SUMMARY

• Cisco and Paloalto Certified Network Engineer with 5.6 years of experience in network system design, Implementation, administration and troubleshooting.
• Extensive experience in WAN Technologies, HPN Switching and Switching Technologies along with Failover Mechanisms and Inter VLAN Routing types.
• Well experienced in configuring URL whitelist and managing the Bluecoat Proxies.
• Extensive experience in configuring and troubleshooting of protocols RIP v1/v2, EIGRP, OSPF and BGP
• Worked on network topologies and configurations, TCP/IP, UDP, Frame Relay, Token Ring, ATM, bridges, routers, hubs and switches.
• Identify, design and implement flexible, responsive, and secure technology services.
• Experience with Firewall Administration, Rule Analysis and Rule Modification, project implementations.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Advanced knowledge in Cisco ASA 5000 series, Palo Alto VM - 300 series and Juniper SRX installation, configuration and maintenance.
• Extensive knowledge base in Network Administration involving Routing, Switching, Wireless, Security and Network Programmability using Python for Network Automation.
• Extensive experience on IPS signatures on the Cisco Firepower management center to reduce false positives by disabling
• Experience in m managing and trouble shoot website access issues on cisco WSA.
• Experience in creating new pools and VIPS, add/delete/modify load balancing rules
• Have extensive experience on Security devices like web proxy WSA, Riverbed, CITRIX application load balancer and Checkpoint
• Working knowledge of networking devices such as Routers, Switches, Firewalls, VoIP, WAN Optimizers and Wireless Devices (Controllers and Access Points).
• Adept at configuring and troubleshooting of VPC on Nexus 7Ks, 5Ks and VDC on NX7Ks.
• Hardware knowledge of various line cards in Nexus 7Ks and 5Ks.
• Configured security policies including NAT, PAT, and VPN, Route-maps, Prefix lists and Access Control Lists.
• Experience working with Juniper Routers (MX960, MX480, M320) and Switches (EX2400, QFX Virtual Chassis Switches) with BGP, OSPF, VSTP, MST layer 2 and layer 3 Technologies.
• Experience in installing and configuring DNS, DHCP server.
• Experience with Change management process and Project documentation tools like Excel and VISIO.

PROFESSIONAL EXPERIENCE

Confidential, Cary, NC

Network Development Engineer

Responsibilities:

• Designed and Deployed Virtual Firewall (Palo Alto) on Azure, Inbound and outbound Virtual FW functionality.
• Palo Alto firewall Audits.
• Managed configuration, logging and reporting of Palo Alto firewall through the Panorama
• Creating, modifying and updating application, application group, service and service groups on Palo Alto firewall.
• Palo Alto design and installation (application and URL filtering, threat prevention, data filtering).
• Pushed policies from Panorama to firewall in Palo Alto, and configured and maintained IPSEC and SSL VPN's on Palo Alto firewalls.
• Exposure to wildfire advance malware detection using IPS feature of Palo Alto.
• Implemented many numbers of security policy rules and NAT policy rules on Palo Alto, created zones, implemented Palo Alto firewall interface, Palo Alto IDS and VLAN.
• Configured high availability, User ID and App ID on Palo Alto firewall.
• Migration from Cisco ASA to Palo Alto firewall.
• Worked on Palo Alto firewalls (50+ firewalls Pairs) PA-2050, PA-3050, PA-5020, PA-5050, PA-5060 series.
• Working as Cloud Administrator on Confidential Azure, involved in configuring virtual machines, storage accounts, resource groups, Load Balancer, Application-gateway, NSG’s
• Designed Network Security Groups (NSGs) to control inbound and outbound access to network interfaces (NICs), VMs and subnets.
• Worked on F5 BIG-IP Application Security Manager (ASM) web application firewall ( WAF), deployed in more data centers enterprise WAF with advanced firewall capabilities.
• Worked with Host Master for shared web hosting and managed Web Application firewall ( WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark.
• Configured & Installed Cisco WSA for Redirections And HTTP, HTTPS Proxy Settings.
• U sed the Cisco WSA Web Security Appliance for malware protection and threat detection reporting.
• C onfiguring and managing Cisco Web Security Appliance (WSA) in an enterprise environment.
• Performed configuration, deployment and support of cloud services including Amazon Web Services (AWS) and deploy monitoring, metrics, and logging systems on AWS
• AWS data backup (snapshot, AMI creation) techniques, along with data-at-rest security within AWS.
• Implementing Python scripts for pre and post checks and in configuring the devices involved in the events.
• Designed and implemented a secure instant messaging system in Python providing interface state changes on the devices to support team
• Worked on development of Python Enabled Test Framework.
• Configured IPS policies on the checkpoint, cisco firepower management center.
• Deployed Cisco ISE on Nexus 5000/7000 routers, Cisco switches, and Cisco ASA and Firepower firewalls.
• Involved in deployment of Cisco ISE and Firepower as well as, created/modified necessary profiles that allowed authorized devices on the network.
• Perform Onsite and Offline Predictive Wireless Site Survey's with Cisco Prime and AirMagnet.
• Maintained and update Cisco Firepower Management Center and supported Firepower modules (SFR sensors).
• Deployed Firepower Management Center (FMC) 4500 in HA pair mode for managing and configuring the new generation FTD Firewalls devices and policies for security of network.
• Expertise with 802.11x wireless technology.
• Designed Network Security Groups (NSGs) to control inbound and outbound access to network interfaces (NICs), VMs and subnets.
• Monitoring Cisco ASR9K series aggregation services router which are running with Cisco IOS XR Version 4.3
• Responsible for configuring, upgrading and verifying the NX-OS and IOS XR.
• Performed IOS upgrades on various catalyst series switches and maintained latest IOS versions according to company's policy.
• Responsible for Check Point Firewall support and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Responsible for managing partnership with number of security vendor such Cisco, F5 load balancer and web application firewall, FortiGate, FireEye, Bluecoat, Symantec, Splunk Enterprise.
• Managed firewall using fortigate to allow or block IPs, created policies added different interfaces and VLANs.
• Administering multiple firewalls, in a managed distributed environment and monitoring the network traffic with the help of monitoring tools (Zabbix, Net ranger, LibreNMS, Path Viewer)
• Cleaning Up unwanted/broad access rules and remediating that with more granular rules/access.
• SSL offloading on F5 LTM’s, worked on both the server ssl profiles and client ssl profiles.
• Assisted in the designing, implementation and configuring new objects for existing and new applications on F5 LTM and GTM guests.
• Configuring and managing F5 ASM (Application security manager). Develop security policies.
• Installing the F5 TMOS upgrades and Hot-fix installations depending on Business need.
• Configuring and Troubleshooting Route Redistribution between static, RIP, EIGRP OSPF & BGP protocols.
• Application migrations from ACE to F5 and working on content switching irules.
• Configuring & managing Security Devices that includes Juniper (NetScreen) Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Plug Proxies.
• Responsible for installation and maintaining Cisco ASA firewalls, Riverbed WAN accelerators, Blue Coat proxies, and Linux/Bind DNS servers.
• Worked with other network engineers to deploy the Cisco ACI fabric.
• Extending end-user segmentation into the Datacenter by leveraging Cisco ACI and Cisco ISE integration.
• Worked on Cisco ACI, provisioning Leaf's and Spine switches using Nexus 9K, Configuration through APIC.
• Expert with Tenants, VRF, Bridge Domains, subnets, APP Profiles, EPG, Contracts, Access group policies on Cisco ACI for various segmentation purposes.
• Performed automation operations using VMware NSX and Python scripting.
• Worked on multi-vendor load balancers including F5 Big IP LTM, Cisco ACE and VMware NSX between multiple centers.
• Large Data Center move with Cisco SDN ACI as new fabric and OTV as DCI between other DCs
• Applied ACLs for internet access to the servers using Cisco 5520 ASA firewall and performed NAT.
• Worked in support of network build outs and network transport equipment installs at various nodes.
• Troubleshoot TCP/IP, connectivity issues in multi-protocol Ethernet and outages on trunks and router interfaces comprehensively.
• OSPF to BGP Migrations for existing HUB and spoke infrastructure globally.
• Support new Data-Center builds - building configurations for new network gears (nexus 9K, nexus 3K, Arista 7050, Juniper MX80/104, VPCs), handled OSPF/BGP routing protocols and scheduling a maintenance window to bring the new site into production.
• Assisted in planning and design of VeloCloud Confidential Deployment.
• Worked on Meraki wireless, security and Confidential deployment and administration
• Upgrade network gears for various eBay’s offices and datacenter’s by performing successful migrations of existing access, distribution, core and Wan routers (ASR9k and ASR1k)with minimal to no downtime
• Deployed Azure IaaS virtual machines (VMs) and cloud services (PaaS role instances) into secure VNETs and subnets.
• Created monitoring template using custom MIBs in Solarwind.
• Involvement in configuring solarwind tools for regular activities as well for proactive monitoring of specific routers to record behavioral statistics.
• Installed and configured Citrix access gateway and configured Citrix NetScaler ADC for load balancing and assigned virtual server IP (VIP) address to virtual servers.
• W orked with multi-vendor load balancers like Citrix NetScaler and F5.
• Backup and restore of Cisco ASA firewall policies.
• Expertise in handling Cisco ASA firewall through CLi.
• Design, Implementation and support of Cisco Light Weight wireless solution, configuration of Cisco 4400, 5508, 8540 WLC's.
• Implementation of Cisco 3802, 2802, 3702, 3602, 2600, 1550, 1242 and 1131 Light Weight AP's.
• Wireless Configuration, Management and Support with Cisco WCS and Prime Infrastructure.

Confidential, Rockville, MD

Network Security Engineer

Responsibilities:

• Implemented, Configured and troubleshooting security policies using Checkpoint R75, Provider-1, and Palo Alto firewalls.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Configured and managed policies on Palo Alto firewalls using Panorama GUI.
• Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided support.
• Creating VDOMs and ADOMs based on the network infrastructure and configuring the Security Policies for Forti-gate appliances,
• Creating Security policies and rules in Fortinet firewalls used as egress filtering firewall in the enterprise network environment.
• Deployed, configured and implemented Imperva SecureSphere WAF and DAM, WebInspect, Appscan, OWASP for Web-based application vulnerability analysis and code review process.
• Operational migration support on Cisco ACI.
• Wireless 802.11.x Remote Office Deployment.
• Supported cisco Firepower services, helping customers with training needs as well as implementing and tuning IPS signatures.
• Implemented Firewall Security in compliance with PCI on Cisco ASA,FWSM, Palo Alto and Fortigate
• Deployed Cisco WSA proxies and installed base policies using WCCP in multi-context ASA firewall environment
• Maintained Cisco FirePower and adjusted filtering rules as need by individual business units.
• Install, configure, manage, and troubleshoot Cisco FirePower IPS appliances and Defense Center.
• Upgraded wireless controllers (8540 to latest code 8.2.130.0).
• Reviewed and redesign wireless for more than 100 remote offices .
• Tested and deployed Cisco 3802's and 2802's LWAP's at remote offices .
• Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Responsible for administering IronPort WSA, Bluecoat proxy servers, F5 Load Balancers.
• Worked on Security devices like web proxy WSA, Riverbed, CITRIX application load balancer and Checkpoint
• Worked on Amazon Web Services (AWS) provisioning and good knowledge of AWS services like EC2, S3, AMI, ELB (Load Balancers)
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path and Worked with Cisco IOS, NX-IOS, IOS-XR.
• Worked on NXOS, IOS, and IOS-XR BXB to N7K-NXOS (MPLS) system test.
• Configured the Cisco IOS XR security features in both owner SDR and non-owner SDRs.
• Configured legacy route map configurations using the new Cisco IOS XR Routing Protocol Language (RPL)
• Implemented Campus LAN with 6500 Platform on Core/Distribution/Access /Perimeter model on 10G backbone
• Modified internal infrastructure by adding switches to support server farms and added servers to existing pools in F5 LTM’s.
• Worked on physical and virtual networks to provide functionality on additional layers on VMware NSX.
• Integrated and evaluated Cisco ACI, VMware NSX, and Arista CVX SDN solutions.
• Participated in planning and implementation of Confidential and Confidential solutions in direct support of targeted objectives.
• Updated jobs by integrating the Python Scripts as windows batch command in Jenkins Server.
• Implemented a secure instant messaging system in Python providing interface state changes on the devices to support team
• Using advanced troubleshooting features such as TCPDUMP, FW Monitor, Packet Capture sniffing and export them using CLI and Wireshark as well as debug on the appliances for network connectivity issues
• Configure and support IPsec based Site to Site VPN and remote access and troubleshoot Phase 1 and Phase 2.
• DMZ environments to support new and existing application platforms.
• Monitored WAN and LAN for circuit outages, network component failure, and user-reported network issues as well as network components such as routers, switches, and firewalls via the Network Management System ( Solarwind)
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Used the data from Cisco ISE to trace out security violations in events of ransomware attacks.
• Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Worked with identity and access management team to manage access to the applications with unified access management using RSA Secure ID.
• Co-ordinate with the Data Network and Security team and come up with possible solutions.
• Configuring and install hardware and software required to conduct network penetration testing.

Environment: Checkpoint NGX R75, Provider -1, SPLAT, Juniper SRX 5800, SRX 3400, SRX 1400, NAT, ASA 5540, Fortinet 500D, Site-Site VPN, DNS, TCP/IP, TCPDUMP, Snoop

Confidential, Redmond, WA

Network Security Engineer

Responsibilities:

• Implemented the Core switch cut over project from Cisco 6509 to Nexus 7004 devices.
• Configured VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7k/5k devices
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Established BGP peering between onsite datacenter in Albany and AWS cloud.
• Worked with Cisco advance services to implement data center Nexus environment for new Upgraded datacenter for the NX-OS in 7004 in core layer, 6880 in aggregation layer and cisco 6800 in access layer.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Providing Technical Support and solutions for Network Problems and resolve tickets across sites and corporate offices.
• Responsible in troubleshooting on Cisco ISE added new devices on network-based policies on ISE.
• Involved in periodic IOS upgrades, troubleshooting network outages and high severity incidents.
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall.
• Creating or Modifying Firewall rules on Cisco 5555, 5520, Juniper SRX and Palo alto VM-300 devices.
• Upgrading the IOS on Network Devices including cisco 6800, 6500 and Palo Alto VM-300 devices
• Experience in working in panorama, palo alto user interface version 8.0.2 and VM-300 series firewalls.
• Creating templates in panorama to manage the individual devices from it.
• Configuring HA pair for two Palo VM-300 series AWS instance firewalls and testing the failover activity as well as ENI migration.
• U understanding of network security concepts and systems including F5, WSA, Palo Alto, ASA
• Exposure to design and implementation experience primarily on Cisco WSA proxy.
• Creating Network objects, dynamic address groups, FQDN and assigning it to rules based on the information in tickets
• Creating custom URL profile based on the expressions and assigning it to rule to perform URL filtering.
• Configuring network interfaces, static routes, NAT rules in panorama and thereafter pushing to individual palo alto devices.
• Performing the software upgrade from version 7 to 8.0.2 on panorama and VM-300 series palo alto firewalls.
• Configuration included VLANs & VTP, STP port features, Gateway redundancy using HSRP, enterprise security using Cisco Port Security and Dot1X framework.
• Configuration included deploying of new branch locations or new network devices in the existing infrastructure. Like, 4500-X in VSS mode and 3850 switches for distribution and POE-user switches
• Troubleshooting the Network failure issues and thereby making the changes to Network Infrastructure.
• Worked on maintenance and upgraded Cisco wireless WLC, LWAPP APs
• Troubleshoot issues with Wireless Access points (Cisco 3502) and configure SSID’s on 5520 Wireless LAN Controllers.
• Configuring Node, pool, VIP, SSL client, server profile in F5 LTM 4000 series Bigip and thereby adding firewall rule to bring the end servers live
• Troubleshooting when the servers are down, checking logs the identify the error and thereby taking necessary steps.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long-term planning, implementation, project management and operations support as required.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960/6500 switches and Cisco 3640/12000/7200/ 3845 /3600 / 2800 routers, Cisco Nexus 7K/5K, Cisco ASA 500, F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, ASM, APM.

Confidential

Network Support Engineer

Responsibilities:

• Implementing security policies in Checkpoint firewall NGX R60/R65 and troubleshooting any access issues.
• Participated in migration of Cisco PIX 535E firewall to Cisco ASA 5540 firewall.
• Performing content filtering, URL filtering by using Bluecoat proxies.
• Configuring MPLS, VPN (IPSEC, GRE) in VPN concentrators and QOS in integrated networks (Data, Voice, and Video).
• Composite Networks. Configuring IPS, IDS, VLAN, STP, Port security, SPAN, Ether channel, OSPF in Cisco
• Configured routers and troubleshot issues related to broadband technologies for Residential and Business Customers.
• Configured & Maintained Cisco 2600, 2800, 3200 series routers including IOS upgrades.
• Prompt technical support to customers on routers and switches.
• Remote management of large networks.