HARSHIL MEHTA

Contact: 908-***-****

Email: ac2ub2@r.postjobfree.com

Summary

CCNA, CCNP Certified professional with around 8 years of experience with networking installations, Configurations testing, troubleshooting, implementing, optimizing, maintaining enterprise data network and service provider systems.

Working experiences with Routers, Switches, Load Balancers, Firewalls, and Proxies.

Hands-on experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.

Strong experience with routing protocols (RIPv1/2, IGRP, EIGRP, OSPF, BGP), IEEE 802.11, switching (VLANS, VTP Domains, STP and Trunking)

Extensively worked with Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager (Infoblox).

Hands on experience on Cisco Routing, Switching and Security with Cisco hardware/software Cisco Catalyst 6500, 4500, 3500, 3750, 2900 XL series switches, Cisco 1800, 2600, 2800, 3600, 3800, 7200 series routers.

Implement and troubleshoot Static NAT, Dynamic NAT, PAT, Spanning Tree Protocols (STP), MSTP, RSTP.

Experience in configuring and troubleshooting route Re-distribution between Static, RIP, EIGRP, OSPF, and BGP protocols and in Route Manipulation.

Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.

Working experience on Blue Coat Proxy SG to safeguard web applications.

Implement and configure security using Palo Alto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.

Worked with protocols such as Frame Relay, IEEE 802.11 and VLAN, OSPF and BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP, and TELNET.

Design and implementation experience primarily on Cisco WSA proxy.

Installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center.

Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.

Configuring the Network Admission Control (NAC).

Work with Cisco ASA security appliances including Sourcefire, FirePower services, and Fire Sight Management Console.

Experienced working on network monitoring and analysis tools like SOLAR WINDS, CISCO works and RIVER BED and Wireshark.

Proficient in using Network Management Application layer software’s like SNMP, Solar winds, NTP and Syslog.

Configured VDC, VPC, and OTV on the Nexus 5K and 7K switches.

Using IP Address Manager (IPAM) provides a centralized management of the IP address space, including IPv4 and IPv6 Address Management.

Proficient in implementing first hop redundancy protocols like HSRP, VRRP, and GLBP.

Configure B2B VPN and troubleshoot VPN Phase 1 and Phase 2 connectivity issues.

Working with Nessus tool for Running vulnerability reports.

Extensive and in-depth knowledge in Security, including VPN, IPSEC, and GRE.

Strong experience in Network management application SNMP, Cisco Works LMS, HP OpenView, Solar winds, Ethereal.

Certifications:

Cisco Certified Network Associate (CCNA)

Cisco Certified Network Professional (CCNP)

Technical Skills:

Cisco router platforms

2500, 2600, 2800, 3600, 3700, 3800, 7200, 7609.

Cisco Switch platforms

2900XL, 2950, 2960, 3560, 3750, 4500, and 6500.

Firewalls & Load Balancers

Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800, Juniper Netscreen 6500, 6000, 5400. Juniper SSG Firewalls, Palo Alto PA-2000/3000/4000/5000, F-5 BIG-IP, LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810.

Routers

Cisco routers (1900, 2600, 2800, 2900, 3600, 3800, 3900, 7200, 7600), Cisco L2 & L3, Juniper routers (M7i, M10i, M320)

Switches

Cisco switches (3560, 3750, 4500, 4900 & 6500), Nexus (2248, 5548 &7010)

Routing

RIP, EIGRP, OSPF & BGP, Route Filtering, Redistribution, Summarization, Static

Routing

WAN Technologies

FRAME RELAY, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems

LAN Technologies

Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, 802.1x, Cisco Secure Access Control Server (ACS) for TACACS+/Radius.

Routing Protocols

RIP, OSPF, EIGRP, and BGP.

Switching Protocols

VTP, STP, RSTP, MSTP, VLANs, PAgP, and LACP.

Network management

SNMP, Cisco Works LMS, HP OpenView, Solar winds, Ethereal.

Software

Microsoft Office Suite, MS SQL Server 2008, HTML.

Professional Experience:

Optiv, Columbus, GA May 17 – Present

Network Engineer

Responsibilities:

Worked in data center environment.

Proficient experience in configuring Nexus 7010, 5548, 2248 and 2148 switches and deep understanding of architecture.

Experience on configuring HSRP & STP protocols on Data center switches includes Catalyst 6509, 6504 series and Nexus 7009, 3064, 3048 switches.

Configured Nexus 7010 including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0, Nexus VPC peer links.

Responsible for day to day management of Cisco Devices, Traffic management and monitoring.

Involved in Branch upgradation project.

Helping hand in upgrading Cisco 3750 switch stack to 3850 switch stacks. Also involved in troubleshooting and monitoring.

Involved in Configuring and implementing of Composite Network models consists of Cisco ASR 1002 routers and Cisco 2950, 3750, 5000, 6500 Series switches and Nexus 2k, 5k, 7k switches.

Installed, managed and troubleshot Cisco ASR 1002 router, 3850, 2950 catalyst switches.

Troubleshooting the Network Routing protocols (BGP, EIGRP and RIP) during the Migrations and new client connections.

Involved in meetings with engineering teams to prepare the configurations per the client requirement.

Installed and configured Cisco routers using routing protocols such as EIGRP and BGP.

Closely working with remediation team.

Worked with Qualys vulnerability report.

Working on Cisco vulnerabilities, action plan and their remediation.

T-Mobile, Bellevue, WA Jan 16 – April 17

Sr. Network Engineer

Responsibilities:

Daily technical hands-on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with the customer in a service/support environment.

Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.

Implemented configuration back-ups using WinSCP, cyber fusion to automate the backup systems with the help of public and private keys.

Deployment and Management of Bluecoat proxies in the forward proxy scenario as well as for security in reverse proxy scenario.

Demonstrated understanding of network security concepts and systems including F5, WSA, Palo Alto, ASA.

Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.

Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.

Managing & administering Cisco WSA.

Configuring Cisco ASA with firepower.

Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.

Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.

Configuration of core router, distributed switches, Firewall (ASA) with IPS (Sourcefire) and adding it into Fire Sight.

Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.

Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.

Deep understanding of IDS/IPS such as Sourcefire and Foresight.

Implementing Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM.

Juniper Firewall Policy management using NSM and Screen OS CLI.

Working on the network team to re-route BGP routes during maintenance and FW upgrades.

Running vulnerability scan reports using Nessus tool.

Cisco ASA security appliances including Sourcefire, FirePOWER services, and Fire Sight Management Console.

Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including a crypto map, encryption domain, PSK etc.

Provided administration and support on Bluecoat Proxy for content filtering and internet access to primary, remote site offices and VPN client users

Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.

Monitor Intrusion Detection Systems (IDS) console for active alerts and determine the priority of response.

Environment: Cisco ASA5580/5540/5520, Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco Sourcefire, Splunk, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.

Inovalon, Bowie, MD Oct 14 – Jan 16

Sr. Network Engineer

Responsibilities:

Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.

Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.

Deploy, configure, and support Aruba wireless controller and AP devices globally, also a direct escalation path for all wireless issues.

Enterprise and Public Safety Wireless LAN/WAN (802.11, Mesh).

Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.

Implementing security solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20 Gaia.

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.

Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.

Exposure to wildfire feature of Palo Alto.

Exposure to design and implementation experience primarily on Cisco WSA proxy.

Configuration and Maintenance of Cisco ASA 5580-20, ASA 5540, ASA 5520, ASA 5510 series firewalls and configuring site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third-party connectivity.

Experience configuring and managing Cisco Web Security Appliance (WSA) in an enterprise environment.

Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.

Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.

Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.

Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.

Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.

F5 BigIP iRules programming and troubleshooting.

Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.

Worked with protocols such as Frame Relay, IEEE 802.11 and VLAN, OSPF and BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP, and TELNET.

Configure and Monitor Cisco Sourcefire IPS for alerts.

Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.

Worked on VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.

Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel.

Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.

Environment: Cisco ASA5580/5540/5520, Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, IEEE 802.11Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco WSA, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.

Liberty Mutual, Portsmouth, NH Apr 13 – Sep 14

Sr. Network Engineer

Responsibilities:

Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.

Implementing Security Solutions in Juniper SRX and NetScreen SSG firewalls by using NSM.

Juniper Firewall Policy management using NSM and Screen OS CLI.

Daily technical hands-on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with the customer in a service/support environment.

Deployed Next-Generation Firewall ASA-X, SonicWALL, Palo Alto and Fortinet.

Creating and provisioning Juniper SRX firewall policies.

Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.

Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.

Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.

Experience on ASA firewall upgrades to 9.x.

Solved problems on a case-by-case basis with a deep understanding of networking/firewall concepts, particularly with Fortinet devices.

Assisted with migrations from CISCO to Fortinet Security platform.

Configuring/Managing Intrusion Prevention System (IPS): Cisco lPS / Fortinet & Checkpoint UTM.

Worked on configuration, maintenance, and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network.

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.

Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.

Build and configure Active/Standby Failover on Cisco ASA with stateful replication.

Understand different types of NAT on Cisco ASA firewalls and apply them.

Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.

Support Blue Coat Proxy in the explicit mode for users trying to access the Internet from Corp Network.

Troubleshooting connectivity issues through Bluecoat as well writing and editing web policies.

Involved in Upgrading bluecoat proxy servers from SG900-10s to SG 9000-20B.

Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.

Performed Fortinet Firewall OS upgrades via Fortinet Manager.

Support Data Center Migration Project involving physical relocations.

24 x7 on call support.

Environment: Juniper (SRX, JUNOS, ScreenOS, NetScreen SSG), Cisco (CheckPoint, ASA Firewalls), Palo Alto Firewalls, Big IP F5 LTM/GTM, TCP/IP, FortiGate.

Maximus, Austin TX Aug 11 – Mar 13

Network Engineer

Responsibilities:

Firewall Policy Provisioning and troubleshoot connectivity issues through the firewall.

Worked on Check Point Security Gateways and Cisco ASA Firewall.

Firewall Clustering and High Availability Services using Cluster XL on Check Point.

Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.

Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.

Packet capture on firewalls and analyzing the traffic using Wire shark utilities.

Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.

Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.

Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.

Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.

Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time.

Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building Fortigate High Availability using Fortigate Clustering Protocol (FGCP).

Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.

LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)

VLAN design and implementation, Spanning Tree Implementation and support using PVST, R-PVST, and MSTP to avoid loops in the network. Trunking and port channels creation.

Working with OSPF as the internal routing protocol and BGP as exterior gateway routing protocol.

Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.

Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).

Deployed a Syslog server to allow proactive network monitoring.

Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.

Configured Firewall logging, DMZs and related security policies and monitoring.

Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

Documentation and Project Management along with drawing network diagrams using MSVISIO.

Environment: CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, Spanning tree, Nimsoft.

TCS, India Apr 09 – Jul 11

Network Engineer

Responsibilities:

Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.

Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.

As part of Security and network operations team I was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)

VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST, and MSTP to avoid loops in the network. Trunking and port channels creation.

Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.

IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.

Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.

Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.

Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.

Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.

Administer and support Cisco based Routing and switching environment.

Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).

Deployed a Syslog server to allow proactive network monitoring.

Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.

Configured Client VPN technologies including Cisco’s VPN client via IPSEC.

Configured Firewall logging, DMZs and related security policies and monitoring.

Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

Environment: PIX, CISCO routers, and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, SAN, Spanning tree, Nimsoft, Windows Server, Windows NT.

Contact this candidate