SUMMARY

• 9 + years of experience in Routing, Switching and Firewall Security, including hands - on experience in providing network support, installation, and analysis for a broad range of LAN / WAN/MAN communication systems.
• Strong knowledge in Cisco Routing, Switching and Security with Cisco hardware/software (heavy Cisco shop) experience.
• Profound knowledge on various WAN technologies like E1/T1/E3/T3, HDLC, Frame-Relay and PPP.
• Experience in managing security policies with CSM, integrated with ASA 5500 devices.
• Strong Knowledge in WAN technologies including T1, T3, ISDN, HDLC, Point to Point, ATM and Frame Relay.
• Experience in Cisco: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay & MPLS), Routing protocol configurations (RIP, EIGRP, OSPF, BGP)
• Experience in working with IPSEC Site to Site, Remote VPN using different encryption methods.
• Configured and managed Nexus 2k fabric extender, 5K and 7K switch network at the client’s location.
• Experienced working on network monitoring and analysis tools like, SOLAR WINDS, CISCO works and RIVERBED and Wireshark.
• Expertise in implementing, maintaining, and troubleshooting L2 switching tasks such as VLANs, VTP, VLAN Trunking using ISL and 802.1Q, STP, RSTP, PVST+, EtherChannel using LACP and PAGP, Inter-VLAN routing.
• Exposure to LAN/WAN setup, installation, configuration, and troubleshooting
• Worked closely with application team on troubleshooting the issues.
• Installation, Configuration and Maintenance of Samba, Apache Tomcat, Web Sphere and Linux environment.
• Experience of routing protocols like EIGRP, OSPF, RIP, and BGP, MPLS.
• Hands-on experience in Cisco ISE, ACS and Aruba ClearPass Radius and TACACS solutions
• Experienced in Troubleshooting for connectivity and hardware problems on Cisco Networks.
• Extensive knowledge in implementing and configuring F5 Big-IP LTM-3900, and 6900 Load balancers.
• Designing and implementing F5 BIG-IP load balancer.
• Worked on network topologies and configurations, TCP/IP, UDP, Frame Relay, Token ring, ATM, bridges, routers, hubs and Switches.
• Performed security operations on ASA firewalls.
• Configure, Manage and Monitor Palo Alto firewall models (Specifically the PA-5050 and the PA-5260)
• Experience in working on FortiGate Firewalls. as independently with minimum supervision & Team Player.
• Pulse Secure client diagnostic and troubleshooting skills.
• Integrated AWS Network with our existing production and corporate network
• Ability to work with end users to troubleshoot and solve their Pulse Secure VPN problems.
• Expert level knowledge on configuring Cisco Wireless Solutions, Aruba Mobility controller.
• Performed deep packet analysis to troubleshoot application issues using tools like Wire-shark.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
• Experience in L2/L3 3 protocols like VLANS, STP, VTP, MPLS and Trunking protocols.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP. Configured RIP, EIGRP, OSPF.
• Experience in installing and configuring DNS, DHCP server.
• Configuration NAT, Static route and Firewall rules on Fortinet and Checkpoint firewalls.
• Good knowledge in WAN Technologies like ACL, NAT and PAT, IPsec and VPNs.
• Configuration, troubleshooting and upgrading fire ware on FortiGate firewalls, Forti Manager 1000D and Forti Analyzer 1000D.
• Design WAN solution using the AutoVPN technology with Cisco Meraki MX security appliances including DC to DC failover and SD WAN capabilities.
• Experienced with various dynamic and static network protocols RIP, OSPF, EIGRP, HSRP, VRRP, BGP, VLAN, Spanning Tree, Frame-relay, MPLS, and IPsec VPN.
• Worked in OSI model, TCP/IP, UDP, IP addressing and Sub netting.
• Hands-on experience in the setup of HSRP, ACL, and tunnel installations.
• Enhanced level of knowledge with IGRP, PPP, ATM, and T1/T3 Frame-Relay.
• Responsible for service request tickets generated by the helpdesk in all phase such as troubleshooting, maintenance, upgrades, patches, and fixes with all around technical support.
• Extensive knowledge in different networking protocols DHCP, DNS, FTP, VOIP (SIP, H.323, MGCP), Quality of Service (QOS).
• Demonstrated success record in: Managing multiple tasks with proven ability to meet deadlines and proactively identifying the problem to solve complex technical issues.
• Highly enthusiastic, creative team player, project implementation, analytical, interpersonal and communication skills.
• Experience in Physical cabling, IP addressing, configuring, and supporting TCP/IP.
• Worked on Extensively on Cisco Firewall & ASA 5500(5510/5540) Series.
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.

TECHNICAL SKILLS

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS

Hardware: Dell, HP, CISCO, IBM, SUN, Checkpoint, SonicWall, Barracuda Appliances, FortiGate, PaloAlto.

Operating Systems: Windows, NT, MS-DOS, Linux, Microsoft Windows 2008 R 2/ 2008/2003/2000 /2012 NOS family, Microsoft Active directory 2008/2003/2000 , VM Ware ESX/ESXi server, Cisco ISO

Application Servers: DNS, DHCP, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange 2003/2007/2010 , Microsoft SharePoint 2007/2010

Firewalls: Check Point, ISA 2004/2006/ ASA 5585/5520/5500 , FWSM, Checkpoint 4200/Nokia IP-560, Cisco PIX 535/525, Fortigate Firewalls, Palo Alto Firewalls

Routing/Routers: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing, Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Infrastructure Hardware: IBM, HP, Compaq, Dell desktops laptops servers, Cabling, Network printers, IP KVM Switches, Cisco Routers Switches, 802.11x Wireless gateways, Access Points, Network UPS, Storage Area Network, NAS, iSCSI SAN

Switching: VLAN, VTP, STP, Inter VLAN routing Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

VPN: Cisco Any Connect, BIG IP F5 VPN.

Security Tools: Wireshark, MS Visio, VMWare ESXi 3.5, VMware Server, Symantec End Point Protection

PROFESSIONAL EXPERIENCE

Confidential security operations center Engineer

Responsibilities:

• Establish network specifications by conferring with users, analyzing workflow, access, information, and security requirements.
• Establish RL network by evaluating network performance issues including availability, utilization, throughput, goodput, and latency.
• Defining network policies and procedures and establishing connections and firewalls.
• Maintain network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems and escalating problems to vendors.
• Participate in an on-call schedule. Be available during the on-call shift 24x7 in case issue occurs.
• Investigate and help resolve issues on RL network and IT estates using agreed troubleshooting methodologies.
• Whitelisting, Blacklisting and Troubleshooting Force Point Proxy related Tickets.
• Uninstalling old Version of Forcepoint Agent and Installing Latest version of Forcepoint Agent on user machines.
• Troubleshooting include network protocol, log analysis and raw data captures.
• Work collaboratively across various business units to implement new technology, support existing, and at times do Firewall changes after normal business hours.
• Perform troubleshooting, resource optimization across all ACI configurations at scale including multi-pod and multi-site.
• Experience in the AWS cloud networking like VPC, Direct Connect, etc.
• Work with various Ralph Lauren application teams to troubleshoot to resolve the issues.
• Create Firewall rules on Cisco ASA and Palo Alto Firewalls as per application Team’s requirement.
• Implemented site to site VPN changes in Cisco ASDM as per RL application Team requirement.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Responsible for Cisco ASA firewall administration across our global networks.
• Analyzing firewall change requests and integrating changes into existing firewall policies while maintaining security standards.
• Experience with IP Networking - Routing, Switching, BGP, MPLS, OSPF etc., Cisco, Juniper, Brocade
• Experience in Cisco ACI Integrating Layer 2, Layer 3, L4-L7 and VMware with ACI.
• Designed and worked on migrating Cat 6500s to Cisco ACI, Cisco N9Ks, N5Ks, Python script.
• Mapped Cat 6500, Cat 4500 settings, Data Center migration to Cisco ACI, Cisco Nexus N9K, N7K.
• Experience in the field of next-generation network architecture, such as SD WAN and/or WAN architectures, Network Function Virtualization (NFV), Software Defined Networking (SDN).
• Analyzed ArcSight logs and related tools for troubleshooting connectivity issues.
• Worked on extensively on troubleshooting multiple issues and driving Incident calls to resolution by doing packet and Wireshark capture techniques and performing other troubleshooting scenarios.
• Implemented rules on Imperva WAF firewall as per application team requirement to provide additional layer of security for RL servers.
• Blocking malicious URLs and IP’s on Force Point and perimeter firewalls.
• Implemented firewall rules on Palo Alto firewall and Panorama management systems.
• Created Blocked Category on Palo Alto URL Category and added malicious URLs and Blacklisted IP addresses to the group.
• Worked in managing VMs in Amazon using AWS -EC2, RDS, Redshift EMR.
• Managing and configuring Aruba Wireless devices and Cisco Access Points.
• Created firewall rules on Imperva Secure sphere.
• Responsible for operating and maintaining Symantec Endpoint Security Manager
• Blocking malicious URLs and IP addresses on Chronicle
• Worked on Zabbix which is RL Monitoring tool.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users.
• Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
• Responsible for creating weekly, ad hoc and monthly reports using Nexpose rapid 7 vulnerability tool to analyze reports using excel to create pivot charts to show trends. worked on Thales Vormetric 6000 and ON Prem environment for data at rest encryption and Key management requirements.

Environment: Cisco ASA 5500, Panorama 9.1.3, PA-VM 300, Forcepoint, Imperva Secure sphere, Symantec Endpoint Security Manager, Arc Sight Logger, SNOW, Chronicle, Cisco ISE, Zabbix, Rapid 7, Thales Vormetric 6000.

Confidential

Network Engineer

Responsibilities:

• Maintain and managing a LAN/WAN network, ensure connectivity between all datacenters including Monitor, troubleshoot and document any network issues.
• Resolve any network issues by implementing change control and providing support where and when required.
• Extensive troubleshooting on a case-by-case basis with deep understanding of networking/firewall concepts which include connectivity issue pertaining in WAN, LAN, VPN tunneling and Security devices.
• Hands on Experience with ticketing system ServiceNow and Service First.
• Implemented firewall policies and routing changes per business project/request Troubleshoot and resolve network issues between business users, clients, partners and customers.
• Experience with Palo Alto and Forti-Gate Firewall policy provisioning experience with Firewall Administration, Rule Analysis, Rule Modification
• Experience with Palo Alto PANOS 8.0.20 and Forti-Gate Firewall 1500D v5.4 policy provisioning experience with Firewall Administration, Rule Analysis, Rule Modification and upgraded FortiGate firmware from v5.2.2 to v5.4.4.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
• Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance.
• Experience with IP Networking - Routing, Switching, BGP, MPLS, OSPF etc., Cisco, Juniper, Brocade.
• Leading daylight SD WAN conversion project portion of a 8 person crew on 2800 branch Viptela over VMware and Cisco network, each site served by Private MPLS / Broadband / LTE.
• Managing and configuring Aruba Wireless devices and Cisco Access Points.
• Troubleshoot and Worked with Security issues related to Palo Alto firewalls
• Site to site based and userbase SSL VPNs on ASA Firewalls
• Hands-on experience troubleshooting BGP issues related to extranet vendor connectivity.
• Experience with working with Forti Manager and Forti Analyzer.
• Hands on Experience to configure and implement hide NAT, Static NAT no NAT, ACL etc.
• Troubleshoot traffic passing managed firewalls via logs and packet captures
• Provision VPN connections on Cisco ASAs and implement MACs Move Add Change per business requirements.
• Implemented load balancing solutions on F5 local Traffic Manager.
• Create team specific Agile process flow in JIRA to move tasks from one activity to another.
• F5 LTM appliance with abilities to create VIP, configuration changes, troubleshoot and perform packet captures.
• Provision DNS services using Infoblox for DNS, DHCP and IP address management IPAM, ARECORD, MXRECORD, DMARC, Text Record and Domain creation.
• Ensure all network devices (Router, Switch, Firewall, Load Balancer, Proxies) are running healthy which include upgrading to latest version, patch update, certificate upgrade (GETVPN)
• Collaborate with vendor network architects on network optimization. Escalation of problems as appropriate to management.
• Experience in working on MPLS networks, Implementation of QoS for Voice and Citrix traffic, Implemented MPLS/VPN to connect the Enterprise branches.
• Participate in the post-mortem investigation of catastrophic events associated with security tools faults or outages and prepare incident reports documenting the findings.
• Implement URL filtering requests in Bluecoat Proxy SG for website blacklist and whitelist purpose.
• Adding users to Various AD groups on Symantec Proxy SG as per Confidential Request Ticket.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short- and long-term planning, implementation, project management and operations support as required.
• Ensure all network devices (Router, Switch, Firewall, Load Balancer, Proxies) are running healthy which include upgrading to latest version, patch update, certificate upgrade (DMVPN, HTTPS etc.).
• Cisco ISE architecture includes the following components:
• Nodes and persona types
• Configure Cisco ISE node with the Monitoring persona functions as the log collector and stores log messages from all the Administration and Policy Service nodes in a network.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users.
• Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
• Provides all the configuration, authentication, and policy capabilities that are required for network model, and the secondary Cisco ISE node functions in a backup role.
• Centralized authentication, authorization, and accounting (AAA) operations between clients and the primary Cisco ISE node are performed using the RADIUS protocol.
• Ability to split the load in this way directly reduces the stress on each Cisco ISE node in the system
• Designed ACI fabric to ensure each tenant is secured and has separation from other tenants. Use L3/L2 outs via common tenant to reduce TCAM and RAM utilizations
• Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment.
• Experience deploying ACI in Network-Centric model, Data center Architecture; SDN/ACI.
• Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a Spine and Leaf architecture.
• Used Cisco ACI Fabric which is based on Cisco Nexus 9000 series switches and Cisco Application Virtual Switch (AVS).
• ON-CALL rotation - Provide support for 24x7 for any major incident or incident escalate from Command and control.
• Blue Coat Web Proxies - Proxy SG, Proxy AV, Director and Symantec Management Center
• Utilize tools such as SevOne, Spectrum Network Alert Monitoring tool and Splunk for improved network support
• Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.
• Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.
• Configured Syslog server for the forwarding the logs to Splunk server via network protocols like TCP and UDP.
• Monitor latency, bandwidth utilization, and the general condition of the WAN reporting on problems to the Trading teams on a real-time basis

Environment: Cisco ASR 9K routers, Nexus 2K/5K/7K, F5 Big-IP 5250F, Cisco ASA 5506, FortiGate 5.4.4, build1117 (GA), LAN, Symantec/ Blue Coat Proxy SG 900-20, Symantec Management Center, Forti Gate WAN, OSPF, BGP, EIGRP, VLAN, MPLS, STP, RSTP, Infoblox, SevOne and Splunk, Cisco ISE, Cisco ACI, Palo Alto PANOS 8.0.20

Confidential

Network Engineer

Responsibilities:

• Network Troubleshooting and providing support to Accenture Data Network Team.
• Work with multiple teams to identify bottlenecks and other network configuration issues.
• Troubleshooting various network problems that arise daily, such as Network Latency, Outages as part of my day-to-day work.
• Making External DNS changes in AKAMAI AT&T Portal as per Confidential requirement.
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
• Provide 24*7 support for network infrastructure in an on-call rotation
• Ensuring maintenance of Service Level Agreements (SLA) with the Business.
• Coordinating with network L3 team for Major configuration changes and maintenance activities to ensure network Uptime.
• Experience with Troubleshooting issues with Cisco and Brocade Switches/Routers.
• Design WAN solution using the AutoVPN technology with Cisco Meraki MX security appliances including DC to DC failover and SD WAN capabilities
• Configured EIGRP MD5 Message Authentication between sites to prevent unauthorized insertion of routes into the domain. Integrate manual EIGRP route summarization to reduce routing protocol demand on CPU resources, memory, and bandwidth used to maintain the routing table.
• Supported wireless networking team working on Aruba wireless.
• Responsible for the day-to-day administration and maintenance of various mission critical multi-area network infrastructures in an enterprise LAN/WAN environment.
• Troubleshooting of complex LAN/WAN infrastructure, including routing protocols EIGRP, OSPF & BGP.
• Troubleshooting various network related issues with Service providers (Verizon and AT&T).
• Deployed and decommissioned the VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices
• Configured OSPF, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Lab testing & validation prior to implementation of Nexus 7K, 5K & 2K connecting to blade servers.
• Hands-on experience on Cisco Network Hardware like Cisco switches, Cisco ISR G2/ASR routers, Cisco Wireless Access Points & SD WAN Platforms experienced configuring and deploying from scratch and fixing them with various modules like Gig card, VPN SPA Card, T1-WIC card and other modules.
• Replacing branch hardware with new 2851 routers and 2960 switches.
• Performing security audits of perimeter routers, identifying missing ACL’s.
• Created and refreshed all long-lived documentation on Confluence wiki.
• Creation of firewall policies as per the requirements on Checkpoint, ASA and Juniper firewalls.
• Configuration & Management of VLANs, 802.1Q trunks, VTP, Security policies .
• Strong working knowledge of Nexus 7K/5K /2K.
• Created and maintained Visio network diagrams and supporting documentation.
• Responsible for Cisco ASA 5500 firewall administration, Rule Analysis, Rule Modification.
• Perform network analysis using various tools like Wireshark and Solar winds.
• Configuration of Access List ACL (Std., Ext, Named) to allow users all over the company to access different applications and blocking others.
• Experience in VIP creation, certificate updates, POOL creation and POOL Member modification.
• High-level understanding of multi-tiered application traffic flow, server load balancing and global load balancing.
• Good knowledge on F5 GTM including Wide IP and Pool Load Balancing methods and Monitors.
• Experience with F5 technologies (LTM, GTM, V9, V10 and V11).
• Configured user roles & policies for authentication via NAC & monitored status of logged users in Cisco ISE
• Performed large scale (600+ APs) wireless deployments including device posturing & profiling in Cisco ISE
• Radius server setup using Cisco ISE server to support Wi-Fi security protocols
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN
• Configuration and Integration of Cisco Identity Services Engine (ISE) 1.2
• Deploying ISE Wired and Wireless Authentication, Authorization and Accounting.
• Managed the F5 Big IP backup and VIP creation.
• Experience deploying BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application.
• Configuring firewalls for site to site tunnels, any-connect VPN, zoning.
• Document LAN/WAN infrastructure, such as network topology, subnets, firewall and router configurations, and other systems deemed to be critical.
• Add/modify rules in firewall as per application team requirement.
• Good knowledge of Checkpoint firewall technologies.
• Experience with Checkpoint Firewall R61 version
• Managed Cisco firewalls from both the Command line and ASDM.
• Experience in designing and assisting in deploying enterprise wide Network SSL Security and High Availability Solutions for ASA
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Experience in monitoring firewall traffic in Qradar.
• Deployments, each node can perform its own specific operations, such as network admission or device administration, and still perform all the AAA functions in the event of a failure.
• Centralized logging for large Cisco ISE networks
• Centralized management model helps maintain a consistent, synchronized AAA policy.
• Configure and ensure that Cisco ISE can interoperate with network switches and that functions from Cisco ISE are successful across the network segment.
• Experience with remote access and VPN technologies
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Controlling the URL access by using the Bluecoat proxy servers.
• Experience in Cisco ASA 5500 series and PIX installation, configuration and maintenance.

Environment: Cisco ASR 9K routers, Nexus 2K/5K/7K, F5 Big-IP LTM-6400 load balancer, Checkpoint R61, Cisco ASA 5500 LAN, WAN, HSRP, RIP, OSPF, BGP, EIGRP, VLAN, MPLS, STP, RSTP, Akamai, Infoblox, Qradar and Zenoss, Cisco ISE