SUMMARY

• Overall 9+ years of extensive hands - on experience in network engineering, design, operations, installation and troubleshooting.
• Experience working with Bluecoat Proxy as forward proxy for URL filtering.
• Experience in layer-3 routing and layer-2 switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches).
• Experience in Juniper product line for configuring and troubleshooting MX 480, MX 960 routers, SRX-1500, SRX-3600, SRX-5800 Firewalls.
• In-depth expertise withF5BIG-IP … series installation/ configuration/ support.
• ConfiguredF5Big IPs with VIPs, Pool, iRules and SSL certificates to ensure traffic wasload balanced.
• Experience with Management Platforms such as Provider-1/MDS, Juniper NSM, Cisco CSM.
• Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform; including implementing, configuring, and integrating F5 GTM, LTM, APM, ASM, iRules, IPv6, SSL,
• Experience with Firewall Virtualization Platforms such as Check Point VSX, Cisco Multiple Context Firewall as well as VDC
• Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
• Expert level understanding in implementing TCP/IP addressing scheme, LAN/WAN Protocols, and IP Services
• Detailed experience with Brocade and Cisco enterprise class fiber channel switches to include zoning, ISL trunking and firmware upgrades.
• Experience working in Enterprise scale Security implementations with hundreds of security gateways segmented through multiple DMZ, Perimeter and External zones with Heterogeneous network/security appliances
• Knowledge on Cisco networkrouting/ switching (Layer 2&3) experience, including LAN, WAN & SDN, implementation which include Layer 1 to Layer 7 experiences.
• Good knowledge on VOIP protocols like H.323, SIP, MGCP and SS7 and interfacing of TDM to VOIP system
• Vulnerability assessment using tools such as Nessus and Qualys.
• Flexible for On Call Rotation and off hour support especially upgrades & Maintenance.
• Demonstrated abilities in enterprise wide network design, integration and support.
• Unsurpassed customer service, dedicated, positive, team-oriented attitude with proven leadership and success in highly visible roles for various sized project implementations.

TECHNICAL SKILLS

Routers: Cisco 1900, 2600, 2800, 2900, 3600, 3800, 3900, 7200, 7600 Juniper MX80, MX240, MX 480, MX960, ACX 1000, M120

Switches: Cisco 3550, 3750, 4500, 4900, 6500, Nexus 2248, 5548, 7010 Juniper EX3200, EX4200, QFX3500

Routing Protocols: OSPF, IGRP, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting

Switching Protocols: VLANs, Dot1Q, VTP, STP, ISL, DTP, RSTP, VLAN Maps, GLBP, CEF, DCEF, Spanning Tree, PVST, Port Security

Security Protocols: Cisco FWSM/ASDM, Nokia Checkpoint NG, Juniper SRX, PSEC, VPN, CBWFQ, LLQ, WRED, Policing/Shaping.

Firewalls: Palo Alto Firewalls PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series, Juniper SRX240, SRX260, SSL/VPN MAG 2600, 4610 and 6611, watch guard, Cisco ASA, CSM, ASDM 5520, 5540, 5500-x, Check points R77.30, R62, R65.

Network Monitoring: Cisco Works 2000, Wire Shark, Solar Winds

Networking Technologies: LAN/WAN Architecture, TCP/IP, VLAN, VTP, NAT, STP, IPS, IDS, DHCP, DNS, IPsec, VPN, VRRP, GLBP

Software and Tools: Cisco IOS, Gaia OS, Unix, Cato’s, Linux 6.2, Windows XP, Vista, 7, 2003 Server/Workstation, MS project, Word, Excel, Power point, Access Outlook

Operating Systems: Windows Server 2003 R2, 2008 R2, Server 2012 R2, F5 TMOS 10.2-11.5.1 , Red Hat Enterprise Linux 5, Cisco IOS, Adtran AOS, Brocade FOS, Windows XP/7/8.

PROFESSIONAL EXPERIENCE

Confidential, Columbus, OH

Sr. Network Security Engineer

Responsibilities:

• Managed Firewalls withCheckpoint, CiscoASA and reviewed information security requirements, assessedsecurityrisks, and definedsecurityrequirements.
• Reviewed, Analyzed and Documented current firewall configuration and monitor for any post-production issues and fix issues.
• Designed the migration from current firewall technologies to the new firewall standard (s) and execute the migration in production environment ensuring minimal customer impact and application downtime.
• Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NAT'ing, NAC product sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.
• Ensured interoperability with other Networksecurityand Network components remains intact.
• Good knowledge of IPv4 and IPv6 Addressing, Fixed Length and Variable Length Subnet Masking (VLSM), OSI and TCP/IP models.
• Physically assembled Firewalls, IDS/IPS, and Nexus 7ks and assisted in Rack -n-stack within the Data Center.
• Good knowledge on Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), Security Information and Event Management (SIEM).
• Responsible for the planning and migration of all IT related systems from Brocade NLB's with MS TMG to F5 BIG-IP Local Traffic Manager with APM and MSM modules.
• Analyzing and Managing networking requirements of different environments (VLANs, trunking, multicast, VRFs, OSPF& BGP routing, in a Cisco based environment)
• Worked on lab testing and prod testing to drive the development of Overlay and underlaySDN.
• Understanding of SDN/NFV ecosystemSDNcontroller with Real-time engagement, support diagnostics, billing and business automation forSDN.
• Installs, maintains and optimizes Dell/EMC Claiiron hardware, software and Local Area Network McData, Brocade and Cisco and configurations at customer sites.
• Produced all "Qualification" documentation for the Firewall environments and Document migration plan
• Managingsecuritypolicy configuration and policy setup, proxy servers, manage content filtering.
• Experience working with Nexus 2000, 4000, 7000 series
• Setting up Cisco Meraki MX84 and MS 225 in the Lab for testing the new pilot project with the Cisco Meraki
• MS225 switches and testing the Dongle to allow access to wireless broadband.
• Enterprise Routing experience using protocols RIP v1 & 2, EIGRP, OSPF and BGP.
• Implementing securitypolicies using Cryptography, ACL, SDM, PIX Firewall, IPsec, VPN, and AAAsecurityon different series of routers.
• Daily support enabling customers to integrate application with multiple vendor platforms. Cisco, Checkpoint, Juniper, Palo Alto, F5, and Blue coat.
• Experience with different NetworkManagement Tools and Sniffers like Wireshark (ethereal), HP-Open view, RSA envision, NetFlow to support 24 x 7 NetworkOperation Centre.
• Installed, Administrated, Upgraded, and Deployed theBlue coat proxy servers, content filtering, and policy including the BCAAA (Blue coat Authentication Agent) Servers.
• Strong knowledge and experience in implementing, configuring VPN technologies like IPSec, MPLS.
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning,
• Proficient in Checkpoint, Cisco, Juniper, Lucent, Fortinet andBlue coat technologies.

Confidential, Commack, NY

Jr. Network Security Engineer

Responsibilities:

• Responsible for the Global design, engineering, and level 2/3 support of existing network technologies services and the integration of new network technologies / services
• Key contributions include troubleshooting of complex LAN /WAN infrastructure that include routing protocols EIGRP, OSPF & BGP.
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to point site.
• Configured RIP, OSPF and Static routing on Juniper M and MX series Routers.
• Data center to new Juniper M120.
• Experience with Cisco Device Manager, Fabric Manger, Brocade Data Center Fabric Manager and Brocade web tools.
• Experience with virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.
• Used Brocade web tools and Fabric Manager to configure Zoning on Brocade switches.
• Racking, stacking, configuring NEXUS 5K and 2K and 7K.
• Worked with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for data center access architecture.
• Configuring Cisco ACS 4.0 along with TACACS+ server authentication.
• Configure VRRP & GLBP and VLAN Trunking 802.1Q & ISL, STP, Port Security on Catalyst 6500 switches.
• Creating, adding and deleting new rules and objects on Checkpoint firewalls R65/ R75.
• Troubleshoot network issues using Checkpoint tracker tool.
• Documentation involved preparing MOPs, Work Orders, DCE cabling and NEMS request. Also creating and submitting Remedy tickets and Homer work orders.
• Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) for managing the traffic and tuning the load on the network servers.
• Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
• Worked in Configuration and extension of VLAN from one network segment to other segment between different vendor switches (Cisco, Juniper)

Environment: Cisco Routers/Switches, Nexus 5k, 7k, MPLS, VLAN, HP Open View, L2/L3, F5, MOPs, Checkpoints, Trunking, Virtual Servers.

Confidential, HOBOKEN, NJ

Network Engineer

Responsibilities:

• Implementation and support of firewalls in the environment including policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Perform Firewall upgrades with minimum or no downtime.
• Work in a Checkpoint VSX environment with Virtual firewalls.
• Configure High Availability Checkpoint ClusterXL on VSX as well as perform Upgrades
• Experience working in Provider-1 Environment with Multiple CMA’s and dozens of gateways.
• Optimizing Firewall Policy, grouping objects, verify NAT and clean-up of unused firewall rules.
• Building of New Check Point Security Gateways and performing in place upgrades.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Implemented IDS/IPS on dedicated IDS/IPS 4260, software based IOS based IPS on Cisco 1921.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Work with Site to Site VPN including building new tunnels as well as support existing tunnels.
• Use Provier-1 /Multi Domain Security MDS platform with several hundreds of gateways administered through group of CMA’s / Smart Centers.
• Analyze logs, traces from CiscoUCSServers and provide root cause analysis to clients for network related issues.
• Work with partners who use, CiscoUCSServers, Cisco Nexus series, Cisco catalyst switches, Cisco NX-OS Software operating system, CiscoUCSManager,UCS B-series/C-series servers, Cisco UCS
• Manage Cisco ASA Firewalls using CLI, CSM (Cisco Security Manager).
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Strong TCP/IP understanding. Knowledge of debugging Cisco ASA Firewall.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Worked on Checkpoint Firewalls, Juniper(SRX, SSG/ISG), Blue coat proxies, Palo Alto firewalls. Installed, configured Checkpoint via GAIA, R55 and NGX R60, R75, R77.3, 77.2.
• Implementing the High Availability both Active/Passive and Active/Active using NSRP in Juniper firewalls.
• Installing Drives for all supported OS in UCSB-series and C-series
• Experience with deploying Fabric Path using Nexus 7000 Devices. Designed & Deployed Cisco ISE 1.2/1.3 for Enterprise RADIUS Authentication with Active Directory, RSA Secure ID, Proxy Radius Services to CiscoACS and Radiator Radius.
• Implementing Citrix NetScaler 10 for Networking and Traffic Optimization (CCA) (BETA), Citrix License CTX48
• Migrating the juniper ISG firewalls form L2 mode to L3 mode and also implementing the active/passive configuration using NSRP. network
• Supported TippingPoint's full range of Intrusion Prevention devices with any issues from configuration to upgrades and packet analysis.
• Configure NAT in Juniper SRX platforms using Jun OS based on the zones.
• Configure and troubleshoot Remote Access VPN using Juniper SA VPN / MAG appliance for Vendor access and also for all employee corporate Access.
• Implementation of High Availability by creating the HA zones for Netscreen firewalls using NSRP and also supporting the cluster pairs.
• Managing the firewalls in Juniper management environment NSM 2010.x, 2012 Jun OS Space 13.x,14.x.
• Configuring and troubleshooting Juniper MX series high performance Ethernet service routers for advanced QoS and low latency.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Administer and support Big IP LTM for all Local Load balancing and use GTM for load balancing between DC
• Vulnerability assessment using tools such as Nessus and Qualys, and implementation of Security Policies.
• Knowledge in design and deploy of F5 LTM, GTM, APM, ASM solutions.
• Experience with working on latest cisco switches like Nexus 2000,5000,6000 and 7000 series switches while implementing advanced features like VDC, VPC, OTV and Fabric path.
• Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
• Support Data Center Migration Project involving physical re-locations.
• Created well-defined requirements documentation and process for F5 LTM, GTM, ASM, APM deployment.

Confidential, ENGLEWOOD CLIFFS, NJ

Network Security/System Engineer

Responsibilities:

• Configured various Routing protocols such as RIP, OSPF, EIGRP, static routing.
• Coordinated efforts with Engineer's to ensure all network devices conformed to definednetwork standards.
• Configure, troubleshoot Spanning- Tree, EIGRP, OSPF, BGP, PAT/NAT, ACLs, HSRP and IPSEC/GRE tunneling.
• Created, removed users, and mapped network drives from the Active Directory on clients’ workstations
• Configured email outlook setup from Outlook and Microsoft Exchange Management Console
• Configuration and extension of VLAN from one networksegment to other segment between different vendor switches (Cisco, Juniper)
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Deployed and maintained Juniper firewalls-globally.
• Apply firewall configurations on Juniper ISG 2000 firewalls
• Configured CIDR IP RIP, PPP, BGP and OSPF routing.
• Troubleshoot TCP/IP problems; troubleshoot connectivity issues in multi-protocol Ethernet, Environment.
• Configuring and troubleshooting with Cisco ASA (5550/5520), Juniper SRX (3600/650).
• Configuration of STP and Port Security on Catalyst 2900, 4900, 6500, 6509 and 7509 switches.
• Configuring VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches.
• Assisted clients with mobile devices support (iPhone and Blackberry)
• Used Postini to administer clients’ emails by adding, deleting, and managing users and groups
• Configured network printers; removed malware / trojans on clients’ affected workstations
• Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
• Configuration & troubleshooting of routing protocols: BGP, OSPF, LDP, EIGRP, RIP, BGP v4.
• Used various scanning and sniffing tools like Wire Shark.
• Configuring and implementing Checkpoint VSX firewalls.
• Implementing, supporting and maintainingnetworkservices.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls
• Troubleshooting of DNS, DHCP and other IP conflict problems.
• Troubleshooting L2/L3 environments. Troubleshooting the issues with the MPLS VPN connectivity and also Configured Virtual Routing Forwarding (VRF) on Cisco routers.
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
• Troubleshooting of Cisco 2800, 2900, 3700, 3900, 7200, 7600 routers.
• Creating PVLANs and preventing VLAN hopping attacks and mitigating spoofing with snooping and IP source guard.
• Provided remote support over the phone as well as used remote utility software such as Bombgar and Citrix to connect to client’s workstations and resolved their issues
• Key contributions include troubleshooting of complex LAN/WAN infrastructure.
• Enabled STP enhancements to speed up thenetworkconvergence that includes BPDU Guard, Port-fast, Uplink-fast on various layer 2 and layer 3 switches.
• Monitor, troubleshoot, test and resolve Frame Relay, ATM, and PPP.
• Maintaining Core Switches, creating VLANs and configuring VTP
• Migrating the terminating VPN from Cisco technology to Juniper technology.
• Back up a Cisco IOS to a TFTP server and upgrading and restoring a Cisco IOS from TFTP server.
• Performingnetworkmonitoring, providing analysis using various tools like Wireshark, SolarWinds and Cisco Works, Tcpdump.

Environment: Cisco 2900, 4900, 6500, 6509 and 7509 switches. Cisco (2800, 2900, 3700, 3900, 7200, 7600) Routers, MPLS, OSPF, BGP, EIGRP, NAT, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP), RTSP, BPDU, PPP, ATM

Confidential, NEWYORK, NY

Network Engineer

Responsibilities:

• Administer Checkpoint firewall with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Center based Smart Dashboard.
• Monitor the health and logs using Smart view tracker and smart monitor on the Checkpoint firewall.
• Check Point Firewall Log review and analysis using Manage Engine.
• Administer and Support Check Point Firewalls in the network between various security zones.
• Responsible for ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• Vlan implementation, Spanning Tree Implementation and support using rapid stp and mst avoid loops in the network. Trunking and port channels creation.
• Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Troubleshooting firewall using CLI including packet captures to identify issues related to policy, NAT and Routing.
• Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
• Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
• Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
• Project Documentation and MS Visio for drawing Network Diagrams and managing IP address information.
• Worked on implementation and support of VOIP and Unified Communications.

Confidential, BROOKLYN, NY

Jr. Network Engineer/ IT technician

Responsibilities:

• Manage office network with Cisco devices with network devices including 2500 and 3600 series routers and 3500, 2900, 1900 series switches.
• Assisted students with the use of Microsoft Office Suite, printing, and fixing Laser Jet printer issues
• Provided guidance on how to use Lexis/Nexis and West Law Database search engines
• Solved hardware and software problems in conjunction with New York City Department of Education Desktop Support
• Ensured that LCD projectors, smart boards, and all other related audio/video equipment’s functioned properly
• Set up new computer equipment’s in classrooms and offices; provided assistance in use of technology to teachers and students
• Imaged PCs (Dell) and MACs
• Configured and managed networks using L3 protocols like RIPv2, IGRP.
• Designed networks and provided security between various offices of the organization.
• Configured VLANs, Private VLANs, VTP and Tracking on switches.
• Configured L2 and L3 security features on devices.
• Hands on Experience in Inter-VLAN routing, redistribution, access-lists.
• Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
• Experience on Cisco IOS and Upgrading Cisco IOS using TFTP server.
• Involved in SNMP Network management.
• Worked on various Sniffing tools like Ethereal, Packet Sniffer.
• Backups of Cisco router configuration files to a TFTP server.