Sr. Network Engineer Resume
Bowie, MD
SUMMARY
- CCNA, CCNP certified professional with 8+ years of extensive experience in network design, implementation, troubleshooting, engineering, managing and providing security which includes designing, deployment and providing network support.
- Investigate and troubleshoot all phases of network security issues using Managed Security Services which include, but are not conclusive of Firewalls, IDS, Proxies and Routers to ensure teh security of client’s networks.
- Excellent knowledge of Juniper EX/SRX/J - Series platform, Routers/ASA/7K Nexus devices, Palo Alto Firewalls, Silver peak& Riverbed WAN optimization.
- Administer and configure F5 BIG-IP hardware load balancers.
- In-depth experience in implementing and troubleshooting VLAN’s, VTP, STP, RSTP.
- Experience on PIX firewalls, ASA (5540/5500) firewalls, NX-OS. Implemented security policies using ACL, firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
- Hands on experience and Good Understanding ofOSPF, BGP, MP-BGP, MPLS-VPN.
- Experience working on F5 load balancer in order to reduce teh burden on teh network.
- Proficiency in using F5 GTM, AFM, APM and other F5 components to protect against advanced DDoS attacks.
- Experience Using Smart Update, User Management and Authentication in Checkpoint Firewall. Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point (R65, R70, and R77), Palo Alto, Juniper SRX and Cisco ASA.
- Well experienced in configuring URL white list and managing teh Bluecoat Proxies.
- Experienced in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.
- Experience in implementing and troubleshooting routing protocols RIP, RIPv2, EIGRP, OSPF, ISIS and BGP to avoid delays and congestion in network.
- Troubleshooting and data capture skills in Checkpoint, Juniper, Palo Alto, and Cisco firewalls.
- In-depth experience in areas related to L2 technologies which include VLAN’s, VTP, STP, and RSTP.
- Experience with hosting SSL certificates on Citrix NetScaler and F5 platforms.
- In-depth knowledge and hands-on experience in Tier II ISP routing policies, network architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, ARP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits.
- Performed Layer I, II and III troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications.
- Exposure and hands on experience on Frame Relay, ISDN, Dial T1/E1, Point to Point Protocol, Authentication Authorization and Accounting (AAA) with different platforms of Cisco routers.
- Experience in layer-3 routing and layer-2 switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7600, 3900, 3800, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches).
- Working knowledge with monitoring tools like Solar Winds, Zenoss, HPOV, Cisco Security manager, ORION and network packet capture tools like Net scout, Wire-shark, Spectrum and Splunk.
- Experience on working scripting languages Python and Perl for code upgrades and configurations of devices.
- Working knowledge of IIS Server, DHCP Server, DNS Server, Proxy Server on Linux and windows
- An efficient and adoptable person who follows an organized and well planned approach for troubleshooting engineering issues.
- A good team player and compatible to teh system of company, who is ready to take up any responsibility given at any time.
TECHNICAL SKILLS
NETWORKING PROTOCOLS: HTTP, FTP, DHCP, DNS, TCP, SIP, VTP, STP, SNMP, ICMP
ROUTING PROTOCOLS: RIP, IGRP, IGMP, OTV, MPLS, EIGRP, OSPF, IS-IS, BGP, PIM.
REDUNDANCY AND MANAGEMENT: HSRP, RPR, NSF/NSR, GLBP
NETWORK MONITORING: Wireshark, solar winds, TCP dumps
LAN TEHCNOLOGIES: Ethernet, Fast -Ethernet, Giga -Ethernet, VLANS
WAN TECHNOLOGIES: Frame Relay, ISDN, ATM, MPLS, WAAS, leased lines Exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET and Riverbed
NETWORK SECURITY: Palo Alto PA 3060, Checkpoint (R65, R70, and R77), NAT/PAT, JunOS, Cisco ASA Firewalls, IPS/IDS, Juniper EX, SRX, MX, QFX, DMZ Setup, CBAC, Cisco FWSM, ACL, L2VPN, L3 VPN, Net screen, IOS Firewall Features, IOS Setup and Security features
OPERATING SYSTEM: Microsoft XP/Vista/7, UNIX, Linux (Red hat, Ubuntu, Fedora)
SCRIPTING TOOLS: Python, Perl, HTML, and VBA &PowerShell
CISCO EQUIPMENTS: Cisco routers (7600, 7200, 3900, 3600, 2900, 2800 series) Cisco Catalyst switches (6500, 4900, 3750, 4500, 2900, 2800 series), PIX Firewall (506/515/525/535 ), Cisco ASA, Firewall (5500/5510), Cisco ASR 9000 series, Cisco ACE load Balancers
PROFESSIONAL EXPERIENCE
Confidential, Bowie, MD
Sr. Network Engineer
Responsibilities:
- Worked as a part of network team where my daily tasks included configuring, monitoring and troubleshooting of IP networks.
- Design, implement, and develop network designs for applications.
- Configured (Layer 2 & Layer 3) multi-vendor Routers, Ethernet switches and Load balancers (F5, A10 etc.) to meet application requirements and Project demands.
- Configured OSPF, BGP, LDP, MP-BGP on Juniper M320 and Cisco CRS-1 in teh Core.
- Day to day administration and maintenance of over 30 PIX firewalls via CLI, as well as teh design, installation and support of dozens of Remote Access and Site-to-Site IPSEC VPN tunnels on multiple platforms including routers, firewalls, and VPN concentrators.
- Implemented Checkpoint Firewall rules and Nat rules by generating precise methods of procedure (MOPs)
- Configuring VPN, clustering and ISP redundancy in Checkpoint firewall
- Rules creation and modification ofCheckPointNext-Generation Firewalls R65, R70, R77.20 Gaia andVSX
- Manage corporate firewall policies for migration of existing applications to new firewall environments.
- Firewall auditing for Rule base validation and port restrictions with respect to compliance standards (PCI/HIPAA).
- Worked extensively on Cisco Firewalls, Cisco PIX &ASA 5500(5525/5585), Palo Alto 200 Series.
- Support URL filtering and SSL decryption and inspection using Palo Alto Firewall.
- Manage multiple Palo Alto firewalls using Panorama management portal.
- Experience with F5 load balancers and reverse proxy design and setup.
- Implemented Changes on Existing configurations for teh applications on F5 and A10 load balancers.
- Configured Virtual server, service groups, Session persistence, Health monitors and Load balancing methods in new A10 LTMs.
- Configured WIDE IP and WIDE IP pool on F5 GTM’s to support load balancing between data centers.
- Responsible for packet capture analysis, syslog and firewall log analysis.
- Configured Cisco CRS, 7609, 7606, 6500, OAM routers and Juniper M320/MX960 routers and Juniper EX3200 & EX4600 series switches.
- Tier 3 datacenter engineer support supporting all cisco Nexus switches including Nexus 1000, 5500, 5600, 7000 and 9000 series.
- Analyzing traffic behaviors using Wireshark andSolarwinds.
- Coordinating along with Global data center teams located at different locations and work along with them for troubleshooting layer 2 issues.
- Supported Operations team when complex changes are done by developing MOPs for network devices (routers, switches and F5Load balancers) code upgrades, VLAN/IP migrations from old to new network topology without any service disruption.
- Worked on Infoblox to create DNS Records (CName, A-Record and Host records) for corresponding Wide IP’s and Hosts as required.
- Performed Hardware Reset and code upgrades.
- Assist in creating network design standards for hardware and software. Developing and maintain Network Documentation (Visio diagrams, Excel spreadsheets, Word documents, etc.) Configure and troubleshoot network elements in a test/dev environment.
- Gained extensive knowledge of GSM 1900 wireless technology performance application and various platforms, including Ericsson, Nokia, and Nortel, Tellabs, Alcatel/Spatial, Comverse, and ATM technology.
- Managed all operations support documents and ensured dat all applicable network management systems are integrated and tested prior to launch.
- Responsible for teh successful delivery of all new products and services (voice, data and core) to Operations in compliance with release planning guidelines and reliability standards.
- Participated in projects with cross-functional teams in contributing with feasibility analysis of new technologies and products as well as review functional designs and deployment procedures.
Environment: Cisco routers (7200,3900,2900) and Cisco switches (6500, 3700, 3500), Nexus (7K,5K & 2K), Routing Protocols (EIGRP, OSPF, BGP), Switching protocols (VTP, RSTPSTP, GLBP, HSRP), Cisco PIX (525, 535), ASA (5505, 5510) firewall, NICE IEX
Confidential, Chicago, IL
Sr. Network Engineer
Responsibilities:
- Worked as part of delivery team where my daily tasks included code upgrades, prefix-list addition, and access-list addition using python script and on Linux platform based on tickets generated by customers.
- Worked on Automation tool called Autopilot an internal tool used for code upgrades and configuring of new devices at different data centers.
- Worked on BGP routing protocol, configuring BGP sessions and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960 routers and cisco ASR 1000, 7000, 9000 series routers.
- Engineered, Unified Threat Management (UTM) solution in Fortinet technologies.
- Configuring firewall rules in Juniper SRX firewall using cli and NSM.
- Provided dailyPaloAltofirewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone based integration, and analyzing syslog's, and utilizing wild fire feature in Panorama 7.1.
- Worked withPaloAltofirewalls PA5050 using Panorama servers, performing changes to monitor/block/allow teh traffic on teh firewall.
- ImplementedBGP/MPLS VPNfor a given service provider network
- Working on configuration of new VLANs and extension of existing VLANs on/to teh necessary equipment to has connectivity between different data centers.
- VIP configuration with health check, GTM Wide IP configuration on F5 BigIP
- IRule Programming and troubleshooting on Citrix NetScaler and F5 Load balancers
- Implementing IPv6 addressing scheme for routing protocols, vlans, Subnetting and mostly during up gradation of cisco ISR routers 2800/2900/3800/3900 and switches.
- Configuration and deployment of cisco ASA 5540 firewall for internet Access requests for servers, Protocol Handling, Object Grouping.
- Worked on Cisco wireless LAN technologies.
- Provided technical support on Nexus 2000/5000 switches and operating system(NX-OS)
- Security configuration on Wireless LAN using protocols PEAP, EAP-FAST.
- Assigning RADIUS and TACAS for new deployments in production environment. AAA for users to implement changes on production devices. Most of these devices are cisco propriety.
- Worked along with Microsoft operation center for monitoring traffic on teh devices going to up-links and divert traffic on to different routes after traffic level reaching threshold value.
- Worked on different types of monitoring tools likeSolarwinds, Wireshark, Net Flow.
- Generating audit reports by running automated scripts on various devices to check teh layer 2 issues like errors on teh links, port flapping’s.
- Analyzing teh Audit report and work along with Data center teams to check teh optics and troubleshoot issues.
- Worked onCitrixNetScalerloadbalancerforloadbalancing and failover across data center and between web servers
- Implemented IPv4 and IPv6 on PTX platforms.
- Assisting off-shore teams located in India in upgrades, VLANs configurations, in troubleshooting layer 3 issues and routing protocol issues mostly BGP.
- Documentation of various changes made on devices and submits them for approvals and works along with alerts team and intimates them teh changes to be made.
Environment: Cisco Routers (7200, 2600, 2500, 7600) and Cisco Switches (6500, 3700, 3500), Nexus (7k,5k,2k), F5 Load Balancers, ASA (5505, 5510) Firewalls, Routing Protocols (EIGRP, OSPF, BGP), Switching protocols (VTP, STP) Redundancy Protocols (VRRP, GLBP, HSRP), Checkpoint Firewalls and Palo Alto Firewalls
Confidential, Woodcliff Lake, NJ
Network Security Engineer
Responsibilities:
- Worked primarily as a part of teh security team and daily tasks included firewall rule analysis, rule modification and administration
- Remediation of firewall rules from Checkpoint firewalls to Cisco ASA firewalls, installing and configuring new juniper EX, MX, SRX series firewalls to meet day to day work
- Adding and removing Checkpoint firewall policies based on teh requirements of various project requirements
- Worked on load balancers like F5 10050s, 10250v, GTM 2000s, 2200s to troubleshoot and monitor DNS issues and traffic related to DNS and avoid DDoS
- Installed and configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN on Cisco PIX Firewall
- Configured network access servers and routers for AAA security (RADIUS/ TACACS+)
- Troubleshooting of protocol based policies on Checkpoint firewalls and changing teh policies as per teh requirement and as per traffic flow
- Worked on DNS server involving configuration and resolving DNS related issues
- Writing rules for NAC servers as per teh authentication and authorization of systems within teh company.
- Monitoring teh network access points with teh halp of IBM Qradar and Cisco prime infrastructure.
- Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place
- IPv6 is implemented at a larger scale using cisco ASR 7200 and 9000 series routers delivering flexible service
- Installing and configuring new cisco equipment including Cisco 1900, 2900, 3900 series routers, Cisco catalyst switches 6807, Nexus 7010, Nexus 5500 and Nexus 2k as per teh requirement of teh company
- Worked on regular troubleshooting of BGP, EIGRP routing protocols
- Adding and modifying teh servers and infrastructure to teh existing DMZ environments based on teh requirements of various application platforms
- Developed CTI applications with CTIOS
- Managing and providing support to various project teams with regards to teh addition of new equipment such as routers, switches and firewalls to teh DMZs
- Working closely with Data center management to analyze teh data center sites for cabling requirements of various network equipment
Environment: Cisco Catalyst Series Switches, Cisco Series Routers T1, DS3, OC-3, IGX, STP, VTP, OSPF, BGP, HSRP, DNS and DHCP server, firewalls, PIX and F5 load balancers.
Confidential
Network Engineer
Responsibilities:
- Experience with Firewall administration, Rule analysis, Rule modification
- Experience on F5 load balancer to maintain balance in teh network system with application specific usage
- Troubleshoot traffic passing managed firewalls via logs and packet captures
- Installing and configuring juniper M series router along with juniper switches QFX series
- Configured and resolved various OSPF issues in an OSPF multi area environment mostly on IPv4 and to some extent on IPv6
- Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team
- Hands-on experience with WAN (ATM/Frame Relay), routers, switches, TCP/IP, routing Protocols (BGP/OSPF), and IP addressing
- Configured CIDR IP RIP, PPP, BGP and OSPF routing
- Involved in teh configuration & troubleshooting of routing protocols: MP-BGP, OSPF, OTV, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms
- Deployed 7613 as PE and CE router and configured and troubleshoot teh edge routers
- Excellent troubleshooting knowledge on T1, T3, OC-3 and OC-12
- Configured egress and ingress queues for ISP facing routers using CBWFQ
- Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems
- Experience with implementing and maintaining network monitoring systems (Cisco works and HP open view) and experience with developing complex network design documentation and presentations using VISIO
- Estimated project costs and created documentation for project funding approvals
Environment: Checkpoint Firewalls and Palo Alto Firewalls, Authentication (RADIUS and TACACS), Security (ACLs, NAT, PAT, IPsec, VPNs), Citrix NetScaler, Network Management Tools (Solar Winds, PRTG Monitor, Bluecoat Proxy)
Confidential
Network Engineer
Responsibilities:
- Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900
- Key contributions include troubleshooting of complex LAN/WAN infrastructure dat include
- Configured firewall logging, DMZs, related security policies and monitoring
- Creating private VLANs & preventing VLAN hopping attacks and mitigating spoofing with snooping & IP source guard
- Enabled STP enhancements to speed up teh network convergence dat include Port-fast, Uplink-fast and backbone-fast
- Other responsibilities included documentation and change control
- Responsible for Configuring SITE-TO-SITE VPN on Cisco routers between headquarters and branch locations
- Implemented teh security architecture for highly complex transport and application architectures addressing well known vulnerabilities and using access control lists dat would serve as their primary security on their core & failover firewalls
- Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall
- Involved in troubleshooting of DNS, DHCP and other IP conflict problems
- Used various scanning and sniffing tools like Wire-shark
- Hands on experience working with security issue like applying ACL’s, configuring NAT and VPN
- Documenting and Log analyzing teh Cisco PIX series firewall
- Configured BGP for CE to PE route advertisement inside teh lab environment
Environment: BGP, DNS, DHCP, VPN, LAN/WAN, PIX firewall, security architecture, Cisco VPN, Cisco routers 7200, 3700, Cisco switches 4900, 2900, IP source guard