SUMMARY

• 15 years of experience as Network Administration, Network Engineering - Wide Area Networking, professional services, and Network Consultancy.
• Hold multiple IT certifications.
• 2 years of experience working with F5 LTM service and application security deployment.
• 7 years of experience working with firewall appliances such as Netscreen, Cisco ASA, Fortigate, checkpoint and Palo Alto and juniper SRX
• 3 years of experience working IPTV barrier network, Headends and middleware technologies from different vendors such as Ericson, Cubiware, Huawei and ZTE.
• Significant experience working on centralizes NMS and EMS like Juniper NSM, Cisco Works, HP Openview, Solarwinds and Zabbix.
• Expert in load balancing and traffic management using Bluecoat, F5, Exinda, IPoque and Allot.
• Hands on experience working with different type of dynamic routing protocol like BGP,OSPF and EIGRP, fine tuning attributes based on topology and summarization to reduce overhead caused by unnecessary routing update
• Analyzing TCP/IP protocol stack using wireshark and having deep study on different application treatment.
• Knowledge and experience working with IBM,HP and Huawei Blade Centers.
• Hands-on experience working different kinds of radius, especially Cisco ACS and integration to a back-end database like LDAP and Active Directory.
• Experience with all kinds of Dot.1x implementation such as CA, Smart Card and challenge password
• Provided network administration for advanced IP routing and switching, IPSec VPN and layer 2 technologies over PPP like PPPOE, PPPOA and L2TP in wide range of users.
• Worked as system administrator on different platforms, including Sun Solaris, Linux, Microsoft Windows NT/2K/2K3/2K8.
• Experienced in cross-functional planning, implementing and executing network topology with extreme network switches (Alpines, Blackdiamonds, and Summit), Cisco equipment (ASR, GSR, Catalyst) and Juniper’s equipment (M20, M40, ERX 1400, and Netscreen).
• Demonstrated mastery of voice and video transport technology like ASI, SDI, encoders, decoders, matrix router and test equipment like IQ.

TECHNICAL SKILLS

Juniper ISG/SSG Gateways: Cisco Catalyst Switches 4500,3800 based on IOS-XE, Nexus 5K and 7K series Internet Multi-homing

Netscreen Firewalls: Juniper IDP

Fortinet Firewalls: IPSec, Cross platform VPN (Cisco ASA & Juniper), Juniper SSL-VPN SA 2000 Juniper Netscreen Security Manager NSM Nagios (Standalone & Distributed BigIP LTM & ASM Cisco Call Manager Cacti Bandwidth Monitoring

Bluecoat Proxy: NSRP/HSRP/GLBP High Availability,EIGRP,OSPF and BGP OpManager

Network Monitoring System: Bluecoat AV SNMP, Syslog-NG Solarwinds Orion,MRTG

RRD Tools: Windows,Linux & Solaris Administrator

Central logging System: Cisco CM .

Cacti Monitoring: NBAR,Wireshark,Netflow

PROFESSIONAL EXPERIENCE

Network and Security Engineer

Confidential

Responsibilities:

• Provisioning and implementing security services for day-to-day operation.
• Setup and implementing community based and Policies based VPN on Palo Alto, Checkpoint, and setup Anyconnect and site-site VPNs on Cisco ASA
• Troubleshooting complex network problem, optimization, performance improvement and quality of service assurance.
• Providing device life cycle plan, patching and upgrading device for maximum performance and vulnerability and penetration avoidance.
• Working with security auditors to find and fix vulnerabilities threat and provide a solution to implement multi factor VPNs, user ID authentication and application based filtering.
• Implementing server load balancing, operation and maintenance Irules with F5 LTM.

Senior Security Engineer

Confidential, Herndon, VA

Responsibilities:

• Provisioning and implementing security services and day to day operation for more than 1500 company
• Configuring and deploying network topology based on Palo Alto, Checkpoint, Cisco ASA and Juniper SRX
• Implementing global BGP, BGP multi home over MPLS and tunnel for mission critical companies
• Analyzing TCP packets and collect application behavior and treatment for DOS and DDOS mitigation and attacks
• Troubleshooting and taking complex VPN migration and day to day firewall operation
• Implementing Irules, Analyzing, creation and manage threat using Big-IP ASM and LTM module.

Network Engineer and Security Specialist

Confidential, Milwaukee, Wisconsin

Responsibilities:

• Analyzing network security, PEN testing and implement security strategy on Juniper SRX 650 Series and Nokia Checkpoint for 13 branches and deploy secure and centralize policy enforcement
• Fine tuning BGP attributes for best efficiency and reduce flapping and routing loop
• Deploy L3-MPLS VPN and implement centralizes Internet policy enforcement based on the IDCIN terminology.
• Configuring and Deploying BlueCoat SG as a web proxy. Deep packet inspector and smart URL filtering.

IT Consultant and Network Engineer

Confidential

Responsibilities:

• Implemented HSRP, LACP, Spanning Tree, Firewall failover detection and HA.
• Deployed Juniper SRX firewall and configure policy based IKE VPN.
• Redesign network infrastructure and improve network efficiency of juniper edge router.
• Deployed and configured VMware ESX Server for 40 Servers.
• Private VLAN and Intra VLAN Policy Enforcement.
• Implemented Wireless WDS multi SSID with dot.1x

Consultant and IT Developer

Confidential, Virginia,Fairfax

Responsibilities:

• Handled design, administration and managing of network infrastructure based on IPSEC-VPN.
• Installed and operated services for centralized inventory management and E-Commerce.

Confidential

Head of Operation

Responsibilities:

• Responsible managing technology needs for IPTV in metropolitan area with over 500,000 subscribers, 200 servers and 170 POP sites based on juniper M Series routers.
• Operated day-to-day activities, as well as periodic maintenance, platform integration and video quality testing and assurance.
• Developed and installed media quality measurement probes for end-to-end quality assurance from head-end through barrier network and last mile access lines.
• Installed and configured F5 load balancer and checkpoint firewall to protect against DOS, DDOS and system exploit like Solaris root exploit, SQL injection, protocol behavior and user treatment.
• Implementing checkpoint server farm zone security, DIP packet inspection, site to site and policy based IKE/IPSEC VPN and deploying HA for hardware resiliency and policy synchronization .
• Telecomiran is an IPTV, VOD and VAS provider, broadcasting channel from satellite and terrestrial line into the IPTV network. This platform is the third generation of IP backbone and IMS base IPTV to provide messaging, video conferencing and online voting through the IPTV system.
• Implement F5 Load balancer for up to 30 Servers in different platform and services.
• Providing proxy SSL,ASM and application security in F5 (web,ftp,ssl,smtp and pop3)
• Install and configure Bluecoat for Centralize antivirus, integrated with Kaspersky and smart filtering.