- Accomplished Senior Network Engineer with 6 +years' experience in using Cisco, Nexus, Juniper routers, switches and firewalls.
- Worked on several medium to large - scale infrastructures, contributed to its; planning, design, implementation, administration and troubleshooting.
- Professional expertise on handling firewall migration and deployments, application technology management, Network architecture and Solution design, troubleshooting security of LAN/WAN networks, Palo Alto 3000,5000,7000, Cisco ASA, Checkpoint.
- Experience with CISCO ASA Content Security and Control Security Services Module (CSC - SSM) and Advanced Inspection and Prevention Security Services Module (ATP-SSM).
- Experienced in Cisco Identity Service Engine (TSE) Devices 3350, 3300.
- Extensive experience in dealing with vendors for MPLS/DSL installations.
- Experience on Access Control Server configuration using AD, RADIUS & TACACS+.
- Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks.
- Hands on experience in deploying GRE tunnels, IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
- Proficient in implementation of filters using Standard and Extended access-lists, T ime-based access-lists, Route Maps.
- Experience on implementing route manipulation using Offset-list, route metrics.
- Implemented redundancy protocols like HSRP, VRRP, and GLBP.
- Good knowledge of CISCO NEXUS data center infrastructure with 5000, 6000, 7000 and 9000 series switches include (5548, 7010) including CISCO NEXUS Fabric Extender (223, 2248).
- Expertise in Configuration and troubleshooting of STP, RSTP, PVST, RPVST, BPDU Guard and BPDU filtering on Switches.
- Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
- Expertise in implementing IP Address management and Subnetting concepts on various Network architectural designs.
- Knowledge on BOM and managed inventory for network hardware.
- Worked on Splunk Implementations and configuration management.
- Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, SolarWinds and TCP dump.
- Expert in managing and monitoring the network devices using Syslog, SNMP, and NTP.
- SME in OSI layer model/TCP/IP.
- Well-organized in documenting tools like Microsoft VISIO, Microsoft Office.
- Operating Systems: Linux, Windows Server 2008/2012, Windows OS, Microsoft Hyper-V.
LAN TECHNOLOGIES: Ethernet, Fast Ethernet, Gigabit Ethernet, WAPs, IEEE 802.11, Token Ring, Workgroup, Domain, HSRP, GLBP, VRRP DNS, Static, VLAN, STP, VTP, Ether Channel, Multi-layer switching, Port Security, Trunks.
WAN TECHNOLOGIES: HDLC, PPP, Channelized links (E1/T1/E2/T2), Leased Line, ISDN/Dial-Up, Frame Relay circuits, Metro Ethernet, ATM, SONET, MPLS, VPN, IPsec-VPN, OSPF, EIGRP, BGP, RIP v1/v2, Static route, OSPF, BGPv4, MP-BGP.
FIREWALLS: Palo Alto, Check Point, Juniper SRX, Cisco ASA.
NETWORK MANAGEMENT: Wireshark, SNMP, Netflow, SolarWinds, Tufin, Splunk, SYSLOG, NTP, DHCP, TFTP.
LOAD BALANCERS: F5 Network (Big-IP) LTM 8900 and 6400.
OPERATING SYSTEMS: Windows (98, 2000, XP, Vista, Windows 7, 8.1, 10), Linux, Hyper-V (ESX, KVM).
PROGRAMMING SKILLS: C, C++, PYTHON, .NET, LINUX.
AAA Architecture: TACACS+, RADIUS, Cisco ACS
Confidential, NEW JERSEY
- Hands on experience with Palo Alto NGF (5060, 3060) with security and management features such as URL filtering, data filtering, Threat prevention and Log Management.
- Responsible for the GUI PANORAMA management for logging sessions, creating reports and managing different firewall devices.
- Implementing APP-ID which defines custom applications and comprehensive set of predefined applications to be applied on firewall policies.
- Configuring Zones, Virtual routers and interfaces on Palo Alto Firewall.
- Working knowledge on proxy services, Site to Site VPN tunnels, and SSL certificates.
- Configured Palo Alto to Wildfire cloud to mitigate Zero-day attacks.
- Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
- Implemented security policies by creating groups (objects) and specific policies as per the user levels.
- Responsible for Palo Alto software and firmware upgrades.
- Maintaining Palo Alto Firewall & analysis of firewall logs.
- Responsible for migrating Cisco ASA firewall to Palo Alto firewall.
- Experience with setting up Cisco ASA firewalls Cisco ASA 5510, Cisco ASA 5512 & Cisco ASA 5505 with restricted security policies, NAT implantation, configured DMZ interfaces to restrict traffic flow.
- Troubleshoot SSL AnyConnect VPN and IPSec VPN on Cisco ASA 5520 Firewall.
- Configuring Security Policies using Extended Access-lists, Object-Grouping for Network objects, services and configuration of Manual and Auto NAT in Cisco ASA.
- Experience with configuring FCOE using Cisco nexus 5548, VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018.
- Deploying Cisco Nexus 7k,5k,2k for the datacenters with Fabric path.
- Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card.
- Expertise knowledge on SIEM tools like Qradar to get real time analysis of security alerts generated by network hardware and applications.
- Monitoring network using Solar Winds (Orion), network topology updates using Solar Winds topology mapper.
- Worked with Aruba Virtual Mobility Controller and AP's to improve wireless network coverage and availability.
- Hands-on experience on Aruba Clear pass network access platform.
- Configuring the wireless controllers throughout the global sites and maintain through the management publisher clear pass server (publisher and the subscriber series of Aruba wireless controllers).
- Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies.
- Securing the applications from threats by offloading the SSL in ASM.
- Worked on the Logging issues of the F5 load balancer and the process of the workflow with the syslog servers making sure the communications through the switches and routers.
- Worked on upgrading the LTM and GTM boxes from TMOS version 9.x to10.x for the local traffic managers.
- Maintaining the SSL certificates for various applications hosted on the F5s and servers on the hardware
- Worked on the security levels with RADIUS, TACACS+, and KERBEROS for client authentications in various locations.
- Experience working with VMware ESX and KVM environment.
- Responsible for investigating and troubleshooting incidents related to Cyber Security.
- Managed the IP address space using subnets and variable length subnet masks ( VLSM) and Monitored the operability and reliability of the network.
- Experience working with design and deployment of MPLS layer 3 VPN Cloud, involving VRF, Route Distinguishing Worked with application development teams to ensure that their web applications are routed properly and to accelerate with Blue Coat Proxy web application firewall protection usher, Route target, Label Distribution Protocol.
- Experienced working on network monitoring and analysis tools like, SOLAR WINDS, and Wireshark.
NETWORK SECURITY ENGINEER
- Configured and set up of Juniper SRX firewalls for policy mgmt and Juniper SSL VPN's.
- Configuration and support of Juniper Netscreen firewalls.
- Administer and support Juniper Firewalls Using NSM ( NetScreen and ISG firewalls)
- Administering multiple Firewall of Juniper / NetScreen, in a managed distributed environment. Fulfilling routine change requests of Net Screen OS Firewall and resolving trouble tickets, maintain and monitoring firewalls.
- Maintain High Availability and clustered firewall environments for customers using Check Point High Availability.
- Troubleshoot and monitor Firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console ( SmartView Tracker, Smart Log and SmartView Monitor).
- Configured IPSec, SSL-VPN (Mobile Access) on Checkpoint Gaia and troubleshoot VPN tunnel connectivity issues.
- Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce Checkpoint Firewall policy lookup.
- Established, managed, and optimized network uptime and provided end-user support for users.
- Creating and managing user accounts to all team members in partner environment.
- Also performed configuration changes in Nexus 7000 series switch VDCs.
- Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card (module) for the Nexus 5000.
- Assign Access and trunk ports on Cisco Switches, configure new network devices, upgrade existing infrastructure to Cisco Merakhi install Merakhi Switches, and wireless Access Points.
- Experience working with HP Aruba wireless controllers and access point configuration, deployment and management.
- Good knowledge on HP Aruba tools & software to analyze and resolve issues,
- Created non-overlapping channels when using extended service set to avoid interference between access points and tuning RF signals.
- Configured Virtual IP's (VIP) and virtual servers. Configured pool and pool members and associated it to the virtual server. Configured load balancing method.
- Created the Secure Network address translation (SNAT ) for translation the three virtual addresses to the single translation address which connects to the BIG-IP .
- Worked on F5 issues using packet capture like TCP dump, Wireshark and SolarWinds and curl commands.
- Worked on BIG-IP APM to provide secure remote and mobile access.
- Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
- Work on Cisco based Routing and Switching environment with MST and Rapid Spanning tree.
- Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
- Monitoring Network infrastructure using SNMP, Solar-winds and Opnet .
- Communicating and escalating tickets with service providers for network outage issues.
- Upgraded local access switches with new VoIP deployments for compatibility reasons.
- Design, install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.
- Involved in complete LAN, WAN redesign (including IP address planning, designing, installation, pre-configuration of network equipment, testing, and maintenance) of both Campus and Branch networks.
- Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of inter- VLAN routing.
- Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink- fast and Backbone-fast.
- Coordinating with Security team for NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.
- Configured EIGRP and OSPF as interior Gateway protocol route filtering and route redistribution.
- Configured Standard, Extended, and Named Access Lists to allow users all over the company to access different applications and blocking others.
- Well experienced in configuring HSRP, VRRP, GLBP, PAP, and CHAP.
- Configured & maintained LAN, WAN, VPN, and WLAN on Cisco Routers.
- Generated RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
- Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
- Provide Tier III Level Load Balancer expertise on F5 Big IP Local Traffic Managers (LTM).
- Configuration of Virtual Servers, Nodes, and load balancing Pools.
- Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
- Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BIG IP Load Balancers.
- Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists .
JUNIOR NETWORK ENGINEER
- Configuration and management of different Layer 2 switching tasks which includes address learning, efficient switching etc.
- Dealt with the escalation problems from Level1, Level 2 & Level 3 for routing, switching and WAN connectivity issues using ticketing system Remedy.
- Responsible for day to day management of Cisco Devices, Traffic management and monitoring .
- Set up and troubleshoot secured wireless access points for broadband Internet.
- Configured network access servers and routers for AAA Security (TACACS+ ).
- Managing and configuring of Wide Area Networking Protocols like HDLC, PPP .
- Configuring Routing Protocols like EIGRP and OSPF .
- Implemented the concept of Route Redistribution between different routing protocols.
- Involved in HSRP, VRRP, GLBP configuration and troubleshooting and Port channel management of the network.
- Dealt with NAT configuration and its troubleshooting issues related access lists and DNS/DHCP issues within the LAN network.
- Switching related tasks included implementing VLANS, Ether channel and configuring ISL trunk on Fast - Ethernet channel between switches.
- Designed and implemented an IP addressing scheme with subnets for different departments.
- Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows Server, and configured a FTP server.
- Administered DHCP, DNS, FTP, SFTP, MRGT, servers running on windows physical and virtual PC's.
- Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
- Analyze Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
- Used various Network sniffers like Wireshark, TCP dump etc.
- Operating Systems: Microsoft XP/Vista/7, Windows Servers, MS-Office and MS VISIO.
- Hands-on experience on Up-gradation of Cisco IOS on different Cisco devices and modules.
- Support 24x7 operations and answer calls from the customers on network emergencies.
- Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance upgrades and patches with all around technical support.