SUMMARY

• Highly motivated with the ability to work independently or as an integral part of a team and committed to highest levels of professional e xperience in Networking and Security domain which includes designing, Deployment and providing network support, installation, operation and monitoring over a broad range of LAN / WAN Environment.
• Experience working in large - scale environments on high priority troubleshooting issues, several Proof of concepts for installations and Migrations to different vendor Equipment or implementing a new technology. Network Design, IDF and MDF architecture, Datacenter Architecture and support roles, IOS upgrades, downtime procedures, Migration projects to different vendor equipment.
• Worked on Palo Alto Firewall M-220 and M-500 devices. Managed 13 Firewalls through Panorama.
• Updated Palo Alto Firewalls (at local and global level) from 7.1.14 to 8.1.10 and in second wave to 9.0.7 version.
• Performed plant segmentation for corporate and plant (industry) networks and implemented Firewall templates and tuned it further for maximum security and optimization of resources.
• Configured VPN IPSEC tunnels migrations with vendors from Cisco ASA/Checkpoint platforms into Palo Alto networks through required natting and object/application group creations.
• Experience working in complex environments which includes Layer 2 Switching, L3 routing, Network with perimeter and VPN firewalls, Load balancing and Access policies management in F5/NetScaler. Experience with Aruba Wireless LAN Controllers.
• Experience in installing, configuring, and maintaining Cisco Switches (2960, 3500, 3750, 3850, 4500, and 6500) in enterprise Environment and Nexus 2k, 3k, 5k, 7k and 9k in Data Center Environment.
• Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series).
• Worked with Juniper infrastructure like SDN and Contrail cloud and monitoring tools for added security.
• Experience in VSS, VPC, and VDC technologies. Experience working on Gateway redundant protocols HSRP, VRRP, and GLBP. Experience with Access, Distribution and Core Layer Architecture in Datacenter. Experience in Spine Leaf Architecture.
• Handled and configured PBX servers and managed its technical implementation for communication over wireless telephones/radio infrastructure.
• Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800, ASR 9k).
• Expertise in installing, configuring and troubleshooting Juniper Routers (E, J, M, and T-series).
• Experience with cisco ACI and Arista Cloud Vision on a POC. Knowledge on Spine leaf Architecture in Data center. Worked on EVPN, VXLAN, VTEPS, Bridge Domains, MP-BGP etc.
• Experience and high-level technical knowledge in OSPF, EIGRP, RIP and BGP routing protocols. L1/L2 troubleshooting skills in Routing in complex environments. Worked with MPLS over BGP. Worked on upgrading Edge routers, failing over ISP circuits for maintenance.
• Experience working as FCAPs manager in banking network administration.
• Worked as Project manager following the 5C’s of people management creating, comprehending, communicating, collaborating and confronting in the healthiest way possible.
• Virtualized and migrated 60+ legacy v10 appliances with over 5000 VIPs and 12000 pools t0 F5 TMOS v11 vCMP across 2 global data centers, including substantial iRules updates to support the new architecture. Basic Experience in Automation using iControl and Python v3 for configuration and backups in f5.
• Managed the firewalls, proxy servers, site to site and B2B VPNs, client SSL and IPsec VPN gateways for 50 networks with 9000+ users and hundreds of public web apps.
• Experience using relevant tools to triage, debug, and resolve problems (Snooper, Wireshark, Fiddler, Skype CLS logs, etc.)
• Ability to work with vendors to investigate issues, troubleshoot, and triage bugs.
• Managed all web content functions for a 10 node, 300 VIP LTM environment, including SSL offload, URL/URI redirection, Application Security, and Authentication Policy
• Experienced in network and applications diagnostic and reporting tools such as Wireshark, TCPDump, SSLDump, firewall session logs, Splunk, etc.
• Developed and implemented security policy around the Cisco ACS (Authentication Control System), with RADIUS and TACACS authentication support against an Active Directory database, including device management, wireless and VPN applications.
• Worked on APM module with integration with RADIUS server and RSA secure ID for applications that require 2-factor authentications.
• Experience in configuring, implementing and troubleshooting F5 and Citrix Load Balancer in a large environment with sensitive applications.
• Configured F5 LTM, series 5000 series for the corporate applications and high availability. Implemented LTM and GTM in DMZ and Internal network. Worked on software versions up to 12.1.2. Proficient and high-level expertise using the F5 based profiles, monitors, VIP’s, pools, SNAT, SSL offload, iRules, virtual Servers, iAPPs. Migration experience from ACE to F5/ old F5 to New F5.
• Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Extensive Knowledge of the implementation of Cisco ASA 5500 series - 5505, 5510, 5512-X firewalls with Firepower module. Palo Alto firewall policies, panorama and Checkpoint firewalls NG, NGX. Experience with convert Checkpoint VPN rules over to the Cisco ASA solution.
• Worked on Vmware to move ESX hosts, also re-ipped them .Added into BlueCat catalogs.
• Expert in ServiceNow to create and maintain records of Tasks/Incidents/Changes.
• Experience with McAfee Web Gateways and Bluecoat Proxies for the internet traffic. Expert in IPS sensors in DMZ and inside network and device level proxy configuration for Internet traffic. Experience in WCCP.
• Experience working with Aruba and Cisco Wireless LAN controllers, Configuring and Provisioning AP’s, Virtual AP’s, RTLS, Wireless SSID’s, remote and campus AP’s, upgrading WLC, worked in Active/Active local Controllers and Master controller. Worked on RAP3 for remote access.
• Used Aruba Clearpass for policy management for all the devices in the cloud and datacenter environment.
• Configured and installed Aruba 7k series Controllers for SDN and security services.
• Created Aruba Access Points (AP) for wireless deployment plus security functionality in central and remote locations under industrial networks.
• Deployed Aruba Clearpass in conjunction with firewall for access management at the department level and also at individual device level for greater granular security. vS upport Quality Inspections and Operational Test (OT) events related to the 2GWLAN Aruba Networks Controllers, and Access Points. (Aruba 6000 controller, Aruba AP65,70,124,85,125) system.
• Developed and worked on QRadar monitoring platform, maintaining current QRadar installation and user interface.
• Expertise in SIEM tools like Splunk for logging and threat analysis along with Tenable suite for vulnerability management.
• Experience in working with creation of Access lists (ACL) & Network Address.
• Fi analytics from various vendors (Cisco Meraki, HPE /Aruba, D-Link and Netgear) .
• Managing and configuring Aruba Wireless devices and Cisco Access Points.
• Set up Microsoft Azure virtual appliances to meet security requirements over software based fuctions like firewalls.
• Acquainted with AWS cloud services and their deployment.
• Extensive experience with working on VMware, Vcenter and Vsphere to manage servers Virtually.
• Experience with WAN connectivity, MPLS circuits, leased Lines, Metro Ethernet, Site to Site IPSec tunnels, ISP circuits, Customer Edge configurations. Experience with SD-WAN solutions that include Viptella and Versa.
• Knowledge and operational experience with SDN, Cisco ACI, VXLAN, VTEPS, VNI, Bridge Domain, Arista Cloud Vision, EVPN, MP-BGP, Spine and Leaf Architecture.
• Knowledge of Cisco Meraki Cloud managed Switches (MS250, MS350, MS410) and SD-WAN (MX 65, MX100, MX400).
• Experience in NSM (Network Security Manager) and Pulse Secure to analyz e Firewall.

TECHNICAL SKILLS

Networking Technologies: LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP

Networking Hardware: Cisco Switches, Cisco Routers,ASA/Pix/PaloAlto/CheckPoint/Juniper firewalls.PBX switchboards

Routing Protocols: OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting

Security Technologies: PAP, CHAP, Cisco PIX, Blue Coat, Palo Alto, ASA, Fortinet, Checkpoint

Network Monitoring: Wireshark, QRadar, SPlunk,Tenable Nessus,TCPReplay,WildFire

Operating Systems: Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS-XE, NX-OS

Routers: 1800, 2611, 2800, 3600, 3845, 3900,4300, 4400, 4500, ASR 1000X, 7206VXR, Juniper M & T Series.

Load Balancers: F5 Networks (BIG-IP), Netscaler (Citrix)

Capacity & performance: Cascade Riverbed (Flow Monitor), WAN Killer

Switches: CISCO 2960,3750,3850, CAT 9300, CAT9400, CAT 9500,4500,6500,6800 Nexus 7k,5k,2k

Programming Languages: C, C++, Java, Power Shell, Python

Simulation Tools: GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence,Packet Tracer

Firewalls: Palo Alto firewalls, Juniper Net Screen (500/5200), Juniper SRX (650/3600), Pix (525/535), ASA (5520/5550/5580 ),Checkpoint,.

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Wireless: Cisco Meraki wireless Access points (MR66, MR74, MR84), Aruba Access points 200, 207,300,320, Wireless controllers 7280, 7240, Cisco Wireless controller 5508 and Cisco Aironet 3700 series.Juniper Contrail

Features & Services: IOS and Features, HSRP, GLBP, VRRP, IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVR’s, HLD and LLD documents, Dell equal logics

PROFESSIONAL EXPERIENCE

Confidential, Naperville, IL

Firewall Support Engineer

Responsibilities:

• Configured Palo Alto firewalls for plant sites of NALCO and migrate them from old legacy firewalls.
• Create Firewall Policy Templates from scratch and apply to each plant.
• Create Nat policies after re-ipping ESX hosts and VMware backups.
• Monitored traffic continuously and tuned rules as needed to ensure security.
• Work with GNS team for this cybersecurity project. Primary goal being security to plant sites.
• Write rules to and from DMZ, PlantPrimary, Jump Server and Enterprise zones.
• Upgraded plant firewalls and internet edge firewalls from 7.1.14 to 8.1.2 in first wave ; upgraded to 9.1.10 in second wave.
• Decommissioned unused VPN tunnels with legacy infrastructure .
• Implemented IPSEC and GRE tunnels using metrics discussed with vendors. Integrate with Panorama.
• Create static routes, security and NAT policies for the VPN traffic to be allowed.
• Implemented ACI over Neutanics 2003 machines and manage them using Cisco FTD and ISE.
• Integrated TACACs with FMC instead of default AD for enhanced security.
• Maintain security through Cisco Firepower. Ensure access through TACACs.
• Performed basic network operations functions such as monitoring information on all sites and back haul, identifying deterioration of components and dispatching / assisting field personnel with repairs.
• Responded to network alarm with the primary focus to discover and resolve customer-impacting issues before customers recognize impact to their services .

Confidential, Denver, CO

Sr Network Engineer

Responsibilities:

• Configuration and Administration of Cisco and Juniper Routers, Switches and mixed vendor Firewalls.
• Performed Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Configuration, Assigning DHCP profiles.
• Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
• Identify, triage, debug and report defects across various environments and alert team members of such defects .
• Responsible for initial triage, escalation, and resolution of network troubles. Actively and consistently support all efforts to simplify and enhance the customer experience.
• Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices also configure 2k, 3k, 7k series Routers
• Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018
• Experience with configuring FCOE using Cisco nexus 5548
• Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
• Installation and Configuration of Cisco Catalyst switches 6500, 3850 & 2960, 9300 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy it also includes the configuration of port channel between core switches and server distribution switches
• Migrated to Juniper EX series switches from Cisco 3500 series and 6500 series switches
• Experience with moving data center from one location to another location, from 6500 based data centers to Nexus based data center.
• Switching tasks include VTP, ISL/ 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trucking, Port Security, STP and RSTP.
• Worked with HP switches, Extra hop, F5 Load Balancer.
• Implement changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineer’s instructions and troubleshooting any related issues.
• Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
• Experience with setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer.
• Used Cisco Firepower for security and better traffic management over ASA traffic .
• Used Firepower to migrate from Cisco ASA to Palo Alto firewall.
• Used Firepower for improved security by establishing 2 way SSL encrypted communication channels amongst devices.
• Worked as project manage r ; in charge of scheduling, communicating and allotting tasks while making sure deadlines are met with optimal asset management .
• Experience with configuring Cisco 6500, 6800, 4500 VSS in Distribution layer of the Data center network.
• Created Server-less Architecture for on-premise Application Migration to AWS cloud.
• Configuring and managing F5 LTM (Local Traffic manager) in large scale environment.
• Configure and troubleshoot Juniper EX/SRX series switches.
• Network security including NAT/PAT, ACL, and ASA/SRX/Palo Alto/Fortinet Firewalls.
• Good knowledge with the technologies Site to Site VPN, DMVPN, SSL VPN, WLAN and Multicast.
• Well Experienced in configuring protocols HSRP, GLBP, PPP, PAP, CHAP, and SNMP.
• Work with Load Balancing team to build connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers
• Install, manage and monitored Large scale Palo Alto Firewalls through Panorama.
• Experience with communicating with different customers, IT teams in gathering the details for the project
• Experience in installing and configuring DNS, DHCP servers.
• Convert WAN links from TDM circuits to MPLS and to convert encryption from IP Sec/GRE to Get VPN.
• Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Adding and removing checkpoint firewall policies based on the requirements of various project requirements.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience
• Worked on Python scripting for generation the firewall security policy through web visualization tool in checkpoint firewall.
• Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2960, 3500, 7600, 3750, 3850 series, 6500 series) Cisco Routers (4800, ASR 9K, 800), Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls, Zscaler Proxy and Versa SD-WAN appliances.
• Conducted a POC on Versa and Viptella SD-WAN solution as a team and worked on evaluating the solutions.
• Configured SDWAN router Viptela to connect remote sites over the Internet.
• Experience in administrating Viptela SDWAN enterprise deployment and implementations of Network and Devices for SDWAN environment.
• Performing network monitoring, analysis using various tools like Wireshark, & QRadar with Wildfire tool helped for tracking root cause problems.
• Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports.
• Used Extrahop for the detection of any abnormalities in the network, tracking file access in databases and storage for data security, and locate bottlenecks over the network
• Strong hands on experience on, ASA Firewalls, Palo Alto Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Implemented Zone Based Firewalls and Security Rules on the Palo Alto Firewall. Exposure to wildfire feature of Palo Alto. Supported Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Worked with the Python 2 & 3 version .
• Enabled virtualization to network through Juniper SDN product like Contrail for cloud management and application monitoring.
• Dealt with Aruba wireless access points 200,300 series supporting 802.11 ac.
• Setting Aruba Access to link distribution switch system and then to WLAN controller.
• Installed and configured Meraki (MX80, MX60) Appliance via Meraki MX400 Cloud.
• Installed and configured Cisco Meraki (MR66, MR74, MR84) wireless Access points in the warehouses.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, prevention where needed.

Environment: Cisco ASA Firewalls, F5 ADC, Cisco 3900,4300,4400,4500 Routers, Cisco Catalyst switches 6500, 3750, 3550, 2960,4500,6500,6800,9300,9400 Switches, Juniper SSG-140, Palo Alto Wildfire, Juniper EX series switches, Nexus 9k, 7k, 5k, ASR 9k, ASR 1k, Nexus 2000 FEX, Juniper SRX, Routing Protocols: BGP, OSPF, AAA (TACACS+ & RADIUS), TCL Scripting, ACL Configuration.