SUMMARY

• Network Professional with 8 years of experience in Designing and troubleshooting LAN, WAN, MPLS in Branch, Campus and Data Center environments.
• Experience in Networking, including hands - on experience in IP network design providing network Support, installation and analysis.
• Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and Dynamic routing protocols such as EIGRP, OSPF, BGP; ability to interpret and resolve complex route table problems.
• Expert Level experienced in Wireshark for network analysis purposes and to Analyze packet traces.
• Worked on IOS/NX-OS upgrade with different Confidential images, different Confidential devices
• Hands on Experience testing iRules using Browser(IE), HTTP watch, curl, Scripts (shell/batch file/Perl) and host files
• Hands On experience Confidential IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS
• Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Environment
• Technical Knowledge on Confidential DMZ, ASA 5585 and 5525 series firewalls.
• Trunks, VTP Ether channel, STP, RSTP and MST.
• Provided technical support and administration to IT systems including day-to-day operations, monitoring and problem resolution for all of the client/server/storage/network devices, mobile devices, etc
• Experience in troubleshoot network issues including boundary protection devices, Confidential Nortel/Avaya and Bluecoat Proxy Servers.
• Experience with hardware load balancer administration and support, preferably with F5 and Confidential ACE load balancers.
• Hands on experience with Confidential ASA-X FirePower Platforms 5515, 5525, 5545, 5585
• Maintained Network and Perimeter Security - e.g., firewalls, IDS/IPS, secure remote access and secure file transfer
• Have good Understanding and troubleshooting experience in WAN optimization product of Confidential 7575 WAE, SRE 910, 710WAE, vWAAS and Riverbed Steelhead product
• Having experience in Migration from Confidential ASA's to Fortinet 's Fortigate firewalls
• Have Extensive Work Experience on Python Scripting and create Framework as Ansible
• Troubleshoot network issues/Remote Desktop
• Implementation of traffic filters on Confidential routes using Standard extended Access list.
• Expert Level Knowledge about TCP/IP and OSI models.
• In-depth expertise in analysis, implementation, troubleshooting & documentation of LAN/WAN
• Confidential ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Intermediate experience of implementing and troubleshooting hypervisors and Virtual Machines
• Experienced in installation, configuration and maintenance of Confidential ASR 9K, 7200, 3900, 2800, 2600, 2500 and 1800 series Router / Confidential Nexus 7010, 5548, 2148 Catalyst Confidential 6500 (sup 720), 4500 (SUP 6), 3750, 2950 series Switches.
• Experience configuring Virtual Device Context in Nexus 7k, 5k and 2k.
• Proficient in Confidential IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS
• Strong knowledge base in the design and deployment of Blue Coat Proxy SG and Checkpoint firewalls.
• Strong experience using Web Services and API’s in python.
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, perimeter security checks, Confidential PIX, NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto IDS,IPS Foundry / F5 Load Balancers, and Blue Coat Packet Shaper systems.
• Configuring Confidential routers and switches to enable and troubleshoot a variety of features such as Trunk, Vlan, Ether channel, port security, routing protocols including EIGRP, OSPF & BGP and Other related technologies such as multicasting, IP Telephony & IP Video.
• Juniper SRX firewall policies.
• Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate
• Worked on Confidential Routers, Active /Passive Hubs, Switches, Confidential PIX Firewall, NOKIA Firewalls
• Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
• Familiarity with network hardware and software, preferably including Brocade, Confidential (IOS, NX-OS) and Juniper JunOS
• Creating and provisioning
• Experience working with JUNOS OS on Juniper Routers and Switches.
• Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.
• Good knowledge and experience in Installation, Configuration and Administration of Windows
• Servers 2000/2003, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under various WAN environments.

TECHNICAL SKILLS

Confidential Platforms: Nexus 7K, 5K, 2K & 1K, Confidential routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Confidential Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series), Nx-OS, IOS-XR

Juniper Platforms: SRX, MX, EX Series Routers and Switches EX4600/9200, QFX 10002/QFX5100

Networking Concepts: Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VDS,VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi, Citrix Metaframe XP Citrix Provisioning Server, Netscaler

Firewall: ASA Firewall (5505/5510), Checkpoint, Confidential ASA, Fortinet

Network Tools: Solar Winds, VMware,SNMP, Confidential Works, Wireshark, HIPPA

Load Balancers: Confidential CSM, F5 Networks (Big-IP)

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1,DS3,OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port-channel, VLANs, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPsec, SSL-VPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6

Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix

PROFESSIONAL EXPERIENCE

Confidential, Jersey City, NJ

Sr Network Security Engineer

Responsibilities:

• Working on tickets for International Circuit and Sites related Issues, making contact with International Providers like SITA, OSPF, DCNM (Ver 9,10,11), VX LAN
• Managed Confidential Nexus 5k and 9300/9500 switches for the data center in Confidential Data Center Network Manager (DCNM) and timely upgrades of Confidential IOS XR, Nexus OS
• Experience working with hardware and software in a large, complex storage environment, including configuration of new environments ( Confidential DCNM )
• Designed 10 gigabit networks using Confidential Nexus 7000 series switches,
• Performed OS upgrades &device replacements on several Confidential devices (6500, Nexus 2K, 3K, 5k,6k and 7k and 9k series switches).
• Configured LAN/WAN networks, Confidential routers, switches and UCS servers.
• Migration from Dual NCS 5500 TOR devices to Nexus 9364C.
• Migration from Dual Catalyst 2960 Management switches to Nexus 93180YC.
• Configuring Multi-layer VPC’s between Nexus 9k (9364) TOR switches and Nexus9k (93180) Management switches.
• Deployed VXLAN on the Nexus 9000 to map the physical VLANs to the virtual overlay VLANs.
• Worked on configuring routing protocols BGP, OSPF on Confidential and Juniper series Routers, also enabled HSRP and VRRP protocols for redundancy.
• Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations
• Convert Campus WAN links from point to point to MPLS and to convert encryption from IPsec /GRE to get VPN.
• Used Python Scripting to load completely new configuration file.
• Created test plan documentation for Nexus 9k (93180) Management switches and Nexus 9k (9364C) Core switches.
• Implemented changes in projects in accordance with the change management process and responsible for MOPS, Post-Implementation handoff documents and Visio drawings.
• Configured VPN tunnels to multiple vendors with end devices terminating Confidential vendor end being a Confidential /Juniper firewall.
• Experience with network management protocols/tools (TACACS+, NTP, SNMP, SYSLOG)
• Tested and implemented various BGP attributes such as local preference, MED, AS-Path
• Implementation of BGP to optimize WAN routing on the core and edge routers.
• Experienced in Automated network implementations and tasks and designed monitoring tools using python scripting.
• Configured IS-IS routing protocol between two Nexus 93180 Management devices to avoid static or dynamic routes.
• Intensive applications of Network automation tools and testing for network automation and configuration management using Ansible, Python scripting.
• Installed and configured Confidential ASA 5500 series firewall and configured remote access IPSEC VPN on Confidential ASA 5500 series.
• Worked on to set up OSPF dynamic routing on Confidential ASA Firewalls by using and following their current network structure.
• Experienced working on Confidential Nexus data center infrastructure with 2k, 5k and 7k series switches by enabling networked devices to communicate effectively.
• Involved in Designing and configuring Distributed Confidential ISE Deployment (12 Nodes).
• Implemented VxLAN on Open Stack to data center network
• Worked on redesigning the network drawings to provide detailed information about the logical and physical connectivity of newly built Data Center with extensive use of Confidential DCNM
• Supported Confidential ACI fabric networks, including python automation.
• Supported in designing Confidential ISE policy sets on WLAN for 802.1 x authentications.
• Experienced in Configuring and troubleshooting devices like Confidential ASA 5585, 5550, 5540

Confidential, Alpharetta, GA

Sr. Network Security Engineer

Responsibilities:

• Worked on providing management connectivity, HA configuration, setting up RSA for MFA, license and updates management, VSYS support, L3, aggregate Ethernet and sub interfaces configuration, configuration of ECMP- OSPF on both Nexus and Palo Alto, moved SVI (server VLAN) interfaces from Brocade core to Palo Alto.
• Maintain and troubleshoot issues with Brocade IP Network and Brocade Ethernet Fabric
• Collected data to determine which permit rules to create between the user and server VLANs based on the logs.
• Experience in Designs and implements Confidential FirePower and Palo Alto firewalls
• Experience with SourceFire IPS & Defense Center/ Confidential FirePower & FireSight
• Used security groups, network ACL’s, internet gateways and route tables to ensure a secure zone for organization in AWS public cloud.
• Experience in Configuring, upgrading and verifying the NX-OS operation system
• Determined the VPN connectivity requirement for users, VPN pool and gateway information, integration of RSA for VPN authentication, defined rules for non-console administrative access, implemented and tested non-console admin rules for firewalls.
• Implementation and configuration of F5 2400 Viprion series using Brocade devices in a multipath network environment
• Implementation and configuration of Confidential WAE 500, 7300 and Confidential WAVE 694 automation and visibility engine modules.
• Experience using Source fire IPS and Firesight management console
• Experience in managing and upgrading multitude of Juniper devices MX, SRX, EX, QFX
• Review and analyze events from logs and Source Fire IDS/IPS.
• Responsible in troubleshooting on Confidential ISE added new devices on network based on policies on ISE.
• Configuration of Arista DCS7300, 7010, MX960s to replace end-of-life devices.
• Management of Confidential WAN Optimizers like WAE and WAVE with the help of Central Manager which includes installation, replacement, basic configuration and IOS upgrade.
• Worked on data center segmentation project to create segmentation between the user and server traffic by deploying Palo Alto firewalls (5250s) in the datacenter including cabling to the Nexus 7K VDCs and HA.
• Collected requirements from the client and selecting appropriate AWS service with required capacity and to design and deploy applications based on given requirements
• Organized the storage and movement of all IT equipment VTC equipment, PC's, Printers, Faxes, Phones, Servers, and Switches
• Maintained a technical support for DNS and DHCP services during the transition from UNIX to Windows-based services, including overseeing of an IPAM system to collectively manage operations.
• Expert knowledge of Confidential ACI, NxOS and IOS, other SDN products Tiered Domains, QoS, data center network design, cloud infrastructure design and management, OSPF, BGP, VLAN Trunking
• Incorporate Confidential Nexus 9000 NXOS to ACI fabric to work in concert with existing Nexus 7000s and ASRs for Multi-protocol Label Switching (MPLS)
• Provided high availability for IaaS VMs and PaaS role instances for access from other services in the VNet with Azure Internal Load Balancer
• Worked on configuration of dynamic VLAN, ACL
• I have used python Libraries like Napalm and Netmiko to Automate the VLAN configuration of Confidential Switches and and Juniper routers.
• I have used python to do Netconf sessions to get the yang data models from Arista and Ciena switches using ncclient library.
• Reviewed all Security SaaS quotes for accuracy and completeness
• Modified and maintained authorization for smart cards and RSA.
• Administered Citrix based appliances such as Access Gateway.
• Resolved misconfigurations and configured load balancing of servers.
• Supported Netscaler utilizing firewalls and content filtering devices.
• Work on digital department to maintain and enhance functionality of corporate website and intranet.
• Hands On experience with VMware Esxi and Microsoft Hyper V
• Installation of new firewalls as well as perform in place upgrades. Hardening the Fortinet and Check Point firewalls before moving them to Production
• Managed and maintained Fortinet Firewalls through IPv4 policies, traffic shaping, IPS, web filtering, interfaces, and routing
• Involved in FortiManager Support and Configuration
• Experience in Fortinet 100D, Fortinet 60C, Fortinet 60E, Fortinet 60D, Fortinet 200E (HA), this includes the whole UTM (app control, Web Filter, IPS, DoS, DDoS, etc.
• Maintained standard practices and policies for corporate LAN/WAN environment.
• Developed weekly status reports and present to IT Director
• Upgraded the existing Panorama to V8.0.6. Integrating the new firewalls to Panorama and responsible for working on change tickets for existing 3250 Palo Firewalls in the environment.
• Worked with the Info security team to closely monitor threats, incident handling, working with the network administration team to provide them with the remediation steps.

Confidential, Middletown, NJ

Sr. Network Security Engineer

Responsibilities:

• Having Experience in new branch setup with multiple locations with Configuring Static, OSPF, EIGRP, and BGP Routing Protocols on Confidential 2800, 3600, 7300 series Routers
• Installed Palo Alto PA-3060 firewalls to protect Data Center
• Maintained Palo Alto firewalls Creating zones, adding rules and maintained the policies on PA 220 series,3020,5220
• Incorporate Confidential Nexus 9000 NXOS to ACI fabric to work in concert with existing Nexus 7000s and ASRs for Multi-protocol Label Switching (MPLS)
• Securing the Confidential ACI Environment from Threats
• Worked on Great exposure to SDN and Network virtualization technologies like Confidential ACI.
• Experience with Confidential ACI (Application Centric Integration) technology implementation.
• Configured Firewall logging, DMZs& related security policies & monitoring
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Maintained the monitoring and alerting of production and corporate servers using Cloud Watch service.
• Proficient in AWS services like VPC, EC2, S3, ELB, Auto Scaling Groups(ASG), EBS, RDS, IAM, Cloud Formation, Route 53, Cloud Watch, Cloud Front, Cloud Trail
• Experienced with event-driven and scheduled AWS Lambda functions to trigger various AWS resources.
• Understanding of operations including LCP.DCP, Ecomp, contrail, and open stack of integrated cloud infrastructure
• Maintained and created scripts in Python that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements.
• I have used Pandas library in python to create inventory csv files and configure csv files to help in Network configuration Automation.
• Configuring rules and Maintaining Palo Alto & Analysis of firewall logs using various tools.
• Advanced knowledge of creating and deploying internal and external wireless and VoIP networks.
• Co-ordinated with other team members and participated in the change management process to implement the needed changes. Worked on service now ticketing system to follow the change management process.
• Having experience with Service Now tool, closing the issues like VCC- inbound call drop collaborated with 8x8 support
• Configuring & managing around 5000+ Network & Security Devices that includes Routers, Switches, Wireless Access points, Wireless Controllers, F5 BigIP Load balancers, WAE, Blue Coat Proxies, ASA, Checkpoint.
• Determined Point to Point and IPSEC VPN tunnels, and DMVPN.
• Configured the Confidential router as IP Firewall and for NAT. Switching (Ethernet) related tasks included implementing VLANs and configuring ISL trunk on Fast-Ethernet channel between switches.
• Configuring VLAN, Spanning tree, Trunk mode, VSTP, SNMP on EX-series switches.
• Experience with moving data center from one location to another location, from Confidential 6500 based data center to both Confidential 6500 & Nexus based data center.
• Experience in Hyper-V and Microsoft Cloud Platform o Architecting, Implementing, Supporting, and Troubleshooting o Experience with Hyper-V Replication / ASR

Confidential, Charlotte, NC

Sr. Network Security Engineer

Responsibilities:

• Worked on site to site VPNs Implementations, providing support for Checkpoint R77.40 with Gaia. Worked with the Info security team to closely monitor threats, incident handling, working with the network administration team to provide them with the remediation steps.
• Worked on cleanup of several legacy rules of ASA and checkpoint firewalls and created a migration path to Palo Altos.
• Experience in designing cloud based networks on top of AZURE, AWS, and Alibaba frameworks
• Reviewed and optimized firewall rules using Tufin firewall monitoring tool by creating customized firewall audit reports. Migrated datacenter firewall rules based on Analysis/query and Reports.
• Staged, planned and deployed Palo Alto NGF 5250s, 3020s, 3060s within Data Centres. Worked with Palo Alto firewalls using Panorama performing changes to monitor/block/allow the traffic on the firewall.
• Worked on implementation of Confidential ISE (V2.2), Trust Sec to provide secure access solutions to the devices in the ICS/SCADA network. Worked extensively on configuring NAC solutions like 802.1X, MAB, RADIUS, TACACS+
• Experience working with hardware and software in a large, complex storage environment, including configuration of new environments ( Unisphere / Confidential DCNM / Brocade BNA / Virtual Instruments)
• Provided onsite and remote technical support to Brocade TAC and customers on current and future Brocade products
• Experience on Confidential FirePower upgrade from Sourcefire
• Instituted a vulnerability management program to scan and report on all machines for vulnerabilities on the network using various vulnerability management tools on a weekly schedule to meet external audit requirements.
• Upgrading Firmware version of WAN Optimizer devices like Confidential WAE, Confidential WCM, Riverbed Steelhead.
• Part of a Cyber Security team responsible for monitoring threats and alerts, providing remediation methods for issues to network administration and applications team, incident handling and maintenance of various security products and its infrastructure. Addressing Vulnerability exceptions and false positives reported by Audits.
• Performed infrastructure architecture review, documentation and network audits whenever necessary.
• Involved in Configuring and implementing of Composite Network models consisting of Confidential 7600, 7200, 3800 series, ASR, ISR routers and Confidential 2950, 3500, 5000, 6500 Series switches.
• Deployed Nexus switches 2248, 5548, 7018 and implemented features like FEX Links, VPC, VRF, VDC, and OTV, Fabric Path
• Extensive work with MPLS, configuring BGP, policy based routing, redistribution, VPN etc.

Confidential, Burns Harbor, IN

Sr. Network Security Engineer

Responsibilities:

• Managed firewall policy lifecycle process from review, approval, implementation, publishing, verification Network Engineer
• Worked on a project to help clean up legacy FW policies and create migration path from current ASA to Palo Alto firewall (5250S) and Confidential next gen ASA with firepower module, Cleaned up around 50000 rules based on activity within 3 months prior to the migration project.
• Implement IPSEC, SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Worked on Checkpoint using multi domain management (Provider-1).
• Configured rules and maintained Palo Alto Firewalls &; analysis of firewall logs using various tools.
• Worked on setup and installation of Confidential ASAs with Firepower and configured it for URL filtering.
• Worked on Qualys, Whitehat vulnerability management tool to provide reports for remediation team and
• Suggesting best remediation methods for application and server vulnerabilities to keep the network secure.
• Worked heavily on Firemon v8 and Tufin to see the rule usage activity, object usage activity and to
• Delete/disable unused rules (over 365 days) and to keep the track of changes.
• Fixed Routing and Switching issues such as BGP configuration errors, IPSec VPN, WCCP WAE Device issues, HSRP, Duplex mismatch, Native VLAN mismatch, port configuration errors, DHCP, device hardware failures, etc.
• Creating change tickets on service now and participating in the change management meetings.
• Responding to incidents and providing restoration of service with 2 hours SLA. Monitoring the remediation mail box and responding to any calls/emails and assisting them any doubts regarding the rule change activity.
• Experience working with Fortinet Firewall series FortiGate 3800, 3700, 3200, 3100, 2500 & 2000.
• Firewall Policy Provisioning and troubleshooting firewall connectivity related issues using Fortinet Manager.
• Communicating with the relevant Business units and reaching out to the rule owners to inform about the rule disabling/deleting activity. Served as a Liaison between the Information securities controls office and network engineering team.