Engineer Security
Resume:
Kondal. B
Sr. Network Engineer
*******.****@*****.***
SUMMARY:
Cisco Certified Network Engineer with 8+ years of experience in networking, installing,
configuring, planning, designing, implementation and maintaining network devices.
Implementing IP addressing schemes, Routing, Switching and Firewall Security, including hands-
on experience in providing network support, installation and analysis for a broad range of LAN /
WAN/MAN communication systems.
Experience working with 2600, 2900, 3600, 3800, 3900, 7200, 7600 series Cisco routers.
Proficient in configuring Cisco Catalyst 2900,2960, 3560, 3750, 4500, 4900, 6500 series and Nexus
2248, 5548 and 7010 switches.
Extensively worked on Cisco catalyst 6509 and implemented VSS along with VDC and VPC on
Nexus 5505, 7009 switches.
Expertise in Cisco ISE and source fire implementations.
Supported the technologies like IWAN Solutions, APIC-EM, Prime Infrastructure.
Expertise in Configuration of Virtual Local Area Networks (VLANS) using Cisco routers and multi-
layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-
VLAN routing and VLAN Trunking using 802.1Q.
Exposure to multiple technologies and builds/troubleshooting: VSAN/NSX/SDWAN/VXLAN, etc.
In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture,
IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE
circuits, Firewalls.
Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP).
Configuration, Troubleshooting and Maintenance of ASA NGFW 5500-x series, Fortinet, Checkpoint,
Palo Alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and
PA5000 series and Cisco ISE 3515 and ISE 3595
Worked on Splunk Implementations and configuration management.
Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the
expansion of the MPLS VPN networks.
Proficiently implemented traffic filters using Standard and Extended access-lists, Distribute-Lists,
Route Maps and route manipulation using Offset-list.
Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog,
SNMP, NTP.
Expertise on Cisco DNA solutions ISE, NGFW (ASA+Firepower), Prime, ESA, WSA, VPN and
CWS implementations.
Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500,
EX3200, EX4200, EX4500, EX8200) series.
Expertise in OSI layer model/TCP/IP. Expertise on VMware V center, ESX and Citrix environment.
Extensive knowledge and experience of routing and switching protocols RIP v1 & v2, OSPF, EIGRP,
BGP, NAT and VLAN.
Have knowledge on various advanced technologies like Aruba wireless, VOIP, H.323, SIP, QOS,
IPv6, Multicasting, and MPLS.
Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
Experience in Designing and assisting in deploying enterprise wide Network Security and High
Availability Solutions for ASA.
Worked on Python, shell scripting and automation Rest APIs integrations.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both
Checkpoint and Cisco ASA VPN experience.
Experience in designing MPLS VPN and QOS for architecture using Cisco multi-layer switches.
Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a
Flexible Access Solution for a datacenter access architecture
Expertise in installing, configuring and troubleshooting Juniper Routers (E, J, M and T-series)
Implementing security policies using Cryptography, ACL, SDM, PIX Firewall, IPsec, VPN, and
AAA Security on different series of routers.
Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security
Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
TECHNICAL SKILLS:
Routing : OSPF, EIGRP, BGP, RIP v1/v2, PBR, Route Filtering, Redistribution,
Summarization, and Static Routing.
Switches : Nexus 2K/5K/7K, Cisco Catalyst 2900, 3500,3700,6500, 4500, 3850,3560,
3750, 2960
Switching : LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer
Switch, Ether channel, Transparent Bridging.
Network Security : Cisco ASA 5540, firepower, checkpoint, Palo Alto, ISE, Stealth watch ACL,
IPSEC, F5 Load Balancer, Sourcefire ESA, WSA, NGFW and Fortinet.
Load Balancer : F5 Networks (Big-IP) LTM 8900 and 6400/ASM.
LAN : Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet
WAN : PPP, HDLC, Channelized links (T1/T3), Fiber Optic Circuits, Frame Relay, VOIP
Gateway Redundancy: HSRP and GLBP
WAN Optimizer Riverbed Steelhead Appliance
DHCP and DNS Infoblox
Various Features & Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP,
FTP.
AAA Architecture : TACACS+, RADIUS, Cisco ACS and ISE
Network Management : Wireshark, SNMP, Solar winds, Blue coat, NAC, ISE and AD
CERTIFICATIONS:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
EDUCATION:
Bachelor of Engineering in computer Science
WORK EXPERIENCE:
CISCO, Research Tringle Park (RTP 4)-North Carolina Oct 2016- Till date
Sr. Network Security Engineer
Responsibilities:
Managing and configuring Cisco ESA, WSA, ASA and Firepower devices independently.
Configured IP, EIGRP and OSPF in routers. Configured and installed multi-protocol (IP, IPX)
multi-interface Cisco routers.
Providing the full deployment services on ISE, Next generation firewall and Prime.
Helped Partners with deploying Greenfield IWAN solution with the built in IWAN App in the
APICEM appliance.
Providing mentoring services during the Design, Planning and Implementation phases - including
Security Optimization Subscription, Security Design Assessment, Security Design / Configuration
Reviews, and Cisco security product implementations.
Helped Partners with APICEM implementation and understand the features like Discovery, Path
Trace.
Also configured built-in out of the box applications like Apicem-Easy-QOS, Apicem-PNP and
Apicem-IWAN App.
Experience with configuring DMVPN tunnels for the MPLS and ISP clouds, which are responsible
for Transport Independent Design of IWAN.
Experience in configuring the PFRv3 routing protocol for the application optimization.
Also configured and troubleshot the EIGRP and IBGP for the IWAN overlay routing.
Assign Access and trunk ports on Cisco Switches, configure new network devices, upgrade existing
infrastructure to Cisco Meraki, install Meraki Switches, and wireless Access Points.
Worked with ISR 4k, ASR 1k, CSR 1000v and other IWAN compatible routers.
Responsible for listening to Partner requirements and understanding their needs in security.
Provided with POC/POV for partners to implement all cisco security solutions.
Worked on ISE 802.1X, ISE wired/wireless guest and ISE trustsec implementations. Helped partners
and customers with ACS and NAC to ISE migration and ISE upgrades.
Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN
consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
Advise Partners to their satisfaction and meeting Cisco quality of design.
Leverage lab capabilities to experiment learn and test on.
Providing the full deployment services on ISE, Next generation firewall and Prime.
Providing solutions to ESA, WSA, CWS, Content security management appliance, ASA, ASAv and
ASA with Firepower.
Cisco ISE implementation with machine authentication, user authentication, Posture assessment,
profiling, BYOD, Guest, Dot1x with EAP-TLS.
Implemented with Cisco Meraki wireless SDN network setups for partners.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security
appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per
the design.
Implementation of Wireless access points, Cisco 3750, 3850 switches and Cisco 3900 and ASR 1000s
routers to new sites.
Assistance with initial installation, upgrade and migration planning, troubleshooting, compatibility
and sizing questions.
Assistance with specific design questions, provide design guidance according to Ciscos best
practices.
Assistance with demos, production pilots, proof of concepts, initial setup and configuration,
implementation and troubleshooting.
Mentoring the partner technical engineer on executing the Voucher Guidelines for ISE Trustsec
activation, ISE Wireless guest management activation, Next Generation Firewall and Prime
activation.
Contribute directly to Cisco's knowledge management initiatives by documenting and briefing other
Cisco security consultants on lessons learned from engagements.
Helped the partners and customers on Stealth watch, APICEM and IWAN activations and site
readiness.
Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 6500,9k switches and Cisco
3640/12000/7200/3845/3600/2800 routers ASR and ISR 4K series, Cisco Nexus 7K/5K, AVC, Net flow,
Cisco ASA, AD/LDAP, ISE wired/wireless/Trustsec/BYOD/Guest/802.1x/any connect, Meraki, Prime
wired/wireless, Firepower, AP, WLC, firepower AMP, ESA, WSA, stealth watch, APICEM and IWAN.
Capital One, Mclean-Virginia May 2015 Sep2016
Sr. Network Security Engineer
Responsibilities:
Managing and configuring Cisco Switches and Routers independently.
Hands on experience with troubleshooting and configuring terminal servers. Providing Technical
Support and solutions for Network Problems.
Creating and managing user accounts to all team members in partner environment.
Experience in Cisco switches and routers: IP addressing, WAN configurations.
Hands on using crimp tools, punch down tools to punch cables to the 110 data/voice blocks.
Communicating and escalating tickets with service providers for network outage issues.
Monitoring Network infrastructure using SNMP tools HP NNM, Solar winds and Opnet.
Coordinating with Security team for NAT configuration and troubleshooting issues related to access
lists and DNS/DHCP issues within the LAN network.
Escalation of procedures and customer notifications.
Assisted on URL web filtering migration from Blue Coat and Websense to Palo Alto firewalls.
Experience in troubleshooting VLAN, STP (Spanning tree protocol), & Switch Trunk and IP subnet
issues.
Worked on Physical site; latency and slowness issues in transmitting results within internal quest
network.
Implementation of Cisco 3750, 3850 switches and Cisco 3900 and ASR 1000s routers to new sites.
Involved in complete LAN, WAN, Extranet redesign (including IP address planning, designing,
installation, pre-configuration of network equipment, testing, and maintenance) in both Campus and
Branch networks.
Experience working with Nexus 7010, 5020, 2148, 2248 devices.
Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card
(module) for the Nexus 5000.
Implemented Cisco ACI as a solution for data centers using a Spine and Leaf architecture.
Provided support on SCADA applications.
Deployed ACI data center lab facilities and supported with Open stack and VMware ESX
Utilized the Blue Coat Proxy Web Security, SIEM, SOC, Malware Tracking, Rapid7-NeXpose, and
Tuffin, IPS/IDS, Nessus Tenable, Retina, Solaris OS for addressing the PCI DSS and Compliance and
Cryptographic Services.
Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls and Cisco ISE.
Configuring ASA Firewall and accept/reject rules for network traffic.
Designing, implementing LAN/WAN configurations on Cisco 5K, catalyst 6500 switches.
Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing
protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
Experience working with JUNOS OS on Juniper Routers and Switches.
Familiar with JUNOS space and other management tools.
Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP,
PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of
inter-VLAN routing.
Provide Tier III Level Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM).
Designing F5 solutions/support for migration work of applications and websites from Cisco CSS
Load Balancers to the F5 BigIP Load Balancers.
Expertise on F5 ASM security policies creation.
Worked on the F5 ASM designing and configurations.
Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing
problems
Performing network monitoring, providing analysis using various tools like Wireshark, Solar winds
etc.
Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 6500 switches and Cisco
3640/12000/7200/3845/3600/2800 routers, Cisco Nexus 7K/5K, Infoblox, Cisco ASA 5000, ISE, Palo alto,
F5 BIGIP LTM/ASM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP
Public service Enterprise Group (PSEG), Newark-New Jersey Feb 2013 to April 2015
Sr. Network Security/Data Center Engineer
Responsibilities:
Involved in complete LAN, WAN development (including IP address planning, designing,
installation, configuration, testing, maintenance etc.).
Involved in Switching Technology Administration including creating and managing VLANSs, Port
security, Trunking, STP, Inter VxLAN routing, LAN security etc.
Configured IP, EIGRP, RIP, BGP and OSPF in routers. Configured and installed multi-protocol (IP,
IPX) multi-interface Cisco routers.
Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center
with the use of IPS feature.
Configure and maintain all Palo Alto Networks Firewall models (PA-3k, PA-5k.) as well as a
centralized management system (Panorama) to manage large-scale Firewall deployments.
Key point of contact with the Global Network Operations Center GNOC. Blue Coat Proxy, Check
Point, Utilized SMART technology that enables the PC to predict the future failure of hard disk
drives.
Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a
Flexible Access Solution for datacenter access architecture and VXLAN on nexus switches.
Experience configuring Virtual Device Context in Nexus 7010
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
Managed corporate Checkpoint Firewall management and operation, implementing security rules, and
mitigating network attacks.
Working with Checkpoint Support for resolving escalated issues.
Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.
Provide Tier III Level Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM).
Designing F5 solutions/support for migration work of applications and websites from Cisco CSS
Load Balancers to the F5 BigIP Load Balancers.
Configuring IPSEC VPN (Site-Site to Remote Access) on Juniper SRX firewalls 210,220 and 240
series and built chassis clusters on them.
Prepare a replacement strategy for EOS firewalls with Cisco and Juniper.
Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
Once trouble ticket has been created, keep customer informed of status of ticket and estimated time to
repair.
Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
Coordinating with service providers for WAN link outages.
Checking and configuring Cisco 7600 and 7200 routers at data center for remote sites issues.
Working on Cisco 6509 and 4507 series switches for LAN requirements that include
Upgraded and updated Cisco IOS from 12.3T to 12.4. Used to DHCP to automatically assign reusable
IP addresses to DHCP clients.
Used PIX Firewall and ACLs for authentication of EIGRP to ensure high security on the network.
Configure and implement remote access solution for customers: IPSEC, Site2Site, GRE tunnel end-
to-end
Configured Cisco 7200 routers, which were also connected to Cisco PIX 535 security appliances
providing perimeter, based firewall security.
Used load balancers ACE and load balancing technique with multiple components for efficient
performance and to increase reliability through redundancy.
Involved in migration from Frame-Relay/ATM network to MPLS-based VPN for customers WAN
infrastructure.
Used Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess
and pinpoint networking issues causing service disruption.
Environment: Cisco routers 7200, IOS 12.4 & switches 3750, 4500, 6500; RIP, OSPF, EIGRP,
VLAN, DHCP, DNS, MPLS, ISDN, DSL, T1 Lines.
Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by
configuring VLANs.
Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card
(module) for the Nexus 5000.
Extensive knowledge and troubleshooting in data communication protocols and standards including
TCP/IP, UDP, IEEE 802.3, Token Ring, Cable Modem, PPPOE, ADSL, Multilayer Switching, DoD
standards.
Expertise on F5 ASM modules upgrades and configurations.
Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday
task of creating WIP and VIPs.
Other responsibilities included documentation and supporting other teams.
Environment: Cisco3750/3550/3500/2960switches and Cisco3640/12000/7200/3845/3600/2800 routers,
OSPF, BGP, VLAN, HSRP, LAN, WAN, F5 ASM, ISE, Palo alto IPV4, Infoblox, ASA Firewall, AVC, Net
flow, Checkpoint, Nexus 7K/5K/2K.
Univar, Redmond-Washington Dec 2011 to Jan 2013
Network Admin/Engineer
Responsibilities:
Implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN
networking systems.
Configured and troubleshoot OSPF and EIGRP.
Planning and configuring the routing protocols such as OSPF, EIGRP, RIP, and Static Routing on
the routers.
Tested authentication in OSPF and BGP.
Troubleshoot traffic passing managed firewalls via logs and packet captures
Configured and resolved various OSPF issues in an OSPF multi area environment.
Worked with telecom vendors regarding network fault isolation.
Hands-on experience with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols
(BGP/OSPF), and IP addressing.
Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering).
Successfully installed Palo Alto PA-3060 Firewalls to protect Data Center.
Integrate Data Center technologies such as ASR, Catalyst, Nexus, UCS and Storage as well as Layer
4-7 devices including but not limited to Firewalls and Load balancers with ACI and APIC.
Implemented Positive Enforcement Model with the help of Palo Alto Networks.
Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
Configured CIDR IP RIP, PPP, BGP and OSPF routing.
Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP,
RIP, BGP v4. Configured IP access filter policies.
Experience with Firewall Administration, Root cause analysis, Rule Analysis, Rule Modification.
Modified internal infrastructure by adding switches to support server farms and added servers to
existing DMZ environments to support new and existing application platforms.
Deployed 7613 as PE and CE router and Configured and troubleshoot the Edge Routers.
Excellent troubleshooting knowledge on T1, T3, OC-3 and OC-12.
Generated RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
Configuration and troubleshooting of Cisco catalyst 6509, 7613 with supervisor cards.
Worked with Juniper Firewalls.
Helped the Partners with F5 ASM security policies creation and upgrades.
Experience with implementing and maintaining network monitoring systems (Cisco works and HP
Open view) and experience with developing complex network design documentation and
presentations using VISIO.
Estimated Project costs and created documentation for project funding approvals.
Configured ASA 5540 to ensure high-end security on the network with ACLs and Firewall.
Used IPsec VPN tunneling to provide access to user machines and partners in another network.
Provided application level redundancy and availability by deploying F5 load balancers LTM.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco
ASA VPN experience
Environment: Net Flow, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, CSM, SUP720, Ether Channels,
Cisco 7200/3845/3600/2800 routers, F5 ASM, Juniper Net screen and SRX firewalls, Fluke and Sniffer,
Cisco 6509/ 3750/3550/3500/2950 switches, Cisco ASA firewalls.
Roads Software Corporation, Hyderabad India April 2010 Nov 2011
Network Support Engineer
Responsibilities:
Configured RIP and EIGRP on 2600, 2900 and 3600series Cisco routers
Involved in troubleshooting of DNS, DHCP and other IP conflict problems
Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500series Cisco
Catalyst switches
Configuring and troubleshooting on WLC and WAP.
Provided on-call support for installation and troubleshooting of the configuration issues
Configured Standard, Extended, and Named Access Lists to allow users all over the company to
access different applications and blocking others
Planned and implemented Sub netting, VLSM to conserve IP addresses
Configured STP for loop prevention and VTP for Inter-VLAN Routing
Provided Technical support for improvement, upgradation, and expansion of the existing network
architecture
Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet
environment
Environment: Cisco Switches, Routers, TCP/IP, DNS, DHCP, WLC, WAP, VLAN
I2Space Technologies, Hyderabad, India Dec 2009 - Mar 2010
Network Engineer
Responsibilities:
Provided Level 1 Support for Broadband Connection to Virgin Media customer
Worked as a Technical Support Executive under Virgin Media.
Received inbound calls of technical nature, independently resolved customer complaints, concerns
and inquiries regarding their Internet connection.
Managed LAN and Wireless Network and performed troubleshooting on LAN, WLAN, Customer
Modems (NTL 250, TERAYON, and MOTOROLA) And CPE Router (Cisco-Linksys, Belkin, D-
LINK and Dynamode).
Set up Home Network and provided troubleshooting and full support on virgin- media security
Software (PC-guard).
Troubleshoot a wide range of technical support issues and connectivity problems such as
authentication, connection speed, e-mail configuration, and loss of synchronization.
IOS upgrades on catalyst series switches like 2900, 3560, 3750.
Troubleshoot TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
Implemented Trunking protocols like 802.1q on 3750 switches.
Configured ACLs to provide accessibility and restrict unauthorized users.
Involved in maintaining STP, RSTP and PVST+ for the catalyst switches I worked on.
Configured and maintained RIP, OSPF and routing protocols on 2600 and 3600 series Cisco routers.
Maintaining and troubleshooting of connectivity problems using Ping, Traceroute.
Assisted in racking and stacking.
Technical assistance for LAN/WAN management and customer issues.
Other responsibilities also included documentation.
Environment: Cisco Switches, Routers, TCP/IP, DNS, DHCP, VLAN
Contact this candidate