- 8.5 years of experience in Networking, including hands - on experience in providing network support, installation and analysis for a broad range of LAN /WAN/MAN communication systems.
- Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP, BGP v4,
- Moderate noledge in configuring and troubleshooting Cisco Wireless networks; LWAPP, WLC, WCS, stand-alone apps, roaming, wireless security basis, IEEE 802.11a/b/g, RF spectrum characteristics.
- Experience working on Cisco ASR 9001&ASR 1006.
- F5 BIG-IP application load balancing subject matter expert with particular concentration on layer 7 load balancing using me-Rule scripting in TCL.
- Hands on experience on windows server 2007, 2008, 2012.
- Experience with implementing, managing, and developing policies/profiles on Netskope Cloud Security Access Broker.
- Experience in troubleshooting network issues including boundary protection devices and Bluecoat Proxy Servers.
- Expertise in updating all policies to increase functionality of DLP.
- Hands on experience in plan, architect, Install, upgrade and configure Symantec DLP 14.0,14.5,14.6 to 15.1,15.5 and Forcepoint DLP 8.5 - 8.7.
- Experience in Office 365 DLP/Security and Compliance Center.
- Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
- Installation of IP Voice System PBX and Voice gateway Cisco SPA 8000
- Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
- Hands on experience on dealing with Microsoft Azure cloud computing including implementing access lists in teh Network Security Group.
- In depth experience on Symantec Cloud Email Detection service, CASB Integration, network discover, network monitor, network prevent for email, network prevent for web.
- Responsible for Check Point and Cisco ASA firewall administration across global networks.
- Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
- Worked on F5 LTM, GTM series like 6400, 6800, 8800 for teh corporate applications and their availability.
- Experience in deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
- Experience working with Nexus 7K, 5K, 2K devices.
- Experience in testing Cisco routers and switches in laboratory and deploy them on site production.
- Strong noledge of TACACS+, RADIUS implementation in Access Control Network.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 appliance,
- Failover DMZ zoning & configuring VLANs/routing/NAT with teh firewalls as per teh design.
- Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, TEMPeffectively analyzes results and implement and delivering solutions as an individual and as part of a team.
- Experience in designing MPLS VPN and QoS for architecture using Cisco multi-layer switches.
- Hands on experience in configuring Cisco Catalyst 2 960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Load Balancers& Cisco Firewalls.
- Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for teh expansion of teh MPLS VPN networks.
- Excellent in documentation and updating client’s network documentation using VISIO.
- Performed switching technology administration includingVlans, inter-Vlan routing, trucking, port aggregation and link negotiation.
Network Configuration:: Advanced switch/router configuration (Cisco IOS access list, Route redistribution/propagation).
Routing Protocols:: IGRP, EIGRP, OSPF, BGPv4, MP-BGP, IS-IS, RIP
WAN Protocols:: HDLC, PPP, MLPPP
Circuit switched WAN:: T1/E1 - T3/E3/OCX (Channelized, Fractional & full).
Packet Switched WAN:: ATM, FRAME RELAY, MPLS VPNs
Security Technologies: Cisco FWSM/PIX/ASDM, Juniper SRX, Palo AltoCheckpoint, F5 Load Balancer, ASA firewall
Cisco Routers: Cisco GSR 12416, 12418, Cisco 7200vxr, Cisco 3640, Cisco 3600
Security Firewalls: ASA, Checkpoint, Palo Alto,Redundancy and management: HSRP, VRRP, GLBP, RPR, NSF/NSR, Wireshark, Solarwinds, SNMP
Physical interfaces:: Fast Ethernet, Gigabit Ethernet, Serial, HSSI, Sonet (POS)
Layer 2 technology:: VLAN, HSRP, VRRP, GLBP, STP, RSTP, PVST+, MST, PVLAN, Optimizing STP (Port Fast, Uplink Fast, Backbone Fast, Root Guard, BPDU Guard)
Layer 3 Switching:: CEF, MLS, Ether channel (PAGP & LACP, Load Balancing)
Switches:: Cisco Catalyst 6500, MSFC, MSFC2, 7600, 3700, 3500, Arista 7500, 7050, 7300 series, Cisco 2948/3560/4500/3560/3750/3550/3500/2960
Operating Systems:: Microsoft XP/Vista/7, UNIX, Linux (Red hat, Opens use, Fedora), Windows Servers 2003/2008Windows MS-Office, VMware ESX 5.1, VMware Vsphere client, Microsoft Azure, office 365, Python
NCNETWORK AND NETWORK SECURITY ENGINEER)
- Working on teh Palo Alto firewalls of teh series VM-300 and VM-500.
- Creating teh policies in teh Firewall when needed according to teh company standards.
- Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
- Install and configure Symantec Endpoint protection.
- Implemented Zone Based Firewall and Security Rules in teh Firewall.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.
- Working on teh Migrations of teh applications like Citrix, RHEL open shift and various applications from teh Data center to teh cloud.
- Define policy/rules for teh DLP solution and refine them as DLP strategy matures.
- Studying and apply required firmware updates and Identify and resolve infrastructure vulnerabilities and issues.
- Work on Symantec Cloud Email Detection service, CASB Integration, network discover, network monitor, network prevent for email, network prevent for web.
- Making teh decryption policies to inspect teh HTTPS traffic which enters ingress of teh firewall.
- Generating teh Certificates in teh firewall to provide for vendors, as they need to install on teh application for TLS/SSL inspection, unless traffic won't be allowed into teh firewall.
- Making teh scheduled policies in teh firewall where policies will terminate automatically according to teh business requirements.
- Working on teh PA-VM based firewalls like VM-300 and VM-500, where all teh firewalls are deployed in teh AWS C5xM size instance.
- Configuring teh Network Load balancer in teh AWS for teh load balancing teh traffic coming from teh different third-party vendors or business partners around teh globe.
- Analyze reports from DLP tool and provide metrics to management.
- Document solutions and halp documents as needed for future DLP Analysis team.
- Creating teh targets groups as Nodes where teh services are hosted on teh servers.
- Allowing teh services which is requested by teh vendors like web-browsing and SSL.
- Monitoring teh daily health check by using monitoring tools like Splunk, Wire Shark, Monitors, Cloud watch and Kibana.
- Experienced in Infrastructure Development and Operations involving AWS Cloud platform like EC2, EBS, S3, VPC, RDS, SES, ELB, Auto scaling, Cloud Front, Cloud Formation, Elastic Cache, Cloud Watch, SNS, AWS Import / Export.
- Setup and configure Cloud Watch agents to monitor necessary health parameters of an application and AWS services.
- Blocking teh Malicious or teh vulnerable URL's in teh web application firewall when teh cyber security teams provides us.
- Job duties include not only Migrations but also working on teh daily operations tickets and new implementations.
- Troubleshooting on teh issues of teh AWS services like connectivity issues and making new implements.
- Design, implement and maintain all AWS infrastructure and services within a managed service environment.
- Design, Deploy and maintain enterprise class security, network and systems management applications within an AWS environment.
- Develop incident response workflow for DLP incidents as raised through DLP tool.
- Install, upgrade and test DLP agent.
- Perform data migration from on premises environments into AWS.
- Created new servers in AWS using EC2 instances, configured security groups and Elastic IPs for teh instances.
- Set up an Elastic Load Balancer to balance and distribute incoming traffic to multiple servers running on EC2 instances.
- Monitored instances running on EC2 using AWS CloudWatch involving creating alarms and notifying users via SNS.
- Set up Route 53 to ensure traffic distribution among different regions of AWS.
- Provided support throughout teh software life cycle me.e. Design, Code, Test, Debug and Production.
Environment: Palo Alto VM-300, VM-500. AWS console, RDS, S3 buckets, AWS endpoints, AWS API’s, Gitlab, Cloud Watch, Cloud Trails, Direct Connect, Splunk, Kibana.
Network Operations Engineer
- Knowledgeable in routing/concepts and networking protocols, including BGP, CDP, CLNS, VRRP(-E), HSRP/VRRP, IGRP,EIGRP, IS-IS, MPLS, NAT, OSPF, QoS, RIP, DNS, VLAN/PVLAN, TCP/UDP, IP, OTV and others.
- In depth noledge and understanding of teh Internet and its design (DNS, Security, IP Routing, HTTP/HTTPS, IPSEC, VPN, Email Routing, Virus Protection etc.
- Configured Bluecoat as a forward proxy for all Web URL Filtering.
- Install, configure, manage and support Symantec DLP for multiple clients.
- Knowledgeable in building a strong secure network with expertise in implementing teh organizations IDS/IPS, ISE, VPN's, ACE and Firewall solutions. Including teh auditing and event management
- Establishing a baseline ISE security rules/policy working with other service lane members
- Support network security infrastructure and controls, including, but not limited to Security Incident and Event Management (SIEM), firewalls, VPN, intrusion detection/prevention, Network Behavior Anomaly Detection, Network Level Advanced Malware Protection, TACACS, NetFlow based tools, URL filtering, NAC etc.
- Created response rules and respond to DLP incidents.
- Worked on Bluecoat Proxy SG, SG400 and CAS appliance implementation for client’s internet traffic.
- Assist with teh maintenance of Firewalls, Routers, Switches, Virtual Switches, Call Manager, Unity, Voice Gateways, VPN configuration, Wireless Controllers, Servers, and Security appliances for access to vital business applications in our private cloud and hosted.
- Hands-On experience in teh configuration, management, maintenance and support of wireless device like Clear Pass and Aruba Wireless.
- Update all policies to increase functionality of DLP 14.6 services and upgrading of client to DLP 15.0
- Worked efficiently by doing setup of Access Point Groups on teh Master Controller for Aruba.
- Extensively working on teh Aruba Wireles solutions (Controller/AP's).
- Maintain a thorough understanding of teh basics behind teh Internet and its interworking's (DNS, Firewall zones, ACL's, IP Routing, SSL, VPN, Content Filtering, etc.)
- Experience configuring, installing, and troubleshooting centralized network infrastructure such as routers, switches, ASA Firewalls, Juniper NSG, Firepower(FMC-4000, FMC-2000) etc.
- Strong noledge on migration of DDoS attacks, IPsec & SSL implementation on Cisco and Palo Alto firewalls.
- End to end testing and implementation of Bluecoat proxy, implementing autantication using client certificates and SSL interception using client sub CA certificates.
- Worked with Palo Alto firewalls PA3020, PA5020 using Panorama servers, performing changes to monitor/block/allow teh traffic on teh firewall.
- Configuring rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools.
- Solid experience with designing and deploying security solutions for Network Access Control as well as experience with Firewalls, IDS/IPS, WAF, Proxies, DLP, DDoS, and Malware inspections solutions
- Having working on
- Knowledge and hands-on experience at SME level experience with network Security Technologies Cisco ASA, Checkpoint R77.30, worked extensively on Checkpoint platforms (IPSO, SPLAT and GAIA), Cisco Any Connect, IPSec VPN, Cisco CSM and ACS, BlueCoat proxies, director and Reporter, SSL/TLS, DNS, Tacacs/RADIUS, RSA, SecureID and SNMP monitoring and reporting.
- Supporting EIGRP and BGP based on teh network by resolving level 2 & 3 problems of internal teams & external customers of all locations
- Worked extensively on Cisco ASA 5500(5510/5540) Series, Nexus 7000 Series
- Involved in Configuration of Access lists (ACL) on ASA firewall for teh proper network routing for teh B2Bnetwork connectivity
- Documenting all teh projects in word documents and plotting network Design in teh Visio.
Confidential, Dobbs Ferry, NY
- Working with Network Design and implementation teams on various projects across North America and South America.
- Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
- Experience with design and implementation of Data center migration.
- Involved in migration of network from cisco catalyst switches/ASA firewalls to Palo Alto.
- Install, upgrade and configure Next-Gen Palo Alto Firewall series PA-200,PA-500
- Migrated teh policies from Cisco ASA to Palo Alto Firewalls
- Experience on dealing with Cisco Application Centric Infrastructure (ACI) by integration hardware and software products as per network layout
- Experience on dealing with office 365 including hosting Lync web Conferencing and assisting in installing office applications.
- Worked on Source Fire and Palo Alto IPS/IDS Systems
- Selecting appropriate AWS service to design and deploy an application based on given requirements.
- Automated network implementations and tasks and designed monitoring tools using python scripting.
- Migrated complex, multi-tier applications on AWS. Defined and deployed monitoring, metrics and logging systems on AWS. Migrated existing on-premises applications to AWS
- Experience on coordinating and monitoring entire organizations Autantication, Authorization and Accounting (AAA) systems
- Installed Riverbed WAN optimizer software to run applications via WAN’s to multiple branches across east coast.
- Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
- Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
- Implementation of Juniper Firewall, SSG Series, NetScreen Series ISG 1000, SRX Series.
- Worked on Juniper NetScreen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, and ISG 200.
- Experience on cisco wireless management systems which includes cisco 8540 Wireless controller, cisco 5520 Wireless LAN controller, and virtual wireless controllers.
- Hands on experience on Cisco ISE and various network security concepts like SSH, IPsec, firewall polices and 802.1x
- Worked on Network Automation using python scripting
- Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst
- Worked on F5 LTM, GTM series like 6400, 6800, 8800 for teh corporate applications and their availability
- Work on F5 LTM, GTM series like 6400, 6800, 8800 for teh corporate applications and their availability
- Secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
- Configuring and Troubleshooting teh Juniper SRX100 and 110 series, Juniper Net Screen routers.
- Deploying and decommissioning Cisco switches, Cisco Meraki Products and their respective software upgrades.
- Experienced with Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240.
- To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
- Provided proactive threat defense with ASA dat stops attacks before they spread through teh network.
- Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
- Created Visio Dean / Visio Documentation to give complete picture of network design for each building.
- Experience in Configuring, upgrading and verifying teh NX-OS operation system.
Confidential, Owing Mills, MD
Sr. Network Engineer
- Involved in teh configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
- F5 Big-IP load balancer configuration, layer 7 load balancing using me-Rules (TCL)
- Windows Server Administration (Windows 2000, 2003 & 2008).
- Performed installation and upgrades of office 365 Business as per teh changes recommended by teh network architect.
- Performed Cisco ASA Firewall troubleshooting and policy change requests for new IP segments dat either come on line or dat may has been altered during various planned network changes on teh network.
- Conducted F5 Big-IP load balancer configuration, layer 7 load balancing using me-Rules (TCL)
- Extensive experience with F5 load balancers- LTM, GTM series like 6400, 6800, 5000 and 2000 for teh corporate applications and their availability
- Worked on Palo Alto firewall migration tool.
- Troubleshooting teh Juniper SRX100 and a hundred and ten.
- Identify, design and implement flexible, responsive, and secure technology services
- Experience with Firewall Administration, Rule Analysis, Rule Modification.
- Implemented Positive Enforcement Model with teh halp of Palo Alto Networks.
- Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process dat does not impact stream processing.
- Creating and provisioning Juniper SRX firewall policies.
- Created standard access lists to allow SNMP, NTP and logging servers.
- Documented new VPN enrollments in a database and create standard procedures for further improvement.
- Configure VRRP & GLBP and VLAN Trunking 802.1Q & ISL, STP, Port Security on Catalyst 6500 switches.
- Negotiate VPN tunnels using IPSec encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
- Provided proactive threat defense with ASA dat stops attacks before they spread through teh network.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- Co-ordinated with teh Data Network and Security team and came up with possible solutions.
- Experience on dealing with Infoblox traffic control products to simplify DNS load balancing operations
- Configuration and troubleshooting of Cisco catalyst 6509, 7613 with supervisor cards.
- Monitoring and troubleshooting network issues between client site and 85 remote sites with legacyswitches and routers.
- Performed and presented network analysis as a part of network migration. Involved in noledge transfer to vendors and provided them network support as required
- Configuration and maintenance of EIGRP and BGP network on router 7200 and 6500 MLS.
- Configuration and maintenance of 3750 stack and 6500 VSS for improved efficiency of teh data plane.
- Configuration and management of NEXUS network in teh existing network infrastructure.
- Created LAB setup with 7k and 5K NEXUS switches and Arista 7K for application testing.
Confidential, San Francisco, CA
- Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problem
- Managing enterprise BGP setup by configuring and troubleshooting BGP related issues. My responsibility
- Worked as part of a team to manage Enterprise Network Infrastructure as a Tier 3 Support Engineer.
- Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
- Configuring and Upgrading Junos Space Virtual Appliance.
- Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
- Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for teh corporate applications and their availability
- Experience in converting PIX rules over to teh Cisco ASA solution.
- Administration of ASA firewalls in teh DMZ and FWSM in teh Server Farm to provide security and controlled/restricted access.
- Configured networks using routing protocols such as RIP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
- Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
- Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
- Responsible for maintaining teh entire Routing and switching domain across teh campus / Branch to
- Head Office and also teh Layer-2 campus network across teh remote branches, which included configuring VLANs and Trunks, Spanning Tree protocol, Port-Security, VLAN-MAPs and DOT1X for switches and Wireless.
- Assisted in troubleshooting LAN connectivity and hardware issues in teh network of 100 hosts.
- Involved in analysis of client requirements to provide solutions for network design, configuration, administration, and security.
- Basic and advanced F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of teh F5 load balancers
- Troubleshooting complex Checkpoint issues, Site-to-Site VPN related. Performed upgrades for all IP series firewalls from R75-R77
- Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
- Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP.
- Created a backup and recovery policy for software application and verified peripherals are working properly.
- Monitor performance of network and servers to identify potential problems and bottleneck.
- Performed RIP & OSPF routing protocol administration.
- Worked extensively on Checkpoint firewalls for analyzing firewall change requests and implementing changes into existing firewall policies, maintaining security standards
- Involved in interaction with support services to reduce teh downtime on leased lines.
- Primarily involved in Troubleshooting issues on a day to day basis & provide solutions dat would fix teh problems within their Network.
- Monitor teh operability and reliability of teh network.
- Maintenance and Troubleshooting of connectivity problems using Ping, Trace route.
- Managed teh IP address space using subnets and variable length subnet masks (VLSM).
- LAN cabling in compliance with CAT5 standards.
- Worked along with teh team in ticketing issues