- 7 plus years of professional experience as a Network & Security Engineer, including hands - on experience in providing network design, deployment, support, installation and analysis.
- Experience in providing a wide range Network Infrastructure and Security Solutions for LAN / WAN, Enterprise and Data Center Environments.
- Experience Working on equipment from multiple vendors such as Cisco, Juniper, F5, Palo Alto.
- Expertise in working with Cisco Nexus 7k, 5k, 2k, Cisco Catalyst 6500’s, 4500’s & VPC, VDC, VRF configuration.
- Expertise in installing, configuring and troubleshooting Juniper EX Switches & Mx Routers.
- Experience working with Cisco IOS, IOS-XR, NX-OS, JunOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, BGP v4, MPLS.
- Intensive applications of Network automation tools and testing for network automation and configuration management using Ansible, Python scripting.
- Knowledge of implementing and troubleshooting, complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
- Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for Cisco ASA, Palo Alto and Checkpoint.
- Experience with design and deployment of MPLS Layer 3 VPN, MPLS Traffic Engineering, and MPLS QOS.
- Worked with team to implement NAC solution on Aruba wireless and LAN.
- Worked on F5 Load Balancers Configuring Irules, Profiles, Nats/Snats, And Load Balancing.
- Install, Configure, Deploy and Maintain Firewalls (Palo Alto, Cisco ASA), Cisco Routers and Switches, Citrix SD-WAN, autonomous Cisco WAPs and Meraki Networks
- Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTMs and GTMs. Experienced in working on Cloud Computing Virtualization using VMware NSX and Windows Hyper-V.
- Expertise in configuring and troubleshooting of Palo Alto, Juniper NetScreen & SRX Firewalls and their implementation
- Strong hands on experience on PIX (506, 515, 525, 535), ASA (5505/5510) Firewalls.
- Having experience in Migration from Cisco ASA's to Fortinet’ s Fortigate firewalls.
- Provided 24x7 availability and on-call support as required by the project.
Cisco Platforms: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1900,1800 series) & Cisco Catalyst switches (6500, 4900, 3850, 3750, 3500, 4500, 2900 series), CSR/ASR, IOS-XR
Juniper Platforms: MX960, MX480, MX240, MX104, MX80 routers, QFX5100, QFX3500, EX4300, EX4200, EX2200 Switches, SRX1500, SRX550, SRX240, SRX210, SRX100 Firewalls.
Management tools: SNMP, Syslog, Sniffer, and Wireshark.
Routing Protocols: BGP, OSPF, EIGRP, IGRP, RIP, Routed Protocol TCP/IP, Multicast, HSRP, VRRP, GLBP.
LAN Protocols: VLAN, VTP, Inter-vlan routing, ISL, dot1q, STP, RSTP, PVST, HSRP, GLBP, Ethernet, Port security.
WAN Technology: MPLS, MPLS VPNs, LDP, L3VPN
Network Management: SNMP v2, Cisco Works, Network Analyzer, MRTG, Solar winds, TACACS, Net flow, Riverbed, Nagios, Datadog and Sumologic.
Network Security: Firewalls, Palo Alto Firewalls, ASA, ACI, IPsec, IPS/IDS, & VPN, Juniper SRX, Juniper VSRX, ACE Module and F5 Load Balancers
Application Protocols: DHCP, DNS, IPV6, FTP, TFTP.
Documentation: Microsoft Office
Design Tools: HP NA, MS Visio
Programming: Python, Shell Scripting, Ansible
Operating Systems: Cisco CATOS, IOS, IOS-XR, NX-OS, JUNOS, MS Windows 2007/08, Windows Vista, Windows 8, Windows 10.
Confidential, Fort Lauderdale, FL
Network Security Engineer
- Designed and implement security strategies with Cisco and Palo Alto firewalls.
- Managed firewalls using Palo Alto's Panorama Central Management Software and Upgrade PAN-OS from 6.1 to 7.0 in Palo Alto firewalls.
- Used tools including Tufin and Splunk to monitor firewall traffic and troubleshoot network access.
- Configuration, implementation, and problem determination across the major firewall platforms and understanding each customer environment at a detailed level.
- Implement URL filtering on Palo Alto Firewall and control access to restricted sites.
- Configuring and troubleshoot Global protect SSL VPN for Work from Home Users on Palo Alto.
- Configuring Security Policies for Access control, inter zone connectivity, External Access on Palo Alto Firewall.
- Operated and maintained the Aruba ClearPass Policy Server and the Aruba AirWave Wireless Intrusion Detection System.
- Managed and completed over 100 projects installing/upgrading client's wireless infrastructure to Aruba and Supported wireless networking team working on Aruba wireless.
- Additional tasks include assisting with the day to day operations and management of other network devices such as Cisco ISE, Palo Alto firewalls and Panorama.
- Strong hands on experience on Palo Alto Firewalls, ASA Firewalls and implemented Security Policies using Panorama, ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
- Day to Day activities include Incident Resolution and Service Request for creating new WIP and VIP are on the F5 LTM/GTM.
- Upgrade projects across F5 Upgrade of Big-IP from 11.6 to 13.0
- Troubleshoot issues related to Application slowness by Analyzing nodes, Health monitors, and Server pools.
- Configuration and troubleshooting of Issues related to VIP’s, Server pools, Redundancy, Persistence, and SSL offloading to improve application performance.
- Configure NAT polices on Palo firewalls as per requirements.
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
- Worked on Panorama firewall management tool to administer Palo Alto 5050, & 5250 device groups.
- Configured GCP Virtual Private Cloud (VPC) network services and deployed via CI/CD using concourse.
- Experience in creating dashboards in Stackdriver and can setup alerting and create custom metrics using google API developer tools.
- Configured AWS and GCP application logs in Sumologic and datadog for events.
- In depth Knowledge of AWS cloud service like Compute, Network, Storage and Identity & access management.
- Hands-on Experience in configuration of Network architecture on AWS with VPC, Subnets, Internet gateway, NAT, Route table.
Confidential, Moline, IL
- Assisted with the configuration, installation and maintenance of network equipment such as routers, switches, firewalls, and wireless access points.
- Configuring OSPF and Static routing on Juniper M and MX series Routers in data center environment.
- Converting networks with multiple routing protocols IGRP, EIGRP into a single OSPF domain, thus providing for future network scalability.
- Worked on configuring and troubleshooting juniper SRX firewalls.
- Configuring Layer 2 switching protocols and deployment of Juniper EX sand QFX series switches in data center environment.
- Performed configuration verification and cleanup for LAN/WAN environments to achieve standardizations and good practices.
- Configured and troubleshoot Infoblox DNS and DHCP servers.
- Management of Infoblox Grid Manager to manage DNS Forward and Revers Lookup Zones.
- Monitored and Created traffic Pattern on Arista 7250 switches using Open flow.
- Worked to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall.
- Troubleshooting issues with application access, network access across the firewall.
- Experience on Virtual Private Network (VPN) for operating Network and Data Center.
- Deploy Azure IaaS VMs and Cloud services PaaS with high availability by designing availability sets, VMSS.
- Configured the Okta MFA VPN portals on Palo Alto Firewall by using various server Profiles like SAML, RADIUS, TACACS+, LDAP authentication.
- Configuring Syslog, flow setting, radius, TACACS and SNMP for Juniper, Aruba and Palo Alto devices.
- Troubleshooting network performance deeply through packet capture analysis by using Riverbed NetSharks and application performance through Riverbed Net profiler.
- Monitored system capacity to determine its effect on performance and recommend enhancements to meet new or changing network demands through Nagios tool.
Confidential, Baltimore, MD
Network Security Engineer
- Primary responsibility is to design, Test and deploy various Network Infrastructure and Network Security
- Products in High Availability Configuration from Vendors such Cisco, Juniper, and Palo Alto.
- Migration of Cisco Catalyst, IOS Platforms to Cisco Nexus, Juniper Platform Conversion on Core, distribution
- Experience with Aruba Wireless Controllers, Access Points.
- Implement Aruba Wireless infrastructure using Aruba controllers & Access Points and Configured Aruba access points troubleshoot connectivity issues with Aruba access points.
- Worked on Configuration of VLAN, VRF, VX-LAN, VTEP, VPC, on Nexus devices.
- Configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4.
- Experience in configuration and troubleshooting MPLS, L2VPN, L3VPN tunnels.
- Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
- Performing troubleshooting on slow network connectivity issues, routing issues that involves OSPF, BGP and identifying the Root Cause Analysis of the issues.
- Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
- Deploying and decommissioning of Cisco Routers, Cisco switches and their respective software upgrades.
- Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
- Hands on Experience working on NextGen Firewalls such as Cisco ASA with Firepower (5585) and Palo Alto (5050).
- Cisco Firesight management tool to manage Cisco ASA with firepower, (Sourcefire) appliances
- Perform firewall administration adding, updating and troubleshooting as per requirement rules/policies on Palo Alto 5050 & Cisco ASA 5555, 5585.
- Configure Security Profiles on Palo Alto / ASA for URL filtering, Anti-Virus, Anti-Spyware, Vulnerability Protection, Threat Prevention, File Blocking.
- Configure Clientless/AnyConnect SSL VPN on Cisco ASA for Work from Home Users
- Configuration and Troubleshooting of IPSEC VPN tunnel On Palo Alto/ Cisco ASA and Cisco ASA as peer.
- Implement DMZ for multiple clients of the state on the Palo Alto/ ASA firewall.
- Analyze of firewall logs, Provide administrational and Monitoring Support, Dynamic Updates for Palo Alto 5050 Firewall & Cisco ASA 5555, 5585.
- Responsible for Migration from Legacy Cisco ASA firewall to Palo Alto firewall.
- Experience with Splunk Security Infrastructure and Event Management. (SIEM). Correlate, review, rank, and coordinate work efforts for sites to follow up on high-priority events.
- Work with Level 2 / Level 3 Engineering on software bugs and solutions involving software upgrades and feature enhancements.
Confidential, Thousand oaks, CA
- Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document.
- Configured Cisco ASA 5510 for VPN Network Access Control integration with Cisco ISE (Inline PEPs).
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
- Provided connectivity to On-premise devices to Azure VNET by using Azure VPN, Express Routes and Virtual Network peering.
- Worked on F5 LTMs & GTMs to improve web application delivery speed and replication through and between distributed global data centers.
- Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates
- Worked on wild fire advanced malware detection using IPS feature of Palo Alto.
- Provided comprehensive guest access management for Cisco ISE administrators, sanctioned sponsor administrators using BYOD & Guest Management Portal Configuration.
- Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
- Managing health check of Network devices this is involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration
- Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
- Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
- Involved in the redistribution into OSPF on the core ASA firewall.
- Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
- Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.