SUMMARY:

• A strong understanding of F5 iRules (F5’s TCL scripting language) enabling customization of application load balancing solutions through the control and direct manipulation of the application traffic.
• Hands on experience in F5 configuration CLI including both Big IP and Traffic Management Shell (TMSH)
• Strong background in IP Addressing, Sub netting, VLSM, ARP, OSI and TCP/IP models.
• Implemented, Troubleshot, and Optimized dynamic routing protocols such as EIGRP, OSPF, BGP and also resolved complex route table problems.
• Familiar with the F5 system logging event types and logging levels
• Understanding of F5 GTM solutions, including WideIP and Pool Load Balancing Methods, probers and monitors
• Experience with advanced health checks within LTM
• Good understanding of load balancing strategies/ techniques, expertise in application switching / traffic management, knowledge of persistence and SSL certificates and troubleshooting methodologies.
• A general understanding of HTTP/HTTPS predicted behavior and the ability to perform and analyze packet captures to assist in identifying issues and recommend solutions.
• High level understanding of multi - tiered application traffic flow, server load balancing, global load balancing, and routing.
• Migration of network devices (Palo Alto, F5, Juniper, Aruba, Riverbed, Routers& switches) from one zone to other. Changing the management IP address and performed opening and closing of ports.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Experience in converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Implemented Site-to-Site VPNs between ASA Firewalls on different client location.
• Configured firewall Rule Analysis, Rule Modification and implemented different failover mechanisms, security policies including NAT, PAT, Route-maps and Access Control Lists on Cisco ASA 5510.
• Experience with F5 BIGIP (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, and HA)
• for administrating and monitoring global(GTM)& local traffic(LTM).
• Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL on IPS/IDS, AAA (TACACS+ & RADIUS).
• Working knowledge with monitoring tools such as NMAP, Solar Winds,Sourcefire, Bluecoat, McAfee ePolicy, Symantec end point protection,Splunk and network packet capture tools such as Wireshark.
• Experience in SAN storage and data networks and implemented Fiber Channel and Internet SCSI protocols.
• Ensured QoS configuration using FIFO, Weighted Fair Queuing, Priority Queuing, Custom Queuing, CoS-DSCP Mapping.
• Performed Manual Test execution, Defect logging, Tracking the defect fixes, Updating Test results and generating Test reports.

TECHNICAL SKILLS:

Cisco Router Platforms: 7600, 7200, 3800, 3600, 2800, 2600, 2500, 1800 series

Cisco Switch Platforms: 6500, 4900, 4500, 3750, 3500, 2900, 1900 series

Load Balancers: BIG-IP F5, Cisco CSM

Routing Protocols : RIP, IGRP, EIGRP, OSPF and BGP

L2 Protocols : VTP, STP, RSTP, MSTP, PVST, ISL, 802.1q

Switching : VLANs, Private VLANs, 802.1q, and Ether-Channel

Redundancy Protocols: HSRP, VRRP, GLBP

Firewalls : Checkpoint, PIX, Cisco ASA Appliances (5505, 5550), Palo Alto

Network Management: SNMP, Cisco Works, Wire shark, Solar Winds and HP Open View, NX-OS CSS

Servers : FTP, DHCP, DNS, HTTP, Syslog and TFTP

Documentation: MS office, MS Visio

Operating Systems : Windows NT/2000/XP/ Vista/ 7/8; MS DOS, Linux

WAN Technologies: Frame Relay, PPP, ATM, and MPLS

WLAN Technologies: AutonomousAP’s, LightweightAP’s, WLC,Channels-802.11b/g

PROFESSIONAL EXPERIENCE:'

Confidential, Phoenix, Arizona

Network Engineer

Responsibilities:

• Maintained and supported Big IP LTM and GTM active devices 24/7 for highly critical applications.
• Responsible for day to day administration like raising Request for change requests to troubleshoot problem Tickets for problem determination and resolution, raised by Applications teams and L1/L2 support team.
• Performed comprehensive and elementary configurations on the Big IP F5 device to divide live user traffic between two data centers IPC1 and IPC2.
• Deployed the configuration on load balancing devices to migrate application from legacy servers to new servers in data center environment as part of the P8 migration.
• Renewed domain certificates for various environments and maintaining a calendar for certificate expiry and renewal using Achilles and Safe.
•  Experience in configuring and maintaining F5 SSL VPN and network access and Single Sign-On (SSO) for SAML resources. 
• Upgraded the F5 LTM and APM modules from v.11.4.1 to v.11.5.3 in high-availability architecture. 
•  Created the AAA servers for LDAP and AD authentication in F5 APM. 
• Configured and troubleshooting the F5 LTM and APM and providing level 2 support for the customers. 
• Working with F5 APM sessions and manipulating session using iRule and configuring and maintaining Webtops and Portal Access. 
• Coordinated Big IP physical device migration process with application team, firewall teams, dns/dhcp team and network team to improve alignment and missing of devices to minimize errors during migration.
• Raised EMER request for changes in production environment to revert/fix issues causing impact to live traffic.
• Submitted requests for procuring certificates from IBM and renewing certificates at the f5 device level.
• SSL offloading, Cert management and Troubleshooting experience on F5 using TCP and SSL dumps and Wireshark analysis. 
• Supported production changes by coordinating with the off-shore teams for validations.
• Configured and scripted network rules for different international market to perform redirections according to the requirement of the application team.
• Added, managed device to the local trust domain and establishes trust relationships between BIG-IP devices through certificate-based authentication
• Created Access policies on APM module using AD and LDAP authentication for external clients. 
• Supported template creation for request for change in both test and production environment.
• Supported the F5 device upgrade to version 11.5.4 and hotfix 2.
• Actively involved in iRule scripting, fine tuning and optimization of the network rules to meet the application requirements for better overall performance.
• Added the drop logic to the network rules to drop connections originating from certain blacklisted ip’s for avoiding DDOS attack
• Extensive experience in implementation of Business Rules, Data Dictionary, UI Actions, UI Policies, Client Scripts, Validations Scripts, Event Rules, Alert Rules, Correlation Rules and Event Field mapping Rules in ServiceNow. 
• Configured and managed APM as an SSL VPN solution for remote management.
• Addition of irule logic to remove certain cookies according to the requirement of the application team.
• Assisted the application team to form live and test url for testing and troubleshooting.
• Captured the TCPDump and analyzed the ssl dump on packets to troubleshoot and isolate problem areas.
• Configured a service as end to end HTTPS which ensures that a mutual authentication is performed before establishing a connection with a client.
• Configured Service Level Agreements (SLA’s) to define certain levels of services to incident management and Service catalogs. 
• Import Firewall configuration and resolve all differences to BIGIQ’s management database.
• Add this newly discovered BIGIP to a provisioned license pool using the base-registration-key as a filter.
• Gave and conducted seminar and presentations on SDN technologies like vmware.
• Performed ramping up of traffic to 100 % as per application team’s need.
• Communicated and worked with application teams, developers, and DBA teams to resolve various production and non-production related the issues.
• Working experience in configuring F5 network objects like self-ip, SNAT pool and dynamic routing.
• Added HSL to the iRules to debug and troubleshoot issues at the F5 level.
• Performed onboarding of the major domains iRules onto the Akamai platform to improve parameters like latency, speed, performance and cost.
• Configured the ASM and WAF Virtual server on the BIG-IP LTM for added performance and security.

ENVIRONMENT: Big IP LTM (version 11.5.4) and GTM (F5 ).

Confidential

Security Engineer

• Performed installation and configuration of corporate wide rollout of the Cisco Catalyst 3550, 3750, 4500, and 6509 switches.
• Configured Port mirroring and monitored Traffic, using Local SPAN on Cisco 3750 Switch.
• Configured Port-Based Authentication using 802.1x standard.
• Upgraded the Circuit Bandwidth for the Links Connecting the enterprise WAN Routers to the Backbone Routers, and Costed the Circuit Back, by changing the OSPF Cost to avoid SPOF.
• Investigated Circuit Re-ordering using Asymmetric routing, QOS.
• Bluecoat Troubleshoot for Root Cause Analysis to ensure limited downtime 
• Some PAC file analysis to resolve issues connecting to various web sites and network resources. 
• Bluecoat Configuration modification for updates to rule sets 
•  Monitored the QNX network to ensure accessibility and reliability for Production Manufacturing, Development and Release Engineering groups.
• Experience with Cisco Nexus switches - 2K, 5K, 7K, 9K
• Configured and deployed QNX work environment for new users. 
• Prepare and analyze capacity performance reports. 
• Working knowledge implementing and supporting DNS, DHCP, SNMP, TACACS/RADIUS, SYSLOG
• Working knowledge of Cisco and Meraki Enterprise Wireless Solutions - 5500/2500 Series WLC, 35xx/37xx Series access points, Meraki Dashboard and MR42 access points
• Troubleshoot SIP, RTP, and RTCP logs on server and client to spot missing or invalid SIP messages, checked compatibility with RFC standards. 
• Working with a team where my primary responsibility is planning, installation, configuration, performance tuning, problem determination, and administration of a Security Information and Event Management (SIEM) solution. 
• Maintained DNS security via DNS ACLs and other DNS security measures. Implemented IP security measures and cured areas of DNS vulnerability. 
• Implemented and configured ASA 5520 in failover along with the CSC module as per the customer requirement. 
• Performed Cisco ASA firewall troubleshooting and policy change requests for new IP segments that come on line.
• Configured ACLs in Cisco 5585 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT Control using Object NAT.
• Managed BlueCoat Proxy appliance configuration and is NPC's proxy appliance administrator. Responsible for analyzing data dealing with traffic composition, usage and throughput as well as blocking customer specified URL content. 
• Maintained Cisco Secure ACS. Control and monitor all TACACS accounts, for secure Cisco hardware access. Providing quarterly audits. Supporting local access and VPN authentication thru WI-FI and VPN access. 
• Creating a priority list of what type of attacks to focus on vs. what can be accomplished and identifying timeline on how to accomplish all the functionality ASM can provide. 
• Cisco VLAN implementation (Created over 15 VLANS for network segmentation).
• Installation of two redundant back-up Cisco ASA 5515X firewalls 
• Configured SITE TO SITE VPN on Cisco ASA 5500 series firewall between Headquarters and Branch office.
• Provided customer support service in the configuration and maintenance of ASA firewall systems.
• Implemented and configured ASA 5520 in failover along with the CSC module as per the customer requirement. 
• Performed Cisco ASA firewall troubleshooting and policy change requests for new IP segments that come on line.
• Configured ACLs in Cisco 5585 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT Control using Object NAT.
•  Supported HSRP to provide high availability.

ENVIRONMENT: Cisco ASA Firewalls 5510, 5520 and 5505, Checkpoint Firewall and Palo Alto firewalls, Cisco Catalyst 3550, 3750, 4500 and 6509 switches, Juniper Routers (PTX 1000, PTX 3000), Juniper switches (5100,5200), Cisco ASA 5525X.

Confidential, Thousand Oaks, CA

Network Administrator

• Involved in the configuration & troubleshooting of routing protocols such as MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and IP access filter policies.
• Designed and implemented VLAN using CISCO Layer 3/2 switches on a Gigabit Fiber Backbone for a campus of 1500+ users.
• Work on Cisco based Routing and Switching environment with Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.
• Maintained the system to achieve 99.9% availability, assist with project management, implements, maintains and upgrades Remedy system software.
• Hands on experience in F5 LTM series like 6400 for the corporate applications and their availability. 
• Experience working with F5 load balancer, its methods, implementation and troubleshooting on LTMs and GTMs. 
• Manage and support all F5 LTM's in pre-production and production environments. 
• Supported the Remedy System to include the Help Desk, Asset Management, SLA modules and end users. 
• Working knowledge of Cisco routers - ISR G2, ISR 4K, and ASR series routers
• Working knowledge of Cisco Catalyst switches - 3650, 3850, 4500, 6500
• VPN User access management on check point firewalls. Use LDAP for identifying user groups
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Perform advanced troubleshooting using Packet tracer and TCP dump on firewalls.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Tested and enabled IPv6 on servers and appliances used for DNS, Web, FTP and Sendmail application services.
• SDN, NFV, OpenStack, VM and Docker Containers deployments and management such kubernetes and docker swarm.
• Executed IPv6 traffic level and packet exploit stress testing against dual stack components and documented behavioral results.
• Worked directly with customers in order to collect the requirements needed for the planning, design, and implementations of AAA  - Authentication, Authorization, Accountability.
• Performed network bandwidth monitoring by identifying which users, applications and protocols are consuming the most bandwidth by analyzing Cisco NetFlow  and Consequently, avoided bottlenecks, and delivered better QOS.
• Manage checkpoint Firewalls split through multiple CMA's and administer using provider-1. (R71)
• Reviewed Firewall rule conflicts, unused rules and misconfigurations and clean up.
• Modify and implement ACL changes on store routers and assist the user when there are any issues using Network Authority. Authentication to this is also done through TACACS
• Build and support Site to Site IP Sec based VPN Tunnels for all B2B and 3rd party communications.
• Part of migrating the entire store Cisco ACL's to Fortinet UTM devices. Use CSM to manage Cisco ASA Firewalls.
• Responsible for handling Checkpoint VPN/Crossbeam Hardware /Palo Alto Customer Interfacing.
• Black listing and White listing of web URL on Blue Coat Proxy servers
• Work on Big IP Load balancer LHA requests. Configured and troubleshot Nodes, Pools, Profiles, Virtual Servers, SSL Certificates, iRules, and SNATs on the F5 Big IPs using the Web GUI and CLI.
• Worked on Data Center WAN cloud comprising of OC12/OC3/DS3/T1/E1
• Involved in various POC to test drive new Products/Technologies that would Value add to our Data Center Operations
• Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
• Install packages on servers (python, MATLAB, Mathematica, SQL and other user-requested packages) and assist users in accessing the packages. 
• Support Store Migration Project involving physical re-locations and DR testing involving various store locations.

ENVIRONMENT: Cisco ASA Firewalls, Blue Coat Proxy Servers, Imperva, Checkpoint Firewall, Cisco Router 7600,7200,3800 and Cisco Catalyst Switch 6509, 3550, Juniper (EX4550, EX4220) Switches, Juniper (SRX, E series, ACX Series, PTX Series) Routers Juniper Routers MX 240 series, 480 Series, Juniper Switches EX4550, EX 2200, Juniper Firewall SRX 3600.

Confidential

Network Engineer

• Monitor, configure changes on installed Cisco networking devices such as Routers and Switches to address network related issues/problems.
• Troubleshot TCP/IP problems and connectivity issues in multi-protocol Ethernet environment. 
• Configured VLAN, Spanning tree, VSTP, SNMP on Cisco Catalyst Switch 6500, Juniper EX series switches and RIP, OSPF and Static routing on Cisco 7600 and Juniper MX 240 series Routers.
• Analyzed and corrected network troubles and system performance issues.
• Project design and proposal of large networks to key account customers and enterprises such as SDH, PBX, Frame-Relay (other WAN project designs) and offshore systems.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
• Monitored network performance to improve the backup strategy using Solar winds.
• Implemented network security for remote access by configuring site to site and clients tosite VPN tunnels through multiple Cisco VPN concentrators and Checkpoint firewalls and maintained access policies for remote users. 
• Project design of computer networks inclusive of structured cabling (fiber-optic or UTP, voice and data alike), active devices (servers, switches, routers and other network appliances).
• Maintains system log and documentation.
• Refined IPS Policy and Created Rules according to the Security Standard. 
• Managed successful delivery of massive security response portfolio including Splunk, Cisco ISE. 
• Evaluation of new and upcoming IT equipment to be used for prospect projects.

ENVIRONMENT:Cisco Router 7600,7200,3800 and Cisco Catalyst Switch 6509, 3550, Juniper(EX4550,EX4220)Switches, Juniper(SRX, E series, ACX Series, PTX Series) Routers .

Confidential 

Jr. Network Security Engineer

• Configured settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation
• Configured FTP server for inside/outside users & vendors.
• Configured and administered Cisco Switches 6500/3750/3550 , and Cisco Routers 7200/3900/2900.   
• Configured the Cisco router as IP Firewall and for NATing Configured RSTP, MST and used VTP with 802.1q trunk encapsulation.
• Provided port binding, port security and router redundancy through HSRP.
• Experienced in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security
• Assisted in backing up, restoring and upgrading the Router and Switch IOS
• Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
• Secured configurations of SSL/VPN connections, Troubleshot CISCO ASA firewalls.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
• Monitored network traffic with the help of Qradar and Cisco IPS event viewer. 
• Monitored multiple applications using single Solarwinds Dashboard.
• Assisted hospital campus for VOIP network management and troubleshooting.

Environments: Cisco Routers 3600, 2600 series and Cisco Catalyst Series Switches 6500,3500, 2900,1900,Juniper Switches M320, QFX 5100 Juniper Routers T640, MX 240, F5 Load Balancer.