- Cisco certified network consultant with more than 7 years of experience in Network data and Network security domain.
- In - depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), NAT, VLAN, STP, VTP, HSRP & GLBP, QoS.
- Routing & switching troubleshooting for various Cisco, Juniper and Arista platforms and equipment.
- Strong hands on experience in layer-3 Routing and layer-2 Switching. Dealt with Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series, Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches, Juniper routers E, J, M & T-Series and Juniper EX series switches EX8200, EX4500, EX4200, EX3200, EX2500, EX2200.
- Experience working with Nexus 9K, 7K, 5K, 2K devices.
- Working knowledge of T1/T3, OC3, OC12, OC48, DSO, DS1, DS3, DS12, engineering and administration. Wide exposure to LAN/WAN setup, installation, configuration and commissioning of network devices. VLAN setup, configuration and troubleshooting.
- Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
- Well experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
- Switching tasks include VTP, ISL/ 802.1Q, IPsec and GRE Tunneling, VLAN, Ether Channel, STP RSTP.
- Installed Aruba wireless controllers, APs, and Airwave.
- Experience in designing MPLS VPN and QoS for architecture using Cisco multi-layer switches.
- Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
- In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, GigE circuits, Firewalls.
- Experience on Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77, R80 etc.
- Configured Check Point clusters with Nokia box and crossbeam.
- Checkpoint with product like Nokia IP 390, 560, 690, 1280, 2450, 61000 etc.; in Provider-1 environment.
- Experience on Working in handling and installing Palo Alto Firewalls.
- Experience in deploying Check Point Provider-1 NGX and configured CMAs.
- Work exposure in QIP, Bluecoat Proxy, Bluecat IPAM & DNS services.
- Experience in deploying and maintain Cisco PIX and ASA firewalls.
- Extensive Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols on Palo Alto firewall as well as cisco ASA and checkpoint.
- Migrated and implemented new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X.
- Involved in troubleshooting network traffic and its diagnosis using tools like ping, traceroute, WireShark, TCPdump and Linux operating system servers.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX Security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
- Worked on Juniper Netscreen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, and ISG 200.
- Deployed site-to-site VPNs over IPsec and GRE.
- Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
- Experience in configuring Client-to-Site VPN using IPSEC VPN on SRX series firewalls.
- Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
- Experience in configuring, implementing and troubleshooting F5 load balancer in the enterprise network
- Worked on F5 Local Traffic managers (LTM), Global traffic manager (GTM) of series 8900, 6400, 6800, 3400, 5100, 3600.
- Deployed F5 Enterprise manager of 4000 series for the all cluster devices over the network for easier management of configurations like SSL certificates, disable and enable of nodes states.
- Risk Analysis of Networks and Troubleshooting with Documentation.
Routing Protocol: (BGP, OSPF, EIGRP, IGRP, IGMP, RIP, IS-IS), Routed Protocol TCP/IP, Multicasting (PIM).
Management tools: SNMP, Syslog, HP Open View NNM, Sniffer, and Wireshark
LAN Protocol: VLAN, VxLAN, PVLAN, VTP, Inter-vLAN routing, ISL, dot1q, STP, IS-IS, RSTP, MSTP, ISL PVST, LACP, HSRP, GLBP, VPC, VDC, Ethernet, Port security.
WAN Technology: Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3, MPLS
Network Management: SNMP v2, v3, Cisco Works, 3Com Network Analyzer, MRTG, SolarWinds, and Orion
Wireless Platforms: Juniper QFX, SRX, MX, EX Series Routers and Switches, Aruba wireless (224, 225, 315, 325 and WLC 7210), Airwave, Meraki, Enterasys.
Operating systems: Linux, UNIX, DOS, Windows XP/2007/8, Windows 2003 server and Windows 2008 server
Firewalls: Check Point R65/R70/R75, ISA 2004/2006, Palo Alto PA-500/PA-2K/PA-3K/PA-5K, ASA 5585/5520/5510
Network Security: Working knowledge of Firewall, Cisco IOS, ASA, Cisco FWSM/PIX/ASDM, Cisco ISE, Sourcefire IPS/IDS, Cisco NAC, IPsec, Nokia Checkpoint NG, IPS/IDS, VPN
Application Protocols: DHCP, DNS, FTP, HTTP, SMTP, TFTP
Virtualization: VMWare NSX, DSV Technologies, OpenStack (Cloud)
Sr Network Security Engineer
- Define engineering requirements by translating business needs, prepare network level design and architecture layout for new business requirements for Confidential ’s worldwide Network Security datacenter and cloud infrastructure.
- Design and create strategic plans and layouts for data communication networks (LAN and WAN) based on existing Confidential network templates and create new templates, if required. Represent and justify the proposed solution to the GDA (Global Design Association) and architecture committee for further deployment evaluation.
- Provide advanced technical leadership and expert consultation for new or ongoing project activities, including related subsystem upgrades for mission critical datacenter network devices and services such.
- Configure and administer all wired and wireless network and security infrastructure devices in multi-vendor complex Confidential environment consisting of Cisco, Palo Alto, Checkpoint, Juniper, Fortinet, Citrix, F5 load balancers, ZScaler appliances and devices.
- Responsible for technical management, design, support, and administration of the Corporate Firewalls (Palo Alto NGFW), IPS/IDS systems, Proxies (ZScaler) and VPN to protect network perimeter at highest security level.
- Implement Open System Interconnection (OSI) network standards and adapt those for common TCP/IP based services such as DNS, DHCP, FTP, TFTP, SSH, HTTP/HTTPS, LDAP, AAA (TACACS, RADIUS).
- Configure, administer and maintain Confidential routers using complex networking protocols such as: VLAN, Trunks, different flavors of STP, DCI, BGP, OSPF, EIGRP, VXLAN, L2 MPLS, L3 MPLS VPN, HA, Multicast, multi-tenancy.
- Modernize Confidential ’s existing firewall infrastructure by designing and deploying Next Generation Firewall (NGFW) solutions utilizing various migration tools and methodologies.
- Prepare end to end procedure for migrating conventional IP and port-based firewalls to Palo Alto’s NGFW capable of deep packet inspection at application layer (APP-ID).
- Forecast and assist in submitting purchase orders / Bill of materials (BOM) under provision budget for new network infrastructure appliances such as Palo Alto firewalls, Panorama management servers, Log collectors, Firewall WAN modules, Device licenses, Core and aggregation layer switches etc.
- Enable new capabilities such as WildFire, URL filtering, Anti-Malware protection, Global protect VPN etc. for NGFW based on individual business requirements.
- Deploy Confidential ’s SDP (Software Defined Perimeter) solution- ZScaler gateways on-premise and over the cloud, securing employees’ remote access to cloud and on-premise applications, all while keeping sensitive data within the Confidential ’s network infrastructure.
- Build Confidential ’s global private access infrastructure to control access to Confidential ’s on-premise applications for end users. Deploy application-based connectors, virtual machines to connect application servers to ZScaler proxy cloud.
- Create and maintain application-based policies on ZScaler proxy portal for restricting or allowing users as per Confidential ’s security guidelines.
- Build Confidential ’s centralized Internet access infrastructure to control access to Confidential ’s outbound internet traffic for end users.
- Create custom policies to decrypt HTTPS based traffic, perform deep packet inspection, and grant permissions for authorized website categories.
- Create custom policies to bypass SSL inspection for business sensitive web traffic due to audit/compliance requirements.
- Prepare and deploy access control policies for different Confidential ’s Wired & Wireless systems and users according to IEEE (802.1X) standard using SSL certificate authentication.
- Migrate old firewalls device state and configurations to new Palo Alto firewalls using different tools such as Expedition tool. Validate and fix new firewall ACLs, NAT rules, VPN configuration settings etc. Develop and Implement custom scripts (using PowerShell, Batch etc.) to validate firewall configuration and rules are correctly implemented.
- Perform end to end lifecycle support for activities like Initial review, design, procurement, deployment, upgrade, migrate, cutover and decommissioning for Networking products such as Cisco ASA firewalls, Palo Alto Next Generation firewalls, ZScaler and Bluecoat cloud proxies etc.
- Validate the Confidential ’s Identity Access Management (IAM) solution configurations such as Cisco ACS, Cisco ISE, Okta, RSA etc. to manage permission groups for individuals and setup provisions for private network.
- Validate and Coordinate with Confidential ’s global datacenter hardware support teams for deployment and cabling of newly purchased devices across Confidential regions such as EMEA, APAC, Japan, Russia, Korea, China, India and Israel.
- Proactively identify vulnerabilities that are applicable to networking systems and datacenter appliances, determine their severity and urgency, develop and propose corrective action plans, ensure successful deployment and perform necessary actions to verify that corrective actions are effective.
- Lead the review and analysis of security policy exceptions in consultation with business units. Re-write and Re-design the firewall rules and policies to cater business requirements without compromising the security.
- Propose and develop encryption solutions for different business requirements to protect sensitive information. Create tunnels (GRE, SSL, IPSec, DMVPN etc.) to protect data in motion between multiple data centers and sites.
- Establish the governance model to ensure the Confidential Network (Wired and Wireless) requirements are complied with and any residual risks are accepted and recorded. Run solution engineering reviews on key programs, influence and modify the design and collaborate with Delivery teams for the deployment.
- Troubleshoot complex issues involving network devices using different tools such as Wireshark packet tracer, TCPdump, Splunk etc.
- Coordinate the review of complex network periodically and new network hardware prior to installation to ensure that the network design adheres to Confidential security policies.
- Ensure that notification is sent to all Stakeholders for required changes/upgrades using appropriate ticketing systems (Jira, Service Now etc.). In addition to that, integrate into customer staff, culture, and processes.
Network & Security Engineer
- Assisting in design, implementation, troubleshooting and maintenance of network (Layer 2 & Layer 3) and network security system in Energy management system environment (EMS).
- Comprehensive knowledge of the methodologies and principles of Change Control Process.
- Involved in complete LAN, WAN development including IP address planning, designing, installation, configuration, testing, maintenance etc.
- Worked on Cisco Layer 3 legacy switches 6509, 4510, 3948, and Cisco ASR 1000 (1002, 1001 WAN platforms) routers in multi VLAN environment.
- Providing support to multi-site critical EMS network with MPLS L3VPN connectivity.
- Designed, configured and troubleshoot protocols such as MP-BGP, OSPF, LDP, EIGRP, BGP v4, VLANs, Trunking, VTP for new network infrastructure.
- Administrated Local VLANs based on department requirement, and configure ports with static VLAN assignment, static 802.1Q trunks for layer 2 forwarding.
- Utilize VLAN Spanning Tree in conjunction with PVST+ for Cisco switches. Configure edge ports for fast transitioning into the forwarding state to fasten workstation startup connectivity delays.
- Modify spanning tree parameters for manual root bridge assignment. Implement ether-channels between each switch. Modify ether-channel load balancing method.
- Performed Rack/Stack, mounting, cabling of switches, Cisco UCS B/C servers and IT hardware in EMS Data Center for network refresh project.
- Working closely with Network architect for migration of Cisco EOL/EOS switches with new next gen Nexus 9K (93108, 93180 EX/FX) in production data center.
- Implementing features like FEX Links, VPC, VRF, VDC, OTV, and Fabric Path in Nexus based data center.
- Configured HSRP between two uplink Layer 3 devices to avoid single point of failure issues at access layer switches and servers.
- Regularly update Cisco IOS, NX-OS, FX-OS on different Cisco Switches, Routers and Firewalls with zero downtime to avoid vulnerabilities.
- Deployed FTD code on ASA platform, Firepower appliances (4110, 2110) running on FXOS and managed through FirePower Management Center (FMC).
- Migrated 10 production Cisco legacy Firewall modules including FWSM, ASA 5515, 5525,5540 with Next generation Cisco FirePower 2110 and 4110 (ASA, FTD code) for deep packet inspection.
- Implemented standard, extended ACL, object groups, NATs to control traffic and configured VPN (SSL, IPSec, AnyConnect, Site-to-Site) for remote connectivity and work from home users.
- Designed and deployed DMZ for SMUD’s corporate Web and Application servers.
- Implemented Cisco ISE (Standalone, Distributed Setups) for delivering consistent, highly secure access control across wired and wireless multivendor networks and remote VPN connections.
- Upgraded Cisco ISE 2.0 version with ISE 2.2 code.
- Integrated Cisco ISE with LDAP sever and configured different features such as wireless onboarding (BYOD), posture assessment settings, wired/wireless NAC etc.
- Configured profiling, probing and MAB (MAC Address Bypassing) for different category of devices using Cisco ISE.
- Installed and configure a variety of Cisco wireless equipment such as 4400 and 5500 series Controllers (WLC), 1850, 2800, 3800 series APs, and various wireless antennas such as Omni-directional and panel type antennas.
- Prepared documentation for site surveys such as site and building floor plans and diagrams, as well as development of heat maps for current and future wireless deployments.
- Managing and monitoring all network devices using SolarWinds and IBM QRadar solution. Performed fault analysis, availability and performance review of SMUD’s critical infrastructure using SolarWinds SNMP tool.
- Managing IP addresses, and DNS/DHCP server IP reservation through SolarWinds centralized solution.
- Prepared and updating documents and network diagrams using Microsoft Visio for new installation and design updates.