- Very Passionate Sr Network Engineer having worked in projects that include Data Center refresh, Campus Redevelopment, Firewall and F5 Installations, with 8 years of experience in routing, switching, Network Security - Next Gen Firewalls, Load Balancers and Wireless. Excellent communication skills with the ability to work with storage, vmware, server and application teams. A proactive team player who also can work independently.:
- Experience working in large-scale environments on Network Design, IDF/MDFarchitecture, Datacenter Architecture, Legacy and Spine Leaf Architecture and support roles, IOS upgrades, downtime procedures, Migration projects to different vendor equipment.
- Experience working in complex environments which includes Layer 2 Switching, L3 routing, Network security with perimeter and VPN firewalls, Load balancing and Access policies management in F5 and Wireless LAN Controllers.
- Experience in installing, configuring, and maintaining Cisco Switches (2960, 3500, 3750, 3850, 4500, and 6500) in enterprise Environment andNexus 2k, 3k, 5k, 7k and 9kin Data Center Environment.
- Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series).
- Experience inVSS, VPC, and VDCtechnologies. Experience working on Gateway redundant protocolsHSRP, VRRP, and GLBP. Experience with Access, Distribution and Core Layer Architecture and Spine Leaf Architecture in Datacenter.
- Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800, ASR 9k) and Juniper Routers (E, J, M, and T-series).
- Experience and high-level technical knowledge inOSPF, EIGRP, RIP and BGProuting protocols. L1/L2 troubleshooting skills in Routing in complex environments. Worked with MPLS over BGP. Worked on upgrading Edge routers, failing over ISP circuits for maintenance. Knowledge in EVPN, VXLAN, VTEPS.
- ConfiguredF5 LTM, series 5000series for the corporate applications and high availability. ImplementedLTM and GTM in DMZand Internal network.Worked on software versions up to 12.1.2. Experience with upgrading software and hotfix. Experience with APM and ASM modules.
- Worked on APM module with integration withRADIUS server and RSA secure IDfor applications that require 2-factor autantications.
- Proficient using the F5 based profiles, monitors,VIP’s, pools, SNAT, SSL offload, iRules, virtual Servers, iAPPs. Migration experience fromACE to F5.
- Experience with manipulating variousBGPattributes such asLocal Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
- Extensive Knowledge of the implementation ofCisco ASA 5500 series - 5505, 5510, 5512-XwithFirepowermodule. Palo Alto firewall policies, panorama and Checkpoint firewallsNG, NGX. Experience with convert Checkpoint VPN rules over to the Cisco ASA solution.
- Experience with Bluecoat and McAfee Web Gateway Proxies. For URL filtering and SSL Decryption, traffic flows from trust to untrust and vice versa.
- Experience withPA 200, 500, 3020 and VM seriesfirewalls for both Internet and internal traffic filtering.Experience withPanorama M100series and maintaining up to 23 firewalls in large networks.
- Experience working withAruba and Cisco Wireless LAN controllers, Configuring and Provisioning AP’s, Virtual AP’s, RTLS, Wireless SSID’s, remote and campus AP’s, upgrading WLC, worked in Active/Active local Controllers and Master controller. (Aruba 6000, 7200 controller, Aruba AP65, 70, 124, 85, 125) system.
- Worked on SolarwindsNPM, NCM, IPAM, Windows DHCP and DNS. Infoblox as DHCP and DNS server.
- Experience working withAvaya and Cisco VOIPenvironments with assigning VOICE Vlans, troubleshooting call quality and basic level proficiency in QoS. Worked on DSCP code markings for VOIP traffic.
- Involved in troubleshooting network traffic and its diagnosis using tools likeping, trace route, Gigaton, Wireshark, TCP dump and Linuxoperating system servers. Implementing, maintaining and Troubleshooting & implementation of Vlan, STP, MSTP, RSTP, PVST, 802.1Q, DTP, HSRP, VRRP, GLBP, LACP, PAGP, AAA, TACACS, RADIUS, MD5, VTP & SVI.
- Enhanced level of knowledge with, PPP, ATM, T1 /T3 Frame-Relay, MPLS. Experience with design and deployment of MPLS Layer 3 VPN, MPLS Traffic Engineering, and MPLS QOS.
- Experience with H.323 and SIP, Voice Vlans, DSCP marking for VOIP traffic.
- Hands on experience with Juniper SRX series firewalls 500 series.
- Experience with NAT/PAT, static and dynamic NAT, access lists, security zones, policies on SRX firewalls.
- Experience with next gen firewall technology like URL Filtering, SSL Forward Proxy, APP ID, ThreatID etc on Palo Alto and checkpoint firewalls.
- Experience with creating virtual servers and application load balancing, upgrading software versions, redirect rules on Netscalers and experience migrating from NetScaler to F5.
Confidential, San Jose, CA
Sr. Network Engineer
- Worked as a part of network team where my daily tasks included configuring, monitoring and troubleshooting of Campus and Datacenter networks. Configuring & managing around 500+ Network &Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, Proxies and Riverbed WAN/MAN Optimizers. Knowledge in Spine Leaf Architecture.
- Palo Alto design and installation (Application and URL filtering, SSL decryption, SSL Forward Proxy). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls. Successfully installed PA-5000 series firewalls in Data Center as perimeter Firewalls.
- Migration of ASA firewalls to PA next gen Firewalls using migration tool in PA. Migrated all IPSEC tunnels, ACL’s, NAT rules and policies.
- Experience working on Cisco ASR 9K, Nexus 7k and 9K. Configured and designed OSPF, EIGRP and BGP at Distribution and Core layers. Configured OTV layer 2 connection between Data centers, VPC, VDC and FEX on Nexus.
- Worked on Juniper devices like M, MX, T routers on advanced technologies like MPLS VPNs, TE and other service provider technologies.
- Experience with configuring BGP, OSPF in Juniper M and MX series routers. Worked on several BGP attributes like MED, AS-PATH, Local Preference for route optimization. Worked on Route-Reflector, Route-Redistribution among routing protocols.
- Experience working with Juniper devices like EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX650, SRX240
- Managed AD Domain Controller, DNS and DHCP Servers and configurations.
- Worked on Cisco ISE for user Autantication, Security Group Tags, MAC based autantication for Wireless and Wired users, 802.1X, EAP, PEAP etc.
- Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2960, 3500, 7600, 3750, 3850 series, 6500 series) Cisco Routers (4800, ASR 9K, 800), Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls, Bluecoat Proxy and Riverbed Steelhead appliances.
- Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using Solarwinds IPAM and Infoblox DNS and DHCP servers. Experience with DHCP scopes, IP reservations, DNS host entries, pointers, delegations, Zones, DNSSec etc.
- Provides expert level security and networking knowledge in the planning, researching, designing, and testing of new networking technologies for perimeter firewall security, Intrusion Prevention/Protection System (IPS), DNS and DMZ security, and Internet Security in support of established Info Security program initiatives for the next 3 years.
- Involved in originating VoIP telephone calls are similar to traditional digital telephony, Call manager Express v4.x and involve signaling, channel setup.
- Worked om migrating from Bluecoat to Zscaler Proxies with Cloud and local Pzens, Policies, integrate with Azure AD.
- Analyze and provide courses of action on current as well as emerging security threats like ransomware attacks by research and recommendation of other security solutions to halp mitigate network security threats while preventing their outbreak across the network.
- Worked on network design improvements involving BGP, EIGRP, OSPF, IP metric tweaking and load balancing.
- Designing, configuring, and troubleshooting QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Voice Gateways, Voice circuits IP /TDM, Cisco Telepresence Infrastructure, QoS, NAT, PAT, and multicast.
- Designed and recommended architecture of virtualization and private cloud environments based on VMware technologies.
- Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators.
- Configured Cisco ISE for Domain Integration and Active Directory Integration.
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
- Customize Layer 2 and Layer 3 networking between VMware, networking components, and storage for high availability and maximum performance.
- Extensively worked on virtual F5 LTM module on VMware for application testing.
- Participated on VMware, Solar Wind application (ADL) testing team for server consolidation/higher system availability project.
- Worked on Checkpoint Firewall to create new rules and allow connectivity for various Applications. Checkpoint is used as an internal firewall for application security in Kodiak network.
- Implemented Firewall rules and Nat rules by generating precise methods of procedure (MOPs). Responsible for packet capture analysis, syslog and firewall log analysis.
- Experience with F5 load balancers LTM and GTM and reverse proxy design and setup. Migration from A10 to F5.
- Experience in F5, Cisco ACE 4710 Load balancers. Migration Experience from ACE to F5 and NetScalers to F5. Worked on critical applications on Layer 4 and layer 7 load balancing. Experience with Virtual server, Pool, Node, Profiles - TCP, http, https, ftp, fastl4, Persistence - Source IP, SSL, Cookie, SNAT, iRules, iAPP, SSL offloading.
- Experience with F5 GTM and in-depth knowledge of DNS, Global level load balancing, Wide IP’ s, Zones, Prober pools, Delegation from Windows DNS server to listener IP.
- High-level network troubleshooting and diagnostic experience using Packet capture tools like Wireshark.
- Configured network using routing protocols such as RIP, EIGRP, BGP and OSPF and troubleshooting L2/L3 issues.
- Provided operational support for network topologies and connections TCP/IP, ATM,VOIP(Voice-over-IP) and UCCE.
- Configured separate VLAN forVOIPto implement QoS and security forVOIP(Voice-over-IP).
Confidential, Boston, MA
- Worked as part of delivery team where my daily tasks included code upgrades, prefix-list addition, and access-list addition using python script and on Linux platform based on tickets generated by customers.
- Worked on Automation tool called Autopilot an internal tool used for code upgrades and configuring of new devices at different data centers.
- Migration and implementation of Palo Alto Next-Generation Firewall seriesPA-500, PA-3060, PA-5060, PA-7050, PA-7080 from Cisco PIX and ASA.
- Worked on BGP routing protocol, configuring BGP sessions and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960 routers and cisco ASR routers.
- Installed and maintained production servers for client services (web, dns, dhcp, mail). Experienced on working with Palo Alto Next Generation firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.
- Coordinated with the Application Teams to develop TEMPeffective Application validations involving F5 LTM and GTM components
- Designed perimeter security policy, Implemented Firewall ACL's, allowed access to specified services, Configured Client VPN technologies including Cisco's VPN client via IPSEC
- Installed and configured LAN/WAN Networks, Hardware, Software, and Telecommunication services- Cisco Routers and Switches like Cisco 3750, 3750 Gig, 6500, Nexus 7k, ASR 9k etc.
- Helping Team members to build a new cloud platform for existing legacy application usingAzuretechnologies. Part of Designing the new architecture.
- Worked on migration project -XenApp4.5 toXenApp6.5 - Server 2003 (Legacy) to 2008 R2 (Gen 2) environment.
- Experience in Cisco Unified Communication Manager (CUCM), Call Manager Express (CME), Cisco Unity Connection (CUC), Unified Contact Center Express (UCCX), Unified Contact Center Enterprise (UCCE), IM and Presence, SRST andVoiceGateways.
- Managed Cisco call manager, Cisco Voice Mail Unity servers. Worked with in Cisco Routing and switching background w/QOS.
- Configuring firewall rules in Juniper SRX firewall using cli and NSM.
- Extensively worked in backend development using Python.
- Developed entire frontend and backend modules using Python on Flask Web Framework
- Implementing IPv6 addressing scheme for routing protocols, vlans, subnetting and mostly during up gradation of cisco ISR routers2800/2900/3800/3900 and switches.
- Managed Cisco call manager and supported cisco call center.
- Configuration and deployment of cisco ASA 5540 firewall for internet Access requests for servers, Protocol Handling, Object Grouping.
- Worked on Cisco wireless LAN technologies and Switching. Configured Virtual server, service groups, Session persistence, Health monitors and Load balancing methods in new F5 and A10 LTMs. Configured WIDE IP and WIDE IP pool on F5 GTM’s to support load balancing between data centers.
- Installation & configuration of Microsoft Proxy Server 2.0 and Inflobox DNS, DHCP and IP Address Management
- Worked on Inflobox to update the DNS host and A records to assist the part of the migration
- Security configuration on Wireless LAN using protocols PEAP, EAP-FAST.
- Assigning RADIUS and TACAS for new deployments in production environment. AAA for users to implement changes on production devices. Most of these devices are cisco propriety.
- Worked along with Microsoft operation center for monitoring traffic on the devices going to up-linksand divert traffic on to different routes after traffic level reaching threshold value.
- Generating audit reports by running automated scripts on various devices to check the layer 2 issues like errors on the links, port flapping’s.
- Analyzing the Audit report and work along with Data center teams to check the optics and troubleshoot issues.
- Coordinating along with Global data center teams located at different locations and work along with them for troubleshooting layer 2 issues.
- Migration from NetScaler’s to F5 without any downtime.
- Assisting off-shore teams located in India in upgrades, VLANs configurations, in troubleshooting layer 3 issues and routing protocol issues mostly BGP.
- Worked with Cisco UCCE, IPIVR, Cisco Unified Communication System. Configure and implementvoicegateways(H323/MGCP/SIP), SRST for remote sitesDeveloped MTS software plug-in forMultimediaoverCoaxAlliance (MoCA) configuration capability on DOCSIS cable modem and gateway products.
- Worked in team environment Developing new UCCE / UCCX applications and maintaining legacy applications
- Documentation of various changes made on devices and submit them for approvals and work along with alerts team and intimate them the changes to be made.
Environment: Routers (Nexus 1K, 5K,7K, Juniper MX-960), switches (6500/3750/3550 3500/2950), F5 Load balancing (LTM, GTM, APM, AFM, ASM), EIGRP, RIP, OSPF, BGP, VPN, Unified Contact Center Enterprise (UCCE), MPLS, Cisco Catalyst Switches, Firewalls (Cisco ASA, Palo Alto), Cisco Voice (CCM, UCCE, UCCX), Citrix.
- Implementing security Solutions using PaloAlto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
- Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
- Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
- Deploy, configure, and support Aruba wireless controller and AP devices globally, also a direct escalation path for all wireless issues.
- Enterprise and Public Safety Wireless LAN/WAN (802.11, Mesh).
- Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
- Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
- Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
- Administered Cisco AMP endpoint security infrastructure and monitor endpoints for threats.
- Exposure to design and implementation experience primarily on Cisco WSA proxy.
- Configuration and Maintenance of Cisco ASA 5580-20, ASA 5540, ASA 5520, ASA 5510 series firewalls.
- Configure Syslog server in the network for capturing and logs from firewalls.
- Provided tier 3 support for CheckPoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
- Experience configuring and managing Cisco Web Security Appliance (WSA) in an enterprise environment
- Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
- Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
- Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
- Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
- Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.
- F5 BigIP iRules programming and troubleshooting.
- Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
- Configuring SNAT, High Availability on F5 BIG-IP appliances SSL termination and initiation, Digital certificates
- Configured separate VLAN forVOIPto implement QoS and security forVOIP(Voice-over-IP).Administered network operating infrastructure (broadband,VoIP (Voice-over-IP), MPLS) and managed services (virtual servers, firewall, data storage, and cloud-based voice)
- Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
- Worked on VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
- Provide support to halp desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel
- Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
- Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.
- Strong understanding of Cisco networking technologies: ASA, IPS, WSA, ACS, VPN.
Environment: Cisco ASA5580/5540/5520, Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, IEEE 802.11Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco WSA, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.
- Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900.
- Key contributions include troubleshooting of complex LAN/WAN infrastructure that include.
- Configured firewall logging, DMZs, related security policies and monitoring.
- Creating private VLANs & preventing VLAN hopping attacks and mitigating spoofing with snooping & IP source guard.
- Installed and configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN on Cisco PIX Firewall.
- Enabled STP enhancements to speed up the network convergence that include Port-fast, Uplink-fast and backbone-fast.
- Other responsibilities included documentation and change control.
- Responsible for Configuring SITE-TO-SITE VPN on Cisco routers between headquarters and branch locations.
- Implemented the security architecture for highly complex transport and application architectures addressing well. known vulnerabilities and using access control lists that would serve as their primary security on their core & failover firewalls.
- Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall.
- Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
- Used various scanning and sniffing tools like Wire-shark.
- Hands on experience working with security issue like applying ACL’s, configuring NAT and VPN.
- Troubleshoot problems on a day to day basis & provide solutions that would fix the problems within their Network.
- Part of Network Operation Center NOC offshore support team from India supporting HP Data Center 24x7. L2 support for Cisco PIX and ASA Firewalls.
- Schedule changes and work through maintenance requests over weekends.
- Perform daily maintenance, troubleshooting, configuration, and installation of all network components.
- Assisted in troubleshooting LAN connectivity and hardware issues in the network of 100 hosts.
- Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
- Hands on experience in Cisco Routers and Switches.
- Configuration of CISCO Routers (2600, 2800 Series) and 3550, 4500 series switches.
- Built IPsec based Site-to-Site VPN tunnels between various client locations.
- Maintenance and Troubleshooting of connectivity problems using Ping, Trace route.
- Managed the IP address space using subnets and variable length subnet masks (VLSM).
- Point-to-Point, Frame Relay, T3, ATM, WAN troubleshooting.
- LAN cabling in compliance with CAT5 standards.
- Troubleshooting Active Directory, DNS, and DHCP related issues.
- Environment: Cisco 2600/2800 routers, Cisco ASA, TCP/IP, VLSM, AD, DNS, Switching/Routing.
- Documenting and Log analyzing the Cisco PIX series firewall.
- Configured BGP for CE to PE route advertisement inside the lab environment.
- Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
- As part of Security and network operations team me was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
- VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
- Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
- Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
- Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
- Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.
- Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
- Administer and support Cisco based Routing and switching environment.
- Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
- Deployed a Syslog server to allow proactive network monitoring.
- Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
- Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
- Configured Firewall logging, DMZs and related security policies and monitoring.
- Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.