PROFESSIONAL SUMMARY:

• Cisco Certified Network Engineer with 5years of experience with routing, switching and Data center environment.
• CCNA network engineer with extensive experience in various technologies such as switching (STP, Ether Channel, VDC, VPC, FHRP, LLDP, CDP, SPAN, LACP), routing (EIGRP, BGP, OSPF, VRF, PBR, IS - IS, redistribution, route-maps, etc.), deployment, IOS upgrading, etc. on both Catalyst and Nexus platforms.
• Professionally trained in CCNP-level routing and switching curriculum.
• Excellent Hands on experience with Cisco ISE and the Migration of Wireless and TACACs to ISE.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800).
• Successfully designed and delivered secure cloud solutions for some of the Major organizations on AWS Cloud.
• In-depth knowledge on various AWS Services including EC2, VPC (NAT, Peering, VPN), IAM, EC2 Container service, Elastic Beanstalk, Lambda, S3, Cloud Front, Glacier, RDS, DynamoDB, ElastiiCache, Redshift, Direct Connect, Route 53, cloud watch, Cloud Formation, Cloud Trial, Opsworks, Amazon Elastic Map Reduce (EMR), AWS IoT, SNS, SQS, Lambda, API Gateway, AWS Alexa etc.
• Experience working on administering various AWS Services using AWS Console, AWS CLI.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Configuring and testing Verizon ARC BA850 Cradle Point as the turnkey networking solution for 4G/LTE failover .
• Worked on Load BalancerF5 LTM, GTM series like 6400, 6800, and 8800.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Checkpoint R65, R70, R77, Palo Alto and Cisco ASA.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Experience on dealing with VoIP information deployment including troubleshooting protocols like Session Initiation Protocol (SIP), Real-Time Transport Protocol (RTP), Media Gateway Routing Protocol (MGRP) and Session Description Protocol (SDP).
• Advanced knowledge in Cisco ASA 5500 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS, security risk analysis, attack mitigation & penetration tests based on LPT methodology.
• Experienced in handling and installing Palo Alto Firewalls
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Experience working with Nexus 7K, 5K and 2K and experience using Qualcomm tools like QXDM, QPST, QMICM, QCAT
• Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, and ISG 200.
• Implementation of Juniper Firewall, SSG Series, Net Screen Series ISG 1000, SRX Series.
• Managed and maintained 200+ Palo Alto, Cisco ASA, Juniper firewalls and IPS/IDS deployed across the site.
• Utilized Splunk for Log review, event correlation and threat analysis and successfully mitigated threats by applying best practices.
• Successfully updated operating system for Next generation firewalls (Palo alto, Checkpoint and Cisco).
• Successfully completed App-ID project -Converted all the rules App Id based which resulted in granular traffic control.
• Assisted customers with troubleshooting their networks, security devices, operating systems, e-mail system.
• Strong knowledge of firewalls, DLP, IDS/IPS, Web application firewalls (WAF), anti-virus, URL filtering.
• Strong understanding of information system security vulnerability assessment/testing on a wide variety of technologies and implementations utilizing both automated tools and manual techniques such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
• Hands on experience on Cisco PIXASA Firewalls, Juniper SRX series, Palo Alto, VPN, Troubleshooting Skills, Log Analysis and Review, Compliance Audit.

TECHNICAL SKILLS:

Protocols: RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP, DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WLAN, WEP, POP3 LADP.

LAN Technologies Workgroup: Domain, HSRP, DHCP, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN Technologies Leased Line: Frame Relay, ISDN, PPP, HDLC, ATM, SONET, And Metro Ethernet.

CISCO Routers: 1700, 1800, 2500, 2600, 2800. CISCO High End Router 3600, 3800, 7200, 12010.

CISCO Switches: 1900, 2950, 2960. CISCO Campus switches 3550XL, 3548, 4984 Core Catalyst 4503, 4507 RE, Catalyst F5 load balancer, Juniper ISG/SRX.

Security & VPN: PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, Fort iGATE, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, pfSense, Palo Alto.

Layer 2 technology: VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVST

Layer 3 Switching: CEF, MLS, Ether Channel

CISCO ISE:: Cisco Integrated Services Engine (ISE) 2.3

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Monitoring Tools: Wireshark, Nmap, Nessus, OpManager, PRTG Packet Sniffer, Juniper NSM, Junos Space, Riverbed, Netscout. GTMVOIT

Servers: Domain servers, DNS servers, WINS servers, Mail servers, Proxy Servers, Print Servers, Application servers, FTP servers, NTP.

Operating Systems: Windows NT 4.0 (Desktop/Server), Windows server, Windows XP/7, LINUX, Solaris, Red Hat, Active Directory, UNIX.

Security / Firewalls: Cisco ASA Firewalls, IPSEC & SSL VPNs, IPS/IDS, DMZ Setup, Cisco NAC, ACL, IOS Firewall features, checkpoint.

Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240.

Hardware: Cisco Cat Switches, Routers, Avaya VoIP phones, Cisco IP 796X/794X.

PROFESSIONAL EXPERIENCE:

Confidential

Network Engineer

Responsibilities:

• Engaged on designing and perform the configuration of a Cisco Identity Services Engine (ISE) Server to migrate of services from Cisco Secure Access Control System (ACS) version 4.2(used for Wireless Client Access), Cisco Secure ACS Agent, Cisco Network Admission Control (NAC) Guest server version 2.0.3 and Cisco Secure ACS version 5.5.0.46 (Used for Terminal Access Controller Access Control System (TACACS+) to Network Devices) to the new Cisco ISE server.
• Performed support, configuration, testing and documentation for ISE rollout for CenterPoint Energy which includes making configuration changes in access and distribution layer switches, wireless controllers and ISE nodes.
• Used AWS Cloud platform with features EC2, VPC, ELB, Auto-Scaling, Load Balancing, Security Groups, IAM, EBS, AMI, RDS, S3, SNS, SQS, Cloud Watch, Cloud Formation.
• Experience building VPC's for specific environment, and subnetting for private or public needs.
• Developed an AWS security roadmap which included the AWS Services and 3rd party tools to be utilized in the AWS Cloud for Security monitoring.
• Implemented continuous integration automated build pipelines using Jenkins.
• Deployed Chef Dashboard for configuration management to existing infrastructure.
• Developed an AWS Security Group strategy. Determined naming conventions, owners, and approval process for Security Group change requests in a promote-to-production environment.
• Enabled and configured CloudTrail logs for 26 AWS accounts. Created and managed an encrypted S3 Bucket for all CloudTrail logs and adjusted bucket policy for each accounts CloudTrail to access.
• Installed and configured Amazon's Inspector. Created Targets and Templates and scheduled Assessment runs on all EC2 instances in the AWS account.
• Modify pilot ISE environment for production scaling and performance.
• Provide ISE deployment services for migration of users from Cisco NAC to Cisco ISE platform for the following locations.
• Used the ISE Endpoint Analysis Tool (ISEEAT) to analyse data and design new ISE Profiling Policies.
• Performed operational Moves/Adds/Changes in Integrated Services Engine (ISE) 2.3 including but not limited to network devices, Identity Groups, Local Hosts, Local Users, Administrator Policies etc.
• Performed evaluation and analysis of the environment for NSX deployment, including NSX manager, Distributed Firewall, Distributed Logical Router.
• Configured and tested Verizon ARC BA850 Cradle Point as the turnkey networking solution for 4G/LTE failover.
• Addressed technical issues and questions regarding Cisco ISE including troubleshooting and feature changes and modifications.
• Implementation of Cradle point with 3G/4G LTE as Backup Solution for Clients WAN. Connections and using Enterprise Cloud Manager for Monitoring.
• Test 7750 for bandwidth, packet loss, Jitter, latency using network diagnostic tools, QSCOPE before the site is being integrated to LTE.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN.
• Consisted of ISE Deployment, Authentication with Active Directory and Microsoft Certificate Authority.
• Designed and Configured Cisco Identity Services Engine (ISE v2.3) to support corporate connectivity to a new wireless environment utilizing Active Directory Authentication.
• Well versed Knowledge of IP networking and network security as well as good knowledge in Peripheral Component Interconnect PCI.
• Hands-on experience with Perl, Python and Java.
• Adaptive to cloud strategies based on AWS (Amazon Web Service).
• Familiar with cloud computing service like Microsoft Azure.
• Familiar with network traffic captures and network mapping tool like Wireshark.
• Strong working experience with Static, RIP, EIGRP, OSPF BGP Routing protocols.
• Vendor coordination for all network Security and Wireless services.
• Under general direction, responsible for the acquisition, installation, maintenance and usage of the wide and local area network. Managed network performance and maintained network security.
• Ensured that security procedures are implemented and enforced. Installed all network software. Evaluated, developed and maintained telecommunication systems. Troubleshooted network problems.
• Establishes and implements network policies, procedures and standards and ensures their conformance with information systems and company's objectives, trains users on network operation.

Environment: Checkpoint, Nexus, Cisco 3500, 1400, 1500, 5400, ASA firewall -- ASA5545, ASA5585-SSP-20, firewall PIX-525, VPN concentrator -- Cisco 3060, check point firewall -- r77, F5 Local Traffic Managers (LTM) 5000, 7000 series, (ISE) 2.3, VLANs, STP, DNS/DHCP issues, Palo Alto firewalls, Cradle Point, FortiGate TACACs, BGP, AWS, MPLS, Firewall analyser, Wireless LAN, service desk, Cisco ISE, Cisco Prime, JUNOS.

Confidential, Englewood, CO

Network Engineer

Responsibilities:

• Configuring and troubleshooting of routing protocols such as OSPF and EIGRP for effective communication on Cisco 3900, 3800 series routers.
• Worked on configuration, deployment and administration of Checkpoint firewalls versions R77.0, R75.46.
• Configured Juniper SRX series firewalls for policy management, and Juniper SSL VPNs.
• Extensively managed Network ACL's, EC2 and Security Groups in migrating traditional on-premises infrastructure to AWS cloud services which now hosts 20+ AWS services.
• Created monitors, alarms and notifications for EC2 hosts using Cloud Watch.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Utilized Cloud Watch service to monitor the QA/on demand instances, S3 metrics, configuring alarms for performance environments during load testing.
• Configuration of VLANs on cisco switches 3850, 3650 and troubleshooting IP addressing issues, updating IOS images and other hardware installations.
• Implemented traffic filters using Standard and Extended Access-lists, Distribute-Lists, and Route-Maps.
• Installing and configuring VPNs for the clients (site to site) and Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
• Gained strong experience and knowledge in investigating incidents related to firewall and VPN.
• Manage installations, configuration and administration of Cisco equipment in IT architecture of organization.
• Gained advanced knowledge on multiple security technologies Anti-virus, malware, Firewalls, VPN, proxies, vulnerability, DLP.
• Review and analysis of emerging threats and vulnerabilities, risks and business requirements for detection and remediation measures.
• Strong experience and knowledge in investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams.
• Working with Juniper JUNOS operating system and working on M and MX series routers.
• Working knowledge with white listing webpages and blocking webpages with Blue coat Proxy SG and Blue coat reporter.
• Establishing and maintaining of setup to Build and deploy the application to the Cloud AWS.
• Circuit upgrades for T1's and Ethernet circuits. Scheduled maintenance notification. Cradle point, Broadband.
• Worked on Monitoring and analysis of ProxySG performance.
• Administration knowledge on Symantec Bright mail Gateway, Symantec Endpoint protection (12.1.6) and Symantec PGP.
• On daily basis worked with Juniper SRX 650 and Palo Alto 5050 Firewalls.
• Planning a strategy for Moving from vShield to NSX - including introducing NSX into a VDI designed around vSphere 6.5 and Citrix.
• Strong understanding of Network Virtualization and experience implementing NSX Security.
• Design the layout for cable installations.
• Worked with up gradation of Firewalls (Juniper SRX, Palo Alto and FortiGate Devices).
• Participate in day to day DLP maintenance activities and analyse DLP incident and report on findings.
• Experience on Data Loss Prevention (DLP) and information security.
• Worked on manual Penetration testing of client systems, web sites and discovered network vulnerabilities.
• Built Cisco Device Profiles using CUCM. This includes being part of the team whom rolled out Cisco VOIP phones when transitioning over from Avaya. We deployed 1500+ phones throughout the campus.
• Implemented 8x8 VOIP solutions on site and run network diagnostics test and network assessment test.
• Configured network services equipment Riverbed accelerators in compliance with security policy.
• Worked on security policies of juniper SRX and Palo Alto and policy clean-up of firewalls.
• Comprehensive working knowledge of switches, switching technology, LAN/WAN security, LAN/WAN design, capacity planning, server technology, LAN/WAN troubleshooting, Voice over IP (including T1, DS3, OC-3, routing protocols, TACACS, RADIUS).
• Worked with Bluecoat and Infoblox.
• Provide support for security solutions related to Bluecoat Proxy, configuring solutions in the development, test and production environment.
• Gained good knowledge and hands on experience with routing and switching protocols such as OSPF, CIDRIP, BGP and STP.
• Worked on MPLS between Data center and offices.
• Good hands on experience with f5 BIG-IP GTM and LTM and Worked on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Involved in F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers. Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.
• Worked to implement new data center as well as migrated old Switches Nexus 5000 to new Switch Nexus 7000.
• Worked on Blue Coat's proxy architecture for the high level of web security.
• Worked on Cisco ASA 5500 series firewalls, Nexus 7000, 5000 series switches
• Experience in troubleshooting Nexus switches
• Administer and support Juniper Firewalls Using NSM (Net Screen and ISG firewalls).
• Dealt with NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network
• Troubleshooting VLAN, Spanning Tree Protocol, Switch trunks and IP conflict issues
• Coordinated with senior engineers in BGP, CIDR routing policies and designs
• Monitoring Network infrastructure using SNMP tools
• Gained good knowledge on integration of logs into Splunk.
• Gained experience with using NSM, SEP, IPS and IDS.
• Worked with Juniper M320 multiple edge router.

Environment: F5 Local Traffic Managers (LTM) 5000, 7000 series, GTM load balancers, Spanning tree protocol, VLANs, STP, DNS/DHCP issues, Palo Alto firewalls, Cradle Point, CIDR, BGP, AWS, MPLS, VoIP, ETHER channels, checkpoint, Bluecoat, Nexus, JUNOS, Juniper.

Confidential

Jr. Network Engineer

Responsibilities:

• Configuring and troubleshooting multi-customer ISP network environment.
• Involved in network monitoring, alarm notification and acknowledgement.
• Implementing new/changing existing data networks for various projects as per the requirement.
• Troubleshooting complex networks layer 1, 2(frame relay, ATM, Point to Point, ISDN) to layer 3 (routing with MPLS, BGP, EIGRP, OSPF and RIP protocols) technical issues.
• Providing support to networks containing more than 2000 Cisco devices.
• Performing troubleshooting for IOS related bugs by analysing history and related notes.
• Carrying out documentation for tracking network issue symptoms and large scale technical escalations.
• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
• Commissioning and Decommissioning of the MPLS circuits for various field offices.
• Preparing feasibility report for various upgrades and installations.
• Installation and maintenance of new network connections for the customers.
• Configuring all the required devices and equipment for remote vendors at various sites and plants.
• Installing new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations.
• Installing and maintaining local as well as network printers.
• Implemented 8x8 VOIP solutions on site and run network diagnostics test and network assessment test.
• Validating existing infrastructure and suggesting new network designs.
• Working on creating new load balancing policies by employing BGP attributes including Local Preference, AS-Path and Community, MED.
• Installing and maintaining Windows NT Workstations and Windows NT Server.
• Providing technical support to LAN & WAN systems.
• Monitoring Memory/CPU on various low-end routers in a network.

Environment: LAN & WAN, Cisco Devices OSPF, BGP, VoIP, EIGRP, MPLS and Cisco Switches and Routers.