SUMMARY

• 8+ years of experience in Networking and Security which includes designing, Deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols.
• Hands On experience Cisco IOS/IOS - XR/NX-OS, for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS. Voice/data circuits, routers/switches, and cellular technologies.
• Experience in AWS and Azure firewalls.
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, Firewalls.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
• Responsible for Check Point, Palo Alto and Cisco ASA firewall administration across global networks.
• Hands on experience on Nexus 7000, 5000 and 2000 switches.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Troubleshooting on network problems with Wireshark, identify problem and fix.
• Perform root cause analysis on the problems coming across Project execution.
• Firewalls, Network appliance administration and/or configuration.
• VPN technologies including B2B VPN and Remote Access VPN and SSL VPN.
• Cyber security for critical infrastructure Nuclear, Oil, & Gas (SCADA/NERC CIP)
• Information Security Auditing Etc. Technical agility - ability to quickly learn new technical fields.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating, authentication controls (Radius, TACAACS+)
• Knowledge in preparing Technical Documentation and presentations using Microsoft VISIO/Office.
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
• Good knowledge and experience in Installation, Configuration and Administration of Windows Servers

TECHNICAL SKILLS:

• Cisco Routers: Cisco GSR 12416, 12418, Cisco 7200vxr, Cisco 3640, Cisco 3600
• Redundancy and management:: HSRP, RPR, NSF/NSR
• Network Configuration:: Advanced switch/router configuration (Cisco IOS access listRoute redistribution/propagation).
• Routing Protocols:: IGRP, EIGRP, OSPF, BGPv4, MP-BGP
• WAN Protocols:: HDLC, PPP, MLPPP
• Load Balancer:: Cisco CSS, F5 Networks.
• Packet Switched WAN:: ATM, FRAME RELAY, MPLS VPNs
• Security Technologies: Cisco ASA Firewalls 55XX, IPSEC & SSL VPNs, sourcefire IPS/IDS, DMZ SetupCisco NAC, ACL, IOS Firewall features, IOS Setup & Security Features.
• Physical interfaces:: Fast Ethernet, Gigabit Ethernet, Serial, HSSI, Sonet (POS)
• Layer 2 technology:: VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVST
• Layer 3 Switching:: CEF, MLS, Ether Channel
• Switches:: Catalyst 6500, MSFC, MSFC2, 7600, 3700, 3500
• Operating Systems:: Microsoft XP/Vista/7, UNIX, Linux. Windows Servers 2003/2008 Windows MS-Office.

PROFESSIONAL EXPERIENCE:

Confidential, Bartlesville, OK

Sr. Network Security Analyst

Responsibilities:

• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 55XX/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Plan Design and assist in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Worked on CISCO ASA 5500 series Firewalls (5510, 5550, and 5585) for various application accesses for Application Vendors and Offshore implementation teams.
• Creating and implementing security policies based on network traffic analysis for internet firewall.
• Performing the ACL requests change for various clients by collecting source and destination information from them.
• Securing AWS VPC, EC2 instances. And creating or adding Inbound on Outbound Rules and security groups on AWS.
• Configuration and managing ipsec tunnels to AWS.
• Configuring AWS WAF (Web Application Firewall).
• Provided detailed status updates on existing cyber security incidents daily to include follow up with client/customer to ensure satisfactory resolution.
• Monitored a worldwide network for cyber security events and anomalies using a variety of tools such as Site Protector, Net Witness, and Splunk.
• Worked with the SourceFire IDS/IPS to update devices and perform health checks.
• Used CSM (Cisco Security Manager) and Cisco ASDM (Adaptive security Device Manager) for Production Firewalls and VPN devices maintenances.
• Configure and support B2B VPN Tunnels with 3rd parties and service providers.
• Created 270+ DMZ environments in 70 + different firewall.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Migrated application specific firewall rule while moving server from one Data Center to another.
• Extensive use of Excel to scrub existing ACL before implementing in new Data Center.
• Helped new onshore and offshore engineers to come on board and guided them throughout the migration event.
• Worked with server team, datacenter team, application owner during change implementation.
• Standard documentation of procedure, raised multiple change request, followed up for approval - Technical and Business Approvals.
• Created new DMZ and migrated 50K firewall rule along with respective NAT in Cisco FWSM and ASA.
• Troubleshooting application and database related firewall issue based on logs and captures.
• Working with escalated security incidents and firewall requests as well as support business 24X7 with on call rotation.
• Perform responsibilities of carrying out audits and security assessments, incident management and penetration testing.
• Handling Trouble Ticket management, Incident management, change management. Direct Customer interaction that involves the processes like changes in the configuration as per their requirements.
• Review and validate firewall port open, requested by business line and provide Network Security approvals.
• Responsible for Checkpoint firewall management and operations across our global networks. Worked with Checkpoint Support for resolving escalated issues.
• Implementing and administrating a Security and Information Event Management (SIEM) solution (QRADAR) to automate the correlation of I-Series, Windows and network devices. Utilized QRADAR for internal and External IDS, in addition to Cisco IPS.
• Set up the permissions in Tufin secure track to view the access rules on firewalls.
• Upgraded Tufin from TOS2.4 to TOS2.7 resolved bash and shell vulnerabilities and remediated logging issues with Secure Track.
• Feature of Tufin SecureTrack to review the permissiveness of rules within the selected firewall and determine risk level.
• Supporting RSA SecureID users through troubleshooting specific access issues.
• Setup of Central Panorama console to manage Palo Alto firewalls 3020, 3050, 5020 & VM-200 models.
• Coordinate with Vendor to build VPN tunnel - GRE, IPSEC and troubleshoot issues.
• Multipoint VPN: IPSec, IKEv2, DES, 3DES, AES (-128, -192, -256), Pre-Shared Key, X.509v3, MD5, SHA-1, NAT-T, firewall rules for each VPN connection, configuration assistance via web interface, remote-controlled activate/ deactivate connection.
• Configuring and troubleshooting B2B and Remote site VPN for corporate users & vendors
• Renew SSL s on firewalls for expiring s.
• Worked on Cisco 3560 series and 2950 series switches used for store networks. Configured and troubleshoot VLAN, VTP, STP and Trunks.
• Annual Firewall Rule Reviews
• Migrating firewalls from cisco ASA to Checkpoint.
• Resolving incident ticket and Request queue.
• Opening and closing the ports based on business requirement.
• Involved in Cisco ASA IOS code upgradation.
• Pushing policies in Zone Based Firewalls using CSM.
• Involved in security audit of more than 250 firewalls.
• Creating and updating network diagram using Microsoft Visio.

Confidential, Pataskala, OH

Sr. Network Security Engineer

Responsibilities:

• Configured, implemented, and troubleshoot routers and switches with various account settings, Permissions, and parameters including security firewalls.
• Analyzing firewall change requests and integrating changes into existing firewall policies while maintaining security standards.
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms.
• Applied ACLs for Internet access to the servers using Checkpoint firewall, performed NAT.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Checkpoint Firewalls.
• Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Decide on what to remediate and what to risk accept based on business risk appetite and security requirements.
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst
• Implementing and maintaining backup schedules as per the company policy
• Experience with design and implementation of Data center migration at NBC Universal
• Configuring MPLS on large networks, configuring L2, L3 VPN.
• Experience in working with Nexus 7010, 5548, 5020, 2148, 2248 devices.
• Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
• Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Configuration and extension of VLAN from one network segment to other segment between Different
• Configuring Vlan’s, VTP’s, enabling trunks between switches.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Attending meetings and technical discussions related to NOC changes.
• Experience working with Nexus 7010, 7018, 5020, 2148, 2248 devices.
• Experience working with High performance data center switch like nexus 7000 series
• Performed Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Config, Assigning dhcp profiles.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Created Firewall rules on Checkpoint Firewalls version R62, R65 and R71 for vendors and VPN access to citrix and other applications. Created and developed reports using Algosec/Checkpoint for requestor.
• Multipoint VPN: IPSec, IKEv2, DES, 3DES, AES (-128, -192, -256), Pre-Shared Key, X.509v3, MD5, SHA-1, NAT-T, firewall rules for each VPN connection, configuration assistance via web interface, remote-controlled activate/ deactivate connection.
• Designed MPLS VPN and QoS for the architecture using Cisco multi-layer switches.
• Implementing COS and QOS features on cisco switches.
• Configured IPSEC VPN on SRX series firewalls.
• Juniper Netscreen, Fortinet Firewalls, Juniper SRX Installing Juniper SA SSL VPN, Cisco any connect VPN, Cisco VPN Concentrator for remote access VPN.
• Provide 24/7 support and documenting network Security designs and Microsoft Visio diagrams.

Confidential, Hoboken, NJ

Network Security Engineer

Responsibilities:

• Implementation and configuration of ASA 5520 in failover with site site-to-site VPN and RA VPN
• Implemented clientless ssl vpn on ASA 5500-x platforms
• Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS
• Worked on ASA and ASDM configuring the ACL’s and monitoring.
• Worked on ASA routed mode and transparent mode
• Worked on ASA 5500-x platform configuring the web, ssl, anyconnect VPN’s.
• Configured and troubleshoot Cisco PIX, ASA, FWSM, ACE, Nexus 1000v, and Juniper platforms in a multi-tenant infrastructure.
• Designing and deployment of Partner IPSEC VPN tunnels.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Deploying and decommissioning Cisco switches and their respective software upgrades.
• Involved in Firewall Administration, Rule Analysis, and Rule Modification.
• Troubleshoot traffic passing managed firewalls via logs and packet captures.
• Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices.
• Experience configuring Virtual Device Context in Nexus 7010
• Experience in Configuring, upgrading and verifying the NX-OS operation system.
• Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Performing the ACL requests change for various clients by collecting source and destination information from them.
• Gathering details from customers and providing best security infrastructure solutions with F5 load balancers, Check Point/Netscreen firewalls and Blue Coat proxies
• Created various B2B environments using Blue Coat proxies.
• Troubleshoot logging issues with (Tufin) Secure track.
• Configured permissions in Tufin secure track to view the access rules on firewalls.
• Performing troubleshooting on slow network connectivity issues, routing issues that involves OSPF, BGP and identifying the root cause of the issues.
• Configure Corporate, Wireless and Lab Devices which includes Bandwidth Upgrade, Adding New Devices, Decom the Devices, Testing( Pilot ) .
• Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the ip addresses from Subnet.
• Troubleshoot the Network Issues onsite and remotely depending on the severity of the issues.
• Familiar with various MSIT Tools to check Networking Connectivity, Testing, Configuration and Adding or Removal of IP address blocks, Decoming or Adding the Devices.
• Created Visio Dean / Visio Documentation to give complete picture of network design for each building.

Confidential, Boston, MA

Network Security Engineer

Responsibilities:

• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Configured Standard and Extended Access Control Lists (ACLs) and Firewalls
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst
• Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series.
• Experience with design and implementation of Data center migration at NBC Universal
• Cisco products/hardware including Nexus 9k, 7k, 5k and 2k switches.
• Data center migration was involved in Access, Distribution and Core layers.
• Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Configuring Vlan’s, VTP’s, enabling trunks between switches.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Performed Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Config, Assigning dhcp profiles.
• Firewall rules (incoming/outgoing, modem access, management), IP Masquerading, 1-to-1 NAT, DoS Limiter, MAC-Filter, user firewall for ext. activation of FW-rules.
• Experience deploying BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application
• Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with PIX Firewalls
• Configure VLAN Trunking 802.1Q, STP, and Port Security on catalyst 6500switches.
• Install and maintain routers and switches in various network configurations supported VLANs, and advanced ACL.
• Excellent in documentation and updating client’s network documentation using VISIO.

Confidential, Houston, TX

Network Engineer

Responsibilities:

• Troubleshoot traffic passing managed firewalls via logs and packet captures
• Configured and resolved various OSPF issues in an OSPF multi area environment.
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
• Worked with telecom vendors in regards to network fault isolation.
• Hands-on experience with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP addressing.
• Configured CIDR IP RIP, PPP, BGP and OSPF routing.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Identify, design and implement flexible, responsive, and secure technology services
• Experience with Firewall Administration, Rule Analysis, Rule Modification
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configured egress and ingress queues for ISP facing routers using CBWFQ.
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
• Configuration and troubleshooting of Cisco catalyst 6509, 7613 with supervisor cards.
• Experience with implementing and maintaining network monitoring systems (Cisco works and HP Open view) and experience with developing complex network design documentation and presentations using VISIO
• Estimated Project costs and created documentation for project funding approvals.

Confidential

Network Administrator

Responsibilities

• Involved in implementation of trunking using Dot1Q, and ISL on Cisco Catalyst Switches.
• Involved in Local Area Network (LAN) design, troubleshooting, and maintenance as per company’s requirements.
• Worked with snipping tools like Ethereal to analyze the network problems.
• Maintenance and troubleshooting of network connectivity problems using PING, Trace Route.
• Performed replacements of failed hardware and upgraded software.
• Configured VLANS to isolate different departments.
• Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
• Used TFTP server to backup Cisco configuration files.
• Network layer tasks included configuration of IP Addressing using FLSM, VLSM for all applications and servers throughout the company.
• Performed scheduled Virus Checks & Updates on all Servers & Desktops.
• Implementing Routing and Switching using the following protocols; IS-ISOSPG, BGP on Juniper M series routers.
• Design, installation and troubleshooting networks with hand-on experience with OSPF, ISIS, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering.
• Configured STP for loop prevention on Cisco Catalyst Switches.
• Configured VTP to manage VLAN database throughout the network for Inter-VLAN Routing.
• Worked in setting up Inter-VLAN routing, redistribution, access-lists and dynamic routing.
• Involved in configuring and implementing of Composite Network models consists of Cisco 3750, 2620 and, 1900 series routers and Cisco 2950, 3500 Series switches.
• Implemented various Switch Port Security features as per the company’s policy
• Configured RIP, and EIGRP on 2901 and 3925 Cisco routers.
• Provided technical support for expansion of the existing network architecture to in corporate new users