SUMMARY

• Energetic IT professional, B.Sc. securing 12 years of outstanding experience in the field of Network infrastructure and Network Security, highly qualified to design, implement, and manage enterprise networks and their requisite security infrastructure.
• Collaborate with executive management and department leaders to assess near and long - term network capacity needs.
• Develop, implement and maintain policies, procedures, and associated training plans for network administration, usage, and disaster avoidance.
• Worked extensively in Designing, Implementation & Managing an extensive range of network and security equipment Such as routers ASR 9K/1K, 7200/3800/3700/2800 series routers, Nexus 9K/7k/5k/2k/3K/6500/4500 switches, Cisco ASA/Checkpoint/Juniper/Palo Alto/Fortiget firewalls, Cisco ACE/F5/Citrix Netscaler Load Balancers, Cisco CSM/tufin/checkpoint domain Manager Management tools .
• Expert at implementing and troubleshooting technologies like MPLS, MPBGP, multi VRF and L2 & L3 protocols such as - BGP, EIGRP, OSPF, STP, RSTP, MSTP, HSRP and VTP.
• Expert in firewall security policies, configuring and setting up IPS and IDS in complex corporate network
• Experience in network security technologies like VPN, IPsec, NAT, GRE Tunnel, Zone based firewalls, access-lists control, Radius/Tacacs Authentication and ACE.
• Worked on enterprise-wide security architecture design, development and Security Monitoring / Reporting, Policy Development, compliance, Vulnerability Assessment and Penetration Testing.
• Experience with the design, architecture and implementation of Virtual Infrastructure environments using VMware.
• Excellent in project management - Work closely with customers, 3rd party multiple service providers, hardware vendors for installation, maintenance and migration activities
• Consistently seeking and implementing new and more efficient processes to improve the organization LAN, WAN, Disaster recovery, Business Continuity and security architecture.
• Hands On Experience with Network Automation with python
• A proven Team member and Mentor to the fellow networking professionals and ability to manage the technical teams to deliver the quality and meet the corporate goals with optimum time and resources.
• Follow Change Management process, submit a change request, attend cab and get approval.
• Team player and an innovator who is willing to go the extra mile to achieve company objectives.
• Self-motivated and a quick learner, constantly studying and training to keep abreast of new technologies.
• Experience with PCI compliance.
• Excellent planning, organizing, problem solving and prioritizing, Interpersonal skills.

TECHNICAL SKILLS

Firewalls: Check Point, Cisco ASA, Palo Alto, Juniper, Fortinet and SonicWALL

Technologies: Routing and Switching (Layer 2 and Layer 3), Network Security, Load Balancing, VPN, Virtualization and

Hardware/ Platforms: Nexus 9000, 7000, 5000, 3000 and 2000 series, Cisco Routers and Switches Cisco ASR 9000/1000, Cisco 6500, 4500 and 3700 series, Firewall such as Cisco ASA, FWSM, Checkpoint, Juniper firewall, Palo Alto, Fortinet, Load Balancers such as Cisco ACE, Citrix NetScaler, F5 load balancer (LTM & GTM), Intrusion Detection System (IDS), IPS, Cisco IPS 4300, ASA 5500 AIP-SSM 10 module, Cisco IDS 4235 Appliance Sensor. Tipping Point and Checkpoint IPS

Protocols & Advanced Technologies: RIP, EIGRP, OSPF, BGP, MPLS, TCP/IP, UDP, QOS, VRFs, VPN, IPSec, GRE tunnel, VLAN, VTP, STP, HSRP, Inter VLAN, Ether Channel, Access Control List, DHCP, DNS, NAT, PAT, SNMP, IPAM,, SSLVPN, SSL/TLS, Syslog, SIEM, SSH and FTP, TFTP Cisco Security Manager

Network Monitoring: Netscout OptiView XG, Wire shark, Solar winds, Zabbix Cacti, Nagios

Operating Systems: Windows, Linux and MAC OS.

Web Security: Websense, checkpoint, sonic wall

Network Management: Solarwinds Orion network performance monitor /Engineers tool Set/MRTG/ Cacti/Nagios, packet analyzer, LDAP, Visio, Wsus, MS Project,Cisco ASDM, Cisco Prime Infrastructure, Cisco CSM.

Virtualization: VMware VSphere, ESX/ESXi 5.x/4.X

Standards and Policies: ITIL, change / Incident Management

PROFESSIONAL EXPERIENCE

Confidential

Network Security Consultant

Responsibilities:

• Provide senior level services focusing on designing, installing, configuring, and integrating F5 network and check point technologies.
• Provides project leadership for design and installation projects using standard technologies.
• Support Content delivery environment build activities including creation of virtual servers, profiles, encryption policies, and iRules based on customer requirements.
• Configure Global Traffic Manager services and policies
• Works closely with developers to implement reliable, manageable, and secure solutions that meet Vanguard standards and add value to the clients
• Performance issues, interprets trends (e.g., traces of network traffic), and implements improvements.
• Use Check Point SmartDomain Manager tools and techniques to work and manage daily operational Firewall Service Requests to create, modify, or remove rules, policies and objects within a Checkpoint environment.
• Facilitate device refresh of network security devices with a focus on capacity, manageability, and security of new and existing security infrastructure.
• Support the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices

Environment: VIPRION 2400, BIG IP 4000 series, BIG IP 2000 Series, checkpoint 44k/66k, bluecoat ProxySG

Confidential

Network and Security Consultant

Responsibilities:

• Communicate with client, understand requirements thoroughly and provide optimum network architecture solution
• Provide monthly network analysis, uptime, and utilization reports.
• Work on multi-vendor environment and provide solution consisting of different networking devices such as Cisco routers, switches, Cisco/Checkpoint firewall, and F5 load balancers.
• Monitor, evaluate, and maintain systems and procedures to secure organization information. Develop, implement, and enforce security strategies, policies and procedures
• Analyzing and Remediation of Palo Alto, Checkpoint, Juniper and fortinet Firewall Rules and Policies
• Implementation zone based Firewalling and Security rules on the Palo Alto / Juniper Firewall. Policy and secure rule creation. Executing change requests to the firewall rule base
• Work closely with Network Architect, implementation and support team for end to end smooth transition thoroughly.
• Palo Alto firewall -configure interfaces, zone, NAT PAT, Integration with Panorama create and apply profile and policy for Granular Application control, zone protection, SSL Outbound encryption, URL Filtering, AV profile, Vulnerability and spyware protection, LDAP Authentication and enable USER - ID Feature, file blocking, data filtering and DOS Profile and implemented SSL VPN, site to site IPsec VPN.
• Responsible to develop and maintain HLA, low level Network Design Documents, configuration templates, implementation guidelines, visio diagrams.
• Standardized network management and monitoring tools across the organization to provide real-time alerting leading to greater uptime and increased security. Drafted and implemented policies and procedures regarding network equipment, maintenance, and monitoring.
• Provide implementation support, perform troubleshooting and do root cause analysis
• Design and implement multilayer solutions on switches, routers, hardware and virtual load balancers, firewalls on various platform in a multi-client environment
• Design and implement Network DR solutions
• Designing and Implementing Migration project for various firewalls (Cisco FWSM, ASA, Checkpoint, Palo Alto and Juniper) and Load Balancers which include (Cisco ACE to F5 LTM, Brocade vADC )
• Implementing and troubleshooting remote access technologies: IPSec B2B, IPSec, SSL VPN client based and clientless remote access on check point, cisco ASA, Palo Alto, Fortiget and Juniper Firewalls.
• Provide support for problems related to firewall and network issues.
• Perform operational task like IOS upgrade, HA Fail over test and configuration, troubleshoot and manage firewall policies, create server farm / virtual server on load balancer, create SSL CSR, install / Upgrade SSL certificate, Apply iRules, Troubleshooting network / security incidents, packet captures and analyze issue from capture.
• Cleanup of unused Firewall (on checkpoint /cisco ASA/fortinet firewalls ) rule, Services and Protocols, VPN Configuration, Troubleshooting, Blocking Inbound and Outbound malicious traffic, Version upgrade
• Cleanup of unused Firewall rule, Services and Protocols, VPN Configuration, Troubleshooting, Blocking Inbound and Outbound malicious traffic and IOS/OS upgrade
• Analyzing and Remediation of firewall Rules on various platform firewalls
• Implementation and Troubleshooting of LAN, WAN, Network Security Product and Technologies
• Implement and Manage infrastructure security and vulnerability management, Patch Management
• Systematically analyze and identify problems to determine the causes and propose solutions
• Follow Change Management process, submit a change request, attend cab and get approval.

Confidential

Network Implementer

Responsibilities:

• L2 Transition - Adding VPC for ACI L01/L02 to Core Switches
• Adding various Vlan for APIC CIMC, APIC MTMG, IMPI MGMT, Hyper/CVM - vCenter and Infrastructure Vlan, Vlan Pool for VMM domain, Vlan pool for physical domain, Vlan pool for L3OUT
• Configuring ACI initial configuration
• Create Policies and Profiles for Fabric Policies, L3 Out Policy, Link Level Policies, Port Channel Policies, Configure Profile for Interface Leaf Profiles, Switch Leaf Profiles
• Creating L2 VPCs, vCenter DVS- VMM Domain
• Configure internal ACI L3 EPG, vzAny EPG, OOB management and OOB EPG and contracts
• Configure Tacacs, syslog, SNMP,DNS, Backup
• ACI Infrastructure Upgrade

Environment: APIC-SERVER-M2(UCS C220 M4),N9K-C9336PQ(Spine SW),N9K-C93180YCEXB18Q(Leaf Switches),Nutanix (hypervisor),Cisco Cat 4507,Nexus 5K,C3560,cisco 6509,Cisco ASAv

Confidential

Network Designer

Responsibilities:

• Design and Implement L2, L3, MPLS and VPN for Network Infrastructure.
• Provision Switch ports and VLAN
• Implement L3 connectivity between Internet service provider ( Confidential 500 Mbps) and Confidential Network
• Configure Eigrp between Nexus Switches and MPLS Service Provider CE device(AT&T)
• Configure HSRP on Nexus core L3
• Configure L3 Interfaces and routing on Check point firewall (Internet, VPN, DMZ, WAN)
• Configure Access Policy on firewalls
• Provisioning VLAN and Network IP addresses for end point servers and virtualize environment
• Configure F5 LTM Partition and allocate resources for DMZ, Prod and Non-Prod environment
• Configure L2 connectivity for Fiber Interconnect, Storage and other network devices
• Activate GDN Inter-DC Transport Services
• Configure Site to Site VPN and Remote Access VPN on Firewall
• Configure Network devices for infrastructure services - Monitoring, syslog, NTP, TACACS,

Environment: N5K-C5672UP, N2K-C2348TQ4F, Checkpoint firewall, F5-BIG-LTM-2200S, CISCO3925-HSEC+/K9, Fortinet IDS/IPS Appliance Fortinet 500D

Confidential

Network Implementer

Responsibilities:

• Design and provision resources for physical connectivity.
• Build the L2 infrastructure on both MDC Core, Management and UA switches
• Build the management infrastructure
• Configure DNS entries
• Configure Firewall rules
• Configure monitoring, syslog

Environment: Netscaler SDX-11515, Palo Alto PA-5050, Nexus 5548UP

Confidential

Network Implementer

Responsibilities:

• Configure new ASA 5585, PA-5050 devices in HA
• Configure VPC on core Nexus Switches for Primary and Backup firewalls.
• Extend VLAN through core network to ASA 5585X, PA-5050 cluster
• Configure system and Admin Context
• Create Global Policy for resource sharing for multiple context
• Create Context per client
• Convert Configuration using migration tool for Palo Alto
• Convert NAT rule manually for accuracy
• Collaborate with Client Delivery Manager, Client and Other internal team for Migration Activity

Environment: Cisco FWSM, Cisco ASA 5585X, Palo Alto PA-5050

Confidential

Network Administrator

Responsibilities:

• Network Infrastructure Design, Implementation and Maintenance
• Handled end to end network infrastructure - network architecture, design, implementation, configuration, management, monitoring, support and troubleshooting
• Implemented security policies on checkpoint and Palo Alto firewalls to take care of traffic analysis and allowing only necessary access as per the company standard and requirements
• Cleanup of unused Firewall rule, Services and Protocols, VPN Configuration, Troubleshooting, Blocking Inbound and Outbound malicious traffic, Version upgrade
• Implementation of Site to Site VPN for vendor and Teleworker associates using IPSec
• Palo Alto firewall -configure interfaces, zone, NAT PAT, Integration with Panorama create and apply profile and policy for Granular Application control, zone protection, SSL Outbound encryption, URL Filtering, AV profile, Vulnerability and spyware protection, LDAP Authentication and enable USER - ID Feature, file blocking, data filtering and DOS Profile and implemented SSL VPN,site to site IPsec VPN.
• Provided ON-Call support, troubleshoot, resolve all networking issues and handle all escalations from L1 and L2 team
• Implemented redundant network for co-location connected to HO network.
• Design and implemented checkpoint firewalls in HA Cluster.
• Implemented F5 LTM Load Balancers for load balancing solutions for multiple applications.
• Implemented site-to-site VPN between Cisco ASA, Checkpoint and fortinet firewalls.
• Analyzing and Remediation of Checkpoint and fortinet Firewall Rules and Policies.
• Provide support for problems related to firewall and network issues.
• Configuring IPS/IDS, checkpoint, cisco IPS 4300, ASA 5500 AIP-SSM 10 module, Cisco IDS 4235 Appliance Sensor
• Configure and manage Secure DMZ Zone for Server Farm.
• Configure SSL VPN for roaming user to securely access the network resource.
• Implementing SSL Certificate on web server.
• Implementing L2 Port security, DHCP snooping, TACACS+ for AAA, -Dynamic ARP inspection for MAC Spoofing,
• Implemented L2 and L3 on Cisco 6509/6513 Switches.
• Coordinating deployment of company’s software for Frontend/Backend servers and POS terminals to comply with PCI DSS requirements.
• Conducting network scans, vulnerability assessments and monitoring company’s network to comply with PCI DSS standard.
• Analyzing Firewall Rules and Policies, Cleanup of unused rule, Services and Protocols
• Narrowing down Security Risk by rewriting Firewall Rules with Specific Source and Destinations, ports and services, Managing IPS-IDS
• Racking switches, routers, firewalls
• Cabling installed devices to ensure tidy cage layout
• Day to Day troubleshooting in LAN/WAN routing, switching, IPSec VPN, SSL VPN, firewall related issues and TCP/IP related problems.
• Work closely with other teams to troubleshoot, diagnose, and correct all firewall, network, and application related issues
• Documenting proposals for high level presentation
• Follow Change Management process, submit a change request, attend cab and get approval.
• Researching technologies to provide effective solutions
• Architecture, design, install, configure VMware ESX, ESXi, vSphere 5 environments with Virtual Center management, Consolidated Backup, DRS, HA, vMotion, VMware Site Recovery Manager (SRM),vCenter Operations Manager.
• Architect, Design and implement SAN environments to ensure high availability and acceptable performance characteristics for VMware vSphere and SAN-backed applications.
• Customize layer 2 and layer 3 networking between VMware, networking components and storage for high availability and maximum performance.
• Develop, test, and maintain a disaster recovery plan for critical VMs and application data.
• Experience with 3rd party solutions in VMware environments including Veeam, Symantec, TrendMicro and Cisco.
• Configuring networking to allow for multiple hosted environments
• Ensuring multiple environments can fail over to one another in the event of disaster
• Design and deploy Amazon Web Services, including EC2, S3, CloudFront, Glacier, Auto Scaling, CloudWatch, SES, RDS, Route 53, IAM, and ElastiCache.
• Auditing and recommending upgrades from both hardware and licensing standpoints
• Creating detailed and thorough documentation that is continuously updated to ensure all elements are highlighted and noted in a manner that is understandable by the team
• Maintaining meticulous diagrams to allow for ease of troubleshooting and configuration
• Training junior team member(s) to ensure proper understanding and upkeep of systems in place
• Designed and implemented entire Windows based domain to be used company wide
• Created new resources on request (virtual machines, firewall rules, network configurations)
• Maintained all key internal and production systems on both Windows and Linux platforms
• Manage Application servers and database servers

Confidential

Technical Analyst

Responsibilities:

• Effectively respond to inquiries of both a product and technical nature received by telephone, fax, letter or e-mail from internal and external clients regarding any of the products and services offered by GDP such as CMO, CBB, FTS, Lightning Fax, FX Web and their related applets
• Analyze the client problem or issue, refer to the appropriate resource material or consult other experts and provide the appropriate solution. This includes opening tickets with HP to communicate and escalate variances with product or delivery channels
• Follow up with the client to ensure that their enquiries have been satisfactorily resolved
• While taking the customer’s call, clearly document a detailed problem log using Siebel call tracking software
• Identify recurring anomalies or irregularities to determine their frequency, cause and recommend potential solutions. Assist in the development of supporting documentation or procedures

Confidential

Network Engineer

Responsibilities:

• worked with customer and implemented, supported and decommissioned network setup for the network infrastructure as pre-the customer standards
• Worked as first point of contact for customer and communicated customer about update and progress of all network related activities
• Worked with local service provider for circuit ordering, installation and testing for last mile only and integrating it with global MPLS network for end to end network connectivity
• Prepared site-report document, worked with the TDA for design documents preparation and review

Confidential

Network Engineer

Responsibilities:

• Was part of Change management (ITIL model) and implemented layer 2, layer 3 network changes as per the defined standards
• Did troubleshooting and Resolved L2 & L3 issues to provide optimum solution to the customer
• Prepared BOM for hardware requirements and worked with 3rd party hardware vendor Cisco for hardware procurement and local ISP vendors for circuit orders, turn-up and testing

Confidential

Network Engineer

Responsibilities:

• Interacted with the customer and gathered network infrastructure requirements and provided best solution in terms of hardware, circuit, design, etc. after thorough analysis