SUMMARY:

• Cisco Certified Network Associate and Cisco Certified Network Professional.
• Implementing Zscaler in Production
• In depth knowledge of IPv4, Sub netting and TCP/IP, DHCP, DNS, SNMP protocols.
• Fine understanding of LAN and WAN technologies STP, VTP, HSRP, VRRP, MPLS, Ethernet
• Experience in configuring, troubleshooting and monitoring Cisco PIX ASA Firewalls, Switches and Routers and Palo Alto Firewalls.
• Certified on Zscaler ZCCA - IA and ZCCA-PA.
• Certified Tufin on TCSE 18.2.
• Effectively actualized iWAN innovation all the more then 1000+ site. Assumed a key job in Implementing QoS in Cisco and Juniper equipment dependent on client movement.
• Standard overhaul and upkeep of Infrastructure, Installing, designing, and keeping up Cisco Switches (2900, 3500, 7600, 3700 arrangement, 6500 arrangement) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800) Cisco Router and Switches, Juniper Routers and Firewalls, Nexus 9k,7k,5k and 2k, f5 BIG IP, Palo Alto Firewalls, Bluecoat Proxy and Riverbed Steelhead machines
• Engaged with usage and design group of SDWAN answer for the doctor's facility.
• Movement of MPLS condition to Cisco Meraki dependent on SD-WAN IPSEC VPN arrangement
• Arranged Client VPN and RSA Token ID advancements including Cisco's VPN customer by means of IPSEC
• Effectively took part Implementation and customization of client arrange.
• In charge of leading physical remote site reviews with Ekahau site study and prescient site studies.
• Arranged Cisco ASA/Juniper SRX firewall in HA Pair, relocated all the site to site VPN's from cisco switches, Palo Alto firewalls and netscreen firewalls to Cisco ASA and Juniper SRX. Establishment and investigating of firewalls like Cisco ASA and Juniper SSG/SRX firewalls. Learning and involvement with Cisco Firepower 9300 and 4120 Fire Sight.
• Introduced and arranged Meraki (MS250,MS210) and MR84, MR250.
• Introduced and arranged Cisco Meraki (MR66,MR18) remote Access focuses in the healing facility.
• Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• Experience with running Firewall reports and queries in FireMon, Check Point, VMINFO and Application Inventory Tool.
• Configured of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configured Client VPN and RSA Token ID technologies including Cisco’s VPN client via IPSEC
• Actively participated Implementation and customization of customer network.
• Designing, Provisioning and Installation of the Customer Sites in Oracle IPSA for MPLS Backbone.

TECHNICAL SKILLS:

Routers: Routers (2900, 3200, 3600, 3700, 3800, and 7200), Cisco ASR (1000 & 9000 Series)

Switches: Cisco L2 & L3 Switches (2900, 3560, 4500, 5000 & 6500), Cisco Nexus(9k,7K, 5K, 2K & 1K), Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series), ASA, PIX, FWSM, Netscreen,Meraki (MS250,MS210) and MR84, MR250

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

Proxy: Zscaler

Firewalls: Firewalls/VPNs ASA, Palo Alto, Cisco VPN, Zscaler VPN.

OS products/Services: DNS, DHCP, Windows (2000/2003, XP), UNIX, LINUX, Microsoft SQL Server 2000 and 2005, VMware.

Protocols/Services: Routing Protocols (RIP v1 & v2, IGRP, OSPF, EIGRP, BGP), QoS, HSRP, VRRP, TCP/IP, load balancer, Proxy servers, IPSec, MPLS, PPP, VoIP, SIP, H.323

Network Management Tools: Wireshark, Netflow Analyzer, HP OpenView, Cisco Works, Ethereal, OPNET, Solarwinds, Cisco ISE, NetSight, Cisco Prime Infrastructre.

Security Server Protocols: TACACS+, RADIUS

PROFESSIONAL EXPERIENCE:

Confidential, Fort Worth, TX

Network Security Engineer

Responsibilities:

• Certified on Zscaler ZCCA-IA and ZCCA-PA.
• Certified Tufin on TCSE 18.2.
• Replacing Checkpoint VPN and BlueCoat proxy with Zscaler and worked on implementing Zscaler in Production.
• Created Forwarding profiles in ZAPP Portal for the Groups to use based on the Authentication.
• Creating local admin ac for ZIA and ZPA for all the Security Group and the Operational folks.
• Configured Connectors along with Zscaler TAM And DAS team
• Created locations for each site once the GRE Tunnel is up on the respected location for the traffic flow.
• To granulize the traffic created Sub-locations for each site.
• Created URL category for each services based on the requests
• Created URL Policies for each URL Category Created.
• Created SSL Inspection Bypass for particular internal Sites
• Created Firewall Control Policies as per organization and requester choice.
• Created Hosted PAC Files based on the organization request what to be accessed before and after authentication.
• Added Network Services to the Firewall filtering in Administration
• Created IP&FQDN groups
• Support for Zscaler Web Security Service
• Configuration of web filtering and managed firewall services
• PAC file creation and GRE tunnel configuration
• Provided Desktop Support for internal users •Handle Service-Now tickets related to Cisco ASA & Zscaler, & VPN along with the connectivity issues and provide support when any issue is raised.
• Implementing and troubleshooting firewall rules in Cisco ASA 5525, 5580, Checkpoint R77.20 Gaia and VSX as per the business requirements.
• Troubleshooting firewall rules in Cisco ASA, Checkpoint, Zscaler.
• Upgraded Zapp Client to latest version Via ZIA Portal.
• Worked with OKTA on multi factor authentication on ZPA.
• Configured Nanolog Streaming Service for Firewall and Web to feed logs for Fireeye.
• Creating workflows for the operational team to follow based on the organization needs.
• Handling tickets via workflows created in Tufin.
• Adding devices to Secure track which are managed by the Security Team.
• Cleaning up device after the migration which are not under our maintainence.
• Created Site Migration FW list based on the location and a plan to do the changes.
• Worked on Global policies for each sites before and after the Migration.
• Configured Global policies for each sites before and after the Migration.

Confidential, Bedford, NH

Network Engineer

Responsibilities:

• Configured Virtual IPs and servers on F5 and associated pool and pool members to it.
• Monitoring Network on daily basics through Cisco prime.
• Involved in writing troubleshooting guidelines for MPLS VPN.
• Performed Troubleshooting and monitored routing protocols such OSPF, EIGRP & BGP.
• Involved in customer escalations and troubleshooting issues related to connectivity, STP, VLAN, Trunking, VTP, Layer 2/3 switching, Ether channels, Inter-VLAN routing, log messages, high CPU utilization and parameters that can degrade performance of network.
• Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Installation of new hardware as well as software systems for networks. (i.e. Cisco Prime Infrastructure and Data Center Network Manager (DCNM)
• IOS upgrades through Cisco Prime.
• Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• Provide senior technical and consultation associated with F5 systems or subsystems (LTM, GTM, and iRules)
• Setup Ciscoworks, Solarwinds Orion, Authentication Servers and Log servers
• Understand data flow through the Cisco CRS-1 Routing System
• Compliance check using Prime
• Deployed Cisco ISE 2.1 APEX Advanced with 1000 devices, Virtual WLC 8.1, Prime Infrastructure 3.1 and Plug and play GW 2.1
• Role - I am part of a team who took the lead in Installation of Cisco ISE, design of Load balancing environment in DC and DR with LTM and GTM. Configuration and troubleshooting BGP. Design of internal security Firewalls and Perimeter Firewalls. Worked on AWS cloud migration project. Worked on VOIP.
• Possess experience as an architect in deploying and managing security solutions like Cisco ISE and ACS.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Cisco ISE installation/configuration, integration of WLAN controllers with cisco ISE.
• Cisco Identity Services Engine (ISE) to simplify identity management across diverse devices and applications.
• Utilized Cisco ISE to authenticate Endpoints onto the network.
• Replaced NAC for wired and ACS for wireless with Cisco ISE
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Experience with Deployment, configuration, and maintenance of a Cisco ISE infrastructure to include TrustSec policies, Policy Admin, Monitoring, and Policy.
• Configured Cisco ISE for Domain Integration and Active Directory Integration.
• Adding new devices from Network to Prime Infracture.
• Implementation, working analysis, troubleshooting and documentation of NE architecture and assigning IPv4/IPV6 series
• Experience in working with Cisco and Aruba wireless.
• Upgrading WLC Devices and Access Points.
• Administration of Operations Remedy ticketing system to deliver customer support, services, installation, configuration, troubleshooting, customer assistance, and training in response to customer requirements.
• Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Config, Assigning dhcp profiles.
• Cisco Prime Infrastructure & WLC installation, configuration & deployment
• Configured ACL & NAT through CLI.
• Configuration and testing of Multicast for both IPv4 and IPv6 routing in Data Center Environment.
• Configure and deploy L2 / L3 protocols STP, VTP, PVST, Ether channels, VLAN, PVLAN, ISL trunk, OSPF, EIGRP, Static, BGP and MPLS, Redundancy protocols HSRP, VRRP and GLBP
• Provide solutions for Cisco Unified Wireless networking including LWAPP, Controllers, WCS management, WLSE, ACS, Location Services, WIDS, Secure Services Client, and Network Admission Control (NAC).
• Manage DNS, DHCP (Microsoft and Cisco IOS), Radius Server

Confidential, Dallas, TX

Network Engineer/Admin

Responsibilities:

• Implementing and maintaining cisco 2600,2800,2900,3600 Series Routers and 2900,3650,3750 Series Switches and Cisco 1252 and 1262 Access Points for various sites
• Provided deep application-aware network visibility and granular performance analytics that empower network administrators to rapidly isolate and remediate problems and improve the user experience using Cisco Prime.
• Enterprise level Cisco ISE administration, Cisco Prime configuration, troubleshooting and maintenance.
• Experience in Cisco ISE’s, Cisco Prime, SNMP tools (HP - Intelligent management center, SolarWinds, Wireshark), Infoblox.
• Supported the technologies like IWAN solutions, APIC-EM, prime Infrastructure and Cisco ASA.
• Provided deep application-aware network visibility and granular performance analytics that empower network administrators to rapidly isolate and remediate problems and improve the user experience using Cisco Prime.
• Handle Incident tickets & Service Requests related to Cisco ASA & Palo Alto firewall, & VPN along with the connectivity issues and provide prompt support when any issue pops up.
• Implement DMZ for multiple clients of the state on the Palo Alto/ ASA firewall.
• Analyze of firewall logs, Provide administrational and Monitoring Support, Dynamic Updates for Palo Alto 5050 Firewall & Cisco ASA 5555, 5585.
• Implementing and troubleshooting firewall rules in Cisco ASA 5525, 5580, Checkpoint R77.20 Gaia and VSX as per the business requirements.
• Implemented TCP/IP and related services DHCP/DNS/WINS.
• Installing and configuring F5 Load balancers and firewalls with LAN/WAN configuration.
• Troubleshooting F5 Load balancers, Cisco Nexus switches, Riverbed WAN Optimizers, Cisco ASR1000 series
• Troubleshooting firewall rules in Cisco ASA 5525, 5580, Checkpoint R77.20 Gaia and VSX as per the business requirements.
• Configuring and troubleshooting F5 LTM/GTM, F5 BIG IP, F5 BIG-IP LTM, F5 BIG-IP GTM, •F5-ASM, APM, Creating irules, Virtual servers, Pools, Nodes with health, Profiles, SNAT, SSL and iApps. Cleanup work for F5 Load Balancer like unused pool, unbound VIP and Unused Real Server
• Installed and configured Meraki (MS250,MS210) and MR84, MR250.
• Installed and configured Cisco Meraki (MR66,MR18) wireless Access points in the hospital.
• Utilized Cisco ISE to authenticate Endpoints onto the network.
• Worked on Meraki firewalls, switching and wireless, including support for ISE, QOS, and SDWAN on these devices.
• Established and maintain IPSec-based connectivity with external vendors.
• Configuration and providing management support for Palo Alto and Checkpoint Firewalls (R75, R76 and R77).
• Configuration, Troubleshooting, and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Managed Infoblox Grid Manager to manage DNS Forward and Reverse Lookup zones.
• Responsible for conducting physical wireless site surveys with Ekahau site survey and predictive site surveys.
• Configured VLAN trunking with Palo Alto interface .
• Configured routes on Palo alto firewalls 3060, 5060
• Configuring user's roles and policies for authentication using CiscoNAC and monitoring the status of logged users in network using Cisco ISE.
• Worked on Cisco ISE services to manage network devices. Setup licensing, logging, monitoring and troubleshooting.
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Worked on implementation of Cisco ISE (V2.2), Trust Sec to provide secure access solutions to the devices in the ICS/SCADA network. Worked extensively on configuring NAC solutions like 802.1X, MAB, RADIUS, TACACS+.
• Experience with Cisco Identity Services Engine (ISE).
• Experience in Cisco ISE’s, Cisco Prime, SNMP tools (HP - Intelligent management center, SolarWinds, Wireshark), Infoblox.
• Managing and configuring Cisco ESA, WSA, ASA and Firepower devices independently.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Movement of MPLS condition to Cisco Meraki dependent on SD-WAN IPSEC VPN arrangement
• Arranged Client VPN and RSA Token ID advancements including Cisco's VPN customer by means of IPSEC
• Oversee organization and testing of code refreshes for remote frameworks, for example, WCS, WiSM, and WLC.
• In charge of leading physical remote site reviews with Ekahau site study and prescient site studies.
• Leading area based, VoIP and Data Wireless site studies for 3 doctor's facility.
• Arranging and investigating F5 LTM/GTM, F5 BIG IP, F5 BIG-IP LTM, F5 BIG-IP GTM, •F5-ASM, APM, Creating irules, Virtual servers, Pools, Nodes with wellbeing, Profiles, SNAT, SSL and iApps. Cleanup work for F5 Load Balancer like unused pool, unbound VIP and Unused Real Server
• Introduced and arranged Meraki (MS250,MS210) and MR84, MR250.
• Introduced and arranged Cisco Meraki (MR66,MR18) remote Access focuses in the healing facility.

Confidential, San Diego, CA

Network Engineer

Responsibilities:

• Worked in Administration of L2 advances like VLANs, VTP, Trunking, RPVST, Inter-VLAN directing, Ether diverting, and Switch port Security on Access Layer switches.
• Performed Break Fix bolster through heading to various structures, recognizing the underlying driver of the equipment issues with switches, organize gadgets.
• Making BGP multi-homed arrange utilizing BGP properties like AS-PATH, MED and nearby inclination according to nature.
• Helped in repetition components for multi homed Border Gateway Protocol (BGP) organize by tuning AS-way for different system sections.
• Setup and organization of firewalls, which incorporates Checkpoint, and Cisco ASA firewalls.
• Have understanding as a designer in sending and overseeing security arrangements like Cisco ISE and ACS.
• Configuration, Troubleshooting, and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Implemented Zone-Based Firewalling and security rules on the Palo Alto Firewall.
• Security policy review and configuration in Palo Alto and JuniperSRX Firewall in US offices and Datacenter.
• Looked after TACACS+/RADIUS Servers for AAA validation and User confirmation.
• If VPN administrations to site-to-site and, Remote access VPNs utilizing IPSec burrowing.
• Implementing IP network build-outs and provide Tier2/3 operational production support in a mixed Cisco Router/Switch/Wireless, ACE/GSS/NetScaler Load balancer, Riverbed Steelhead
• Implemented WLAN Aruba Wireless Access Points and its Controllers at various corporate sites fort 11n Infrastructure and its legacy technologies.
• Configured BGP, OSPF and VRF on Cisco routers.
• Network automation by Scripting in Python
• Configured Client VPN technologies including Cisco's VPN client via IPSEC.
• Configure, monitor and troubleshooting Checkpoint and Cisco ASA firewalls, site to site VPN tunneling using Cisco ASDM and coordinating with ISO team to manage ACLs using FireMon.
• Configuration and troubleshooting of Cisco catalyst 6509,7613 with supervisor cards
• Windows Active Directory 2008/2012 administration
• Configure Hyper-V, DNS, DFS, AD/Exchange replication, Symantec Backup Exec 2010, Packet Trap, Solarwinds, and N-able monitoring. Edge Security design and implementation of Cisco ASA security appliances with Firepower services.
• Serve as the customer’s go-to resource for all matters related to the Palo Alto next-generation firewall.
• Deliver best practices guidance for managing Palo Alto Networks firewalls.
• Configuring, maintaining and troubleshooting of Net Screen, Palo Alto, and Firemon Firewalls.
• Designing and Implementing firewall rules and modifying existing rules in PaloAlto, CiscoASDM, JuniperSRX and checkpoint firewalls.
• Working experience on Pa-5020, Pa-3020 series Palo Alto firewalls and Panorama.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Likewise worked with the physical server relocation to AWS server farm. Engaged with planning and execution of AWS system and availability among physical and AWS DC.
• Setting up MPLS Layer 3 VPN cloud in server farm.
• Deciding the usefulness with the DNS naming traditions and relocations from old load adjusting conditions to the F5 condition both 10.x and 11.x.
• Involvement with plan and organization of MPLS Layer 3 VPN, MPLS Traffic Engineering, MPLS QOS.

Confidential

Network Engineer

Responsibilities:

• Configuring various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Involved in customer escalations and troubleshooting issues related to connectivity, STP, VLAN, Trunking, VTP, Layer 2/3 switching, Ether channels, Inter-VLAN routing, log messages, high CPU utilization and parameters that can degrade performance of network.
• Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Designed Configured, Installed, and Maintained and provided T-Shoot the network infrastructure for Cisco platform for more than 300 devices i.e. 2800, 3600 series Routers and switches for office and for various Customers.
• Migration of RIPv2 to OSPF, BGP routing protocols.
• Configured EIGRP for Lab Environment.
• Configured RSTP, LACP and VTP on Cisco devises.
• Created VLAN and Inter-VLAN routing with Multilayer Switching.
• Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• Configured Client VPN and RSA Token ID technologies including Cisco’s VPN client via IPSEC
• Actively participated Implementation and customization of customer network.
• Designing, Provisioning and Installation of the Customer Sites in Oracle IPSA for MPLS Backbone.
• Provide senior technical and consultation associated with F5 systems or subsystems (LTM, GTM, and iRules

Confidential

Jr. Network Engineer

Responsibilities:

• Installed and maintained software through group polices.
• Configured, managed File server, Printer server on the network.
• Configured and managed domains on Windows 2003/2008 platforms.
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
• Involved in Troubleshooting IP addressing Issues and Updating IOS Images using TFTP.
• Other responsibilities included documentation and support other teams
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support
• Created VLAN& Inter-VLAN Routing with Multilayer Switching.
• Performed Celerra administration NTP, SNMP, SMIP and TELNET.
• LAN Cabling in compliance of CAT5 standards.
• Assisted in Troubleshooting LAN connectivity and hardware issues in the network of 100+ hosts.
• Involved in monitoring the performance of the network, thereby identifying the bottlenecks in the network, troubleshooting the connectivity problems using Ping, Trace route, and Telnet.
• Involved in troubleshooting IP addressing issues and Upgrading IOS images using TFTP.