SUMMARY:

IT professional with 10 years of experience in design, implementation, administration, monitoring/analysis Tier 2/3 ticket resolution, documentation including policies/procedures, task and project management including proficiency in various technologies including enterprise routing, core and distribution switching, security, firewalls, VPN, wireless & branch technologies.

TECHNICAL SKILLS DETAIL:

WAN/Routing Technologies: OSPF, BGP, MPLS, EIGRP, Route - maps, Prefix-lists, ACLs, Static Routing, Stub Routing, IPv4/6, NAT/PAT, Cisco ASRs, Cisco IOS XRv, Meraki MX 450/100, Juniper SRX340/210, Juniper vSRX, Cisco IOS XE, JunOS.

Core Switching Technologies/ Data center: VPC, VXLANs, VSS, StackWise, HSRP, VRRP, VLAN Trunking, SVI, Portchannel, STP, VTP,Portfast, BPDU Guard, UDLD, Cisco ACI, F5 Big-IP load balancers, LTM, Nexus 9K/7K/5K/3K/2K,Catalyst 6500/4500/3850/3750 X,Meraki 410/210/220, Juniper EX4200/2200, DHCP, CDP, ACL, QoS, SFP+, QSFP,NX-OS, IOS XE,JunOS, SolarWinds, Wireshark, Cacti, Nagios, Remedy, SNMP, DNS, SSH, FTP/SFTP, 3COMM. Avanti, HP Openview, Windows, Voice Over Internet Protocol (VoIP), SIP, CUCM, UCCX, RSTP, STP, Quality of Service (QoS), PoE.

Security/Firewall Technologies: Cisco ASAseries, Meraki MX, Cisco IPS/IDS, Cisco ISE, Juniper SRX 340/240, Juniper vSRX, Palo Alto 850/220/VM, ACLs, SSH, IPSecVPN, SSLVPN, MPLSVPN, AAA, TACACS+/RADIUS, 802.1x Authentication, Port Security.

Wireless/Branch Technologies: Cisco WLC 5500/3504, Cisco vWLC, Cisco 3702i/1852i/3602i/1142 APs, Cisco Meraki MR 42/33/20APs, Aruba ClearPass Aruba, Aerohive, Cisco ISE, TACACS+/RADIUS, 802.1x Authentication, 802.11, WLAN, WAP, SSID, LWAPP, SMTP, VoIP/SIP, QoS, CUCM, UCCX, AWS, Cisco Meraki Cloud-based Dashboard, UPS & PDUs.

PROFESSIONAL EXPERIENCE:

LAN/WAN Professional Network Engineer

Confidential

Responsibilities:

• Network Engineer of a team of consultants responsible for design, implementation, administration, escalation support, documentation of enterprise LAN/WAN technologies for datacenters, WAN links, and branch offices.
• Specific Technologies handled include but not limited to Cisco ISRs/Meraki MX, Cisco Catalyst/Nexus Switches Cisco ASAs, Juniper EXs, Cisco Wireless LAN Controller, Cisco Access Points, Palo Alto (PAN) Firewalls, Nagios, Solar Winds, Cacti, Wireshark, VMware,Cisco Unified Communications Manager & Cisco Unity, Cisco ACI, Aruba, Aerohive, Aruba ClearPass.

Confidential

Network Engineer

Responsibilities:

• Engineer on a team of professionals responsible for design/analysis, implementation, project management, deployment, testing/validation, administration, support along with in a highly secured, mission critical environments.

Confidential

Network Engineer

Responsibilities:

• Analyst on a team of professionals responsible for site analysis, research, design, implementation, project management along high level administration, support, disaster recovery based on policies and procedures and compliances.

Confidential

Network Engineer Consultant

Responsibilities:

• Provided a wide ranges of technical services including but not limited to design, site analysis, implementation/deployment, project management, high level administration, documentation, Tier 2/3 escalation for clients in the greater DC area.
• Created and administered Local VLANs based on department function, and configure ports with static VLANs for data and voice along with both dynamic and static 802.1Q trunks. Managed VTP, mostly transparent mode, to control VLANs.
• Managed RSTP/STP on Cisco and Juniper switches and priority for root election. Managed portfast, bpdu guard, UDLD.
• Created and administered portchannels statically and using LACP, Etherchannels on catalyst and LAG on Juniper.
• Managed Stackwise, VSS on Catalyst, VPC on Nexus, and MLAG on Juniper for device redundant portchannels.
• Configured SVIs for VLANs with IPv4/IPv6 addresses with HSRP and VRRP for gateway redundancy on dist. switches.
• Implemented port-profiles in NX-OS for multiple ports and port-types to reduce errors and improve readability.
• Implemented secure access such as SSH, AAA, Radius, TACACS+ to vty and console ports along with SNMP and NTP.
• Implemented a wireless network infrastructure providing access to wired LANs to increase mobility and productivity on Cisco WLC, Cisco Catalyst and Meraki switches, Cisco and Meraki APs. Created wireless LANs and configure interface association, security parameters, and radios used. Managed wireless via the WLC web GUI and Meraki Dashboard.
• Configured port security, DHCP snooping, IP ARP inspection, ipv6 RA guard for access switchport hardening.
• Managed an IPSec Site-to-Site VPN between Cisco ASA5500s at Main Officeand Cisco branch ISR including Implemented VPNs for IKE Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmacto traffic protection, crypto-map to configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint.
• Implemented of Zone-Based Firewall on the Cisco branch ISR for three zones, applying class-maps as traffic crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.
• Deployed SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5500 series using a web browser. Generated a general purpose RSA key-pair for authority identification, configure authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association.
• Utilized Cisco ASA 5500 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic.
• Configure HTTP inspection policy to block restricted sites and file downloads.
• Configured port security, DHCP snooping, IP ARP inspection, ipv6 RA guard for access switchport hardening.
• Managed an IPSec Site-to-Site VPN between Cisco ASA5500s at Main Office and Cisco branch ISR including Implemented VPNs for IKE Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmacto traffic protection, crypto-map to configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint.
• Implemented of Zone-Based Firewall on the Cisco branch ISR for three zones, applying class-maps as traffic crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.
• Deployed SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5500 series using a web browser. Generated a general purpose RSA key-pair for authority identification, configure authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association.
• Utilized Cisco ASA 5500 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic.
• Configure HTTP inspection policy to block restricted sites and file downloads.
• Administered both single area and multiple area OSPF routing. Also implemented totally stubby areas to lower the system resource utilization of devices. Implemented hub and spoke network between three sites with the main office as the hub for redundant connections utilizing MPLS VPNs and GRE tunnels using IPSec.
• Implemented EIGRP routing on Cisco ISRs and ASAs. Prevented neighbor adjacencies forming and sending/receiving routing updates on unnecessary interfaces. Implemented EIGRP MD5 between sites to prevent unauthorized insertion of routes into the domain. Implemented manual EIGRP route summarization to reduce demand on CPU resources, memory, and bandwidth used to maintain the routing tables.
• Implemented backup and recovery of Cisco IOS Images. Perform password recovery on Cisco IOS routers/switches and a Juniper devices to restore administrative access.
• Configured eBGP & iBGP peering using directly connected networks and loopbacks, ebgp-multihop. Managed BGP Peer groups and PREFIX-LISTs, ROUTE-MAPs, ACLs and neighbor statements to filter route updates to and from neighbors. Utilized show commands to provide routing information with debugging diagnostic commands to monitor BGP events.
• Managed SNMP, AAA, TACACS+, Radius, Netflow, Syslog, NTP for authentication, logging and management.
• Utilized Nagios XI (customized dashboard, SolarWinds Orion NPM, CACTI monitoring and graph traffic.
• Used the Wireshark tool to analyze HTTP, telnet, and SSL traffic