SUMMARY:

• Network Security Engineer with over 7+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider network
• Administration, Engineering and Support for various technologies including proficiency in LAN/MAN/WAN, routing, switching, security and application load balancing
• Implementation, Configuration and Support of Palo Alto Firewall (VM - 500, PA-220, PA-820, PA-3k, PA-5k, PA-7k), Checkpoint firewall (NGX R65, R70, R71, R75, R77 and R80), Cisco Firewall (ASA 5505, 5520, 5506-X, 5585), Juniper (SRX 5400, SRX 5600, SRX 5800),
• Experience with management platform such as Smart Dashboard, ASDM, Panorama, Juniper NSM
• Configured and troubleshoot IP sec Site to Site VPN and Remote Site VPN on Checkpoint, Cisco ASA, Palo Alto and Juniper Firewalls
• Experience in troubleshooting Layer 1, Layer 2 and Layer 3
• Proficient in Cisco IOS for configuration and troubleshooting of routing protocols EIGRP, OSPF, BGP, MP-BGP, MPLS,
• Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500, 9300, 9500 and Nexus 3000, 5000, 6000, 7000 switches, Cisco 2600, 2800, 3800, 7200, 7600 series routers
• Experience in implementing and troubleshooting complex layer 2 technologies such as VLAN, Trunks, VTP, Ether Channel, STP, RSTP and MST. Implementation of HSRP, VRRP for default gateway redundancy
• Experience with Cisco Firepower 4110, 2120
• Experience in configuring and troubleshooting BIG-IP F5 load balancer LTM
• Creating Virtual Servers, Nodes, Pools, and iRules on BIG-IP F5 in LTM module
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate application and their availability
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems
• In dept knowledge on IPV4, TCP/IP, UDP, Ethernet, Switches, Routers, Firewalls, DNS, DHCP, ARP, IP Sub netting,
• Experience with Microsoft, Linux and Unix System
• Experience with AWS EC2, VPC, Subnets, Routing Tables, Internet Gateway, IAM, Route 53, S3
• Experience with packet analysis tool using Wireshark and TCP Dump
• Experience with E1/T1, SDH/SONET Transport Equipment’s on Nortel and Marconi Elements
• Experience with Service now tool to view incident and request to perform day to day activities.
• Experience with Vulnerability Management tool Qualys, Nessus and SIEM tool RSA, LogRythm
• Knowledge on Active directory, Group Policy, Exchange and Windows Server 2008/2012/2016
• Knowledge on Blue coat Proxies
• Knowledge on Wireless Technologies and VOIP CUCM
• Knowledge of HIPAA, NIST, FISMA
• Extensive knowledge of Firewall, IDS, IPS (HIDS, NIDS, NIPS, HIPS) methodologies and concepts.
• Experience with database SQL server
• Experience with Network, Desktop operating system, Intranet, Internet, Extranet, Web server software
• Experience with Checkpoint Firewall, IPsec VPN, Mobile Access, Application Control, URL filtering, Data Loss prevention, IPS, Anti-bot, Anti-virus, Anti-spam and Email Security, Threat Emulation and Extraction, Identity awareness, Content Awareness,
• Strong knowledge of TACACS+ and RADIUS implementation in Access Control Network
• Experience in analyzing security logs generated by IDS/IPS, firewalls, network flow system, anti-virus and other security log sources
• Knowledge in preparing Technical documentation and presentation using Microsoft Office/Visio
• Excellent in documentation and updating clients network documentation using visio
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzing results and implement and delivering as an individual and as part of the team

SKILL:

Hardware: Checkpoint Firewall (NGX R65, R70, R71, R75, R77 and R80), Cisco Firewall (ASA 5505, 5520, 5506-X, 5585), Palo Alto (PA-3k, PA-5k, PA-7k), Juniper (SRX 5400, SRX 5600, SRX 5800)Cisco Catalyst (2960, 3750, 4500, 6500), and Nexus (3000, 5000, 6000, 7000) switches, Cisco (2600, 2800, 3800, 7200, 7600) series routers

Protocols: EIGRP, OSPF, BGP, HSRP, VRRP, GLBP, TCP/IP MPLS

Networks: LAN, MAN, WAN, VPN

Security Protocols: ACLs, NAT, PAT, IPSec, ESP, AH

WAN Protocol: MPLS

Networking Protocols: TCP/IP, IPv4, IPv6, ARP, DNS, DHCP, SMTP, ICMP, FTP, Ping, Trace route, Telnet, SSH

Switching: VLAN, VTP, STP

Tools: Wireshark, Algosec, Solarwinds, Splunk, Service Now, Nagios, Firemon, Skybox

Operating System: Cisco IOS, GAIA, Junos, PAN-OS, Windows, Linux

Computer Software: MS Office, MS Visio, Outlook, Lotus

Programming languages: HTML, CSS, SQL, JAVA, Python, Shell, .Net

EXPERIENCE:

Confidential, Atlanta, GA

Senior Network Security Engineer

Responsibilities:

• Worked Extensively on Checkpoint R77.20 on above GAIA and Splat, Cisco ASA 8.0 and above, Palo alto 7.0 and above environment
• Plan, coordinate, and implement network security measures to protect data, software, and hardware such as, Check Point, Cisco ASA Palo Alto, Juniper firewalls
• Provided daily remote administration, implementing, configuring, and troubleshooting Checkpoint R77, Cisco ASA, Palo Alto, and F5 LTM/GTM Big-IP load balancing solutions.
• Migrated from Fortinet to Palo Alto Firewalls
• Implementing, Configuring, Monitoring and Troubleshooting of Palo Alto Firewalls
• Worked on Palo Alto VM-500, PA-820, PA-220, PA-3220 and PA-5220 and Pan OS 8.0 and higher
• Managed 100 Palo Alto Firewalls in AWS and Azure Cloud and Hardware Firewalls.
• Configured Interfaces, Zones, Virtual Routers, BGP Protocol, Static Routes, IKE Gateway, IKE and IPsec parameters
• Configured IPSec Site to Site IPsec and SSL Remote Access VPN on Palo Alto Firewalls
• Configured and Troubleshooted IPS Policy on Palo Alto Firewalls using Security Profiles such as Antivirus, Anti-Spyware, Vulnerability protection, URL Filtering, File Blocking, Wildfire Analysis, Data Filtering, DOS Protection.
• Experience with Palo Alto App-ID, User-ID, Content ID
• Configured Group Mappings to allow Group and User based Firewall Rules on Palo Alto
• Experience with Panorama Management Server 8.0 and higher
• Configured Device Groups and Templates, managed Dynamic Updates, Software Upgrades and Licenses.
• Creating Rules on Palo Alto firewalls using Applications and URL filtering
• Add, Delete, Modify, Clone, Enable and Disable Firewall Rules.
• Configured Static and Dynamic Source and Destination NAT and Application Override Rules.
• Configured Global Protect Gateway, Portal and Client with SSL-TLS, s, Tunnel interface and Internal and External gateway configuration.
• Configured and Troubleshooted Global Protect VPN using and SAML based Authentication.
• Configured HIP Objects and Profile for Global Protect VPN
• Configured LDAP and Syslog on Palo Alto firewalls
• Configured SSL decryption on Palo Alto Firewalls
• Experience with packet capture and tcpdump on Palo Firewalls
• Create Packet Capture and Analyze PCAP files with Wireshark to explore capture files and examine Data.
• Monitored, reported and Explore Sessions, App-scope and Application Command Center (ACC)
• Analyzing logs on Panorama
• Created Address and Address Groups, Service and Service Groups objects, Dynamic address groups, Tags and Custom Application.
• Created External dynamic list using mine meld auto focus
• Monitored Palo Alto firewalls using SolarWinds and Nagios
• Experience with Firemon and Skybox to optimize the Firewall policy and creating different network reports.
• Experience with logging and reporting tool Splunk for Palo Alto logs
• Experience with Security groups in AWS and Azure Cloud
• Worked with application team to migrate application from data center to AWS and Azure clouds to open firewall rules on Palo Altos
• Managed VM firewalls in AWS and Azure
• Configured split tunneling for Global Protect VPN
• Experienced configuring and troubleshooting active/passive HA on Palo Alto Devices.
• Performing backups and upgrades from time to time on different type of firewalls mostly on Palo Alto and Checkpoint.
• Experience with Service Now Incident and Service Management tool.
• Support for Zscaler Web Security Service
• Configuration of web filtering and managed firewall services
• Configured Cisco Routers with routing protocol BGP, OSPF, EIGRP
• Hands on Experience Working with Cisco Nexus 7K,5K & 2K Switches.
• Experience working with BGP attributes such as Weight, Local-P, MED and AS-PATH to influence inbound and out bound traffic
• Implemented MPLS at Data Center edge for full VRF support Implemented BGP Routing for Internet Access.
• Implemented, configured BGP, converting OSPF routes to BGP (OSPF in local routing).
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Planned and Installed Standalone and Distributed firewall architecture
• Installed Security Gateway, Management Server and Smart Console
• Planned and implemented different networks such as internal, external and DMZ
• Created Stealth and Cleanup Rules also explicit rules for security of Network
• Performed Nating such Hide NAT and Static NAT
• Worked on Checkpoint Firewall Clusters of High Availability and load balancing
• Configured Site-Site VPN and Remote Site VPN on Checkpoint Firewall with R77 GAIA.
• Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
• Extensive implementation of firewall rules on R77 GAIA on daily basis using Smart Dashboard.
• Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone-based integration, and analyzing syslogs, and utilizing wild fire feature in Panorama 8 and above
• Understanding the JUNOS platform and worked with IOS upgrade of Juniper devices.
• Configuration, troubleshooting Checkpoint Firewall using R77 Smart View Tracker and Monitor.
• Worked on Algosec for firewall rule analysis and firewall rules cleanup.
• Collapsing the existing firewall rules and fine-tuning the firewall policies for better performance.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels on cisco routers for third party connectivity.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint, Cisco ASA, and Palo Alto firewalls.
• Performed web application penetration testing targeting OWASP top 10 using manual & automated tools. Identified design flaws, insecure handling and storage of credentials, and conducted source code audits
• Involved in the vulnerability assessment through the Nessus - PCI production scan and Veracode - static and dynamic analysis of the web applications and analyzing the false positives
• Involved in the Infrastructure testing for all the servers, load balancers using kali Linux tools
• Web Application testing for OWASP Top 10 vulnerabilitie Fuzzing the parameters, spidering the host, OWASP vulnerabilities through the Burp Suite, OWASP ZAP, DIR Buster.
• Involved in static code analysis using tools such as bandit, breakman and analysis results
• Tested applications using Burp Suite tools such as Scanner, Intruder, Repeater, Sequencer for active and passive scanning of applications.
• Experience creating policies and managing Cisco Identity Services Engine
• Experience with Cloud AWS EC2, VPC, Subnets, Routing Tables, Internet Gateway, IAM, Route 53, S3
• Work with application development teams to ensure that their applications are designed properly for interacting with AWS.
• Hands on experience in EC2, VPC, Subnets, Routing tables, Internet gateways, IAM, Route53, VPC peering, S3, ELB, RDS, Security Groups, Cloud Watch, SNS on AWS.
• Create AMI images of critical EC2 instances as backup.
• Configure and managing daily and hourly scheduled snapshots backup and Restore the data from snapshots if needed.
• Setup and manage security groups, VPC specific to environment.
• Manage Red Hat Linux and Windows virtual servers on AWS EC2.
• Work on AutoScaling, CloudWatch (monitoring), AWS Elastic Beanstalk (app deployments), AWS S3 (storage) and AWS EBS (persistent disk storage).
• Planning, deployment and tuning of Elastic search for Linux based infrastructure.
• Implemented and supported creating EC2 instances, S3 storage, Auto Scaling of instances and CloudWatch Monitoring based on requirements.
• Assigned and managed roles for users and groups by defining policies via Identity and Access Management.
• Configured web servers to enable caching, configured CDN application servers and load balancers.
• Deployed templates using Cloud Formation for the required environment.
• Configured networking with route tables, access control lists, firewalls, and NAT, HTTP and DNS.
• Configured AWS Virtual Private Cloud environment and networking inside the VPC.
• Worked with Glacier to archive old files as needed.
• Administered databases using RDS
• Specialize in deployment, migration, configuration and test automation using several automation tools and frameworks.
• Administrating and managing Qualys Guard tool.
• Generating monthly Vulnerability and Policy Compliance scan reports
• Creating and modification of policies in Qualys Guard as per client defined TSS standards and requirements.
• Worked on F5 BIG-IP Local Traffic Manager (LTM) to automate, and customize applications in a reliable, secure, and optimized way
• Programmed iRule in F5 BIG-IP device based on F5's exclusive to unprecedentedly control and directly manipulate and manage any IP application traffic.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTM, GTM, APM, ASM, AFM. Worked on software versions including 9.2, 11.4.1, 11.5.3.
• Dealt with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency and redirection of URL and F5 ASM cookies issues and configures ASM policies
• Strong production experience in managing F5 BIG-IP APM, ASM, AFM and LTM.Used F5 BIG-IP Local Traffic Manager (LTM) and provided a flexible, high-performance application delivery system to increases operational efficiency and ensures peak network performance for critical business applications.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
• Configuring various advanced features (Profiles, monitors, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital s, Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements
• Design and deployed F5 LTM and GTM load balancer infrastructure per business needs from the ground up approach.
• Configured F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Configured F5 GTM Wide IP, Pool Load Balancing Methods, probers and monitors recreating Http and https redirect VIP's to client from data servers.
• Experience with Cisco Meraki
• Experience in managing and adding policies in Cisco ISE
• Experience with 802.1x and its integration with Radius
• Configured RIP, OSPF and static routing on Juniper SRX routers.

Confidential, NJ

Senior Network Security Engineer

Responsibilities:

• Configuration of IPsec based VPN tunnels for site to site communication.
• Installation, Configuration and Troubleshooting of Checkpoint as well as Juniper and Cisco ASA firewalls in the DMZ, Third party etc
• Day to Day work involves managing and administering Juniper and Check Point Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Check Point Firewall policy provisioning in a Provider-1 NGX platform with multiple CMA's
• Juniper Firewall Policy management using NSM and Screen OS CLI
• Installation configuration and upgrade of Juniper SRX firewalls for third party connectivity.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Troubleshoot connectivity issues and Monitor health of the firewall resources as well as work on individual firewall for advanced troubleshooting.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Check Point, NSM Log viewer for Juniper Firewalls.
• Build Site to Site IPSec based VPN Tunnels between various client and business partner sites.
• Configure and administer Cisco ASA Firewalls (5585, 5550, 5540) and use command line CLI, Cisco CSM, ASDM for day to day administration.
• Build Failovers (Active - standby ) as well as ensure statefull replication of traffic
• Troubleshoot Firewall connectivity issues between Servers and Users as well as various third party, DMZ and internet zones.
• CSM Event Viewer as well as Packet Tracing and CLI based debug level logging.
• Perform Advanced NAT Operation including Static NAT, Identity NAT, Policy based NAT etc for third party connections.
• Access Policy provisioning and working with various application teams to identify firewall ports.
• IDS and IPS event management using CSM including signature updates for SSM Modules, IDSM.
• Configure AAA using Tacacs and Remote user Authentication using an RSA Secure ID (Two Factor Authentication). Extranet changes to Cisco 6513, 6509 and 7204 series devices including FWSM firewall changes, routing switching changes
• Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations,
• Configuring Layer 2 and Layer 3 in the third party zone including Vlan creating, spanning tree tuning, HSRP configuration, SVI (Switch Vlan Interface on 6500 Switch),
• Hands On experience Cisco IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
• Experience working with Juniper Routers (MX960, MX480, M320) and Switches (EX2400, QFX Virtual Chassis Switches) with BGP, OSPF, VSTP, MST layer 2 and layer 3 technologies
• Configured the VLANs, Hot Standby Routing Protocol (HSRP), Gateway Load Balancing Protocol (GLBP), GRE tunnels, access lists, and SPAN.
• Firewall Policy Provisioning and troubleshooting of Check Point Firewalls using Smart center based applications (smart dashboard, smart view tracker, smart view monitor etc)
• Cisco ASA Firewall OS upgrades to 8.x and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting,
• Firewall zoning including DMZ and other secure zones for application and database as well as internal traffic.
• Work with various Windows and Unix Platforms behind the firewall and implement security policies accordingly.
• Network based IDS/IPS event management and Signature Updates and making sure the false positives are filtered and investigate the critical alerts based on Source, Destination and Service.
• Support Data Center Migration Project involving physical re-locations.
• Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework. Maintain Configuration, Documentation (Visio's) and Records Management.
• Administrating and managing Qualys Guard tool.
• Vulnerability and Policy compliance check on all in-scope (SOX and Non-SOX) servers using Qualys tool
• Checking compliance and adherence to the client standards of the new built servers (P2P activities).
• Identifying possible threats and standards deviation by running monthly Policy Compliance and Vulnerability scans on all servers.
• Generating monthly Vulnerability and Policy Compliance scan reports
• Creating and modification of policies in Qualys Guard as per client defined TSS standards and requirements.
• Reviewing all pre-defined policies in Qualys Guard every month and setting new standards as and when required.
• Resolving daily tickets assigned to the team in HPSM.
• Coordinating with other teams for remediation of vulnerability and compliance scan failed controls.
• Working on exceptions and deviations related to Vulnerability Management and Policy Compliance controls.
• Troubleshoot issues in the servers during Qualys Guard scan activities.
• Raising cases and coordinating with vendor engineers for Qualys Guard tool related issues.

Confidential

Network Security Engineer

Responsibilities:

• Implementing security Solutions using PaloAlto PA 5000/3000, Cisco 5580/5540/5520 , Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
• Configuration and administration of firewalls, which includes Checkpoint, Cisco ASA, Palo ALto and Juniper Firewalls
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA 3000/PA 5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Configuration and Maintenance of Cisco ASA, ASA 5540, ASA 5520, ASA 5510 series firewalls.
• Configure Syslog server in the network for capturing and log's from firewalls.
• Provided tier 3 support for Checkpoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.
• F5 BigIP iRule programming and troubleshooting.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Worked on VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
• Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including crypto map, encryption domain, psk etc.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.
• Review daily log data gathered from various resources such as sensors, alert logs, firewall logs, content filtering logs.
• Monitor Intrusion Prevention System (IPS).
• Working on day-to-day service tickets to solve troubleshooting issues.
• 24x7 support.

Confidential

Senior Network Engineer

Responsibilities:

• Configured and troubleshooting BGP, OSPF, EIGRP, MPLS VPN, HSRP, VRRP QoS and Route Maps.
• Configured and maintaining Cisco 7200, 4400, 5000 and 6500 platforms.
• Troubleshoot connectivity issues involving VLAN's, OSPF, QoS etc.
• Support, monitor and manage the IP network.
• Performance monitoring of various applications and web servers to maintain quality of service and network stability.
• Maintained core switches, creating VLAN's and configuring VTP.
• Designed IP Addressing schemes, VLAN tables and Switch port assignments, Trunking and Ether-channel implementation.
• Designed IP addressing schemes, VLAN's, subnetting and trunking to meet requirements.
• Gained hands on experience with VLSM, STP, VTP, VLAN Trunking.
• Installed and set up Cisco routers and switches per deployment plans.
• Applied access lists and NAT configurations based on implementation guidelines.
• Designed and implemented IT security policies and networked backup systems.
• Documented and maintained technical diagrams, documented logical and physical topology, and other IT procedures.
• Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900
• Key contributions include troubleshooting of complex LAN/WAN infrastructure
• Configured Firewall logging, DMZs & related security policies & monitoring
• Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
• Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink-fast and Backbone-fast
• Establishing VPN Tunnels using IPSec encryption standards and also configuring and implementing site-to-site VPN, Remote VPN.
• Configured network access servers and routers for AAA Security (RADIUS/ TACACS+)
• Responsible for Configuring SITE TO SITE VPN on Cisco Routers between Head Quarters and Branch locations
• Implemented the security architecture for highly complex transport and application architectures addressing well known vulnerabilities and using access control lists that would serve as their primary security on their core & failover firewalls
• Active participation on operational support for routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
• Troubleshooting traffic passing managed firewalls via logs and packet captures.
• Strong working knowledge and troubleshooting of T1, T3, OC-3 and OC-12.
• Configuration and troubleshooting of EIGRP, OSPF, BGP.
• Extensively used TCP/IP tool like TELNET for remote login to the routers and SSH for secure login.

Confidential

Network Engineer

Responsibilities:

• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
• Commissioning and Decommissioning of the MPLS circuits for various field offices.
• Preparing feasibility report for various upgrades and installations.
• Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
• Installation of Routers, Switches, Firewall and Network Cables in datacenter.
• Providing support to networks containing more than 2000 Cisco devices.
• Performing troubleshooting for IOS related bugs by analyzing past history and related notes.
• Carrying out documentation for tracking network issue symptoms and large scale technical escalations.
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
• Worked on the security levels with RADIUS, TACACS+.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configured switches with port security and 802.1 xs for enhancing customer's security.
• Validate existing infrastructure and recommend new network designs.
• Created scripts to monitor CPU/Memory on various low end routers in the network.
• Configuring and troubleshooting multi-customer network environment.
• Involved in network monitoring, alarm notification and acknowledgement.
• Implementing new/changing existing data networks for various projects as per the requirement.
• Installed and maintained local printer as well as network printers.