SUMMARY:

• CCNA, CCNP Certified professional with 8.3 years of experience with networking installations, Configurations testing, troubleshooting, implementing, optimizing, maintaining enterprise data network and service provider systems.
• Experience in TCP/IP networks, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), firewalls, switches, network monitoring and sniffing, VPN systems, Windows and Linux environments, Active Directory, encryption schemas and algorithms, various authorization and authentication mechanisms/software, and vulnerability and threat management tools (including network based scanners).
• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
• Expert in configuring and troubleshooting of VPN gateways and proxy servers.
• Used WildFire to prevent zero - day attack s, IDS/IPS to reduce the attack vector.
• Worked on FireEye platform for IDS solutions.
• Configuring and managing Authentication servers RADIUS & TACAS+ and their integration with Firewalls.
• Implementing Security Solutions in Juniper SRX and NetScreen SSG firewalls.
• Configured Standard and Extended Access Control Lists (ACLs) on Firewalls.
• Expertise in configuring and monitoring Checkpoint firewalls through Smart Dashboard and Smart View Tracker Applications.
• Implemented MPLS, IPSEC and GRE tunnel .
• Configured and maintained SSL VPN's on Palo Alto and Cisco ASA Firewalls.
• Experience on maintaining F5 Big-IP (LTMs & GTMs), Cisco ACE 4710.
• Configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP and Static on Cisco (7200, 3800), Juniper (MX240, MX480) series routers.
• Worked on Cisco catalyst switches (9410, 9300) series, Nexus (2k, 5k & 7k) series, FortiSwitch (1048D/ 3032D) and Juniper (EX2300/ EX3400).
• Experience in centralized management system ( Panorama ) to manage large-scale Palo Alto firewall deployments.
• Working experiences with Routers, Switches, Load Balancers, Firewalls, and Proxies.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Strong experience in configuring routing protocols (RIPv1/2, IGRP, EIGRP, OSPF, BGP), IEEE 802.11, switching (VLANS, VTP Domains, STP and Trunking).
• Extensively worked with configuration of Network and Security devices such as Cisco routers and switches (Cisco 7K/3K/Nexus 9K/7K/5K), Firewall (Checkpoint 3K, 5K and Cisco FWSM), Load Balancers, DNS and IP Manager (Infoblox).
• With an intimate understanding of BMC’S Remedy ticketing system and its ITSM Dashboard tool, was also part of incident documentation and reporting to Tier II/III of events and incidents used to track enterprise trends and outages that affected operations on a global scale.
• Hands on experience on Cisco Routing, Switching and Security with Cisco hardware/software Cisco Catalyst 6500, 4500, 3500, 3750, 2900 XL series switches, Cisco 1800, 2600, 2800, 3600, 3800, 7200 series routers.
• Experience with Fortinet Firewall, Forti Manager and Forti Analyzer
• Experience in configuring and troubleshooting route Re-distribution between Static, RIP, EIGRP, OSPF, and BGP protocols and in Route Manipulation.
• Hands on Juniper SRX configurations on various platforms of Junos .
• Firewall Migrations from Legacy to Palo Alto firewalls using migration tool from PAN
• Extensive knowledge on configuring and troubleshooting STP, PVST, RSTP, MSTP, VLAN, Inter-VLAN routing, Trunking (802.1q & ISL), Port channels (LACP & PAgP).
• Experienced in working on network monitoring tools like SolarWinds, Nagios, NetFlow, Sniffing tools like Wireshark and Tcpdump.
• Used Lucidchart for design diagrams.
• Knowledge on creating Laserfiche Workflows, Repositories for Record Management, Business Processes, and Users.
• Expert level knowledge on OSI and TCP/IP models.
• Used PKI for certificate delivery to company owned devices like laptops.

TECHNICAL SKILLS:

Protocols& Standards: LAN, WAN, WLAN, VRF, VDC, TCP/IP, NAT, PAT, MPLS, DMVPN, IPv4, IPv6, VPN, L2TP, IPSec / ISAKMP, IKE, VoIP, VSS, OSPF, OSPFv3, EIGRP, BGPv4, VLANs, Layer 3, Switching, HSRP, GLBP, VRRP, QoS, TACACS+, RADIUS, 802.1X, PKI, LDAP, POE

Cisco Platforms: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series) Huawei AR series Routers

Juniper Platforms: M, J and MX Series Routers, EX2300 and EX 3400 Switches.

Access: lists, Routing, Switching, Subnetting, Designing, IPsec, VLAN, VPN and Wireless Technology

Firewalls: Checkpoint, Cisco ASA, Palo Alto, Juniper

IKE, IPSEC, SSL: VPN

Load Balancers: F5 Networks (Big-IP) LTM 8900 and 6400.

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3

Network Tools: IBM ITNM, Splunk, Stealth Watch, Solar Winds, SNMP, Cisco Works, Wireshark

Networking Protocols: RIP, OSPF, ISIS, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA

Operating System: Windows 7/XP, Windows Server 2008/2003, Linux, UNIX

WORK EXPERIENCE:

Confidential, Alpharetta, GA

Network Security Engineer

Responsibilities:

• Extensively worked on virtual F5 LTM module on VMware for application testing.
• Worked on multi-vendor load balancers including F5 Big IP LTM, Cisco ACE and VMware NSX between multiple centers.
• Design and deployed F5 LTM and GTM load balancer infrastructure per business needs from the ground up approach.
• Configured Static, Dynamic Load Balancing and priority-based pool-member activation to manipulate load on servers on F5 Big IP LTM Load Balancer.
• Provided application level redundancy and availability by deploying F5 load balancers LTM.
• Experience in working and designing configurations for VPC, VPC Domain, Vpc peer-gateway, VPC peer-switch, auto-discovery, VPC single sided, VPC double sided, NX-OS, Vfr, Otv, fabric path.
• Implementing and Maintaining Network Management tools (OPAS, Solar Winds, Cisco Works)
• Experience Configuring and troubleshooting multivendor devices like Cisco ASA 5585, 5550, 5540, Juniper SRX series for Branch/Datacenter Setup
• Worked Meraki Heatmap to pickup trends within the client traffic Upgraded multiple Meraki Firewalls, Switches and Access points to their latest stable version
• Deployed SDN networks such as Cisco Meraki SDN solution using MX and MS routers and switches technologies.
• Upgraded multiple Meraki Firewalls, Switches and Access points to their latest stable version.
• Worked on Juniper MX-960, MX-480, MX-240, MX-104, MX-80 routers and EX4600, EX4300, EX4200, EX2300, EX2200 Switches
• Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
• Implementation firewall rules for checkpoint (adding and removing of firewall rules depending on the requirements)
• Involved in configuring Juniper SSG-140, Cisco ASA firewall, and Checkpoint firewall.
• Deployed VXLAN on the Nexus 9000 to map the physical VLANs to the Virtual Overlay VLANs.
• Worked on Bridge Domains, VXLANs, VTEPS, and VNID. Configuration of routing using BGP among multiple Leaf to spine switches.
• Worked to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall.
• Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
• Worked on wild fire advanced malware detection using IPS feature of Palo Alto.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Maintained and created scripts in Python that assisted in pulling in the necessary data to meet audit and reporting requirements.
• Created Virtual Networks, Subnets and Virtual network gateways in Azure with Powershell scripting.
• Establish AWS technical credibility with customers and external parties.
• Worked on AWS to Corporate connectivity and AWS EC2, Auto scaling, NAT Gateways
• Managed and configured AWS functionalities( AWS VPN, IAM, VPC, ELB.EC2)
• Experience in working with Nexus 7010, 5548, 5020, 2148, 2248 devices.
• Involved in Configuration and Implementation of Juniper SRX Firewalls across various new Branch sites as a part of tech refresh.
• Experience in configuring VDC, FEX pinning, FEX port-channel, port-channel, peer keep alives on Nexus Devices.
• Designed and configured the commands for QoS and Access Lists for Nexus 7K and 5K.
• Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
• Deployed Cisco WSA proxies and installed base policies using WCCP in multi-context ASA firewall environment.
• Worked on F5 BIG-IP Application Security Manager (ASM) web application firewall ( WAF), deployed in more data centers enterprise WAF with advanced firewall capabilities.
• Reviewing, analyzing, approving and executing all changes in the network. All Configurations of Cisco Routers and Switches.
• Worked on Citrix NetScaler and F5 LTM (6900 and 7250 series) and GTM (7000 series) VIP configuration.
• Administered Citrix NetScaler load balancers for Radius and web traffic.
• Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
• Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to primary, remote site offices and VPN client users
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
• Focused on working with Cisco Channel partners to build practices around Cisco ACI.
• Involved in testing and production support of cisco ACI Data center in network centric mode.
• Develop designs, Proof of Concept and implementations for FortiGate and FortiAuthenticator.
• Documented the implementation of FortiGate, FortiAuthenticator and Nexus switches.
• Responsible for procurement and installation of Hardware, network drives and other IT infrastructure. Documented the design, implementation and troubleshooting procedures with Method of Procedure (MOPS).

Confidential, Pleasanton, CA

Network Security Engineer

Responsibilities:

• Involved in periodic IOS upgrades, troubleshooting network outages and high severity incidents.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long-term planning, implementation, project management and operations support as required.
• Creating or Modifying Firewall rules on Cisco 5555, 5520, Juniper SRX and Palo alto VM-300 devices.
• Used solarwind for Adding/removing devices on the Network
• Worked on physical and virtual networks to provide functionality on additional layers on VMware NSX.
• Worked with Host Master for shared web hosting and managed Web Application firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark.
• Worked on Cisco, Cisco - Meraki, HP, Aruba Networking devices.
• Worked with Netspot on doing a site survey for the new Meraki APs towards optimization of the Corporate and Warehouse WIFI Network.
• Upgrading the IOS on Network Devices including cisco 6800, 6500 and Palo Alto VM-300 devices
• Experience in working in panorama, Palo Alto user interface version 8.0.2 and VM-300 series firewalls.
• Creating templates in panorama to manage the individual devices from it.
• Configuring HA pair for two Palo VM-300 series AWS instance firewalls and testing the failover activity as well as ENI migration.
• Creating Network objects, dynamic address groups, FQDN and assigning it to rules based on the information in tickets
• Established BGP peering between onsite datacenter in California and AWS cloud.
• Worked on Network automation using Python
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall.
• Created and configured management reports and dashboards using Fortinet and FortiGate manager.
• Configuration included deploying of new branch locations or new network devices in the existing infrastructure. Like, 4500-X in VSS mode and 3850 switches for distribution and POE-user switches
• Troubleshooting the Network failure issues and thereby making the changes to Network Infrastructure.
• Worked on Migrating CSS to Citrix Netscaler Load balancers.
• Worked on maintenance and upgraded Cisco wireless WLC, LWAPP APs
• Troubleshoot issues with Wireless Access points (Cisco 3502) and configure SSID’s on 5520 Wireless LAN Controllers.
• Configuring Node, pool, VIP, SSL client, server profile in F5 LTM 4000 series Bigip and thereby adding firewall rule to bring the end servers live
• Created Application filters and URL categories in secure web gateway for the F5 APM feature as proxy solution.
• Troubleshooting when the servers are down, checking logs to identify the error and thereby taking necessary steps.
• Worked with Cisco advance services to implement data center Nexus environment for new Upgraded datacenter for the NX-OS in 7004 in core layer, 6880 in aggregation layer and cisco 6800 in access layer.
• Implemented the Core switch cut over project from Cisco 6509 to Nexus 7004 devices.
• Configured VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7k/5k devices
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Providing Technical Support and solutions for Network Problems and resolve tickets across sites and corporate offices.
• Creating custom URL profile based on the expressions and assigning it to rule to perform URL filtering.
• Configuring network interfaces, static routes, NAT rules in panorama and thereafter pushing to individual palo alto devices.
• Performing the software upgrade from version 7 to 8.0.2 on panorama and VM-300 series palo alto firewalls.
• Configuration included VLANs & VTP, STP port features, Gateway redundancy using HSRP, enterprise security using Cisco Port Security and Dot1X framework.

Confidential, Palo Alto, CA

Sr. Network Security Engineer

Responsibilities:

• Experienced with configuration and Maintaining of Palo Alto and Cisco ASA firewall.
• Skilled with configuration and implementation of NAT, Security Polices on Palo Alto (PA-5250, PA-3060) firewalls.
• Performed installs, configuration and troubleshooting on State-full inspection firewalls and inline/passive IPS/IDS.
• Responsible for ITIL Process Implementation.
• Worked on implemented Active/ Standby HA configuration on Palo Alto Firewalls.
• Implemented security profiles such as Threat prevention and PAN-DB in security policies on Palo Alto.
• Configured the security polices with App-ID and User-ID.
• Experience with configuring Palo Alto firewall using Wild fire feature.
• Worked on Centralized management using Panorama M-100
• Automated network implementations and tasks and designed monitoring tools using Python scripting
• Automated administration using PowerShell, Perl &Python scripting.
• Configuration and troubleshooting on Juniper EX4500 and EX8200 switches and MX series, SRX series universal edge routers.
• Migration of the firewall rules from Cisco ASA 55xx to Palo Alto firewalls.
• Worked on mitigation of DOS/DDOS attacks on Cisco ASA and Palo Alto firewalls.
• Expert Level knowledge on implementation of NAT/PAT.
• Worked on configuration of TACACS+, RADIUS and LDAP in Cisco ASA and Palo Alto firewall.
• Experienced with Configuration and maintained IPSEC and SSL VPN's on Palo Alto and Cisco ASA Firewalls.
• Configured and set up of Juniper SRX firewalls for policy mgmt. and Juniper SSL VPN's.
• Configuration and support of Juniper Netscreen firewalls.
• Experienced with configuration of SSL Offload on F5 Load balancer.
• Worked on configuration and implementation of VIP’s, High availability (A/S), virtual server and irules on F5
• Worked on network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters.
• Designed full meshed network deployments for no single point failure impact using different failover mechanisms.
• Configured and implemented routing protocols like BGP, OSPF and STATIC on Cisco 7200, 6500 Series routers and used WCCP for interactions between routers.
• Performed troubleshooting the issues that related to data flow through the Steelhead network.
• Troubleshooting complex LAN/WAN infrastructure that include routing protocols OSPF & BGP.
• Experienced with configuration of Access-lists, Distribution-lists and Route Redistribution.
• Configured MD5 authentication in routing protocols.
• Experienced with various BGP Attributes for path selection process by using Weight, Local Preference and AS-path prepend.
• Worked on configuration of stub area in OSPF.
• Implemented and configured Gateway Redundancy using HSRP and VRRP.
• Experienced with Nexus 2148 Fabric Extender, Nexus 5000 series to provide a flexible access for data center.
• Exposed to configuration of VDC, vPC and Fabric Extender on Nexus switch.
• Configured and implemented layer 2 protocols such as VLANs, STP, RSTP, MST, Port Security and Ether Channels (LACP and PAGP).
• Worked on implementation of VTP, Trunking, Inter VLAN routing on Cisco switches 4500, 3600 and Juniper EX2300 and EX 3400.
• Experience in implementing, designing and supporting Cisco wireless controllers LWAPP environment which supports both 802.11n and 802.11b/g.
• Worked with REMEDY for ticket change management process.
• Technical Troubleshooting in various lab environments, including Microsoft Server 2008, Cisco routers, and Windows
• Installation of different Operating Systems: Including Microsoft Windows, Microsoft Server 2008, and Linux
• Experienced with IP Address management (IPAM), DNS, DHCP by using Infoblox.
• Provided technical support on hardware and software to remote production sites.
• Performed CISCO IOS, PAN-OS, JUN-OS upgrades on Network devices and maintained latest versions.
• Used PKI for certificate delivery to company owned devices like laptops and decryption for certain domains.
• Used PKI for BYOD.
• Configuration and deployment tools for customers.
• Environment Deployment using Cloud formation.
• Remote Windows OS administration of EC2 Instances
• Technical Customer Relationship Support.
• Maintain Customer Environments via Git.
• AWS Environment Troubleshooting/Right-Sizing.

Confidential, Austin, TX

Network Security Engineer

Responsibilities:

• Troubleshoot and monitor Firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, Smart Log and SmartView Monitor).
• Configured IPSec, SSL-VPN (Mobile Access) on Checkpoint Gaia and troubleshoot VPN tunnel connectivity issues.
• Optimize existing policies to improve security and performance. Identify and remove security policies that are no longer needed to reduce Checkpoint Firewall policy lookup.
• Established, managed, and optimized network uptime and provided end-user support for users.
• Creating and managing user accounts to all team members in partner environment.
• Also performed configuration changes in Nexus 7000 series switch VDCs.
• Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card (module) for the Nexus 5000.
• Assign Access and trunk ports on Cisco Switches, configure new network devices, upgrade existing infrastructure to cisco Meraki install Meraki Switches, and wireless Access Points.
• Experience working with HP Aruba wireless controllers and access point configuration, deployment and management.
• Implemented Checkpoint Firewall (4400, 4600) &FortiGate (900, 800) to protect and authenticate local-net and DMZ.
• Responsible for adding Policies to the Juniper SRX 3600, 240, ISG Firewalls for monitoring the logs on SIEM tools like Solarwinds, Symantec end to end security for malware detection and threat analysis.
• Configured and set up of Juniper SRX firewalls for policy mgmt. and Juniper SSL VPN's.
• Configuration and support of Juniper Netscreen firewalls.
• Administer and support Juniper Firewalls Using NSM (NetScreen and ISG firewalls)
• Administering multiple Firewall of Juniper / NetScreen, in a managed distributed environment.
• Fulfilling routine change requests of Net Screen OS Firewall and resolving trouble tickets, maintain and monitoring firewalls.
• Maintain High Availability and clustered firewall environments for customers using Check Point High Availability.
• Good knowledge on HP Aruba tools & software to analyze and resolve issues,
• Created non-overlapping channels when using extended service set to avoid interference between access points and tuning RF signals.
• Configured Virtual IP's (VIP) and virtual servers. Configured pool and pool members and associated it to the virtual server. Configured load balancing method.
• Created the Secure Network address translation (SNAT) for translation the three virtual addresses to the single translation address which connects to the BIG-IP.
• Worked on F5 issues using packet capture like TCP dump, Wireshark and SolarWinds and curl commands.
• Worked on BIG-IP APM to provide secure remote and mobile access.
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Work on Cisco based Routing and Switching environment with MST and Rapid Spanning tree.
• Packet capturing, troubleshooting on network problems with Wireshark identifying and fixing problems.
• Monitoring Network infrastructure using SNMP, Solar-winds and Opnet.
• Communicating and escalating tickets with service providers for network outage issues.
• Technical Troubleshooting in various lab environments, including Microsoft Server 2008, Cisco routers, and Windows
• Configuring and resolving various OSPF issues in an OSPF multi area environment,
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing).
• Design, install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.

Confidential

Jr Network Engineer

Responsibilities:

• Set up accounts and passwords for specific users with authorization to access networks.
• Established customized software infrastructures and installed server hardware.
• Assisted with the maintenance and monitoring of all data communications systems
• Installed LANs WANs and established Intranet and Internet access.
• Ensured that all systems complied with applicable industry standards.