SUMMARY:

My professionalism starts at being a reliable person, who is not only an observant and self - motivated high-end Sr. Network Engineer but who also has a proven track record in solution planning and software applications. My abilities as an innovative thinker and effective problem solver with excellent interpersonal, organizational and communication skills give me the edge to grow and master new responsibilities.

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Responsibilities:

• Two PAN, Two MNT and 40 PSNs mix of SNS 3515, 3598 and VM OVA.
• Upgrade from version 2.2 to 2.3.
• Setup Guest and Sponsor Portal in DMZ with Cisco Anchor Controller in DMZ.
• Setup a dedicated Cisco ISE TACACS and migrate old Cisco ACSs.
• Create profiles for MAB and DOT1X devices utilizing EAP-TLS authentication\authorization.
• Remote VPN posture and Authorization.
• Policies management and implementation for Wired and Wireless.
• Cisco Anyconnect: NAM, POSTURE and Core VPN modules.
• Deploy Anyconnect and profile via CPP-Cisco ISE.
• Configure NAS with C3PL for DOT1X and MAB.
• Use latest Ekahau ESS 9.2 for Planning and Spectrum Analysis.
• Use the same technology for MCE to avail the best coding such as Modulation and Spatial Streams.
• Applied high tech using 3802s for this purpose.
• Utilize Cisco 5500s and 8500s WLC.
• Setup Anchor and ISE PSN in DMZ for Guest and Visitors WLAN.
• Setup PRIME and MSE integration with Wireless infrastructure for management and monitoring.
• Setup tools Cisco Prime 3.3 with Site Mapping and MSE 3550 appliance version 8.0.140.9 with Context Aware Services, WiPS and CMX Analytics.

Confidential

Responsibilities:

• Wireless Network Design and Implementation: Setup Cisco Wi-Fi infrastructure using Non-Converged WLC 5508 and Converged Access Cisco 3850s. Mixed WAPs Cisco Aironet 2600 and 3702i with WiPS module. All the WLCs are configured to use Cisco ISE as radius. Maintaining the Wi-Fi infrastructure day to day troubleshooting.
• Cisco ISE 1.4, 2.2 and 2.3 maintenance, Wired and Wireless MAB, 802.1x, Posture Policy, maintain Distributed Persona.
• Install Hotfix, patches and upgrade Cisco ISE.
• MPLS Circuit upgrade for 20 Remote sites. Setup involves Cisco 4431 and 3700s router using BGP between Customer and Provider router and EIGRP internal routing protocols.
• Converting existing Cisco 4506, 3750s and 3850s switches to use 802.1x authentication using Cisco ISE as profiler and Radius.
• Create and maintain Cisco ISE Profile and Policies.
• Help VoIP group to migrate from Legacy Avaya PBX to Cisco UCS system.
• Maintain and setup Cisco Nexus Series: 2000 Febric Extender, 5000s and 7010s which also includes: vPC, VDC. Also includes: FC and FCoE setup for UCS.
• Monitor Network using Solar Winds, EM7, Cisco Prime 2.0 and Cisco ISE Monitor and 7Signal to troubleshoot Wi-Fi.
• Big F5 LTM and IP DNS. TMOS version 9.x and 11.x. Hardware: GUI Config: Virtual Server, Pool, Nodes, Persistence Profile and iRule scripting.
• Currently using SolarWinds module: NCM 7.4.1, NPM 11.5.3, QoE 2.0, NTA 4.1.2.

Confidential, Washington, DC

Responsibilities:

• Designed and Implemented Wireless network 8 Remote sites. The network includes: HA Cisco 5508 Controllers installed in Data Center, 110 WAPs Cisco 2702i and 3700 with WIPS module. Work on different software version: 7.6, 8.1 and 8.2(current). Different Heat Map tools are used to analyze the area to gain optimize performance of WAPs placement. These are some of the cases:
• Remote site requires local address scheme, for this I used Cisco Flex Connect technology to provide local addresses to Wireless Network Devices.
• Also responsible for separating Guest connection using Anchor WLC in DMZ area and Internal Foreign Controller.
• Setup Converged Access (CA) with Cisco 3850 and New Mobility tunnel to Anchor WLCs.
• Signaling issue by overlapping Channel: For this I used the Cisco Clean Air Technology to identify Signal strength, attenuation and noise reduction.
• For secure connection and authentication, I used AD authentication via Windows Server RADIUS services.
• SolarWinds is used to monitor WAPs and Clients in addition of Cisco Controller Monitoring tool.
• All the guest network traffic is flowing via DMZ to internet for the 8 remote sites.
• Checkpoint IPS is used to monitor all the wireless traffic for vulnerabilities and updates.
• Cisco ISE version 1.3 and 2.0: Migrated ISE 1.3 to 2.0 in Distributed environment: Administrator, Policy Service and Monitoring.
• Cisco ISE: Configure Cisco Access switches 3850, 4506 for 802.11x
• Manage, design and implement Internal policy and Guest Policy.
• Configure and setup Nessus Tenable Infrastructure Edition to scan for Malware and Vulnerabilities due to patches, plug-ins and updates.
• Setup and Design Citrix Netscaler load balance.
• Setup SolarWinds NPM 10.3.1 version for monitoring wired and wireless network
• Setup and configure and use Kiwi Syslog for alert from Network devices for any issues.
• Currently working on Bit9 Parity to implement in the company infrastructure to whitelist approved software and application. This is an added Security feature on inside users to fight against malware and virus.
• Carbon Black in connection with Bit9 to study the pattern of infected files and\or Binaries.
• Responsible for network infrastructure which includes:
• Two Data Center
• Four Checkpoint 4800 firewall Gateway appliance
• Two Gateway 4600 appliance
• One Gateway 1180 managed Gateway appliance
• One Smart-I Management Appliance
• Recently upgraded from Secure Platform to Gaia 10.7R OS
• Eight Remote offices
• Redundant MPLS connection
• Checkpoint IPS module to monitor for known malicious signature malware botnet and virus.
• Checkpoint Web Content filter to filter banned websites and other categories.
• Internally using Cisco Nexus 5596 Core switches with 6 Cisco 2000 FEX.
• Internal network is configured for vPCs and non vPC trunks.

Confidential, Germantown, MD

Network Engineer

Responsibilites:

• Maintain company’s network Infrastructure which includes: 5 Data Center in US and Europe; 10 Remote office sites.
• Maintains WAN infrastructure: Gig E, MPLS, T1, T3, Multimode\Single mode Fiber handover.
• Network Infrastructure includes: VPN route based and Policy Based, P2P WAN connection; EIGRP as internal Routing Protocol; Client\Server VTP setup; RSTP; HRSP, SNMP v2,
• Infrastructure Hardware includes: Cisco Switches: C6500s with 720 Sup, Nexus 5596, C4948, C3560, R2811, R7200vxr, R3845, ASA5520, C6509-FWSM with Multiple Context Routed and Transparent Configuration, Cisco Load Balance (CSM).
• Nexus OS, Nexus 5k and 2k, vPC, VDC, FEX, FCoE, 1000v integration with VMware
• Cisco ASA Modular Policy Framework(MPF), ACL, IP-Sec and ISAKMP Configuration, Fail-over setup.
• Cisco ASA 5520: Site-to-Site VPN and VPN Remote-Access for users.
• Update Network Infrastructure using MS Visio Premium 2010.
• Monitoring Tool: Open NMS, CiscoWorks, WireShark(Sniffer).

Confidential, DC

NOC Lead Engineer

Responsibilities:

• Hundred and Eighty (180) remote site-to-site VPN using mix of SonicWall and Cisco ASA.
• About 3500 user’s connection.
• Cisco and Juniper SSL Remote client VPN.
• Cisco 6509, ASA 5520, 5550, 3560Gs; Dell PowerConnect 6248; Sonicwall Pro 306, NSA 240, 3000; HP ProCurve 2500 and 4000; Juniper ISGs; Cisco ACS 3000;
• Software and Protocols: Cisco IOS, ASDM 8.2, Solarwinds 10.x, OSPF, EIGRP, RIP ver 2, NAT, Static Routing, PVST, MST, Route Maps, ACL, VPN, VACL, IP Subnetting, VPN IKE, 3DES, AES, FIPS.
• Load Balancing: BigF5 LTM, Cisco CSM in Cisco 6509 which includes: ServerFarm, Probes, Vserver, and troubleshooting Load Balance. Redirect traffic with i-Rule.
• Cisco 6509 Modular FWSM which includes hardware configuration and Firewall Context and troubleshooting. Context in Routed and Transparent mode.
• Designed and moved Data Center from Virginia L3 to Govt. Census Bureau
• Census Data Center:
• Designed and implemented MST Spanning Tree between Dell 6248 Power Connects switches to Cisco 6509 Core Switches.
• Hub and Spoke VPN connection between DC to 180 remotes sites Internationally and Domestically. Sonicwall Pro 3060 with Enhanced Firmware is used for the VPN connection. Trusted Internet Connection(TIC) is used to eliminate SPLIT DNS for security requirement.
• Cisco ASA 5520 with NAT and ACL defined to provide internet access.
• Cisco ASA 5520 is configured for Remote Client VPN access.
• Managing GigE 400 Megs Qwest provisioned line to connect Census DC to HQ DC Data Center.
• OSPF internal routing is configured to route VLAN subnets between the two Data Centers. OSPF traffic is controlled by Route Map and ACL rules.
• Redundancy is provided via: HSRP, MST Load Balancing, OSPF Load Balancing and VRRP on Dell Power Connects connecting Dell Blades and Servers.
• Source Fire sensors (IPS) are configured between Core, ASA and Intranet Router to capture Packets for Security Evaluation.
• HQ Data Center:
• Core Cisco 6509 Switches with HP Pro Curve 2500 and 4000 Series switches. PVST Spanning tree is configured at HQ and is redesigned by me to move to MST Spanning tree for future.
• Manage Production, Users, Printers and Management VLANs.
• OSPF is configured at Core and Intranet Cisco 7304 Router to connect to Servers and Data Storages at Census Data Center.
• Daily Troubleshooting is performed Day-to-Day along with sending Weekly and Monthly Network reports to upper Management.
• Network Devices authentication are managed by Cisco ACS and TACACS+ and RADIUS are configured on all network devices.
• Monitoring Tools: The following Monitoring Tools are used:
• SolarWinds NPM, APM and NCM for alerts, Nodes and Application. NCM is used for backup network devices configuration and Real time Syslogs messages.
• Splunk is configured and used for bandwidth and real time Syslogs information.
• Riverbed Cascade Packet Capture (packet Analyzer) is used to capture packets for evaluation for latency and bandwidth utilization issues.

Confidential, NY

NOC Engineer

Responsibilities:

• Troubleshoot network problems using Monitoring Tools: What’s UP Gold (WUG), HP Open View, Cisco Works 2000, Orion with Application and Network Module, and Control-M to monitor Application.
• Create Remedy Tickets for trouble. Design and Implement IP Subnetting. Manage and configure Super Stack II 3300 and 3900 3Com Switches.
• Manage and configure Juniper ISG 1000 with IDP module for intrusion detection.
• Manage VPN accounts, issue RSA Tokens. VPN devices: SONICWALL TZ250, SONICWALL NSA 240, 2400, SONICWALL TZ Wireless 210 N, Pix Firewall, Juniper ISG 1000.
• Manage and Configure Cisco 3700, 6509, 4500 Series Router and Switches.
• Control Traffic between ISPs using BGP and use EIGRP internally to connect NJ and NY sites.
• Monitor Remote site connection using T1 lines. Monitor and troubleshoot on daily basis: Cisco 4500 Series, 6509, 3750, 2811, 2600 series.
• Manage and configure VLANs, HSRP, STP, InterVLAN, Port management on Cisco 6513, 4506, and 3750.
• Implemented NAC and NAP using BradFord Director Manager and Symantec Enforcer.
• Configured and Implemented McAfee NAC for updates, Remediation, Scanning and Virus Definition update.
• VMWARE Virtual Center Client/Server and ESX Server 3.5 using Windows Server and Sun Solaris hosts. Manage Dell PowerEdge Servers, SAN and NAS.

Confidential

Network Engineer

Responsibilities:

• Design LAN and WAN and Wireless infrastructure using MS Visio 2000 & 2003, lead group of technical engineers to setup, roll-out, configure and implement network design. Troubleshoot existing projects.
• Projects, included and based on: Active Directory Design, PIX and ASA firewall setup, Layer 3 Switches configuration, VLAN setup, routing internet traffic through BGP routing protocol, OSPF routing protocol, Microsoft Visio to design network, usage of Ethereal and Sniffer to capture data for troubleshooting and network congestion or latency.
• Configured VMWARE to setup lab environment for organization.
• Setup VLAN site-to-site and remote server access through PIX 515E and ASA router. Configure VLAN clients to access VLAN server through secure connection by using PPTP, ISAKMP, CRYPTO IPSEC, and VPNGROUP POLICY. Provide authentication through AAA, and RADIUS, TACACS. .
• Setup Wireless network using N-type Network with suppressed SSID and 128 bits Encryption. Monitoring Tools: HP Open View, Orion, Cisco Works 2000.