- Around 8 Years of experience as a Network Engineer extensively with multiple Clients in Routing, Switching, Network Security (Firewalls and Proxies), Application Delivery Controllers, Authentication, Wireless, Collaboration and VOIP environments.
- Experience in Campus and Data Center topologies in multi - vendor equipment. Very strong team member with exposure to Operations, Deployment/Implementation, lab testing, assisting Architecture and Design. Good communication and Documentation skills.
- Innovative to new ideas to enhance the workflow in Network Engineering.
- Working closely with Data center management to analyze the data center sites for cabling requirements of various
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
- Designed 10 gigabit networks using Cisco Nexus 7000 series switches, Checkpoint NGX firewall and Cisco 3800 series routers
- Experience in Network Security that includes perimeter security for Internet, Extranet, DMZ, Internal Server farms, Web-traffic security with Proxies, Web Application firewalls. Worked and migrated multi-vendor equipment and Next generation firewall technologies. Worked on ASA, Firepower, Checkpoint and Palo Alto firewalls. Experience on MWG, Bluecoat and Zscaler proxies.
- Experience and high-level understanding in application delivery controllers, local and global load balancing techniques, redundancy solutions, high availability options for mission critical internal, vendor and public facing applications. Experience with F5 LTM, GTM, APM, NetScaler’s, Cisco ACE and A10.
- Worked on Campus Wireless environments with 1000+ access points, Wireless LAN controllers, Anchor Controllers, Authentication policies, BYOD policies, Integration with RADIUS. Experience with Aruba and Cisco WLAN.
- Experience with TACACS/RADIUS severs, migration from ACS and Aruba ClearPass to ISE. Experience with windows and Infoblox DNS and DHCP servers, IPAM, internal and external grids.
- Support Panorama Centralized Management for Palo alto firewall PA-5000, PA-2000 and PA3060, to centrally manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration.
- Migrating Palo Alto 5060 & 7060 firewalls and configuring IPS/IDS and content Filtering
- Configuring and implementing IPsec VPN tunnel between ASA 5550 Firewalls, Palo alto 5060, 7060 firewalls Applied access list, NAT & IPS/IDS configurations.
- Experience with WAN connectivity, MPLS circuits, leased Lines, Metro Ethernet, Site to Site IPsec tunnels, ISP circuits, Customer Edge configurations. Experience with SD-WAN solutions that include Viptella and Versa.
- Knowledge and operational experience with SDN, Cisco ACI, VXLAN, VTEPS, VNI, Bridge Domain, Arista Cloud Vision, EVPN, MP-BGP, Spine and Leaf Architecture.
- Experience in working with Cisco Nexus Switches like 5000 and 7000 series and Virtual Port-Channel configuration. Implemented VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches and 9K series.
- Hands on Experience on FortiGate firewalls (7040/7030) by implementing security policies and firewall rules.
- Experience in Designing and assisting in deploying enterprise-wide Network Security and High Availability Solutions for ASA.
- Experience in design, implementation, and support of F5’s Big-IP Access Policy Manager (APM) software component in a complex enterprise environment
- Knowledge on F5’s BIG-IP Application security management and Edge Gateway Solution
- Worked extensively on Palo Alto, Juniper Net screen, Fortinet and SRX Firewalls.
- Hand-on experience in developing scripts using Perl scripting language.
- Very enthusiastic to explore and implement innovative ideas in Network Automation in configuration, documentation, troubleshooting, work flow integration, API integration with multiple tools using Python and Ansible.
Router and VoIP Platforms: Cisco Routers series ASR9k, 7300, 4000, 2000, 1900; Juniper MX, Arista 7000 series.Routing Fundamentals and Protocols Routed and Routing protocols EIGRP, IS-IS, OSPF, BGP, MPLS, Static routing, ICMP, ARP, HSRP, Route Filtering, Multicast, Policy-Based Routing, Redistribution, Port forwarding.
Switch Platforms: Cisco Catalyst series 2960, series 3560, 3850, 4500, 6500, 7000; Nexus series 2K5K, 7K; Juniper EX, QFX, Aruba 2000, 3000 series.
Switching Fundamentals and Protocols: Ethernet technologies, LAN networks, MAC, VLAN and VTP, STP, PVST+, MulticastRSTP, Multi-Layer Switching, 802.1Q, Ether Channel, PAgP, LACP, CDP, HDLC, RARP
Firewall Platforms: Checkpoint (NGX R65, 3100, 5100, 5900), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks (PA series 2K, 3K and 5K) with panorama 8.0, WAF
Security Protocols: Standard and Extended ACLs, IPsec, VPN, Port-security, SSH, SSL, IKE, AAA, Prefix-lists, Zone-Based Firewalls, NAT/PAT, Ingress & Egress Firewall Design, Content Filtering, Load Balancing, IDS/IPS, URL Filtering, L2F, IDS, Intercept, Router Security, SNMP trap
Network Management and Monitoring: Wireshark, Infoblox, HP OpenView, Cisco Prime, Splunk, Security Device Manager (SDM), Cisco Works; TCP Dump and Sniffer, Solar Winds Net Flow Traffic Analyzer, NetScout, Network Performance Monitor (NPM), Network Configuration Manager (NCM), SAM, IP Address Manager.
Load Balancers and Proxies: F5 (BIG-IP) LTM 2000, 3900, 6800, AV 510, Citrix NetScaler, MWG, Bluecoat Proxies.
WAN, SD-WAN technologies: MPLS, ISP Leased Lines, SONET, Viptella, Versa.
Other Networking Protocols and Fundamentals: DHCP and DNS server, Active Directory Management, NTP, NDP, TCP, UDP, FCP, Network Implementation, Troubleshooting techniques, NHRP, NetBIOS, NFS, FTP, TFTP, HTTP, PAP, PPTP, SIP Trunking, SMTP, RADIUS and TACAS+, PBX servers, SDN, IPV4.
Wireless and Radius Technologies: CISCO APs, Aruba wireless and APs, Cisco Meraki, Prime Infrastructure, Air Magnet, AirWatch and WLC’s (8510, 5508, 5706), Cisco AironetAP’s (2600, 3600, 3700), ISE, MSE, Aruba 3000 controller & Airwave, ISE, Clear Pass 6.0,6.2,6.5, 802.11a, b, c, g, n, ac
Scripting: Basic understanding in Python, Ansible and TCL (F5)
Confidential, St. Louis, MO
Sr. Network Engineer
- Design, deployment and maintenance of security/network devices and datacenters of enterprise.
- Designed and deployed wireless infrastructure for new sites and pre-existing
- Worked on ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ &RADIUS).
- Designed, configured, and implemented distribution and access layers’ network infrastructure for a new building using Cisco Nexus 7009s and usingVPCsto floor switches (Catalyst 4510s)
- Created and Designed Cisco ISE policy for iPad, tablet and mobile phone. Making sure the business and guest devices were working within Company’s wireless network.
- Designed and Deployed Cisco ISE and provided comprehensive guest access management for Cisco ISE administrators.
- Configured Cisco ISE for Domain Integration and Active Directory Integration.
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
- Configuring user’s roles and policies for authentication using Cisco NAC and monitoring the status of logged users in network using Cisco ISE.
- Palo Alto design and installation (Application and URL filtering, SSL decryption, SSL Forward Proxy). Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls. Successfully installed PA-5000 series firewalls in Data Center as perimeter Firewalls.
- Designed for Guest Network and Mobile Access Network for NAC Solution, comprising of an Aruba Wireless LAN Controller solution in DMZs/Internet Gateways with Fore Scout Counter Act NAC Appliances for NAC.
- Experience working on Cisco ASR 9K, Nexus 7k and 9K. Configured and designed OSPF, EIGRP and BGP at Distribution and Core layers. Configured OTV layer 2 connection between Data centers on Nexus.
- Experience with configuring BGP, OSPF in Juniper M and MX series routers. Worked on several BGP attributes like MED, AS-PATH, Local Preference for route optimization. Worked on Route-Reflector, Route-Redistribution among routing protocols.
- Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication for Wireless and Wired users, 802.1X, EAP, PEAP etc.
- Migration of ASA firewalls to PA next gen Firewalls using migration tool in PA. Migrated all IPSEC tunnels, ACL’s, NAT rules and policies.
- Migrated Nexus 7Ks & Nexus 5Ks to an ACI Fabric consisting of 9336PQ Spines & 9332PQLeafs in a brownfield Datacenter.
- Worked on connections handoff using Bridged Interface to an External Route. L3- EPG configurations, AEP configurations. Expert in GUI of ACI.
- Worked on network design improvements involving BGP, EIGRP, OSPF, IP metric tweaking and load balancing.
- Design, implement, and develop network designs for applications used in TMO.
- Worked on Checkpoint Firewall to create new rules and allow connectivity for various Applications. Checkpoint is used as an internal firewall for application security in Kodiak network.
- Experience with F5 load balancers LTM and GTM and reverse proxy design and setup. Migration from ACE to F5.
- Experience with F5 GTM and in-depth knowledge of DNS, Global level load balancing, Wide IP’s, Zones, Prober pools, Delegation from Windows DNS server to listener IP.
- Configured network using routing protocols such as EIGRP, BGP and OSPF and troubleshooting L2/L3 issues.
- Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms
- Configured Tufin Secure Track for Checkpoint firewall to analyze the firewall rules.
- Used Tufin secure track for troubleshooting, analyzing, comparing rules in the firewalls.
- Datacenter experience create new cable run list (L1), document runbook and Solution planning and upgrading, architect VXLAN, ACI and ASA cluster firewall with NAC, ISE.
Environment: Cisco 2948/3560/4500/3560/ 3750/3550/3500/ switches and Cisco 3640/12000/7200/ 3845/3600/2800 routers, Cisco Nexus 7K/5K, Cisco ASA 500, Checkpoint, windows server 2003/2008, Unix: F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP
Confidential, Phoenix, AZ
Network Security Engineer
- Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.). Design of DMZ in primary and redundant data centers with Next Gen Firewalls, IPS/IDS sensors, Switching and routing.
- Configure the layer 2 and layer 3 on Cisco Nexus 7K, 5K, 6509, 9710, 5596 UP, 4500, 3850, 3950, ASR and 2960
- Worked with Checkpoint, Cisco ASA, and Palo Alto Networks solutions
- Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS.
- Implementing & Troubleshooting of T1, MUXES, CSU/DSU and data circuits.
- Configured F5 GTM solutions, which includes Wide IP (WIP), Pool Load Balancing Methods, probers and monitors.
- Experience working with data center deployment where we converted from Cisco 6500 to Nexus.
- Experience in deployment of Nexus 7010, 5548, 2148T, 2248 devices
- Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for datacenter access architecture.
- Experience configuring Virtual Device Context in Nexus 7010
- Installation and maintenance of Cisco Layer 3 switches 3750, 4500X, 6500 in multi VLAN environment.
- Maintenance and configuration of Cisco ASR1000 series and 7200VXR routers at data center and deployment of 3900, 3800, 2951 and 2821 for branch connectivity.
- Involved in migration from Site-to-sire GRE tunnels network to MPLS-based VPN for customer’s WAN infrastructure.
- Implementing security Solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520 ,
- Migration experience from Cisco ASA 5500 to PA. Experience with migration tool in PA for Policies from ASA to PA. Experience with SSL forward proxy and URL filtering.
- Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
- Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
- Basic configuration of Cisco Meraki Layer 2 and Layer 3 switches like MS 220, MS 320 and MS 420.
- Migrated Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
- Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
- Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to Palo Alto Wildfire.
- Provide Tier II Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco ACE Load Balancers to the F5 BigIP Load Balancers.
- Configured Cisco 7200 routers which were also connected to Cisco ASA 5508 security appliances providing perimeter-based firewall security.
- Configuring ASA 5510 Firewall and accept/reject rules for network traffic.
- Maintained, designed, implemented and experience in troubleshooting Palo Alto and Cisco ASA in HA for micro segmentation.
- Experience in installing and configuring the VMware NSX appliance for setup including VMware vSphere. Supported, Designed, implemented VMware NSX 6.2 for logical L2 and L3 networks Firewall DLR, ESG.
Environment: Over 100,000 users globally, Cisco 2948/3560/4500/3560/3750/3550/3500/2960/6500 switches and Cisco 3640/ 0/3845/3600/2800 routers, Cisco Nexus 7K/5K/2K, Cisco ASA5510, Checkpoint, windows server 2003/2008: F5 BIGIP, LTM, OSPF, EIGRP, RIP, BGP, VLAN, VPN, Checkpoint, Juniper SRX
- Experience on designing and troubleshooting of complex BGP and OSPF routing problems,
- Have sound knowledge of Firewall architecture, routing and VPN.
- Have experience working on HP Open View Network Node Manager.
- Upgrade firewalls in accordance with change management & Document changes to firewalls.
- Monitor traffic and access logs to troubleshoot network access issues.
- Implemented Positive Enforcement Model with the help of Palo Alto Networks
- Testing VPC, BGP, OSPF, EIGTP, RIP, SPAN, Sflow, VlanTrunking, SVI and power supplies on Nexus and ASR devices
- Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
- Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
- Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data center environment.
- Involved in configuring IP Quality of service (QoS).
- Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
- Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
- Troubleshoot wan related problems including OSPF, EIGRP, BGP routing and design
- Supporting EIGRP, OSPF and BGP based network by resolving level 2 & 3 problems of internal teams & external customers of all locations
- Deploying Cisco routers and switches such as 7200, 3800, 3600 and 3500,4500, 5500.
- Perform Wireless Administration and troubleshooting for the corporate Wireless infrastructure.
- Build Logical design and Implementation of Wireless Solution
- Management tools, SNMP, Syslog, Sniffer
- Experienced in WAN environments, installing and troubleshooting data circuit problems (MPLS, T1).
- Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
- Experience in designing, installing & configuring of Cisco ASA& FWSM (Firewall service module). Worked on Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM
- Evaluate, Analyze & Implement firewall policies to meet business requirements
- Experience in creating and maintaining Checkpoint and ASA firewall configurations, updating documentation and log analysis.
- Worked extensively in configuring, monitoring and troubleshooting Cisco's ASR 5500
- Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
Environment: Network with over 17,000 users, Cisco 3750/3550/3500/2960 switches and Cisco 3640/ 0/3845/3600/2800 routers, Cisco ASA5510, Checkpoint, F5 Load Balancer Cisco Nexus7K/5K, Checkpoint, Cisco ASA