Nishit Patel
Sr. Network Engineer
**********@*****.***
Professional summary
Certified Network Engineer with 8+ years of experience in network design, planning & strategy, network security, implementation, incident & change management, and service delivery.
Strong knowledge in Routing, Switching, Wireless, Load Balancing, and Security concepts.
Hands-on experience in installing, configuring, and troubleshooting IP networks with wide range of routers including (Cisco: ASR 9k,1000, 7200 VXR, ISR 4000, 3900, 3800, and 2800) and Switches including (Cisco: Nexus 7K and 5K, 2K, Catalyst 6500, 4500, 3850, 3650, and 2900)
Experience in setting up and maintaining perimeter security by using Cisco ASA/PIX, Fortinet 3340, checkpoint and Palo Alto firewalls.
Juniper switches EX Series.
Juniper firewalls SSG/ ISG / IDP Series
Ability to provide oversight and guidance to DMZ design and implementation
Hands on Experience in implementing and maintaining Interior gateway routing protocols such as RIP, OSPF, EIGRP, and Exterior gateway protocol BGP.
Hands on experience in setting up enterprise level Wi-Fi Networks and IP telephones.
Good at fine-tuning routing/switching protocols, redistribution and high availability.
Good knowledge in configuring redundancy protocols like HSRP, Cisco UCCX, call Manager, VRRP.
Good knowledge in IP services like DHCP, DNS, and ARP.
Create monitoring template using custom MIBs in Solar wind.
Implemented traffic filters using Standard and Extended ACL, Distribute-Lists, and Route Maps.
Managed firewall policies that employ NAT, application layer gateways, and policy-based VPNs.
Good knowledge in configuring Site-to-site IPSec, and Remote SSL VPN on router IOS platforms and firewalls.
Experience in creating virtual domains for employing proxy servers on Fortinet firewalls.
Hands on experience in switching concepts VTP, STP, port aggregation, stacking and VLAN’s.
Capable of planning and implementing WAN technologies including E3, E1, T1, T3, ISDN, HDLC, PPP, Frame Relay, ATM and MPLS VPN.
Performed backup of device configuration by using TFTP server and ARCSERVE tape backup.
Familiar with low latency networking and design.
Implemented IPv4 migration to IPv6 (NAT-PT, Tunneling, etc.).
Experience in using various network traffic analysis and network management systems.
Day-to-day administration, management, maintenance and monitoring of network and network security devices using Cisco Works, SDM, PDM, ASDM-IDM, HP NNM.
Implemented RADIUS/TACACS+ servers to administer user accounts.
Experience in configuring F5 LTM and GTM load balancers.
Excellent understanding of the TCP/IP protocol suite
• Working, demonstrated hands-on product and technology skills in several of the following areas (more a plus)
Cisco ASA Firewall family, preferably with 9.x version software
Cisco Identity Services Engine and/or Cisco ACS or leading AAA/NAC technology vendors
Cisco Firepower NGIPS with Fire sight, classic Cisco IPS a minimum
Cisco Web Security Appliance or leading Web Proxy vendors
Cisco Email Security Appliance or leading Email Security vendors
Cisco Lancope Cyber Threat Defense Solution or other Netflow analysis tools
Worked in a Data center environment. Handled critical outages and developed different ideologies to reduce the network downtime.
Ensure all backup data configurations are in-place and working when needed in case of a network failure to speed up network recovery.
Strong understanding of SIEM tools.
Can clearly differentiate between priority tasks. Capable of executing tasks in an orderly fashion.
Good knowledge in vulnerability assessment.
Work history
Sr. Network Engineer June 2016 – current
Tenneco Automotive, IL
Responsibilities:
Frontline support for network related issues.
Provides support for existing network technologies/services & integration of new network technologies/services.
Resolving network performance and connectivity issues on the wireless and wired network.
Implemented IPv4 to IPv6 migration (NAT-PT, Tunneling, etc.).
Designing, Provisioning, Implementing, and Managing Network &Security devices.
Played responsible role in implementing, and configuring new Fortinet firewalls in the existing network.
Created virtual domains in Fortinet firewall for rendering proxy services.
Created virtual IP’s for NAT purpose.
Configured BGP OSPF from scratch.
Performed IOS Software upgrades on switches 6509, 4510, 3750 and Cisco ASR for compatibility with Cisco ISE.
DMZ services on Adtran NetVanta routers.
Administration of Cisco 4200 series IPS sensors.
Monitoring traffic logs from IPS devices and analyzing traffic by using Wireshark.
Monitor and manage network wireless devices using Cisco wireless control system.
Configuring and implementing F5 BIG-IP GTM and LTM load balancers to balance global and local traffic balance.
Implemented Infoblox DDI for rendering seamless DNS, DHCP, and IP management services.
Network/Security related responsibilities:
oVDC, VLAN configuration in switches
oTrunking, port aggregation in switches
oResolving connectivity issues with IP telephones.
oLAN cabling at the data center and IDF rooms.
oConfiguring VPN’s Cisco ASA and Fortinet firewalls.
oNAT and ACL rules in routers.
oMonitoring data center devices and links.
Operate and maintain the following networking equipment:
oCisco ASR 9010, 1006 and 7200 VXR routers.
oCisco Nexus 7000 switches for core.
oCisco Nexus 5600 switches for aggregation and cisco nexus 5600 with nexus 2000 fabric extenders for access.
oCisco catalyst 6500 switches.
oCisco catalyst 4500 and 2900 switches.
oCisco 5500 Wireless LAN controller.
oF5 LTM for local traffic load balancing, and GTM for balancing Global DNS traffic.
oInfoblox DDI for managed network services.
Environment:
LAN, WAN, Data Center, Cisco 7206 VXR and ASR 9010, 1006 routers, F5-LTM and GTM, Infoblox, Cisco ASA, Fortinet 900 firewalls, Cisco Nexus 7018, Nexus 56128P, Nexus 2338TQ FEX, Cisco Catalyst 6509, 4510, 3750, 2900 switches, Cisco 4200 IPS sensors, Cisco 5500 wireless controller, Cisco Aironet WAP’s, Access-lists, VPN, NAT. DMZ Network.
Sr. Network/Security Engineer Feb 2014 – March 2016
Western Union, MN
Responsibilities:
Responsible for maintaining and ensuring the proper functioning of all network devices Cisco Routers/Switches, Cisco ASA firewalls, and load balancers (LTM)).
Implemented the policy Rules, DMZ and multiple VDOM’s for Multiple Clients of the state on the Cisco ASA.
Implemented the inter VDOM Routing through the Cisco ASA and also the Router.
Configured and provided support for cisco ASA firewall and FWSM modules.
Processed creation of VPN requests for remote users.
Primary responsibility is to design and deploy various network security.
Core network infrastructure design and implementation of devices including cisco routers, switches, cisco ISE, cisco NAC.
Support network access thru LANs, remote-access gateways and wireless access point by using cisco NAC.
Implementing security policies by blocking and repairing noncompliant machines by using cisco NAC.
Working understanding of Cisco Site-to-Site, Cisco VOIP and Remote Access VPN Technology flavors
Configuring VLANs/routing/NATing with the firewalls per design.
Implemented and maintained Bluecoat proxy for rendering proxy services for end users.
Created granular configurations in bluecoat proxy for assigning specific internet resources to each user.
Participated in Planning, designing, and documentation of projects and movements for the global networks:
oMigration of network segments from flat to hierarchical architecture.
oMigration of network connections from unsecured connections to secured connections.
oUpgrade of LAN connections, such as adding switches for redundancy, capacity planning, and stacking of switches.
oVPN design for remote offices.
Implementation of Client IT network security policy:
oConfiguration of TACACS+ (Cisco ACS) on network devices.
oConfiguration and support for OSPF and BGP protocols on routers.
oConfiguration and support for VLANs on switches.
oImplement VPN connections for the following:
a)Configured site-to-site VPN connection for each major office.
b)Configured SSL VPN connections for third parties connecting to client offices.
c)Configured client-server VPN connections for small offices to client head office using Firewall Appliances.
d)Configured Remote access VPN for mobile employees.
Monitor Client’s global network:
oWAN Reports from CACTI for network devices such as:
a.Cisco ASA Firewalls.
b.Cisco Routers (2600XM, 3600, 3700).
c.Cisco Catalyst Switches (2950, 3550, 4500, 6500).
d.Cisco Wireless Access Points (1235AP).
e.Traffic from leased lines.
f.Cisco IDS/IPS.
Trouble Ticketing and Problem Escalation:
oRouter, switch, and WAP connectivity.
oInternet access for each site.
oVPN connectivity (site-to-site, and RAS).
oWorks closely with international carriers and local admins for troubleshooting the network.
Environment:
LAN, WAN, Cisco 7200, Cisco ASA, Bluecoat Proxy, Cisco catalyst 6509, 4510, 4506, 2900 series switches, IPSec VPN, SSL VPN, Site-Site VPN, Access-Lists, and firewalls and NAT. cisco NAC, Cisco ISE.
Network Engineer Aug 2012 – Dec 2013
Stryker, MI
Responsibilities:
Designed, planned, and implemented network and security infrastructure.
Managed the Internet and intranet firewalls (Cisco ASA 5520 and 5550), F5, Net IP, ASM
Managed third party connections using Cisco ASA 5520, 5550 and Palo Alto firewalls.
Processed the requests for access to IT resources of the main data center thru the firewall.
Configured, troubleshoot and upgraded Cisco ASA Firewall for Manage Clients which included network and Resource access, software or hardware problem.
Juniper NSM and Juniper CLI for SSG and SRX, Juniper SSL-VPN, OS upgrades, CLI changes, scripting, troubleshooting, configurations, rule re-ordering and optimizations
Processed creation of VPN request for remote users, third parties such as remittance companies, and mobile phone companies.
Analyzed logs in Syslog server generated by IDS, IPS, firewall, router and switch devices.
Created reports of network utilizations.
Worked on troubleshooting network security issues related to address translations, connectivity, application access, routing issues, and low latency networking.
Backed-up device configurations.
Configured RSTP STP in switches.
Escalated incidents and issues to ISPs and Global Technology Sector divisions.
Facilitated IT Business solutions for corporate users and third party needs.
Attended meetings with corporate users to gather the requirements need for secure access to IT resources such as client VPN and SSL VPN access.
Created policies to provide Secure access to the Internet to specific business websites and Secure access to and from third parties.
Worked on incidents/changes/Problems and provided resolution with in SLA time frame.
Configured & maintained IPSec VPN in Cisco ASA, Palo Alto firewalls.
Configured DMZ network to connect switch to the DMZ port.
Monitoring alerts & events in Cisco IPS.
Monitoring network devices using HP Network Node Manager.
Implemented TACACS+ for administering user accounts.
Escalating and working with product vendors for unresolved issues and following up with them till the closure of the issue.
Worked on Change Control tickets, prepared knowledge base for all the incidents, change and problems resolved.
Certification as a Cisco Certified Network Professional (CCNP) on Adaptive Security Appliance (ASA) with a minimum of 4 years’ hands-on experience Certification as a
Cisco Certified Network Professional (CCNP) on Terminal Access Controller Access Control System (TACACS) with a minimum of 4 years’ hands-on experience
Prepared SOP (Standard Operations Procedures) and shared it with customers and internal teams for resolving issues.
RSA – Assigning RSA Token & Configuration of RSA secure ID for the users.
Management of Web sense, Emails gateway, Symantec Endpoint protection, and IPS.
Environment:
LAN, WAN, Cisco ASA, Palo Alto 3050, 3060 firewalls, Cisco 4331, 4321, 2811 routers, Cisco 6506, 4510, 3550, 2900 switches, HP Service Manager, NNM, IPsec VPN, SSL VPN, RSA Tokens, IDS, IPS, Syslog server, TACACS+ Server. Juniper SRX. DMZ Network.
Network Engineer Jan 2011 – July 2012
BNY Melon, NY
Responsibilities:
Installed, and configured Cisco routers (7200, 3600, and 2800) and Cisco switches (6500, 4500, 2950 and 1900 series).
Implemented static routing, routing protocols (OSPF, and BGP), switching (VLANS, VTP Domains, STP, and trunking).
Implemented 3 tier architecture in the network segregating and deploying core, distribution, and access layer switches.
Implemented and maintained SYSLOG and AAA server.
Maintained Datacentre LAN.
Configured and maintained Cisco ASA and Fortinet firewalls.
Installed and configured Cisco and Ubiquity wireless devices.
Configured and managed VLANs and Inter-VLAN communication.
Monitored Leased Lines using PRTG.
Monitored network devices (routers, switches, firewalls, and wireless access points) using one click spectrum software.
Monitored and maintained backbone Optical Fibre Cable (OFC).
Configured, and verified static routes for a given specific requirement.
Managed Cisco IOS configuration files. (Including: save, edit, upgrade, restore).
Performed backup operation of routers, and switches configuration by using TFTP.
Implemented migration project of updating Palo Alto firewalls to Fortinet firewalls.
Installed and configured Fortinet firewalls from scratch.
Configured HA between Fortinet firewalls.
Configured IPSec and SSL VPN’s on Fortinet firewalls
Environment:
LAN, WAN, Cisco PIX, Fortinet 3340B, Palo Alto, Cisco 7200 and 3945 ISR routers, Cisco catalyst 6509, 4510, 4506 switches, Cisco 2900 access switches, Cisco WAP’s, Ubiquity wireless devices, IPSec VPN, SSL VPN, Site-Site VPN, Access-Lists, and NAT
Network Engineer Aug 2009 – Dec 2010 Ericsson, TX
Responsibilities:
Level 1 system and network administrator for solving common technical difficulties for users with assistance from senior engineers.
Identifying and correcting common problems associated with IP addressing and host configurations.
Configuring, verifying & troubleshooting of static and default routes for a given specific requirement.
Manage IOS configuration files. (Including: save, edit, upgrade, restore).
Implementing basic router security. (Assigning user mode, privilege mode passwords)
Configuring and verifying a basic WAN serial connection.
Configuring and verifying a PPP connection between Cisco routers.
Troubleshooting WAN connectivity issues.
Verifying router and switch operations using basic utilities (including ping, traceroute, telnet, SSH, ARP, ipconfig), SHOW & DEBUG commands.
Installed operating systems in client desktops and updated patches.
Installing new routers, switches, and wireless access points at the client location and performing the basic configuration.
Environment:
LAN, WAN, Initial configuration, Cisco 2600, 2800, 2811XM routers, Cisco catalyst 3550, 2900 switches, Cisco WAP’s, Windows operating systems.
Skills:
Routers : Cisco (ASR 9k, 1000, 7200 VXR, ISR 4000, 3900, and 3800)
Firewalls: Cisco (ASA 5510, 5520, 5540), Fortinet (3040B, 900D), Palo Alto (PA 3020, PA 3050, PA 3060) Juniper SRX
Switches: Cisco Nexus 7K, 5K, and 2K, Catalyst 6500, 4500, 3850, 3650, 2900
Load balancers: F5LTM and GTM
VOIP devices: Cisco IP phones
WAN technologies: Frame relay, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems.
LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, 10G, Token ring, FDDI.
Carrier technologies: MPLS, MPLS-VPN
Routing Protocols: RIP, OSPF, EIGRP, BGP
Switching protocols: VTP, STP, RSTP, PVSTP, PAgP, and LACP
Redundancy protocols: HSRP, VRRP
Security protocols: IKE, IPsec, SSL, AAA, Access-lists, prefix-lists.
Network management: SNMP, Cisco Works, Solar winds, Ethereal, CA Spectrum
Ticketing tools: JIRA, CA Service Desk
Education:
Bachelor in Computer Science: 2009
University of Northern Virginia Bachelor
Certifications:
CCNA, CCNP