SUMMARY

• Around 8 years of experience in designing, capacity planning, upgrade/maintenance and implementing internet works using Cisco, Palo Alto, Juniper, Checkpoint, F5 Products with deep understanding of application level security
• Experience in configuring Cisco & Juniper routers/switches, Security products working in multi - vendor environment
• Expertise in executing complicated maintenance tasks with great precision
• Excellent analytical and logical skills in understanding complex designs, amend issues in documentation
• Created and executed documentation for process and procedure improvements to streamline and optimize work performance
• Experience in IP Routing with BGP, OSPF, EIGRP, RIP(version 1 & 2), RIPng, ISIS. Designing schemes for IP Addressing & Subnetting
• Expertise in Designing, Implementation, Troubleshooting of LAN/WAN architecture
• Strong troubleshooting experience on Cisco Devices
• Expertise in Routing & Switching on Cisco CRS 1, CRS 3, GSR 12k, ASR 9k, Nexus 9k/7k/5k/2k, Catalyst 6500, Juniper T640, MX960, M320 etc
• Good experience with Layer 2 and Layer 3(L2 & L3) Switching
• Proficient in Layer 1/Layer 2/Layer 3 troubleshooting
• Experience in configuring IP Multicast routing, Spanning Tree (STP 802.1D), Port security, BPDU Guard, Portfast, VTP, DTP, FHRP, HSRP,VRRP, GLBP, Dot1Q/802.1Q, Native VLAN, Ether channel (LACP, PAGP), VLAN, Private VLAN, VXLAN, NTP, VPC, VDC, FEX, VSS, Fabric path, OTV, Qos, RADIUS/TACACS+, AAA, BFD, ECMP, Access Lists, Redistribution, SONET, T1/T3, NAT, PAT, DNS, DHCP, Policy Based routing, Metro ethernet
• Experience in implementing MPLS-VPN’s(L2 & L3), VRF's, DMVPN, IPSec VPN, GRE VPN, mGRE, Easy VPN, Web VPN, SSL VPN (Client and Clientless), EVPN, NHRP, DWDM
• Protocols: IPv4, IPv6 TCP/IP, UDP, OSI, VLSM/CIDR, ARP, Proxy ARP, CDP, SNMP, Telnet, SSH, FTP, SFTP, TFTP, SCP, SMTP, HTTP, HTTPS, SSL, SNMP, DNS, DHCP, LDAP
• Experience with Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Identity Services Engine (ISE)
• Experience in security with various firewalls like Cisco ASA/PIX, Palo Alto, Azure, Checkpoint, Juniper(SRX/Netscreen)
• Experience with maintenance and deployment of Palo Alto firewalls
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls
• Hands on knowledge on F5 load balancers, its methods, implementation and troubleshooting on LTM’S and GTM’S
• Hands on experience working in data centers
• Good experience with 802.1x and Network Access Control (NAC)
• Experience with voice protocols like H.323, MGCP, SIP and SRST & SIP Trunks
• Good understanding of Linux, Unix, PERL & Python scripting
• Expertise with Microsoft Office, Office 365, MS Visio, Excel, SharePoint
• Good understanding of Cable types like Cat5, Cat 6, and single, multimode fibers
• Good understanding of Round Robin load balancing, Policy Based load balancing
• Good Understanding of various Vulnerabilities and threats(DOS, DNS DDOS), Mitigation techniques, Man in the Middle Attack, PKI, IKEv1, IKEv2
• Experience with VoIP on point-to-point & FR PVC’s with Traffic Shaping
• Experience with ticketing systems like AOTS Remedy, AOTS TM/CM
• Good understanding of the Cisco Wireless LAN(WLAN) Controllers
• Maintaining Firewall products and firewall auditing

TECHNICAL SKILLS

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLAN’s, VTP, DTP, MLS, STP/802.1D(Port fast, Uplink fast, Backbone fast, Root Guard, BPDU Guard), CST, PVST, PVST+, RSTP(802.1w), RPVST+, MST(802.1s), Port Mirroring, Ether Channel/Link Aggregation (PAGP, LACP), Inter VLAN routing

WAN Technologies: ATM, Frame Relay, ISDN, MPLS(LDP/TDP/RSVP), PPP, HDLC(PAP &CHAP), T1/T3, DS1, DS3, OC 192

IP Routing Protocols: BGP, OSPF, IGRP, EIGRP, RIP, IS-IS

Wireless: 802.1 a/b/g, WLANS, 802.1X, 802.11i, WPA/WPA2, WEP

VOIP: SIP, RTP, H.323, MGCP

Quality of Service Classification and Marking: (CoS,ToS), Congestion, Management and Avoidance(CQ,PQ,WFQ,CB-WFQ,RED,WRED,LLQ)

Routers: Juniper T640, MX960, M320 Series routers, Cisco(CRS 1,CRS 3), Cisco GSR 12k, ASR 9k, ISR(1900,2900,4000), 7600, 7200, 5k, 3800, 3600, 2600

Switches: Nexus(9k,7k,6k,5k,2k), Catalyst (6500/4500/3750/3650/2960 ),3550, 2900Juniper MX480, MX 240, MX 104, MX 80, MX 40, MX5, EX 2200, EX 4200, EX 4300

Security: Cisco(PIX/ASA),Checkpoint(R71/R75),Palo Alto (2000/4000/7000 ), Juniper (SRX/Netscreen), IPS, IDS, ISE, Wild fire, Threat Prevention

Load Balancer: F5 LTM/GTM(3900, 6900,8900), APM, ASM

Network Tools: Palo Alto Global Protect, Panorama, Checkpoint SDM, Juniper NSM, Cyber Ark, TUFIN, Firemon, Firepass, Infoblox, Splunk, Service Now, Cisco Prime/Cisco Works, Putty, SecureCRT, Solarwinds, Remedy, AOTS TM, AOTS CM, ITL

Servers: MS Server 2003, 2008 & 2012, Exchange, Active Directory, Certificate Authority Services, DNS Servers, WINS Servers, Mail Servers, Proxy servers

Operating Systems: Cisco(IOS, IOS-XR, NX-OS, CatOS), Junos, Linux, Solaris

PROFESSIONAL EXPERIENCE

Confidential, Milwaukee, Wisconsin

Network Security Engineer / SME Perimeter Security

Responsibilities:

• Configuring and troubleshooting of network security devices under short time constraints involving complex network application flows between multiple hosts spanning multiple firewalls and different geographic locations in multi-vendor enterprise environment i.e. Palo Alto, Checkpoint and Juniper, F5 (LTM, GTM, ASM, APM), Cisco ISE
• Analyze and resolve escalated problems. Also act as a mentor for the support staff in aligning their technology and non-technology skills to best suited environment being supported.
• Assess firewalls policies, architecture & provide recommendations for improvements.
• Provide support for 24*7*365 managed services environment.
• Managing relationships with key and relevant external suppliers, so as to ensure aligned delivery and support activities, optimizing opportunities to derive added value and ensure that costs are appropriately managed.
• Training and Mentoring Tier2 team in fixing issues.
• Working in SOC which included break fix activities, monitoring the ticket queue and assigning the work to tier 2.
• Excellent team player and expertise in co-coordinating, handling and fixing critical issues.
• Expertise in analyzing and documenting RCA’s for critical outages.
• Creating implementation plans and scheduling changes on Panorama and Palo Alto, checkpoint, juniper firewalls
• Creation of policies/rules based on requirements of the users
• Involved in providing tier 2 / tier 3 support for troubleshooting firewall issues
• Involved in upgrading Palo Alto firewalls, Panorama for 6.x.x version to 7.1.11, 8.xx OS version
• Worked on critical break fix activities on Azure firewalls and upgraded the OS versions successfully
• Migrated checkpoint and Juniper firewalls to Palo Alto firewalls
• Monitoring Log collectors and upgraded them on a needed basis.
• Analyzing packet captures on firewalls and customer machine using Wireshark for extensive packet level troubleshooting
• F5:
• Creation of Pools, Pool members and configuring load balancing methods on the F5 load balancers
• Perform regular health checks and audits to proactively isolate or resolve potential issues, also recommend and Initiate performance improvement initiatives.
• Involved in the upgrade of F5 LTMs.
• Renewing Certs on as needed basis
• Data Center Migration and Disaster Recovery:
• Participation in disaster recovery exercises, and providing inputs for disaster recovery team and helping narrow down the loopholes.
• Migrated the SAP environment from one data center to the another with no outage.
• Involved in the creation of Business continuity plans for data center migration.
• SOC Break fix and on call support:
• Participation in disaster recovery exercises, Critical outage calls on a regular basis
• Raising change requests in SNOW for critical activities and maintenances
• Worked closely with change management and provided feedback to mitigate potential outages.
• Providing on call support for critical implementations and escalations.
• Migration of critical Core data center firewalls involving SAP environment
• Migrated a completely down Panorama and brought it up live and running.
• Replacement of faulty NIC cards for data center Palo firewalls.
• Handling critical bridge calls and working closely with vendors in co-ordination with various teams.
• Design and Build:
• Worked closely with build and engineering teams and involved in the build and implementation of firewalls and supported issues post deployment.
• Working with build teams in fixing design issues and gathering requirements.
• Upgrading circuits on ASR 9k (IOS-XR) boxes.
• Running scripts to make changes on ASR 9k IOS-XR devices.
• Involved in the replacement of hardware break fix activities on ASR 9k (IOS-XR) like replacement of line cards, fans, faulty sfp’s, troubleshooting connectivity issues, and monitoring the environmental of the boxes which may include fans, power supply, temperature etc.
• Global Protect and Fire pass:
• Expert in configuring and troubleshooting of Global Protect VPN solutions based on Palo Alto in complex enterprise environment. Worked with end user related issues.
• VPN policy configuration, administration and troubleshooting
• Involved in the decommission of Firepass to meet security standards.
• Performing necessary health checks on a regular basis.
• Troubleshooting L1 and L2 issues
• Creating user profiles for WiFi access to guests.
• Audit tools - Firemon and Tufin:
• Fetching reports from firemon and running through the reports to fulfill the audit requirement.
• Decommissioned Firemon as part of security compliance during migration to TUFIN.
• Running weekly reports for TUFIN and having audited by the tier 2 team.

Confidential, Saint Louis, Missouri

Network Engineer (NOC)

Responsibilities:

• Ability to work independently and worked as part of Deployment teams and NOC team(Network Operations center), following established guidelines
• Responsibilities included Writing, Verifying MOPs(Method of Procedures/templates)
• Responsibilities include providing real time in-depth analysis and real time trouble resolution of incidents associated with the CISCO, Juniper, and associated Operations Support Systems, and Data Communications Network Technology platforms.
• Responsible for management of the interoperability between Cisco and Juniper Layer 3 Platform, through the use of alarm and ticket systems, individual designed customer scripts, customer notification, and Business Partner escalations.
• Working closely with Cisco tac in ordering RMA’s, tracking them and getting the hardware replaced.
• Hosted/Managed bridge calls for maintenances independently by engaging/coordinating with Onsite Operations team, Security team, Dev Ops team, testing team, and various other teams
• Experience working on various Cisco platforms which include Nexus (7k,6k,5k,2k), ASR 9K, GSR 12k, CRS 1, CRS 3 and Juniper platforms which include M320, T640, MX 960
• Implemented changes on ASR 9k, CRS, 12 k routers (IOS - XR) successfully via scripting without any issues.
• Replacing line cards and troubleshooting any network issues on CRS1, CRS3, GSR 12k (IOS-XR)routers
• Configuring and installing MPLS WAN circuits on Cisco CRS-1, CRS 3 (IOS-XR) routers
• Breaks fix activities involving replacement of fabric cards, power supplies.
• Maintenance of Nexus 7K Software and Hardware upgrades for various Data Centers
• Software, Code, EPLD and Hardware Upgrades of Nexus 7K Switches
• Nexus 7010 Line Card, Memory Card/RAM, Fabric Card Upgrades
• Nexus 7K F2 to M2, M1 to M2, 40 Gig & 10 Gig Line Card Upgrades
• Troubleshooting Line cards, Hardware modules, Fabric cards, Fans, Memory issues after Software and Hardware Upgrades, verifying light levels and interface status.
• Configuring & Troubleshooting VLAN, VLAN Trunking, VTP, MSTP, VRF, LACP, Bandwidth, OSPF, BGP, HSRP, VRRP, Prefix Lists, Access lists on Cisco and Juniper Routers/Switches
• Configured VPC, VDC on Nexus switches.
• Involved in Replacement of FPCs, PICs on Juniper M320 and T640 routers
• Resolving trouble tickets and customer issues by working the ticket queue on monitoring tools like ITL.
• Running test scripts before and after every maintenance on several routers/switches to ensure they are in good health, troubleshooting and fixing issues in case of failures

Confidential

Network Engineer

Responsibilities:

• Key contribution includes troubleshooting of complex LAN/WAN infrastructure that include
• Hands-on experience with WAN(ATM/Frame Relay), TCP/IP and IP addressing.
• Design, implementation and operational support of routing protocols in complex environments including BGP, OSPF, EIGRP,
• Configuring, managing and troubleshooting networks using routing protocols like RIP, EIGRP and OSPF (Single Area and Multi Area).
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches Confidential access level to 2950, 3550. This project also involved configuring and testing EIGRP and BGP protocols.
• Installed and Configured Juniper and Cisco Routers - GSR 12000, 7600series, 4500, 2800s.
• Design and deployment of Large scale SONET, ATM, BGP network architecture design.
• Switches standardization - Included replacing old switches with standard Catalyst 6500 switches, upgrading CatOS, modifying switch configuration, adding authentication, logging, VLAN, bandwidth, trunking changes and SNMP configuration.
• Worked on troubleshooting customer issues related to MPLS VPN related issues involving PE configuration issues, PE-CE link issues such as routing protocol configuration, Layer1/Layer2/Layer3 issues, BGP4 address-family related issues, MP-BGP.
• Performed redistribution with OSPF, EIGRP to enable communication with backbone.
• Configured OSPF for Stub area, Totally Stubby Area and NSSA.
• Redistributed required routes from OSPF in to BGP
• Fine-tuned OSPF metrics to avoid routing loops and ensure redundancy in case of link failures.
• Performed OSPF, BGP, DHCP profile, IPV6, Bundle Ethernet implementation on ASR 9k redundant pair.
• Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes, BGP route filtering policy problems
• Configuring and troubleshooting MP-BGP Session Between PE Routers
• Created OSPF multi area summarization plan.
• Troubleshoot multi area OSPF and OSPF scale issues Implemented MPLS VPN (RFC 2547) Mechanisms on Cisco IOS and Juniper Platforms
• Worked on deploying Multicast to various customers, that involved PIM- Sparse and Dense modes.
• Worked on routing protocol related issues such as static, RIP, EIGRP(Variance and un equal cost load balancing)
• Troubleshoot MPLS issues within the core and edge
• Managing Checkpoint firewalls R71, R75
• Managing Security Policies of firewall through Checkpoint Provider-1, including license management.
• Configuring new client connectivity via Site2Site/Remote/SSL VPN on Checkpoint
• Configuring VPN clustering and ISP redundancy in Checkpoint firewall
• Configuring, maintaining and troubleshooting IPS and IPS-1 in Checkpoint
• Solely responsible for maintenance of multiple CheckPoint-1 firewalls on NT environment
• Initial configuration, design and installation of CheckPoint-1 2000 firewalls for multiple locations
• Setup and maintained CheckPoint-1 security policies including NAT, VPN and Secure Remote access
• Considerable use of Wireshark captures. Captures obtained by port mirroring, or layer 3 capture inside of Cisco IOS routers, Palo Alto Firewalls or end point devices.