Ahmer Zakir
*** ********** ***, *** *********, CA 94132, USA
Contact: 310-***-****, E-mail: acn035@r.postjobfree.com
Summary of Qualifications
I have 15 years of experience as a Senior Network Engineer working on
Cisco/VMware/Citrix/F5/BlueCoat/Palo
Alto/Aruba/FireEye/Riverbed/Juniper/Netscout/Solarwinds/HP/CA networking
technologies. I have completed the PMP and Cisco Certified Network
Professional (CCNP) certifications. I have extensive hands-on experience in
the network design, implementation, troubleshooting, and configuration of
Security/LAN/WAN/WLAN infrastructure technologies such as routers,
switches, load balancers, firewalls, forward and reverse proxy appliances,
network performance management and analysis tools, virtualization, wireless
controllers, bandwidth shapers, packet sniffers, TACACS/RADIUS, BIND/DNS,
DHCP, etc.
Professional Certifications and Trainings
. Project Management Professional (PMP # 1466590)
. Cisco Certified Network Professional (CCNP)
. VMware vSphere: Install, Configure, Manage training
. Cisco MPLS training
. F5 Big-IP LTM essentials and advanced training
. CiscoWorks Wireless LAN Solution Engine training
. Blue Coat Certified Proxy Administrator and Professional
training
. PacketShaper Certified Expert and Specialist training
. Websense Web Gateway training
. Cisco CRS-1 training
. Aruba Wireless LAN implementation training
. Netscout nGenius Performance Manager and Service Delivery
Manager training
. SolarWinds Certified Professional
. CA Unicenter NSM Installation and administration
. In progress - CISSP certification
Technical Competencies
Tools Citrix XenServer, VMware vSphere\ESX, CiscoWorks LMS, Packet Design Route
Explorer, CiscoWorks Security Manager, Packeteer Intelligence Center,
Computer Associates (CA) Unicenter Network and Services Management (NSM),
CA NetQoS Netvoyant/Reporter Analyzer. Bluecoat reporter, Packeteer Policy
Center, CA Unicenter Network Performance Option, MRTG, Cisco Secure ACS,
WhatsUp Gold, Cisco SDM, SolarWinds Engineer edition, aaa-reports! for
Cisco Secure ACS, Airwave WLAN Management Platform, SolarWinds Orion
Network Performance Monitor and NCM, Kiwi Syslog, HP TopTools, OPNET
modeler (Network Design and Simulation), MS SQL Server 2008, VisualRoute
VisualTrace, Cyclades Power/KVM/Console/Server Management appliances,
Netscout Performance Manager and Service Delivery Manager, GFi Languard,
Nessus, Riverbed Wireshark/CACE Pilot, Websense Web Filter, LanGuardian,
ArcSight ESM
Platform Cisco 2611XM, 2851, 2960, 3560, 3750, 4506, 4510, ASR1000, AS5300,
s 6506/6509 (Sup2/720), 7206VXR, 7609, CRS-1, Cisco WiSM, PIX 525/ASA 5520,
Juniper EX-4200, Blue Coat 8100-10/9000-40 ProxySG appliances, Bluecoat
ProxyAV appliances with Kaspersky AV, Ipoque, PacketShaper and Anagran
bandwidth control appliances, Aironet 1100/1200/1300 access points, Aruba
7240 WLAN controllers and ClearPass, Alcatel Lucent OS6900, FireEye Web
MPS, Aironet 1410 wireless bridges, CiscoWorks WCS/WLSE, Cisco IP/TV
3412/3425, HP Procurve 4104 and 2524, F5 Big-IP LTM 3900 and 6900, Citrix
Netscaler 9000 load balancers, Packeteer 6500/7500/10000 PacketShapers,
Palo Alto Networks PA-3020 firewalls, Juniper SRX/ISG/NSM, Tipping Point
5000E IPS, Foundry ServerIronXL load balancers, NetApp NetCache C2100, IBM
BladeCenter (HS21 series), Infoblox DNSone and RadiusOne, Nortel Optical
Multiservice Edge OME 6500
Language C++, Visual Basic, Perl, Pascal, HTML
s
Operatin Windows 2003/2008 Server, Redhat Enterprise Linux, SuSe Linux, Ubuntu, Mac
g OS
Systems
Education
Master of Computer Engineering in 2002 from King Fahd University of Petroleum
Science and Minerals (KFUPM), Saudi Arabia.
Bachelor of Computer Engineering in 1998 from Sir Syed University of
Science Engineering & Technology, Pakistan.
Professional Experience
Period Organization and Responsibilities Designatio
n
12/2013 Network Services, Division of IT, San Francisco State University, Team Lead,
- California Network
Present Leading the network and security engineering team. and
Installation, configuration, and operation of security, LAN, WAN, Security
and WLAN infrastructure.
Analysis, troubleshooting and resolving complex network problems
and coordinating with vendors for fault isolation and resolution.
Strong organizational skills used to lead and track remediation
efforts upon occurrence of proactive security incident
notifications from vendors PSIRT teams.
Prepare detailed documentation including as-built diagrams, system
and network designs.
Generating and providing monthly statistics to Senior Director and
CTO.
Configuration management of all network devices and making sure
that all the devices comply with the policies.
Participate in the maintenance of network configuration
documentation as well as standard operating procedures.
Identify/recommend infrastructure upgrades and improvements.
Utilize network monitoring tools to proactively identify and
investigate network related issues.
Appropriately scoping & implementing project deliverables while
ensuring smooth transition into operational support.
Maintaining and renewing vendor support contracts.
Member of the California State University working group for
recommending security products.
1/2010 - Network Operations Center, King Abdullah University of Science and Senior
11/2013 Technology, KSA. Network
Design, implementation, operation and maintenance of the LAN and Engineer
WAN infrastructure providing connectivity to the super-computer
lab, research labs and a large scale SAP implementation.
Designing and planning Bandwidth management policies and applying
the same using a highly advanced and specialized solution.
Design, implementation, and operation of infrastructure for
providing Internet services using F5 load balancers and Bluecoat
appliances.
Provide technology planning, design, and administration for the
network infrastructure for the data center connected to more than
70 buildings.
Proposing and implementing policies and procedures for network
services and systems.
Investigating and evaluating new network technologies and
solutions.
Planning network configurations and monitoring performance to
ensure maximum availability.
Managing and monitoring the network resources using a variety of
network management tools, including Netscout, SolarWinds NPM/NCM,
Ciscoworks, etc.
Design and implementation of the DR site for providing fail-proof
networking services.
Identify requirements and implement the most efficient and cost
effective solutions (hardware, software, and management tools) to
satisfy business requirements.
Preparing RFPs for all networking projects and analyzing bids for
the same. Coordinating with suppliers and vendors for timely
completion of all projects.
Member of the Change Advisory Board approving the configuration
changes after looking at the proposed changes and the associated
risks.
Coordination with service providers for resolving WAN issues and
ensuring SLAs are met.
9/2002 Information Technology Center, King Fahd University of Petroleum Senior
to and Minerals, KSA. Network
12/2009 Managing and leading the network management group. Engineer
Design, installation, and maintenance of Cisco LAN and WLAN
infrastructure
Design, installation, and maintenance of Cisco ASA/PIX firewalls
for securing the network and providing remote access VPN service.
Design, installation and configuration of Bluecoat proxies for
forward proxy deployment.
Installation and configuration of Citrix Netscaler load balancers
for ERP applications.
Installation and configuration of PacketShapers for bandwidth
shaping and application control.
Installation and configuration of different network monitoring and
management systems like MRTG, WhatsUp Gold, CiscoWorks, and
Airwave.
2000 to Computer Engineering Department, KFUPM. Research
2002 Conducting research both individually and as a team member with Assistant
Faculty.
1999 ACE AIMS Private Ltd, Karachi, Pakistan. Software
Developed the Human Resource and the Payroll Management Systems Engineer
Projects
. Design and implementation of different solutions and policies which
include configuration of Cisco IOS features such as BGP, MPLS, EIGRP,
OSPF, Frame Relay, Etherchannels, Port Security, 802.1x, Syslog, AAA,
ACLs, VLANs, DHCP, STP, VTP, NAT, HSRP, ATM, Multicast, PBR, IP SLA,
Netflow, Remote Access and Site-to-Site VPN, and QoS features of Cisco
IOS to enforce different policies on the switches and routers.
. Design, installation and configuration of Palo Alto Networks PA-3020
NG firewalls to secure SFSU's critical business units. Enabled anti-
malware, URL filtering, Antivirus, and vulnerability protection
features on these firewalls. These firewalls were installed in active
passive high availability configuration.
. Installed and configured FireEye NX Web MPS and IPS solution to secure
the SFSU network from advanced persistent threats. This appliance was
installed in inline blocking mode to prevent call back activities.
. Configuration and maintenance of Juniper SRX 3400 firewalls to protect
SFSU's perimeter and Juniper ISG 2000 firewalls to protect the server
farm. SRX firewalls are installed in cluster configuration with two
redundancy groups. Juniper NSM tool was used to manage these
firewalls.
. Design, installation, configuration, and maintenance of the cache farm
comprising of BlueCoat ProxySG 9000-40, 9000-20B, 8100-10, and
Netcache proxy appliances:
1. Prepared High level (HLD) and low level (LLD) design documents
using MS Visio. Prepared project SOW, tasks and timelines using
MS Project.
2. Proxy appliances integrated with BCAAA agent/Infoblox RadiusOne
for user authentication and authorization based on user's AD
group membership.
3. Proxy appliances also integrated with ProxyAV appliances for
malware detection and blocking.
4. Configured the proxies to redirect traffic consuming high
bandwidth, such as YouTube traffic to the high capacity link to
alleviate congestion on the local ISP link. Applied Bluecoat CPL
policy for caching YouTube videos for improving cache hit rate.
5. Access logs exported to Bluecoat Reporter server for reporting
and investigation purposes.
6. Fine-tuning of TCP parameters on ProxySGs to improve download
speeds.
7. Redesigned the proxy infrastructure by migrating the F5 load
balancers on the Inside interface of the firewall to
transparently redirect all the web traffic to the Bluecoat
ProxySG appliances. The proxies were installed in the DMZ
earlier and were only configured for explicit mode. However,
after in-line placement of the proxies, they were configured to
intercept traffic for both transparent and explicit modes.
8. Configuration of the proxies for deploying PAC files on client
machines.
9. Configuration of proxies to send notifications\alerts in case of
health check failures or system related issues.
10. Installation and configuration of Websense TRITON solution in a
clustered environment and integration of BlueCoat proxies with
the Websense filtering solution to apply content filtering
policies.
11. Upgrade of the Bluecoat Proxy infrastructure by procuring
additional devices keeping in view the sizing recommendations
provided by Bluecoat and current and future user traffic trend
analysis.
12. Upgrading the proxy infrastructure's firmware after researching
the release notes for resolved issues and feature enhancements.
13. Coordination with Bluecoat support for reporting and resolution
of technical issues and processing of RMA requests.
. Design, installation, and configuration of F5 Big-IP 3900/6900 LTMs to
build virtual servers in a redundant topology for the Bluecoat cache
farm.
1. Created separate virtual servers for intercepting web requests
and redirecting the same to different pools of Bluecoat and
Websense cache appliances for providing explicit and transparent
caching services.
2. Allowed non-web traffic to bypass proxies by configuring
forwarding virtual servers.
3. F5s were installed in active-standby mode and configurations
synced amongst the units.
4. Upgrade of firmware and application of hot fixes, as required.
5. Fine tuning of TCP profile to resolve random disconnect issues
for an application.
6. Coordination with F5 support to report and resolve technical
issues.
. Design and implementation of bandwidth control policies. Configured
Ipoque, Anagran and Bluecoat PacketShapers bandwidth shaping
appliances to apply policies for bandwidth allocation on per
application/user basis to throttle P2P traffic and enable fair
bandwidth distribution.
. Configuration and generation of reports from the Riverbed
Wireshark/CACE Pilot packet analysis tool.
. Installation and configuration of SolarWinds Orion Network Performance
Manager and Network Configuration Manager to monitor and manage the
network devices, servers and their services.
. Installation and configuration of Netscout Infinistream and Netscout
Performance Manager along with Service Delivery Manager to monitor and
alert the administrators in case of any service degradation.
1. Configured KPIs for several applications to measure and report
performance.
2. Published newsletters to report performance and availability to
higher management.
3. Upgraded the Performance Manager, Service Delivery Manager, and
Infinistream appliances to version 5.
4. Coordinated with Netscout support for resolving technical
issues.
. Installation and configuration of Aruba ClearPass solution to provide
secure wireless connectivity and also to deploy Guest self-
registration setup integrated with Aruba Controllers.
. Configuration and maintenance of Netfort LanGuardian forensic analysis
tool to aid in the investigation about the P2P application users for
whom we received copyright infringement notices.
. Configuration and management of security scanners such as GFi LanGuard
and Nessus to report and mitigate the vulnerabilities in the servers.
. Design and implementation of the Wireless connectivity project
comprising of a total of 800 indoor access points and 450 outdoor
access points. Involved in the following phases of WLAN project:
1. Configuration of the equipment that involved Cisco 1242 and 1522
APs, WCS/WLSE, and Cisco WiSM/WLSM.
2. Configured the Airwave's AMP Professional for the management of
WLAN environment.
3. Lead a team of engineers to conduct the survey for optimal
placement of wireless access points. Air Magnet tools (Surveyor
and Analyzer) were utilized for survey and accurate placement of
the access points.
. Configuration and management of the Citrix Netscaler 9000 load
balancers to provide load balancing and SSL offloading for the Oracle
E-Business suite, Banner, and Portal servers.
1. Configured the Netscalers in Active-Standby mode.
2. Configured virtual servers for handling HTTP and HTTPS traffic.
3. Used "Least connections" load balancing method and "Cookie-
Insert" persistence method.
4. Configured HTTP monitor for checking health of the virtual
servers.
5. Generated CSR (Certificate Signing Request) which was later
signed on by the local Certificate Authority.
6. Changed the generated certificate from DER to PEM format.
7. Installed the certificate and bound it with the SSL virtual
server.
8. Upgrade of Netscaler firmware and troubleshooting of issues.
9. Configured Syslog and SNMP for monitoring purposes.
. Configuration and installation of virtual machines using Citrix
Xenserver and VMware ESXi 4.0/5.0 virtualization tools. Migrated VMs
from one host to another. Participated in the Server consolidation
project whereby we moved more than 100 physical machines to VMs.
. Configuration and Management of IBM BladeCenter, Dell and HP Proliant
servers hosting more than 100 services.
. Configuration and management of the CiscoWorks LAN Management Solution
(LMS) for configuring and maintaining the Cisco LAN and WAN
infrastructure. IOS management, fault management and configuration
management functionalities were implemented.
. Configuration and management of the Foundry ServerIron (FCSLB24)
application traffic management appliances for server load balancing of
student registration systems. Also used to provide Transparent Caching
Service for HTTP and HTTPS traffic of the ADSL network.
. Lead a team of network engineers to upgrade the Supervisor module
(Sup2) on the Cisco 6509 core switches to Sup720. This project
involved careful planning to ensure that all the hardware requirements
were met and all the configurations had to be carefully translated to
Cisco IOS format.
. Configuration and management of the CA Unicenter Network and Services
Management System (NSM) and Unicenter Network Performance Operation
(NPO). Some of the tasks performed are as follows:
1. Installed system, performance, log, and database agents on
Windows, Linux, and AIX clients.
2. Generated and published real-time and historical trends using
Performance Trend and Scope.
3. Configured NSM Portal and 2D map for different Business Process
Views (BPVs).
. Configuration and management of Cisco PIX 525/ASA firewalls providing
IPSec/SSL VPN service. Integrated with CiscoSecure ACS for user
authentication and authorization.
. Configuration and management of the Tipping Point IPS 5000E for
identifying and mitigating attacks to protect the server farm.
Installed and configured the SMS management application.
. Configuration and management of Cisco Secure ACS version 4.0/5.0
(TACACS\RADIUS) servers for providing the remote access service in
failover mode.
1. Created different groups which pertain to different groups of AD
users. The authentication servers were integrated with MS Active
Directory for user authentication.
2. Implemented TACACS+ for network device authentication with
CiscoSecure ACS.
. Worked on a consultancy project for building a new Data center for
Saudi Arabia's Ministry of Higher education.
. Configuration and management of BIND (DNS) version 9.2.4 on Red Hat
Linux, for maintaining KFUPM's external DNS service. Migration of DNS
service to Infoblox appliances.
. Configuration and management of Cisco AS5300 router for the remote
dialup service, with 8 E1 controllers.
. Configuration and maintenance of Cisco IP/TV equipment (Cisco IP/TV
3412 and 3425) for live broadcasting of the events and conferences.
. Configuration and management of Cisco 1410 wireless bridges to provide
wireless backhaul connectivity.
. Configuration and management of the WhatsUp Gold software for network
monitoring and management, which has been integrated with a SMS
Gateway so that SMS messages can be sent. Performance and resource
utilization monitoring of network devices using the MRTG/RRD and
Netscout nGenius tools.
. Network design simulation with hands on experience of designing and
simulating the traffic of a network with more than 300 hosts on OPNET
Modeler.