ADITYA S
Network Security Engineer
************@*****.***
PROFESSIONAL SUMMARY:
Over 9 years of practical experience in the IT field as a network engineer, with proficient hands-on experience in the areas of Wi-Fi portfolio, Routing, Switching and Troubleshooting Strong knowledge in configuring and troubleshooting routing protocols like RIP, OSPF, SNMP, EIGRP and BGP
Installing and Configuring Cisco switches 2960, 3560, 4500, 6500, 4900, 2900, 3750, Nexus 5000, Nexus 7000, Arista and HPE Switches.
Hands-on expertise with routers 2600, 2900, 3600, 3900, 7200, 7600, ASR-901, ASR-903, ASR 5500, ASR-9010 and ACX, E, M, MX960 series
Implementation, working analysis, troubleshooting and documentation of LAN, WAN & WLAN architecture with excellent work experience on IP series
Excellent knowledge and experience on different vendor’s like Cisco, Juniper, Brocade, HP, Aruba,
Palo Alto, Checkpoint, F5 Viprion And VMware.
Working knowledge with Load Balancers F5 (VIPRION – ASM), AVI networks.
Working knowledge of Firewall, LDAP, AAA, TACACS/RADIUS, and IPSEC.
Builds, Production DNS System - Used for IPAM.
Proficient with TCP/IP and relative OSI models.
Security policy configuration including NAT, PAT, VPN, SSL-VPN, Route-maps and Access Control Lists.
Strong practical experience in IP addressing, Sub-netting, VLSM and ARP, proxy ARP, and ping concepts
Expertise in troubleshooting and configuring DNS, DHCP, TFTP, TELNET, SSH, FTP and NFS
Excellent hands-on experience in designing and implementing IP addressing that includes both IPV4 and IPV6
Implementation of Access lists, route maps, and distribute lists.
Strong fundamental knowledge in implementing Layer-2 level technologies including VLAN's, VTP, STP, RSTP and Trunking.
Technical support for improvement, up-gradation & expansion of the network architecture.
Good understanding and working knowledge of Protocols like IEEE 802.1, IEEE 802.3& IEEE 802.11, 802.1x, EAP, PEAP & EAP-TLS.
Working Experience in VMware ESX 5.x, VMware Workstation, VMware vCenter Server, Microsoft SharePoint, System Center 2012 R2, C++.
VoIP Installation and troubleshooting, configuring Digium Phones and setting up VoIP over VLAN.
Hands on experience on several Ticketing Tools like JIRA, Change Management, Service Catalog, ePCR, SR, Service Now, IP center, etc.,
Working Experience with Palo Alto Firewall.
Working Experience on Network Scanning, Management, Alerting & Logging tools like Solar Winds, Net cool, Science Logic, Log Logic, EM7, Indeni, nCircle, PRTG, Wire shark.
Comprehensive understanding of OSI Model, TCP/IP protocol suite (IP, ARP, ICMP, TCP, UDP, SNMP, FTP, TFTP).
Experience of IP addressing, administrating subnets and various routing models
Sound knowledge of WAN technologies such as PPP, Frame-relay, dedicated T1s, ISDN and Routing Protocols: OSPF, EIGRP, IGRP, RIP and RIPv2
Security Technologies DHCP Snooping, IP Source Guard, Dynamic Arp Inspection, 802.1x and VACL's
TECHNICAL SKILLS
LAN Technologies : Ethernet, Fast Ethernet, Gigabit Ethernet, LWAPs, IEEE 802.11, Token
Ring, Workgroup, Domain, HSRP, DNS, Static, VLAN, STP,
VTP, Ether Channel, Trunks.
WAN Technologies : HDLC, PPP, Channelized links (E1/T1/E2/T2), Leased Line, ISDN/Dial-
Up, Frame Relay circuits, Metro Ethernet, ATM, SONET, MPLS, VPN, and IPsec-VPN.
Routing Protocols : OSPF, EIGRP, BGP, RIP v1/v2, Route redistribution, Route filtering,
Summarization, Static route, OSPF, BGPv4, MP-BGP.
Cisco Routers : 7606, 7609, 3845, 3660, 2921, 2691, 1812, Juniper MX series and T
Series routers
Switching Technologies : VLANs, Inter VLAN routing and Port Channels, VTP, Spanning Tree
Protocols like PVST+, RSTP+, Multi-Layer Switching, and Port security, VSS, CEF and DCEF
Nexus Switches : 5548, 5596, 56128P, 6000, 7009, 7018; Cisco Catalyst: 6506, 6509,
4928, 4948, 4507, 4510, 3750G, 3750X, 3560, and 2960
Security Technologies : ASA Firewalls, Juniper SRX Firewall, Palo Alto firewall PA 200, 3000,
Check points, Access Control Lists, IPsec, IDS, and IPS
Firewalls : Cisco ASA 55XX series, Juniper SSG140, Palo Alto Every Series
Network Management : Wireshark, SNMP, Netflow, SolarWinds, VMware,
Load Balancers : F5 Network (Big-IP) and AVI networks
Redundancy Protocols : HSRP, GLBP, VRRP
NEXUS Features : VDC, VPC, VRF, FEX, Fabric Path, F & M Series line cards
VPN Technologies : GRE Tunneling, Remote Access VPN, Site-to-Site VPN, ASA 5505
Firewall, AIP SSM, CSC SSM, FWSM, FortiGate, ACL- Access Control List, IPS/IDS, NAT, PAT, SYSLOG, NTP, DHCP, CDP, TFTP, FTP Cisco ACS, Juniper Net Screen firewall, Palo Alto Firewalls, Windows Patch Management (WSUS).
AAA Architecture : TACACS+, RADIUS, Cisco ACS
Operating Systems : Windows (98, ME, 2000, XP, Vista, Windows 7, 8.1), Linux
Microsoft tools : Microsoft Visio, Microsoft office
CERTIFICATIONS:
CCNA – Cisco Certified Network Associate ID: CSCO12741186
CCNP – Cisco Certified Network professional ID: CSCO12741186
PROFESSIONAL EXPERIENCE:
Palo Alto Networks, Santa Clara, CA Jan 2017 to Oct 2017
Sr. Security Network Engineer
Responsibilities:
Supports the following: Cisco routers/switches (specifically GSR and 7200 series routers and 2500 and 4000 switches), Juniper J, E and M-Series routers and also Foundry switches.
Also experience with TCP/IP, OSPF, BGP and extensive experience troubleshooting these protocols on large-scale backbone networks.
Support of MPLS, VOIP (SIP/RTP), VPN, ATM, FRAME RELAY, and SONET.
Rotational on-call responsibilities.
Other responsibilities include: Interfacing with Engineering and Care Organizations, Customer support, Process
development, enhancement and documentation and support of specific platforms on the XO Core IP Network.
Assistance in the Management of virtual teams targeting high priority chronic customer issues.
Work directly with Vendors in collecting data for platform specific outages, bugs, and other anomalies.
Configuring PAN Firewalls and policies for the security of the internal resources.
Responsible for migration from F5 to AVI including re-creating all the Virtual Services on AVI.
Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+, RADIUS).
Understanding of IPSEC & GRE tunnels in VPN technology implementation using Cisco IOS and have checkpoint firewall /VPN.
Design and deployed F5 LTM, APM and GTM load balancer infrastructure per business needs from the ground up approach.
Used tools like HTTP watch and TCP DUMP for troubleshooting the packets on the internal routing.
Hands on Experience testing iRules using Browser (IE), HTTP watch, curl, Scripts (shell/batch file/Perl) and host files
Dealt with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency and redirection of URL.
Deploy internal cloud solution load balancing with Avi Networks which runs on anyx86 servers.
Experience in deploying the Azure Cloud infrastructure and integrating it with Cisco ACI Fabric including the APIC Cluster, Leaf and Spine Switches and integrate them with different Cisco Nexus 2232, 2248 fabric extender for better Network Performance and Manageability.
Experience in setting up the VMware VDI and integrating it with the Microsoft Active Directory for Authentication and Cisco ACI for Network.
Build out and manage the Windows/VMware Virtual and Cloud Infrastructures and integrate them with Cisco ACI.
To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
Extensive Knowledge in configuring and troubleshooting as well as creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 (VIPRION - ASM) load balancer LTM for load balancing and traffic management in DC environment.
Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 (VIPRION - ASM) ASM cookies issues and configures ASM policies
Executed the F5 (VIPRION - ASM) Viprion to deal with high traffic volume for L7 traffic on 2250 blade while Thunder 6630 using Viprion chassis
Provide direct day to day support for various technologies such as: WAN technologies (MPLS, Metro Ethernet, etc.), Data Center infrastructure (VLANs, trunks, teaming, L2 & L3, etc.), Campus switching, Load Balancer and Virtualization, Routing protocol support (BGP, IEGRP & OSPF), VPN technology support, VoIP communications and infrastructure, enterprise wireless, RADIUS services, enterprise DNS / DHCP and other various enterprise technologies and services
Environment: STP, RSTP, Cisco IOS-XR, ASA, VTP, VOIP, DMZ, HSRP, Palo Alto, Port-Channel, BGP, OSPF, EIGRP, PPP, HDLC, SNMP, DNS, DHCP.
Well Care Health Plans- Tampa, FL Jul 2015 to Dec 2016
Sr. Network Engineer
Responsibilities:
Responsible for daily troubleshooting, support, maintenance and management of network infrastructure.
Involved in the activity of DATA-Center migration of regular Cisco catalyst switches with the new Nexus 2148, 2224T, 5548, 6018, 7010 using F3/M3 line-cards with 10GE & 40GE interfaces and Supervisor 2E.
Help the Lead engineer in performing the racking, configuring the Nexus switches like 7000, 5000 and 2000 series in the Data Center Environment.
As part of Data Center fabric remediation/refresh project, deployed Cisco Nexus switches and implemented features like FEX Links, VPC, VDC, and Fabric Path.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 with ACL, NAT, Object Groups, Failover, Multi-Contexts.
Good understanding of Panaroma which is a centralized management for multiple Palo Alto Firewalls. Configuration of Palo Alto firewalls in High Availability.
Configuring EIGRP and BGP in routers.
Good understanding of Wildfire and creating various policies on Palo Alto (PA 5050, PA 500).
Configured and deployed VPC between Nexus 7010 and Nexus 5596, 5548 switches along with FEX 2248.
Experience with migrating from Cisco ASA 8.2 version to Cisco ASA 8.4 Version.
Involved in Replacement of FPCs, PICs on Juniper M320 and T640 router.
Working knowledge of SNMP, SNMP Traps and Syslog.
Migration of existing IPSEC VPN tunnels from one Data Center to another Data Center, due to decom of existing Data Center, which involved working with Partner Companies.
Provided high level of security to the network by installing ASA 5510 along with ACLs.
Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewalls.
Performed F5 Viprion appliance (LTM, GTM, APM, and ASM) maintenance and system upgrades including hot fixes and security configurations.
Migration with both Checkpoint and Cisco ASA VPN (Checkpoint R75.30 to Gaia R77.30 GA version).
Installation and troubleshooting of company's WIFI network with added security and Cisco VOIP.
Troubleshoot the network problems related to DHCP IP Address scheme.
Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, MPLS, NAT, DHCP, TCP/IP)
Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
Configured network access servers and routers for AAA Security (RADIUS/ TACACS+).
Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
Performed Security operations in terms of pushing new policies and deploying new rules. Performing security troubleshooting in terms of checking ACLs and ACEs and traffic flow analysis using packet capture features.
Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 6500.
Involved in the configuration and maintenance of IPsec Site-Site VPN.
Used to be responsible for resolving the service request tickets from the help desk which involved in providing entire technical support.
Thoroughly document and diagram network solutions, configurations, and break/fix steps
Incorporate network security recommendations into the design of the network to protect Microsoft "information assets".
Responsible for special functions as directed by management and other duties as assigned.
Environment: Cisco 2600, 2800, 3660, 3845, 7609 series routers; Cisco 2960, 3560, 4510, 4507, 6509 catalyst switches; Nexus devices 5548, 5596, 7010; Juniper routers M 3200, TX 640; Cisco ASA 5500 firewalls; PA 3020, PA 5050, PA 500; Load Balancer BIG-IP F5 LTM 6500.
IPC Systems- Jersey City, NJ Jun 2014 - Jul 2015
Sr. Network Engineer
Responsibilities:
Experience with designing and deployment of MPLS Traffic Engineering.
Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
Design and deployment of MPLS QOS, MPLS Multicasting per company standards.
Installation and Configuration of Cisco Catalyst switches 6500, 4500, and 3750& 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
Working with MPLS Designs from the PE to CE.
Managing health check of Network devices which involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration.
Creating new nodes and Pools in F5 load balancers to support newly added servers in Layer 3 environment.
Installation, Configuration and Administration of ADS, DNS, DHCP and Web proxy (ISA) server.
Router/ Microsoft VPN Server in order to access certain limited network resources from customer locations.
Installed and configured four PIX 525 and two ASA 5520 in customer locations. In addition to that, two PIX firewall configured for the Guest access.
Dealt with F5 migration of 3DNS to Global traffic managers (GTM) of BIG 540 series to GTM 6800 series
Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
Cisco Nexus 7000, 5000 series installation and configuration, implementation with Port channel and troubleshooting in a TCP/IP OSPF environment.
Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
Created engineering configuration, Security Standards, documenting processes and Network documentation using Microsoft Visio.
Document and followed the change process as per IT policy. It also includes the configuration of port channel between core switches and server distribution switches.
Upgraded Cisco Routers, Switches and Firewall (PIX) IOS using TFTP.
Manage Cisco Routers and troubleshooted layer1, layer2 and layer3 technologies for customer escalations.
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
Design, Implement & Troubleshooting of Juniper switches, routers and Firewalls.
Involved in the migration of F5 3DNS to Global traffic manager (GTM) for the wide area based load balancing environment of the datacenters.
Experience working with Network management software NSM.
Configuration and extension of VLAN from one network segment to other network segment between different vendor switches (Cisco, Juniper).
Taking Regular backups & testing the backups by restoring them in test lab frequently.
Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS.
Installation, Configuration and Troubleshooting Cisco switches and Firewall on multi-mode context based environments.
Managing a TACACS server for VPN user authentication and network devices authentication.
Handled Corporate and Review Audits from the perspective of IT Security for Network Devices and Servers under our control.
Experience with deployment of Palo Alto firewalls for different NAT, Skype traffic.
This includes Artifacts for regular Health Checks, IP and System Integrity, Change management, Problem management, Logical Access Controls, Network Connectivity, Service Registration and Performance Management.
Installed and configured the Cisco routers 2800 in two different customer locations. It includes coordinating with Verizon and AT&T in order to bring the serial interface up for T3 link. Also, configuration includes frame relay, BGP and VPN tunnel on GRE.
VLAN Configurations, troubleshooting and Firewall ACLs and Object-Groups configuration and support.
Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800.
TIAA - Denver, CO Mar 2013 - May 2014
Network Engineer/Administrator
Responsibilities:
Configuration and Management of Cisco Nexus 7K and 5K Series Switches, Cisco 6500, 4500, 3750 series Switches, Cisco 2800, 2900, 7200 series routers, F5 Load Balancers.
Also involved in Upgrading IOS on 1900, 2900, 3500 series Cisco Catalyst Switches and 2500, 2600, 3600 series Cisco Routers using TFTP.
Extensively worked on layer 2 features like STP, VLAN, and VTP and implemented them on new switches and used to troubleshoot any issues.
Troubleshoot network problems using ping, Cisco CLI, Tracert, Telnet, SSH.
Worked on OSPF using features like TSA, SA, NSSA and route summarization. Configured EBGP/IBGP policies also tested BGP attributes such as Local preference, MED, AS-PATH, Community and Weight.
Maintain, configure, and analyze network and host-based security platforms.
Deployed Checkpoint GAIA Firewalls at the Data Centers.
Helped in setting up the GRE tunneling over IPSEC between to data centers.
Hands on experience on upgrading of JUNOS.
Configured policies and troubleshooting on Juniper SRX 3600 to allow customer traffic.
Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, MPLS, NAT, DHCP, TCP/IP)
Also gave technical support in the issues which involved tasks of debugging OSPF and HSRP features.
Dealt with configuring and troubleshooting OSPF protocol during the process of migration and establishing new client setups. Configured STP for loop prevention and VTP for Inter-VLAN Routing.
Understand the JUNOS platform and worked with IOS upgrade of Juniper devices.
Monitoring network performance and providing status for early detection of network problems and resolutions.
Monitoring and supporting remote offices through WAN and Internet connectivity using Cisco 3550 switches and 3600 series Routers.
Supporting large number of customers through LAN using Cisco 2950 Switch.
Configuration of Cisco ASA Firewall 5585 series in existing network.
Experience WAN technologies such as ETHERNET, PPP, and HDLC.
Configuration of Access Lists ACL (Standard, and Extended) to allow users all over the company to access different applications and blocking others.
Develop network drawings and documentation utilizing Visio, Word, and Excel programs.
Assisting fellow Junior and Senior Engineers, on-site management of cable-wiring technicians.
Environment: Cisco Nexus 7K and 5K Series Switches, Cisco 6500, 4500, 3750 series Switches; Cisco 1900, 2900, 2950, 3500 series catalyst switches; Cisco 2500, 2600, 2800, 2900, 3600 series routers, EIGRP, OSPF, BGP, VPN, IPsec, Juniper SRX 3600, Cisco ASA Firewall 5585
Four Soft Ltd, Hyderabad, India Nov 2010 - Feb 2013
Network Admin
Responsibilities:
Main responsibilities include installation, maintenance, support and services of the various Network equipment.
Familiar with configuring Cisco Routers (2600, 2800 and 3600 series), Cisco Catalyst Switches (2900 and 3500, 3750 series) and Firewall (Cisco ASA).
Experience in troubleshooting network and isolating the problems using tools, ping and trace route and debug commands.
Hands on experience of Cisco works and Cisco configuration professional tools used for Network discovery, topology views, end-station tracking, and VLAN management.
Responsible for Monitoring and tracking of network response time and availability.
Used Wire Shark Network Packet Analyzer for capture live packet data from network interface and troubleshoot network related problems.
Knowledge of Manage Engine Op Manager and PRTG for Monitoring, analyzing and availability of network traffic.
Performing installation and upgrading recommended hardware and/or software in a manner that is timely and non-disruptive to end user.
Implementing and maintaining backup schedule. Conceptual and working knowledge of RIP, OSPF, EIGRP routing protocols.
Created network diagrams using Microsoft Visio and trained the work-center on proper.
Troubleshooting procedures as well as implementation of new firewall rules.
Created and configured VLANS and inter-VLAN routing with Cisco Catalyst 3550 and Cisco 3750 series switches. Designed basic security and implemented Access Control Lists, static routes, route redistribution.
Provide technical support and investigating, diagnosing and resolve network problem.
Provide timely and accurate progress status on all ongoing support issues with an emphasis on problem, issues and concerns. Implemented IDS and IPS solutions.
Implemented Layer 2 switch security including port security, disabling all unused ports & putting them in unused VLAN. Implemented Cisco router and switches hardening.
Enable STP attack mitigation BPDU guard, Root guard, Loop guard. Configured 802.1x authentication in switch ports.
Responsible for managing & operations of Cisco 2600 series, 2800 series router, as well as 2900 series, 3500 series Cisco switches.
Implemented SNMP on devices to allow for network management.
Involved in lab testing using Gns3 and validation of network modifications before implementation.
Configuration of SSH on all network switches and routers for secure management purposes.
Experience on security applications like standard ACL, Extended ACL, and NAT & PAT.
Experience of configuring and monitoring Cisco router using Cisco Configurational professional.
Created OSPF multi area summarization plan, and created stub, totally stub areas.
Configured, managed and troubleshooting IP routing using a combination of static routing and dynamic routing protocols OSPF, EIGRP, RIP etc.
Environment: Cisco Routers 2600, 2800, 3600, 3700; Cisco Catalyst switches 2950, 3500; Routing Protocols EIGRP, OSPF, RIP; VTP, STP, VLAN;
Lorven softtech Pvt. Ltd, Hyderabad, India Aug 2008 - Oct 2010
Desktop Support Engineer
Responsibilities:
To manage all network connectivity as well as system.
Support on peripherals and devices.
Desktop/Laptop Support.
Installing any kind of software and also troubleshooting the issues.
Configuring Outlook, MS Outlook & troubleshooting the issues.
Install & Configure printer server & troubleshooting the issues.
Day to day System Administration and troubleshooting of networking, windows.
Operating system and software support.
Windows NT, 95, 98, 2000, 2003, XP, 7, 8,2008R2 Installation and configuration.
Installing and Configuring the Active Directory Service, DHCP, DNS, WINS.
Proficient in using the Active Directory Service to create Users, Groups, Organization unit, Computers, Network Printers and other objects in a Domain.
Configuring and managing User accounts, User rights, Account policies and Authentication.
Configuring Group Policy settings to manage user environment, security and software deployment.
Responsible for installation and maintenance of servers and networking hardware and software.
Using Windows Server Update Service to automate the delivery of windows updates, Patches and security fixes to all the computers on the network.
EDUCATION:
B. Tech Graduate in Electronics and Communication Engineering from M.G.I.T Hyderabad, India.