SUMMARY:

• 8+ years of Experience in Network Security , routing, switching, firewall technologies , systems design, and administration and troubleshooting. Expertise in Network  Support , VPN, Device upgradation, installing network  devices.
• Strong Hands experience on design, deployment and troubleshooting of Cisco ASA 5000,5450 firewalls and Palo Alto 3060,4000,5060 Firewalls and checkpoint R75 and R76 firewalls.
• Experience in migration from Check point firewalls to Palo Alto firewalls.
• Performed advanced troubleshooting using WIRESHARK and TCPDUMP on firewalls.
• Configured firewall filters, routing instances, policy options on Juniper SRX 550,220.
• Knowledge on security attacks like DOS, DDOS, Spoofing, Kill chain.
• Worked on Authentication mechanisms like AAA, TACACS+ and RADIUS.
• Experience in designing and deploying enterprise - wide network security and high availability solutions for ASA firewall.
• Extensively worked on Algosec  for firewall rule analysis and firewall rules cleanup.
• Expertise knowledge on Siem tools like Qradar to get real time analysis of security alerts generated by network hardware and applications.
• Network security including NAT/PAT, ACL, VPN Concentrator.
• Planning and designing to incorporate McAfee's IDS/IPS devices into Lowes network at optimized network locations.
• Experience with F5 load balancers and Cisco load balancers (ACE and GSS).
• Worked on load balancers using F5(BIG IP), security Device Manager (SDM), Cisco Works, HP Open View, Solar Winds, Sniffer.
• Worked on Cisco 2900,3800,3900,4500 &7200 series Juniper routers MX 104,240,480 series.
• Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP, ability to interpret and resolve complex route table problems.
• Experience working with BGP attributes such as Weight, Local-Preference, MED and AS-PATH to influence inbound and out bound traffic.
• Experience in the setup of Access-lists on Cisco devices.
• Worked Cisco 2800,2900,3500,3700,4500, 5500, 6500 series switch, Cisco ISE (Identity Service Engine) and Juniper Switches EX 3300, 3400, 4200.
• Experience with design and implementation of Virtual Switching System (VSS) for both User segment and server segment using 6509-V-E catalyst switches.
• Experience working with Nexus 7010, 5020 series switches.
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
• Knowledge of implementing and troubleshooting complex technologies such as VLAN Trunks,Ether channel, Inter Vlan Routing, STP, RSTP, PVST, RPVST, LAN Security and MST.
• Strong understanding of VMware Networking concepts like creation of Switches, different types of port groups, NIC Teaming and VLAN Problem management on VMware and Virtual Center and V Motion.
• Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Working experience on network topologies and configurations.
• Hands-on experience with ACLs, Syslog.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC.
• Black listing and White listing of web URL on Blue Coat Proxy servers.  
• Involved in Disaster Recovery activity, like diverting all the traffic from production data center to Disaster Recovery data center.
• Experience with different Network Management Tools like HP-Open view, RSA envision, and Cisco works to support 24 x 7 Network Operation Center.
• Configured Client VPN Technologies such as Cisco's VPN Client via IPSEC and Globalprotect from Palo Alto Networks.
• In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS, Fiber optic circuits and Frame Relay .
• Worked on Checkpoint's client software Smart Log & SmartView Tracker to troubleshoot the FW issues.
• Excellent qualities such as Teamwork, Negotiation, Analysis and Communication.
• Hands-on configuration and experience in setting up Cisco routers to perform functions at the Access, Distribution, and Core layers.
• Knowledge on PKI(Public and Private Key) Encryption,Decryption.
• Excellent in documentation and updating client's network documentation using VISIO.
• Excellent leadership with good written and oral communication.
• Great team player and able to work under pressure 24x7 duty rotation.

TECHNICAL SKILLS:

Routing: OSPF, EIGRP, BGP, PBR, Redistribution, Static Routing, dynamic routing

Switching: VLAN, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Multicast operations, Ether channels.

Network security: Cisco (ASA, PIX) 5510, ACL, IPSEC, VPN, Security context

Load Balancer: Cisco ACE load balancer, F5 Networks (Big-IP)

LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet

WAN: Leased lines 64k - 155Mb (PPP / HDLC), Channelized links (E1/T1/E3/T3), MPLS, Fiber Optic Circuits, Frame Relay, ISDN

Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, Windows 7), Basic Linux

Routers: Cisco 29XX, 38XX, 39XX,45XX, &72XX series Juniper MX104, 240, 480 series.

Switches: Cisco 28XX,29XX,35XX,37XX,45XX,49XX,55XX,65XX series, Nexus 5000, 7000 series Juniper Switches EX 33XX, 34XX, 42XX.

Firewalls: Cisco ASA 5000 series, Juniper SRX220, SRX550 Checkpoint R75, R76, Palo Alto 3k,4k,5k series.

Various Features & Services: IOS and Features, HSRP, GLBP, VRRP, ICMP, IGMP, HDLC, SYSLOG, NTP, DHCP, TFTP and FTP Management

AAA Architecture: TACACS+, RADIUS, Cisco ACS, IP SEC.

Network Management: Cisco works LMS, HP open view, Etherenal, MRTG/PRTG server, Zenoss, Ionix and Opalis

Reports: Microsoft (Visio pro.), Checkpoint (Eventia reporter, Smart view)

WORK EXPERIENCE: 

Confidential,  Pittsburgh, PA 

Sr. Network Security Engineer

Responsibilities:

• Installed and Configured Palo Alto PA-3060,4000,5060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Implemented many number of security policy rules and monitored the logs on Palo Alto, created Zones, Implemented Palo Alto  Firewall interface.   
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Handled Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering).
• Implemented firewall rules in Palo Alto firewalls using Panorama for one of the environment.
• Configured and maintained SSL VPN's on Palo Alto Firewalls.
• Configuring, Administering and troubleshooting Palo Alto Firewalls.
• Implemented antivirus and web filtering on Palo Alto 5060 at the web server.
• Serve as the customer's go-to resource for all matters related to the Palo Alto next-generation firewall.
• Worked on Migration from check point firewalls to Palo Alto firewalls.  
• Worked on S2S VPNs Implementations; Providing support for Checkpoint R75 and R76. 
• Monitoring Traffic and Connections in Checkpoint and network operations. 
• User authentication and resource allocation using Cisco ACS server using TACACS+ and RADIUS for administrative control.
• Worked on Checkpoint VSX platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways. 
• Experience with Remote access management to help with troubleshooting for remote direct access clients and Check Point VPN. 
• Troubleshooter some of the security attacks like dos, ddos, Spoofing,kill chain.   
• Deploying the policies on firewall using the Checkpoint's Smart Console Manager and Smart Dashboard. 
• Well Experienced in Static Nat and Dynamic Nat.
• Strong Experience on configuring Virtual Device Context in Nexus 7010. 
• Troubleshoot the Firewalls related issues by using the Checkpoint's client software Smart Log & SmartView Tracker.
• Troubleshooting by packet capture analysis using TCP Dump, Wireshark and analyzing the PCAP server.
• Hands on experience on working with Service Now ticket management tool by providing support Service to client by implementing and working on change request, Incident request and troubleshooting
• Configuring objects such as Load Balancer pools for local traffic management on F5 Load Balancers
• Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place.
• 24x7 on-call escalation support as part of the security operations team.
• Configured some of the cisco routers like 3400,3700,3800,6500,7200.
• Configuring static and dynamic routing and redistribution of routing protocols like EIGRP, OSPF, RIP.
• Configured cisco switches like 3500,3750,4500,5500,6500 series and some of the nexus switches like 7010, 5020, series.
• Performed switching technology administration including V lans, inter-V lan routing, trunking, Port Security, Trunking, STP, RSTP, PVST, RPVST, LAN Security etc.
• Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.
• Creating dedicated VLANs for Voice & Data with QOS for prioritizing VOICE over DATA. 
• Managing and providing support to various project teams with regards to the addition of new equipment such as routers switches and firewalls to the DMZs. 
• Planning and designing to incorporate McAfee's IDS/IPS devices into Lowes network at optimized network locations.    
• Experience in deploying dot1Q infrastructure using Cisco ISE as the AAA platform. 
• Working with local IT personnel on troubleshooting, problem determination, diagnosis of performance issues, bandwidth issues, throughput traffic prioritization to improve overall application response time across WAN 
• Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).
• Implemented MPLS circuits between different sites.
• Expertized on authentication protocols like plain text, Md5.  
• Worked on HSRP and GLBP for first hop redundancy and load balancing.
• Setup simplified and traditional VPN communities, and Cisco Any connect. 
• Expertise in Security identity management platform such as ACS 5.x, RSA Secure ID 8.x  
• Extensively used TCP/IP tool like SSH for secure login.
• Black listing and White listing of web URL on Blue Coat Proxy servers.  
• Enabling the TCP, UDP, SMTP ports to allow the traffic between the servers. 
• Participated in design and configuration of Wireless Network using IEEE 802.11, multicast architecture with Cisco multilayer switches for HD-4 video client’s ISPs.
• Knowledge on PKI(Public and Private Key) Encryption,Decryption.
• Responsible for the installation, configuration, maintenance and troubleshooting of the company network. 
• Troubleshoot and hands on experience on security related issues on Checkpoint IDS/IPS. 

 Confidential, Indianapolis, IN 

Network Security Engineer

Responsibilities:

• Involved and implemented several corporate refresh projects to replace the legacy network products that includes but not limited to Cisco Routers, Cisco Switches, Cisco ASA Firewalls, and Juniper Firewalls etc.
• Configured Cisco ASA 5000,5450 series Firewalls and Juniper SRX220.
• Configuring and Maintaining of the Juniper SRX 550 Firewall and other security products
• Configuring Static NAT and Dynamic NAT and NAT Pools also.
• Installed, configured and set security policies on cisco ASA firewalls and Juniper Fire walls.
• Worked on Juniper SRX220 to configure SSL VPN clients.
• Perform firewall rule audit and optimization using Algosec.
• Managed VPN, IPsec, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Cisco ASA Firewalls.
• Expertise knowledge on Siem tools like Qradar to get real time analysis of security alerts generated by network hardware and applications
• Strong networking capability and knowledge of different firewall platforms to help in random identification and isolation of issues during outages and incidents.
• Worked with Load balancing device like F5 Big-IP local traffic manager (LTM) 1600. 
• Hands on experience in F5 LTM, GTM series like 6400, 6800 for the corporate applications and their availability 
• Configuring various advanced features (Profiles, monitors, I Rules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.  
• Worked with Load Balancing team to build connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers
• Worked on some cisco 3825 3640,4500, 7200 series routers and Juniper routers MX 104, 240, 480 series
• Configured OSPF redistribution and authentication with type 3 LSA filtering to prevent LSA flooding and Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
• Configured some of the routing protocols like EIGRP,BGP. 
• Network consists of Heavy Cisco equipment such as: Cisco 3700,4500,4900,5500,6500 Cisco switches and Juniper EX 3300,3400,4200 series switches.
• Expertized knowledge and configured Switching protocols like vlan trunking, STP, PVST, RPVST, INTER VLAN, ETHER CHANNEL.  
• Participated in the installation, configuration, post installation daily operational tasks and configuration and deployment of Cisco Nexus equipment.
• Monitored using NSM like collection, analysis, and escalation of indications and warnings to detect and respond to intrusions of incoming or outgoing data. 
• Understand the JUNOS platform and worked with IOS upgrade of Juniper devices.  
• Worked with Cisco ACE GSS 4400 Series global site selector Appliances.  
• Good working knowledge of common end user operating systems and internal/external DMARC identification.   
• Implementing, Monitoring, Troubleshooting and Convergence in Frame-Mode MPLS inside the core.
• Performed the maintenance of Active Directory and replication scheme, DNS/DHCP services and time services; wrote step-by-step procedures for implementing upgrades. 
• Expert level knowledge on implementing VSS on cisco catalyst switch.
• Used Net Flow Data statistics from Net Flow engine and export it to a Net Flow Collector for storage.  
• Supported a user base of more than 30000+ active accounts across multiple domains. 
• Administered Windows server 2003 active directory and like creation and deletion of user accounts, managing access controls and domain structure configurations. 
• Worked with Processes like RFI, RFE and RFP. 
• Deployed, configured and implemented cisco 6800 catalyst switch.
• Experience working in DMZ environments with good understanding of load-balancing, firewalls, multi-tiered architectures. 
• Experience working with Exchange 2010 SP3 for planning and deployment. 
• Worked with Management tools like CSM and Cisco ACS.  
• Switching related tasks included implementing VLANs and configuring ISL trunk and 802.1Q on Fast-Ethernet channel between switches  
• Configured HSRP, VRRP, GLBP.
• Configuring PAGP and LACP protocol along with BFD link detection pro
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols. 
• Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP,FTP, SSH).
• Installation of vBlock products for the virtualization. 
• Experience with ALG (RTP, RTSP and FTP, DNS, HTTP), DHCP
• Provided full visibility and notification of authorized and unauthorized access with integration of CISCO ASA/FWSM and NAC solution. 
• Experience with some of the Monitoring tools and sniffers tools like Wire shark tool.

 Confidential, VA 

 Sr. Network Engineer:

Responsibilities:

• Responsible for, maintaining, supporting, implementing and 24x7 network services.
• Coordinated efforts with Engineer's to ensure all network devices conformed to defined network standards. 
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Configured HSRP and VLAN trunking using 802.1Q, Spanning Tree, Inter-VLAN Routing on Catalyst 6500 switches.
• Worked on multiple instance of routing table using VRF.
• Configured STP and Port Security on Catalyst 4500, 3500 series switches.
• Worked on the nexus 5000 series switches. 
• Configure the Cisco CRS-1 Routing System, back out of configuration changes, and restore older versions of a configuration. 
• Troubleshooting of Cisco 2900, 3900, 4500 Series routers. 
• Configure the Cisco IOS XR security features in both owner SDR and non-owner SDRs. 
• Configure legacy route map configurations using the new Cisco IOS XR Routing Protocol Language (RPL).
• Responsible for setup and configuration of site to site VPN’s, and remote access VPN’s using Cisco ASA solutions (ASA 5505 and 5520). 
• Troubleshooting of Juniper Net Screen 500/5200 and juniper SRX 650/3600. 
• Configured Fiber channel over Ethernet (FCOE) for connecting 10gigabit Ethernet network. 
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs. 
• Worked extensively on troubleshooting 2900 series routers.  
• Hands on experience with Enterprise Intrusion Detection / IPS (Snort, Source fire, Juniper IDP, IBM ISS. 
• Configured OSPF for Stub area, Totally Stubby Area and NSSA.
• Strong Working Knowledge F5 Big-IP LTM-6400 load balancers. 
• Configured layer 2 and layer 3 switches Executed spanning tree, BPDU Guard, port-fast, uplink fast.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Negotiate VPN tunnels using IPsec encryption standards and configured and implemented site-to-site VPN, Remote VPN. 
• Worked on static NAT, dynamic NAT, dynamic NAT overloading. 
• Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server. 
• Participating in all the aspects of LAN/WAN networking systems.  
• Route configuration and point code checks for System Technician and Network Technician.
• Strong knowledge on monitoring tools like solar winds 
• Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology. 
• Responsible for Handling Networking escalations, troubleshooting variety of network problems.  

 Confidential, TX 

 Network Engineer

Responsibilities:

• Installation and Configuration of LAN (Ethernet)/ WAN set up for Clients. Design, configuration and Installation of Cisco routers and catalyst switches.
• Configured the Cisco 3500,3700 series catalyst switches and 3900 series routers.
• Configured and managed OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding and configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
• Implementing and managing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay.
• Excellent Troubleshooting Skills and Customer Centric approach. 
• Routed related tasks included providing Cisco router configuration, providing technical support for Cisco Router configurations and installation for Customer.
• Configuring routing protocols like EIGRP, and OSPF. 
• Configured IPS, IDS, VLAN, STP, Port security, SPAN, Ether channel in Cisco Composite Network. 
• Configured routers and modems, troubleshot issues related to broadband technologies for Residential and Business Customers.
• Configured VPN for the remote and site-to-site access. 
• Management and Deployment on Checkpoint Firewall.
• Use Checkpoint to establish Point-to-Point tunnels.
• Ability to use NAT and Firewall security policies in Checkpoint 
• Defined and maintained security policies on all Internet-facing edge routers and Cisco GSRs (12416, 12418) used for delivery of streaming media content. 
• Involved in configuration and functional testing of Wireless Access Points WAP, Wireless Protocol like: 802.11b/a/g and Wireless Controllers.
• Implemented TCP/IP and related services like DHCP/DNS/WINS. 
• Made modifications in the system according to the change in the process flow/additions.
• Worked on routing protocol related issues such as static, RIP, EIGRP (Variance and un- equal cost load balancing). 
• Used network sniffer, Cisco works, Optical power meters and other devices in the lab.
• Configured and troubleshooting on hotstandby routing protocol, Spanning tree Root guard, BPDU guard, UDLD and Loop guard STP features. 
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
• Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
• Responsible for documentation of entire site layout, updating and managing the asset registers and network or server documentations.

Confidential, CA 

 Network Support Engineer

Responsibilities:

• configured Cisco catalyst switches such as 2800,2950,3500 series and configured Cisco 2960,3800 series routers
• Configured VLANs, Private VLANs and Trunking on switches.
• Worked on layer 2 protocols such as STP, RSTP, PVSTP+, MST.
• Worked on L3 security features on Network devices. 
• Provided Network Infrastructure Support to routing and switching equipment.
• Responsible for procurement and installation of H/W, network drives and other IT infrastructure.
• Network Administrator responsible for the full Planning, designing, installation and administration of the Corporate WAN (wide area network).
• Configure corporate, wireless and Lab devices which including bandwidth upgrade, adding new devices, decommissioning the devices.
• Performed administrative Support for RIP routing protocol.
• Maintained redundancy on Cisco 2960 and 3800 routers with HSRP.
• Real time monitoring and Network management using Cisco Works LMS.
• Responsible for LAN and internet connection file and print server.
• Maintained and installed new internet connections for customers. 
• Handled installation of Windows NT Server and Windows NT Workstations.
• Handled Tech Support as it relates to LAN & WAN systems.
• Create, Design and troubleshoot VRF needs and environments
• Troubleshoot wiring problems and serial communication lines.
• Develop, plan and maintain documentation necessary for operation in support of LAN to WAN connectivity.
• Maintain excellent communication with the IT Manager on all tasks and projects