- Network Engineer & Security Analyst with 8+ years of working experience in Network Infrastructure, Security which includes designing, deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols, routing, switching, configuring, implementation, troubleshooting of complex networking system.
- Working experiences with Routers, Switches, Load Balancers, Firewalls and Proxies.
- Excellent hands on experience in configuring Cisco Nexus 2248T, 2224T, 5548P, 5596T, 6000, 7010, 7018, 7710 switches. Also implemented VDC,VPC,VXLAN,EVPN,VTEP on the Nexus 5505, 7010, 7710 switches.
- Design and implement Cisco ACI in datacenters, create a strategy that allows use of containers, cloud orchestration tools for end users and developers
- Collaborate with application owners to define dependencies, map dependencies for better application workflow within ACI or public cloud use.
- Experience in performing various configurations on Access, Distribution and Core layer switches like Cisco Catalyst 2960, 3750, 4507, 4010, 6506, 6509 switches.
- Expertise with Installation of Arista 7250QX series switches on Spine Platform
- Configured LACP, OSPF protocols on Arista 7250qx - 64 switches
- Experience in implementing and troubleshooting Switch technologies such as STP, VTP, 802.1q, VLAN,Ether channel and port security.
- Experienced on designing with Aruba switches to enable cloud, mobile, and IoT, Aruba's network switches deliver performance, automation, and built-in analytics to support current and future business needs.
- Experienced with Aruba switches for Zero Touch Provisioning and switch autoconfig for VLAN, PoE priority, and CoS with Aruba APs.
- Experienced in configuring, deploying, maintaining, and troubleshooting of routing protocols like RIP, OSPF, EIGRP and BGP on Cisco 1800, 2600, 3600, 7200 and 7600 routers. And performed Policy based routing. Proficient in configuring and troubleshooting route Redistribution between Static, RIP, EIGRP, OSPF, and BGP protocols and in Route Manipulation.
- Expert level knowledge on IP Addressing, Sub netting, VLSM, OSI model, TCP/IP model. Using IP Address Manager (IPAM) provides a centralized management of the IP address space, including IPv4 and IPv6 Address Management.
- Proficient in implementing first hop redundancy protocols like HSRP, VRRP, and GLBP. Understand the JUNOS platform and worked with IOS upgrade of Juniper devices.
- Experience in creating security zones and security policies on branch Juniper SRX 240 and SRX 100 firewalls. Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers. Proficient in implementing Security policies like NAT, PAT & Access lists.
- Experience in deploying Frame-relay, GRE tunnels, Remote Access VPN and Site-to-Site VPN. Expert in configuring and implementing proxy servers and Authorization, Authentication & Accounting (RADIUS, TACACS+).
- Experiences with Cisco Nexus Fabric Extender (FEX) (222, 2248). Experience in design, Deploying & Troubleshooting F5 Load Balancer Includes BIGIP Series 5050V, 10000V, 8900, 6900, and 3900.
- Experience in configuring F5 objects, components and provisioning various modules like LTM. GTM, ASM, APM.
- Experience in dealing with iRules, TMSH CLI which includes TMOS 10.2.4V - 11.6.0V and various troubleshooting tools like Qkview, IQdump and iHealth diagnostic tool. Experiences in Deploying & Troubleshooting policy management on Web Proxies.
- Experiences dealing with OS upgrading/Patching for various vendors like F5 (TMOS), CISCO (IOS, NX-OS), PANOS, JUNOS, Web sense, Bluecoat.
- Experience in administration and designing web proxies which includes Bluecoat. Experience in dealing with centralized management tool for rule-based policy like Solsoft.
- Experience with McAfee and Splunk SIEM tools for log analysis and threat management analysis.
- Proficient in using IronPort for email security in Exchange email system to stop spam, viruses, and other threats
- Redesign Active Directory OU Structure.
- Experience in design, installation, configuration, maintenance, migration and administration of Check Point Firewall R55 up to R77. Experience in Policy based filtering using Palo Alto Firewalls.
- Working knowledge and demonstrated experience on the PAN-OS 6, 7.1, and 8.0 versions; PA 220, PA 820, PA-2K, PA-3K and PA-5K firewalls.
- Worked on the URL filtering and upgradation of Palo Alto firewall from PAN-OS 7.1 to PAN-OS 8.0.
- Worked on Application load balancing with Cisco ACE, F5 LTM, GTM, APM, Citrix NetScaler’s and A10.
- Proficient and high-level expertise using the F5 based profiles, monitors, VIP’s, pools, SNAT, SSL offload, SSL pass through, SSL bridging, iRules, iAPPs. Migration experience from ACE to F5/ old F5 to New F5. Expert in TMSH. TMG to F5 migration in DMZ
- Experience working with Palo Alto GUI Panorama. Experience in migrating Check point to the Cisco ASA Devices. Also migrating from Cisco to Palo Alto.
- Extensively used the packet capture tools like TCP dump, Wireshark and snoop on the devices to identify the potential network issues.
- Windows Server 2008 RC0, Windows 2003 Server R2, Windows 2000 Server, Citrix MetaFrame XP, Windows NT 4.0 3.51, Novell Netware 4.x/5.x, Windows Vista Enterprise Edition, Windows 2000 Professional, Windows XP, Windows ME, Windows 98, Windows 95, Windows 3.1, DOS v3.1-6.22, Microsoft Virtual Server 2005 R2, VMware ESX Server 3, VMware VMotion, VMware Server.
- Proficient in using Network Management Application layer software’s like SNMP, Solar winds, NTP and Syslog. Proficient in using MS Visio for documentation purposes. Hands on experience in configuring VoIP phones using asterisk.
Cisco Switches: Nexus 7K, 5K, 2K & 1K, Cisco routers (7200, 3800, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 2900series).
Cisco Routers: Cisco 2600, 2900, 3600, 3900, 7200 and 7600 series
Infrastructure services: DHCP, DNS, SMTP, FTP, TFTP
LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- Channel, VLANS, VTP, STP, RSTP, 802.1Q, SVI
Routing Protocols: RIP, IGRP, EIGRP, OSPF, BGP, HSRP, VRRP, & GLBP.
WAN technologies: Frame Relay, ATM, MPLS, leased lines & exposure to PPP, T1 /T3 & SONET.
Firewall Technologies: Cisco ASA 5580 series, PANOOS 2020, Juniper SRX, Palo Alto, Checkpoint.
Network Security: NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, Load Balancing, IDS/IPS, SSL, IPSEC, IKE, Static, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)
Network Management: SNMP & knowledge on Cisco Works, Ethereal.
Platforms: Cisco IOS (11.x, 12.x), LINUX, Nexus OS, Windows XP.
Documentation: MS Office, MS Visio
LoadBalancer Technologies: F5 BIG-IP LTM.
Confidential, Topeka, KS
Sr. Network Engineer
- Deploying and decommissioning Cisco switches/Firewalls and their respective software upgrades. Hands on experience in Installing and Configuring Palo Alto PA-3060 Firewalls to protect Data Center.
- Implemented Palo Alto solution for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
- Experience in Configuring VPN, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
- Worked on Aruba Access Switches which gives performance of deliver simplicity, scalability and security for smooth wireless and IoT aggregation
- Worked on Aruba Core Switch Aruba 8400 used to simplify and automates complex tasks by extending intelligence and visibility to the network core with Aruba OS-CX.
- Configured Aruba switches for traffic policy enforcement and services, private VLANs, 802.1X, Web and MAC authentication, ACLs, virus throttling and ready for software defined networks with REST APIs and OpenFlow support
- Performing troubleshooting on slow network connectivity issues, and Performance on F5 and Cisco ASA Firewalls. To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
- Maintained TACACS+/RADIUS Servers for AAA authentication and User authentication. Provided VPN services to site-to-site and, Remote access VPNs using IPSec tunneling. Work with IP for any vulnerabilities /ACLS and remediate as needed.
- Experience Arista Cloud Vision on a POC. Knowledge on Spine leaf Architecture in Data center. Worked on EVPN, VXLAN, VTEPS, Bridge Domains, MP-BGP etc.
- Helped design and build out a very large 100G Layer3 Leaf & Spine architecture (eBGP) using Arista switches to support the network consolidation in the new data center
- Maintenance and trouble-shooting of LAN, WAN, IP Routing, Multilayer Switching.
- Configured iWAN utilizing PFR (Performance Routing). WAN Pilot project to convert branch from dual T1 circuits to iWAN only broadband circuit. To Enable Internet WAN connectivity for the Lab.Test and turn-up IWAN link and disable the 2 existing T1 circuits, running branch on IWAN only.
- Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators. Configured Cisco ISE for Domain Integration and Active Directory Integration.
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
- Extensive Knowledge in configuring and troubleshooting as well as creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 load balancer LTM for load balancing and traffic management in DC environment.
- Tests security measures to reduce and mitigate risk. Actively probes the network for new threats and risks.
- Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls. Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
- Design and implement global Active Directory migration in support of confidential divestiture.
- Renovate, design and implement Microsoft Active Directory (Access Controls, Group Policy, Kerberos Authentication, naming standards, trust relationships, best practices, security policies and standards)
- Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 5000 and 2000.
- Policy Reviewing, Audit and cleanup of the un-used rule on the Firewalls using Tufin and Splunk.Rule and URL filtering remediation for Palo Alto devices. Maintain and manage Splunk related issues.
- Performed upgrading of load balancers from citrix to F5 BigIP load balancer to improved functionality, reliability and scalability in the system.
- Conduct regularly scheduled reviews of the organizations firewalls (rule sets, VPN).
- Using Splunk to extract useful data from syslog events and using this to formulate permit rules. Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
- Experience with configuring Cisco 6500 VSS in Distribution layer of the Data center network. Worked on configuration of BIG IP (F5) Load balancers, also monitored the Packet Flow in the load balancers. Upgrades/Downgrades of F5 TMOS, Hot-fix installations depending on need.
- Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability Configuring ASM policies for external applications. Administrating on F5 LTM, GTM, ASM, APM on series 5050
- Created an automated backup procedure for all F5 load balance appliances. Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
- Troubleshoot remote access services like Citrix NetScaler, Cisco VPN clients and for the users to access their enterprise network. Monitoring and analyzing traffic on Check-Point and FortiGate Firewall.
- Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers. Worked on Catalyst 4506E, 4507, 6503E and 6506E series switches along with Nexus 5020 switches in change of configurations and maintenance. VSS on 6506E switches maintenance to provide dual homing for the consumers as well redundancy.
- Proficient in Configuring VPC between the Cisco Nexus 7k, 5k. Scheduled maintenance of Nexus 2248, 5548 and 7010 switches so that there are no Orphan ports in the network.
Environment: Palo Alto PA-3060, switches/Firewalls, Access List, VPN, Cisco ASA, IPsec, ISE, LTM GTM, Tufin, Splunk, Load balancers, Check-point, Citrix NetScaler, Nexus 2k,5k,7k, F5 Load balancing (LTM, GTM, APM, AFM, ASM)
Confidential, NYC, NY
Senior Network Engineer
- Performed network engineering, design, planning (WAN & LAN) & implementation. Studied single point failures & designed WAN structure in such a way that there are no failures in network in case of any device or link failure.
- Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches. Configured Cisco ASR routers such as ASR 1013, 1009-X, 1006, 1006-X, 1004, 1002-HX, 1002-X, 1001-X routers.
- Extensive experience in building python management controllers for deploying storage, networking and compute Node configuration. Wrote a variety scripts in PowerShell and Python to monitor performance, automate tasks, and generate reports
- Actively involved in Switching Technology Administration including creating and managing VLANS, PortSecurity-802.1x, Trucking 802.1Q, RPVST+, Inter-VLAN routing and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Cisco Nexus Switches 2232,5596,7009.
- Setting up VLANS and configuring ISL trunk on Fast-Ethernet channel between Switches.
- Implemented zone based firewalling and security rules on the Palo Alto Firewall. Experience with convert Palo Alto VPN rules over to the Cisco ASA solution.
- Migration with both Palo Alto and Cisco ASA VPN experience. Network-wide implementation of F5 Traffic steering nodes with TCP acceleration.
- Determining the functionality with the DNS naming conventions and migrations from old load balancing environments to the F5 environment.
- Worked with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
- .Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
- Worked with network services like DNS, DHCP, DDNS, IP4, IP6, IPsec, VPN, etc. Worked with the physical server migration to AWS data center.
- Involved in designing and implementation of AWS network and connectivity b/w physical and AWS DC.
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience. Drafted, installed, and provisioned ASA and Checkpoint firewall rules and policies. Implemented Site to Site connections for third party connectivity using Cisco ASA firewalls.
- Skilled in virtualization for testing, deployment and migration of Exchange on premise and Exchange online and migration of user mailboxes in Exchange.
- Virtualization using Microsoft Hyper-V in Exchange migrations and client-side apps.
- Understand the JUNOS platform and worked with IOS upgrade of Juniper devices. Designed and implemented security policies using Palo Alto firewall. Configured and maintained 26th NOS network security team devices including IDS, Palo Alto firewalls, Bluecoat web proxies, and load-balancers.
- Worked extensively on Cisco Firewalls, Cisco (506E/515E/525E) & ASA 5500(5510/5540) series. Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
- Worked extensively on Controlling the Traffic, creating the groups, SSL offload and SSL certification on F5 load balancer. Configuration of Citrix NetScaler and F5 LTM, GTM load-balancers based on project requirements. Moving all the application traffic to converge only throughout the enterprise network and move the GSLB (Netscaler) to F5 GTM internal/external.
- Configuring and implementation of Juniper Firewall, SSG Series, Netscreen Series ISG 1000, SRX Series. Configured routing policy for BGP. Switching related tasks included implementing VLANs and configuring ISL trunk and 802.1Q on Fast-Ethernet channel between switches.
- Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers and Cisco ASR 9K routers. Provided application level redundancy and availability by deploying F5 load balancers LTM.
- Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000. Operation and troubleshooting of Juniper routers, HP/H3C network switches and Riverbed accelerators. Deploying and decommissioning the VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
Environment: Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800), switches (6500/3750/ /2950 ), EIGRP, RIP, OSPF, Voice Gateways, BGP, VPN, MPLS, Ether Channels, Cisco Catalyst Switches, ASR Routers, Juniper Firewall, Net screen Series ISG 1000, SRX Series, Junos, Bluecoat Web Proxies, Python, Shell and Perl Scripting.
Confidential, Charlotte, NC
Senior Network Engineer
- Established, managed, and optimized network uptime and provided end-user support for users.
- Worked closely with the security team on the deployment and troubleshooting of Cisco ASA firewall to apply policies.
- Provided high level of security to the network by installing ASA 5500 along with ACLs.
- Establishing VPN Tunnels using IPsec encryption standards and configuring site-to-site VPN, Remote VPN.
- Defined policies, NAT and anti-spoofing for internal, external networks as well as Internet gateways.
- Designed and implemented DMZ for Web servers, Mail servers & SNMP, FTP Servers using Cisco ASA Firewalls.
- Configure Syslog server in the network for capturing and log's from firewalls
- Installed and configured high availability Big IP F5 LTM, Adding virtual IPs, nodes, pools and health monitoring
- Configured Virtual Servers object and associated with derived pool. Also perform Static and Dynamic Load Balancing.
- Performed priority based pool member activation to manipulate load on servers.
- Implemented High Availability Configuration on F5 LTM Load Balancer, Failover backup environment in case of any failure.
- Hands on experience in implementation and management of Wireless networks, which includes Cisco Light Weight Access Points (LWAP) and Cisco Wireless Controllers
- Provided Tier 3 support to Data Center (Server, Cisco Catalyst and Nexus Devices) and handle incident tickets related to the issues in the Firewall, Routing, Switching and Wireless Devices
- Worked on Nexus devices for implementing Virtual Port Channels, Profiles and VPC peer links using fabric path. Also Configured Nexus 2k (FEX) to act as a remote line card to the nexus 5k switches.
- Performed upgrades to Nexus 7K and 5K switches at the core and distribution layers in datacenter.
- Experience working with design and deployment of MPLS layer 3 VPN Cloud, involving VRF, Route Distinguisher, Route target, Label Distribution Protocol.
- Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocols like OSPF, BGP with Access Control lists implemented as per Network Design.
- Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists.
- Involved in VRRP configuration and troubleshooting and Port channel management of the network.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST,.STP features: Port Fast, Backbone fast, Uplink fast, BPDU Guard
- Experience in Network Management Tools and sniffers like SNMP, Wire shark and Cisco works to support 24 x 7 Network Operation Center.
- Monitoring Network infrastructure using SNMP, Solar winds and Opnet.
- Communicating and escalating tickets with service providers for network outage issues.
Confidential, Richardson, Tx
- Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900. Key contributions include troubleshooting of complex LAN/WAN infrastructure that include
- Configured firewall logging, DMZs, related security policies and monitoring. Creating private VLANs & preventing VLAN hopping attacks and mitigating spoofing with snooping & IP source guard
- Installed and configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN on Cisco PIX Firewall. Enabled STP enhancements to speed up the network convergence that include Port-fast, Uplink-fast and backbone-fast.
- Providing direct support for all hardware moves, add and changes for the VoIP devices and troubleshooting with customers onsite and remote.
- Provided operational support for network topologies and connections TCP/IP, ATM, VoIP, MGCP, and MPLS.
- Experiencing working with end users supporting and setting up new accounts with 7900 series VoIP phones for Configuring CUC & CUCM.
- Configuration and maintenance of Call Manager, CUC, IP Phones, IP Communicators, troubleshooting user related issues, proactive and reactive monitoring of VOIP Server and VOIP Gateways.
- Negotiate VPN tunnels using IPsec encryption standards and, also configured and implemented Site to Site VPN and remote VPN. Performing the ACL requests change for various clients by collecting source and destination information from them
- Work with application team and Information security for ACL renewals and ACLS aging. Hands on Experience on IPAM tool used for periodical scans a subnet and provides the availability status of IP addresses in that subnet.
- Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card. Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
- Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks. Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the IP addresses from Subnet.
- Anti-Virus Server Implementation, Design, and Reporting
- Windows 2003 Server Implementation / Windows Vista Migrations
- Microsoft SQL Server 2005 Installation Database Conversions / Administration
- Experienced with Checkpoint VPN rules over Cisco ASA VPN. Which filters traffic by inspecting the application layer.
- Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity. Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices
- Team player in a data analytics environment, maintaining network capacity, integrity, and performance of client connectivity and data centers leveraging Devices, Solar winds as the primary toolset and VPLS as the key technology
Environment: Cisco routers 7200, 3700, Cisco switches 4900, 2900, VLANs, TCP/IP, ATM, VoIP, MGCP, and MPLS, ACL, Cisco Voice (H323/MGCP/SIP, CUCME, CUE), protocols BGP, EIGRP, OSPF and DNS, Data Center Migration
Network Infrastructure/ Technical Analyst
- Responsibilities included taking care of the IP Addressing in the organization which included designing new subnets based on the requirements.
- Involved in implementing & Designing the switched network. Configured STP, VTP and dot.1q in switching network. Created VLAN& Inter-VLAN Routing with Multilayer Switching. Configured and Maintained TACACS for AAA. LAN Cabling in compliance of CAT5 standards.
- Assisted in Troubleshooting LAN connectivity and hardware issues in the network of 100+ hosts. Maintained Redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
- Performed RIP, OSPF, EIGRP routing protocol administration. Palo Alto design and installation, which includes Application and URL filtering Threat Prevention and Data Filtering.
- Learned and tested various BGP parameters like Local Preference, MED, Weight, and replicated customer issues in the Lab environment.
- Involved in monitoring the performance of the network, thereby identifying the bottlenecks in the network, troubleshooting the connectivity problems using Ping, Trace route, and Telnet.
- Involved in troubleshooting IP addressing issues and Upgrading IOS images using TFTP. Daily responsibilities included monitoring network connectivity, administration of the remote location.
- Analyzed and studied Client requirements to provide solutions for network design, configuration, administration and security.