Ahmer Zakir

*** ********** ***, *** *********, CA 94132, USA

Contact: 310-***-****, E-mail: acn035@r.postjobfree.com

Summary of Qualifications

I have 15 years of experience as a Senior Network Engineer working on

Cisco/VMware/Citrix/F5/BlueCoat/Palo

Alto/Aruba/FireEye/Riverbed/Juniper/Netscout/Solarwinds/HP/CA networking

technologies. I have completed the PMP and Cisco Certified Network

Professional (CCNP) certifications. I have extensive hands-on experience in

the network design, implementation, troubleshooting, and configuration of

Security/LAN/WAN/WLAN infrastructure technologies such as routers,

switches, load balancers, firewalls, forward and reverse proxy appliances,

network performance management and analysis tools, virtualization, wireless

controllers, bandwidth shapers, packet sniffers, TACACS/RADIUS, BIND/DNS,

DHCP, etc.

Professional Certifications and Trainings

. Project Management Professional (PMP # 1466590)

. Cisco Certified Network Professional (CCNP)

. VMware vSphere: Install, Configure, Manage training

. Cisco MPLS training

. F5 Big-IP LTM essentials and advanced training

. CiscoWorks Wireless LAN Solution Engine training

. Blue Coat Certified Proxy Administrator and Professional

training

. PacketShaper Certified Expert and Specialist training

. Websense Web Gateway training

. Cisco CRS-1 training

. Aruba Wireless LAN implementation training

. Netscout nGenius Performance Manager and Service Delivery

Manager training

. SolarWinds Certified Professional

. CA Unicenter NSM Installation and administration

. In progress - CISSP certification

Technical Competencies

Tools Citrix XenServer, VMware vSphere\ESX, CiscoWorks LMS, Packet Design Route

Explorer, CiscoWorks Security Manager, Packeteer Intelligence Center,

Computer Associates (CA) Unicenter Network and Services Management (NSM),

CA NetQoS Netvoyant/Reporter Analyzer. Bluecoat reporter, Packeteer Policy

Center, CA Unicenter Network Performance Option, MRTG, Cisco Secure ACS,

WhatsUp Gold, Cisco SDM, SolarWinds Engineer edition, aaa-reports! for

Cisco Secure ACS, Airwave WLAN Management Platform, SolarWinds Orion

Network Performance Monitor and NCM, Kiwi Syslog, HP TopTools, OPNET

modeler (Network Design and Simulation), MS SQL Server 2008, VisualRoute

VisualTrace, Cyclades Power/KVM/Console/Server Management appliances,

Netscout Performance Manager and Service Delivery Manager, GFi Languard,

Nessus, Riverbed Wireshark/CACE Pilot, Websense Web Filter, LanGuardian,

ArcSight ESM

Platform Cisco 2611XM, 2851, 2960, 3560, 3750, 4506, 4510, ASR1000, AS5300,

s 6506/6509 (Sup2/720), 7206VXR, 7609, CRS-1, Cisco WiSM, PIX 525/ASA 5520,

Juniper EX-4200, Blue Coat 8100-10/9000-40 ProxySG appliances, Bluecoat

ProxyAV appliances with Kaspersky AV, Ipoque, PacketShaper and Anagran

bandwidth control appliances, Aironet 1100/1200/1300 access points, Aruba

7240 WLAN controllers and ClearPass, Alcatel Lucent OS6900, FireEye Web

MPS, Aironet 1410 wireless bridges, CiscoWorks WCS/WLSE, Cisco IP/TV

3412/3425, HP Procurve 4104 and 2524, F5 Big-IP LTM 3900 and 6900, Citrix

Netscaler 9000 load balancers, Packeteer 6500/7500/10000 PacketShapers,

Palo Alto Networks PA-3020 firewalls, Juniper SRX/ISG/NSM, Tipping Point

5000E IPS, Foundry ServerIronXL load balancers, NetApp NetCache C2100, IBM

BladeCenter (HS21 series), Infoblox DNSone and RadiusOne, Nortel Optical

Multiservice Edge OME 6500

Language C++, Visual Basic, Perl, Pascal, HTML

s

Operatin Windows 2003/2008 Server, Redhat Enterprise Linux, SuSe Linux, Ubuntu, Mac

g OS

Systems

Education

Master of Computer Engineering in 2002 from King Fahd University of Petroleum

Science and Minerals (KFUPM), Saudi Arabia.

Bachelor of Computer Engineering in 1998 from Sir Syed University of

Science Engineering & Technology, Pakistan.

Professional Experience

Period Organization and Responsibilities Designatio

n

12/2013 Network Services, Division of IT, San Francisco State University, Team Lead,

- California Network

Present Leading the network and security engineering team. and

Installation, configuration, and operation of security, LAN, WAN, Security

and WLAN infrastructure.

Analysis, troubleshooting and resolving complex network problems

and coordinating with vendors for fault isolation and resolution.

Strong organizational skills used to lead and track remediation

efforts upon occurrence of proactive security incident

notifications from vendors PSIRT teams.

Prepare detailed documentation including as-built diagrams, system

and network designs.

Generating and providing monthly statistics to Senior Director and

CTO.

Configuration management of all network devices and making sure

that all the devices comply with the policies.

Participate in the maintenance of network configuration

documentation as well as standard operating procedures.

Identify/recommend infrastructure upgrades and improvements.

Utilize network monitoring tools to proactively identify and

investigate network related issues.

Appropriately scoping & implementing project deliverables while

ensuring smooth transition into operational support.

Maintaining and renewing vendor support contracts.

Member of the California State University working group for

recommending security products.

1/2010 - Network Operations Center, King Abdullah University of Science and Senior

11/2013 Technology, KSA. Network

Design, implementation, operation and maintenance of the LAN and Engineer

WAN infrastructure providing connectivity to the super-computer

lab, research labs and a large scale SAP implementation.

Designing and planning Bandwidth management policies and applying

the same using a highly advanced and specialized solution.

Design, implementation, and operation of infrastructure for

providing Internet services using F5 load balancers and Bluecoat

appliances.

Provide technology planning, design, and administration for the

network infrastructure for the data center connected to more than

70 buildings.

Proposing and implementing policies and procedures for network

services and systems.

Investigating and evaluating new network technologies and

solutions.

Planning network configurations and monitoring performance to

ensure maximum availability.

Managing and monitoring the network resources using a variety of

network management tools, including Netscout, SolarWinds NPM/NCM,

Ciscoworks, etc.

Design and implementation of the DR site for providing fail-proof

networking services.

Identify requirements and implement the most efficient and cost

effective solutions (hardware, software, and management tools) to

satisfy business requirements.

Preparing RFPs for all networking projects and analyzing bids for

the same. Coordinating with suppliers and vendors for timely

completion of all projects.

Member of the Change Advisory Board approving the configuration

changes after looking at the proposed changes and the associated

risks.

Coordination with service providers for resolving WAN issues and

ensuring SLAs are met.

9/2002 Information Technology Center, King Fahd University of Petroleum Senior

to and Minerals, KSA. Network

12/2009 Managing and leading the network management group. Engineer

Design, installation, and maintenance of Cisco LAN and WLAN

infrastructure

Design, installation, and maintenance of Cisco ASA/PIX firewalls

for securing the network and providing remote access VPN service.

Design, installation and configuration of Bluecoat proxies for

forward proxy deployment.

Installation and configuration of Citrix Netscaler load balancers

for ERP applications.

Installation and configuration of PacketShapers for bandwidth

shaping and application control.

Installation and configuration of different network monitoring and

management systems like MRTG, WhatsUp Gold, CiscoWorks, and

Airwave.

2000 to Computer Engineering Department, KFUPM. Research

2002 Conducting research both individually and as a team member with Assistant

Faculty.

1999 ACE AIMS Private Ltd, Karachi, Pakistan. Software

Developed the Human Resource and the Payroll Management Systems Engineer

Projects

. Design and implementation of different solutions and policies which

include configuration of Cisco IOS features such as BGP, MPLS, EIGRP,

OSPF, Frame Relay, Etherchannels, Port Security, 802.1x, Syslog, AAA,

ACLs, VLANs, DHCP, STP, VTP, NAT, HSRP, ATM, Multicast, PBR, IP SLA,

Netflow, Remote Access and Site-to-Site VPN, and QoS features of Cisco

IOS to enforce different policies on the switches and routers.

. Design, installation and configuration of Palo Alto Networks PA-3020

NG firewalls to secure SFSU's critical business units. Enabled anti-

malware, URL filtering, Antivirus, and vulnerability protection

features on these firewalls. These firewalls were installed in active

passive high availability configuration.

. Installed and configured FireEye NX Web MPS and IPS solution to secure

the SFSU network from advanced persistent threats. This appliance was

installed in inline blocking mode to prevent call back activities.

. Configuration and maintenance of Juniper SRX 3400 firewalls to protect

SFSU's perimeter and Juniper ISG 2000 firewalls to protect the server

farm. SRX firewalls are installed in cluster configuration with two

redundancy groups. Juniper NSM tool was used to manage these

firewalls.

. Design, installation, configuration, and maintenance of the cache farm

comprising of BlueCoat ProxySG 9000-40, 9000-20B, 8100-10, and

Netcache proxy appliances:

1. Prepared High level (HLD) and low level (LLD) design documents

using MS Visio. Prepared project SOW, tasks and timelines using

MS Project.

2. Proxy appliances integrated with BCAAA agent/Infoblox RadiusOne

for user authentication and authorization based on user's AD

group membership.

3. Proxy appliances also integrated with ProxyAV appliances for

malware detection and blocking.

4. Configured the proxies to redirect traffic consuming high

bandwidth, such as YouTube traffic to the high capacity link to

alleviate congestion on the local ISP link. Applied Bluecoat CPL

policy for caching YouTube videos for improving cache hit rate.

5. Access logs exported to Bluecoat Reporter server for reporting

and investigation purposes.

6. Fine-tuning of TCP parameters on ProxySGs to improve download

speeds.

7. Redesigned the proxy infrastructure by migrating the F5 load

balancers on the Inside interface of the firewall to

transparently redirect all the web traffic to the Bluecoat

ProxySG appliances. The proxies were installed in the DMZ

earlier and were only configured for explicit mode. However,

after in-line placement of the proxies, they were configured to

intercept traffic for both transparent and explicit modes.

8. Configuration of the proxies for deploying PAC files on client

machines.

9. Configuration of proxies to send notifications\alerts in case of

health check failures or system related issues.

10. Installation and configuration of Websense TRITON solution in a

clustered environment and integration of BlueCoat proxies with

the Websense filtering solution to apply content filtering

policies.

11. Upgrade of the Bluecoat Proxy infrastructure by procuring

additional devices keeping in view the sizing recommendations

provided by Bluecoat and current and future user traffic trend

analysis.

12. Upgrading the proxy infrastructure's firmware after researching

the release notes for resolved issues and feature enhancements.

13. Coordination with Bluecoat support for reporting and resolution

of technical issues and processing of RMA requests.

. Design, installation, and configuration of F5 Big-IP 3900/6900 LTMs to

build virtual servers in a redundant topology for the Bluecoat cache

farm.

1. Created separate virtual servers for intercepting web requests

and redirecting the same to different pools of Bluecoat and

Websense cache appliances for providing explicit and transparent

caching services.

2. Allowed non-web traffic to bypass proxies by configuring

forwarding virtual servers.

3. F5s were installed in active-standby mode and configurations

synced amongst the units.

4. Upgrade of firmware and application of hot fixes, as required.

5. Fine tuning of TCP profile to resolve random disconnect issues

for an application.

6. Coordination with F5 support to report and resolve technical

issues.

. Design and implementation of bandwidth control policies. Configured

Ipoque, Anagran and Bluecoat PacketShapers bandwidth shaping

appliances to apply policies for bandwidth allocation on per

application/user basis to throttle P2P traffic and enable fair

bandwidth distribution.

. Configuration and generation of reports from the Riverbed

Wireshark/CACE Pilot packet analysis tool.

. Installation and configuration of SolarWinds Orion Network Performance

Manager and Network Configuration Manager to monitor and manage the

network devices, servers and their services.

. Installation and configuration of Netscout Infinistream and Netscout

Performance Manager along with Service Delivery Manager to monitor and

alert the administrators in case of any service degradation.

1. Configured KPIs for several applications to measure and report

performance.

2. Published newsletters to report performance and availability to

higher management.

3. Upgraded the Performance Manager, Service Delivery Manager, and

Infinistream appliances to version 5.

4. Coordinated with Netscout support for resolving technical

issues.

. Installation and configuration of Aruba ClearPass solution to provide

secure wireless connectivity and also to deploy Guest self-

registration setup integrated with Aruba Controllers.

. Configuration and maintenance of Netfort LanGuardian forensic analysis

tool to aid in the investigation about the P2P application users for

whom we received copyright infringement notices.

. Configuration and management of security scanners such as GFi LanGuard

and Nessus to report and mitigate the vulnerabilities in the servers.

. Design and implementation of the Wireless connectivity project

comprising of a total of 800 indoor access points and 450 outdoor

access points. Involved in the following phases of WLAN project:

1. Configuration of the equipment that involved Cisco 1242 and 1522

APs, WCS/WLSE, and Cisco WiSM/WLSM.

2. Configured the Airwave's AMP Professional for the management of

WLAN environment.

3. Lead a team of engineers to conduct the survey for optimal

placement of wireless access points. Air Magnet tools (Surveyor

and Analyzer) were utilized for survey and accurate placement of

the access points.

. Configuration and management of the Citrix Netscaler 9000 load

balancers to provide load balancing and SSL offloading for the Oracle

E-Business suite, Banner, and Portal servers.

1. Configured the Netscalers in Active-Standby mode.

2. Configured virtual servers for handling HTTP and HTTPS traffic.

3. Used "Least connections" load balancing method and "Cookie-

Insert" persistence method.

4. Configured HTTP monitor for checking health of the virtual

servers.

5. Generated CSR (Certificate Signing Request) which was later

signed on by the local Certificate Authority.

6. Changed the generated certificate from DER to PEM format.

7. Installed the certificate and bound it with the SSL virtual

server.

8. Upgrade of Netscaler firmware and troubleshooting of issues.

9. Configured Syslog and SNMP for monitoring purposes.

. Configuration and installation of virtual machines using Citrix

Xenserver and VMware ESXi 4.0/5.0 virtualization tools. Migrated VMs

from one host to another. Participated in the Server consolidation

project whereby we moved more than 100 physical machines to VMs.

. Configuration and Management of IBM BladeCenter, Dell and HP Proliant

servers hosting more than 100 services.

. Configuration and management of the CiscoWorks LAN Management Solution

(LMS) for configuring and maintaining the Cisco LAN and WAN

infrastructure. IOS management, fault management and configuration

management functionalities were implemented.

. Configuration and management of the Foundry ServerIron (FCSLB24)

application traffic management appliances for server load balancing of

student registration systems. Also used to provide Transparent Caching

Service for HTTP and HTTPS traffic of the ADSL network.

. Lead a team of network engineers to upgrade the Supervisor module

(Sup2) on the Cisco 6509 core switches to Sup720. This project

involved careful planning to ensure that all the hardware requirements

were met and all the configurations had to be carefully translated to

Cisco IOS format.

. Configuration and management of the CA Unicenter Network and Services

Management System (NSM) and Unicenter Network Performance Operation

(NPO). Some of the tasks performed are as follows:

1. Installed system, performance, log, and database agents on

Windows, Linux, and AIX clients.

2. Generated and published real-time and historical trends using

Performance Trend and Scope.

3. Configured NSM Portal and 2D map for different Business Process

Views (BPVs).

. Configuration and management of Cisco PIX 525/ASA firewalls providing

IPSec/SSL VPN service. Integrated with CiscoSecure ACS for user

authentication and authorization.

. Configuration and management of the Tipping Point IPS 5000E for

identifying and mitigating attacks to protect the server farm.

Installed and configured the SMS management application.

. Configuration and management of Cisco Secure ACS version 4.0/5.0

(TACACS\RADIUS) servers for providing the remote access service in

failover mode.

1. Created different groups which pertain to different groups of AD

users. The authentication servers were integrated with MS Active

Directory for user authentication.

2. Implemented TACACS+ for network device authentication with

CiscoSecure ACS.

. Worked on a consultancy project for building a new Data center for

Saudi Arabia's Ministry of Higher education.

. Configuration and management of BIND (DNS) version 9.2.4 on Red Hat

Linux, for maintaining KFUPM's external DNS service. Migration of DNS

service to Infoblox appliances.

. Configuration and management of Cisco AS5300 router for the remote

dialup service, with 8 E1 controllers.

. Configuration and maintenance of Cisco IP/TV equipment (Cisco IP/TV

3412 and 3425) for live broadcasting of the events and conferences.

. Configuration and management of Cisco 1410 wireless bridges to provide

wireless backhaul connectivity.

. Configuration and management of the WhatsUp Gold software for network

monitoring and management, which has been integrated with a SMS

Gateway so that SMS messages can be sent. Performance and resource

utilization monitoring of network devices using the MRTG/RRD and

Netscout nGenius tools.

. Network design simulation with hands on experience of designing and

simulating the traffic of a network with more than 300 hosts on OPNET

Modeler.

Contact this candidate