SUMMARY

• Experienced Network Security Engineer with over 8+ years of expertise in Routing, Switching, Firewalls, AWS cloud networking, SD - WAN, Wireless, F5 Load Balancers and VOIP.
• Strong understanding of routing protocols such as EIGRP, OSPF, BGP, IS-IS, and ability to troubleshoot complex route table problems.
• Skilled in configuring security policies, including NAT, PAT, VPN, Route-maps, prefix lists, and ACLs for Cisco, Palo Alto, and AWS Security.
• Proficient in configuring and troubleshooting Cisco Wireless Networks, including LWAPP, WLC, WCS, Standalone APs, Roaming, and Wireless Security Basics.
• Strong grasp of current and future technologies including TCP/IP, IPv4/v6, RIP, EIGRP, OSPF, BGP, Frame Relay, ACL, VPN, Wireless LAN and configuration of VLANS.
• Subject Matter Expert (SME) in IP Network Engineering with experience in F5 Load Balancing, IDS/IPS, Bluecoat proxy servers, and authentication controls (Radius, TACAACS+), ISE.
• Familiarity with JUNOS platform and worked with JUNOS upgrade of Juniper devices.
• Knowledge on Nexus 9K,7K, 5K and Nexus 2K switches.
• In-depth expertise in analyzing, implementing, troubleshooting, and documenting LAN/WAN architecture, including MPLS and IP services.
• Strong experience in managing Infrastructure as Code (IaC) environments in AWS, including CloudFormation, VPCs, AWS CLI, Cisco CDO, Transit Gateway (TGW), Gateway Load Balancers (GWLB), and Palo Alto Panorama.
• Proficient in configuring Nexus switches, Cisco ASA/Checkpoint/Palo Alto Firewalls, and IPSEC VPN Tunnels. Knowledgeable in Juniper SRX and Firewalls.
• Experience in configuring HSRP, redistribution between routing protocols, and testing F5 BIG IP LTM, GTM appliances.
• Automate quality checks on image deployment on Routers usingSNMP,TR069WebPA protocol usingCisco Common Component Software Platform (CCSP)andTR 181Data Model.
• Strong understanding of Internet and MPLS tunnels with QoS and policy maps. Proficient in Splunk monitoring tool and NetBrain.
• Experience with Tufin, FireMon, and Algosec for firewall optimization.
• Skilled in network monitoring tools like SolarWinds, Cisco Works, Wireshark, and Splunk.
• Strong experience in remote site migration to new MPLS links and connectivity to data centers.
• Proficient in managing, monitoring, and supporting AWS cloud and network security devices/services.
• Expert in all aspects of network engineering policies and operations, including network programmability with Python, scripting, and RESTful API.

TECHNICAL SKILLS

Switches: CISCO 2900, 3500,4500,5000,6500, Nexus 9k,7k,5k,2k,1k

Switches: CISCO 2900, 3500, 4500, 5000, 6500, Nexus 9k, 7k, 5k, 2k, 1k

Routers: CISCO 2600, 2800, 3600, 3800, 7200, 7600, 10k, 12k, Juniper M & T Series (MX960), Cisco ASR 9k and ASR 10k, Cisco CSR 100V, Cisco CRS-1, CRS-3, GSR

Cisco Technologies: 2500, 2610, 2620, 2811, 3640, 3845, 7206, 7600, 10k, 12k, Cisco ASR 9k and ASR 10k, Cisco CSR 1000V, VXR series routers, 2921 Core Routers (LAN), 3945 Edge Routers, and 1900, 2900XL, 2950, 3550, 3560, 3750, 4003, 4006, 4503, 4506, 4948, 5505, 5509, 6509, 6513 Switches

Automation: Python, Bash, SD-WAN, ACI, Ansible, Terraform, Puppet, Chef

Firewalls: Juniper NetScreen (500/5200), Juniper SRX (650/3600), PIX (525/535), ASA (5520/5550/5580 ), Checkpoint (NGX, NG AI, R65/R70/R75/R76/R77), Fortigate, FWSM, Palo Alto Networks PA-500, PA-2k, PA-3k, PA-5k & PA-7050

Networking Technologies: LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP, IPAM, DHCP, CISCO, HTTP, DNS, LDAP, SNMP, etc.

Routing Protocols: OSPF, IGRP, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting, and HSRP.

Security Technologies: PAP, CHAP, Cisco PIX, Internet Filtering Websense, Blue Coat Proxies, TrendMicro

VPN: Site-to-Site, Remote Access, IPsec/SSL

Network Monitoring: Cisco Works 2000, Wireshark, CA Spectrum, SolarWinds, TCPdump, Fiddler.

Operating Systems: Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS XR.

Capacity & Performance: IXIA, Spirent. AAA Architecture TACACS+, RADIUS, Cisco ACS, LDAP

Network Analyzing Tools: SolarWinds Orion, Wireshark, Axence Tools, IP Control, Blue Cat, Infoblox’s.

LAN: Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring, ATM LAN Emulation

WAN: MPLS, Leased lines 64k - 155Mb (PPP/HDLC), Channelized links (E1/T1/E3/T3), Frame Relay.

PROFESSIONAL EXPERIENCE

Confidential, Secaucus, NJ

Sr. Network Security Engineer

Responsibilities:

• Implementing and supporting Confidential DMC (Data Center Metro Connect) and LMC (Metro Connect) projects, involving optical fiber connectivity via MPLS cloud with multiple service providers and vendors.
• Configuring and troubleshooting a wide range of networking devices, including Nexus switches (9k, 5k), Juniper MX series routers (960, 940, 480), EX series switches (4200), Arista switches (7500 series), Nokia routers (7000 series), and Adtran switches (4660, 1335 series, 1234, 1238 series).
• Supporting Arista 7000 series, Brocade, Ciena, and Juniper EX and MX series switches for efficient network operations.
• Managing and supporting Ruckus ICX 7000 series switches, Aruba CX 4000 and 6000 series switches for network connectivity and performance.
• Migrating all 10 G and 1 G circuits from Brocade to Arista switches in the NY metro area for improved network efficiency.
• Designing and implementing WAN, LAN, DMZ, vendor access zones, and SD-WAN (i-WAN) solutions in data centers and field sites.
• Strong experience with SD-WAN routing protocols OSPF and BGP.
• Documenting and building proposals for accelerating TCP traffic utilizing SD-WAN.
• Experience with SD-WAN HA, Edge HA, WCCP, and VRRP implementations.
• Automating weekly reports on bandwidth utilization, TCP optimization, and performance of all SD-WAN devices.
• Creating feature and device templates for pushing to all sites in SD-WAN.
• Migrating all 100 G customer circuits on Internet Exchange (IX) platform in and around NY metro for improved network performance and connectivity.
• Configuring and deploying IX NMS (Network Management System) server for efficient monitoring and management of IX connections.
• Deploying Internet Exchange (IX) in various metros, including DC, LA, CH, DA, BO, NY, for enhanced network connectivity and performance.
• Managing and administering Cisco ASA firewalls and contexts, including rule management and device administration, for robust network security.
• Designing and deploying ASA firewalls at new sites to ensure secure network operations.
• Performing ASA firewall upgrades and building configurations for different versions to keep the network up-to-date and secure.
• Supported implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
• Operated, Supported and Troubleshooted Palo Alto Networks security solutions covering Wildfire, Threat Prevention, URL Filtering, and SSL Decryption.
• Troubleshooting HA Peering sync process in Palo Alto environments.
• Work closely with Director of Information Security to ensure network systems are designed and deployed towards the adoption of the Zero Trust Network Security Framework.
• Upgraded and supported Palo Alto 800 Series devices.
• Monitoring network devices through Cricket tool and adding/managing devices through NOC Console for efficient network management.
• Creating and working on CMR tickets and requests through Remedy and Siebel applications for effective troubleshooting and issue resolution.
• Performing data-center operations, including rack mounting and cabling, for efficient network deployment and maintenance.
• Designing and executing engineering validation test plan to test performance and reliability of a millimeter wave wireless mesh network.
• Designing the optimal path, including software configuration and interface setup, for improved network performance and connectivity.
• Deploying Cloud Exchange in various metros, including DC, LA, CH, DA, BO, NY, for enhanced cloud connectivity and performance.
• Performing network maintenance and system upgrades to improve network performance and reliability.
• Providing level 2/3 troubleshooting support for network problems and outages, and actively participating in network troubleshooting efforts.
• Supporting various Confidential optical fibers connected via MPLS cloud with multiple service providers and vendors for seamless connectivity.
• Collaborating with vendors on hardware and software roadmaps, certifications, and problem resolutions for efficient network operations.
• Working closely with product management, solutions architects, and development teams to contribute to product feature requirement definitions and reviews, including testing during parallel processing phase.
• Troubleshooting and resolving network issues, including active alarms in Ciena Site Manager, routing and switching issues, and WAN/LAN problems, for optimal network performance.
• Managing logistics movement of spares to various locations for efficient network maintenance and operations.
• Building, supporting, and maintaining Juniper and Arista training for network team members to ensure their expertise in using these technologies.

Confidential, Longmont, CO

Sr. Network Engineer

Responsibilities:

• Responsible for maintaining AWS Networks and Firewall networks as well as troubleshooting problems and making recommendations for future system upgrades.
• AWS Security Groups standardization and maintain system efficiency with AWS azure.
• Support DSHS (Department of State Health Services) end users and HHSC developers with issue in AWS
• Worked on ASA and ASDM configuring the ACL’s and monitoring.
• Operational support for DSHS AWS project and maintaining all VPC’s in DSHS network.
• Verifying and modifying firmware, TACACS access, config backups.
• Maintaining AWS VPC (Virtual Private Cloud) and connectivity to ONPREM and External networks.
• Worked on Checkpoint UTM1, VPN1 and activating blade licenses to be used as Intrusion prevention and antivirus appliance and Implementation of ASA 5520 in failover with site site-to-site VPN and RA VPN.
• Experience with configuring Nexus2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus5000.
• Experienced in Cisco BACC and Cisco Prime provisioning and a good working knowledge of Docsis standards
• Configured application load balancing using F5 LTM and deployed BIG IP 8900 provisioning with LTM and GTM Modules. Also, IPAM and DNS reservation/assignment via Infoblox.
• Experience with cloud networking design and configuration of Amazon Web Service (AWS).
• Implement security standards for DSHS in AWS to match current Data Centre Services standards.
• Ran ASR to migrate onsite servers to Azure environment.
• Managed wireless site surveys for remote sites heat mapping the connection reachability and reliability
• Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 8900 series
• Experience with configuring VIP, Pools on F5 LTM and working with iRule management on LTM
• Handling SSL offloading issues, HTTP monitors, and DNS allocation for the newly built applications..
• Deployed LTMs and GTMs in DMZ environments with FIPS solutions.
• Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign certificates. Also, renewing certificates to ensure the security of websites and Created HSRP between switches.
• Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Netscreen firewalls.
• Management of Cisco ASA firewalls and contexts, rule management, device administration.
• Design and Deployment of firewalls at new sites.
• Management of Checkpoint firewalls, ISS Proventia IDS.
• Worked with ASA Firewalls upgrades and build configuration for ASA Firewalls for different versions.
• Deployed Network Virtual Machines (NVM) - CSR and ASAv30’s and Palo Alto Firewalls in Azure environment.
• Built site-to-site VPN Tunnels to Azure Virtual Network Gateway.
• Deployed Azure application gateways and Web application Firewall (WAF).
• Create vPC domain, design double-sided vPC, design vPC peer-keepalive, vPC peer- link, and vPC member port, and configure single and dual home fex.
• Deployed AIR-CT5520-K9’s as Wireless LAN controllers in the data centers and associated Access points to the controllers while creating AP groups, SSID’s, flex connect groups etc.

Confidential, Pittsburgh, PA

Network Engineer

Responsibilities:

• Responsible for maintaining Confidential Networks, troubleshooting problems, and making recommendations for future upgrades including LANs, WANs, internet and intranet systems.
• Implemented and supported SEGMENTATION project for all the HUB’S and AUTO’s.
• Implemented and supported SMALL's project at Smart Post facilities.
• Creating and supporting Windows Server VLAN at manual sites for the DELL ESX T340 servers.
• Implementing and supporting Line Haul Gate Automation project at Confidential Hubs.
• Responsible for Confidential Macro/Micro Global Network Segmentation multi VRF staging and cutovers, VLAN Cleansing (logically move identified systems and their apps to the appropriate VLANs), Enforcements for various Confidential OpCo's Confidential Ground, Confidential Freight, Confidential Express, Confidential Office and Confidential Smart post Hubs/Automated sites.
• Expertise in network infrastructure services including LAN, SD-WAN, firewalls, routers, and switches for cost and complexity reduction.
• Developing and maintaining tools to enhance network visibility and automation for on-premises environments.
• Configuring F5 BIG-IP LTM 8900, configuring profiles, providing and ensuring high availability.
• Providing short-term for macro/micro segmentation at all Confidential hubs and automated facilities by configuring VRF on core switches (Cisco 6400 series and Nexus 9400 series switches), and installing two Cisco 3850 switches, two Checkpoint firewalls, and two McAfee IPS devices at each location.
• Handling complex routed LAN and GTM networks, Cisco routers, switches, and firewalls.
• Configuring BGP, HSRP, and VLAN trunking 802.1Q, VLAN Routing on Catalyst switches and Nexus 7K and 5K switches and creating VSANs and mapping them to associated VLANs.
• Configuring the NetBrain platform to provide visibility and automation for customer's diverse network environments and technologies (ACI/vCenter/VxLAN/SD-WAN/IGP/BGP/MPLS, etc).
• Deploying multi-site hybrid cloud connectivity using virtual interfaces, direct connect gateway, virtual private gateway, etc. for interconnectivity between sites and data centers.
• Troubleshooting and resolving network-related issues, analyzing network performance and making recommendations for improvements.
• Collaborating with cross-functional teams to implement network changes, resolve incidents, and support projects.
• Keeping up-to-date with industry best practices and emerging technologies to continually enhance network infrastructure and performance.

Confidential, Omaha, NE.

Network Engineer

Responsibilities:

• Responsible for maintaining Nike Network devices and firewalls including troubleshooting problems and making recommendations for future system upgrades.
• Responsible for Level II/III Network operations with day to day tickets and Incidents as per assigned.
• Supported ON-CALL rotation for network issues related to Nike corporate and retail production environment.
• Transitioned over 250K devices and subnets to a centrally managed IP Address Management Platform. This removed technical debt, enabled accurate integration of subnet information to service now, and provided disaster recovery capability. Also, gave network support to DNS team to migrate Vital QIP to BlueCat.
• Worked on retail store audits including Nike, Converse and Hurley stores with IWAN baseline functionality on spoke routers, Net flow monitoring after migration of A1N cutover.
• Created ISE posture to support guest traffic splash page.
• Supported planning, installation, configuration, pre-service test, and final launch of first domestic ( Confidential .) Symmetrical 10G-EPON service implementation with live customer traffic.
• Experience in design and deployment with WAN connectivity with MPLS and DMVPN.
• Experience with configuring IWAN devices with Quality of Service (QOS) and Policy maps.
• Responsible for around 270 retail stores over the North America and other Geo’s completed Internet and MPLS migrations for assigned Nike, Converse and Hurley stores related to both Cisco and Juniper network devices.
• Studying and analyzing client requirements to provide solutions for network design, configuration, and administration along with solar winds configuration updates for network monitoring purpose.
• Implement security standards for Nike in AWS to match current Data Center Services (DCS) standards.
• Implementing and troubleshooting (on-call) AnyConnect VPNs for various business lines and Support.
• Nike end users and developers with issues in network security including Access-lists, Service Policies.
• Define, design and implement performance / scalability benchmarks on Splunk Enterprise and Cloud products.
• Implementing IP addressing, TCP/IP network planning, Subnetting, Route summarization and Distribution and Making DNS changes and IP address reservation and updates by ” BlueCat “ tool and IPAM.
• Serve as a SME for all SD-WAN fabric deployment escalations and operational team.
• Responsible for Configuring site to site IPSEC VPN on Cisco ASA 5500 series firewall between Head office and Branch office and experience working with MPLS Layer 3 VPN on ASR 9006 with IOS-XR.
• ConfigureVLANTrunking802.1Q, STP, and Port Security on Catalyst 6500 switches.
• Worked on automating the firewall request process using Tufin SecureChange
• Developed Unified security policy in tufin securestack to evaluate risks in the network and to enforce the security policy on new firewall rules.
• Deployed V-EDGE, V-BOND, and V-MANAGE in on prem and Azure environment.
• Build overlay-tunnels from remote sites to Azure CSR for Viptella with MPLS and Internet as underlay (IPSEC, TLS, and DTLS).
• Migrated the sites into AWS Cloud SD-WAN environment. Deployed ISR-WAAS and WAE appliances enabling TCP optimization, packet deduplication and cashing to enable WAN acceleration between remote sites and Azure environment.
• Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.

Confidential

Junior Network Engineer

Responsibilities:

• Management of Cisco ASA firewalls and contexts, rule management, device administration.
• Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200 series routers and Cisco 2950, 3500, 5000, 6500 series switches.
• Designed and implemented VLAN using Cisco switch catalyst 1900, 2900, 5000 & 6000 series.
• Configured spanning tree, VLAN, VTP on Cisco Layer 2 switches.
• Configuring RIP, OSPF, EIGRP BGP, MPLS, QOS, ATM and Frame Relay.
• Analyzed and tested network protocols (Ethernet, TCP/IP) using Wireshark tool.
• Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
• Performed route redistribution between different routing protocols.
• Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
• Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls
• Implemented OSPF, EIGRP routing protocols.
• Documenting the Visio's representing the current network designs.
• Analyzed Network traffic using Wireshark.