PROFESSIONAL SUMMARY

• Highly accomplished Network Security Engineer/Consultant with over fifteen years experience providing solutions for mission critical network systems. Successful history of leading networks infrastructure deployments and enhancements. Detail - oriented with a track record of delivering infrastructure enhancement on time with minimal impacts to production. Expert in developing procedure that improve information security and business continuity.

TECHNICAL SKILLS

Protocols: 802.1x, BGP, EIGRP, OSPF, IS-IS, (IPv4/IPv6), MPLS, PIM, MOSPF, DHCP, DNS, IGMP, GRE, ARP, CDP, LLDP, HSRP, VRRP, GLBP, PAgP, LACP, DTP, PPP, VTP, PVST, PVRST, MSTP, VLAN, Private-VLAN, TCP/IP, Ethernet, NetFlow, RIP and RIPng.

Security: Cisco ASA 5500-X NGFW with FirePOWER, Cisco ISE 1.x/2.x, Cisco ACS, Cisco NAC, IPS, IDS, VPN with IPsec/SSL, RADIUS, TACACS+, Cisco AnyConnect, ASDM, Cisco TrustSec, Cisco BYOD, FirePOWER 4000/9000 with AVC, NGIPS, AMP for End-Point, Cisco-IronPort ESA, WSA, SMA appliances, URL Filtering, DDoS, Paloalto Networks NGFW, WatchGuard XT, CyberSecurity, L2/L3 VPN, TLS, AH, ESP, SSH, HTTPS, SFTP, DES, 3DES, AES, MD5, SHA, PSK, RSA, DH, Digital Certificate, CA, PKI.

R & S: Cisco ISR 4500/6500/6800,800/900/1800/1900/2800/2900/3800/2900/3900/2600/2500, 3400/3500/3600/3700, Switch Stacking, PoE, Access Point, Cisco WLC, Cisco Meraki.

Data Center: Cisco NEXUS 9000/7000/5000/2000/1000, Fabric Extender, Cisco UCS B & C Series Server, FCoE, iSCSI, LISP,OTV, TRILL, VXLAN, SAN, Cisco MDS 9000 NAS, EMC NAS.

Software/OS: Cisco IOS/XE/XR, Nexus-OS, Cisco IOU/IOL, SDN, Cisco APIC-EM Controller with Cisco 4000, Cisco PRIME, Cisco DNA, Ubuntu Linux, Microsoft Windows, Novel Netware, MS Exchange, MS SQL Server, IIS, VMware, Cisco WebEx, Adobe Connect, TeamViewer, Visio, KALI Linux.

WAN: MPLS, Carrier Ethernet, SD-WAN, Cisco iWAN, Viptela, Cloud Computing (IaaS, PaaS, SaaS), AWS, Frame-Relay, ISDN, T Lines, OC lines, Cisco CRS, Traffic engineering & shaping, WiFi, WiMax, IP SLA, IPv6, PBR, PfR.

Collaboration: Cisco Call Manager, UCM, Unity, Cisco IP Phones, Voice Gateways, QoS, SIP.

PROFESSIONAL EXPERIENCE

Confidential - New YorK

Lead Global Network Security Engineer

Responsibilities:

• Design & Deploy Centralized AAA (RADIUS/TACACS+) solution with Cisco Identity Service Engine v2.3 patched with endpoint Profiling & Posturing, BYOD and AD integration with 802.1x. Configured NAD (Access Switches, AP, wLC and Cisco ASA) to work with Cisco ISE for Wired/Wireless/VPN users. CWA for Guest Access. TACACS+ for Device admin. Centralized Policy Enforcement with Policy Set and Conditions studio.
• Lead the team of engineers for a global Migration project of WatchGuard XT Firewall into Cisco 55XX Adaptive Security Appliances at 35 worldwide locations including North America/Europe/Africa and Asia.
• Responsible for creation, review, and update of current security policies, process, and procedures and migrate them to Cisco ASA policies with centralized Policy automation & control through Cisco ASA Policy Manager.
• Design and Implement Cisco FirePower services for Threat Centric.
• Design and Implement Data Center setup with Cisco Nexus 9k at NJ/London/Singapore location and connect them with Cisco VPN in Full - mesh and Site-to-Site with all 35 worldwide locations along with Fault Tolerance.
• Complete Design and Implement worldwide wireless solution with Cisco Meraki products and centralized Meraki Cloud based Dashboard management.
• Configured & Document entire security solution and draw worldwide schematic with Visio along with complete details of LAN (VLAN/OSPF) & WAN (BGP).

Confidential - New Jersey

Lead Network & Security Engineer/Consultant

Responsibilities:

• Design and Implement Cisco ISE 1.x/2.x in a Single and Distributed deployment with Cisco SNS-3400/3500 Hardware and Virtual (Microsoft Hyper-V/VMware) with PAN/PSN/MnT Personas.
• Design and Deploy Cisco ISE Posturing, Profiling and BYOD (CWA-Guest Portal) services with Policy sets.
• Deploying ISE in wired/wireless/VPN environment to perform Dot1x port based authentication configure the Posture polices perform Change of Authorization CoA for users connecting to the corporate network.
• Integrating & Configuring Cisco ASA Firewalls with ISE to the Posture policy compliance perform CoA for remote VPN IPSec, SSL AnyConnect users.
• Configured Cisco Catalyst Switches and Cisco Wireless controllers (PEAP, EAP-Fast) and Cisco ASA for 802.1x Authentication support with RADIUS/TACACS/MAB (MAC Authentication Bypass) and integration of ISE 2.x with Microsoft Multi-AD backend.
• Integrating ISE with external identity stores such as Windows AD, Cisco ACS LDAP.
• Expert level Design and Configuring BGP and MP-BGP, EIGRP for IPv4/IPv6, OSPFv2/v3 and RIP & RIPng routing protocols for IPv4 & IPv6 enterprise network.
• Design and Deploy L2/L3 Architecture with Access, Distribution and Core layers using Cisco and Non-Cisco hardware.
• Design, Deploy and Manage multiple Network & Security Full Life cycle projects with Global organizations in a multi-vendor environment.
• Lead and Coordinate Security & Network teams on multiple projects including Security, Routing & Switching, Data Center and WAN.
• Oversaw external vendors and consultants on delivery and implementation teams which impact existing and new security solutions
• Performed LAN, DMZ, and internet facing security scanning of mission critical devices on corporate and guest network for potential vulnerabilities, malicious programs and recommended appropriate actions.
• Served as an Architect, designed and created documents and process flow for implementation and configuration of the entire Project life cycle.

Confidential - Chicago, IL

Network Security Engineer/Consultan

Responsibilities:

• Working on PIX (506, 515, 525, 535), ASA (5505/5510) Firewalls.
• Implementing security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
• Dealt with monitoring and packet capture tools like Wire-shark, etc.
• Installation, Configuration and Administration of Windows Servers 2000/2003, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under various LAN and WAN environments.
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate.
• Network redesign for branches / Campus Locations.
• Changing both the voice and data environment.
• Replacing branches hardware with new Cisco routers and switches.
• Performing security audits of perimeter routers, identifying missing ACL’s
• Troubleshooting of complex LAN/WAN infrastructure, including routing protocols EIGRP, OSPF & BGP.
• Lab testing & validation prior to implementation of Cisco Multilayer switches connecting to blade servers.
• Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during implementation.
• Configuring network access servers and routers for AAA Security.
• Documentation and change control.
• Working on troubleshooting of complex LAN/WAN infrastructure.
• Administration of multiple Cisco IOS versions.
• Monitoring all Cisco equipment’s using Cisco Works.
• Involved in SNMP Network management.
• Working on various scanning and Sniffing tools like Ethereal.
• Upgrading and backups of Cisco router configuration files.
• Implementing and maintaining backup schedules.