Raman M

Sr. Network Security Engineer

Email id: ac37e4@r.postjobfree.com

Ph No: 908-***-****

Professional Summary:

Over 8 years of experience in the area of Networking, Security, Administration, cloud services and Network support.

Extensive work experience on Cisco Routers, Cisco Switches, Load Balancers & Cisco Firewalls

Expertise in deployment and configuration of routing protocols such as OSPF, EIGRP, IS-IS and BGP. Configuration and implementation of F5 BIG-IP load balancer.

Experience on F5 LTMs & GTMs to improve web application delivery speed and replication through and between distributed global data centers.

Worked on F5 LTM series like 1600, 6400 and Viprions for the corporate applications and their availability.

Worked on F5 Enterprise Manager 3.1 version to manage multiple F5 LTM devices from single-pane view.

Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX series security appliance. Strong working experience on Firewalls, ACS and Firepower.

worked on Panorama firewall management tool which provides centralized monitoring and management of multiple Palo Alto devices from single window.

Knowledge on Amazon AWS Virtual private cloud services. Worked on Amazon AWS and Microsoft Azure could network services.

Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway with other vendor security appliances devices.

In depth knowledge with network monitoring and performance tools such as Solar Winds and Wireshark.

Strong hands on experience implementing and troubleshooting Switch technologies such as STP, RSTP, MSTP and VTP along with troubleshooting of inter-VLAN routing.

Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology.

Implementation and Troubleshooting of Layer 2 and 3 technologies on Cisco catalyst Routers and Switches like VLANS, CDP, MST, DHCP, OSPF, EIGRP, BGP, MPLS, DMVPN, ETC.

Hands on Experience configuring and testing F5 iRules using Browser(IE), HTTP watch.

Knowledge of network security protocols such as IPSEC tunnels, GRE tunnels, NAT/ PAT, ACLs and VPN– MP-BGP.

Experience in working with Cisco 2500, 2600, 2800, 3600, 3800, 7200 series Routers.

Strong hands on experience on configuring Cisco Catalyst 2900,2960, 3560, 3750, 4500, 4900, 6500 series and Nexus 7000, 5000 and2000 switches. Hands on experience on Brocade DCX and VDX series switches.

working knowledge of routing protocols for voice: VoIP, IPSEC, Multicast, MPLS, DSCP/QoS, Cisco IOS and Wireless security protocols (I.E. 802.1x, EAP, WPA2).

Configuration, managing and implementation the Linux/Unix and Sun Solaris Server in Network.

Experience in Wireless LAN (IEEE 802.11) and deployment of light weight access point.

Migrated and implemented new solution with Cisco ASA firewall series 5505,5510,5540.

Experience in configuration of AAA with ACS protocols TACACS+, RADIUS and LDAP.

Experience in configuration of Checkpoint 600,1100,4800,12000 appliances.

Migration of Palo Alto firewalls from ASA. Experience in configuration of Palo alto firewalls like PA2020, PA3050, PA5050

Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention URL filtering.

Implement duo security two factor authentication for remote access VPN on Cisco ASA.

Implementing, Maintaining Virtual Infrastructure Environment using VMware.

Worked on various blades like IDS/IPS, URL filtering on Cisco ASA. Experience with Solar Winds Orion monitoring.

Manage a global Meraki solution architecture and deployment.

Hands-on experience with Infoblox DNS, DHCP, IPAM and reporting server.

Hands on experience on Up-gradation of Cisco IOS & Firmware of different Cisco devices & modules.

Worked with Cisco ISE to identify threats in the network for rapid containment and remediation.

Shared the data with integrated partner solutions to accelerate the capabilities to identify and remediate threats using Cisco ISE.

Experience in installation, configuration and Administration of windows server 2003/2008, Active Directory, Linux, Unix OS under various LAN and WAN environment.

Experience with data security monitoring and management tools including ArcSight, Tufin

Technical Skills:

Cisco Routers:

Cisco 1900, 2600, 2800, 2900, 3600, 3800, 3900, 7200, 7600 Juniper M7i, J230, M320

Switches:

Cisco Catalyst 3550, 3750, 4500, 4900, 6500, Nexus 2248, 5548,7010 and 9200, Dell S4810, S60, S55

Firewalls & Load Balancers:

Cisco ASA 5540 series, Checkpoint, Palo alto PA2020, PA3050, PA5050, IPSEC and SSL VPN, IPS/IDS, IOS Firewall features, DMZ set up, F-5 LTM and Citrix NetScaler load balancers.

Routing:

OSPF, EIGRP, BGP, IS-IS, RIP, PBR, Route Filtering, Redistribution, Summarization, Static routing

Switching:

VLANs, Dot1Q, VTP, STP, RSTP, VLAN Maps, HSRP, GLBP, CEF, DCEF, Port Security

LAN/WAN Technologies:

Ethernet, Frame relay, MPLS, HDLC, PPP, T1, T3, OC Standard, DSL, ISDN

Protocols:

IP, TCP, UDP, ICMP, NAT, DHCP, SNMP, IPSEC, SSL, HTTP, SSH

AAA Architecture:

TACACS+, RADIUS, Cisco ACS

Network Monitoring Management Tools:

Solar winds, Wire Shark, SNMP, Elastic Search, Log stash and Kibana and What Sup Gold

Operating Systems:

Windows Server 2008 R2/ 2003, Windows XP Professional, Red hat Linux, Unix Sun Solaris 9/8

Professional Experience:

Verizon Wireless, Irving, TX Jun 16 - Present

Sr Network Engineer

Responsibilities:

Provide high-level technical support to backbone network infrastructure, which consists of Cisco 72xx, 39xx Series Routers, ACS terminal servers,2950, 3750, 3800 and 65xx Cat switches

Configuration and deployment of new Big IP F5 LTM and GTM load balancers.

Day to day activities include Incident resolution and service request for creating new WIP and VIP’s on the F5 LTM/GTM. Virtual Edition and the F5 BigIP VIPRION 4800, 4480 Hardware.

Configure Server pool, pool members, server nodes for a VIP. Configure SNAT AND NAT for accessing the content from Internet. Configure different types of monitors and check the health of servers.

Configure advanced features on VIP’s. This includes configure a profile for cookies persistence. To configure a profile for SSL termination. Software upgrade projects across F5 upgrade of Big IP from 11.6 to 13.0

Troubleshoot issues related to Application slowness by Analyzing nodes, Health monitors, server pools.

Management of F5 LTM & GTM’s load balancers. This includes incident resolution tickets, Service Request Tickets, Certificate renewals.

Upgraded Outdated Cisco ACE 10, 30 load balancers to F5 BigIP LTM to improve availability, functionality and scalability in the enterprise.

Experience with Cisco ACE and Cisco Global site selector (GSS) in providing Load balancing solutions.

Configuration and troubleshooting of Issues related to VIP’s, Server pools, Redundancy, Persistence SSL offloading to improve application performance.

Over 4000 Cisco devices, TACACS+, Cisco ACS 3.x - 5.x, Cisco ASA 5500-X Series Next-Gen Firewalls, McAfee Control Center 5.3.x, Tenable/Nessus Scanners and Security Center, CyberArk, Cisco IOS, and UNIX variants.

Deployed Cisco ISE 1.2 with 8 nodes in deployment, initially in learning mode increasing methodically to 802.1x on wireless and wired.

Implement and manage a campus-wide 802.1X network access control solution utilizing Cisco ACS.

Handled deployment and management Checkpoint GAIA, R75, R71, R65 and Cisco ASA 5500 series.

Designing, installing and configuring Checkpoint firewalls - NGX R65 in active/active mode.

Installing and configuring TACACS/RADIUS, Performed ISSU to upgrade to the core Nexus 7k switches.

Creating IPSEC, GRE tunnels, Frame-relay in Cisco routers.

Installing & configuring firewalls - Checkpoint NG & NGX, Cisco ASA, Netscreen, ISA, and iptables.

Experience working with Cisco Nexus 7700, 5500, 2148, 2248 series in Data Center Environment.

Data Center million-dollar core switch replacement from Avaya to Juniper 8600 with a 40-gigabit mesh redundant connection. Configure and installed Juniper 4200 / 3300 / 2200 switches on an end of life 500 switches project replacement

Created Vlans, port channels, and Port security for Juniper EX4300, EX 8600 Switches. Configure, Upgrade, and validate Juniper Routers MX960

Decommission of legacy Cisco 6500’s, Cisco 4500’s and Deployment of new6807 to replace the 6500.

Configure OSPF and troubleshoot issues related to OSPF as Internal Routing Protocol.

Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users. Upgraded the version of the ASA with Firepower services and applied the Patches including the Hotfix to the version

Perform Layer 2 and Layer 3 routing within the Data Center Environment between Core, Distribution and Access layers.

Configure and troubleshoot issues related to Port Configuration, Port security, VLAN configuration, Inter VLAN routing, Ether channel, Trucking, Spanning tree, SNMP etc

Prepared Documentation to upgrade Cisco IOS, CAT OS and NX-OS in High availability production environments pre/post checks for customer production upgrades.

Performed upgrade on Cisco ISE from version 1.4 to version 2.0. After performing upgrade took advantage of TACACS and onboarded new network equipment into ISE instead of the unsupported Cisco ACS server.

Designed and deployed a Cisco Identity Services Engine (ISE) solution (wired, wireless, and VPN users) for a commercial client with converged access switches and ASA firewalls

Setup multiple locations for businesses ASA Firewalls for Remote Access VPN's and Site to Site VPN's.

Responsible for Check Point, Cisco ASA, CISCO ISE and Palo Alto firewalls (5050) configuration and administration across global networks.

Deploying and decommission of VLANS’s on core ASR 9K, Nexus 7k,5k and downstream devices

Provided support for 2Tier and 3Tier firewall, which includes various Check Point, Cisco ASA, Cisco ISE firewalls and Palo-Alto firewalls. Upgraded PAN OS from 6.1 to 7.0 in Palo Alto Firewalls.

Configure Security profiles such as Antivirus, Anti malware, Threat Prevention, Vulnerability.

Implemented URL filtering on Palo Alto Firewall and control access to restricted sited.

Configure and troubleshoot Global protect SSL VPN for work from Home Users on Palo Alto.

Configuring security policies for Access control, Interzone connectivity, External Access on Palo Alto Firewalls. Configure NAT policies on Palo Alto Firewalls as per requirement.

Utilized advanced Fortinet knowledge as a top resource for firewall and VPN issues

Panorama firewall management tool to administrator Palo Alto 5050, 5020 device groups

Responsible for the implementation, migration and customization of customer DNS, DHCP, IPAM solutions using the Infoblox platform

Used DHCP to dynamically assign reusable IP addresses to DHCP clients using Inflobox IPAM and resolved IP address conflicts.

Policy provisioning, access to specific segments of the networks through Cisco ISE.

Subnetting on Infoblox and Infoblox Management of replication between Grid Master and member appliances. Experience with CA suite, Spectrum monitoring tool. Use tools like Wireshark, Net Brain etc.

Environment: Cisco switches & routers, Nexus switches, ASA Firewalls, Palo alto Firewalls, VMware, OSPF, EIGRP, BGP routing protocols, VLANs, F5 load balancers, checkpoint, wireless access points, IP, TCP, UDP, ICMP, NAT, DHCP, SNMP, IPSEC, SSL, HTTP, SSH protocols.

BBVA Compass Bank, Birmingham, AL Sep 14 – May 16

Sr. Network Engineer

Responsibilities:

Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 4510, 6509-V- E, 6513, 6504, 6503, 6506, 6500 series switches,

Configured and resolved various OSPF issues in an OSPF multi area environment.

Installing and configuring F5 Load balancers and firewalls with LAN/WAN configuration.

Worked on F5 LTM series like 6400, 6800, 8800 for the corporate applications and their availability.

Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.

Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.

Configuration and Installation of Cisco ASR 1004 to replace aging 7200VXR and maintenance/upgrading the 6509E, 4507, 3750X, 3650 series routers and switches

Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4. Configured IP access filter policies.

Configuring, deploying & upgrading the Nexus 5000 and Nexus 9000 Series Switch fabric links.

Configuring OSPF and Static routing on Juniper M and MX series Routers.

Configuration& troubleshooting of Juniper switches, routers and Firewall.

Deployed & Implemented rules and created various zones in Palo alto firewalls like PA2020, PA2050.

Maintain, and troubleshoot Cisco IOS SIP gateways and TDM trunks, plus VoIP UC servers, infrastructure, and applications.

Implemented Positive Enforcement Model with the help of Palo Alto Networks.

Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.

Implemented Positive Enforcement Model with the help of Palo Alto Networks.

Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall using PCI standards.

Exposure to wild fire feature of Palo Alto.

Analyzing, monitoring and discovering network devices, ports connected, interfaces and network performance through network automations tools like Infoblox, IPAM, SPM, Networks insight and HPNA

Upgraded Cisco ISE from 1.2.1 patch 5 to version 1.4. After version 2.0 came out I upgraded to it.

Configuring user's roles and policies for authentication using Cisco NAC and monitoring the status of logged users in network using Cisco ISE.

Provided Quality Assurance and Risk Assessments for firewall policies and UTM features (including IDS/IPS and web filtering) on legacy Checkpoint firewalls and Fortigates

Implemented and managed for various security zones and zone based policy provisioning on Fortinet firewalls through Fortimanagers.

Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server

Planning, designing and configuration of various Cisco ISE strategies (Standalone, Distributed Setups)

Ability to analyze, configure and troubleshoot networks.

Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.

Establishing VPN tunnels using IPSec encryption standards and also configured and implemented site-to-site VPN, Remote VPN

Worked on troubleshooting and resolving issues escalated by the NOC and internal systems, including developing, implementing and deploying emergency hot fixes within a global network

Configuration and Installation of Cisco firewalls Pix and ASA (PIX 510, 515E, 525 and ASA 5520, 5540).

Migrating PIX Firewalls to ASA Firewalls

Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches

Set up VMkernel networking by configuring VMkernel interfaces, routing, TCP/IP stacks and firewalls.

Implementing MPLS VPN for the Branch locations

Developed customized firewall policy utilizing Checkpoint 4600 appliances running GAIA and version R77.20 software.

Configured and deployed QOS and defined class of service (COS) WRED and WFQ for bandwidth management.

Verified and Validated the Firewall policy on Checkpoint R75 clusters for unused rule and helped consolidating rule.

Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.

Handled deployment and management Checkpoint GAIA, R75, R71, R65 and Cisco ASA 5500 series

Implemented the numerous firewalls rules on the Checkpoint with both Hide Nat and Static NAT.

Configured the Checkpoint Anti-Spoofing on the right interfaces to enable the traffic.

DNS administration like adding/modifying/deleting IP and DNS assignments using log messages.

Providing Technical Support and solutions for Network Problems.

Upgrading IOS, troubleshooting network outages.

Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.

Environment: Cisco routers, switches, ASA Firewalls, OSPF, EIGRP, BGP routing protocols, VMware, VLANs, F5 load balancers, checkpoint, Palo alto, wireless access points, IP, TCP, UDP, ICMP, NAT, DHCP, SNMP, IPSEC, SSL, HTTP, SSH protocols.

DTE Energy Detroit, MI Dec 12 – Aug 14

Network Engineer

Responsibilities:

Configuring, deploying & upgrading the NX-OS operation system in the data center

Replacing the 3750X switch with a stack of 4507 switches and creating Vlans for Production and Wireless whose traffic was segregated by access-lists to restrict traffic flow between them.

Experience working with using EIGRP/OSPF as an internal Company routing protocol and Using BGP as a WAN protocol towards Service Provider

Worked on F5 LTM series like 6400, 6800, 8800 for the corporate applications and their availability

Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM

Implementing & troubleshooting of Juniper switches, routers and Firewall.

Involved in configuring Juniper SSG-140, Cisco PIX and ASA firewall.

Configure the layer 2 and layer 3 on Cisco Nexus 7K, 5K, 6509, 9710, 5596UP, 4500, 3850, 3950, ASR and 2960.

Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture

Experience configuring Virtual Device Context in Nexus 7010

Configured 6500 to support a lot more functions with special feature blades, like firewall, content load balancing, Flex WAN

Configured, monitored and troubleshoot Cisco's ASA 5500/PIX 515 security appliances,

Migrating PIX Firewalls to ASA Firewalls

Defined and rolled out rules firewall policies

Involved in iRule management like loading rules, writing iRule syntax using TCL language

Support customer with the configuration and maintenance of PIX and ASA firewall systems

Identify, design and implement flexible, responsive, and secure technology services

Troubleshooting the issue using Wireshark if an individual is not able to connect to the installed Aironet Access points.

Experience with Firewall Administration, Rule Analysis, Rule Modification

Environment: Cisco routers, switches, ASA Firewalls, OSPF, EIGRP, BGP protocols, VLANS, wire shark, IP, TCP, UDP, NAT, DHCP, HTTP, SSH.

Tata Consulting Services, India Apr 11 – Oct 12

Network Engineer

Responsibilities:

Worked on Cisco Layer 2 switches (spanning tree, VLAN).

WAN Infrastructure running OSPF & BGP as core routing protocol.

Support various Routers like 2600/3600/7200 series routers. Tested authentication in OSPF and BGP.

Configured and troubleshoot OSPF and EIGRP. Troubleshooting IOS related bugs based on past history and appropriate release notes.

Work on different connection medium like Fiber and Copper Connectivity.

In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.

Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.

Performed and technically documented various test results on the lab tests conducted.

Planning and configuring the entire IP addressing plan for the clients' network.

Assist the certification team and perform configuration of LAN\WAN technologies such as Ethernet, Fast Ethernet, and Gigabit Ethernet.

Supported networks, which are comprised of 200+ Cisco devices.

In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.

WAN Infrastructure running OSPF as a core routing protocol.

Follow process & procedures for change & configuration management.

Supported nationwide LAN infrastructure consisting of Cisco 4510 and catalyst 6513.

Deployed the switches in high availability configuration with HSRP.

Configured UDLD, port-fast, uplink fast and other spanning tree features.

Support various Series of Cisco Routers like 7200/7600 series.

Support Complex 6500 /5500 Series Switches.

Worked on Cisco Routers Models# 2600-2800 and ISR model;

Network Monitoring using tools like Cisco Works 2000.

Created Lab demonstrations for new technology deployments with loaner equipment from various vendors and presented the findings to upper management.

Troubleshoot network problems using Packet Analysis tools like Ethereal.

Environment: Cisco routers, switches, ASA Firewalls, OSPF, EIGRP routing protocols, VLANS, IP, TCP protocols.

Yash Technologies, India Jul 09 – Mar 11

Network Engineer

Responsibilities:

Responsible for the configuration, implementation and operation of Cisco 3745 routers, Cisco 6509 and 3560 L2/L3 switches

Removed Cisco 3600 and 2600 series routers and Cisco 2900 series switches from the current infrastructure and replaced them with the Cisco 6509 or 3560 L2/L3 switches.

Configured RSTP, MST and used VTP with 802.1q trunk encapsulation. Provided port binding and port security wherever required. Provided router redundancy through HSRP.

Configured ether channels using PAgP and LACP.

Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.

Provided testing for network connectivity before and after install/upgrade

Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.

Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).

Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external

Escalation procedures and customer notifications.

Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.

Worked on HSRP and GLBP for first hop redundancy and load balancing.

Prepare, update, and maintain technical and logistical network documentation

Environment: Cisco routers, switches, ASA Firewalls, OSPF, EIGRP routing protocols, VLANS, IP, TCP protocols.

Education:

Bachelors in Electronics and Communication, JNTU – INDIA.

Certifications

CCNA (Switching and Routing)

CCNP (Switching and Routing)

PALO ALTO ACE

Contact this candidate