Summary

• Around eight years of experience with CCNA CCNP certification with network implementation and troubleshooting.
• Experience in troubleshooting and configuring barracuda virus and spam firewall, Palo Alto firewall.
• Configured ASA 5520 SSL VPN connectivity with Cisco Ver8.2 and support the client.
• Worked on Cisco ASA 5500 5510 and 5540 series and Cisco PIX 506E/515E , Palo Alto and juniper firewalls EX2200, EX2500, EX3200, EX4200, EX4500, EX8200
• Hands-on experience with layer 3 protocols, which are BGP, OSPF, VRRP, BGRP, RIP, IGRP, HDLC, RIP V2.
• Knowledge of TCP/IP protocol suite and OSI model
• Upgraded and troubleshoot Cisco IOS firmware Cisco on router and switch.
• Configured security policy for NAT/PAT, ACL and inter VLAN routing
• Moderate knowledge of configuring and troubleshooting Cisco wireless network. Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics.
• Configured and tested DDoS solution and Imperva web application firewall process in a large environment.
• Provided level 3 support for desktop troubleshooting and Tier 2 support for network related problem in small as well as large 1000 system and 5000 users environment.
• Strong hands-on knowledge of configuring Cisco 7600, 7200, 3800, 3600, 2600, 2500 series routers and Cisco catalyst 6500, 4500, 3750, 2950 and 3500 XL series switches.
• Deployed and upgrade Microsoft exchange email services.
• Created 3rd party security assessment layout for organization to get them complied with organization.
• Helped to achieve 99.99 high availability of critical systems in production during peak period.
• Based on organization policy, configure and made policy for computers to harden the system.
• Provided level 3 supports for RHEL 4 and windows 2003/2008 server systems to Data Domain, Cheetah and VMware customer.
• Worked on OMAP 4 processes testing and tracked a bug related to camera and generate complete tracking report, which helped technical and non-technical person to understand.

TECHNICAL SKILLS

Programming Language: Cisco IOS, Shell, Bash, C, HTML, MYSQL

Networking Protocol: TCP/IP L2/L3 Protocols, 10/100/1000 Ethernet, 802.11 a/b/g, ARP, RIP, OSPF, EIGRP, BGP, ICMP, HSRP, VRRP, GLBP NAT/PAT,

SNMP, SIP, SMTP, Frame Relay, STP, VPN, VLAN,

RSTP, IGP, VTP, DHCP, DNS, IPSec, HTTP, WINS, LDAP

Operating Systems: Microsoft XP/7/8, WINDOW 2003/2008 R2 server, RHEL 4/5/6, UNIX, Mac OS

Cisco routers: 7200p, 3800, 2800, 2600, 2500, 1800 series

Cisco switches: 6500, 3950, 3500, 2990, 2900 XL series, Nexus 4000/5000/7000

PIX Firewall: 06/515/525

ASA Firewall: 4430/5520/5550

AAA Architecture: Cisco ACS, TACACS , Radius

Email servers: MS Exchange 2007/2010/2013

Virtualization Tools: VMware ESX, ESXi and VSphere, VMware configuration manager, Citrix Xen tools.

Other Tools: Wireshark, DRAC, Imperva web application firewall, Cisco ACS, Cisco IPS/IDS, Qualys, Nessus, Backtrack, Nmap, DFS, IIS, Active Directory,

NFS, NAS, SAN, Puppet, Nagios, Sysinternals tools

Load Balancer: F5 Load Balancer, Microsoft Load Balancer

Endpoint Security: Kaspersky, Symantec, McAfee

Backup Tools: Symantec Backup Exec, Microsoft Backup, Carbonite Cloud Backup

Log management tool: AlienVault USM, LogLogic, Windows Log viewer, Cisco syslog, Snorby

WORK EXPERIENCE

Confidential

IT Security Engineer

Responsibilities:

• Enhanced hardware and software solution, including new acquisition and upgrades, which are essential for company's infrastructure and technical system.
• Installation, Configuration and Administration of Windows 2008 R2 AD, DNS, DHCP and Web proxy ISA server. Implemented AlienVault USM log management system.
• Managing health check of Network devices this is involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration
• Optimized on-premise barracuda spam and virus firewall policy to defend virus attacks.
• Installation and Configuration of Cisco Catalyst switches 6500, 3750, 3550, CRS series and configured routing protocol OSPF, VRRP, BGRP, EIGRP, BGP, AIX, SunOS, SMTP, Solaris, UNIX , DOS, with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between core switches and server distribution switches
• Upgrade Cisco Routers, Switches and Firewall PIX IOS using TFTP.
• Configured ASA 5520 SSL VPN connectivity with Cisco Ver8.2 and support the client.
• Developing infrastructure including WSUS, radius and VPN, policy, active directory, exchange 2007/2010 servers, Kaspersky enterprise security system, AlienValut unified security system and storage solutions.
• Created database power shell scripts and roll out to environment for internal inventory and billing tools. Capturing packets using wireshark and tcpdump technology to solve network issue
• Worked on checkpoint firewall security policy to secure internal system and mobile devices.
• Maintaining and administrating knowledge based systems such as salesforce, confluence, Hardcat and zuora, which are essential part of company's activity functions.
• Replace branch hardware with new 3900 routers and 2960 switches for better flow of MPLS, BGP workflow. Migrated Juniper Firewall to Cisco ASA Firewall.
• Upgraded Microsoft Exchange email environment from 2007 to 2010 and solved issue with old and new exchange email services.
• Worked on 4500 catalyst and upgraded switches to 5K and 7k nexus switch.
• Testing and deployment of citrix XenServers, XenVM, netscalar, and xenApp, GPO, new Operating systems windows, Mac, NIX , system software updates through system center and through domain controller to enhance compatibilities and security.
• Worked on PCI and HIPPA policy to secure devices and to meet requirement with compliance.
• Helped new hires in on-boarding process. Image the desktop and laptops machine based on employee requirement and company policy.

Confidential

Computer System Analyst

Responsibilities:

• Providing support for windows 2003/2008/ NIX servers using error logs generated by system and syslog generated by network appliances to SNMP server. I am using Windows AIK, WinPE, PXE booting to automate administration tasks. Providing support for VPN issues to our employee. Implemented splunk to manager logs
• Created and implemented policy and power shell scripts for machines based on Mac or windows os and users policies.
• Documenting for VMware test environment for AD, open LDAP and core systems integration with WSUS, Microsoft System Center 2007 and OCS 2007.
• Managing Active Directory and open LDAP changes and to support other engineers and administrators to gather AD information to report to end users and auditors.
• Configured port based authentication in switch using RADIUS standard. Creating eBGP neighbor relationship between ASR 9000 and transmit routes for iBGP neighbor inside AS.
• Providing L2 customer support, managed e-mail messaging quotas and system resources. Taking care of backup compression and encrypt data. Working on different encryption standards AES, 3DES, RSA and DH.
• Administer and maintain Cisco Voice Infrastructure involving Call Manager 4.x and Cisco Unity Express and around 100 IP Phones and Cisco CE-500 POE Switches.
• Implemented policy from domain, which affect Windows and Mac Users. Worked on Palo Alto firewall
• Configured ASA 5520 SSL VPN connectivity with Cisco Ver8.2 and support the client.
• Worked on checkpoint firewall security policy to secure internal system and mobile devices.
• Implementing and troubleshooting of multiple IP routing on Cisco 3800/6500 series router: RIP, EIGRP, OSPF, VRRP, BGRP, BGP, SMTP, STP, VLAN, and HSRP.
• Implementing SNMP on devices for network management. Provide help to implementing security policies using ACL on juniper firewall standard and extended , IP tables and configuring NAT. monitor packet flow using wireshark and TCP Dump.

Confidential

Security Engineer

Responsibilities:

• I was assisting in the operational management of security related projects and applying solutions for Virtualization, Access Management, Intrusion Prevention/Detection Systems, and Identity Management.
• Worked on planning, management and execution of vulnerability and risk assessment and apply recommendations to mitigate risks. Tested and worked on Arcsight product in pre-prod.
• Documented elements of IT security governance that is policies, procedures, and standards. Prepared weekly dashboards for IT security team.
• Helped IT security team to test, research and track the information about current security threats and potential vulnerabilities using Nessus, wireshark and tcpdump technology.
• Engaged in testing for changes in Cisco PIX 515 and ASA 4430/5550 firewall, Cisco 3600 and ASR router and Cisco 6500 7k switches configuration in pre-production / production environment.
• Worked on ASA Firewall 5550 juniper firewall ACL and IDS/IPS signatures updates to prevent from DDoS attacks. Worked on Palo Alto EX firewalls.
• Involved in installing and configuring Cisco Access Control Server ACS for AAA authentication with RADIUS and TACACS device. Worked on active directory and Kerberos authentication.
• Troubleshoot AAA issues in Cisco ASA 4430/ 5550 firewall and Cisco 7200 and 3600 routers.
• Carried out a how-to documentation to set up new ACS server for disaster recovery solution.
• Provided supports for account locked out issue to users, which include hardware/software troubleshoot, WIFI/LAN related problems. Set up new desktop/laptops windows, Mac, Linux based on company policy for new employee.
• Worked on checkpoint firewall security policy to secure internal system and mobile devices.
• Scan environment using VMware configuration Manager VCM to help in daily internal audit that helps to maintain current inventory. I have created 3rd party security assessment to ensure data safety in transition and in storage for PCI-DSS 2.0 and ISO 27001 compliances for Gap Inc. vendors.
• Also helped in information security awareness program for employees, which spread IT security awareness between technical and non-technical employee in easy to understand language.

Confidential

System Engineer

Responsibilities:

• Designated to work on Cyberknife system, which is cancer treatment system that contains 4 servers based on Linux and Windows 2003 server environment.
• Deployed configured OS as well as hardware and softwares in Cyberknife system so that it can access stored report and access data from Windows to Linux system and back up data at every hour. I also provide tier 3 supports to Cyberknife system.
• I have also build Data Domain, VMware and Cheetah servers as per special requirement of install hardware, RAID the HDD, configure SCSI/ iSCSI controller for servers and applications configuration for better performance. Converted storage and servers to virtual machines for high availability use.
• Configure and Implement ACLs for DMZ and FTP with CISCO PIX 506 Firewall and monitored intrusions. Configured Remote Access Servers with Frame Relay, Leased Line circuits
• Plan, Design, Document and Implement multiple projects as part of Enterprise services. Successfully designed Migration plan for OSPF as IGRP from EIGRP and deployed Enterprise VOIP solutions based on Cisco Products. Installed and configured software based firewall and anti-virus systems McAfee, Symantec .
• Worked on checkpoint firewall security policy to secure internal system and mobile devices.
• Created a mechanism that helps to deploy OS from server using PXE to client workstation and laptop from network. Setup splunk in internal environment to monitor logs
• Configured Easy VPN for remote users accessing Site-to-Site VPN/ IP Sec VPN. Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP using Cisco nexus 5k switch.
• I was providing L2 support for network, which are OSPF, VRRP, BGRP, RIP, BGP, MPLS, EIGRP, AIX, SunOS, Solaris, SMTP, UNIX , DOS, RIP routing related issues for CISCO router and VLAN, HSRP related issue in switch.

Confidential

System Engineer

Responsibilities:

• Configure and Implement ACLs for DMZ and FTP with CISCO PIX 506 Firewall and monitored intrusions. Configured Remote Access Servers with Frame Relay, Leased Line circuits
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems. Implementation of name resolution using WINS DNS in TCP/IP environment
• Administration of Cisco 11.x and 12.1 versions and higher. Monitored all Cisco equipment's using Cisco Works
• Involved in SNMP Network management. Worked on various scanning and Sniffing tools like Ethereal
• Upgrades and backups of Cisco router configuration files to a TFTP server
• Implementing and maintaining backup schedules as per the company policy. Configured AAA with TACACS server to authenticate credentials.
• I was designated for maintain data center and deployed MS exchange E-mail server as well as creating group policy for employee in windows 2003 server environment.
• Provide level 2 technical support on a for Windows XP/Visat RHEL 4 based system issues from increased mail storage quota requests, through server crashes, mailbox restoration from backup, operating system upgrades, and patching of known vulnerabilities.
• Designing and Implemented VMware Lab Manager with ESX 3 host and troubleshooting variety of VMware issues. Also created domain controller for active directory to maintain employee and group policy.
• Implementing and troubleshooting VMware ESX server, VMware virtual center, setting up V-Motion, HA, DRS, and related VMware products such as VM Workstation, P2V/V2V converters.

Confidential

Network Administrator

Responsibilities:

• As a Jr. network Admin, I was responsible to troubleshoot implement switch and router configuration.
• Finished task to remodel and update the network. Verified and validate application updates and system updates using windows SCCM 2003/2007 for better usability in production environment.
• Creating different VLAN in new Cisco 2900 XL switch and allocate server in to VLAN based on their attributes. Configured LACP between two switches for load balancing and also made VTP mode transparent to keep VLAN unchangeable.
• Worked on Cisco routers 7200, 3800, 2800 and Cisco switches 4900, 2900
• Configured BGP for CE to PE route advertisement inside the lab environment
• Maintained Cisco 2600 routers stability, monitored network performance and traffic management. Also troubleshoot hardware/software related problems for desktop and laptops.
• Maintain effective communications with vendors, peers and clients for trouble-tickets, equipment RMAs, and support request for application and system related problems.