• Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
• Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
• Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
• Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time.
• Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building Fortigate High Availability using Fortigate Clustering Protocol (FGCP).
• Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Documentation and Project Management along with drawing network diagrams using MSVISIO.

Environment: CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, Spanning tree, Nimsoft.

Confidential

Network Engineer

Responsibilities:

• Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• As part of Security and network operations team I was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
• Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
• Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
• Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.
• Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
• Administer and support Cisco based Routing and switching environment.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

Environment: PIX, CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, SAN, Spanning tree, Nimsoft, Windows Server, Windows NT.