SUMMARY

• A business centric qualified Network Architect & a Cloud Infrastructure specialist with 16+ year of experience in various industry with proven technical expertise in the latest trends and techniques of the field in terms of technology and management, with an inborn quantitative aptitude.
• Extensively worked with variety of Vendors Products and services Cisco, Juniper, Fortinet, AWS, Palo Alto, AWS, MS Azure, Nortel, Bluecoat, F5, Checkpoint, Motorola, Microsoft, Steel Bird, NOKIA, 3COM, D - Link, Dell, SonicWALL, Polycom, and Netgear. Good understanding and management of cloud-based infrastructure deployment and support.
• Core Competencies in Network/Security and Cloud Connectivity Architecture, Implementation, Troubleshooting, System Administration, Disaster Recovery Management, Data Maintenance and Backup & Recovery, Business Technical Project Delivery, Managed Services-Client Delivery.

TECHNICAL SKILLS

• Workgroup, Domain, HSRP, VRRP, DHCP, DNS, Static, VLAN, STP, VTP, Ether Channel, Metro Ethernet
• Class, Subnetting IP V4, VLSM
• RIP, IGRP, EIGRP, OSPF, BGP, TCP/IP, Static, PBR, GREs, DMVPN, GETVPN, SD-WAN
• CISCO Routers 1700, 1800, 2500, 2600, 2800. CISCO High End Routers 3600, 3800, 7200. CISCO Switches 1900, 2950, 2950, 2960G. CISCO Campus Switches 3550XL, 4948 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6506 , NX-OS, Cisco Nexus-2K, 5K & 7K,9K, ASR-1000/9000, Motorola Vanguard Router 342 & 6435, 3Com Core 4007/Access Switch 3300, D-Link Layer 2/3 switches 3326SR, Nortel Bay stack Switches.
• OTV, VxLAN, Cisco ACI, APIC, Micro-Segmentation, VPC, SVI’s, Fabric Path, Fabric Interconnect, Fiber Channel, Zoning, FCoE, Cisco UCS B/C Series, MDS 9x series.
• Cisco FirePower, Cisco ASA 5585-X Firewall, FWSM, FortiGate (200B, 1240, 1500D, 3900, 5900), Palo Alto PA-5220, PA-850, Panorama, SonicWALL Firewall NSA2400, 3400, Checkpoint Firewall (SPLAT & Appliance), ACL-Access Control List, NAT, PAT, RSA Server, AnyConnect VPN Client, Clientless Web Portal, AAA, Radius, TACACS, LDAP, IWA, Bluecoat Proxy SG, Bluecoat Reporter, Juniper SSG-550M, Juniper VPN Client, McAfee IPS M2950, Infoblox IPAM/DNS, Forefront Threat Management Gateway (TMG) 2010 Cisco ISE 2.4 and Active Directory. Python, RegEx.
• Microsoft Azure, Amazon Web Services (AWS), Transit HUB, Transit Gateway, EC2, VPC, ELB, EIP, Security Groups, Route 53, Network ACL’s, Direct Connect, Express Route, IPsec Tunnels (Virtual Private Gateways), EBS, EFS, Glacier, S3, CloudWatch, CloudFront, CloudTrail
• Cisco Prime v 3.0, SolarWinds, Op-Manager, Cisco ACS 5.x, What's UP Gold, Wireshark, PRTG Packet Sniffer, SMARTS, NAGIOS.

PROFESSIONAL EXPERIENCE

Confidential

Network Architect

Responsibilities:

• Performs onsite client support that includes problem management, change management, project support and new implementations.
• Responsible for providing IT roadmaps, technical escalation and resolution, multiple project implementations in network, security and cloud infrastructure domain.
• Providing thought leadership and point of views on latest technology trends affecting clients, especially with respect to data center, cyber security & cloud computing
• Providing data network, cybersecurity strategy, architecture, engineering, and managed services for Fortune 500 clients in financial services, retail, technology, and healthcare.
• Responsible for providing HLD, LLD, Project Estimation, Hardware Selection, Providing SOW.
• Responsible for networking solutions, network management products, performance and capacity management for network equipment, and network solutions based on customer requirements sizing and estimating solutions.
• Participate in client presentation to “C” level for solutions, identification of root cause analysis, resolution, outage mitigations, testing and implementation of vendor/IT fixes or design changes.
• Part of design team to deliver 1.5 million Data Center migration project for two major location in Paris for a major financial client leveraging Cisco ACI spine-leaf architecture on Nexus 9000 and UCS Infrastructure using VMware Virtualization-ESXi/vCenter.
• Point-Of-Contact for technical escalation for any Cloud, WAN, Firewall, Routing & Switching issues for clients.
• Network connectivity design for AWS and Azure connectivity with best security practice including micro-segmentation, transport encryption and complete Account/VPC/VNET/AZ/Subnet design using AWS Transit Gateway & Transit Hub.
• Migration of 120 MPLS-CE Routers from ISR 3900 to 4431 across the globe.
• Design dynamic failover connectivity (MPLS/IPSec) to AWS by implementing SD-WAN on Fortinet firewall using BGP to/from multiple data centers.
• Design & Implementation of Fortinet & Cisco ASAv firewalls in AWS for DMZ and Internal VPC on different account along with AWS- Transit Gateway running over IPSec VPN tunnel to On-Perm & Direct Connects.
• Design & Implementation of IAM-Cisco ISE 2.2 for Cisco AnyConnect VPN authentication and device admin TACACS-AAA for all network devices.
• Design and Implementation of Cisco Prime Infrastructure 3.5 for configuration management and backup solution.
• Migration of Cisco ASA5585 VPN firewalls to Cisco FirePower 2100 & 2130 entitled with ASA & NextGen with AnyConnect 4.0.

Confidential

Network Security Architect

Responsibilities:

• Performs onsite data centre support that includes problem management, change management, project support and new implementations.
• Responsible for networking solutions, network management products, performance and capacity management for network equipment, and network solutions based on customer requirements sizing and estimating solutions.
• Responsible for providing HLD, LLD, Project Estimation, Hardware Selection, Providing SOW.
• Participate in client presentation for solutions, identification of root cause analysis, resolution, outage mitigations, testing and implementation of vendor/IT fixes or design changes.
• Migration of Static routing to Dynamic OSPF in datacenter-core and campus.
• Redesign Inter-VRF routing on Nexus 7K by doing fusion between VRF.
• Delivered design and implementation of dual-side VPC on core along with Data Center core upgrades Nexus 7K ISSU, Nexus5K ISSU, and FEX.
• Delivered design and implementation of BGP across WAN connection.
• Complete redesign of entire Firewall infrastructure on hardware ASA 5585’s segregating B2B IPSec Tunnel, Merges & Acquisitions, and Corporate AnyConnect VPN.
• Design & Implementation of DMZ using Cisco ASAv firewalls in AWS to control traffic between DMZ-Networking VPC and Internal VPC.
• Implementation of Cisco ISE infrastructure for Cisco AnyConnect VPN & Wireless authentication.
• Migration of Cisco ACS to Cisco ISE for Authentication.
• Implementation of Cisco Prime Infrastructure.
• AWS-Amazon Web Services- Implementation of new VPC’s, Security Groups and NACL’s, managing VPC’s, VPN & Direct Connects connection from Data Center and AWS.

Confidential

Manager Network Architecture

Responsibilities:

• Performs onsite data centre support that includes problem management, change management, project support and new implementations.
• Design and Implementation of DMVPN failover to MPLS using BGP for connecting 70 Branch offices using Palo Alto firewalls and Panorama.
• Deployment of Panorama in HA mode & 70+ PaloAlto firewalls with full feature across the globe for DMPVN.
• Design and Implementation of Cisco UCS B & C Series servers. IBM Blade H Chassis servers with NEXUS-4K.
• Implementation of Remote SSL VPN Cisco Any Connect ASA5585x for around 1,000 users with load balancing between two locations.
• Configuration and Implementation of Amazon Web Services new VPC, EC2, EIP, ELB, EBS, AWS-Security Groups management in multiple availability zone (AZ) location for Development, Staging, Production connectivity.
• Managing and helping APP/DB/WEB team for deploying new environment in AWS (Amazon Web Service) cloud.
• Managing large-scale production-corporate network (100 Location) infrastructure of Cisco Nexus 7K, 5K, Catalyst 6500/4500 switches, ASR 1000/ISR4000.

Confidential

Technical Lead

Responsibilities:

• Responsible for networking solutions, network management products, performance and capacity management for network equipment, and network solutions based on customer requirements sizing and estimating solutions.
• Responsible for providing HLD, LLD, Project Estimation, Hardware Selection, Providing SOW.
• Responsible for requirements gathering and analysis, design, and sometimes delivery of new business, transition and project change request work for multi-vendor enterprise network and security products.
• Responsible for building Firewalls in Cisco, Fortinet, Juniper and Checkpoint environment for over 8000 + Fortigate (200B, 1240), 20+ Cisco ASA 5585x & 200+ Checkpoint-SPLAT Firewalls, 8 SA6500 Juniper Firewall & sites for network & security components.
• Strong hands on large-scale production-corporate network (10,000 Location) infrastructure of Cisco Nexus 7018/7010, 5596/5548, 2248/2232/2148 , Catalyst 6500/4500 switches and 2900/3800/7200/ ASR 1000 routers as per business requirement in different zones.
• Migration of 5 pairs of distribution switches 6500/4500 to Cisco Nexus 7010 .
• Implementation of connectivity to Microsoft Azure cloud infrastructure and hosting Development, Staging and Production environment with proper VNET design. Implemented of QoS over transport to different tunnels.
• Design and implemented Cisco IPSec migration from Checkpoint R65 to Cisco ASA 5585 in context mode.
• Design and Implemented Certificate based VPN access for iPhone/iPad/Android access along with posture assessment with disk encryption, firewall and antivirus host scanning.
• Implementation of Remote SSL VPN Cisco Any Connect/ Clientless Web Portal on ASA5585x for around 20,000 users with load balancing between two data centers leveraging F5.
• Implemented Cisco Security Manager-CSM 4.6 for centralized management of all 5500x ASA’s in Walgreens for all production, Lab and Staging environment.

Confidential

Sr. Engineer Network & Security

Responsibilities:

• Configuration & Troubleshooting of (300 Locations) Cisco 2800, 2911, 3800, 7200 Routers & 6500, 4507RE switches for Core/Distribution/Access layer distribution. Maintaining SLA’s for downtime. Configuration of HSRP on core switches 6500 & 4507-RE. Configuration of EIGRP, OSPF and BGP at CE end over MPLS links on Cisco 3800, 2800.
• Planning, Implementation and Administration of Juniper SSG-550M firewall for Internet and IP-VPN connectivity for SRCA HQ & remote locations.
• Implementation of NSRP between two Juniper SSG-550M gateway and firewall for redundancy. Implementation of NMS tool OP Manager, Managing Forefront Threat Management Gateway (TMG) 2010.
• Implementation of Juniper VPN Client with for remote connectivity. Implementation of Sonic wall NSA 2400, 3500 series firewall in 8 different locations of SRCA. Configuration of 50 Cisco ASA 5510 for new Internet link in HQ and branches.
• Implemented Bluecoat ProxySG-510 with LDAP/IWA authentication, Bluecoat Reporter, and Bluecoat Antivirus for access to Internet in branches of SRCA includes Bandwidth management Policies.