SUMMARY:

• Cisco Certified Network Engineer with 8+ years of experience in the industry which includes Designing, Implementation, Installation, Configuration, Deployment, Troubleshooting, Network Operations, Administration Support And Network Security.
• Excellent knowledge and experience on different platforms like Cisco, Juniper, Palo Alto, Checkpoint, F5 Big - Ip LTM Load Balancers And Vmware.
• Strong hands on experience in layer-3 Routing and layer-2 Switching. With Cisco switches (9K,7K,5K, 2900, 3550, 3750, 6500, MDS 9000, 5000 NX-OS) series, juniper (EX, QFX, QFabric) series switches, Broadcom switches, Brocade (ICX, SLX CES), juniper (MX960, MX480, LN, CTP) series routers, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers.
• Experience in Configuring and implementing Palo Alto Firewalls, checkpoint firewalls, PIX Firewall (506, 515, 525, 535), cisco ASA (5505,5510,5520) Firewall, Cisco ISE (Identity Service Engine) Juniper (SRX 220,300, Csrx ) series firewalls.
• Configured Client-to-Site VPN using SSL Client on Cisco ASA 5520 ver8.2.
• Modified and worked in the following platforms to support customer Voice: Cisco Unified Call Manager 6.x through 8.x, Cisco Unity Connection, voice gateways .
• Design and install Cisco UC Cluster Environment (CUCM, CUC) for many Clients.
• Experience in installing and troubleshooting of WAN technologies like T1/T3, DS3,STM1, OC3, SONET, Gigabit and STM4 circuit types.
• Hands on experience on cisco wireless LAN CONTROLERS and ACCESSES POINTS. Experience in Physical cabling, IP addressing (ipv4 & ipv6), Wide Area Network configurations (Frame-relay & MPLS), Routing protocol configurations (RIP, EIGRP, OSPF, ISIS BGP).
• Experience in Configuration and Support of LAN protocols on Cisco Switches such as Layer2, Layer3 and Multi Layer.
• Up-grading and degrading the OS (IOS, NX-OS, JUNOS) for switches and routers as per requirement
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Functional Understanding of DNS DDOS and DOS threats and mitigation techniques.
• Responsible for installation, configuration and troubleshooting of Cisco NAC on both client end and Manager Server.
• Subject Matter Expert for Symantec Endpoint Protection anti-virus, McAfee anti-virus & Symantec Data Center Security & Credant Encryption enterprise security solutions.
• Working on Evergreen project for Cisco devices migration for more than 200 sites and configuring L3, L2, Distribution and Access layer to load balance traffic.
• Strong Knowledge of the 7 layers, TCP/IP, IP Addressing and IPV6.
• Experience with working cisco meraki wireless and meraki mobility manager.
• Load Balancing using Cisco ACE, Kemp, ADC, F5, Security Device Manager (SDM).
• Deployed Enterprise manager to monitor and manage BigIP F5 devices.
• Engineered traffic management solutions, including designing, low level engineering for F5 LTM, GTM, ASM, APM environment
• Performed F5 appliance (LTM, GTM, APM, and ASM) maintenance and system upgrades including hot fixes and security configurations.
• In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS and Frame Relay.
• Wide experience in implementing and managing F5 BIG-IP load balancing, including GTM, APM, ASM, and custom iRule development.
• Enterprise Exchange 2007 SP3, Run & Maintain/Configure Exchange environment, 16K+ users, 5 Cluster (10 node CCR ESX VMWare Mail store) 25+ node messaging system, Exchange PowerShell, Mailbox restoration, User support Outlook 2007/2010 clients, Confidential Email Source One Archiving, ActiveSync, RSA Security, Symantec Email Security, Room Wizard Administrator. CRM Application integration.
• Responsible for the secure development lifecycle for Cisco's Nexus line of products, including Application Centric Infrastructure (ACI), Application Policy Infrastructure Controller (APIC) - Cisco's Software Defined Network (SDN) solution, as well as the Cisco Nexus 9k, 7k, 6k, 5k, 4k, & 2k.
• Monitored system security to maintain protection and align processes with corporate objectives, including review of security certification, configuration plans, and risk compliance.
• Experience in using netscout sniffer analysis for testing the performance of the network.
• Configured and maintained netscout ngenius 4200 series packet flow switch as load balancer.
• Expertise in Virtualization with vSphere, VMware ESXi 5/4.1/4 and 3.x hosts and Virtual Center server
• Implemented vSphere 5.0 for Proof of Concept & Supporting vCenter environment in large-scale production environment.
• Design nextgen data centers with nexus 9500/9300 ACI, openstack, DCI, EPGs/bridge domains, OTV, and VXLAN.
• Experience in QoS on multicast VPN.
• Experience working on the EPC network and 3G/LTE call flow.
• Configured Amazon Virtual Private Cloud (VPC) on AWS's scalable infrastructure.
• Implementation, configuration and management (manually and using iApps templates) of F5 2400 Viprion series using 2100 series blades, and Brocade (Foundry) devices in a multi-platform network/storage environment.
• Implementation of Firemon for firewall policy compliance, rules cleanup, and complexity reduction.
• Experience through Hand-on Experience with configuring T1.5, Gigabit Ethernet, Channelized T3 and full T3, OCX, ATM, Frame-Relay and VOIP (Voice-Over Internet Protocol).
• Aggregating switch links using LACP and PAGP protocols.
• Outstanding experience in designing and configuring of Layer 2 / 3 networking features such as VLAN, ISL, STP, VTP, 802.1X, Port Security, L2PT and SPAN.
• Implementation and Troubleshooting of WAN authentication protocols- PPP, CHAP and PAP.
• IP addressing and IP address scalability by configuring NAT/PAT.
• Experienced working on network monitoring and analysis tools like, Solar Winds, Cisco Works, River Bed, Cisco Prime, NETQOS, EMAN.
• Problem Analysis and Troubleshooting (Wireshark, Solarwinds, NetMRI, CiscoWorks/Prime, MRTG, and Custom Scripts)
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Design and build Windows 2000, 20, Servers.
• Active Directory installation, maintenance and upgrades, Responsible for all software installations on both the servers and workstations. This includes Antivirus software and any custom applications.
• Analyze, monitor, troubleshoot, and investigate security-related anomalies with various tools such as AlienVault SIEM, Imperva Securesphere Web Application Firewall, Barracuda WAF, SCCM, etc.
• Maintain and upgrade Imperva WAF from version 8.x to 10.x. Maintain and review the events and make necessary changes including setting up new applications.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
• Experience with BlueCoat URL filtering with whitelisting and blacklisting URL, creating rules for content filtering.
• Used tools such as HP ArcSight, BlueCoat Reporter 9 web proxy, Network Security Manager (NSM, NMN) and Palo Alto to correlate network events/alerts to get a more in depth analysis of network traffic.
• Hans on experience with Spirent Test tool.
• Experience in Network Intrusion detection/Intrusion Prevention System.
• Experience on working with Netcracker, Cramer.
• Worked with ticketing tools like ServiceNow, Remedy tool.
• Hands on experiences on McAfee EPO with deploying and removing agent on client’s machine, removing virus and manually updating DAT files.
• Knowledge on Python scripting.
• Strong Knowledge on SDN (software defined network).

TECHNICAL SKILLS:

Operating Systems: Cisco IOS, Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008/2012 Server, Windows XP/Windows 7/8, LINUX, UNIX, MS Exchange server, Solaris, Active Directory.

Equipment s (Switches, Routers): Cisco routers (7600, 7200, 3900, 3600, 2800, 2600,2500, 1800 series, ASR 9K (9922) and ASR 1K) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series, juniper SRX, MX480, 240, 80 series, EX, QFX Series Routers and HP(7000) series Switches.

Routing: OSPF, EIGRP, ISIS, BGP (EBGP/IBGP), RIP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing, IPV4, IPV6.

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing &Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging.

Firewalls: ASA 5500 series, checkpoint, Juniper Netscreen Firewall ISG100, 2000, SSG, SRX, Palo Alto.

Load Balancer: ACE Module, GSS & F5 LTM

LAN Technology: Workgroup, Domain, HSRP, DNS, DHCP, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN technology: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET.

Various Features &Services: HSRP, VRRP, GLBP, NAT, SNMP, SYSLOG, NTP, CDP, DNS, TFTP, FTP, IOS and Features, Management. Wireshark, IXIA chariot, Packet Sniffer, Packet Analyzer and Solar Winds Breaking Point, TCPDump, Python.

Wireless & WiFi: Canopy Wireless Device (point to point/point to multipoint), D-Link Wireless (point to point), D-Link Access Point, CISCO 1200 series Access Point, and Linksys Wireless/Wi-Fi Router.

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

PROFESSIONAL EXPERIENCE:

Confidential, Seattle, WA

Sr. Network Engineer

Responsibilities:

• Designed and support the consolidation of data centers utilizing Broadcom , Nexus 2K, 5K, 7K and juniper ( EX, QFX) switch infrastructure.
• Configure, test and troubleshoot pre-migration 1G, 10G, IPTV and LAG (Link Aggregate) circuits on Juniper MX960 routers.
• Configure and maintain all Palo Alto Networks Firewall models (PA-3k, PA-5k.) as well as a centralized management system ( Panorama ) to manage large scale Firewall deployments.
• Hands on experience on all software blades of Check Point Firewall . 24x7 on-call step-up support as a part of the safety operations team.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Network.
• Use HTTP forward Proxy in Blue coat Proxy server.
• Working closely with knowledge center management to investigate the information center sites for cabling necessities of assorted network instrumentation.
• Configured Class of service Policies, Traffic Policies on MX960 and MX480.
• Juniper MX960 enterprise-ISP routing via BGP.
• Provided application level redundancy and accessibility by deploying F5 load balancers long-term memory .
• Management of F5 Viprion based load balancer as LTM and GTM for hundreds of applications serving the needs of thousands of users local and abroad.
• Worked on BIG-IP Access Policy Manager (APM) contextually secures, simplifies, and protects user access to apps and data, while delivering the most scalable access gateway.
• Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies
• Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a Spine and Leaf architecture.
• Troubleshoot network connectivity by utilizing Netscout Infinistream and Riverbed Steelhead and Juniper wan accelerators.
• Configured VPC and attached Amazon Elastic IP, VPC peering to connect from one VPC to other VPCs
• Configured EC2-Classics platform to communicate with instance in an VPC using private ip address.
• Monitored VCP log information of network traffic in and out network interface VPC.
• Integrated AWS Network with our existing production and corporate network.
• Monitor all Malware incidents thru Sourcefire IPS system.
• Configure and install Aruba wireless controllers and access points.
• Implementation and troubleshooting of 802.11a/b/g/n technology with primary focus on Cisco Unified Wireless Network.
• Installed and configured databases on Unix/Linux platforms, managing swap configurations, virtualization (VMware Esxi 5, 5.5 and Oracle Virtual Box)
• Implementation and troubleshooting of wireless guest access.
• Creating solid SecureX (SOS) architecture with the identity Services Engine.
• Using Solarwind, NetScout and windows performance and resource monitor to figure out that we were losing PCoIP packets that was degrading the VDI environment.
• Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment.
• Configuring ADC (Application Delivery Controller ).
• Using ISE Deployment Assistant (IDA) to validate and document endpoint authentication status during monitor mode deployments.
• Configured complex ISE implementation involving 6 agencies with GETVPN, DMVPN, SSL VPNs.
• Configured Cisco ASA 5510 for VPN Network Access Control integration with Cisco ISE (Inline PEPs).
• Used troubleshooting skills to fix Multicast routing issues and used WireShark to source packet level issues.
• Planning, designing and Configuration of various Policy Configurations, Profile Authorizations, End device Profiling, User Identities, Cisco ISE and AD mapping with various attributes and levels of authorizations and Network Access.
• Runs IDA Diagnosis Tool to get the endpoint information (i.e., Switch Name, Connected Interface, MAC Address, ISE Endpoint Information), which is used to estimate the failure, risks before change windows.
• Performed Imperva, SecureSphere DAM an WAF Health Checks.
• Having knowledge Center style expertise, putting in and Configuring Network Devices in a very knowledge Center as well as mend the cables within the Patch Panel. style and enforced network
• Experience in using netscout sniffer analysis for testing the performance of the network
• Hands-on expertise within the network management of circuit’s mistreatment TDM and Frame Relay Managing and providing support to numerous project groups with regards to the addition of recent instrumentation like routers switches and firewalls to the DMZs.
• Designed WLAN network in newly constructed emergency management center. maintaining and operation including design and rollout of over 360 Cisco Wireless devices utilizing Cisco WLAN controllers.
• Worked on maintaining carrier grade features to SDN control plane with ONOS Distributed Core, thus providing scalability, high availability and sharp performance.
• Implemented a framework for testing ONOS scale-out effect which was based on topology discovery throughput and latency for Southbound and Intent latency and throughput for northbound traffic
• Provided redundancy in a very multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
• Migrate Multi-site backups from Netbackup & Commvault to Networker 8.2 and/or Avamar 7.2 & Data Domain. As a result faster, source based de-duplicated backups, Virtual Backup Appliance integrated to Vcenter, while using existing backup hardware and network.
• Backup all applications (Oracle, Sharepoint, SQL, Exchange, Active Directory), Operating Systems (UNIX, Linux, HPUX, Solaris, Windows), VMware and NAS devices (Isilon, VNX, NetApp, PureStorage) via Networker module, agent & plugins, to simplify backup, recovery process and administration
• Handling enterprise outages effectively and driving towards the resolution. Coordination of fault escalations in conjunction with the first high-level technical management of high priority or technically complicated calls.
• Knowledge and skill of 802.11 a/b/g/n LAN normal for wireless Technology.
• Working with capability management on network information measure utilization coverage of the websites WAN link and merchant co-ordination for brand spanking new site turnovers / WAN links.
• Designing large scale MPLS & Frame relay on Cisco environment for more than 5000 Retail sites, 100 Distribution centers, 100 offices and 3 datacenters. About 50 sites with Tellabs 8660/8630/8605. MPLS-TE, L2/L3 VPN services for 2G/3G base stations. MPLS-TE, L2/L3 VPN services for 2G/3G base stations. 1588v2 synchronization.
• Preparing Metrics report description on SLA performance of tickets and method quality report back to analyze team performance & discussion on the advance areas (By monthly).
• Providing coaching to new commers and effectively operating towards a method quality improvement within the Team.
• Configure best route map configurations in the new Cisco IOS XR Routing Protocol Language (RPL).
• Supporting EIGRP and BGP supported the network by partitioning level two & three issues of internal groups & external customers of all locations.
• Office 365 Admin - create and configuring new user ids, profile on online exchange with Distribution List, Groups, SharePoint Access.
• Install, configure, and troubleshoot Cisco CMTS and DOCSIS related devices.
• Provide monitoring and alerting of critical applications using the Riverbed SteelCentral NetProfiler, Transaction analyzer, and NetSensor.
• Troubleshoot Network connectivity/Security issues using Fore Scout Counter Act Console.
• Perform packet analysis using Riverbed SteelCentral ARX and SteelCentral packet analyzer.
• Performing troubleshooting on slow network property problems, routing problems that involves OSPF, ISIS, BGP and distinctive the foundation reason for the problems.
• Adding users and devices to TACACS Server, Generating reports from TACACS, Incident Handling, tracking and responding to all incidents of TACACS Server, Handling Account renewals, password reset for TACACS .
• Extensive active expertise with complicated routed local area network and WAN networks, routers and switches.
• Hands-on expertise with Ether Channel, Spanning Tree, Trucking, ACLs, Syslog. Expertise within the setup of HSRP, Access-Lists, and RIP, EIGRP, Fabricpath and tunnel installations.
• Configuring Cisco Meraki and managing them.
• Insure telecom systems are functioning at their peak performance.
• Developed network reporting tools in MS Excel based upon end user requirements to analyze NetFlow and traffic data.
• Analyzed system demand, forecasted traffic, and monitored individual traffic flow using NetFlow provided by Cisco Stealthwatch (previously Lancope) and internal Excel-based tools
• Installed and implemented Forescout Counter ACT which used for discovering devices connected to network and monitoring them.
• Participated in understanding the EPC architecture.
• Executing RADIUS pre-deployment tasks like ISE setup, loading templates into Cisco Prime.
• Installed and implemented Digital guardian DLP (Data Loss Prevention), network DLP and Data visibility and control.
• Used monitoring tools (Zenoss, Orion Solarwinds, SCOM, Putty, Cacti, and NetMRI) to address outages and service degradation of routers (Cisco 18xx and 38xx series), switches (Cisco 2950, 3550, 3560, 3750, 45xx, and 65xx series), APC power supplies, and data circuits for over 50 national government office sites and data centers
• Outstanding experience in designing and configuring of Layer 2 / 3 networking features such as VLAN, ISL, STP, VTP, 802.1X, Port Security, L2PT and SPAN.
• Interaction with IDT and AVERT team for critical issues related to IPS Signatures.
• Tested MacAfee's e-mail security products (group shield, portal shield, IPS, Spam killer with exchange 2003/07/10.
• Proficiency in configuration of VLAN setup on varied Cisco Routers and Switches.
• Work allotted tickets to see the purpose of failure and resolve issues remotely utilizing obtainable tools and different Operation Center resources.
• Manages InfoBlox NetMRI for inventory, policy compliance and configuration management.
• Monitor the network using cisco prime, HRping.
• Analyzed and tested network protocols (Ethernet, TCP/IP) mistreatment Wireshark tool.
• Provide step-up support to L1 members of network team.
• Worked with completely different ISP globally for any WAN circuit and BGP routing problems. Gap up cases for cerium routers, river bottom optimizer problems. work & intensify issues effectively so as to satisfy client SLA's (service level agreements).
• Perform downside management and root cause analysis for purchaser’s.ma
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.

Environment: Nexus 2k/5k/7k, juniper EX, QFX Cisco 6500/7500/7200 Routers, Broadcom switches, Juniper SRX100, Palo Alto Fire Walls, checkpoint, Bluecoat proxy server, LAN, WAN, OSPF, RIP, BGP, EIGRP, HSRP, PPP, VPN, Checkpoint, Cisco ASA, Cisco ACI.

Confidential, Boston, MA

Network Security Engineer

Responsibilities:

• Responsible for fitting the infrastructure surroundings with majority of Cisco ISE & Palo Alto appliances except for varied different instrumentality.
• Efficiently exploitation ServiceNow tool for generation of tickets, distribution severity to incidents, following up with incident standing and troubleshooting incidents.
• Excellently used Splunk to research and monitor incident management and incident resolution issues.
• Analyzed and monitored incident management and incident resolution issues exploitation Splunk.
• Backed up Electronic health record systems via File system backup (EPIC). Thus, faster backup and restore times.
• Perform 24x7 log monitoring - review and analyze system security logs.
• Monitored & analyzed system logs on Symantec Endpoint Protection anti-virus, Symantec Data Center Security & Credant Encryption servers.
• Responsible for implementation/installation of LAN/WAN/SAN, Aruba Switches, Aruba WirelessAP’s and Aruba Virtual Controllers.
• Hands on Experience in wireless RF site surveys and RF spectrum analysis.
• Good Experience in performing wireless site surveys using Air magnet software.
• Working on Cisco 4400, 5500 series wireless controllers, Cisco 1130, 1140, 3602 and 2600 Series Access point.
• Configured TCP idle timeout settings for Azure Load Balancer, Configured the distribution mode for Azure load balancer, and configured multiple VIPs for a cloud service.Configured Site-to-Site connection in the Azure portal
• Experience in the AWS cloud networking like VPC, Direct Connect, etc.
• Experience on the load balancers including AWS ELB
• Experienced in deployment, management and standardization of DNS/DHCP/IP management, DDI Services (IPAM).
• Solution program manage TrustSec and SecureX cross multiple Business Units.
• Made recommendations for the findings, what rules and which ones to be turned on within the IDS.
• Administration of Cisco Meraki Network switches, routers and teleworker gateways.
• Support, Trouble shoot and upgrade small Aruba Wireless Networks at 2,200 remote dialysis clinics across the united states.
• Policy provisioning, access to specific segments of the networks through Cisco ISE.
• Engineered, configured and deployed routers using Cisco ISE.
• Daily responsibilities included design, implementation, support and administration of multiple security products running CheckPoint Provider-1, SourceFire.
• Trained in products like Extrahop, Clear Pass, Splunk, F5, Palo Alto, Gigamon and Inflobox.
• Modified existing ACL's, IPsec and preform network translations. WAAS installed for increased network efficiencies and speed. Setup InfloBox for local DHCP & DNS configuration. Axon's for accessing Motorola and Symbol wireless network. Configure Imdyne, SMDR, LRT devices and IP adjustments for local NAS.
• Using InfloBox - Grid Manager - to Assign IP address to new server Builds, Production DNS System - Used for IPAM.
• Do static and dynamic (SMA/DMA) malware analysis on malicious files (in virtual environment) caught by IPS/IDS technology using verity of security tools (Netwitness, Sourcefire, Fidelis, Splunk, BigFix, ePolicy Orchestrator (ePO), Site protector etc.
• Work with ONOS to break free from the operational complexities of proprietary interfaces and protocols.
• Lead effort to replace 1000+ Aruba 200 controllers and over 2000 AP61 in Dialysis clinics across the USA.
• Administration of Meraki MDM for organizational cell phones and tablets.
• Junos upgrade and configuration on chassis clusters of SRX 240 devices.
• Creating virtual chassis (EX switches) and chassis clusters (SRX 240).
• Design for Guest Network and Mobile Access Network for NAC Solution, comprising of an Aruba Wireless LAN Controller solution in DMZs/Internet Gateways with Fore Scout Counter Act NAC Appliances for NAC.
• Work with layer 2 technologies including Ethernet multi mode fiber, single mode fiber and media converters.
• Developed disaster recovery procedures for Symantec Endpoint Protection anti-virus, McAfee anti-virus & Symantec Data Center Security enterprise security solutions.
• Used Test Tool Spirent for testing a switch to Verify ONF Open Flow Specification.
• Researched, designed, and replaced aging stop firewall design with new next generation Palo Alto appliances serving as firewalls and URL and application review.
• Maintained/monitored a multi-vendor LAN/WAN consisting of Juniper, Cisco, and ATM equipment in a multicast heavy network environment.
• Implemented and configured Cisco NAC-L2-802.1X and performed Riverbed RIOS operating system upgrades throughout enterprise architecture.
• Managed a team with serval team members to Upgrade ASA’s from 8.x to 9.x, Install Firepower and FireAMP for Endpoints, Sourcefire.
• Linux / Unix systems integration with puppet, pulp and RHSAM.
• Linux and UNIX systems integration with Microsoft Active Directory.
• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE), VPN
• Upgraded and updated Cisco IOS from 12 .3T to 12.4. Accustomed DHCP to mechanically assign reusable information science addresses to DHCP shoppers.
• Directed implementation of Fore Scout Network Access Control system for automated network security and DOD Compliance.
• Configuring and troubleshooting perimeter security devices like stop NGX R77 Gaea, Provider-1/MDM, Secure Platform, Palo Alto and cisco ASA Firewalls.
• Palo Alto style and installation (Application and URL filtering, Threat bar, information Filtering).
• Proactively monitored network health and activity through NetQoS NFA, eHealth, Infoblox, Proteus, ServiceNow, zScalar, Wireshark and Splunk.
• Update and modify KB network monitoring tool, NetFlow, Solarwinds and NETMRI for all new/old devices
• Identify and resolve network threats Recognizing Man in the middle attacks, DDOS, Session Hijacking, Rogue Access Points, Honeypots, WarDriving, WarChalking, Phishing, Vishing and Social Engineering
• Generate a wide variety of reports on firewall and IDS activity notifying the end customer concerning suspicious traffic.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs exploitation varied tools.
• Upgrading the equipment with latest OS (IOS, NX-OS, JUNOS).
• Black listing and White listing of web URL on Bluecoat Proxy Servers.
• Performing URL filtering and content filtering by adding URL 's in Bluecoat Proxy SG's .
• Serve as the primary data point for internal and external auditing processes, including third-party data for quarterly and annual reports.
• Interaction with IDT and AVERT team for critical issues related to IPS Signatures .
• Experience in using netscout sniffer analysis for testing the performance of the network.
• Configured and maintained netscout, ngenius 4200 series packet flow switch as load balancer.
• Successfully put in Palo Alto PA 3060 firewalls to protects information Center and provided L3 support for routers/switches/firewalls.
• Integrated ISE with an MDM solution for mobile devices including onboarding using EAP- TLS.
• Maintained SIPRNet Cisco ACS (TACACS) servers.
• Deployment, configuration, and management of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS (Radius and TACACS+), and Cisco Prime Infrastructure.
• Integrated TACACS and LDAP for user authentication on webpage and device
• Implemented Zone primarily based Firewalling and Security Rules on the Palo Alto Firewall Exposure to wild hearth feature of Palo Alto.
• Maintained and managed networks running EIGRP and BGP routing protocols.
• Regularly performed firewall audits around stop Firewall-1 solutions for purchasers.
• Provided tier 3 support for stop Firewall-1 software system to support customers.
• Work on stop Platform together with supplier sensible Domain Manager. Worked on configuring, managing and supporting stop Gateways.
• Configuration of routing protocols EIGRP and BGP for little to medium sized branches supported company branch standards, together with distribution and route maps.
• Experience configuring multiple models of Cisco ASA, 3750, 6500, 7600, 3800, ASR 1k/9k, and ISR platforms.
• Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and also configure 2k, 3k,7k,9K series Routers.
• Helping remote and locals users daily technical issues for e.g. related to windows 7 and 10, Internet Application access issue, Shared or mapped folder access issue, office 365.
• Holds good exposure in (VitalQIP, Infoblox & Efficient IP) - IPAM software, DNS, DHCP.
• Have good exposure on IPAM, BIND DNS and DHCP concept.
• Build Incognito DHCP server using Debian O/S and configure rules and classes for DOCSIS headends.
• Access purpose refresh and implementation at varied sized branches and locations.
• Used network observation tools like Spectrum to confirm network property and protocol analysis tools to assess and pinpoint networking problems inflicting service disruption.
• Worked with management and various departments to develop procedures and troubleshoot issues as they arose.
• FireMon System Administration - patches, upgrades, user provisioning/Deprovisioning, system monitoring, troubleshooting user support, ticket triage, data feed maintenance.
• Overall firewall onboarding to FireMon - firewall change orders, system implementation, setup of accounts on firewall and FireMon system, set-up of requestors and approvers.
• Build IT security infrastructure together with stop, Juniper and Palo Alto firewalls
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health observation.
• Configuring Juniper NetScreen Firewall Policies between secure zones exploitation NSM (Network Security Manager)
• Experience working on IXIA and Landslide and troubleshooting using IRIS, NetScout, nGenius and Wireshark.
• Backup and restore of stop and Cisco ASA Firewall policies
• Handling Break/Fix things, monitor, configure, policy creation on Checkpoint's sensible Center Server running on Secure Platform
• Monitoring Traffic and Connections using cisco prime and solar winds
• Manage project task to migrate from Cisco ASA firewalls to examine purpose firewalls
• Worked extensively in Configuring, observation and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover demilitarized zone sectionalizing & configuring VLANs/routing/NAT with the firewalls as per the planning

Environment: Nexus 2k/5k/7k, Cisco 6500/7500/7200 Routers, Cisco 3550/4500/6500 switches, HP (7510,7506) switches, Brocade VPX, ICX series switches, Palo Alto Firewalls, Viprion 2400 BlueCoat proxy server, LAN, WAN, WLAN, OSPF, RIP, BGP, EIGRP, HSRP, PPP, VPN, Checkpoint, Cisco ISE.

Confidential, Santa Ana, CA

Network Engineer

Responsibilities:

• Configuration 7609, 7606 with OSPF, Broadcom (PEX) Switches, juniper (EX, QFX, QFabric) switches with various VLAN’s.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70 & R77, Fortinet NGFW series firewalls and Cisco ASA.
• Hands on experience on all software blades of Check Point Firewall.
• Design and Build Windows 2000, 20, Servers.
• Active Directory Installation, Maintenance and Upgrades.
• Python scripting for automation of difficult tasks
• Modernized old backup and recovery technologies using select solutions (Networker, Avamar, Quantum VTL and Brocade). Backup all operating systems and applications (Linux, Unix, Windows, exchange)
• Responsible for All Software Installations on Both the Servers and Workstations. This Includes Antivirus Software and Any Custom Applications.
• Provided technical expertise and consultation in network administration, security prevention with Akamai and secure works, Cisco WCS (Wireless Control System) for Wi-Fi and Fore Scout for wired breaches.
• Install network backbone, wireless controllers and wireless access points (Cisco, Aruba, Ruckus) .
• District Wireless Network Specialist with experience installing, maintaining, optimizing, and troubleshooting the district's Enterprise Wireless solutions from Aruba and Meru Networks, as well as extensive HP/Aruba Procurve switch knowledge.
• Participating in Confidential LUNs setup for VMWare vSphere and Linux servers.
• Experience in Network administration, management and monitoring using Solarwinds, Tivoli, Infoblock, ACS and ISE.
• Support and management of Enterprise wireless solutions; Aruba and MERU, which includes provisioning and troubleshooting access points in a controller and virtual controller based environment as well as real-time monitoring with the AirWave management platform.
• As an ISE lead primary responsible to provide design, consulting and implementation documents to support ISE security services to the client.
• Oversees the activities that involve design/build/support of ACI Hosting and Operations network environments, to include Greenfield build of 2 data centers in Europe from Cisco ACI SDN Network to NX-OS SDN network.
• Secondary Engineer to create a new solution including new construction and installation of a full mesh wireless and wired network with a full ISE installation, Crestron, CISCO VTC and Polycom voice all integrated into the secure network topology
• Configuring and maintain the Cisco ACI.
• Use NetMRI configuration management software to run command batches and perform network automation tasks.
• Implemented Layer 2 and Layer 3 security on routers & switches
• Migration from B 2100 F5 blades to B 2250 series in Viprion 2400 boxes. Troubleshot, configured and managed both models licensed for LTM and GTM.
• Server load-balancing utilizing F5 LTM-Big IP, including APM, ASM and viprion device modules.
• Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies.
• Create and test Cisco router and switching operations using OSPF routing protocol.
• Configuration and troubleshooting link state protocols like OSPF in multiple areas.
• Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
• Implemented MPLS VPN networks to test various problem reproductions in lab
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Configuration and troubleshooting of Cisco 6500, 7500, 7200 Series routers.
• Extensively worked on Nexus 5k and 7k configured and troubleshoot.
• Managing and supporting large scale MPLS & Frame relay on Cisco environment for more than 5000 Retail sites, 100 Distribution centers, 100 offices and 3 datacenters.
• Troubleshooting issues related to Layer 1/2/3 skills like switching / routing, WAN /Hardware and critical network links by coordinating with the vendor.
• Verifying the configurations of ACL, Firewall and TACACS+ on the CPE.
• Design and Implement DMZ for FTP, Web and Mail Servers with CISCO PIX 506, PIX515
• Involved in Configuration of Access lists (ACL) on ASA firewall for the proper network routing for the B2B network connectivity.
• Provided proactive threat defense with ASA that stops attacks before they spread through the network.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
• Configured the Cisco router as IP Firewall and for NATing.
• Developed a detailed test plan and executed test cases using IXIA for traffic generation.
• Having Data Center Design Experience, installing and Configuring Network Devices in a Data Center including patching the cables in the Patch Panel. Design and implemented network
• Implement changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineer’s instructions and troubleshooting any related issues.
• Involved in Switching Technology Administration including creating and managing VLANS’s, Port security, Trunking, STP, Inter-VLAN routing, LAN security etc.
• Deploying Layer 2 security in Server Farms by configuring switch for 802.1x port based authentication.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.

Environment: juniper (EX, QFX, QFabric) Switches, Broadcom(PEX), Fortinet, CheckPoint, PaloAlto Firewalls, Cisco ACI, Viprion 2400 Cisco 6500/7500/7200 Routers, Nexus, 5K,7K, LTM, GTM, F5 Load Balancer, ASA, OSPF, BGP, EIGRP, RIP, LAN, WAN, SSL/VPN.

Confidential

Network Engineer

Responsibilities:

• Configured and deploying Cisco catalyst 6506, 4948E, 4510 switches, Broadcom(PEX), Cisco 3660, 3845, and 7609 series Routers.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Experience in migration of VLANS.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls
• Involved in the troubleshooting aspects of complex network infrastructure using the routing protocols like EIGRP, OSPF & BGP.
• Implementation of Access Lists for allowing/blocking desired traffic.
• Configuring VLANs/routing/NATing with the firewalls as per the network design.
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.
• Configuration and maintenance of Cisco PIX and ASA firewall systems.
• Good knowledge in systems integration, software hardware emulation experience.
• Responsible for Configuring, Maintaining, And Repairing All Servers, Workstations, Laptops, And Peripherals.
• Worked on change management documentation of Network infrastructure design using Microsoft Visio, SYSLOG.
• Perform setup of test scenarios, both hardware and software components, and perform troubleshooting.
• Experience working in Datacenter environment, configuration changes as per the needs of company.
• Configured and performed troubleshooting on link state protocols like OSPF in single area and multiple areas.
• Configure and support Private BGP Peering with transit providers.
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users. Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Aided in troubleshooting potential network issues in rolling out ISE .
• Configure iBGP and eBGP peering between L3 routers and core routers
• Configuring, implementing and troubleshooting VLAN’s, VTP, STP, Trucking, Ether channels.
• Designing, implementing LAN/WAN configurations on Cisco 5K, catalyst 6500 switches.
• Installing, configuring Cisco 2500, 2600, 2800, 3600 series routers and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
• Experience in configuring, upgrading and verifying the NX-OS operation system.
• Troubleshoot issues with network connectivity and issues related to neighbor relationship and peers
• Experience working with Nexus 7010, 5020, 2148, 2248 switches.
• Experience configuring Virtual Device Context in Nexus 7k series switch.
• Strong knowledge on networking concepts like TCP/IP, Routing and Switching.
• Designed, configured, implemented site-site VPN on Cisco ASA 5500 firewall.
• Implemented, configured redundancy protocols HSRP, VRRP, GLBP for Default Gateway Redundancy.
• Worked in projects converting P2P circuits into MPLS circuits, commissioning and decommissioning of the MPLS circuits for branch offices.
• Worked on testing tools like Ixia and Spirent traffic.
• Configuration and installation of MySQL on FreeBSD/Linux servers.
• Configuring and resolving various OSPF issues in an OSPF multi area environment.
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing).
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
• Implementing, configuring, and troubleshooting various routing protocols like RIP, EIGRP, OSPF, and BGP
• Performing network monitoring, providing analysis using various tools like Wire Shark, Solar winds.

Environment: CheckPoint, CISCO ASA, PIX, Broadcom, Cisco 6500/7500/7200 Routers, Nexus, 5K,7K, LTM, GTM, CISCO ASA, OSPF, BGP, EIGRP, RIP, LAN, WAN, SSL/VPN.

Confidential

Network L1 Engineer

Responsibilities:

• Performed Troubleshooting and observed directing conventions such OSPF, EIGRP & BGP.
• Involved in composing investigating rules for MPLS VPN.
• Experience with conventions, for example, Frame Relay, IEEE 802.11 and VLAN, OSPF and BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP and TELNET.
• Installed, designed (through CLI & SDM) and oversaw CISCO Routers and Catalyst switches.
• Set up Internet, executing Networking items like Servers, Proxy servers, Switches, Firewalls, Routers.
• Involved in client accelerations and investigating issues identified with integration, STP, VLAN, Trunking, VTP, Layer 2/3 exchanging, Ether channels, Inter-VLAN directing, log messages, high CPU usage and parameters that can debase execution of system.
• Configured VLANS on different impetus switches performed investigating on TCP/IP system issues, Administered Frame-Relay and systems.
• Provided specialized backing and issue determination for the LAN and its surroundings by breaking down the issue, recognizing the reason and circumstances of the issues and discovering an answer for the distinguished issue.
• Good knowledge in Configuring Access Control List ( ACL).

Environment: Windows Server, Windows NT, CISCO 2600, 2800 and 3200 series routers, CISCO 3300 and 2950 switches, TCP/IP, Proxy servers, Switches, Firewalls, Routers, ACL .