OBJECTIVE

• As a seasoned network professional, my objective would be to work in next generation technologies and platforms which further contribute to my knowledge base and skillset. I would seek to work as a team and be a valuable contributor by being a quick learner.

SUMMARY

• 8 + years of experience in multi - vendor enterprise environment.
• Experience with working on various Cisco owned operating systems like CatOS, IOS, NX-OS, FX-OS and IOS-XR.
• Experience in network automation using Python programming language.
• Experience in configuring & managing on cloud platforms hosted on Microsoft Azure and Amazon Web Services.
• Experience in configuring and troubleshooting L2 and L3 routing protocols like BGP, MPLS, OSPF, EIGRP and RIP.
• Experience in user VPN based on Cisco Anyconnect, Cisco ASA, and Cisco Firepower security platform devices.
• Experience in configuring Web and Application filtering and NAT polices on Checkpoint and Palo Alto firewalls.
• Experienced in Monitoring tools like SolarWinds and Cacti.
• Experienced in IP address management using SolarWinds.
• Experience with Smart Licensing using Cisco Smart Account and also in ticket creation with Cisco TAC.
• Experience with configuring SSL profiles, virtual servers, certificates, SNAT pools, iRules etc on F5 LTMs.
• Experience with configuring layer 7 load balancers including Citrix Netscaler, Amazon NLB’s and ALB’s.
• Experience with packet analysis using Wireshark and other network logging tools like Splunk and Netscout.
• Experience in creating high-level and low-level design documents as well as network diagrams using Visio.
• Experience with various ticketing systems like Service Now, BMC remedy, Cherwell and Jira.
• Experience in working with different service providers like Crown Castle, AT&T, Verizon and Lightower.

PROFESSIONAL EXPERIENCE

Confidential, Brooklyn, NY

Network Engineer

Responsibilities:

• Provide network support as NOC level III engineer to entire network of Confidential comprising of 7 SONET rings connecting admin sites and 1200 charter schools connected through those. Daily responsibilities also comprise of troubleshooting and resolving inter-agency network access issues.
• Interact and work with network teams from other major city agencies like FISA, DoH, FSBO, BERS, NYIBO, NYSED, TRS, DCJS, and DHS for critical citywide network outages and issues.
• Daily responsibilities include working on redundancy protocols like HSRP/VRRP, device virtualization configurations like VSS and VPC, VRF, VDC, VTPs and VLANs, switching protocols like PVST+ and RSTP, dot1Q encapsulations, port-channel and inter IDF trunk configurations, layer 3 protocols and configurations like route maps, policy based routing, route policy. Support partner L2L and IPSEC VPN (policy and route based IKEv1/IKEv2), reference ARP and CAM entries on IDF switches to trace and fix speed/duplex errors of user desktops, troubleshoot VoIP issues with user using CUCM, CUC.
• Provide urgent field support in case of device failures due to hardware issues. Resolution would include replacing failed cooling fans, line cards or SUP engines on 4500, 6500, 7000 multi-layer (modular chassis) Cisco/Catalyst switches followed by configuration rebuild from backups.
• Support Cisco ASR 1000, 6800, 6500 aggregation routers and switches for data traffic and ISR 3845, 4331 routers for VPN traffic.
• Manage ISP facing edge routers (eBGP connectivity to vendor sites), update configurations with route addition under IGPs like OSPF/EIGRP and redistributing the sane into EGP like BGP and vice versa.
• Part of ongoing VPN infrastructure upgrade which involves setting up entire environment from scratch using Cisco Firepowers (running ASA code). Creating zone based device configuration, followed by creation of application security policies, file policies, IPS rules, URL filtering policies and other rules for each VPN user on Cisco ASA’s terminating the client SSL connection, to support device local authentication over Active Directory for network admins and network operations center staff.
• As part of admin NOCIII team, we support creation of virtual IPs (hosting public facing websites and applications) on F5 LTMs/Cisco CSS, plus creation of DNS records on LAN. Updating certificates on respective client SSL profiles terminating on the load balancers periodically and before their expiry. Performing routine network wide scan for internet webservers for vulnerable TCP/UDP ports and weak ciphers in client profiles (using NMAP and Linux shell).
• Support also includes maintaining and updating access-lists i.e. ACLs on Cisco ASAs, PIX, Firepower, Firepower management console (FMC), Firepower Chassis Manager (FCM), Amazon Web Services (AWS) VPN tunnels, Azure tunnels connecting east and west coast cloud networks owned by DoE, Catalyst 6500 and 4500, 6800’s running VSS, Cisco Nexus 7Ks.
• Part of an ongoing admin site upgrade as lead point of contact. This involves upgrading the entire building infrastructure with new 2960X IDF switches and 6800 as MDF switches, configuring routing on OSPF and RIP, migrating WAN circuits from old core to new core on a planned cutover window.
• Built 2 Python script for production implementation and recurring usage. 1 st served as a single window to perform an intuitive search across ~16 production ASA’s/PIX to enlist all nested objects/object-groups and associated ACLs for the entered host IP. The 2 nd script helped to migrate ~250 charter school routers (Cisco 870/890) off from legacy to new VPN infrastructure. This required logging into each of the remote school router sequentially over WAN and updating their peer IP, check reachability to head end and then saving the configuration.
• Provide support to field techs present onsite to fix issues with charter school routers. This requires logging into the Cisco 870 or 890 routers remotely and then doing debug to determine root cause of loss of connectivity to head end router present at the main admin site. Once root cause is narrowed down, we would fix and close out the case, prepare RCA report and support next field tech.
• Support Cisco optical SONET network switches consisting of NCS 2000, ONS switches over optical WAN network connecting the admin sites across NYC.
• Familiar with Amazon webservices cloud configuration (GUI) for virtual private cloud (VPC), internet gateway, NAT gateway, Elastic subnets, virtual private gateway (VPG), auto-scaling, network load balancer (NLB) and application load balancers (ALB).
• Troubleshoot LAN network issues based on logs from Netscout nGenius One, Cacti alarms and SNMP server alerts.
• Daily roles also include constant monitoring of major WAN and LAN links of all the admin sites on Cacti graphs for bandwidth utilization and traffic pattern analysis.
• Updating DHCP server scope of user/server VLANs on L3 SVI at floor switches while working with server teams in parallel, facilitating user requested ports (ex. FTP/TFTP) and services on wireless LAN and firewalls.
• Updating NAT entries for newly commissioned and existing webservers on firewalls (due to overlapping LAN network) to facilitate LAN-to-LAN over WAN communication.
• Troubleshooting TCP connection resets on Wireshark, reviewing multi-level ICMP echo request/response denials on Cisco Firepowers with security team for LAN bound traffic coming from Internet, performing ICMP/TCP trace and running packet tracer on Cisco ASA’s for flow denial.
• Familiarity with writing and executing SQL queries on SPLUNK database to fetch appropriate network device logs and alerts.
• Configuration and support of leaf and spine architecture consisting of Nexus 7000 (7k), 5000 (5k) and 2000 (2K). These would serve as connectivity between NYCDOE admin sites at 2 MTC and 11 MTC.
• Prepare and update network diagrams, network maps, virtual server list, internal DNS records and domain utilization, local internal VLAN management and utilization, floor plans, and schematics using Microsoft office tools i.e. Visio, when required.
• Part of ongoing Avaya to Cisco IP telephony migration. Task would include setting up CUCM and Unified presence servers on Cisco UCS blades, creating call manager clusters, drawing visio of centralized and distributed call processing models in admin and remote sites, define call pickup groups, hunt list, calling search spaces, installing PRI’s with help of field techs, installing FXO/FXS cards into ISR 28XX routers depending upon site needs.
• As part of VoIP migration, task would also involve installing VoIP phones on user desks and connecting them to Ethernet wall jack, establishing switch connectivity and checking IP phone registration to call manager. Installing new SIP trunk and voice gateway, PBX and CUCM cluster, Unity presence and contact center servers on Cisco UCS blades.
• Configuring and supporting 3 rd party vendor equipment consisting of Checkpoint, Palo Alto firewall and 3COM/HP routers, This would require updating application security and URL filtering policy, firewall policy and at time IPS policy as well.
• Network Node configuration, backup and monitoring of core switches and firewall traffic via Solarwinds. Network map monitoring graphically as per geographic location.
• Basic understanding and experience with windows 2008 and 2012 server manager for DHCP scopes, DNS and Active directory configuration for internal LAN users.
• Handle service requests on service now, BMC remedy and Cherwell.

Confidential

Network Administrator

Responsibilities:

• Datacenter environment and support included working on Cisco 4500’s, 6500, 6800, 7000 running on CatOS, IOS and NX-OS.
• Implement firewall service requests coming up on ticketing system, “service now” and proceed towards request resolution based on the source and destination IP and the destination port #, destination URL. At the end of the day, we would push the firewall changes (i.e. new policies) to implement the new firewall rules and update a copy of service requests (.xls) for that day onto the shared drive.
• Manage routing across core network connecting east and west data centers across NJ. Routing protocols worked upon included BGP, OSPF, and EIGRP.
• Perform break fix for line card failures, device failure, performing cabling, replacing fan modules, replacing SUP modules etc.
• Firewalls worked upon include Checkpoint (R77 GAiA GUI), Palo Alto firewalls (PAN OS and Panorama).
• Load balancing configuration on Citrix Netscaler for management of existing and new virtual-servers under Verisk domain.
• For troubleshooting firewall related packet drops and reachability issues, we would use Netscout or Checkpoint’s Smart Tracker.
• New rules would be implemented through Checkpoint’s Smart Dashboard. The security gateway installation type being “Distributed”.
• Internet facing aggregation and core 6800’s, F5’s and Firepower firewall traffic monitoring and configuration comparison via Solarwinds.
• Support Cisco ASR 1009 and 6800 aggregation routers across east and west coast data centers.
• Managing websites hosted on Citrix Netscaler and F5 LTM. Performing cert updates, creating SNAT pools, nodes, health monitors, SSL profiles, backend pools, iRules etc.
• This profile also required delivering the roles of routing and switching engineer, this involved installing new routes into the core router, creating new VLANs for new user profiles, sometimes also defining policy-based routing etc. Devices worked upon included Nexus 5K and 7K, 6509 and 2960, 3750.
• Once a week, we would use “Skybox” network assurance and optimization software to find out rule and object usage statistics for each firewall and thereby optimize firewall rules by removing shadowed or redundant rules.

Confidential

Network and Voice Operations Support

Responsibilities:

• Confidential System, listed among the top 5000 fastest-growing companies in the U.S in 2014, designs, installs, maintains, and services networks that integrate voice, video, and data services.
• Day to day work involved installing, configuring and deploying floor and core level network devices including Cisco routers, L3 switches, ASA’s, voice gateway like VG224’s, managing SIP trunks and IP phones via CUCM/CCP as per end client needs and project requirements.
• Depending upon client hardware preferences, configuration would involve Checkpoint or Palo Alto firewalls as well.
• Being part of end client facing marketing team, work would include presenting networking solution along with bill of materials required, anticipated number of engineers and days for completion and finally our offered budget for the entire project completion. Our goal was always to give our best shot to win the client contract.
• Devices used: Cisco 2900, 2800, 1900 series routers and 29XX & 35XX switches for routing and switching.
• Application: CUCM, Cisco unity connection, Unified presence and Contact center (UCCX).

Confidential

Network Security Analyst

Responsibilities:

• Confidential is an Indian provider of networking technology solutions to the global telecommunications industry.
• Troubleshooting network related issues using BT proprietary GUI. Tasks involved some amount of debugging at the router and switch levels present at local and client locations.
• Support MPLS L3 VPNs with understanding of route reflectors, provider edge, provider and customer edge routers, route distinguisher and targets, route import into customer specific VRFs.
• Updated the design and documentation of BT’s network and its components monthly.
• Managed and updated BT's website with latest products and offerings (Web designing using HTML 5.0 with some JAVA scripting).
• Device backup and configuration comparison via Solarwinds.
• Coordinated with BT application support team over calls and resolved their service requests (BMC remedy) within the SLA (service level agreement). This required communicating with remote client over the call and explaining them the problem outline and then ensuring that the service request comes to closure with a coordinated team effort.
• Recipient of "Valuable Team Player" employee award during quarter 1, 2 of financial year 2011-12 for providing network support and service to overseas client (BT) beyond office hours and during weekends.
• Being the employee of Confidential, I had marketed our cost effective solutions as a part of marketing and sustainable revenue team to BT (Client) for 2 consecutive financial years which helped my team and company to sustain our client relationship for another 2 years.
• Basic experience with SQL and JSS (java scripting) and HTML 5.0 for maintaining front end proprietary network monitoring dashboard of TechMahindra.
• Supporting existing voice infrastructure and also facilitate addition of new users across 3 branch offices of TechM. Task involved creating SIP trunks, working with Cisco VoIP phones, Cisco Call Manager Express (CME), Cisco Configuration Professional (CCP), and Cisco Unified Presence, Cisco Contact Center (UCCX), Cisco Unified Call Manager (CUCM). Creating and managing voice and data VLANs for each of the floors, call forwarding, call pickup groups, hunt groups, hunt list, single number reach, translation patters, call forwarding etc.