SUMMARY

• Over 8 Plus years of experience in Network design, deployment and operations of both Confidential and Juniper Networks
• Hands on Experience on Confidential ’s Identity Service Engine - Network Access Control design, testing, deployment & implementation.
• Four (4) years Hands on Experience in Installation and Configuration of Confidential ACS 4.2 and Confidential ACS 5.1/5.4/5.5/5.7/5.8
• Experience in managing and configuring Remote Access Setup using Dial up, IPSec and Site to Site and SSL VPN Networks using Confidential ASA 5500 Series
• Hands on Experience in Installation and Configuration of Checkpoint Firewall UTM Series Appliances and Confidential Adaptive Security Appliance (ASA).
• Implementation and support of NG Firewall products from Checkpoint, Confidential ASA
• Firewall technologies including initial ground configuration, security policy, NAT rules creation and modification of Checkpoint 2012 appliances running Gaia in a Provider-1 environment and administer Smart Domain Manager command line & GUI.
• Experience working with the Confidential IPS module which allows IDS or IPS inspection of all traffic passing through the firewall Configuring RADIUS or TACACS+ autantication on Confidential ASA firewalls
• Hands on experience on Checkpoint UTM and NGX series Firewall and Application URL filtering, and strong understanding noledge on PALO ALTO Product firewall.
• Configuring and managing Windows Firewalls, Confidential PIX and Checkpoint firewalls.
• Migrated, created, and managed pools and clusters in F5 BigIP GTM 3DNS load balancers across multiple Datacenters
• Configured and managed updated Confidential Network Systems with routers for MPLS Client VPN, Site-to-Site VPN and Dynamic VPN (DMVPN)
• Expert level Knowledge on working with Wireless LAN Controller’s, Confidential Meraki, Confidential NCS, Confidential AP’s, LWAPS, Standalone AP’s and Mesh AP’s.
• Experienced in wireless/RF communications with noledge and experience in technology integration of Wireless Broadband/Convergence (IEEE 802.11, WiMAX, BYOD, etc.)
• Two yrs (2) experience with Airmagnet and three yrs (3) experience with Meraki.
• Worked on Extensively on Confidential Firewalls, Confidential (506E/515E/525/) & ASA 5500(5510/5540) Series
• Created, deployed and managed BigIP F5 load balancer nodes and pools
• Configuring policies, Firewall rules, Web filtering using checkpoint smart dashboard and Initial configuration of Palo Alto Firewall.
• Good noledge in configuring and troubleshooting Confidential Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics.
• Design,implementation,ongoing management and troubleshooting of Confidential unified communication systems including call manager/Unified communications manager 6.x,7.x unity
• Management and troubleshooting of media servers, media gateways, and IP phones Participate in the troubleshooting activities associated with daily operation works. Implement and support new and existing activities
• Working noledge on Confidential Prime Infrastructure 1.2, 1.3, 2.0, 2.2 physical appliances by configuring, monitoring and Troubleshooting.

TECHNICAL SKILLS

Routers & Switches: Confidential Routers (3800, 2800, 2500, 2400 Series), Confidential Switches (6500, 4500, 2960, 2950, 2924, 3700, 3500), andASR9K/CRS/IOS-XR

Protocols: TCP/IP, EIGRP, BGP, HSRP, IPSec, VPN, QoS, Multicast, dot1q, STP, VLANS, VTP,WLAN, DNS, DHCP, ARP, SNMP, NetFlow, Tacacs+, VRF, Confidential vPC

Operating Systems: Windows XP/Vista, Windows 7, Windows 2000/2003/2008 Servers, Windows Storage Server 2003, Linux Operating Environments.

Confidential ISE Devices: Confidential Identity Service Engine 3300s Appliances with software release of 1.0.3/1.0.4 MR, Confidential Identity Service Engine on VMware ESX 5.0 with software release of 1.0.3/1.0.4 MR,1.2.x

Confidential ACS: Confidential ACS 4.2, Confidential ACS 5.0/5.3/5.4/5.7/5.8

AAA Architecture: TACACS+, RADIUS, Confidential ACS

Firewalls & VPN: Checkpoint Firewall UTM Series and Confidential PIX 500 Series and ASA5500 Confidential 5500 Series ASAs, PALO ALTO firewall devices

Wireless Equipment: Confidential Wireless LAN Controllers (WLC) 4400 Series (4402 & 4404) 5500 Series (5508&5520), Confidential Aironet Wireless Access Points ( Series), Confidential Wireless Control Systems 5.2 Plus (WCS)

VMware: ESXi 5.1/4.2, VMware VSphere, VMware Workstation 8, VMware view, Virtual Desktop Interface.

Applications: MS Office 2003/2007- Word, Excel, Power Point, MS Outlook, Outlook Express, Windows Live Mail, VNC PC Anywhere, Team Viewer, LAN Guard Network Scanner, Real VNC.

Security: Checkpoint Firewall UTM/NGX Series and Confidential PIX 500 Series and Confidential 5500 Series ASAs, Confidential Web Security Appliance (WSA) S360/370,660/670, S000V/100V/300V, Confidential EMAIL security Appliance (ESA) C370/650/670, C000V/100V/300V, ForeScout CounterAct:CT/AS 1000/2000/4000 s and CounterACT on Vmware

Antivirus: Kaspersky Server/Client stations, AVG, Norton 360, McAfee AV

Juniper Devices: Good Working noledge on Juniper EX2200,3300,4200 model Switches and MX5, MX10, MX40 model Routers.

PROFESSIONAL EXPERIENCE

Confidential, PA

Network Security Admin

Responsibilities:

• Configured Confidential ASA and Checkpoint firewall layers securing existing Data Center infrastructure. Migrated information security from Confidential PIX to ASA5500 with LAN-failover platform.
• Experience with convert Checkpoint VPN rules over to the Confidential ASA solution. Migration with Confidential ASA VPN experience
• Implementing of Security gateways from ground as well as supporting existing firewall platforms including Checkpoint, Juniper and Confidential ASA firewalls.
• Firewall Policy Provisioning and troubleshooting connectivity issues across zones.
• Was supporting Checkpoint platform on Multi-Domain Security Management / Provider 1 environment
• Checkpoint Virtualization using VSX and spin Virtual firewalls VS and build VSLS load sharing.
• Configure Checkpoint Smart center High Availability.
• Work with different types of NAT on checkpoint including manual/auto, Static, Hide (PAT)
• Review and optimize firewall rules using Secure Track Turin tool and firewall audit reports
• Configured and maintained IPSEC and SSL VPN are on Checkpoint Firewalls.
• Configuring, Monitoring and Troubleshooting Confidential ’s ASA 5500 security appliance, Failover DMZ zoning and configuring VLANs/routing/Netting with the firewalls as per the design.
• Third Party VPN migration from old data center to new data center.
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Worked on Extensively on Confidential Firewalls, Confidential PIX (506E/515E/525/) & ASA 5500(5510/5540) Series.
• Configuring and Maintenance of Checkpoint UTM 1040,1070 and 2200 Next Generation with R70/R75/R80 Series
• Experience with CSM, F5 (LTM) Load balancers to provide efficient switching and routing for local and global traffic.
• Configuring policies, Firewall rules, Web filtering using checkpoint smart dashboard and Initial configuration of Palo Alto Firewall.
• Troubleshooting, Analyzing network connectivity and Application and URL filtering using Smart track viewer and Smart track monitor
• Performed firewall configuration primarily through the command line interface, Configured Confidential ASA firewall to use multiple security levels and interfaces
• Configuration and Installation of ASA 5520 firewalls.
• Configured ASA NAT with for outbound PAT or static NAT
• Responsible for configuring Confidential ASA secured routing templates allowing client to encrypt routing protocol updates on the firewall, if enabled
• Spent hours troubleshooting Confidential VPNs both Site-to-Site and Remote Access,Helped the deployment group with templates related to the configuration of Active/Standby failover enabling rapid deployment of failover configurations clients.
• Document each firewall change for audit requirements by contacting the SOC before and after each change and also providing successful of failed status
• Involved datacenter migration and consolidation project
• Experience with convert Checkpoint VPN rules over to the Confidential ASA solution. Migration with both Checkpoint and Confidential ASA VPN experience
• Designed and implemented security policies using ACL, firewall.
• Configured routing policy for BGP. Switching related tasks included implementing VLANs and configuring ISL trunk and 802.1Q on Fast-Ethernet channel between switches
• Redistribution of routing protocols and Frame-Relay configurations.
• Configuring and troubleshooting type of routing to route traffic flow per customer requirement as primary, backup/load balanced and load splitting.
• Performed the maintenance of Active Directory and replication scheme, DNS/DHCP services and time services, wrote step-by-step procedures for implementing upgrades.
• Configured VLANs, Private VLANs, VTP and Trunking on switches.
• Configuration and troubleshooting L3 switches with VLAN, STP, SPAN, ETHERCHANNEL, HSRP, VRRP and GLBP
• Configuring and troubleshooting type of routing to route traffic flow per customer requirement as primary, backup/load balanced and load splitting.
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to- point site.
• Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using Wireshark protocol analyzer and recommended solution for better performance
• Regularly performed firewall audits around Checkpoint Firewall-1 solutions for customers.
• Provided tier 3 support for Checkpoint Firewall-1 software to support customers.
• Co-ordinate with data center team for any kind new installations, remote support and device RMA's

Confidential, Sanjose, CA

Confidential Network Engineer

Responsibilities:

• Designed & Deployed Confidential ISE 1.2/1.3/1.4for Enterprise RADIUS Autantication with Active Directory, RSA SecurID, Proxy Radius Services to Confidential ACS, Juniper Steel Belted Radius and Radiator Radius.
• Configuration & Maintenance of Confidential ISE for Certificate based autantication for BYOD and Corporate Mobile Device Autantication using Afaria MDM
• Design and Implementation of 802.1x Wired/Wireless User Autantication using Confidential ISE Radius Server.
• Working as Network Access Controls (NAC) Administrator in planning and designing our Clients global network for Network Access Solution.
• Designed, Implemented and Maintenance of IDENTITY SERVICE ENGINE NAC Solution across Wireless, SSL-VPN and Wired Networks.
• Worked extensively on policy design and implementation for NAC solution and integrated NAC with various Network infrastructures for successful deployment of NAC solution.
• Worked on ISE policies for auto-remediation of non-compliant devices, classification of devices, etc.,
• Troubleshooting, Analyzing network connectivity and Application and URL filtering using Smart track viewer and Smart track monitor.
• Worked on upgrading Confidential ISE 3300 Appliances and 1.0.4 Confidential ISE software on VMware’s.
• Configured and performed software upgrades on Confidential Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Confidential ISE.
• Planning, designing and Configuration of various Policy Configurations, Profile Authorizations, End device Profiling, User Identities, Confidential ISE and AD mapping with various attributes and levels of authorizations and Network Access.
• Worked extensively on device profiling, autantication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for Posture Compliance Policies and Rules for Checking the devices coming onto Network, Remediation Process, Access and Controls, and Segmenting the Global Networks for NAC Solutions for both Confidential and Forescout NAC Appliances.
• Configuration of Confidential IP phones (7900s, 6961s, 9900s) for device profiling and Confidential Call Manager phone registration via Confidential ISE, Printer Profiling, Mobile device profiling etc.,
• Planning, designing and configuration of Confidential ISE deployment strategies (Standalone, Distributed Setups) and rollout to production environment.
• Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, Applying downloadable ACLs through Confidential ISE, and Configuring Standard and Extended ACLs locally and on the upstream switch’s for Confidential NAC & Forescout NAC Solution.
• IP addressing and design schemas for a variety of IP Pools using DHCP scope or local IP pools for NAC Controls.
• Configuration of High Availability (HA) for inline Confidential ISE appliances and High Availability on ESX 5.0 VMware ISE for distributed setups with various node setups - Primary & Secondary Administration Node setups, Primary & Secondary M&T Node Setups and Primary & Secondary Policy Services Node Setups.
• Implemented Splunk to drive reporting and search for data collected from Confidential firewall devices - FWSM, Pix and ASA.
• Worked and participated alongside with Design architects for NAC Solution design for Guest Network and Mobile Access Network for ISE NAC Solution.
• Involved in finalizing the design for Guest Network and Mobile Access Network for NAC Solution, comprising of an Anchor Wireless LAN Controller solution in DMZs/Internet Gateways with ISE NAC Appliances for NAC.

Confidential, Baltimore, MD

Network Engineer

Responsibilities:

• Design and Implementation of 802.1x Wired/Wireless User Autantication using Confidential ACS Server.
• Designed & Deployed Confidential ACS for Enterprise RADIUS Autantication with Active Directory.
• Planned, designed and Configured various Policy Configurations, Profile Authorizations,End device Profiling, User Identities, Confidential ACS and AD mapping with various attributes and levels of authorizations and Network Access.
• Hands on experience on ACS 5.7 in stage & dev Deployments, Configured and maintained the Confidential ACS 5.5 in Production environment.
• Involved in designing, configuring, implementing, maintenance and troubleshooting issues relating to ACS network access issues
• Provided assistance in configure policies for ACS and documented the entire deployment notes and policy sets
• Configured and performed software upgrades on Confidential Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Confidential ACS
• Planning, designing and configuration of various Confidential ACS & Forescout NAC deployment strategies (Standalone, Distributed Setups) and rollout to production environment.
• Designed & Deployed Confidential ACS 5.4/5.5 for Enterprise RADIUS Autantication with Active Directory, RSA SecurID, Proxy Radius Services to Confidential ACS, Juniper Steel Belted Radius and Radiator Radius
• Performed network engineering, design, planning (WAN & LAN) & implementation. Studied single point failures & designed WAN structure in such a way dat there are no failures in network in case of any device or link failure.
• Configured and designed LAN networks with Access layer switches such as Confidential 4510, 4948, 4507 switches.
• Maintained and managed networks running EIGRP and BGP routing protocols.
• Setting up VLANS and configuring ISL trunk on Fast-Ethernet channel between Switches.
• Implementing, Monitoring, Troubleshooting and Convergence in Frame-Mode MPLS inside the core.
• Generated CDP discovery output in Excel, Region-wise site summary for users/network devices (with A/B/C categorization) in the Excel for Local Area Networks (LAN), Wide Area Networks (WAN) and Wireless LAN Network WLAN).
• Experience in configuration of Confidential Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEP.
• Installed and configured the High Availability Design and Load Balancing for NAC Appliances.
• Involved in finalizing the design for Guest Network and Mobile Access Network for NAC Solution, comprising of an Anchor Wireless LAN Controller solution in DMZs/Internet Gateways with ForeScout CounterAct NAC Appliances for NAC.
• Installed and configured hardware for Wireless Deployment using Confidential Wireless LAN Controllers (WLCs) 5500 Series and Confidential Aironet 1200 Series Access Points (LWAPs) and Confidential Wireless Control System 5.2
• Upgraded and configured the ‘Mattel’ SSID with PEAP/WPA from LEAP/WEP in Confidential Wireless Control System(WCS) and push dat template out to the Wireless LAN Controllers (WLC) throughout the world.
• Reconfigured Wireless Control System 5.2 (dis is the centralized management application) templates and mobility groups so dat they include the new ‘Mattel’ SSID.
• Configured Wireless LAN Controller Interfaces, WLANs, RADIUS attributes, AAA Server configuration for wireless network connections, SNMP Settings and SNMP Community setting for Trap controls.
• Conducted and performed Radio Frequency (RF) Site survey for the deployment of wireless Network and discovering the RF Coverage Areas, Checked for RF Interference and determined appropriate placement of wireless devices including LWAPs and Confidential 7925G Wireless Phones.
• Troubleshoot issues related to Wireless Setup dat includes RF issues like multipath distortion and hidden node problems.
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
• Secured Internet connections using Confidential IOS IPS perimeter routers
• Implementation Route redundancy protocols like HSRP,VRRP,GLBP
• Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of NAC Appliances in all WAN Consolidation Points, and Data Centers.

Confidential

Network Engineer

Responsibilities:

• Configured VLAN, Spanning tree, VSTP, SNMP on EX series switches.
• Configured and debugged policy based routing for special traffic, route filtering with route maps, route redistribution.
• ConfiguredVLANTrucking802.1Q, STP, and Port Security on Catalyst 6500 switches.
• Ensurednetwork, system and data availability and integrity through preventativemaintenance and upgrade.
• Configuring RIP, OSPF and BGP Static Routing on JuniperM and MX series Routers.
• Performed OSPF, BGP routing protocol administration.
• Router memory & IOS upgrade with TFTP.
• Implement Confidential IOS Firewall IDS using 2600 series router
• Network Assessment and Documentation (including technical, operational, and economic assessment)
• Responsible for designing and implementation of customers network infrastructure
• Help negotiate hardware, software, and circuit contracts for customers
• Redesign customers office copper and fiber cable plant for scalability
• Build and maintain Visio documentations for Clients
• Created load balancing policies using BGP attributes such as Local Preference, AS-Path, MED, Community.
• Configuring objects such as Load Balancer pools for local traffic management on F5 Load Balancers.
• Extensively used TCP/IP tool like TELNET for remote login to the routers and SSH for secure login.
• TEMPHas expertise in LAN/WAN technologies (fast Ethernet, Layer2 & 3 switched/routed LAN, and Frame Relay).
• Key contributions include troubleshooting of complex LAN/WAN infrastructure dat include routing protocols EIGRP, OSPF & BGP
• Involved in the redistribution into OSPF on the core ASA firewall.
• Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
• Involved in the modification and removal (wherever necessary) of BGP from the MPLS routers.
• Involved in designing L2VPN services and VPN-IPSEC autantication & encryption system.
• Tuned BGP internal and external peers with manipulation of attributes such as metric, origin and local Preference.
• Disaster Recovery, system planning and implementation of security access systems & intrusion alarm systems.
• Providing 24/7 Technical Support on phone, mail support on Network, Hardware, software & security problems supporting multiple organizations.