SUMMARY

• Experience with legacy and latest switching technologies in Campus and Data Center environments. Worked on Cisco, Juniper and Aruba/HP gear in campus environments. Worked on Cisco, Arista, Dell, Cumulus, Juniper gear in Data Center environment.
• Experience with Interior and Exterior routing protocols that includes RIP, OSPF, EIGRP, IS - IS and BGP. Worked on Cisco, Juniper and Arista routers.
• Experience in Network Security that includes perimeter security for Internet, Extranet, DMZ, Internal Server farms, Web-traffic security with Proxies, Web Application firewalls. Worked and migrated multi-vendor equipment and Next generation firewall technologies. Worked on ASA, Firepower, Checkpoint and Palo Alto firewalls. Experience on MWG, Bluecoat and Zscaler proxies.
• Experience and high-level understanding in application delivery controllers, local and global load balancing techniques, redundancy solutions, high availability options for mission critical internal, vendor and public facing applications. Experience with F5 LTM, GTM, APM, NetScaler’s, Cisco ACE and A10.
• Worked on Campus Wireless environments with 1000+ access points, Wireless LAN controllers, Anchor Controllers, Authentication policies, BYOD policies, Integration with RADIUS. Experience with Aruba and Cisco WLAN.
• Experience with TACACS/RADIUS severs, migration from ACS and Aruba ClearPass to ISE. Experience with windows and Infoblox DNS and DHCP servers, IPAM, internal and external grids.
• Experience with WAN connectivity, MPLS circuits, leased Lines, Metro Ethernet, Site to Site IPSec tunnels, ISP circuits, Customer Edge configurations. Experience with SD-WAN solutions that include Viptella and Versa.
• Knowledge and operational experience with SDN, Cisco ACI, VXLAN, VTEPS, VNI, Bridge Domain, Arista Cloud Vision, EVPN, MP-BGP, Spine and Leaf Architecture.
• Experience with Zscaler Cloud Proxy Architecture with ZIA, traffic forwarding using GRE tunnels to Zcloud, Azure AD Authentication, Access policies, ZAPP. Experience migration from IronPort’s and Bluecoat Proxies to Zscaler.
• Worked on Cloud platforms that include Azure, AWS and Meraki. Experience working with connecting multiple sites to cloud using SD-WAN solutions, Cloud Connections, Load Balancing and Security with Cloud traffic.
• Worked on Open software platform switches like Cumulus on Mellanox and Dell hardware in a POC. Basic Knowledge in Python and Ansible scripting for automation in configuration templates, back-ups etc.
• Experience with Network Monitoring tools, SNMP, Log collectors, Splunk, ticketing tools and thorough understanding of work flows in corporate environments that include Financial, Healthcare, Retail clients.
• Very enthusiastic to explore and implement innovative ideas in Network Automation in configuration, documentation, troubleshooting, work flow integration, API integration with multiple tools using Python and Ansible.

TECHNICAL SKILLS

Router and VoIP Platforms: Cisco Routers series ASR9k, 7300, 4000, 3800, 2000, 1900; Juniper MX, Arista 7000 series.

Routing Fundamentals and Protocols: Routed and Routing protocols RIP, EIGRP, IS-IS, OSPF, BGP, IPX; MPLS, Static routing, ICMP, ARP, HSRP, VRRP, Route Filtering, Multicast, Policy-Based Routing, Redistribution, Port forwarding.

Switch Platforms: Cisco Catalyst series 2960, series 3560, 3850, 4500, 6500, 7000; Nexus series 2K5K, 7K; Juniper EX, QFX, Aruba 2000, 3000 series.

Switching Fundamentals and Protocols: Ethernet technologies, LAN networks, MAC, VLAN and VTP, STP, PVST+, MulticastRSTP, Multi-Layer Switching, 802.1Q, EtherChannel, PAgP, LACP, CDP, HDLC, RARP

Firewall Platforms: Checkpoint (NGX R65, 3100, 5100, 5900), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks (PA series 2K, 3K and 5K) with panorama 8.0, WAF

Security Protocols: Standard and Extended ACLs, IPsec, VPN, Port-security, SSH, SSL, IKE, AAA, Prefix-lists, Zone-Based Firewalls, NAT/PAT, HIPAA standards, Ingress & Egress Firewall Design, Content Filtering, Load Balancing, IDS/IPS, URL Filtering, L2F, IDS, TCP Intercept, Router Security, SNMP trap

Network Management and Monitoring: Wireshark, Infoblox, HP OpenView, Cisco Prime, Splunk, Security Device Manager (SDM), Cisco Works; TCP Dump and Sniffer;, SolarWinds Net Flow Traffic Analyzer, NetScout, Network Performance Monitor (NPM), Network Configuration Manager (NCM), SAM, IP Address Manager, Additional Polling Engine.

Load Balancers and Proxies: F5 (BIG-IP) LTM 2000, 3900, 6400, 6800, AV 510, Citrix NetScaler, MWG, Zscaler Proxies, Bluecoat Proxies.

WAN and SD-WAN technologies: MPLS, ISP Leased Lines, SONET, Viptella, Versa.

Other Networking Protocols and Fundamentals: DHCP and DNS server, Active Directory Management, NTP, NDP, TCP, UDP, FCP, Network Implementation, Troubleshooting techniques, NHRP, NetBIOS, NFS, FTP, TFTP, HTTP, PAP, PPTP, SIP Trunking, SNMP logging, SMTP, RADIUS and TACAS+, PBX servers, SDN, IPV4.

Wireless and Radius Technologies: CISCO APs, Aruba wireless and APs, Cisco Meraki, Prime Infrastructure, Air Magnet, AirWatch and WLC’s (8510, 5508, 5706), Cisco AironetAP’s (2600, 3600, 3700), ISE, MSE, Aruba 225, Aruba 3000 controller & Airwave, ISE, Clear Pass 6.0,6.2,6.5, 802.11a,b,c,g,n,ac

Scripting: Basic understanding in Python, Ansible and TCL (F5)

PROFESSIONAL EXPERIENCE

Confidential

Sr. Network Engineer

Responsibilities:

• Experience working with Juniper devices like EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX650, SRX240
• Managed AD Domain Controller, DNS and DHCP Servers and configurations.
• Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication for Wireless and Wired users, 802.1X, EAP, PEAP etc.
• Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using Solarwinds IPAM and Infoblox DNS and DHCP servers. Experience with DHCP scopes, IP reservations, DNS host entries, pointers, delegations, Zones, DNSSec etc.
• Provides expert level security and networking knowledge in the planning, researching, designing, and testing of new networking technologies for perimeter firewall security, Intrusion Prevention/Protection System (IPS), DNS and DMZ security, and Internet Security in support of established Info Security program initiatives for the next 3 years.
• Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2960, 3500, 7600, 3750, 3850 series, 6500 series) Cisco Routers (4800, ASR 9K, 800), Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls, Zscaler Proxy and Versa SD-WAN appliances.
• Conducted a POC on Versa and Viptella SD-WAN solution as a team and worked on evaluating the solutions.
• Migrated Nexus 7Ks & Nexus 5Ks to an ACI Fabric consisting of 9336PQ Spines & 9332PQLeafs in a brownfield Datacenter.
• Worked on PAC file updates, Internet proxy migration from IronPort to Zscaler cloud. Access policies, AD based, user based, location-based access. ZAPP client.
• Worked on Bridge Domains, VXLANs, VTEPS, VNID. configuration of routing using BGP among multiple Leaf to spine switches. Thorough understanding of Application Profile, Tenants, End Point Group, Inter Subnet Tenant Routing, Routing within Tenants, Router Peering and Redistribution. Worked on Migration project from traditional Data Center Architecture to Spine Leaf.
• Worked on connections handoff using Bridged Interface to an External Route. L3- EPG configurations, AEP configurations. Expert in GUI of ACI.
• Worked on integrating existing Layer 2 and Layer-3 networks with ACI.
• Play a key role in the company’s direction towards Cloud Computing platforms by creating a strategy for transition plans. Azure AD and AWS, Office 365.
• Analyze and provide courses of action on current as well as emerging security threats like ransomware attacks by research and recommendation of other security solutions to help mitigate network security threats while preventing their outbreak across the network.
• Worked on network design improvements involving BGP, EIGRP, OSPF, IP metric tweaking and load balancing.
• Design, implement, and develop network designs for applications used in TMO.
• Worked on Checkpoint Firewall to create new rules and allow connectivity for various Applications. Checkpoint is used as an internal firewall for application security in Kodiak network.
• Implemented Firewall rules and Nat rules by generating precise methods of procedure (MOPs). Responsible for packet capture analysis, syslog and firewall log analysis.
• Experience with F5 load balancers LTM and GTM and reverse proxy design and setup. Migration from ACE to F5.
• Experience in F5, Cisco ACE 4710 Load balancers. Migration Experience from ACE to F5 and NetScalers to F5. Worked on critical applications on Layer 4 and layer 7 load balancing. Experience with Virtual server, Pool, Node, Profiles - TCP, http, https, ftp, fastl4, Persistence - Source IP, SSL, Cookie, SNAT, iRules, iAPP, SSL offloading.
• Experience with F5 GTM and in-depth knowledge of DNS, Global level load balancing, Wide IP’s, Zones, Prober pools, Delegation from Windows DNS server to listener IP.
• Troubleshooting of Linux and Unix servers for application delivery servers. Install Dockers, Cisco and HP servers.
• High-level network troubleshooting and diagnostic experience using Packet capture tools like Wireshark.
• Configured network using routing protocols such as EIGRP, BGP and OSPF and troubleshooting L2/ L3 issues.
• Designing, configuring, and troubleshooting QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Voice Gateways, Voice circuits IP /TDM, Cisco Telepresence Infrastructure, QoS, NAT, PAT, and multicast.
• Worked on Riverbed steelhead appliance to troubleshoot delay, jitter issues. Captured traffic and analyzed for root cause. Wrote policies and rules in steelhead.
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms
• Assist in creating network design standards for hardware and software. Developing and maintain Network Documentation (Visio diagrams, Excel spreadsheets, Word documents, etc.) Configure and troubleshoot network elements in a test/dev environment.
• Worked on Orion (Solar Winds) for mapping network diagrams, updated Orion with commissioned and decommissioned network devices.
• Experience with configuration of Cisco call manager, Installing and worked on ICM management

Confidential, Cambridge, MA

Sr Network Engineer

Responsibilities:

• Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.). Design of DMZ in primary and redundant data centers with Next Gen Firewalls, IPS/IDS sensors, Switching and routing.
• Experience in deployment of Nexus 7010, 5548, 2148T, 2248 devices
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for datacenter access architecture.
• Experience configuring Virtual Device Context in Nexus 7010
• Installation and maintenance of Cisco Layer 3 switches 3750, 4500X, 6500 in multi VLAN environment.
• Maintenance and configuration of Cisco ASR1000 series and 7200VXR routers at data center and deployment of 3900, 3800, 2951 and 2821 for branch connectivity.
• Involved in migration from Site-to-sire GRE tunnels network to MPLS-based VPN for customer’s WAN infrastructure.
• Implementing security Solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520 ,.
• Migration experience from Cisco ASA 5500 to PA. Experience with migration tool in PA for Policies from ASA to PA. Experience with SSL forward proxy and URL filtering.
• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
• Experience with RIVERBED Steelhead appliance for WAN optimization.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
• Basic configuration of Cisco Meraki Layer 2 and Layer 3 switches like MS 220, MS 320 and MS 420.
• Migrated Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to Palo Alto Wildfire.
• Involved in Switching Technology Administration including creating and managing VLANS’s, Port security, Trunking, STP, Inter VLAN routing, LAN security etc.
• Configured BGP, EIGRP and OSPF and Policy based Routing.
• Configuring OSPF and Static routing on Juniper M and MX series Routers
• Provide Tier II Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco ACE Load Balancers to the F5 BigIP Load Balancers.
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
• Configured Cisco 7200 routers which were also connected to Cisco ASA 5508 security appliances providing perimeter-based firewall security.
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
• Configuring ASA 5510 Firewall and accept/reject rules for network traffic.
• Extensive knowledge and troubleshooting in data communication protocols and standards including TCP/IP, UDP, IEEE 802.3, Token Ring, Cable Modem, PPPOE, ADSL, Multilayer Switching, DoD standards.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.

Confidential, Folsom, CA

Network Engineer

Responsibilities:

• Worked for State client with various government departments which include DOT, DOH, DOE to configure site to site connectivity, troubleshoot issues, application load balancing, Network security.
• Configure the layer 2 and layer 3 on Cisco Nexus 7K, 5K, 6509, 9710, 5596 UP, 4500, 3850, 3950, ASR and 2960
• Worked with Checkpoint, Cisco ASA, and Palo Alto Networks solutions
• Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS.
• Implementing & Troubleshooting of T1, MUXES, CSU/DSU and data circuits.
• Experience on designing and troubleshooting of complex BGP and OSPF routing problems,
• Have sound knowledge of Firewall architecture, routing and VPN.
• Have experience working on HP Open view Network Node Manager.
• Upgrade firewalls in accordance with change management & Document changes to firewalls.
• Monitor traffic and access logs in order to troubleshoot network access issues.
• Have experience with Cisco Works LAN Management Solution.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
• Testing VPC, BGP, OSPF, EIGTP, RIP, SPAN, Sflow, Vlan Trunking, SVI and power supplies on Nexus and ASR devices
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
• Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data center environment.
• Involved in configuring IP Quality of service (QoS).
• Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
• Experience in designing, installing & configuring of Cisco ASA & FWSM (Firewall service module). Worked on Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM
• Evaluate, Analyze & Implement firewall policies to meet business requirements
• Experience in creating and maintaining Checkpoint and ASA firewall configurations, updating documentation and log analysis.
• Worked extensively in configuring, monitoring and troubleshooting Cisco's ASR 5500
• Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
• Experience in configuring routing protocols like EIGRP, RIP v2, OSPF & BGP and Cisco ACS protocols like RADIUS and TACACS.
• Experienced in WAN environments, installing and troubleshooting data circuit problems (MPLS, T1).
• Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment.
• Involved in designing and applying QOS and policy map to 2800 series routers for all the branches.

Confidential, Dallas, TX

Network Engineer

Responsibilities:

• Experience working with Cisco ASA 5585-X firewalls with Firewall rules, IPSEC VPN, NAT, Active-Standby Failover, OSPF and Any Connect VPN technologies
• Designed, configured, implemented site-site VPN on cisco ASA 5585-X firewall.
• Troubleshoot and Worked with Security issues related to Cisco ASA, and IDS/IPS firewalls.
• Acquired knowledge in working with Meraki wireless access points MR 12, MR 16, MR 24, and MR 34 etc.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Negotiate VPN tunnels using IPsec encryption standards and configured and implemented site-to-site VPN, Remote VPN on Cisco 5585-x Firewalls.
• Collaborating with Application owners, Network Team, DNS Team, and Firewall Team to migrate websites from Cisco ACE Load Balancer to New F5 BIG-IP Local Traffic Manager.
• Deployed code upgrade from version 11.5.1 HF4 to version 11.5.4 on the F5 LTMs.
• Configured F5 GTM solutions, which includes Wide IP (WIP), Pool Load Balancing Methods, probers and monitors.
• Experience working with data center deployment where we converted from Cisco 6500 to Nexus.
• Experience working with Nexus 5020, 2148, 2248 devices
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000
• Troubleshoot wan related problems including OSPF, EIGRP, BGP routing and design
• Supporting EIGRP, OSPF and BGP based network by resolving level 2 & 3 problems of internal teams & external customers of all locations
• Deploying Cisco routers and switches such as 7200, 3800, 3600 and 3500, 4500, 5500.
• Managed SSL Termination on F5 BIG-IP LTM which entailed creating Cert Request, importing, renewing and applying to Virtual Server hosting the Application.
• Configuring and monitoring different modules F5 BIG-IP LTM and DNS traffic Management.
• Management of Viprion 2400 chassis for the deployment of Big IP.
• Perform Wireless Administration and troubleshooting for the corporate Wireless infrastructure.
• Build Logical design and Implementation of Wireless Solution
• Management tools, SNMP, Syslog, Sniffer
• Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP.
• Implemented and configured SNMP, Syslog and traps on Cisco routes to allow for network management.
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS
• Implement and modify DNS entries and managing IP Addresses using Windows DNS and DHCP.
• Experience configuring and troubleshooting on Citrix NetScaler Load Balancer.
• Performed Access Control Lists (ACLs) to setup usage for the intended users.
• Responsible for IOS installations and upgradations using TFTP Server.
• Troubleshooted Routing/Switching/Security Configuration problems/errors encountered to Clients in Head/Remote Campuses.
• Performed subnetting of the IP addresses. Configuration and allocating IP and network resources to Storage, Virtualization, Server and Application teams.
• Responsible for design/implementation/maintenance of Site to Site VPNs, and remote access VPN's using Cisco solutions (ASA 5520 and 5540), including head-end and remote client-side connections.
• Performed network monitoring using tools like Netcool. Log collectors using Splunk. SNMP V2C configurations.