PROFESSIONAL SUMMARY:

• Certified Network professional with 7 years of experience in network design, implementation, and support. Routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• Extensive experience in configuring and troubleshooting of protocols RIP v1/v2, EIGRP, OSPF, BGP and MPLS.
• Extensive knowledge with VLAN’s, Trunking, RSTP, SNMP, Ether Channels, HSRP, Port Security, ACL’s, QoS, Traffic Policing, Shaping, EIGRP, OSPF, NAT, PAT, Inspections, VPN’s, DHCP, WireShark etc
• Expertise in configuring and troubleshooting of Palo Alto, Juniper NetScreen & SRX Firewalls and their implementation
• Working Knowledge of Cisco IOS, Junos & basic Nexus (7K, 5K&2K).
• Switching tasks include VTP, ISL/ 802.1q, VLAN, Ether Channel, STP and RSTP.
• Strong hands on experience on PIX (506, 515, 525, 535), ASA (5505/5510) Firewalls. Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Responsible for Check Point and Cisco ASA firewall administration across global networks.
• Experience in testing Cisco routers and switches in laboratory and deploy them on site production.
• Hands of experience on AWS (Amazon Web Services).
• Expertise on complex Checkpoint, Cisco ASA & Palo Alto firewalls Environment.
• Has experience in working on cloud AWS cloud EC2, S3, RDS, Load Balancer, Auto Scaling with AWS command line interface and AWS python SDK.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Systems integration projects included Routers, Switches, Load balancers, DNS Servers, Firewalls, Virtualized servers, Multimedia, Remote Access, Wireless, Proxy servers, File Servers, Main Frames, multicast networks and much more
• Testing the wireless coverage, Throughput, data rates, interference using predictive surveys.
• Experience in physical cabling, IP addressing and subnetting with VLSM, configuring and supporting TCP/IP, DNS, installing and configuring proxies.
• Experienced in Cisco and Juniper design and implementation projects. Specific tasks include Integrated, Integrations, configurations, support and maintenance of routers and switches.
• Designed, configured and implemented LAN/WAN/Wireless networks in 30 remote offices domestic and globally consisting of Cisco 4510R - E and 3850X Core switches, Cisco 2921 WAN router, Aruba Mobility controller, and Palo Alto firewalls.
• Well experienced in configuring HSRP, GLBP, ICMP, PPP, PAP, CHAP and SNMP.
• Experience in installing and configuring DNS, DHCP server
• Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800)
• Hands on experience in configuring Cisco 2800, 2900, 3800, 3900, 4300 and 7200 Series routers.
• Expertise in installing, configuring and troubleshooting Juniper Routers (J, M and MX-series)
• Experienced in Administrating and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• In-depth knowledge and hands-on experience in ISP Routing Policies, Network Architecture, IP Sub netting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
• Experience in site-to-site and remote access VPN solutions.
• Multicast routing/switching, Rosen draft, IPTV solutions.
• Experience working with Nexus 9k, 7K, 5K and 2K.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTMs and GTMs.
• Worked extensively on Palo Alto, Juniper Net screen and SRX Firewalls.
• Provided services in many industries such as Consulting, Telecommunications and IT Infrastructure. Specializing in LAN, WAN, WLAN, and Data Center networks
• Implemented Guest WLAN.
• Experience with design and deployment of MPLS Layer 3 VPN, MPLS Traffic Engineering, MPLS QOS.
• Deployed RAP controllers (Remote Access Points) in the DMZ to provide direct secure connection from remote locations to corporate LAN.
• Worked with team to implement NAC solution on Aruba wireless and LAN.
• Extensive experience in configuring Layer3 routing and layer2/3 switching of Juniper & Cisco based J2320,MX,EX,2950,2960,3600,3750,4500,6500,1700,1800,2600 and 3700 series routers & Switches.
• Troubleshooting & implementation of Vlan, STP, MSTP, RSTP, PVST, 802.1Q, DTP, HSRP, VRRP, GLBP, LACP, PAGP, AAA, TACACS, RADIUS, MD5, VTP & SVI.
• Proficient in setting up IT infrastructure including wide area networks (WAN) local area networks (LAN), security management systems network device administration.
• Experience working with Cisco IOS-XR on the ASR9000 devices for MPLS deployments
• Experience working with ARISTA switches like 7100, 7500 for cloud computing, datacenter and low latency networks
• IOS/JUNOS upgrade for Cisco & Juniper routers cum switches.
• Experience in testing Cisco & Juniper routers cum switches in laboratory scenarios and deploy on site for production.
• Highly motivated with the ability to work independently or as an integral part of a team and committed to highest levels of professional.
• Experience with Change management process and Project documentation tools like Excel and VISIO.

TECHNICAL SKILLS:

Cisco Routers:: 3900, 3800, 3700, 7206VXR, 7500, ASR 1K & 9K

Cisco Switches:: 6500, 4510, 3750X, 3550, 3650, 3750G, 2960

Routing Protocols:: EIGRP, OSPF, BGP, RIPv2

Switching Concepts:: VLAN, STP, RSTP, VTP, Ether Channel, Port Fast, IP access Control lists, Uplink Fast and Backbone Fast, HSRP, VRRP

Network Security:: NAT/PAT, VPN, Filtering, Cisco ASA Firewalls, Palo Alto Networks Firewalls, Check Point Firewalls IPSEC and SSL VPNs, IPS/IDS, DMZ Setup, Cisco NAC, ACL, IOS Setup and Security Features

Network Topologies:: Frame Relay, ISDN, Gigabit Ethernet, OSI and TCP/IP layered architecture

LAN:: 10/100/1000 & 10 GBPS Ethernet

WAN:: MPLS, Frame Relay, Dialup, VoIP, Cisco Routers and Switches, CSU/DSU

WLAN:: IEEE 802.11, PHY and MAC layer functionality, WLAN controller/Aruba/Meru

Operating Systems:: Windows and Linux Operating Systems

Sniffers:: Solar winds, Wire shark, Nmap

Scripting:: Python and Shell scripting

Tools: Tufin, Rank, Firemon, Fluke, MS Visio, Akips,Infoblox

PROFESSIONAL EXPERIENCE:

Confidential, NYC, NY

Sr. Network Security Engineer

Responsibilities:

• Implemented SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks and Cisco ASA firewalls.
• Responsible for major aspects of network specification and design within the organization making recommendations for the improvement of network design operation and economics, wherever and whenever possible.
• Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
• Configured ACLs in Cisco 5550 ASA firewall for internet Access requests for servers, protocol handling, object grouping and NAT.
• Updated Fortinet firewall configurations, programmed switch ports and cameras, and maintained asset information.
• Worked on Multi-vendor platform with Check Point, Fortinet and Cisco firewalls requesting net flow for security compliance, coding, and pushing firewall rules after approval and troubleshoot incidents.
• Migrated Cisco ASA and Check Point firewalls to Palo Alto Network Firewalls using the PAN Migration Tool (Expedition) and integrated wildfire to identify zero-day exploits.
• Implemented Global-Protect VPN for mobile workforce replacing traditional Remote access VPNs.
• Performing administrative tasks with Palo Alto Networks (Panorama) including Security, NAT policy definitions; application filtering; Regional based rules; URL filtering, Data filtering, file blocking, User based policies, maintained and analysed firewall logs
• Used Wireshark for packet capturing and Akips for monitoring the network traffic and track the status of the interfaces.
• Deployed new computing infrastructure systems within AWS infrastructure.
• Worked on AWS to Corporate connectivity and AWS EC2, Auto scaling, NAT Gateways
• Monitor AWS infrastructure for Clients and when needed upgrade and administer resources to virtual machines when needed
• Provided daily network support for all branches and sits in the organization’s WAN consisting of MPLS, VPN and point-to-point circuits.
• Worked on Service Now request tickets such as troubleshooting, maintenance upgrades, patches and solutions with all round technical support.
• Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT
• Build out and manage the Windows/VMware Virtual and Cloud Infrastructures and integrate them with Cisco ACI.
• Upgraded Cisco 4500 to Cisco 3850 and documented the network diagram using MS Visio and design plan.
• Mitigating STP attacks by enabling Root Guards, BPDU Guard, Port Fast and BPDU filters as required.
• Actively involved in Switching technology Administration including creating and managing VLANS, Port security- 802.1x,Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Nexus 2232, 5596, 7009 switches.
• Configured Nexus 5020 with multiple distribution VDC's running EIGRP for route propagation between the devices.
• Involved in troubleshooting of HSRP, VRRP configuration and Virtual Port channel management in Nexus switches.
• Documented workflow process, Visio drawings and implementing changes following the change management guidelines.
• Worked on the Global-Site Load balancing(GTM/GSS) and Server Load balancing( LTM/SLB) technologies using F5 BIG IP and Netscaler.
• Knowledge in implementing and configuring F5 Big- IP LTM and GTM load balancers.
• Configured Static, Dynamic Load Balancing and priority-based pool-member activation to manipulate load on servers on F5 Big IP LTM Load Balancer.
• Configured and managed F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control (NAC) integration with Cisco ISE.
• Involved in deployment of Cisco ISE and Firepower as well as, created/modified necessary profiles that allowed authorized devices on the network.
• Optimized the network performance by troubleshooting issues and outages by working closely with the architects.
• Worked on Network Automation using Python.

Confidential, Princeton, NJ

Network Security Engineer

Responsibilities:

• Established BGP peering between onsite datacenter in California and AWS cloud.
• Worked on Network automation using Python
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall.
• Perform Firewall Policy provisioning on Checkpoint using Smart Center, PAN devices using PANORAMA Management Platform and CSM for Cisco ASA's
• Working as a Network SME for the NextGen Data Center Cloud Architecture, using Cisco ACI and Nexus 9K. Working with Cisco Account team onsite for creating and testing the POC
• Managing & administering Cisco WSA.
• Worked on devices Cisco IOS switches, Nexus(5K), Palo alto firewall (500,3020), Juniper SRX, MX,EX and Netscreen firewalls, ASA firewall, check point firewall,SSL VPN Pulse secure, F5 load balancer and Net Screen.
• Strong experience on Juniper SSG series Firewalls and Checkpoint R75, 76 Firewalls
• Performed virtualization and deployed various VMs using VMware ESXI 6.5
• Experience with Network Automation, Firewall Migration (FTD, FMC) and experience with configuring onsite to cloud connectivity using AWS.
• Proficient in designing and deploying enterprise and carrier grade communications platforms by vendors including, but not limited to: Cisco, Motorola/Symbol, BaiCell, ZTE, Ericson, HP Aruba, Brocade, Ubiquiti, Apple, Microsoft, VMWare.
• Ability to work with end users to troubleshoot and solve their Pulse Secure VPN problems.
• Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices
• Working Experience on web content filter and gateways like Blue Coat, Websense.
• BlueCoat WAF proxy services were redeployed to provide WAF on the guests and contractors network.
• Adding Websites to the URL filtering block list in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
• Designed wireless mobility networks, performed surveys, installed APs and did remote/on-site troubleshooting for the DTAG corporate wireless network locations (Airport and off-site) using Motorola Access Points and HP managed switches for over 8 years in the Auto Rental/Airport vertical at over 150+ locations.
• Have Extensive Work Experience on Python Scripting and create Framework as Ansible
• Created different application policies in the ACI including Tenants, Application Network Profile (ANP), End Point Group (EPG), Contracts, Filters & Labels.
• Configuration included deploying of new branch locations or new network devices in the existing infrastructure. Like, 4500-X in VSS mode and 3850 switches for distribution and POE-user switches
• Troubleshooting the Network failure issues and thereby making the changes to Network Infrastructure.
• Worked on maintenance and upgraded Cisco wireless WLC, LWAPP APs
• Troubleshoot issues with Wireless Access points (Cisco 3502) and configure SSID’s on 5520 Wireless LAN Controllers.
• Responsible for installation, troubleshooting of Checkpoint firewall and LAN/WAN protocols Implementing firewall rules and configuring Palo Alto, fortinet Network Firewall.
• Developed the automation scripts using Python to validate credentials and configure interfaces and confirm their reachability of Cisco and Juniper appliances.
• Configuring Node, pool, VIP, SSL client, server profile in F5 LTM 4000 series Bigip and thereby adding firewall rule to bring the end servers live
• Worked on implementation of the basic F5 ASM, F5 Fire pass and VE, F5 APM.
• Managed the F5 BIG- IP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Created Application filters and URL categories in secure web gateway for the F5 APM feature as proxy solution.
• Worked with F5 APM sessions and manipulating session using iRule and configuring and maintaining Web tops and Portal Access.
• Troubleshooting when the servers are down, checking logs to identify the error and thereby taking necessary steps.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
• Responsible for Checkpoint firewall management and operations across our global networks.
• Working with Checkpoint Support for resolving escalated issues
• Worked with Cisco advance services to implement data center Nexus environment for new Upgraded datacenter for the NX-OS in 7004 in core layer, 6880 in aggregation layer and cisco 6800 in access layer.
• Implemented the Core switch cut over project from Cisco 6509 to Nexus 7004 devices.
• Configured VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 9K/7k/5k devices
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Providing Technical Support and solutions for Network Problems and resolve tickets across sites and corporate offices.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Used the data from Cisco ISE to trace out security violations in events of ransomware attacks.
• Responsible in troubleshooting on Cisco ISE added new devices on network-based policies on ISE.
• Involved in periodic IOS upgrades, troubleshooting network outages and high severity incidents.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long-term planning, implementation, project management and operations support as required.
• Creating or Modifying Firewall rules on Cisco 5555, 5520, Juniper SRX and Palo Alto VM-300 devices.
• Upgrading the IOS on Network Devices including cisco 6800, 6500 and Palo Alto VM-300 devices
• Experience in working in panorama, Palo Alto user interface version 8.0.2 and VM-300 series firewalls.
• Creating templates in panorama to manage the individual devices from it.
• Configuring HA pair for two Palo VM-300 series AWS instance firewalls and testing the failover activity as well as ENI migration.
• Design and Building Software-Defined Data Center environment, including VMware, VCenter, NSX and Cisco ACI.
• Focused on working with Cisco Channel partners to build practices around Cisco ACI.
• Involved in testing and production support of cisco ACI Data center in network centric mode.
• Creating Network objects, dynamic address groups, FQDN and assigning it to rules based on the information in tickets
• Creating custom URL profile based on the expressions and assigning it to rule to perform URL filtering.
• Configuring network interfaces, static routes, and NAT rules in panorama and thereafter pushing to individual Palo Alto devices.
• Performing the software upgrade from version 7 to 8.0.2 on panorama and VM-300 series Palo Alto firewalls.
• Configuration included VLANs & VTP, STP port features, Gateway redundancy using HSRP, enterprise security using Cisco Port Security and Dot1X framework.
• Experienced in up- gradation of Corporate LAN, by upgrading IOS on core switches (6509/6513), replacing/adding supervisor's modules(720/IV), GE and FE modules, GBIC/SFP modules on 4500/4006 switches. Configured STP, HSRP, VRRP. OSPF and BGP routing protocols for internal and external connectivity.

Confidential, Memphis, TN

Network Engineer

Responsibilities:

• Install and configure Cisco routers, switches and firewalls of various models. Upgrade codes, IOS, and patches for different network devices.
• Designing, implementation, configuration, and management of Cisco and Motorola enterprise wireless network hardware, software, and management systems (NMS).
• Performed TCP/IP networking based administration including VLANs, inter-VLAN routing, Trunking, STP, RSTP, port aggregation & link negotiation and port security
• Design Data Center, layer 2 and 3 configuration & administration of firewall (Cisco ASA, Palo Alto, Dell Sonicwall, WatchGuard)
• Deployed pulse secure load balancer on VM ware for Virtual servers and configured round robin distribution across the serves in the pool
• Configuration & troubleshooting of routing protocols: Static, OSPF and EIGRP and BGP.
• Troubleshooting LAN and WAN problems, Application working slow problems.
• Responsible for all Load Balancing; i.e., F5 LTM/APM ASM/ and other Modules.
• Configuration of 4000 series Cisco Wireless LAN Controllers for access points.
• Planning the placement of wireless access points and maintaining wireless devices to provide seamless connectivity.
• Automated network implementations and tasks and designed monitoring tools using python scripting.
• Tracking Mac-address from core switches for port finding for Vlan change
• Configuration of checkpoint rules and policies and pushing them in checkpoint smart dash board.
• Hands on support for Cisco firewall solution including Cisco ASA 5xxx, Cisco AIP, Cisco SSL .
• Configured and Deployed Cisco ACL.
• Worked with network based F5 Load balancers with software module GTM and experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Cisco Load Sharing on Cisco clusters.
• Worked on network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters.
• Worked with IT Security to design the SSL VPN through different network tunnels for corporate employees, vendors, and contractors by leveraging F5 APM
• Configuration and extension of VLAN from one network segment to their segment between Different vendor switches (Cisco, Juniper)
• Implementation of Dynamic VPN via SRX Firewalls and Pulse Secure Clients.
• Developed Automation Scripts to configure the network appliances and Managed Code Repository by maintain code repository in GIT; and administered practices of branching and code merging.
• Configured Security Policies including NAT, PAT, AAA, ACL's Standard Access Lists, Distribute-Lists, Route-Maps, VPN Concentrators, IPS/IDS, (PIX, ASA) firewalls.
• Monitor/maintain network connectivity & traffic using network monitoring tools to ensure optimal performance
• Experience working in datacenter environment, configuration changes as per the needs of company and Implementing and troubleshooting VLAN’s, VTP, STP, Trunking, Ether channels
• Convert Campus WAN links from point to point to MPLS and to convert encryption from IPSec/GRE to Get VPN.
• Migrated FW rules from Checkpoint to the Safe Zone in Palo Alto Panorama to enable BGP at cutover. Building the Span tree primary, secondary IP Access.
• Configuration of IP and Routing technologies for various protocols such as EIGRP, OSPF, BGP for MPLS network.
• Expertise in document creation with technical configurations, billing, security standards design and network documentation using MS VISIO.
• Responsible for researching new technology directions and making recommendations for improving the reliability & functionality of LAN & WAN.
• Monitor network performance, troubleshoot using Solar winds
• Management of all technical security equipment, including Cisco ASA, Palo Alto firewall, Cisco Defense Center - IDS/IPS devices.

Confidential

Associate Network Engineer

Responsibilities:

• Configuration of Access List ACL (Std., Ext, Named) to allow users all over the company to access different applications and blocking others.
• Troubleshoot problems on a day-to-day basis and documented every issue to share it with design teams.
• Worked with Network Design and implementation teams on various projects across related to Branch, Campus and Data Center.
• Deploying and decommissioning Cisco switches and their respective software upgrades.
• Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, routers.
• Performing troubleshooting on slow network connectivity issues, routing issues that involves OSPF, BGP and identifying the root cause of the issues.
• Prepare Design documents, VISIO diagrams and Implementation plan for all projects on the Network environment.
• Troubleshoot Network Issues onsite and remotely depending on the severity of the issues.
• Installed, configured and maintained with the latest updates on the 3700, 3800, 7200 and 7600 Cisco Routers and 2960, 3750, 3560, 6500 switches.
• Configuring all the end ports as access ports using port fast and implementing BPDU guard.
• Monitoring the network, troubleshooting network problems, implementing changes, provided Cisco IOS.
• Upgrades and backups of Cisco router configuration files to a TFTP server.