SUMMARY:

• 8+Experience in set up, configuration and management of, Confidential ASA, Juniper SA, Palo Alto Firewall.
• Excellent Hands on experience with Confidential ISE and the Migration of RADIUS and TACACS to ISE.
• Experience in Layer 3 Routing protocol configurations: RIP, EIGRP, OSPF, BGP, & MPLS.
• Strong knowledge of HSRP, VRRP Redundancy Protocols.
• Worked extensively in Designing, Implementing & Managing LAN, WLAN & WAN solutions for different client setups. In - depth knowledge and experience in WAN technologies including T1, T3, ISDN, HDLC, Point to Point, ATM & Frame Relay.
• Experience working on NetMRI, Infoblox, Tufin & Panorama Pan firewalls and Onecloud
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall Confidential ASA Palo Alto Confidential Juniper SSG series.
• Experience in Physical cabling, IP addressing & Subletting with VLSM using QIP configuring and supporting TCP/IP, DNS, installing and configuring proxies.
• Ability to Install, Manage & Troubleshoot Large Networks & Systems Administration on Windows & Linux platforms in Development, Staging, Lab & Production Environments.
• Implemented MPLS/VPN services for various customers.
• Experience in configuring VLANs, STP, VTP, PVST.
• Experience in Layer 2 Routing protocol configurations.

TECHNICAL SKILLS:

Confidential Routers: Confidential 7200vxr, Confidential 3640, Confidential 3600

Redundancy and management:: HSRP, RPR, VRRP

Network Configuration:: Advanced switch/router configuration ( Confidential IOS access list, Route redistribution/propagation).

Routing Protocols: IGRP, EIGRP, RIP, OSPF, BGPv4, MP-BGP

Security Technologies: Confidential FWSM/PIX/ASDM, Nokia Checkpoint NG, Juniper SRX

Physical interfaces: Fast Ethernet, Gigabit Ethernet, Serial, HSSI, Sonnet (POS)

Layer 2 technology: VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVST

Layer 3 Switching: CEF, MLS, Ether Channel Confidential ISE. Confidential Integrated Services Engine (ISE) 2.3, 2.1, 2.4 .

Switches:: Catalyst 6500, Nexus, Ruggedcom, MSFC, MSFC2, 7600, 3700, 3500,DCPP

Operating Systems:: Microsoft XP/Vista/7, UNIX, Linux (Redhat, OpenSuse, Fedora)

AAA Architecture: TACACS+, RADIUS, Confidential .

Security / Firewalls: Confidential ASA Firewalls, IPSEC & SSL VPNs, IPS/IDS, DMZ SetupCisco NAC, ACL, IOS Firewall features, Panorama PAN Firewalls Confidential, Tufin.

Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240

Hardware:: Confidential Cat Switches, Routers, Avaya VoIP phones, Confidential IP 796X/794X

PROFESSIONAL EXPERIENCE:

Confidential, Concord, CA

Cyber Security Engineer (ISE)

Responsibilities:

• Confidential 5.6 migration into Confidential ISE 2.1 due to the functional gap
• Migrating 4000+ UDN (Utility device Network) to Confidential ISE in the first phase of the project. Second phase is to migrate 6000+ ODN (Operation device Network) to ISE.
• Created 802.1x wires policy for the ODN access switches.
• Configuring all the devices per their type with AAA commands for the device authentication using AD, RSA and the ISE internal users depending on the user type.
• Setting up the Radius policy for F5, Palo Alto, WLC and ACME security devices for the Confidential & Confidential users.
• Addressed technical issues and questions regarding Confidential ISE including troubleshooting and modifications.
• Configured Confidential ISE for Wireless and Wired 802.1x Authentication on Confidential Wireless LAN.
• Configuration and Integration of Confidential Identity Services Engine (ISE) 2.1.
• Configuring, making policy’s, troubleshoot and upgraded ASA, Palo Alto, Confidential and Checkpoint Firewalls for clients.
• Experience working on NetMRI, Infoblox, Tufin & Panorama Pan firewalls and Onecloud.
• Opened, resolved, or updated Tier II Support tickets for Manage Firewall clients.
• Provided Manage Firewall Clients' with regular status reports of their trouble tickets.

Confidential, Sacramento, CA

ISE Engineer

Responsibilities:

• Engaged on designing and perform the configuration of a Confidential Identity Services Engine (ISE) server to migrate of services from Confidential Secure Access Control System ( Confidential ) version 4.2 (used for Wireless Client Access), Confidential Secure Confidential Agent, Confidential Network Admission Control (NAC) Guest server version 2.0.3 and Confidential Secure Confidential version 5.5.0.46 (Used for Terminal Access Controller Access Control System (TACACS+) to Network Devices) to the new Confidential ISE server.
• Migrating 755+ devices to Confidential ISE Including Confidential ASA, Confidential router 2900, nexus, meraki MX00 wireless controllers series.
• Performed support, configuration, testing and documentation for ISE rollout for CenterPoint Energy which includes making configuration changes in access and distribution layer switches, wireless controllers and ISE nodes.
• Executing RADIUS pre-deployment tasks like ISE setup, loading templates into Confidential Prime.
• Deploy 3 Confidential SNS 3495 ISE appliances.
• Modify pilot ISE environment for production scaling and performance.
• Provide ISE deployment services for migration of users from Confidential NAC to Confidential ISE platform for the following locations.
• Used the ISE Endpoint Analysis Tool to analyze data and design new ISE Profiling Policies.
• Performed operational Moves/Adds/Changes in Integrated Services Engine (ISE) 2.3 including but not limited to network devices, Identity Groups, Local Hosts, Local Users, Administrator Policies etc.
• Addressed technical issues and questions regarding Confidential ISE including troubleshooting and feature changes and modifications.
• Configured Confidential ISE for Wireless and Wired 802.1x Authentication on Confidential Wireless LAN.
• Configuration and Integration of Confidential Identity Services Engine (ISE) 2.3.
• Consisted of ISE Deployment, Authentication with Active Directory and Microsft Certificate Authority.
• Designed and Configured Confidential Identity Services Engine (ISE v2.3) to support corporate connectivity to a new wireless environment utilizing Active Directory Authentication and Authorization with EAP-TLS client certificates.
• Based on interviews conducted with the client, Implemented and documented a custom fully redundant and Highly Available WLAN environment utilizing Confidential 5508 Wireless LAN Controllers, Confidential 3315 ISE Appliances, and Confidential 3500 series Access-Points.
• Implemented and supported Confidential Identity Services Engine (ISE) with the Confidential ASA 5500 series for VPN connectivity.
• Provide migration support and oversight resources for NAC to ISE roll-out at 80 Client branch locations in the United States and the Center Point Tower.
• Experience in working with ISE and Microsoft Access database.
• Deploying ISE Wired and Wireless Authentication, Authorization and Accounting.
• Identifying endpoints missing from ISE and determine reason for omission.
• In addition, any deficiencies noted in the Department of Water Resources’ ( Confidential ’s) guest wireless network during this work documented and recommendations for improvements made in written.
• Configured the ISE software and provide Confidential staff with the necessary configuration changes needed on the network equipment to facilitate the migration of existing services to the new Confidential ISE server.
• Created the repository for the backup and upgrades.
• Worked on assessment and the finalization of the detailed designs and provided a design document for the Implementation of Confidential ISE and the Migration of Wireless and TACACs to ISE.
• Provided a written detailed design report and assessment report documenting modifications, findings, and recommendations.
• Involved in Configuring and implementing of Composite Network models consists of
• Ensuring the Confidential ISE server is correctly installed and licenses are applied.
• Reviewed vendor system reference documents and creating Confidential Operations Procedures documentation for network staff training.
• Provided engineering support by creating installation approach and cutover/turn-up procedures for validating the system is operating as designed.
• Given in person training to Network Section staff.
• Provided engineering support by creating as-built system documents such as system drawings or configuration details.
• Created monthly status reports, on a monthly and as-needed basis, reflecting the overall project condition, work accomplishments, man-hour expenditures, close out of phase (Close-out and Acceptance Report), future activities, and any identified risk elements.
• Participated in a kick-off meeting with the Confidential Communications Branch personnel to review and affirm goals, objectives, current design, and schedule for the Confidential ISE Deployment and Migration.
• Contractor will make recommendations if modifications for improvements should be included in the design.
• Provided engineering support and technical assistance by ensuring the Confidential ISE server is correctly installed and licenses are applied.

Confidential, Warren, NJ

Data Network Consultant

Responsibilities:

• Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for Posture Compliance Policies and Rules for Checking the devices coming onto Network, Remediation Process, Access and Controls, and Segmenting the Global Networks for NAC Solutions for both Confidential and Forescout NAC Appliances
• Experience with moving data center from one location to another location, from 6500 based data center to Nexus based data center.
• Configured Confidential ISE for Wireless and Wired 802.1x Authentication on Confidential Wireless LAN
• Configuration and Integration of Confidential Identity Services Engine (ISE) 1.2
• Experience working with Nexus 7010, 5020, 2148, 2248 devices
• Experience with convert PIX rules over to the Confidential ASA solution and Responsible for Confidential ASA firewall administration across our networks.
• Configuring, making policy’s, troubleshoot and upgraded ASA, Palo Alto, One cloud and Confidential for clients.
• Responsible for Configuring SITE TO SITE VPN on Confidential ASA 5500 series firewall between Head office and Branch office.
• Implemented real-time monitoring for the SamTrans Confidential (Advanced Communication System) network infrastructure.
• Installation and Configuration of Confidential Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design
• Experience with configuring Nexus 2000 Fabric Extender which acts as a remote line card (module) for the Nexus 5000
• Configured Gatekeepers using GUP and SIP Proxy using CUSP for dial plan redundancy
• Has a good experience working with the Trouble Tickets on F5 Load balancers LTM/GTM.
• Troubleshooting and monitored routing protocols such RIP, OSPF, EIGRP & BGP.
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
• Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
• Implement ATM/Frame Relay between data centers utilizing Confidential routers & switches. .
• Management tools, Infoblox DNS security, NetFlow, Syslogand Wireshark.

Confidential, Franklin Lakes, NJ

Network Engineer

Responsibilities:

• Planning, designing and configuration of various Confidential ISE & Forescout NAC deployment strategies (Standalone, Distributed Setups) and rollout to production environment
• Execute carrier specific TR-069 and TR098/TR111/TR181 test plans via Motive Confidential requiring the testing of Remote Procedure calls for setting parameter values for DSL Modems to support customizable LAN/WAN DNS, Port Forwarding, UTC compliant time zone specifications, captive portal management, LAN/WAN static IP address management/mapping, Wi-Fi WEP 64 and 128 bit encryption, WPA - 128 Bit AES encryption, PA-PSK, WPS, remote access credential management, MAC address credential management.
• Configured and Implemented Confidential Identity Services Engine (ISE) with connectivity to Microsoft Active directory for Authentication including Certificate Based Authentication.
• Deploying ISE Wired and Wireless Authentication, Authorization and Accounting.
• IP addressing and design schemas for a variety of IP Pools using DHCP scope or local IP pools for NAC Controls.
• Worked on setting up the Ether-Channel interfaces between Confidential Switch's 6500, 3750 in line with NetOptics TAP devices for capturing the Network Traffic and is set to be monitored with the ForeScout CounterAct NAC Appliance.
• Assisted in the architecture, evaluation and recommendations related to purchasing and installing hardware, software related to IP Networking.
• Worked on manage Enterprise Network Infrastructure as a Tier 3 Support Engineer.
• Involved in Configuring and implementing of Composite Network models consists of Cisco7600,7200,3800 series routers and Confidential 2950, 3500,5000,6500 Series switches.
• Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
• Managing cabled LAN and wireless access, with switching technologies.
• Experience in Aruba wireless technologies
• Networks include Confidential, Avaya, Brocade, Enterasys and Oracle Acme Packet technologies in small business to enterprise level networks.
• Work as coordinator for the onsite and offshore project and support teams. Managing the client expectations technical or communication and explaining them to the offshore team generally the team leader was also one of my role.
• Configuring VTPs, trunking, inter-vlan routing, port fast, uplink fast, and backbone fast on access layer switches and configuration of NAT.
• Planned and installed Frame Relay WAN links to the branch offices.
• Implemented a backup for the existing WAN connection using site to site IPsec VPN tunnels.
• Configuring and troubleshooting OSPF routing protocol on the corporate network.
• Worked on the migration of Frame Relay based branches to MPLS based VPN for customer’s WAN infrastructure.
• Worked on PIX firewall, ASA firewall. Did PIX OS upgrade from 6.3 to 7.0 (x)
• Has done the Configuration on BIG IP (F5) Load balancers and also monitored the Packet Flow in the Load balancers.
• Administration of ASA firewalls in the DMZ and FWSM in the Server Farm to provide security and controlled/restricted access.
• Managing enterprise BGP setup by configuring and troubleshooting BGP related issues. My responsibility was also to add new BGP peers for remote branch offices and business partners.
• Scaling of IGP and BGP in the core.
• Dealt with Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
• Planning for upgrade of IOS on devices and performing the upgrade.
• Installation and support of LINUX (RedHat, CentOS ) , UNIX, NetFlow, Syslog Python, VM experience , Infoblox DNS security and Wireshark.
• Monitored network traffic and developed capacity planning initiatives, making necessary recommendations for additional resources or hardware.
• My responsibilities also include writing and executing Test Plan, Desk level procedures and Test Case Documents for smooth network operations of the remote location, assisted in design guidance for infrastructure upgrade.

Confidential

Network Engineer

Responsibilities:

• Experience working with ASR 9000 series switches with IOS-XR
• Experience with Juniper switches like EX-2200, EX4200, EX-4300, QFX series like QFX5100, 5200,etc and MX5, MX40, MX80 and MX104.
• Experience working with design and deployment of MPLS Layer 3 VPN cloud, involving VRF, Route Distinguisher(RD), Route Target(RT), Label Distribution Protocol (LDP) & MP-BGP and worked on Tickets on F5 Load.
• Experience with OPS team on DMZ implementation and troubleshooting. Worked on finance enterprise applications.
• Experience working with migration from 6500 series devices to 4500 Series switches in Campus deployments at Core, Distribution and Access Layers.
• Experience with LAN protocols like STP, RSTP, MST, VTP, VLAN and Port Channel Protocols like LACP, PAGP.
• Worked extensively in Configuring, Monitoring and Troubleshooting Confidential 's ASA 5500 with ACL, NAT, Object Groups, Failover, Multi-Contexts
• Experience with migrating from Confidential ASA 8.2 version to Confidential ASA 8.4 Version.
• Responsible for Confidential ASA firewall administration across our global networks
• Migration of existing IPSEC VPN tunnels from one Data Center to another Data Center.
• Experience with converting WAN routing from EIGRP/OSPF to BGP (OSPF is used for local routing only) which also involved converting from Point to point circuits to MPLS circuits.
• Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports
• Implement and configured VRRP/GLBP (on distro/core switching), HSRP on different location of office on the switched network and managing the entire multilayer switched network
• Experience in Configuring, upgrading and verifying NX-OS operation system with OSPF, BGP
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP.
• Worked on iSCSI HP OneView, NetFlow, Puppet, Ansible, Foreman, and Experience in monitoring SNMP Syslog. Deep knowledge of languages like Shell Scripting, TCL,Expect, Perl, Python, YAML.
• Key contribution in enterprise virtualization design and administration like VMware, Open stack, AWS and Google Cloud.
• Responsible for managing activities, Upgrading IOS - Upgrading hardware and installing new devices, Tuning (Configuration), make standardization for the topology
• Configured, installed, &managed DHCP, DNS, & WINS servers

Confidential

Network Engineer

Responsibilities:

• Engaged in office moves, helped in identifying network requirements of new building, installed new networking hardware, and coordinated with vendors for cabling/wiring
• Trouble-shooting end-user reported problems, thoroughly and accurately documenting problem in trouble management tool.
• Configuring DNS /NIC card issues and wall jack issues while troubleshooting IP addressing problems.
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the networks.
• Weekly and monthly engineer meetings regarding open project status
• Hands on experience with Confidential 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
• Confidential IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Confidential OS and IOS on CAT6500 in a complex data center environment.
• Understanding & Implementation of IPSEC & GRE tunnels in VPN technology
• Configuring, maintaining and troubleshooting routing protocols such as RIP, OSPF, EIGRP and BGP.
• Troubleshooting IOS related bugs based on past history and appropriate release notes. Planning and configuring the entire IP addressing plan for the clients' network .