SUMMARY

• IT professional with 6+ years of professional experience in design, planning, implementation, support, project management, configuration, troubleshooting, migration, testing, analysis, monitoring and documentation of various technologies which includes proficiency in firewalls (Cisco ASA, Palo Alto, Juniper), Security (VPN, IDS/IPS), QoS, routers/switches (Cisco, Meraki, Juniper), monitoring tools (SolarWinds, Wireshark), and routing protocols (OSPF, EIGRP, BGP, MPLS).
• Experience configuring Cisco 2900, 3500, 3700, 6500, ASR 1k/9k, ISR 1k/4k, CSR 100v, Viptela SD - WAN Series, Nexus 7000, 5000 and 2000 Series Switches and Wireless AP's 1260, 3600, Meraki MR52 using CLI and GUI.
• Experience in implementing site-to-site and remote access VPN Technologies using GRE, IPSEC & MPLS.
• Advanced F5 and Brocade ADX load balancer configurations, including migrating configurations from Cisco ACE, Citrix to F5 and SSL offloading and troubleshooting of the F5 and load balancers.
• Advanced knowledge in using Cisco IOS, IOS-XE, IOS-XR, NX-OS, FXOS and JUNOS operating systems.
• Knowledge of various advanced technologies like VoIP, SIP, QoS, IPv6, Multicasting, MPLS, SD-WAN, Cisco ISE, RADIUS, TACACS+, Trustsec.
• Experience in ITIL, Change Management and RCA process. Experience in creating MOPS (Method of procedures) and get approved from peers for performing configuration changes.
• Experience working on network monitoring and analysis tools like, SolarWinds, Cisco Prime, HP NOM Suite, OpenView, Zabbix, Netbox.
• Experience with ticketing tools like Request Tracker, Jira, Cherwell and ServiceNow.
• Adept in preparing network documentation and rack layouts using Visio.
• Experience is python scripting for automating regular tasks.

TECHNICAL SKILLS

Routing Protocols: EIGRP, OSPF, BGP, MPLS, SD-WAN, MP-BGP.

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning Tree Protocols like PVST+, RSTP+, EtherChannel, Multi-Layer Switching, and Port security.

Routers: Cisco 9300, 7600, 7200, 3800, 3600, 2800, 2600, 2500, 1800, Juniper MX960.

Switches: Cisco Nexus 3172, 5548, 5596, 6000, 7009, 7018; Cisco Catalyst 9500, 9400, 9300, 6506, 6509, 4507, 4510, 3650, 3750, 3560, 2960, Juniper EX3400, QFX5100.

Load balancers: F5 LTM & GTM 9.x, 10.x & 11.x, F5 BigIP 1500, 3400, and LTM, GTM 5, F5 3DNS GTM, Brocade vADX.

Network Security: Cisco ASA 5500-X, Firepower 2100, Meraki MX84, Palo Alto VM-300, Juniper SRX 4600, 5800, JSA 7500 STRM, vSRX Firewalls.

VPN Technologies: GRE Tunneling, Remote Access VPN, Site-to- Site VPN, IPsec VPN.

Network Management: Cisco ISE, Cisco Prime, SolarWinds, Cisco ACS, Wireshark, HPNA, Splunk, Zabbix, Netbox.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential, Redmond, WA

Responsibilities:

• Responsible for evaluating and deploying new security technologies/capabilities to enhance and protect data centers.
• Configure,manage and troubleshoot firewall platformsand rules Cisco ASA, Firepower, Juniper SRX, Palo Alto, Check Point and F5, Brocade vADX load balancers Tipping Point and Cisco IPS devices.
• Responsible to troubleshoot the Cloud Underlay and Overlay networks and participate in new builds.
• Responsible for upgrading the software code to latest version on Cisco routers, switches, WLANs and access points.
• Document the networks for all Confidential &T Labs across the country.
• Configure and troubleshoot IPsec and SSL VPN tunnels.
• Renewed SSL certs on F5 and Brocade load balancers.
• Working on Cisco ASR9k, CSR1000v, Juniper MX960 routers and Cisco Nexus 7k and Juniper QFX9000 series switches.
• Worked on Cisco SD-WAN solution. Configured Cisco Viptela vEdge and vManage.
• Integrate the networks into various monitoring platforms, Juniper STRM, Netbox, Zabbix and AWS ELK stack.
• Excellent understanding and working experience of dynamic routing protocols, BGP and OSPF.
• Implemented IPv6 networks in data center environments including associated routing architecture in data centers.
• Troubleshoot network connectivity issues by packet captures using Wireshark, TCPdump.
• Good understanding and experience with MPLS Confidential the telecom scale.
• Develop detailed plans for configuring, testing and upgradingnetworkelements as well as carry out associated hands-on tasks which include software upgrades and hardware migrations.
• Experience in automating daily routine tasks using Python & Ansible.
• Worked on ticketing systems Request Tracker and Jira.

Network Engineer 2

Confidential, Mather, CA

Responsibilities:

• Responsible for configuration and troubleshooting of network infrastructure and services, including Cisco switches, routers, LAN/WAN, firewalls, wireless, VPN devices.
• Replaced existing infrastructure with Meraki firewalls, access points and switches, to improve network security and ease of management.
• Implemented 802.1x authentication with Cisco ISE. Managed the deployment of ISE and migration of all wireless authentications.
• Configured AAA and Cisco ISE, to enable converged access on Cisco Catalyst series switches.
• Involved in migration of Cisco ACS with ISE.
• Designed and implemented Wireless Networks for Guest access and BYOD.
• Implemented Cisco Nexus 7k devices and deployed advanced features like VPC and VDC.
• Worked on Data Center migration of Catalyst switches to Nexus 9508 Chassi and 93108, 93120.
• Configured Viptela vEdge SD-WAN routers, vManage and ISR 4k series routers.
• Performed IOS upgrades on number of Cisco access, core switches and routers.
• Involved in EOL/EOS hardware refresh of various switches with Cisco Catalyst 9300,9400 and 9500 switches.
• Deployed, migrated and extended VLANs Confidential various sites. Configured StackWise Virtual, VSS on Cisco switches. Extensive knowledge of IOS and IOS-XE, IOS-XR.
• Configured ASR 900, 1000, 9000 series routers as head end WAN routers and implemented BGP with VRF & OSPF instances.
• Supported and redesigned remote and branch site network services using various transport methods including MPLS L3VPN, VPLS, as well as site-to-site and client-based VPN tunnels.
• Configured and Implemented Cisco Identity Services Engine (ISE) with connectivity to Microsoft Active directory for Authentication including Certificate Based Authentication.
• Worked on Cisco catalyst router 6509 and implemented VSS with VDC & VPC on Nexus 5505, 7010 switches.
• Installed Cisco AIR 3602, 1130, Meraki MR52 access points and Cisco 2504, 5508 Wireless LAN Controllers.
• Worked on Meraki MX84 security appliance.
• Performed network management using HP OpenView and Network Node Manager (NNMi).
• Worked on SolarWinds User Device Tracker, IPAM and Network Configuration Manager for configuration backup and vulnerability assessment.

Network Engineer

Confidential, San Jose, CA

Responsibilities:

• Configured, implemented and supported Cisco based routers and switches, ASA firewalls with Firepower technology, IPsec VPNs, Wireless Access-Points, and Wireless LAN Controllers.
• Excellent experience in working with Cisco 1800, 2500, 2600, 2620, 2800, 2900, 3600, 3800, 3900, 7200, 7600, Arista 7000, 7200, 7500 and ASR 1000, 9000 series Cisco Routers.
• Configured cloud managed Cisco Meraki MX67 firewalls and MR52 access points. Worked on other MX, MS and MR series Meraki devices.
• Worked on IP networking, datacenter network technologies, packet forwarding architectures and internet routing protocols (BGP, GRE, IPSec, VxLAN, 40G/100G futures, DNS, DHCP).
• Supported smooth operation of the company's growing network infrastructure. Instituted process improvements to reduce time required to reroute the backbone traffic and eliminate backbone congestion caused by large DDOS attacks, circuit/peer outages, and increased traffic demand.
• Configured firewall rules, IPS, routing, and VPNs. Tested and monitored connectivity and network performance in major CSP environment and external connections (both physical and VPN), fixed network issues.
• Planned and deployed migration to Cisco Firepower firewalls from existing Check Point firewalls.
• Involved in supporting applications to migrate workloads to cloud based architectures using OpenStack.
• Designed and Implemented Nexus 9K/5K/2K and Catalyst 6500/4500/3750- X in a complex DC Core/Access layer on a 10G backbone in Production and DR Data Center.
• Implemented advanced protocols such as Cisco OTV to provide a seamless migration between old and new data centers and to provide disaster recovery services moving forward.
• Configured advanced features on F5 Big-IP appliances - Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA, Persistence, Digital Certificates and executed various migration/upgrade projects.
• Implemented traffic filters using Standard and Extended access-lists, Route Maps and route manipulation using Offset-list.
• Collaborated with executive management and department leaders to assess near and long-term network capacity needs.
• Implemented Zone based Firewalling and Security Rules on the Palo Alto Firewall. Exposure to WildFire feature of Palo Alto.
• Used Monitoring tools like Infoblox to identify devices connected to the network. The main purpose was for DNS, DHCP and IP management.
• Deployed Intelligent WAN (IWAN) in both Hybrid and Dual-ISP branches to provide an increase in bandwidth capacity, security and reliability.

Network Engineer

Confidential, Woodlands, TX

Responsibilities:

• Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K, 2k and its downstream devices.
• Configured Juniper MX480s, EX8200s, EX4500s, EX4200s, and SRX5800s from scratch to match design.
• Managed and troubleshot Cisco routers, Cisco ASA, Juniper Routers, various CSUs, Blue Coat web filters and hardware-based McAfee email and gateway scanners.
• Created LAN to LAN tunneling for smaller Branch offices on getting network resources.
• Participated in design of nextgen data centers with nexus, ACI, Openstack, DCI, EPGs/bridge domains, OTV, and VXLAN.
• Configured VPC Confidential Access layer switches for NIC teaming with server end ports under LACP.
• Created new VLANs under FabricPath mode and extend the VLANs from Core to Access Layer switches.
• Operated and maintained routing protocols and equipment including BGP, layer 2 and layer 3 VPN, MPLS, TE, EIGRP, OSPF, Metro Infrastructure, and Juniper and Cisco switches and routers.
• Identified and resolved network issues, including DDOS attacks, suboptimal routing, and metro ring issues, with the potential to degrade services.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Successfully installed Palo Alto PA-5000, PA-3000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls and configured and maintained IPSEC and SSL VPN's on Palo Alto firewalls.
• Migrated existing IPSEC VPN tunnels and Firewall rules from one Data Center to another Data Center, due to decom of existing Data Center, which involved working with Partner Companies.
• Configured and implemented IPsec VPN tunnel between ASA 5550 Firewalls, Palo Alto 5060, 7060 firewalls. Applied access lists, NAT & IPS/IDS configurations.
• Implemented DMVPN with hub and spoke topology for 100 plus remote sites.
• Configured customer facing QoS policies with IP Precedence/DSCP, policing, etc.
• Actively involved in Switching technology Administration including creating and managing VLANS, Port security- 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009.
• Worked with F5 through Migrating applications, websites using SNAT Pools, Automap, iRules, SSL, custom TCP profiles.
• Created change tickets according to the scheduled network changes and implemented the changes.
• Implemented Cisco 2702, 3702, 3802, Meraki MR32, MR74, and Aruba 300 series access points.
• Supported Infoblox appliances grid environment for DNS, DHCP and IP Address Management tools (IPv4).
• Expertise in Virtualization with vSphere, VMware ESXi 6.0 hosts and Virtual Center server.

Network Engineer

Confidential

Responsibilities:

• Daily responsibilities included monitoring remote site using network management tools, assist in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issue. Other responsibilities included documentation and support other teams.
• Configured and maintained Cisco ASR routers such as ASR 1001-X, 1002-X, 1002-HX, 1004, 1006, 1006-X, 1009-X, 1013 routers.
• Supported in the use and management of the Cisco Meraki cloud-controlled Wi-Fi, routing, and security MX appliance.
• Worked on various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Configured Cisco ASA Firewall and accept/reject rules for network traffic.
• Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E.
• Designed and deployed company LANs, WANs, and wireless networks, including servers, routers, switches, and other hardware.
• Developed, implemented and maintained policies, procedures, and associated training plans for network administration, usage, and disaster recovery.
• Worked on Check Point Support for resolving escalated issues.
• Involved in configuration of Access lists (ACL) on Check Point firewall for the proper network routing for B2B network connectivity.
• Created and tested Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPN connection.
• Designed and implemented remote connectivity solutions. Utilized sniffers and other tools to troubleshoot and isolate network issues.
• Involved in operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
• Developed guidelines and procedures for LAN/WAN management including process and efficiency improvements.
• Worked on Virtual Switching System (VSS) in combination of catalyst 6500 series switches.
• Maintained and administered perimeter security systems such as firewalls. Monitored security system logs and documents.
• Hands on experience on Cisco WLC's and Access Points. Experience in Physical cabling, IP addressing (IPv4 & IPv6), Wide Area Network configurations (MPLS), Routing protocol configurations (EIGRP, OSPF, IS-IS, BGP).
• Analyzed network performance utilizing network monitoring and other network administration tools to include SolarWinds Network Performance Monitor, IP Management, and Wireshark.
• Documented, implemented and maintained processes and procedures related to network service delivery via standards, policies and procedures. Change control, BOMs, TIDs, Visio network topologies, and SharePoint document reserve.

Jr. Network Engineer

Confidential

Responsibilities:

• Designed and constructed an end to end ISP networktestbed for feasibility testing in lab using Cisco routers, switches, Juniper routers.
• Achieved customer Service Level Agreements (SLA's) and customer Request for Services (RFS) by supporting problem management and root cause analysis (RCA).
• Monitored and tested network performance and provided network performance statistics and reports.
• Involved in installing and configuring ASA firewall.
• Used various Network sniffers like Wireshark, TCP dump etc.
• Configured & troubleshot routing protocols: MP-BGP, EIGRP, OSPF, BGP v4 and IP access filter policies.
• Performed IP address planning, designing, installation, configuration, testing, maintenance, and troubleshooting in complete LAN, WAN development.
• Handled implementation of Cisco 3750, 4507, 4510 switches and Cisco 3900 and ASR 1000 series routers to new sites.
• Configured and troubleshot link state protocols like OSPF in single area and multiple areas.
• Managed a TACACS server for VPN user authentication and network devices authentication.
• Commissioning and decommissioning of the MPLS circuits for various field offices.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
• Managed inventory of all network hardware. Management and monitoring by use of SSH, Syslog, SNMP, NTP.
• Coordinated and executed network maintenance activities, such as firmware upgrades, hardware replacement, and network infrastructure augments and changes.
• Used Wireshark on a consistent basis to resolve connectivity problems between hosts and enterprise network nodes.
• Worked with the Call manager installation for deploying Cisco VOIP.
• Secured the safety and efficiency of network operations by monitoring network performance, coordinating planned maintenance, adjusting hardware components, and responding to network connectivity issues.
• Configured routing protocols EIGRP and BGP for little to medium sized branches. Supported company branch standards, together with distribution and route maps.
• Worked on TCP/IP Stack and protocol, including TCP, UDP, VLAN, IPV4 and WAN protocols, remote access.
• Implement approved routing policy changes and corrections to mitigate points of traffic congestion on the network.
• Developed network connectivity diagrams and other documentation of live network environments for internal and customer use.
• Worked on Help Desk tickets for getting Networks, Internet, and phone issues resolved in a timely and productive manner.