Post Job Free
Sign in

Network Engineer Security

Location:
Fremont, CA
Posted:
August 01, 2017

Contact this candidate

Resume:

Harish

Sr. Network Engineer

Ph. No: 908-***-****

Email Id: ********@*****.***

Professional Summary:

Experience in Networking, including hands-on experience in IP network design providing network

Support, installation and analysis.

Network Professional with 8 Plus years of experience in Designing and troubleshooting LAN,

WAN, MPLS in Branch, Campus and Data Center environments.

Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and Dynamic routing protocols such as EIGRP, OSPF, BGP; ability to interpret and resolve complex route table problems.

Implementation of traffic filters on Cisco routes using Standard, extended Access list.

Expert Level Knowledge about TCP/IP and OSI models.

In-depth expertise in analysis, implementation, troubleshooting & documentation of LAN/WAN

Architecture and good experience on IP services.

Extensively worked on Juniper models EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210 and SRX240.

Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.

Experienced in installation, configuration and maintenance of Cisco ASR 9K, 7200, 3900, 2800, 2600, 2500 and 1800 series Router / Cisco Nexus 7010, 5548, 2148 Catalyst Cisco 6500 (sup 720), 4500 (SUP 6), 3750, 2950 series Switches.

Experience configuring Virtual Device Context in Nexus 7k, 5k and 2k.

Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF,

LDP, EIGRP, RIP, BGP v4, MPLS

Hands on Experience testing iRules using Browser(IE), HTTP watch, curl, Scripts(shell/batch file/Perl) and host files

Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Environment

Technical Knowledge on Cisco DMZ, ASA 5500 series firewalls.

Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN

Trunks, VTP Ether channel, STP, RSTP and MST.

Experience in troubleshoot network issues including boundary protection devices, Cisco

Nortel/Avaya and Bluecoat Proxy Servers

Configuring Cisco routers and switches to enable and troubleshoot a variety of features such as

Trunk, Vlan, Ether channel, port security, routing protocols including EIGRP, OSPF & BGP and Other related technologies such as multicasting, IP Telephony & IP Video.

Hands-on configuration and experience in setting up Cisco routers to perform functions at the

Access, Distribution, and Core layers.

Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate

Applications and their availability

Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, NOKIA Firewalls

Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.

Creating and provisioning Juniper SRX firewall policies.

Experience using Cisco ASR 1K, 9K series switches.

Experience working with JUNOS OS on Juniper Routers and Switches.

Working knowledge of frame relay, MPLS services, IPSecVPN's, OSPF, BGP and EIGRP routing protocols, NAT'ing, sub-netting, also including DNS, WINS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP &

Multicasting protocols.

Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.

Good knowledge and experience in Installation, Configuration and Administration of Windows

Servers 2000/2003, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under various

WAN environments.

Professional Certification

Cisco Certified Network Professional

Cisco Certified Network Associate

Technical Skills:

Routers: (1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200), ASR 1K and 9K.

Cisco Switches: (2900, 3500, 4000, 4500, 5000, 5800, 6500, and 7600 Nexus 2k, 3k, 5k and 7k), MSFC, MSFC2.

Juniper: E series, J series and M series. Juniper SRX & Netscreen, T -Series, MX-Series Routers.

Routing Protocol: (BGP, OSPF, EIGRP, ISIS, IGRP, LDAP, IGMP, RIP), Routed Protocol TCP/IP, SIP, Multicasting (PIM), 802.1Q.

LAN Protocol: VLAN, PVLAN, VTP, IPX, Inter-VLAN routing, ISL, dot1q, STP, IS-IS, RSTP, MSTP, IPVST, LACP, HSRP, GLBP, VPC, VDC, Ethernet, Port security.

WAN Technology: Frame Relay, ISDN, ATM, WAAS, PPP, ICMP, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3

Network Management: SNMP v2, v3, Syslog, HP Open View NNM, Net flow Analyzer, Sniffer, Wireshark, Cisco Works, Cyber Ark, VSphere5.0, 3Com Network Analyzer, SolarWinds, Orion.

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Operating systems: Linux, UNIX, DOS, Windows XP/2007/2008, Windows 2003 server and Windows 2008 server

Network Security: NAT/PAT, Ingress &Egress Firewall Design, VPN Configuration Internet Content Filtering, Knowledge of Firewall, ASA, Cisco FWSM/PIX/ASDM, Cisco NAC, IPSEC, Nokia Checkpoint NG, SPLAT, IPS/IDS (Snort), IPS 4260.

Application Protocols: DHCP, DNS, FTP, HTTP, SMTP, TFTP.

Programming Languages: C, C++, Perl, VB Script, Power Shell, Python, SQL

Documentation: Microsoft Office, Visio

Professional Experience:

Caradigm Corp, Bellevue WA Dec 2011-Present

Sr. Network Engineer (Data Center)

Responsibilities:

Experience in Installing and Configuring Nexus 7004 Switches.

Experience with design and implementation of Data center migration.

Experience with Migrating all the Vlans from Cisco Nx-3k to Nexus 7k switches

Configured Nexus 7004 including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0, Nexus VPC peer links.

Performed in Migrating L3 Vlans from Cisco ASA 5585-X to nexus 7k switches

Created a static route from ASA to nexus 7k specific for subnets and from nexus to ASA created the default route in order to make nexus 7k live and active on to the network.

Participated in the installation, configuration, post installation daily operational tasks and configuration and deployment of Cisco Nexus equipment.

Experience in troubleshooting VLAN, STP (Spanning tree protocol), & Switch Trunk and IP subnet issues.

Re-Cabling or Re-wiring the devices in datacenter environment

Performing active/standby failover testing on Nx-7004 devices

Hands on experience with Nexus Switches 2K, 5K and 7K.

Upgrading and Installing IPS (Intrusion prevention system)/ Firepower and Configuring

Extensively working on Cisco ASA 5585-SSP-20

Worked and working with Cisco ASA 5525, 5585-SSP-20 firewalls with current and demonstrated expertise with ACL security in a multi-VLAN environment.

Adding Vlans on Cisco ASDM-Launcher

Maintained, upgraded, configured, installed Cisco ASA 5510, 5520, & 5505 Firewalls from the CLI & ASDM

Performing the ACL requests change by collecting source and destination information from them.

Involved in Configuration of Access lists (ACL) on ASA firewall for the proper network routing for the B2B network connectivity.

Configuring ASA Firewall and accept/reject rules for network traffic

Decommissioning the Nexus 7K supervisors and Deploying latest software upgrades on Nexus 7K.

Troubleshooting the various issues while upgrading and installing the new supervisors on Nexus 7K

Provide Tier II Level Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.

Responsible for helping to install and setup new network equipment in their company’s data centers.

In charge of asset tracking, installing VPNs and involved with security assessments.

Working extensively in data center environment

Migrating the network from two tier to 3 tier environments

Writing access-rules on cisco ASA

Working on IP network design providing network

Support, installation and analysis.

Extending end to end network support on L2 and L3 switches.

Configured ASA 5585 appliance and VPN

Collaborated closely with IS security to manage IDS/IPS implementation, establishment of routine third-party vulnerability & penetration testing scans/remediation, and to obtain/maintain industry leading security certifications.

Managed a TACACS server for VPN user authentication and network devices authentication

Managed hardware/software vendor selection & management, consuming $2.2M in vendor services annually.

Avaya, Thornton CO Sep 2014 – Nov2016

Sr. Network Engineer

Responsibilities:

Performed network engineering, design, planning (WAN & LAN) & implementation. Studied single point failures & designed WAN structure in such a way that there are no failures in network in case of any device or link failure.

Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches.

Setting up VLANS and configuring ISL trunk on Fast-Ethernet channel between Switches.

Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event a core router became unreachable.

Deployment of VoIP systems for various models of Cisco and Avaya solutions

L2 and L3 solutions of Cisco routers and switches, including (but not limited to): 2850, 2921, 3945, 3750, 3850

WLAN design and troubleshooting ranging from isolating issues with WAP configurations to upgrading from Cisco Prime 1.9.x to 3.0.1

Troubleshooting the VPC configurations, updating the control palne policy (COPP) on the devices.

Troubleshooting the Layer 1 issues related to the SFP modules and optics

Acquisitions requiring cutting over from a previous design to the standards of the acquiring company

Designing and troubleshooting ICM scripts and CVP MicroApps to streamline call flowsfor different departments

Layer 1 work involving physically punching down RJ-45/RJ-11 and Fiber jacks/connectors.

Configuring Virtual Chassis for Juniper switches EX-4200,Firewalls SRX-210

Implementing, Monitoring, Troubleshooting and Convergence in Frame-Mode MPLS inside the core.

Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches

Understand the JUNOS platform and worked with IOS upgrade of Juniper devices

Designed and implemented security policies using ACL, firewall.

Worked extensively on Cisco Firewalls, Cisco (506E/515E/525/) & ASA 5500(5510/5540) Series

Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.

Configuring and implementation of Juniper Firewall, SSG Series, Netscreen Series ISG 1000, SRX Series.

Configured routing policy for BGP. Switching related tasks included implementing VLANs and configuring ISL trunk and 802.1Q on Fast-Ethernet channel between switches

Experience in different VPN platforms, IPSec, SSL & Web VPN. Mobile VPNs solutions from Cisco and Checkpoint.

Converted Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience

Implemented Cisco IOS Firewall IDS using 2600 series router.

Troubleshooting on network problems with Wire shark, identify problem and fix.

Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.

Understand the JUNOS platform and worked with IOS upgrade of Juniper devices

Redistribution of routing protocols and Frame-Relay configurations.

Configuring and troubleshooting type of routing to route traffic flow per customer requirement as primary, backup/load balanced and load splitting.

Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.

Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.

Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.

Performed the maintenance of Active Directory and replication scheme, DNS/DHCP services and time services; wrote step-by-step procedures for implementing upgrades.

Dealt with creating VIP(virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL

Configured VLANs on a switch for inter-VLAN communication. Configured VLAN Trunking Protocol (VTP) on Core Switches. Configured various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches for STP, VTP Domain, VLAN, Trunking, Fast Ether Channel configuration.

Documented all the work done by using Visio, Excel & MS word

Verizon Wireless, NYC NY Apr 2013 - Sep 2014

Sr. Network Engineer

Responsibilities:

Experience with converting Cisco ACE load balancer to F5 LTM load Balancer in data center environment

Experience with converting PIX rules over to the Cisco ASA solution

Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 7010 5000 series to provide a Flexible Access Solution for datacenter access architecture.

Provided proactive threat defense with ASA that stops attacks before they spread through the network.

Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.

Maintained security of the cluster by maintaining updated ACL using CyberArk. Creating, Managing and maintaining rules to adhere corporate security standards using checkpoint Firewall.

Perform extensive testing around the upgrade, migration and configuration functionality of our software

Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices

Strong knowledge on networking concepts like TCP/IP, Routing and Switching

Dealt with monitoring tools like (Solar Winds, Cisco Works), network packet capture tools like Wireshark

Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair

Demonstrated topics of CISCO switching & routing to team as per training sessions.

Implemented configuration scripts and necessary changes on switches & routers as per IBM.

Extended support on access layer, distribution layer and core layer device of IBM as per assigned.

Experience with moving data center from one location to another location, from Cisco 6500 based data center to both Cisco 6500 & Nexus based data center.

Switching tasks include VTP, ISL/ 802.1q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.

Network security including NAT/PAT, ACL, and ASA/PIX Firewalls.

Good knowledge with the technologies VPN, WLAN and Multicast.

Worked on ACE load balancers. Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.

Involved in design and deploying various network security & High availability products like Cisco ASA and other security products.

Configure, troubleshoot, install, and manage Juniper J and M series routers, Juniper NetScreen firewalls to include ISG 2000, NS-5200, and SSG series.

Administering multiple Firewall of Juniper / NetScreen, in a managed distributed environment. Fulfilling routine change requests of Net Screen OS Firewall and resolving trouble tickets, maintain and monitoring firewalls.

Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with PIX Firewalls

Experience with MP-BGP and MPLS LDP protocols. Working on Active Directory to add users to new groups and change user's policy.

Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling

Health check and automated IOS and script updates applied via voyance application (now EMC).

Best practice implemented on Cisco & Juniper routers and switches.

Successfully implemented EOL project alias 'End of life equipment' assigned as per IBM guidelines in live environment.

Installation & decommission of new/old sites as per IBM.

Extending end to end network support on L2 and L3 switches.

Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between core switches and server distribution switches

Network Redesign for Small Office/Campus Locations. This includes changes to both the voice and data environment.

Installation and trouble-shooting of LAN, WAN & Multi-Layer Switching.

Act as first point of contact to diagnose an issue and drive it to closure

Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP

Experience working with Nexus 7010, 5020, 2148, 2248 devices.

Experience with communicating with different customers, IT teams in gathering the details for the project

Ensure all devices are running with latest IOS as per IBM along with latest passwords.

Implement changes in configuration as per task assigned within scheduled change window and ensure backups of device before and after the change.

Co-ordinates with Vendors to replace the faulty hardware like power supply, fans, modules, cables, sfp, access points & lwaps.

Trace ports of user via trace route and ping to process change in vlan assignment as requested by user via TMAC process and notify them once done.

Update changes done in device and notify respective portals of IBM to document changes done.

Coordinating with various teams as Project Manager, Onsite Manager and client and field technician to implement and drive issues to closure.

Implemented new device of Cisco & Juniper as per policy reviewed by network architect.

Worked on different Cisco& Juniper devices of access, distribution and core.

Implemented conversion of wireless access points to light weight access points& associate to respective wireless controllers.

Coordinate with monitoring team for change notifications, alerts and escalation of security incidents.

Ensure email replies and chat channel alerts are replied promptly

Contribute to the output of the team and ensure SLA deliverables are met.

Extensive experience taking copy of Cisco IOS on TFTP server and loading back on routers and switches.

AT&T, Dallas TX Nov 2011 – Mar 2013

Network Engineer

Responsibilities:

Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security

Troubleshoot on security related issues on Cisco ASA/PIX, Checkpoint and IDS/IPS

Configured, installed, & managed DHCP, DNS, & WINS servers

Experience in different VPN platforms, IPSec, SSL & Web VPN. Mobile VPNs solutions from Cisco and Checkpoint.

Converted Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience

Configuration & maintenance of Cisco2600 series routers with OSPF.

Configured and implemented various protocols on 2800 series router for efficient performance of network.

Managed a TACACS server for VPN user authentication and network devices authentication

Upgrading the network by translating protocols like EIGRP to OSPF.

Monitor, evaluate & report on health of both Wide & Local Area (WAN/LAN) Networks.

Maintaining the whole network and troubleshooting the network issues for efficient performance.

Configuration and support of Juniper Netscreen firewalls and Palo Alto firewalls.

Manage the Netscreen SSG550 and ISG1000 and 2000 firewalls with the NSM.

Team member of Configuration of Cisco 7206 router and Configuration of Catalyst switches.

Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN.

Installed and configured F5 Load balancers and firewalls with LAN/WAN configuration.

Worked on various Nexus Products 7010, 7009, 2248.

Create and test Cisco routers and switching operations using OSPF routing protocol.

To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.

Experience working with Layer 1-7 switching, TCP/IP, OSPF and load balancing (Cisco L2/L3 switches, firewalls, load balancers.

Proactively manage customer Firewall's (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and other security threat data sources on Check point and Juniper FW's.

Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series

Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls per design.

Worked with security issue like applying ACL's, configuring NAT and VPN

Experience in configuring routing protocols like EIGRP, RIP v2, OSPF & BGP and Cisco ACS protocols like RADIUS and TACACS.

Troubleshoot issues related to connectivity, STP, VLANs, Trunking, VTP, Layer 2/3switching, Ether Channels, Inter-VLAN routing, log messages, high CPU utilization and parameters that can degrade Performance of the network.

Tested BGP features such as as-override, Local pre, EBGP load balancing

Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPSec and SSL encryption.

Configured Multicasting protocol for IPTV and Multicast over GRE tunnels.

Qualcomm, India July 08 –Oct 11

Network Engineer

Responsibilities:

Worked on troubleshooting customer related issues related to router Configuration, Layer 1/Layer 2 issues.

Worked on Frame Relay switches.

Worked on OSPF using features like TSA, SA, NSSA and route summarization.

Configured EBGP/IBGP policies also tested BGP attributes such as Local preference, MED, AS-PATH, Community and Weight.

Configured EIBGP load balancing and ensured stability of BGP peering interfaces.

Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.

Configured Virtual-link between discontiguous backbone areas in the network also established authentication between all OSPF routers using MD5 authentication.

Involved in effective communication with vendors, peers and clients in resolution of problems, equipment RMA’s and provided 24x7 support.

Monitor network performance accompanying company service level agreements (SLA’s) using Network management tools such as Cisco works and also provided necessary recommendations to improve network performance.



Contact this candidate