SUMMARY

• Network Engineer with Over 8+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Implementation, Configuration and Support of Checkpoint (NGX R65, R70 and R71), Juniper Firewalls (SRX5400, SRX5600, SRX5800), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo AltoNetworks Firewall models (PA-2k, PA-3k, PA-5k).
• Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
• Administration, Engineering, and Support for various technologies including proficiency in LAN/WAN, routing, switching, security, application load balancing and wireless.
• Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
• Responsible for CheckPoint and Cisco firewall administration across global networks.
• Worked on Cisco Catalyst Switches 6500/4500/3500 series.
• Policy development and planning / programming on IT Security, Network Support and Administration.
• Experience in configuring and Troubleshooting BIG-IP F5 load balancer LTM.
• Creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 in LTM module.
• Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
• Experience with Bluecoat Proxy servers, LAN & WAN management.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Experience with Checkpoint VSX, including virtual systems, routers and switches.
• Experience in Network LAN/WAN deployment,
• Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
• Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
• Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager (Infoblox)
• Black listing and White listing of web URL on Blue Coat Proxy Servers.
• Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers, SharePoint, File and Print and FTP/SFTP servers.
• Extensive experience in Windows 2008 R2/2008/2003 Wintel Servers at single or multi domain platforms.
• Proficient in installing and configuring Windows Server 2003, 2008, 2012 and Windows XP, 7 & 8 Professional Client Operating Systems
• IDS and IPS event management using CSM including signature updates for SSM Modules, IDSM.
• Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic basis.
• 24 x 7 on call support.

TECHNICAL SKILLS

Cisco router platforms: 2500, 2600, 2800, 3600, 3700, 3800, 7200, 7609.

Cisco Switch platforms: 2900XL, 2950, 2960, 3560, 3750, 4500, and 6500.

Firewalls & Load Balancers: Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800, Juniper Netscreen 6500, 6000, 5400. Juniper SSG Firewalls, Palo Alto PA-3060/2050, F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810.

Routers: Cisco routers (1900, 2600, 2800, 2900, 3600, 3800, 3900, 7200, 7600), Cisco L2 & L3, Juniper routers (M7i, M10i, M320)

Switches: Cisco switches (3560, 3750, 4500, 4900 & 6500), Nexus (2248, 5548 &7010)

Routing: RIP, EIGRP, OSPF & BGP, Route Filtering, Redistribution, Summarization, Static routing

WAN Technologies: FRAME RELAY, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems.

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, FDDI. Cisco Secure Access Control Server (ACS) for TACACS+/Radius.

VOIP Devices: Cisco IP phones, Avaya.

Routing Protocols: RIP, OSPF, EIGRP, and BGP.

Switching Protocols: VTP, STP, RSTP, MSTP, VLANs, PAgP, and LACP.

Network management: SNMP,CiscoWorks LMS, HP Openview, Solar winds, Ethereal.

Layer 3 Switching: CEF, Multi-Layer Switching, Ether Channel.

Carrier Technologies: MPLS, MPLS-VPN.

Redundancy protocols: HSRP, VRRP, GLBP.

Security Protocols: IKE, IPsec, SSL, AAA, Access-lists, prefix-lists.

Software: Microsoft Office Suite, MS SQL Server 2008, HTML.

Language: Unix, Turbo C / C++, basics in Perl and Shell scripting.

PROFESSIONAL EXPERIENCE

Confidential, Lebanon, NJ

Sr. Network Engineer

Responsibilities:

• Configured routers and coordinated with LD Carriers and LECs to turn-up new WAN circuits. Configuring, Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and troubleshooting.
• Configuring, upgrading and deployment of Nexus 7010, 5596 and 2248
• Working with Cisco Nexus 2248 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture.
• Experience with configuring Nexus2000FabricExtender (FEX), which acts as a remote line card (module) for the Nexus5000.
• Configure various LAN switches such as CISCO 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Configured Site-to-Site IPsec VPNtunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Configure Virtual Servers, Nodes, and load balancing Pools in F5 BigIP LTM.
• Configured and deployed BIG-IPLTM6900 for providing application redundancy and load balancing.
• Configured Session based persistence and configuring i-Rules for specific redirection purpose and also i-rules for persistence
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF.
• Responsible for all aspects of TCP/IP functionality across multiple enterprise environments.
• Troubleshot issues and outages on Trunks and Router interfaces and firewalls extensively.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Planned resources and presented project status to higher management.
• Configured and played with various BGP attributes such as Local Pref, MED, Extended Communities, Route-
• Performed the ACL request changes for various clients by collecting source and destination information from them.
• Created MOPS (Method of procedures) and sought the approval of peers to perform configuration changes.
• Analyzed customer application and bandwidth requirements, ordered hardware and circuits, and built cost effective network solutions to accommodate customer requirements and project scope Ensures the project will achieve targeted dates to ensure business continuity. Involved in meetings with engineering teams to prepare the configurations according to the client requirement.
• Creation of change tickets and implement according to the customer requirements.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 , 6500 switches and Cisco 3640/12000/7200/ 3845/3600/2800 routers, Cisco Nexus 7K/5K, Cisco ASA 500, windows server 2003/2008: F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSR

Confidential, Santa Ana, CA

Sr. Network Engineer

Responsibilities:

• Performed network implementation that includes configuration of routing protocols, leased lines, ISDN lines, VLANs and IOS installations.
• Troubleshot the network issues onsite and remotely, depending on the severity of the issues.
• Deployed and decommissioned the VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
• Had hands-on experience with WAN (ATM/Frame Relay), Routers, Switches and IP addressing.
• Configured and deployed VPC, OTV, FABRIC PATH between Nexus 7010 and Nexus5596,5548 switches along with FEX2248
• Worked with layer 2 switching technology architecture. Implemented L2 and L3 switching functionality, which includes the use of VLANS, STP, VTP and their functions as they relate to networking infrastructure requirements including internal and external treatment, configuration and security.
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF.
• Configured EIGRP and OSPF as interior gateway protocols with route filtering and route redistribution. Troubleshot complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF and BGP.
• Responsible for all aspects of TCP/IP functionality across multiple enterprise environments.
• Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Involved in Implementation and Configuration (Profiles, I Rules) of F5 Big-IP C-4400 load balancers
• Configured ASA 5500-X Series firewalls to provide highly secure and high performance connectivity between the site locations.
• Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) for managing the traffic and tuning the load on the network servers.
• Worked on Juniper SRX 5800 firewalls to create policies using J-Web User Interface.
• Performed Network Address Translation on Cisco ASA 8.2 and 8.3
• Used DHCP to automatically assign reusable IP addresses to DHCP clients.
• Performed the ACL request changes for various clients by collecting source and destination information from them.
• Troubleshoot the BIG-F5 1600 LTM through constant contact with the vendor.
• Created MOPS (Method of procedures) and sought the approval of peers to perform configuration changes.

Environment: Cisco Routers, Cisco Switches,Nexus 7k/5k/2k Routing protocols,F5, Load Balancer HSRP, VRRP, IPSEC VPN, VPN, QOS, ASA firewall, Load balancer, MPLS, VLANS, VTP, RSTP, ACL, NAT, IDS/IPS, Monitoring tools(PRTG, HP OpenView), SIP, RTP, RADIUS, TACACS+, Cisco Wi-Fi technologies, Juniper SRX, ASR 9000, Catalyst 6500, CRS, Cisco ASR Firewall, IPV6, Cisco IP phones

Confidential, Detroit, MI

Network Engineer

Responsibilities:

• Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• I worked on Check Point Security Gateways and Cisco ASA Firewall.
• Firewall Clustering and High Availability Services using Cluster XL on Check Point.
• Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
• Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
• Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
• Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
• Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
• Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time.
• Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building Fortigate High Availability using Fortigate Clustering Protocol (FGCP).
• Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Documentation and Project Management along with drawing network diagrams using MSVISIO.

Environment: CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, Spanning tree, Nimsoft.

Confidential

Network Engineer

Responsibilities:

• Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• As part of Security and network operations team I was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
• Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
• Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
• Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.
• Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
• Administer and support Cisco based Routing and switching environment.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

Environment: PIX, CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, SAN, Spanning tree, Nimsoft, Windows Server, Windows NT.

Confidential

Network Engineer

Responsibilities:

• Provide high level technical support, including identifying and resolving problems on Cisco supported products for e-Commerce infrastructure. This included external routing and internal/intranet routing for DMZ servers.
• Implemented cable multi-service operator (MSO) to capture traditional Telco subscribers with IP telephony and provide relevant QOS.
• Configured EIGRP, BGP, and MPLS.
• Configure Firewall, QOS by SDM and provide security by Prefix list, Access- List and By Distribution List.
• Moved Core switches and several non-Cisco devices under strict deadlines to maintain network functionality
• Implemented new ultra-secure networks in multiple data centers that included Cisco, Juniper security devices.
• Designed VLAN’s and set up both L2 and L3 logical to have it communicate to the Enterprise network.
• Scheduled preventive maintenance for fire-protection systems, including new protocols. Utilize MS Windows, Word, and Excel for reporting/documenting process.
• Satisfactorily Resolved Problems in timely manner with focus on providing a high level of support for all customers.