SUMMARY

• Certified Network Engineer with 9 years of experience in network design, planning, strategy, network security, NOC, SOC, implementation, incident & change management, & service delivery.
• Strong Experience in implementing TCP/IP networks with Routing, Switching, Wi - Fi, Load Balancing, and Infrastructure security.
• Hands-on experience in installing, configuring, and troubleshooting IP networks with wide range of multi-vendor routers including (Cisco: ASR 9k,1000, 7200 VXR, ISR 4000, 3900, 3800, and 2800 and Juniper: ACX 500, ACX 1000, PTX 1000) and Switches including (Cisco: Nexus 9K, 7K and 5K, 2K, Catalyst 6500, 4500, 3850, 3650, and 2900, Juniper: EX 2200, EX 4550, and EX 4600) switches.
• Experience in setting up and maintaining perimeter security by using Cisco ASA, ASA Firepower (FTD’s), Fortinet 3340, 900D and Palo Alto firewalls (200, 800, 3000, 5000), and Prisma Cloud.
• Hands on experience in setting up network access control (TACACS/RADIUS) solutions with Cisco ACS and ISE.
• Hands on experience in setting up enterprise level Wi-Fi Networks by using Cisco & Aruba Wi-Fi.
• Solid understanding and experience in designing & setting up high availability networks by using FHRP redundancy protocols (HSRP, VRRP).
• Hands on experience in setting up Riverbed/Silverpeak WAN accelerators (Riverbed Steelhead, Steel Central, Net Profiler, SilverPeak GMS Orchestrator, SilverPeak NX WAN accelerators)
• Strong hands on experience of L2 and L3 networking protocols Like VLAN’s, STP, PVST, VTP, LACP, PAGP, QoS, RIP, OSPF, EIGRP, and BGP.
• Hands on experience in troubleshooting IP services like DHCP, DNS.
• Hands on experience in performing packet filtering and route filtering by using standard and extended ACL’s, Prefix-lists, Distribute-Lists, and Route maps.
• Experience in configuring and troubleshooting Site-to-site and Remote VPN on router IOS platforms and firewalls (IPSEC, SSL, and Client based).
• Experience in creating virtual domains and virtual contexts for running multiple instances of firewalls on single hardware box.
• Hands on knowledge in performing packet captures using IOS-XE utility and Wireshark.
• Experience in using various network monitoring tools (CA Spectrum, Solarwinds, Nagios, and Live-Action).
• Experience in setting up Syslog and logging for network devices.
• Experience in setting up RADIUS/TACACS+ servers and 802.1x for authentication, authorization and accounting.
• Experience in setting up load balancing services on F5 load balancers (Nodes, Pools, VIP’s, Health monitors, SSL offloading).
• Ensure all backup data configurations are in-place and working when needed in case of a network failure to speed up network recovery.
• Hands on experience in maintain external DNS services in Microsoft Azure cloud.
• Strong knowledge in networking concepts (Express routes, Virtual networks, & VPN gateways) of Microsoft Azure cloud.
• Experience in configuring express routes and route advertisement between on premises Data center and Azure gateways.

TECHNICAL SKILLS

Routers: Cisco (ASR 1k, 7200 VXR, ISR 4000, 3900, and 3800 Series) Juniper (ACX 500, ACX 1000, PTX 1000, and MX series)

Firewalls: Cisco (ASA 5510, 5520, 5540, Firepower 5516-X), Fortinet (3040B, 900D), Palo Alto (PA200, PA820, PA3020, PA3050, PA 3060), Prisma Cloud firewalls

Switches: Cisco Nexus 9K, 7K, 5K, and 2K, Catalyst 9300, 9200, 6500, 4500, 3850, 3650, 2900 Juniper EX 2200, 4550, and EX 4600

Nexus Switches: VPC, VXLAN, FEX, Fabric path, L3 Routing

Load balancers: F5 LTM

VOIP devices: Cisco IP phones

WAN technologies: Frame relay, ISDN T1/E1, PPP, ATM, leased lines, QoS.

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, 10G, Token ring, FDDI.

Carrier technologies: MPLS, MPLS-VPN

Routing Protocols: RIP, OSPF, EIGRP, BGP, MPBGP

Switching protocols: VTP, STP, RSTP, PVSTP, PAGP, and LACP

Security protocols: 802.1x, IKE, IPSEC, SSL, TLS, AAA, PKI, SSL Certs

Redundancy protocols: HSRP, VRRP

Network management: SNMP, Cisco Works, Solar winds, Wireshark, CA Spectrum, HP Airwave, Firepower Management Center (FMC), Panorama

Ticketing tools: ServiceNow, CA service desk, Remedy

PROFESSIONAL EXPERIENCE

Confidential, Fremont, CA

Sr. Network Engineer

Responsibilities:

• Senior network engineer in the global IT services team.
• Provide support for daily network and security operations. Primary point of contact for resolving issues related to Quality of Service for Unified communications team.
• Configure and deploy new network segments as needed.
• Support a network consisting of multiple data centers and 100 remote sites across the world with a user base of 10000+ users.
• Troubleshoot issues related access control, switching, routing, wires, wireless & WAN circuits
• Administer and maintain all the network equipment including Access Points, Switches, routers, WAN accelerators, IPS, Firewalls, Load balancers & WAN circuits.
• Leverage monitoring tools like Solarwinds, Live-Action, PRTG, and Cisco prime to troubleshoot issues related to QoS, packet loss, & Latency.
• Monitor service now queue for tickets and resolve incidents within defined SLA’s.
• Identifying root cause and provide detailed root cause analysis for high priority incidents (P1).
• Work with change advisory board and explain the changes being implemented for approvals.
• Resolved 100’s of incidents related to Network and Security infrastructure and access issues.
• Successfully completed migration of 6500 catalyst switches to 4500-x switches as part of life cycle management process.
• Configured and deployed new Nexus switches (3k, 5k, & 9k), catalyst switches (4500, 4500-X, 9200 & 9300) and routers (ISR 4400, 4300)
• Installed and configured the Silverpeak GMS for centrally managing all the Silverpeak nodes Confidential remote locations.
• Deployed Silverpeak WAN accelerators (NX Series) for optimizing the WAN traffic (SMB and Backup traffic in particular).
• Created custom applications and route policies on Silverpeak devices for excluding the Voice traffic from optimization.
• Created and scheduled weekly and monthly backups, reports from Silverpeak GMS.
• Worked with project team and successfully migrated authentication services from Cisco ACS to ISE (Identity Services Engine).
• Successfully upgraded 20+ Cisco wireless controllers and 5000+ access points.
• Designed and implemented global QOS policy on all the routers (MPLS & internet) for prioritizing the Voice, Video and Critical Data traffic.
• Configured, deployed & upgraded multiple F5 LTM devices in High availability.
• Successfully upgraded more than 200 Palo Alto IPS & Firewall devices to 8.1 Version.
• Deployed Cisco ISE to replace the End of Life ACS.
• Onboarded AD’s devices and setup authentication and authorization policies for different devices on ISE for network access.
• Installed patches on ISE PSN nodes for mitigating the bugs
• Configured and enabled profiling for devices on Cisco ISE.
• Migrated remote branch sites palo alto firewalls to Prisma cloud for increasing the flexibility and reducing the operational life cycle management.
• Configured and setup Prisma tunnels for enabling the local internet break out for remote sites.
• Worked with panorama for managing the palo alto firewalls, and Prisma tunnels.
• Written scripts by leveraging Para Miko module in python for performing bulk configuration on the network switches and routers by SSH.
• Created and executed python scripts for performing DMVPN cert update on all Internet GW routers Confidential one go.
• Developed reports in Service now for analyzing the type of incidents for improving proactive monitoring and reduce incidents.
• Analyzed the change tickets and proposed standard change templates for less risk and repeated changes to automate the process of implementation.
• Created VNET’s and maintained external DNS services on Microsoft Azure cloud.

Environment: LAN, WAN, Data Center, MPLS, Cisco ISR 4451, 4431, 4331 routers, Palo Alto IPS & firewalls, Panorama management console, Cisco Nexus 5k, 9k & 2K FEX, Cisco Catalyst 6500, 4500, 3800, 9200, 9300 switches, Cisco wireless controllers, Cisco WAP’s, IPSEC tunnels, Pulse SSL VPN gateway’s, Solarwinds NPM, NCM, IPAM, Cisco Prime, Live-action, Open Gear Out of Band management, Microsoft Azure cloud, Azure external DNS, F5 LTM, Palo alto firewalls.

Confidential, Sacramento, CA

Network Infrastructure Consultant

Responsibilities:

• Senior Network infrastructure consultant Confidential &T consulting.
• Provide support for network and security operations for multiple state accounts.
• Supported a network consisting of data center & 140 remote sites.
• Reviewing existing WAN Network and proposing changes for improving the stability and security posture of the network.
• Troubleshooting network issues related to MPLS VPN WAN, EIGRP, and BGP routing protocols.
• Troubleshooting network issues related to L3 and L2 switching (Nexus 7k, 2k, & Catalyst 6500).
• Performing network data and security log audits.
• Performed a complete switch refresh for upgrading existing remote site switches to new HP 2530 POE switches.
• Developed complete configuration files for all the new HP switches.
• Maintained LAN with flat network and WAN with MPLS.
• Designed a VLAN solution for migration of existing flat network into hierarchical network.
• Working with Panorama security manager for managing Palo Alto firewalls.
• Performing changes to Fortinet firewalls by using Forti Manager.
• Creating, monitoring, and troubleshooting IPSEC site to site Tunnels, and SSL VPN’s.
• Design and Implement new wireless solution with HP Aruba Wireless.
• Implemented a complete project for migrating from Cisco wireless to Aruba wireless.
• Installed Aruba Airwave for management and Clear Pass policy manager for policy management and authentication.
• Configured Aruba wireless IAP’s for meeting the specified requirements of the client.
• Created a design solution for incorporating Riverbed WAN optimizers into the network.
• Configured and verified the Riverbed WAN optimizers for optimizing the MPLS WAN traffic between data center and remote sites for client (Riverbed Steelhead, Steel Central, and netprofiler).
• Worked with Riverbed Cascade Gateway for collecting data from network devices using NetFlow.
• Designed a solution for migrating the Riverbed WAN accelerators to Silverpeak WAN accelerators.
• Worked with Solarwinds NPM, Confidential &T digital Hands & Security on demand for network monitoring and troubleshooting environment.
• Created new Network design for incorporating ASA next gen firewalls (ASA 5516-X) into network.
• Configured and Implemented complete firewall deployment project which consists of Cisco ASA 5516-X firewalls with IPS functionality, and Firepower Management Center (FMC) for centralized management of firewalls.

Environment: LAN, WAN, Data Center, MPLS, Cisco 7206 VXR, Cisco ISR 4431 routers, Cisco ASA 5516-X, Fortinet 3000D and 900D firewalls, Palo Alto firewalls, Cisco Nexus 7010, 5596, Nexus 2K FEX, Cisco Catalyst 6509 switches, HPE 2530 POE Switches, Cisco wireless controller, Cisco WAP’s, Riverbed Steelhead CX5070, CX770 Aruba Wireless controller, Aruba IAP’s, Access-lists, IPSEC tunnels, FORTINET IPS, VPN, NAT, Solarwinds NPM, Cisco Firepower Management Center (FMC).

Confidential

Network/Security Engineer

Responsibilities:

• Resident engineer Confidential client location and responsible for NOC and SOC operations.
• Support Campus area network and support a user base of 5000.
• Part of data centre migration team installed and configured all core and access switches in the data center migration project.
• Configured edge routers Confidential different sites for connecting to data center using WAN.
• Maintenance of network systems including routers, switches, Next generation firewalls, load balancers, 10G fiber, Wi-Fi controller and access points.
• Provided support for existing network services & to integrate new network technologies/services.
• Resolved network performance & connectivity issues on the wireless & wired network.
• Made changes to QoS policies for prioritizing the traffic.
• SOC operations including resolving change tickets of VPN, virtual IP’s, NAT and ACL’s.
• Installed, and configured Cisco routers (7200, 3600, and 2800) and Cisco switches (6500, 4500, 2950 and 1900 series).
• Implemented static routing, routing protocols (OSPF, and BGP), switching (VLANS, VTP Domains, STP, and port channels).
• Implemented 3 tier architecture in the network segregating and deploying core, distribution, and access layer switches.
• Implemented and maintained SYSLOG and AAA server.
• Maintained Datacentre LAN.
• Configured and maintained Cisco ASA and Fortinet firewalls.
• Installed and configured Cisco and Ubiquity wireless devices.
• Configured and managed VLANs and Inter-VLAN communication.
• Monitored Leased Lines using PRTG.
• Monitored network devices (routers, switches, firewalls, and wireless access points) using one click spectrum software.
• Monitored and maintained backbone Optical Fibre Cable (OFC).
• Performed backup operation of routers, and switches configuration by using TFTP.
• Implemented migration project of updating Cisco ASA firewalls to Fortinet firewalls.
• Installed and configured Fortinet firewalls from scratch.
• Configured HA between Fortinet firewalls.
• Configured IPSec and SSL VPN’s on Fortinet firewalls

Environment: LAN, WAN, Cisco ASA, Cisco PIX, Fortinet 3340B, Cisco 7200 and 3945 ISR routers, Cisco catalyst 6509, 4510, 4506 switches, Cisco 2900 access switches, Cisco WAP’s, Ubiquity wireless devices, IPSec VPN, SSL VPN, Site-Site VPN, Access-Lists, and NAT.

Confidential

Network Administrator

Responsibilities:

• Implementation and maintenance of WAN connectivity using Leased line setup as primary links and ISDN as a backup.
• Generated daily, weekly, and monthly reports of machine stations that are down due to leased line failure. Worked with the onsite engineers to address and resolve the network issues.
• Documented all the root causes for occurred network issues and implemented necessary preventive measures.
• Resolved common LAN problems such as Cable issues, IP conflicts, DHCP renewals, and switch port errors.
• Installed and configured standalone and network printers.
• Coordinated and executed software and hardware updates for cisco switches and D-Link vendor modems.
• Coordinated with service providers for resolving link related problems.
• Commissioned, Installed, and maintained Channelized E1 networks and ISDN.

Environment: LAN, WAN, leased lines, ISDN, channelized E1’s, D-Link Modems, Cisco 3600, 2600 routers, Cisco catalyst 3550, 2900 switches

Confidential

Jr. Network Administrator

Responsibilities:

• Level 1 system and network administrator for solving common technical difficulties for users with assistance from senior engineers.
• Identifying & correcting common problems associated with IP addressing and host configurations.
• Configuring, verifying & troubleshooting of static and default routes for a given specific requirement.
• Manage IOS configuration files. (Including: save, edit, upgrade, restore).
• Implementing basic router security. (Assigning user mode, privilege mode passwords)
• Configuring and verifying a basic WAN serial connection.
• Configuring and verifying a PPP connection between Cisco routers.
• Troubleshooting WAN connectivity issues.
• Verifying router and switch operations using basic utilities (including ping, traceroute, telnet, SSH, ARP, ipconfig), SHOW & DEBUG commands.
• Installed operating systems in client desktops and updated patches.
• Installing new routers, switches, and wireless access points Confidential the client location and performing the basic configuration.

Environment: LAN, WAN, Initial configuration, Cisco 2600, 2800, 2811XM routers, Cisco catalyst 3550, 2900 switches, Cisco WAP’s, Windows operating systems.