Sr. Network Engineer Resume
Washington, DC
SUMMARY
- Network Engineer with Over 8+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
- Implementation, Configuration and Support of Checkpoint (NGX R65, R70 and R71), Juniper Firewalls (SRX5400, SRX5600, and SRX5800), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo AltoNetworks Firewall models (PA-2k, PA-3k, and PA-5 k).
- Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
- Administration, Engineering, and Support for various technologies including proficiency in LAN/WAN, routing, switching, security, application load balancing and wireless.
- Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
- Responsible for Checkpoint and Cisco firewall administration across global networks.
- Worked on Cisco Catalyst Switches 6500/4500/3500 series.
- Policy development and planning / programming on IT Security, Network Support and Administration.
- Creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 in LTM module.
- Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
- Experience with Bluecoat Proxy servers, LAN & WAN management.
- Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
- Experience with Checkpoint VSX, including virtual systems, routers and switches.
- Experience in Network LAN/WAN deployment,
- Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
- Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
- Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager (Infoblox)
- Black listing and White listing of web URL on Blue Coat Proxy Servers.
- Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers, SharePoint, File and Print and FTP/SFTP servers.
- Extensive experience in Windows 2008 R2/2008/2003 Wintel Servers Confidential single or multi domain platforms.
- Proficient in installing and configuring Windows Server 2003, 2008, 2012 and Windows XP, 7 & 8 Professional Client Operating Systems
- IDS and IPS event management using CSM including signature updates for SSM Modules, IDSM.
- Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic basis.
TECHNICAL SKILLS
Cisco router platforms: 2500, 2600, 2800, 3600, 3700, 3800, 7200, 7609.
Cisco Switch platforms: 2900XL, 2950, 2960, 3560, 3750, 4500, and 6500.
Firewalls & Load Balancers: Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800, Juniper Netscreen 6500, 6000, 5400. Juniper SSG Firewalls, Palo Alto PA-3060/2050, F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810.
Routers: Cisco routers (1900, 2600, 2800, 2900, 3600, 3800, 3900, 7200, 7600), Cisco L2 & L3, Juniper routers (M7i, M10i, M320)
Switches: Cisco switches (3560, 3750, 4500, 4900 & 6500), Nexus (2248, 5548 &7010)
Routing: RIP, EIGRP, OSPF & BGP, Route Filtering, Redistribution, Summarization, Static routing
WAN Technologies: FRAME RELAY, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems.
LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, FDDI. Cisco Secure Access Control Server (ACS) for TACACS+/Radius.
VOIP Devices: Cisco IP phones, Avaya.
Routing Protocols: RIP, OSPF, EIGRP, and BGP.
Switching Protocols: VTP, STP, RSTP, MSTP, VLANs, PAgP, and LACP.
Network management: SNMP, Cisco Works LMS, HP Openview, Solar winds, Ethereal.
Layer 3 Switching: CEF, Multi-Layer Switching, Ether Channel.
Carrier Technologies: MPLS, MPLS-VPN.
Redundancy protocols: HSRP, VRRP, GLBP.
Security Protocols: IKE, IPsec, SSL, AAA, Access-lists, prefix-lists.
Software: Microsoft Office Suite, MS SQL Server 2008, HTML.
Language: Unix, Turbo C / C++, basics in Perl and Shell scripting.
PROFESSIONAL EXPERIENCE
Confidential, Washington, DC
Sr. Network Engineer
Responsibilities:
- Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
- Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
- Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) and GTM’s for managing the traffic and tuning the load on the network servers.
- Firewall rule base review and fine-tuning recommendation.
- Hands on experience in configuration of Cisco ASA 5000 series firewalls and experience with checkpoints and FortiGate.
- Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support
- Configure Syslog server in the network for capturing the log from firewalls.
- Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
- Configure and Monitor Cisco Sourcefire IPS for alerts.
- Experience working on Network support, implementation related internal projects for establishing connectivity in various field offices and Datacenters.
- Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
- Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
- Implemented configuration back-ups using WinSCP, cyberfusion to automate the back-up systems with the help of public and private keys.
- Documentation involved preparing Method of Procedures (MOPs) and Work Orders. Also creating and submitting Remedy tickets for user auditing.
- Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
- Working on the network team to re-route BGP routes during maintenance and FW upgrades.
- Co-ordinated and Upgraded F5 LTM’s and Cisco ASA’s IOS images during window time.
- Running vulnerability scan reports using Nessus tool.
- Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including crypto map, encryption domain, psk etc.
- Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
- Troubleshoot connectivity issues and Monitor health of the firewall resources as well as work on individual firewall for advanced troubleshooting.
- Working on Service now tickets to solve troubleshooting issues.
Environment: Cisco ASA, Checkpoint, Palo Alto, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN.
Confidential, Lebanon, NJ
Network Engineer
Responsibilities:
- Day-to-day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
- Managing and administering Juniper SRX and Checkpoint Firewalls Confidential various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
- Juniper Firewall Policy management using NSM and Screen OS CLI.
- Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
- Configure and administer Cisco ASA Firewalls (5585, 5550, and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
- Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
- Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
- Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
- Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
- Experience on ASA firewall upgrades to 9.x.
- Configured Panorama web-based management for multiple firewalls.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
- Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
- Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
- Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
- Understand different types of NAT on Cisco ASA firewalls and apply them.
- Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
- Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
- Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
- FWSM configurations in single/multiple context with routed and transparent modes.
- Support Data Center Migration Project involving physical re-locations.
- 24 x7 on call support.
Environment: STP, RSTP, Cisco IOS-XR, ASA, VTP, VOIP, DMZ, HSRP, Palo Alto, Port-Channel, BGP, OSPF, EIGRP, PPP, HDLC, SNMP, DNS, DHCP.
Confidential, Middlesex, NJ
Network Engineer
Responsibilities:
- Designed and implemented Cisco VoIP infrastructure for a large enterprise and multi-unit office environment. Met aggressive schedule to ensure a Multi-office reconfiguration project which was successfully delivered
- Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support
- Supporting EIGRP and BGP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.
- Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) for managing the traffic and tuning the load on the network servers.
- Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP
- Updated the HP open view map to reflect and changes made to any existing node/object.
- Handled SRST and implemented and configured the Gateways, Voice Gateways.
- Configuring HSRP between the 3845 router pairs for Gateway redundancy for the client desktops.
- Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
- Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
- Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
- Implementation and Configuration ( Profiles, I Rules) of F5 Big-IP C2400 load balancers
- Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
- Worked on the security levels with RADIUS, TACACS+.
- Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
- Identify, design and implement flexible, responsive, and secure technology services
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 3900.
- Configured switches with port security and 802.1x for enhancing customers security.
- Monitored network for optimum traffic distribution and load balancing using Solar winds.
- Validate existing infrastructure and recommend new network designs.
- Created scripts to monitor CPU/Memory on various low end routers in the network.
- Installed and maintained local printer as well as network printers.
- Handled installation of Windows NT Server and Windows NT Workstations.
- Handled Tech Support as it relates to LAN & WAN systems
Environment: Net Flow,TACACS,EIGRP,RIP,OSPF,BGP,VPN,MPLS,CSM,SUP720, Ether Channels, Cisco 7200/3845/3600/2800 routers, Fluke and Sniffer, Cisco 6509/ 3750/3550/3500/2950 switches, Checkpoint firewalls(SPLAT)
Confidential, Detroit, MI
Network Administrator
Responsibilities:
- Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
- I worked on Check Point Security Gateways and Cisco ASA Firewall.
- Firewall Clustering and High Availability Services using Cluster XL on Check Point.
- Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
- Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
- Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
- Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
- Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
- Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
- Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
- Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
- Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building Fortigate High Availability using Fortigate Clustering Protocol (FGCP).
- Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
- LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
- Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
- Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
- Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
- Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
- Deployed a Syslog server to allow proactive network monitoring.
- Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
- Configured Firewall logging, DMZs and related security policies and monitoring.
- Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
- Documentation and Project Management along with drawing network diagrams using MSVISIO.
Environment: CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, Spanning tree, Nimsoft.
Confidential
Network Engineer
Responsibilities:
- Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
- As part of Security and network operations team I was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
- VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
- IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
- Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
- Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
- Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.
- Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
- Administer and support Cisco based Routing and switching environment.
- Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
- Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
- Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
- Configured Firewall logging, DMZs and related security policies and monitoring.
- Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
Environment: PIX, CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, SAN, Spanning tree, Nimsoft, Windows Server, Windows NT.
Confidential
Network Engineer
Responsibilities:
- Primarily responsible for incident and problem management.
- Part of Network Operation Center NOC offshore support team from India supporting HP Data Center 24x7. L2 support for Cisco PIX and ASA Firewalls.
- Schedule changes and work through maintenance requests over weekends.
- Perform daily maintenance, troubleshooting, configuration, and installation of all network components.
- Configuration of CISCO Routers (3600, 4000 Series) and 3550, 4500 series switches.
- Creating groups, users and policies in Active Directory.
- Troubleshoot and support Cisco Core, Distribution and Access layer routers and switches
- Built IPSec based Site-to-Site VPN tunnels between various client locations.
- Point-to-Point, Frame Relay, T3, ATM, WAN troubleshooting.
- Debugging abilities Confidential L1, L2, L3, and L4 protocols in an Internet-centric environment. Troubleshooting Active Directory, DNS, and DHCP related issues.
Environment: Cisco 7200/3845/3600/2800 routers, TACACS, EIGRP, RIP and Vulnerability Assessment tools like Nessus, Red Hat, Solaris, Juniper VPN's and SSL.