Afreen
Certified Network Engineer
******.**********@*****.***
SUMMARY
8.3 years of professional experience in Network Planning, Implementing, Configuring, Troubleshooting and Testing of networking system on both Cisco and Juniper Networks
Experience of routing protocols like EIGRP, OSPF and BGP
Extensive hands-on experience with complex routed LAN and WAN networks, routers and switches
Experience with the escalation problems for Routing, Switching and WAN connectivity issues using ticketing system remedy.
Proficiency in configuration of VLAN setup on various Cisco Routers and Switches
Worked on Cisco 7200, 3800, 3600, 2800, 2600, 1800 series Routers and Cisco 2900, 3500, 4500, 5500, series switches
Hands-on configuration and experience in setting up Cisco routers to perform functions at the Access, Distribution, and Core layers.
Configured and troubleshoot remote access and site to site in Checkpoint& Palo Alto firewall.
Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks
Good knowledge of CISCO NEXUS data center infrastructure with 5000 and 7000 series switches includes (5548, 7010) including CISCO NEXUS Fabric Extender (223, 2248)
Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations
Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
Experience in Network Management Tools and sniffers like SNMP, HP-Openview, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
Experienced with VSS, VPC, Nexus 7000.
Good understanding of NAT & Firewall on Aruba Controllers.
Along with other Network Engineers participated in the management and configuration of Cisco ASA, Juniper and Palo Alto Firewalls, ACL’s, and Packet Shaping devices and rules.
Enhanced level of experience with OSPF, BGP, and TCP/IP.
Experience in troubleshooting NAT configurations, Access – Lists (ACL) and DNS/DHCP related issues within the LAN network.
Hands-on experience in using network monitoring tool Solarwinds Orion.
Strong knowledge on Cisco ISE
Installed, configured and deployed Cisco IP Telephony.
Experience with BIG-IP F5 load balancers, version 9.x, 10.x, 11.x,
Good knowledge on Bluecoat proxy server SG
Knowledge of advanced technologies like VOIP, H.323, SIP, QOS, Multicasting, MPLS and MPLS-VPN.
Worked extensively on Juniper MX Series Routers and EX series Switches.
Worked on Cisco ASA 5500 series firewalls.
Experience with Juniper SRX 240 Firewalls.
Experience working with security devices such as Firewalls, VPN switches and Intrusion Detection Systems.
Great team player and able to work under pressure 24x7 duty rotation.
Strong knowledge in HSRP, VRRP redundancy Protocols.
Strong experience on Juniper SSG series Firewalls and Checkpoint R75, R76 Firewalls
Access control server configuration for RADIUS & TACACS+.
Hands-on experience using Cisco Virtual Switching System (VSS).
Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card (module) for the Nexus 5000.
Tested and worked with software designers to establish a user-friendly environment.
Technical Skills:
Cisco Platforms
Nexus 7K, 5K, 2K and 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series),
Juniper Platforms
SRX, MX, EX Series Routers and Switches
Networking Concepts
Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi
Firewall
ASA Firewall (5505/5510/5520),Checkpoint(R75/R76), Palo Alto(2k, 3k, 5k), Juniper SRX (240).
Network Tools
Solarwinds, SNMP, Cisco Works, Wireshark
Load Balancers
Cisco CSM, F5 Networks (Big-IP)
WAN technologies
Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1,DS3,OC3, T1 /T3 & SONET
LAN technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q
Security Protocols
IKE, IPSEC, SSL-VPN
Networking Protocols
RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6
Operating System
Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix
Education:
Bachelors of Electronics Engineering, University of Mumbai, India.
Certifications:
Cisco Certified Network Professional (CCNP)
Cisco Certified Network Associate (CCNA)
Professional Experience:
Leidos, Baltimore, MD Dec 2016 - Present
Sr. Network Security Engineer
Responsibilities:
Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
Configured Cisco 2800, 3800 routers and 3750, 4500, 6500 switches as part of the implementation plan.
Configured VLAN’s, Private VLAN’s.
Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM.
Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Worked on ACI deployment solutions within our datacenters building of APIC, Spines (9500 series) and leafs (9300 series) (working on EPG'S, Tenants, Contracts, Bridge Domains as well as vrf's to segregate traffic)
Worked as a lead consultant for a consultation project to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall.
Designed and configured OSPF, BGP on Juniper Routers and SRX Firewalls
Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
Configured NAT and PAT policies.
Performed processes of optimization, backup, configuration and updating of Cisco IOS and IOS XR.
Configuration and troubleshooting of EIGRP, OSPF, BGP.
Configuration and troubleshooting of CSM, integration with ASA devices.
Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
Supporting Mcafee Endpoint security team in Mcafee EPO and antivirus components and troubleshooting operational issues.
Experience in configuring all Palo alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
Migrated complex, multi-tier applications on AWS. Defined and deployed monitoring, metrics and logging systems on AWS. Migrated existing on-premises applications to AWS
Monitored infrastructure with Nagios like Firewalls, Servers, Services, Network devices, applications, web portals etc. Resolution of tickets fresh & pending
Selecting appropriate AWS service to design and deploy an application based on given requirements.
Upgrading code on Palo alto firewalls PA 5050/3020 to meet company security policy
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Implementation of Access Lists for allowing/blocking desired traffic.
Configured BGP load balancing and ensured stability of BGP peering interfaces
Implemented site to site VPN in Juniper SRX as per customer Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
Implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewalls.
Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
Building the VPN tunnel and VPN encryption.
Preformed IOS upgrades on Cisco routers and switches
Centene Corporation, St. Louis, MO Oct 2014 –Nov 2016
Sr. Network Engineer
Responsibilities:
Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices
Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000
Involved in upgrading switches from 6500 E to 4500-X
Implementation of BGP to optimize WAN routing on the core and edge routers.
Mutual redistribution of OSPF and BGP routes using route maps.
Configuring rules and Maintaining Palo Alto & Analysis of firewall logs using various tools.
Experience in Layer 3 routing - Cisco Routers: 2500, 2600, 3600, 3800, 3900, 7200 series, ASR 9000, 9001, 9006 series. . Worked on ACI deployment solutions within our datacenters building of APIC, Spines (9500 series) and leafs (9300 series) (working on EPG'S, Tenants, Contracts, Bridge Domains as well as vrf's to segregate traffic)
Implemented configurations for the new century links for Cisco IOS XR platforms from Catalyst 7600 to ASR 9000.
Implement SSL VPN solutions including Palo Alto Networks Globalprotect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
Worked on wildfire advanced malware detection using IPS feature of Palo Alto.
Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Configured rules and maintained Palo Alto Firewalls & analysis of firewall logs using various tools.
In-depth knowledge of Cisco ASA and Juniper Netscreen Firewall security, spanning-tree, vlans, TCP/IP, RIP, OSPF, QOS, VRRP and VPN technologies.
Responsible for Cisco ASA firewall administration across our global networks
Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
Also worked with Cisco ASA 5505 and 5520, 5512 X, 5515 X.
Developed and implemented core network consolidation plan. Included redundant configuration of Juniper EX8200.
Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco ASR 9000, 9001, 9006, 6500 series Routers.
Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MSTP related issues coming in network environment
Expert in troubleshooting F5 software modules, including BIG-IP LTM, ASM, APM, and iRules (Tcl-based script).
Implementation and configuration of GLBP/HSRP on multilayer switches for first hop redundancy
Hands on Experience testing iRules using Browser (IE), HTTP watch on f5 load balancers.
Upgraded Roger Management Network security appliances with Cisco Firewall ASA 5580, IDS, network management tools Ciscoworks (VMS, LMS, CSM), IDS/IPS.
Configuration of Virtual Servers, Nodes, and load balancing Pools
Planning/Implementation of the Cisco VPN clients to Cisco anyconnect.
Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
Configuration and maintenance of routers, firewalls, and load-balancers. Included configuration of Juniper ISG 2000, Juniper EX4200, F5 BIG-IP 3600, and Cisco 6500. Includes protocols such as BGP, OSPF, and VRRP.
Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices.
Engineering the configurations for the different branches, campus locations
Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-Trunking, deployed port security when possible for user ports
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP
Involved in the redistribution into OSPF on the core ASA firewall.
Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
Also prepared documentation for various VLAN and Voice subnetworks and worked on Visio for the same.
Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling
DVF, NYC, NY Dec 2012 – Sep 2014
Sr. Network Engineer
Responsibilities:
Maintain and track the status of device supplied to the client.
Implemented Juniper firewall switches.
Configured IPSEC VPN tunnels between Checkpoint and other non–Checkpoint endpoint devices using IKE pre- shared keys.
Installation & Maintenance of Juniper switches routers & firewalls.
Implementing and maintaining WAN/LAN and WLAN networks in different diagrams
Implemented various EX, SRX & J series Juniper devices.
Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
Worked on migration of existing Checkpoint firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0.
Created multiple policies and pushed the in to Checkpoint Firewall (Gateways) and Checkpoint Management Server with SPLAT operating system.
Monitor performance of network appliances and WAN utilizing using network analyzer like Wireshark.
Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Netscreen devices for easier management and common configurations.
Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
Big IP ASM Positive and Negative Policy Reinforcement, iRule, Full proxy for HTTP, Server Performance Anomaly Detection.
Integration of Juniper SSG series firewalls, SA VPN Appliances, J series Routers, and EX series switches.
Configuring and managing FC zones on Cisco 9K/7K/5K.
Focused on building new content and functionality for several F5 ecommerce sites.
Created and resolved Checkpoint Firewalls Rules, Routing, Pushed Policy.
Configuration of Fabric path and connectivity between Nexus 7K and Nexus 5K.
Migration of corporate networks from IPv4 to IPv6.
Experience in CSM & Waterfall Methodologies
Configuring Routing protocols like BGP, OSPF, multicast and L2 protocols in ASA to check it is passing through via ASA in customer deployments.
Maintenance and troubleshooting of LAN, WAN, IP Routing, Multilayer Switching.
Performed interconnection of customer sites using IPSec VPN.
Palo Alto/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
Performing onsite data center support including monitoring electrical power, switch alarms, network alerts and access logs.
Installation and troubleshooting of routing protocols like static and dynamic.
Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
Optimizing and monitoring the performance of a WLAN, LAN, WAN and user's segments
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
Maintain connectivity for approximately 300 switches and routers in a 500+ node network.
Experience with deploying Fabric Path using Nexus 7000 Devices
Experience with configuring OTV between the data centers as a layer 2 extension.
Managing health check of Network devices this is involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration
Implemented Virtual chassis of EX series Juniper switches as per client requirement.
POLARIS, India Nov 2011 - Dec 2012
Network Engineer
Responsibilities:
Experience in Configuration and troubleshooting of Cisco, Juniper network devices in the environment.
Configured Routers with EIGRP, OSPF, BGP, Static and default route.
Worked on HSRP for hop redundancy and load balancing.
Involved in troubleshooting wan including Slowness and branch down issues in coordination with the ISP.
Supporting EIGRP, OSPF and BGP based network by resolving level 1 & 2 problems of internal teams & external customers of all locations
Experience with configuring and troubleshooting BGP, OSPF in Cisco 2800 and 1800 routers in the branch sites.
Experience configuring Cisco ASA with access-lists,NAT.
Responsible for setting up IPSEC VPN tunnels on Cisco 5540 Firewalls towards the multiple sites.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Responsible for planning and installation of new Branch networks including Resolution of network issues.
Responsible for implementations using runbooks and prepared network documentation.
Performed switching technology administration including VLANs, inter-VLAN routing, Trucking, STP, RSTP, port aggregation & link negotiation.
Configuration of Access List ACL (STD, Ext, Named) to allow users all over the company to access different applications and blocking others.
Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment.
Support customer with the configuration and maintenance of Cisco ASA firewalls.
Experience with Firewall Administration, Rule Analysis and Rule Modification
Ensure problems are satisfactorily resolved in a timely manner with focus on providing a high level of support for all customers.
Coordinating with service providers for WAN link outages.
Responsible for creation of documentation including BOM, Visio drawings and network documents for a given project.
iGate Global Solutions Ltd, India Aug 2009 - Oct 2011
Network Engineer
Responsibilities:
Troubleshooting of CISCO routers like ping, traceroute and basic issues.
Ensure connectivity and communication among networks, servers and clients inside and outside department.
IOS upgrade for Cisco routers & switches.
Configured and troubleshoot OSPF and EIGRP.
Ensure reliability, stability and recoverable of specific server environments.
WAN Infrastructure running OSPF & BGP as core routing protocol.
Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
Worked on ASA firewalls and F5 load balancers
Managing Layer 2 switches of Cisco, VLAN configuration and assigning ports to specific VLAN as per requirement.
Monitor and tune network to ensure acceptable levels of performance.
Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security