SUMMARY

• Network Security Engineer with an experience of over 7 years in Network Security, design, install, support, troubleshoot including a broad range of LAN/WAN/MAN, enterprise networks and service provider systems.
• Strong hands on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers, ASA Firewall (5505/5510), Load Balancers using Cisco ACE, F5 LTM/GTM, Security Device Manager (SDM), Cisco Works, HP Open View, Solar Winds, Sniffer, Palo Alto Networks Firewall models (PA - 2k, PA-3K and PA-5K).
• Expertise in configuring switching protocols such as ARP, RARP, VTP, PPP, VLAN, STP, RSTP, PVST+, HSRP, GLBP, VRRP and Routing Protocols such as RIP, OSPF, BGP, EIGRP, IS-IS, and MPLS.
• Worked with F5Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating, authentication controls (Radius, TACACS+).
• Experience in physical cabling, IP addressing and Subnetting with VLSM, configuring and supporting TCP/IP, DNS, installing and configuring proxies.
• Hands-on experience in installing, configuring, maintaining and troubleshooting Cisco Switches, Cisco Routers, Juniper EX Switches, Juniper Routers and Cisco Nexus Switches.
• Utilized Network protocols on AWS cloud Deployment such as BGP, ECMP, ACL, VIP, and NIC on AWS VPC.
• Good Experience with Python web frameworks such as Django, Flask and Pyramid Framework.
• Experience with CISCO NEXUS data center infrastructure with 9k, 7k, 5k,2k and IK series switches including CISCO NEXUS Fabric Extender
• Experience with the conversion of Checkpoint VPN rules over to the Cisco ASA technology. Migration experience with both Checkpoint and Cisco ASA VPN.
• Experience on LAN networking, TCP/IP model, IP addressing and sub netting.
• Experience in layer-3 Routing and layer-3 Switching. Dealt with Nexus models like 9K, 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
• Managed Datacenter of F5 load balancers, Cisco 4500, Juniper M120 and Extreme switches.
• Implemented highly secure network solutions leveraging networking tools including Cisco IOS-XR, IOS-XE, Cisco ASA and SD-WAN solutions.
• Migration of firewall rules from Cisco ASA, Checkpoint to Palo Alto firewalls using migration tool from PAN.
• Configure and administrate LDAP, NFS, FTP, SAMBA servers in Red Hat Enterprise Linux.
• Experience with troubleshooting of SDWAN queries through Router based SDWAN technologies.
• Hands on experience of troubleshooting router based SDWAN failover of traffic.
• Initiating alarms inCloudWatchservice for monitoring the server's performance,CPU Utilization, disk usage etc. to take recommended actions for better performance.
• Expert-level knowledge of Amazon EC2, S3, VPC, RDS, Elastic Load Balancing, Autoscaling, IAM, SQS, security groups, Lambda, Cloud Watch and other AWS services.
• Experience with monitoring tools such as Cloud Watch, Splunk and Nagios.
• Excellent communication skills, quick learner, enthusiastic, motivated and a team player.
• Experience with Vulnerability Assessment Tools: Nessus, DB Visualizer and Qualys WAS, Netsparker.

TECHNICAL SKILLS

Router platforms: Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series), Nexus 9K,7K, 5K, 2K & 1K.

Switch platforms: Cisco 2900XL, 2950, 2960, 3560, 3750, 4500 and 6500, Nexus (2K, 5K, 7K and 9K), Meraki Switches: MS220& MS 320, Meraki Access Points: MR26, MR34, MR42, & MR66

Juniper Platforms: SRX, MX, EX Series Routers and Switches, MX40, MX80 and MX240

Networking Concepts: Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, BGP, PSPF, MPLS, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi

Cloud Concepts: AWS- IAM, GCP, VPC, S3, EMR,Route53, Cloud Front, Cloud Front Distribution VPN, Data Migration, Cloud development tools, CI/CD tools, SCM

Firewall: Juniper Netscreen 6500, 6000, 5400, Juniper SSG, SRX5600, SRX5800, CheckPoint (NGX, R65, R70 and R71), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks (PA-2K, PA-3K and PA-5K), Panorama, Meraki Firewall MX80

Network Management/Monitoring: Solar winds, HP NNMi 8xi (Network Node Manager), Net flow and Cisco prime, Ethereal / Wireshark, TCP Dump.

Programming and Scripting: Bash, Perl, Python, REST, Java, TCL, C++, Pascal, Assembly and C.

Load Balancers: F-5 BIG-IP LTM 2000, 3900, 5000, 6400, 6800 AND 8900, LTM, GTM, Bluecoat SG8100, AV 510,Brocade ADX.

WAN technologies: ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPsec, SSL, AAA, Access-lists, prefix-lists, SSL-VPN, VMWare vShield, VMWare ESXi 3.5, VMware Server, TSL, CISne

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6

Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix, FOS

PROFESSIONAL EXPERIENCE

Confidential, Chicago, IL

Sr. Network Security Engineer

Responsibilities:

• Installation and Configuration of Composite Network models consisting of Cisco7600, 7200, 3800 series routers and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 5000, 6500 Series switches.
• Configured routing protocols such as OSPF, EIGRP, and BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy. It also includes the configuration of the port channel between core switches and server distribution switches.
• Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
• Configured Multiprotocol Label Switching (MPLS), VPN with Routing Information Protocol (RIP) on the customer’s Site.
• Monitored Networks & Infrastructure withCisco Prime, NetBrain, Solarwindsfor Data Center operation.
• Provided application level redundancy and availability by deploying F5 load balancers LTM, GTM.
• Upgrading system images on Nexus 5 and 7 multi-layer switches using kick start and FTP server.
• Configured Multicasting by using protocols such as PIM and IGMP.
• Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
• Configuration for Cisco 3750, LB9 series switches and juniper QFX5100 series routers using configuration builder tool by running python script.
• Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
• Worked on Cisco Wireless Controllers 5500’s and 2500’s and coming to access points, worked on 3700’s, 3500’s and 1142 access points.
• Implemented Zone-Based Firewalling and security rules on the Palo Alto Firewall.
• Migrated 1500 Plus existing traditional Network setup to Fortinet SDWAN technologies for client network.
• Worked on emerging trends like SDWAN and implementation of the in house SDWAN product working closely with development and testing team.
• Used Python scripting for network sniffing and managed parameters for pool of servers and updated, automated and migrated different services and software by means of Ansible.
• Implemented and troubleshooting security rule and NAT rule in Firewalls including Check point, Juniper (JunOS and NetScreen), and Fortinet.
• Migration/Installation of complete SDWAN setup from Cisco environment in remote offices.
• Implemented a large number of security policy rules and NAT policy rules on Palo Alto, created zones, implemented Palo Alto Firewall interface and Palo Alto IDS.
• Create/delete/modify Firewall rules in order to provide access or block unwanted traffic to/from external, internal and DMZ network.
• Troubleshooting tier 3 security issues for different security platform including Check point, Juniper (JunOS and NetScreen), and Fortinet.
• Configure all Palo AltoNetworksFirewall models (PA-2k, PA-3k, PA-5k, PA-6k) as well as a centralized management system (Panorama) to manage large scale Firewall deployments
• Managed Infoblox Grid Manager to manage DNS Forward and Reverse Lookup zones.
• Worked in the redistribution into OSPF on the core ASA firewall.
• Worked in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
• Worked in the modification and removal (wherever necessary) of BGP from the MPLS routers.
• Worked in designing L2VPN services and VPN-IPSEC authentication & encryption system.
• Configure and maintain CDN level configurations- Monitor CDN performance and metrics - Supporton-call teams for operational issues and performance degradation- Enhance CDN monitoring andperformance tracking.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Configured and implemented F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.
• Provided operation support for Cisco ACI, ASA, VMWare, Checkpoint and Palo Alto, VMWare NSX Firewalls.
• Troubleshoot the F5 VIPRION LTM and GTM/AVI (VMWare software-based load-balanced applications when needed.
• Configured networks using routing protocols such as RIP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
• Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
• Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
• Experience working with Active Directory (as a centralized system) to automate network security management and user data.
• Used Cloud Watch for monitoring AWS cloud resources and the applications that deployed on AWS by creating new alarm, enable notification service.
• Responsible for managing all aspects of the Vulnerability Risk Management Program including vulnerability identification, analysis, remediation coordination and reporting.

Environment: F5 Load Balancer, Juniper SRX, Cisco ASR 1001/ISR 7206/3845/3945/2951 routers, AWS VPC, NEXUS 7010 / 50 / 3850 switches, Python, TACACS, BGP, SD-WAN, OSPF, Mobile Iron, Palo Alto, Panorama, Cisco ASA 5580/5505/5520 , Cisco ACE.

Confidential, Fort Worth, TX

Network Security Engineer

Responsibilities:

• Deployed and maintained security/network devices and data centers for Service provider network.
• Involved in the configuration & troubleshooting routing protocols like MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and MPLS.
• Experience with Installing and troubleshooting Data center migration with 24/7 support.
• Expert in configuring Cisco Routers, Catalyst Switches, Nexus Switches.
• Architect WAN solution using the AutoVPN technology with Cisco Meraki MX security appliances including DC to DC failover and SD-WAN capabilities.
• Has experience in working on cloudAWScloud EC2, S3, RDS, Load Balancer, Auto Scaling withAWScommand line interface andAWSpython SDK.
• Authoring and modification of CPS/CP, liaison and yearly training for PKI Policy Authority and PKI trusted role holder. Creation and implementation of security policy (physical and logical) to secure CA servers and PKI infrastructure.
• Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
• Automated network implementations and tasks and designed monitoring tools using python scripting.
• Collaborated in moving on-premises Data Networking Configuration to AWS Cloud.
• Established routing protocols, Inbound & outbound rules on AWS VPC
• Utilized Network protocols on AWS cloud Deployment such as BGP, ECMP, ACL, VIP, NIC on AWS VPC.
• Worked on AWS hardware VPN access on Public, Private Subnets.
• Upgraded Cisco 6500, 3750, 2960s, Nexus 5000, Nexus 2000 and Nexus 7000 switch software.
• Worked extensively with ASR 9K (9010/9922), Nexus 7000, 5000, 2000, Cisco 6500 series multilayer switches, Cisco 2960s series switches and Cisco 3560/3750s switches.
• Worked with Palo Alto firewalls PA5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Monitored performance of network appliances and WAN utilizing using network analyzer like Wireshark.
• Monitored Network Infrastructure withCisco Prime, NetBrain, Splunkfor performance and issues.
• Configuration and providing management support for Palo Alto and Checkpoint Firewalls (R75, R76 and R77).
• Configuration, Troubleshooting, and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Successfully configured and maintained Site to Site IPSEC and SSL VPN's on Palo Alto firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Helped installed F5 VIPRION load balancers for one of our new data centers.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Monitor and troubleshoot BGP, EIGRP, TI circuits, and cellular backup circuits via ICMP and SNMP ticketing systems.
• Implementing Citrix NetScaler 10 for Networking and Traffic Optimization (CCA) (BETA).
• Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 3900.
• Researched, designed and replaced aging Cisco ASA firewall architecture with the new Next Generation Palo Alto appliances serving as firewalls for URL application inspection.
• Performed installation and configuration Cisco Secure Access Control Server (ACS) configuration for AAA (RADIUS) authentication.
• Worked on Blue Coat Proxy SG to safeguard web applications (Blacklisting and Whitelisting of web URL) in extremely untrusted environments such as guest Wi-Fi zones.
• Develop Engineering Documentations to record F5 environment and change processes LTM/GTM/iRules.
• Performed vulnerability/risk assessment analysis using Nexus to detect potential risks across the network.
• Provided support for a Cisco VOIP Multi - cluster environment.
• Performed daily administration and addition of user accounts in Cisco VOIP Unified Call Manager 6.1.

Environment: Cisco ACS, Cisco ASA, Palo Alto, VPN, Python, Cisco Meraki, Panorama, Cisco 6500, 3720, EIGRP, RIP, BGP v4, and MPLS, AWS Cloud, Nexus Switches, F5 BIG - IP LTM 3900.

Confidential, San Francisco, CA

Sr. Network Security Engineer

Responsibilities:

• Working with data-center deployment group for data-center refresh project.
• Deployment of Cisco 4900, 3750, 2960 switches, along with Cisco ASR 1K, 6509s (Sup 720)
• Configuration of routing protocols OSPF, BGP and policy based routing.
• Providing support for the Layer 2 and Layer 3 devices in the Network.
• Perform IOS upgrades in Cisco Routers and Switches.
• Scaling of BGP and IGP in the core, dealt with implementation of deployment related to Cisco devices and applying security policies on it.
• Responsible for installation, configuration and management of 2 individual Vsphere Clouds, consisting of a total of 15 ESXi 5.0-5.5 hosts and 2 VCenters 5.5
• Firewall monitoring with Firemon, Algosec, and Palo-Alto Pan OS and Cisco ASDM.
• Over 300 VMware guest machines existed within the four Clouds.
• Configuration and management of 5 clusters in 2 Vsphere Clouds.
• Experience in Implementation of Site Recovery Manager SRM 5.8 and Creating SRM Place holders and Mappings along with designing the SRM to use along with a Shared recovery site.
• Extensively worked on four End-to-End Data-center Migration including application servers, Database servers, Web servers and cloud (AWS/Azure) Migration
• Provided capabilities in supporting Boundary Security Devices, Active Directory, and firewalls to provide F5, TMG and Wireless Application Protocol (WAP) services.
• Configured Policies on Juniper Net screen and SRX firewalls and Palo alto as well.
• Configured Security policies including NAT, PAT, VPN, Route-maps and Access Control Lists.
• Designed and implemented a net new VXLAN/ EVPNdata center fabric (Cisco 9k & DCNM) then integrated it into existing infrastructure with minimal disruption, CAPEX savings at BOM/PO.
• DCI implementation between data-centers with BGP-EVPN/VXLAN cross site connectivity. Protocols frequently used:BGP-EVPM, VXLAN, MPLS/VPLS, OSPF, MST.
• ImplementedAWSnetworking services Amazon VPC for the Private/Public Cloud, EC2 instances, IAM, and S3.
• Deliver Solution to improve Cloud architecture, deployment for AWS and Azure clouds.
• Worked extensively with Nexus 9K, Catalyst 3K, 6K and ASR 1K,ISR 4K and CSRv.
• Replaced / Upgraded Nexus 9K/7K/5K/3k/2K and Catalyst 65xx/VSS/Cisco boxes.
• EstablishAWStechnical credibility with customers and external parties.
• Release management of all significant public EC2 launches.
• Create Azure virtual machines in Azure and AWS, Set up domain controllers in Azure and AWS.
• Build & Install new Cisco UCS systems in new Data Center
• Configure Distributed Resource Scheduler (DRS) to load balance VM guest machines within ESXi hosts in the Cloud.
• Manage/maintain switching infrastructure - Catalyst 2K, 4K and 6500 LAN switches; Cisco Nexus 2K, 5K, 7K 9K switches with VPC, Fabric path.
• Recently refreshed data center access layer with Nexus 9k's to prepare the infrastructure for future SDA or SD WAN requirements
• AWSdata backup (snapshot, AMI creation) techniques, along with data-at-rest security withinAWS.
• Design and Implementation of OSPF Areas for reliable Access Distribution and for Core IP Routing.
• Redistribution of routing protocols - OSPF to BGP and BGP to OSPF.
• Network Migration from Layer2 to Layer3 at access level.
• Implementation and configuration of VPN Tunnels.
• Implementing, monitoring, troubleshooting and convergence in Frame-Mode MPLS in the core.
• Worked on maintenance of Big-IP F5 load balancing solution across multiple datacenters.
• Designed and implemented security systems including various Cisco IOS ACLs, Context-Based Access Control, PIX Firewall (PIX 506, 515), Network Intrusion Detection Systems, AAA Cisco Secure Access Control Server (Radius/TACACS+)
• Planned, configured and operated IPSec VPNs.
• Created security policy according to user's requirement in Cisco ASA 5580 firewall using CLI &GUI.
• Configured HSRP and VLAN trunking 802.1Q, VLAN routing on catalyst 6500 switches.
• Setting up VLANS and configuring inter-VLAN routing, Trucking, STP, RSTP, port aggregation & link negotiation on Ethernet channel between switches.

Environment: Cisco 6509/4900/3750/2960 , Cisco ASA firewalls, AWS, AZURE, Load Balancer (F5 BIG-IP), Access-lists, Subnetting, STP, RSTP, VLAN, VTP, HSRP, Ether Channel, DNS, DHCP. Checkpoint, windows server 2003/2008, F5 BIGIP, LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, Infoblox

Confidential, Redmond, WA

Network Engineer

Responsibilities:

• Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports
• Design and configuring of OSPF, BGP on Juniper Routers (MX960) and SRX Firewalls (SRX240)
• Configuring and deployment of Juniper ERX310 router.
• Experience with working on juniper switches like EX2200, EX2500, and QFX switch with Spanning tree.
• Performed IP address planning, designing, installation, configuration, testing, maintenance, and troubleshooting in complete LAN, WAN development.
• Experience working with High performance data center switch like nexus 7K series.
• Experience working with Nexus 7010, 7018, 5020, 2148, 2248 devices.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 with ACL, NAT, Object Groups, Failover, Multi-Contexts.
• Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with ASA Firewalls
• Responsible for managing activities, Upgrading IOS -- Upgrading hardware and installing new devices, Tuning (Configuration), make standardization for the topology
• Installation & configuration of Microsoft Proxy Server 2.0 & Blue Coat Proxy
• Configured, installed, & managed DHCP, DNS, & WINS servers
• Worked on network monitoring/management tools like PRGT, Net Flow, Cisco Prime, Solar Winds.
• Worked with Carrier to test and turn-up circuits.
• Installed wireless access points (WAP) at various locations in the company.

Environment: Cisco 3750 switches and Cisco 3825 Routers, Juniper SRX 240,JUNOS, J-Series 4350 Routers, Checkpoint 12400, Palo Alto 5060, GAIA,RIP, OSPF, VPN

Confidential, Austin, TX

Network Consultant

Responsibilities:

• Implemented and supported local and remote usingCiscodevices (Ciscorouters 1601,1721, 1841, 2505, 7507 and 7513;CiscoSwitches 2926, 3750, and 6509 series).
• Configured Policies on Juniper Net screen and SRX firewalls and Palo alto as well
• Implemented and supported disaster recovery facility for fail-over purpose, which included the backbone routers, VPN and DMZ networks.
• Configured static/dynamic routing for VPN customers with Managed Router Service (MRS) and customers using Proxy Radius servers. Also implemented Network Address Translation (NAT) on managed routers
• Troubleshot network connectivity/performance problems (serious fault investigation management and resolution).
• Monitored LAN and WAN links and handled capacity planning which included installation, configuration and maintenance ofCiscodevices (Ciscorouters 1603, 2500, 7507 and 7513;CiscoCatalyst Switches 2926, 5005, 5505, 6509 and 8540).
• Troubleshot network connectivity /performance problems and provided resolutions.
• Tested L2 protocols (VLAN, STP, flavors of STP, PVST, HSRP, VRRP& LACP) and routing protocols (OSPF, MPLS, EIGRP & RIP). Testing network features: NAT, ACLs, Multicast, Traffic shaping, queuing on an L2 and L3 switches.

Environment: Cisco Routers, Juniper SRX, MPLS, BGP, Cisco PIX Firewall, Cisco 3600, 2600, 7200, DHCP, DNS,