SUMMARY

• 7+ Years of experience in Designing and Implementation providing network support, installation and analysis for a broad range of LAN/WAN/MAN communication systems.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP - BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
• Proficient in setting up IT infrastructure including wide area networks (WAN), local area networks (LAN), security management systems network device administration.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Implementation and configuration of F5 Big-IP LTM-6400 load balancers.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
• Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTMs and GTMs.
• Experience in testing Cisco routers and switches in laboratory and deploy them on site production.
• Experience with configuring Nexus 2000 FEX (Fabric Extender) which acts as a remote line card (module) for the Nexus5000
• Creating the Dynamic Address Groups in panorama and mapped to the parallel group to automate the flow if workload changes made in NSX environment into panorama system.
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a data center access architecture
• Experience in configuring and troubleshooting of Juniper SSG series
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Sub-netting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 GigE circuits.
• Worked extensively in Configuring, Monitoring and Troubleshooting Netscreen and SRX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Worked on Extensively on Juniper SRX (100/210 &640) firewall Series
• Implementing security Solutions using Palo Alto PA- 200/220/820/2050/3000/3050/3220/3260/5000/5020/ /5260/ PA-VM- 100/200/300/500/700/ M-500(Panorama), Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
• Adept in preparing Technical Documentation and presentations using Microsoft VISIO/Office
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning
• Effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
• Worked with convert Checkpoint VPN rules over to the Cisco ASA solution, Migration with both Checkpoint and Cisco ASA VPN experience
• Good communication skills and a team player, Effective inter-personal skills, adaptable to any environment with the latest technologies and provide solutions as an individual and as a team member.
• A highly-organized individual who adopts a systematic approach to problem solving, effectively analyzes results, and implements solutions
• Implementation of DHCP, DNS, FTP, TFTP, Frame Relay, MPLS, ATM, ISDN.
• Extensive knowledge of Data Encryption Computer Networking and Cloud Computing, Cisco's Cloud Edge/WAN services network.
• In-depth knowledge of cloud networking environments
• Ability to manage all phases of network installation and administration.
• Excellent customer management/resolution, problem solving and debugging skills with good verbal/written communications and presentation skills.
• Well organized, Self-starter, Quick learner, Self-motivated, Team player with analytical, technical and communication skills.

TECHNICAL SKILLS

Networking: OSI Model, TCP/IP, UDP, IPV4, IPv6, Sub-netting, VLSM, Layer2/3, Advanced switch and router configurations (Cisco IOS).

Switching: V-lans, Trunking, Ether Channel, Port Fast, Up-link, STP, RSTP, PVST+, DTP, MLPPP, IEEE 802.1q, MPLS, ISL and dot1q, SMTP, Inter-VLAN Routing, Light weight access point.

Routing: RIP2, EIGRP, OSPF, BGP v4, IS-IS Static Routing, Route.

Infrastructure services: DNS, ICMP, SNMP, ARP, IRDP, NAT, SNMP, SYSLOG, NTP, Infoblox, DHCP, CDP, TFTP and FTP.

Layer 3 Switching: CEF, Multi-Layer Switching, Ether Channel.

Carrier Technologies: MPLS, MPLS-VPN.

Network Security: Palo Alto PA- 200/220/820/2050/3000/3050/3220/3260/5000/5060/5260/ PA-VM, NSX DFW-VM Series, Cisco ASA5550/ 5540, NetScreen, Juniper SRX, Checkpoints, AAA, Firemon, FREE RADIUS, CADA, LDAP, IPsec VPN, SSL VPN, IDS, IPS, Source Fire, Fire Eye, Cisco NAC (4.9.3), Cisco ISE, Aruba, RSA, RSA 2 Factor, SIEM, Qradar, Tripwire.

Management tools: Wire shark, SNMP, Ethereal, Solar Winds, Net cool, Science Logic, Log Logic, EM7, Indeni, nCircle, PRTG, Blue Coat, Websense, Cisco NAC, ISE, Active Directory.

Firewalls & Load Balancers: PA- 200/220/820/2050/3000/ 3050/3220/3260/5000/5020/5050/5060/5260/ PA-VM- 100/200/300/500/700/ M-500(Panorama)/NSX DFW-VM Series, Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800, Juniper Netscreen 6500, 6000, 5400. Juniper SSG Firewalls, F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810.

OS: Windows (98, ME, 2000, XP, Sv2003, Sv2008, Sv2012, Vista, 7, 8), Ubuntu, Linux, Kali Linux, CentOS, FreeBSD, Red Hat.

Language: Unix, Turbo C / C++, basics in Perl and Shell scripting.

PROFESSIONAL EXPERIENCE

Confidential, Fort Worth, TX

Security Consulting Engineer

Responsibilities:

• Developing, creating, modifying and implementing the enterprise security network segmentation strategy.
• Enforcing security standards and best practices for all aspects of BNSF’s network perimeter security platforms.
• Providing security consulting services concerning network/perimeter security best practices to internal application and system development teams.
• Working with the Security Operations Center to implement appropriate network and systems monitoring and to act as a mentor.
• Evaluating supplier security tools and appliances to support BNSF security policies and standards.
• Managing the implementation of security tools using best practices.
• Monitoring security data and reports taking action to implement preventative measures to keep BNSF data, systems and network secure.
• Providing security architecture requirements to stakeholders and service providers to ensure compliance with Enterprise Security architecture standards and best practices.
• Conducting security vulnerability assessments and penetration tests of systems and networks.
• Assuming a key role as a senior member of the security emergency response team supporting our security alert plans.
• Providing expert analysis, troubleshooting and forensic investigation of security anomalies which may require periodic on-call, after hours support, including weekends and holidays.
• Management, monitoring, and reporting of Palo Alto Firewalls.
• Supporting server and application moves with access control changes.
• Firewall configuration using command line and element management systems.
• Supports zone related moves with access control changes.
• Supports Palo Alto software and firmware upgrades.
• Conducting knowledge transfer to the customer staff.
• Configured site-to-site VPN on Palo alto firewalls Worked withPalo Altofirewalls PA- 200/220/820/2050/3000/ 3050/3220/3260/5000/5020/5050/5060/5260/ PA-VM- 100/200/300/500/700/ M-500(Panorama) using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall
• Deploying Microsoft Azure VM-100/300/500 Firewalls with Auto-Scaling feature and managing them using the panorama.
• Enabled the NSX and Panorama security policies to be dynamically updated.
• Integrated the NSX, VM-Series and Panorama
• Deploying VM-Series Firewalls instance using NSX Manger.
• Designed the security groups in the NSX Manager.
• Created the Dynamic Address Groups in panorama and mapped to the parallel group to automate the flow if workload changes made in NSX environment into panorama system.
• Colabarating the Palo Alto Firewalls and Panorma with the Expedition tool and Cleaning up Firewall risk policies using Machine Learining feature in the expedition tool.
• Migrated juniper firewalls to Palo Alto network firewalls using Expedition Tool and carried out troubleshooting and configuration of the same.
• Maintaining the Tipping Point IPS, Pulse Secure, Skybox, Cisco Umbrella and Bluecoat proxy appliances.
• Monitor, operate and support network security devices such as cisco ASA, juniper and checkpoint VSX firewalls
• Worked extensively onCisco ASA 10/5540) Series and set up OSPF dynamic routing on Cisco ASA Firewalls by using and following their current network structure
• Experience with convert PIX rules over to theCisco ASA solution and tweaked/ adjusted access lists (ACL) onASA firewall for the proper network routing
• ImplementedJuniper SRX 0 firewall change requests while managing multiple customerfirewall equipment along with deploymentof juniper SRX 5800 to replace the Net Screen 5200/5400 firewalls in the Los Angeles Data Center
• Assisted with the design, maintenance, and troubleshooting ofjuniper firewalls on customer's backbone and provided support for complications experienced with BGP and OSPF processes onjuniper-series (1000) firewalls
• Set up point to point OSPF connection on juniper SRX and SSG firewalls and configured IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Configuring rules and MaintainingPalo AltoFirewalls & Analysis offirewall logs and also implemented Zone Basedfirewall and Security Rules on the Palo Altofirewall
• Successfully installedPalo AltoPA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls and support ofPalo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
• Implementation and testing of ISDN BRI/PRI circuits.
• Managing data center and network by using solar winds, NPM, NTA, NCMand F5load balancer and citrix loadbalancer
• Hands on experience in design and implementation ofF5 LTM's (3600, 4500, 6900, 8950 etc.), its methods, implementation and troubleshooting on LTMs and GTMs
• ImplementedF5 in both Active/Active & Active/Standby mode and performed SSL offloading on theF5 LTM (Certificates being pushed from Venafi)
• PerformingBluecoat, Bluecoat Policy optimization for Citrix User policy and F5 Overview training to various network team personnel for proper knowledge transfer
• Analyze and Interpret Sun/Solaris policy and translating intoBluecoat Proxy SG format for seamless transition for the customer
• Experience configuring VPC, VDC and ISSU configurations along with modular software upgrade in Nexus 7010
• Experience in Auditing, Archiving and performance tuning of Remedy and service now Setups.
• Hands on experience on various ITservices ofservice now tool likeservices Catalog Requests, Asset Management, Configuration Management,service now Administration, Incident and Problem Management, Knowledge Management, Reporting, Integration with Webservices and strong skill set in theservice now suite development including SOAP/REST integration, Webservices, Discovery, Workflow, and CMDB, asset managementservices: Businessservices and Configuration item relationships.
• Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E and CISCO NEXUS data center infrastructure with 2000, 5000 and 7000 series routers and s cisco 3500, 4500 series switches by enabling networked devices
• In corporate Cisco Nexus 9000 NXOS to ACI fabric to work in concert with existing Nexus 7000s and ASRs for Multi-Protocol Label Switching(MPLS)
• Tested JUNOS images on juniper MX router platforms covering various protocols and technologies like OSPF, BGP, LDP, MPLS, Layer3 VPNs and assisted in setting up P2P OSPF connection on the Cisco and juniper routers like MX, EX, ASR series devices with their current network
• Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, WISM, STP (Spanning tree Protocol), RTSP & Multicasting protocols
• Working on troubleshooting, implementing and configuring new devices and helping them to build new data center and moving devices from one data center to another while supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations
• Deployed VXLAN on the Nexus 9000 to map the physical VLANs to the Virtual Overlay VLANs.

Confidential, Plano, TX

Sr. Network Security Engineer

Responsibilities:

• Configuring rules and Maintaining checkpoint VSX, Palo Alto Firewalls & Analysis of firewall logs using various tools
• Design, implement and administer enterprisenetworkinfrastructure utilizing Juniperrouters across locations.
• Migrated juniper firewalls to Palo Alto network firewalls and carried out troubleshooting and configuration of the same.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Network security including NAT/PAT, ACL, and ASA Firewalls.
• Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as Firewalls and URL and application inspection
• Adding Rules and MonitoringCheckpoint Firewalls traffic through Smart Dashboard and Smart View Tracker applications.
• Update & Follow UpCheckpoint IPS Signature Packages occasionally.
• ConfiguredCheckpoint issues, Site-to- Site VPN.
• AdministeredCheckpoint Firewalls of R65 and R70 clusters.
• Experience in migration with both Checkpoint and Cisco ASAVPN.
• Hands-on experience with converting Checkpoint VPN rules over to theCisco ASAsolution.
• Configured, Monitored and Troubleshot Cisco's ASA Security appliances
• Involved in configuring Juniper SSG-140 and Check point firewall and in TACACS+ implementation
• Hands on Experience testing I Rules using Browser (IE), HTTP watch for f5 load balancers
• Routine Administration (Design, Implementation & Operations support) of Citrix, BIG-IP and F5 load balancers
• Worked on the new DMZ extension architecture which included BigIP and F5load balancers(LTM/GTM and ASM experience)
• Processed load balancing, port translation, and SMTP configurations, while working directly with project managers and customers
• Implementation and Troubleshooting Cisco Routers such as Cisco 1900, 2900, Cisco ASR 1k and Cisco 9k.
• Experience working with ASR 9000 series switches with IOS-XR
• Experience with migrating from Cisco ASA 8.2 version to Cisco ASA 8.4 Version
• Configuring Cisco Switches Such as 4500, 6500, stack switches 3750.
• Configuration and Administration of Cisco and Juniper Routers and Switches
• Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256
• Experience with setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer
• Troubleshoot traffic passing managed Palo alto firewalls via logs and packet captures.
• Involved inPalo alto firewalls Administration, Rule modification and Rule Analysis.
• Configure and Juniper EX and MX series switches and routers
• Worked on Network Layer technologies including Routing & Signaling protocols, Layer3 VPN and Multicastsupported by juniper core and edge, MX series routers
• Maintaining day to day activity includes change management onPalo alto firewalls, log analysis and troubleshooting of network issues.
• Experience working with JUNOS OS on juniper routers and Switches
• Configured LDP, OSPF, and BGP for new deployments of core/edge routers (Cisco and juniper).
• Implemented antivirus and web filtering on Juniper SRX 240 at the web server
• Migrated Juniper EX series switches to Cisco 3500 series and 6500 series switches
• Network Redesign for Small Office/Campus Locations. This includes changes to both the voice and data Environment
• Implemented Zone Basedfirewall and Security Rules on the Palo Altofirewall
• Configuring rules and MaintainingPalo AltoFirewalls & Analysis offirewall logs
• Successfully installedPalo AltoPA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls
• Security policy review and configuration inPalo Alto and Junipersfirewall in US offices and Datacenter
• Innovated with support ofPalo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing
• Created documents for various platforms including Nexus 7k, ASR1k enabling successful deployment of new devices on the network
• Experience configuring Virtual Device Context in Nexus 7k series switch.
• Experience with configuring Nexus 5000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000.
• Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing Protocol OSPF, EIGRP, BGP with access control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between experience with communicating with different with different customers, IT teams in gathering the details for the project
• Serve as part of a team of network engineers responsible for network upgrade from Cisco Layer 3 Catalyst switches to Juniper Layer 3 EX4200 & EX3200 switches across multiple offices.

Confidential, Phoenix, AZ

Network Security Engineer

Responsibilities:

• Working as Level 3 Network Engineer in Offshore Network Support team which provides Level 3 Network support to Owens-Corning and its various sites Networks across the globe.
• Experience with Palo AltoNetworks Firewall, Checkpoint Firewall and Cisco ASA.
• Providing Support and Administration for the entire OC project which includes Cisco routers, switches, and access points.
• Providing L3 support for LAN / WAN.
• Performed WAN Optimizations with strict QoS policies for converged voice, video and data traffic and integrated with Net flow tools (OPNET, manage engine) for the traffic analysis and to optimize the WAN links.
• Worked extensively on Data CenterPalo Alto Firewalland F5 BIG-IP LTM.
• Configured Site-Site VPN onPalo Alto Firewallon one side and Fortinet on the other side.
• Implemented many number of security policy rules and NAT policy rules onPalo Alto, created Zones.
• Implemented Palo Alto Firewallinterface,Palo Alto IDS and VLAN.
• Configured Cisco switches for L3 and L2 VLANs with HSRP, VTP and EIGRP implementations.
• Ability to analyze, configure and troubleshoot networks
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Identify, design and implement flexible, responsive, and secure technology services
• Experience with Firewall Administration, Rule Analysis, Rule Modification
• Troubleshoot traffic passing managed firewalls via logs and packet captures
• Configured and resolved various OSPF issues in an OSPF multi area environment.
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
• Worked with telecom vendors in regards to network fault isolation.
• Hands-on experience with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP addressing.
• Installed different software on the systems. Install and managing network devices including Hubs, Switches.
• Layer 2 switching technology architecture, implementation and operations including L2 and L3 switching and related functionality. This includes the use of VLANS, STP, VTP and their functions as they relate to networking infrastructure requirements including internal and external treatment, configuration and security.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Analyzed customer application and bandwidth requirements, ordered hardware and circuits, and built cost effective network solutions to accommodate customer requirements and project scope.

Confidential

Support Security Engineer

Responsibilities:

• Maintaining and administering the network.
• Monitoring the network access and performance for various clients.
• Configured access control using Windows NT authentication systems, windows 2000 Active directory or Linux for various clients.
• Implemented single sign on solutions using Kerberos, Microsoft Identity management and e-trust single sign on solutions.
• Configured Kerberos cross realm authentication between windows 2000 AD and Linux.
• Configured access control to network devices like switches and routers using internal authentication database and RADIUS server database.
• Provided dial-in remote access solutions for various clients using Cisco remote access server and Cistron and Windows 2000 RADIUS servers.
• Configured remote access authentication, authorization and accounting using various RADIUS servers.
• Configured two factor authentication for accessing secure applications using RSA secure ID tokens integrated with windows 2000 AD.
• Configured two factor authentication for accessing network devices remotely using RSA secure ID tokens.
• Installed and configured web servers like MS IIS, Apache, and IPlanet.
• Designed, implemented, and supported local area networks
• Designed, implemented, and supported disaster recovery procedures
• Testing, Planning and Implementation of new technologies.
• Implemented software/hardware based RAID solutions for various clients based on the requirements.
• Managing Network Security and infrastructure solutions including Firewall, VPN and Anti-Virus.
• Assist clients on various network design and security queries pertaining to the organization.