SUMMARY

• 7+years’ experience as a Senior Network/Security Engineer responsible for designing, integration, implementation and support ofLAN, WAN, F5 and Citrix load balancers, Cisco and Aruba Wireless, ACS, NAC, ISE, Call manager VOIP, SDN, SD - WAN, ASAs, Palo Alto Firewalls, Cisco Firepowerand Network Security, Designing, Implementation and Operations of enterprise data networks as Network Security Administrator.
• Switching tasks include VTP, ISL/ 802.1q, IP sec and, VLANs, Ether Channel, Trunking, GRE Tunneling, Port Security, STP and RSTP.
• Hands on experience with BIG-IP environment utilizing two or more of the following: GTM, LTM, APM or ASM.
• Implementing, Troubleshooting of MPLS LDP, MPLS VPN’s.
• Responsible for Palo Alto firewall administration across global networks
• Good Knowledge in integration and configuration of Cisco based VPN networks and ASA Firewall.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper MX series.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP and RSTP.
• Expert experience in Cisco ACE and F5 (Versions 10.x and 11.x) Big-IP Load Balancers, customized using internal tools and creating of SSL and Digital Certificates.
• Developed and directed the implementation of tactical plans for access, backbone, and interoffice networks deploying CISCO 3750, 6500, 7609 Routers and Nexus 2k, 5k 7k and 9k series switches, JUNIPER SRX, MX, TX series routers and EX4500.
• Cisco IOS, NX-OS and JUNOS configuration and troubleshooting.
• Involved in integration with SNMP, RADIUS and LogRhythm SIEM syslog server with Palo Alto and checkpoint firewall and Expert experience in Infoblox DNS/IPAM/DHCP appliance
• Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Experience in routing protocols like EIGRP, OSPF, RIP, BGP and MPLS/VPN.
• Experience with AWS integration to On premise datacenter utilizing VPN.
• Worked on Cisco 6500, 7200VXR, 12000 series Router and Cisco 4500, 6509, 7613 series switch.
• Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
• Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks.
• In-Depth Knowledge and experience of various wireless 802.11 standards, controllers, Access Points, Wi-Fi analytics from various vendors (Cisco Meraki, HPE /Aruba, D-Link and Netgear), SD-WAN (MX 65, MX100, MX400)
• Engaged in the Cisco DNA Voucher Operations Program as a DNA Mentor to provide mentoring service to sales eligible Cisco Partners.
• Experience with Cisco Meraki wireless managed network infrastructure.
• Workedwith TUFIN and Firemon for pushing firewall policies and monitoring the logs.
• Experience with AWS and Azure Security Architecture.
• Configuring, monitoring and troubleshooting Cisco's PIX, firewall, ASA, routers and switches.
• Configured HSRP on Nexus7K's and C6500 series switches.
• Knowledge on working with Wireless LAN Controller's, Cisco Meraki, Cisco AP's, Standalone AP's and Mesh AP's.
• Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
• Worked with the Audit team by usingAlgoSectool to analyze firewall and automating the auditing and analysis of firewalls, routers, VPNs and other security devices.
• Implemented F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection, configuring and managing F5 Web Accelerator module and Application Security Module (ASM) technology or with similar/competing ADC and Security product solutions.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
• Hands on Experience with Fortigate 1000C, 3600C, 1000D, 3800D Firewalls and Fortimanager4000 E, Fortimanager 3900E, Fortimanager 3000C & Fortimanager 1000D
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Hands on experience in configuring and supporting site-to-site and remote access server, IPSec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
• Experience in site to site VPN configurations using Cisco ASA 5500 series firewalls
• Responsible for Checkpoint and Cisco ASA firewall administration across global networks.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
• Work experience on Bluecoat Proxy SG for Content filtering and URL filtering.
• Worked on network topological and configurations, TCP/IP, UDP, Frame Relay, Token ring, ATM, bridges, routers, and Switches.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
• Experience in configuring, implementing and troubleshooting F5 load balancer in the enterprise network
• Experience with Bluecoat Proxy servers, LAN & WAN management.
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.

TECHNICAL SKILLS

PROTOCOLS: OSI,TCP/IP,DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, TACACS+, RADIUS, OSPF, BGP, SSH, TFTP, FTP, SMTP, NTP, LDAP, Active Directory, Kerberos, L2F, L2TP, PPP, Frame Relay, SDWAN, ATM, Sonnet, Fast/Gig Ethernet, HSRP, Token Ring, ISDN, AAA, DES, 3DES, AES, and MD5, VPN (IPsec and SSL),VRRP, HSRP, DNS (BIND, DJBDNS, Infoblox), CARP, SNMP, (BGP, OSPF, EIGRP, IGRP, IGMP, RIP), Routed Protocol TCP/IP, Multicasting (PIM).

NETWORK MONITORING Tools: HP OpenView, Netscout, Ethereal, tcpdump, netcat, Sniffer, Snort& Snortsnarf, MRTG.

OPerating Systems: Microsoft XP/Vista/7, UNIX, Linux

SSL Security Technologies: Cisco FWSM/PIX/ASDM, Nokia Checkpoint NG, Juniper SRX, 1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200.

ROUTERS: Cisco GSR 12416, 12418, 7200vxr, 3640,3600, Linux, UNIX, DOS, Windows XP/2007/8, Windows 2003 server and Windows 2008 server

SWITCHES: Catalyst 6500, MSFC, MSFC2, 7600, 3700, 3500, 2900, 3500, 4000, 4500, 5000, 5800, 6500, Nexus 2k, 3k, 5kand 7k, MSFC, MSFC2.

VOIP: SIP H.323, MGCP, TDM, SS7, Avaya Voice gateways.

LAN/WAN TECHNOLOGIES: T1, DS3, OC3, SONNET, MPLS, DSU/CSU, Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3,MPLS

NETWORK EQUIPMENT: Advanced switch/router configuration (Cisco IOS access list, Route redistribution/propagation)

VPN Technologies: GRE Tunneling, Site-to-Site VPN, SSL VPN

HARDWARE PLATFORM: Cisco Routers, Ethernet Switches, F5 LTM, GTM

PROFESSIONAL EXPERIENCE

Confidential, TX

Sr. Network Security Engineer/Admin

Responsibilities:

• Hands on experience in Aruba S2500 switches, Aruba 7200, 3600 series wireless
• Implemented IWAN (SD-WAN) solution to convert Multiple sites into IWAN for WAN Optimization and Enhance Application Performance.
• Experience on Create/Manage McAfee Endpoint Encryption Safe boot Packages.(SIEM).
• Monitored and troubleshoot EIGRP, MPLS, multi area OSPF and OSPF scale issues.
• Worked extensively on Cisco Firewall ASA 5500 Series (Configured ACLs in Cisco 5540 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT.)
• Provide remote support for partners on installation and configuration problems and issues related to SD-WAN
• Actively worked on installation, configuration and testing of Aruba's wireless Access points.
• Configure IPSEC and SSL VPN with Palo-alto, Cisco ASA, Fortinet, Checkpoint and Router.
• Configure, Manage, Analyze, and Optimize Network Performance, Traffic, SD-WAN, VPNs, Security, Firewalls, & Policies.
• Configured AAA server (Radius and TACACS+) for authentication and authorization for all remote VPN users.
• Monitored the network logs using FIREMON and TUFIN.
• Mange Antivirus Server using McAfee Epo 5 & SIEM.
• Experience in integrating identity federation with Cloud (SaaS) SAML based applications using F5 APM.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTM, GTM, APM and ASM. Worked on software versions including 9.2, 11.4.1, 11.5.3.
• Configured WAN connections with Meraki and FortiGate SD-WAN.
• Following up the transmission project solution (Servers DB Hitless protection solution, BB IPMPLS, Ethernet Traffic protection)
• Support over two hundred Cisco Firewalls Cisco ASA 5500, Series 5500 - X, and Cisco Next-Generation Firepower 4100 Series security appliances in standalone and high availability configurations.
• Experience in Cisco Routing and Switching using 3600, 3700, 3800, 5300, 6500, 7200, 7600Nexus 7k, Nexus 5k, Nexus 2k& ASR 9000, 1000 series routers, Meraki products.
• Expertise in Cisco ACI, NX-OS and IOS, other SDN products Tiered Domains, QoS, Data center network design, cloud infrastructure design and management, OSPF, BGP,EIGRP VLAN Trunking.
• Technology Used: Routing, Switching, Firewalls, VPN Tunnels, GRE, STP, HSRP, SNMP, VLANS, BGP, Netting
• Features, Placing, Transferring, Conferencing & voice messaging services.
• Design, Implement and Integration of Cisco Firepower firewall for perimeter connectivity.
• Successfully designed and delivered secure cloud solutions for some of the Major organizations on AWS Cloud.
• Performed VOIP CER/CUC/CUCM Base Configurations; Pre-Migration tasks including IOS Upgrades prior to UC 8.6 to 10.5 upgrades.
• Configure and administer security rules and policies to permit and/or deny user traffics based on company. security policy with F5 BIGIP, Fortigate 1500D, Checkpoint, Cisco ASA, and Palo alto firewalls
• Understand customer requirements for wireless networks and explain how Cisco Meraki will integrate with current infrastructure, as well as service future needs.
• Implemented MPLS VPN (RFC 2547) Mechanisms on Cisco IOS and JUNOS.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550. This project also involved in configuring and testing EIGRP, BGP, IPsec (DMVPN).
• Implemented WLAN Aruba Wireless Access Points and its Controllers at various corporate sites fort 11n Infrastructure and its legacy technologies.
• Configuring and troubleshooting Edge and Core routers in MPLS domain. Implementing MP-BGP Session between PE Routers.
• Worked on troubleshooting production issues related to MPLS VPN involving PE configuration, PE-CE link issues such as routing protocol configuration, Layer1 / Layer2 issues, BGP4 address-family related issues, MP-BGP.
• Working on routing protocols, DMVPN, SD-WAN, segmentation, WAN acceleration, and security.
• Performing data backups and data recovery operations. Work with vendors to resolve technical issues of programs i.e. Aruba Networks, Cisco.
• Assisted in building Aruba Clear Pass server transition away from Cisco ACS as the primary TACACS server.
• Migrate DNS and DHCP data from one DDI platform to another. Configuring & troubleshooting DNS & DHCP.
• Source of knowledge for SD-WAN and routing trends and technologies.
• Managed, installed and configured different type of equipment such as Alcatel Service routers 7750, layer 2 bridges such as ADVA and Overture, Silver Peak SD-WAN and Fortinet Firewalls.
• Back up, Restore and upgrade of CheckPoint and Fortigate firewall appliances.
• Installed, configured IOS voice gateways running SIP, MGCP, H323 protocols.
• Strong production experience in managing F5 BIG-IP APM and LTM.
• Used F5 BIG-IP Local Traffic Manager (LTM) and provided a flexible, high-performance application delivery system to increases operational efficiency and ensures peak network performance for critical business applications.
• Configure checkpoint and fortigate firewall to authenticate users based on user identity, user group, session and PC-User Authentication.
• Continually upgraded Meraki security devices as all store locations and kept current firmware, verified Meraki was upgraded, both circuits were functioning through the Meraki and wireless clients were using the Meraki appliances.
• Configure / Troubleshoot Juniper: EX-3300, EX-4300, and EX-4500, EX 6200 series switch for LAN /WAN connectivity.
• Worked extensively with multiple wireless hardware vendors including Cisco, Cisco Meraki.
• Troubleshoot and monitorFirewalltraffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor). Analyze Logs and make necessary network reports using Smart Reporter console application.
• Using Algosec for the audit of the rules on the firewall and Enhance existing change management system with intelligent network and security automation.
• Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4
• DNS net names and IP management usingMenand Mice.
• Network monitoring, packet captures and troubleshoot traffic passing throughFirewallvia logs.
• Join troubleshooting calls to provide visibility to the traffic or data flow.
• Worked with the DCM security team to review list of IP addresses in-scope for particular migration and record findings.
• Performed Site surveys, Contact Center audits, VOIP readiness assessments for customer deployments.
• Cisco Customer Voice Portal CVP Scripting.
• Executed training / Bootcamps to Cisco partners for the design, installation, configuration, and successful demo of Cisco DNA solutions that include SD-Access (SDA) (which includes Identity Services Engine (ISE)), DNA Center (DNAC), Network Data Platform (NDP) or Assurance.

Confidential, NJ

Network Engineer/Admin

Responsibilities:

• Supported a Large F5 application delivery (LTM, GTM, ASM, APM) infrastructure of about one hundred nodes.
• Using Smart Update, User Management and Authentication in Checkpoint Firewall.
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Worked on Cisco DNA Center and Cisco ISE.
• Configured and Deployed 18FirepowerThreat defense withIPS, IDS, AMP and URL filtering and integrated with Firepower Management Center FMC for 5516-X,5545-X,2100 and 4100 series.
• Advanced call manager to the standard version and updated system to support the VOIP enforcement.
• Hands on experience on all software blades of checkpoint firewall.
• Expertised for the SD-WAN (Versa & Viptela), SD-LAN and WAN optimization technologies for efficient delivery of the application data across LAN and WAN.
• Completed project to evaluate Cisco Next-Generation Firepower 4100 Series security appliances for both the virtual Firepower Threat Detection and the Virtual ASA modules to increase security in a production environment.
• Configuring and troubleshooting issues on Voice gateways and VXML Gateways.
• Administrate NetScaler 9.5/10.5/11.0/11.1 for Access Gateway along with SSLVPN, Gateway load balancing, SSL certificates Management and GSLB Configuration
• Palo Alto firewall troubleshooting and configuring policy based on change request, allowing/denying communication between different segments of the network based on requested ports
• Supporting deployment of SD-WAN MPLS implementation via Viptela vEdge devices.
• Generating the FireFlow tickets for the rules for which Connection ID already provided and RISK rating the rules.
• Handled SRST, Voice Routing Protocols, QoS and Voice Gateways and even maintained network engineering framework.
• Worked with TUFIN and Firemon for pushing firewall policies and monitoring the logs.
• Experience with F5 BIG-IP local traffic manager for performing load balancing across servers in a single data center
• Meraki sites implementation with Cisco ISE, manual profile policy
• Optimize Meraki setup and troubleshoot, tier 2 and tier 3, redesign and implementation
• Fortinet, Palo - alto, Cisco ASA, F5 (LTM).
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform during new data center migration from Citrix NetScaler 9.3 and Cisco ACE 4100x/4700; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, LTS 1.2, and HA vCMP provisioning.
• Migrate, Upgrade and Patch Management of Cisco ASA, Checkpoint, Palo Alto and Fortinet Firewalls.
• Knowledge and experience BGP, OSPF, ISIS, IPMPLS, QoS, IPv6, Multicast related areas.
• Knowledge of Juniper environment including SRX/Junos Space.
• Configured and set up of Juniper SRX firewalls for policy mgmt. and Juniper SSL VPN's
• Engineered traffic management solutions, including designing, low level engineering for F5 LTM, GTM, ASM, APM environment.
• Configured Cisco Unified Communications Manager media resources, features and voicemail integration.
• Configured Viptela devices and creating device and feature templates on vManage required for SD-WAN implementation
• Performed F5 appliance (LTM, GTM, APM, and ASM) maintenance and system upgrades including hot fixes and security configurations.
• Reviewed and demoed all qualified SD-WAN solutions in a lab environment.
• Wrote a test plans for the selected SD-WAN solutions.
• Provided a proof of concept/pilot for selected SD-WAN solutions.
• Engineering lead for ITB/TSTU SDN research and development initiative.
• Provided research for implementing zero touch provisioning, configuration management, and cloud orchestration tools.
• Provided lab testing and proof of concepts for SDN products.
• Maintaining Users and Groups as well as Creation of new Users and Policies. Deployed and manage security controls such as DLP, IPS/HIPS, web content filtering.
• Configuring and troubleshooting routing protocols OSPF, EIGRP, RIP, MPBGP, and LDP.
• Advanced knowledge in TCP/IP suite, security architecture and routing protocols: OSPF, BGP, & EIGRP, IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
• Provided technical support for voice recording and CVP applications.
• Investigation of internal alerts & Performed payload analysis of packets usingWireshark.
• Analyzed the flow of packets for LAN and Wi-Fi interface on the computer usingWireshark. Analyzed DHCP, DNS, and ICMPv6 and TCP protocol packets.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Hands on experience in creating the policies (vulnerability, anti-virus, wildfire etc) database revision controls, upgrade export and import, snapshot procedure on regular basis.
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Centre and provided L3 support for routers/switches/firewalls
• Good knowledge on Juniper SRX240, SRX220 and SRX550 series Firewalls.
• Responsible for designing and implementation of customer’s network and Security infrastructure.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Blacklisting and White listing of web URL onBluecoatProxy servers.
• Configuring routers, switches, WLC, Access Points,BluecoatProxy Server, Cisco ASAs, etc.
• Configured Routing protocols such as RIP, OSPF, EIGRP, MPLS static routing and policy base routing.

Confidential

Network Engineer/Admin

Responsibilities:

• Involved in configuration of Access lists (ACL) on ASA firewall for the proper network routing for B2B network connectivity.
• Implementing and troubleshooting complex layer 2 technologies such as VLAN, Trunks, VTP, Fabricpath, etherchannel, STP, RSTP, MST & port security along with trouble- shooting of inter-VLAN routing and VLAN trunking using 802.1Q.
• Configure Cisco 3550 Layer 2 and Layer 3 and supervise equipment installation and cabling work.
• Extensively used TCP/IP tool like TELNET for remote login to the routers and SSH for secure login.
• Managed various teams involved in site surveys, cabling specifications, Network equipment installation and configuration.
• Involved the implementation, and support of VOIP technologies.
• Utilized Solar winds for Network Monitoring, Configuring and maintaining TACACS+ for AAA.
• Centralized Application Enabler for WAN sites thru Citrix Server.
• Hands on experience with Alcatel and Nexus switches, Fluent with telnet, SSH, FTP and TFTP.
• Assist in redesigning the campus LAN, routing protocol, IP telephony, enterprise edge, IP addressing scheme for client.
• Lead the installation and configuration of corporate wide rollout of the Cisco Catalyst 3550, 3560, 3750, switches including VLAN configuration, VTP, 802.1q Trunking, Spanning-Tree protocol, Ether Channel, & FHRPs such as HSRP & GLBP.
• Monitor device activities & LAN/WAN (Frame Relay &MPLS) utilizing Cisco Works, SNMP; coordinate new circuit installations.
• Diagnose & resolve complex layer 1, 2 & 3 connectivity using Wireshark analyzer & recommend solution for better performance.
• Document troubleshooting progress, configuration changes, problem resolution, and the physical & logical topology to support future troubleshooting tasks.
• Develop standard operating procedure (SOP) documentation.
• Upgrade Cisco Routers and Switches IOS using TFTP.
• Configured and supported multiple remote site installations.
• Migrated network from full mesh frame relay to Point-Point T1 on larger sites, and implemented IPsec VPN on smaller sites.
• Analyze expanding network, ran fiber, and implemented wireless communication.
• Ensure thorough network documentation, including maintaining each account's network matrix, backup configurations and network diagrams.
• VPN (Cisco Universal Remote Access) troubleshooting Support and provisioning.
• Deploy multilink PPP over two T1s for simple, reliable service for remote branch office.
• Administer and maintain Windows 2008 Active Directory Forest (files services, directory structures, group policies, and security).
• Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
• Configured Mail Server, DNS Server, Web Server, Bandwidth Manager etc.
• Worked on the design and architecture team with creating network design, IP space allocation, procuring PO's for devices associated with the network infrastructure performed virtual lab based testing of network before deployment and implementation.
• Developed ACI (Cisco Application Centric Infrastructure) based Cisco Validated Designs for Enterprises and Service Providers to transform Traditional 3 Layer Architecture to ACI based (Spine, Leaf and APIC) Architecture
• Checkpoint, Cisco ASA, Fortinet and Palo Alto installation, upgrade, Monitoring and patch management.
• Experience with Cloud Networks and migration projects in AWS and Azure. Automation using Ansible.
• Good knowledge of Tunneling Protocols (IPSEC/GRE).
• Installation, deployment, Analysis and troubleshooting of Firewall Technologies i.e. Checkpoint,
• Troubleshooting with field technicians on access points, Small cell switches issues and backhaul connectivity issues with ISP.