Resume

Sign in

Engineer Security

Location:
United States
Posted:
March 05, 2018

Contact this candidate

Resume:

Kondal. B

Sr. Network Engineer

ac4phm@r.postjobfree.com

+1-732-***-****

SUMMARY:

Cisco Certified Network Engineer with 8+ years of experience in networking, installing,

configuring, planning, designing, implementation and maintaining network devices.

Implementing IP addressing schemes, Routing, Switching and Firewall Security, including hands-

on experience in providing network support, installation and analysis for a broad range of LAN /

WAN/MAN communication systems.

Experience working with 2600, 2900, 3600, 3800, 3900, 7200, 7600 series Cisco routers.

Proficient in configuring Cisco Catalyst 2900,2960, 3560, 3750, 4500, 4900, 6500 series and Nexus

2248, 5548 and 7010 switches.

Extensively worked on Cisco catalyst 6509 and implemented VSS along with VDC and VPC on

Nexus 5505, 7009 switches.

Expertise in Cisco ISE and source fire implementations.

Supported the technologies like IWAN Solutions, APIC-EM, Prime Infrastructure.

Expertise in Configuration of Virtual Local Area Networks (VLANS) using Cisco routers and multi-

layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-

VLAN routing and VLAN Trunking using 802.1Q.

Exposure to multiple technologies and builds/troubleshooting: VSAN/NSX/SDWAN/VXLAN, etc.

In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture,

IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE

circuits, Firewalls.

Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP).

Configuration, Troubleshooting and Maintenance of ASA NGFW 5500-x series, Fortinet, Checkpoint,

Palo Alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and

PA5000 series and Cisco ISE 3515 and ISE 3595

Worked on Splunk Implementations and configuration management.

Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the

expansion of the MPLS VPN networks.

Proficiently implemented traffic filters using Standard and Extended access-lists, Distribute-Lists,

Route Maps and route manipulation using Offset-list.

Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.

Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog,

SNMP, NTP.

Expertise on Cisco DNA solutions ISE, NGFW (ASA+Firepower), Prime, ESA, WSA, VPN and

CWS implementations.

Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500,

EX3200, EX4200, EX4500, EX8200) series.

Expertise in OSI layer model/TCP/IP. Expertise on VMware V center, ESX and Citrix environment.

Extensive knowledge and experience of routing and switching protocols RIP v1 & v2, OSPF, EIGRP,

BGP, NAT and VLAN.

Have knowledge on various advanced technologies like Aruba wireless, VOIP, H.323, SIP, QOS,

IPv6, Multicasting, and MPLS.

Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.

Experience in Designing and assisting in deploying enterprise wide Network Security and High

Availability Solutions for ASA.

Worked on Python, shell scripting and automation Rest APIs integrations.

Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both

Checkpoint and Cisco ASA VPN experience.

Experience in designing MPLS VPN and QOS for architecture using Cisco multi-layer switches.

Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a

Flexible Access Solution for a datacenter access architecture

Expertise in installing, configuring and troubleshooting Juniper Routers (E, J, M and T-series)

Implementing security policies using Cryptography, ACL, SDM, PIX Firewall, IPsec, VPN, and

AAA Security on different series of routers.

Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security

Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).

Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.

TECHNICAL SKILLS:

Routing : OSPF, EIGRP, BGP, RIP v1/v2, PBR, Route Filtering, Redistribution,

Summarization, and Static Routing.

Switches : Nexus 2K/5K/7K, Cisco Catalyst 2900, 3500,3700,6500, 4500, 3850,3560,

3750, 2960

Switching : LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer

Switch, Ether channel, Transparent Bridging.

Network Security : Cisco ASA 5540, firepower, checkpoint, Palo Alto, ISE, Stealth watch ACL,

IPSEC, F5 Load Balancer, Sourcefire ESA, WSA, NGFW and Fortinet.

Load Balancer : F5 Networks (Big-IP) LTM 8900 and 6400/ASM.

LAN : Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet

WAN : PPP, HDLC, Channelized links (T1/T3), Fiber Optic Circuits, Frame Relay, VOIP

Gateway Redundancy: HSRP and GLBP

WAN Optimizer Riverbed Steelhead Appliance

DHCP and DNS Infoblox

Various Features & Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP,

FTP.

AAA Architecture : TACACS+, RADIUS, Cisco ACS and ISE

Network Management : Wireshark, SNMP, Solar winds, Blue coat, NAC, ISE and AD

CERTIFICATIONS:

Cisco Certified Network Associate (CCNA)

Cisco Certified Network Professional (CCNP)

EDUCATION:

Bachelor of Engineering in computer Science

WORK EXPERIENCE:

CISCO, Research Tringle Park (RTP 4)-North Carolina Oct 2016- Till date

Sr. Network Security Engineer

Responsibilities:

Managing and configuring Cisco ESA, WSA, ASA and Firepower devices independently.

Configured IP, EIGRP and OSPF in routers. Configured and installed multi-protocol (IP, IPX)

multi-interface Cisco routers.

Providing the full deployment services on ISE, Next generation firewall and Prime.

Helped Partners with deploying Greenfield IWAN solution with the built in IWAN App in the

APICEM appliance.

Providing mentoring services during the Design, Planning and Implementation phases - including

Security Optimization Subscription, Security Design Assessment, Security Design / Configuration

Reviews, and Cisco security product implementations.

Helped Partners with APICEM implementation and understand the features like Discovery, Path

Trace.

Also configured built-in out of the box applications like Apicem-Easy-QOS, Apicem-PNP and

Apicem-IWAN App.

Experience with configuring DMVPN tunnels for the MPLS and ISP clouds, which are responsible

for Transport Independent Design of IWAN.

Experience in configuring the PFRv3 routing protocol for the application optimization.

Also configured and troubleshot the EIGRP and IBGP for the IWAN overlay routing.

Assign Access and trunk ports on Cisco Switches, configure new network devices, upgrade existing

infrastructure to Cisco Meraki, install Meraki Switches, and wireless Access Points.

Worked with ISR 4k, ASR 1k, CSR 1000v and other IWAN compatible routers.

Responsible for listening to Partner requirements and understanding their needs in security.

Provided with POC/POV for partners to implement all cisco security solutions.

Worked on ISE 802.1X, ISE wired/wireless guest and ISE trustsec implementations. Helped partners

and customers with ACS and NAC to ISE migration and ISE upgrades.

Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN

consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.

Advise Partners to their satisfaction and meeting Cisco quality of design.

Leverage lab capabilities to experiment learn and test on.

Providing the full deployment services on ISE, Next generation firewall and Prime.

Providing solutions to ESA, WSA, CWS, Content security management appliance, ASA, ASAv and

ASA with Firepower.

Cisco ISE implementation with machine authentication, user authentication, Posture assessment,

profiling, BYOD, Guest, Dot1x with EAP-TLS.

Implemented with Cisco Meraki wireless SDN network setups for partners.

Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security

appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per

the design.

Implementation of Wireless access points, Cisco 3750, 3850 switches and Cisco 3900 and ASR 1000s

routers to new sites.

Assistance with initial installation, upgrade and migration planning, troubleshooting, compatibility

and sizing questions.

Assistance with specific design questions, provide design guidance according to Ciscos best

practices.

Assistance with demos, production pilots, proof of concepts, initial setup and configuration,

implementation and troubleshooting.

Mentoring the partner technical engineer on executing the Voucher Guidelines for ISE Trustsec

activation, ISE Wireless guest management activation, Next Generation Firewall and Prime

activation.

Contribute directly to Cisco's knowledge management initiatives by documenting and briefing other

Cisco security consultants on lessons learned from engagements.

Helped the partners and customers on Stealth watch, APICEM and IWAN activations and site

readiness.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 6500,9k switches and Cisco

3640/12000/7200/3845/3600/2800 routers ASR and ISR 4K series, Cisco Nexus 7K/5K, AVC, Net flow,

Cisco ASA, AD/LDAP, ISE wired/wireless/Trustsec/BYOD/Guest/802.1x/any connect, Meraki, Prime

wired/wireless, Firepower, AP, WLC, firepower AMP, ESA, WSA, stealth watch, APICEM and IWAN.

Capital One, Mclean-Virginia May 2015 Sep2016

Sr. Network Security Engineer

Responsibilities:

Managing and configuring Cisco Switches and Routers independently.

Hands on experience with troubleshooting and configuring terminal servers. Providing Technical

Support and solutions for Network Problems.

Creating and managing user accounts to all team members in partner environment.

Experience in Cisco switches and routers: IP addressing, WAN configurations.

Hands on using crimp tools, punch down tools to punch cables to the 110 data/voice blocks.

Communicating and escalating tickets with service providers for network outage issues.

Monitoring Network infrastructure using SNMP tools HP NNM, Solar winds and Opnet.

Coordinating with Security team for NAT configuration and troubleshooting issues related to access

lists and DNS/DHCP issues within the LAN network.

Escalation of procedures and customer notifications.

Assisted on URL web filtering migration from Blue Coat and Websense to Palo Alto firewalls.

Experience in troubleshooting VLAN, STP (Spanning tree protocol), & Switch Trunk and IP subnet

issues.

Worked on Physical site; latency and slowness issues in transmitting results within internal quest

network.

Implementation of Cisco 3750, 3850 switches and Cisco 3900 and ASR 1000s routers to new sites.

Involved in complete LAN, WAN, Extranet redesign (including IP address planning, designing,

installation, pre-configuration of network equipment, testing, and maintenance) in both Campus and

Branch networks.

Experience working with Nexus 7010, 5020, 2148, 2248 devices.

Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card

(module) for the Nexus 5000.

Implemented Cisco ACI as a solution for data centers using a Spine and Leaf architecture.

Provided support on SCADA applications.

Deployed ACI data center lab facilities and supported with Open stack and VMware ESX

Utilized the Blue Coat Proxy Web Security, SIEM, SOC, Malware Tracking, Rapid7-NeXpose, and

Tuffin, IPS/IDS, Nessus Tenable, Retina, Solaris OS for addressing the PCI DSS and Compliance and

Cryptographic Services.

Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls and Cisco ISE.

Configuring ASA Firewall and accept/reject rules for network traffic.

Designing, implementing LAN/WAN configurations on Cisco 5K, catalyst 6500 switches.

Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing

protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.

Experience working with JUNOS OS on Juniper Routers and Switches.

Familiar with JUNOS space and other management tools.

Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP,

PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of

inter-VLAN routing.

Provide Tier III Level Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM).

Designing F5 solutions/support for migration work of applications and websites from Cisco CSS

Load Balancers to the F5 BigIP Load Balancers.

Expertise on F5 ASM security policies creation.

Worked on the F5 ASM designing and configurations.

Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing

problems

Performing network monitoring, providing analysis using various tools like Wireshark, Solar winds

etc.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 6500 switches and Cisco

3640/12000/7200/3845/3600/2800 routers, Cisco Nexus 7K/5K, Infoblox, Cisco ASA 5000, ISE, Palo alto,

F5 BIGIP LTM/ASM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP

Public service Enterprise Group (PSEG), Newark-New Jersey Feb 2013 to April 2015

Sr. Network Security/Data Center Engineer

Responsibilities:

Involved in complete LAN, WAN development (including IP address planning, designing,

installation, configuration, testing, maintenance etc.).

Involved in Switching Technology Administration including creating and managing VLANSs, Port

security, Trunking, STP, Inter VxLAN routing, LAN security etc.

Configured IP, EIGRP, RIP, BGP and OSPF in routers. Configured and installed multi-protocol (IP,

IPX) multi-interface Cisco routers.

Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center

with the use of IPS feature.

Configure and maintain all Palo Alto Networks Firewall models (PA-3k, PA-5k.) as well as a

centralized management system (Panorama) to manage large-scale Firewall deployments.

Key point of contact with the Global Network Operations Center GNOC. Blue Coat Proxy, Check

Point, Utilized SMART technology that enables the PC to predict the future failure of hard disk

drives.

Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a

Flexible Access Solution for datacenter access architecture and VXLAN on nexus switches.

Experience configuring Virtual Device Context in Nexus 7010

Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers

Managed corporate Checkpoint Firewall management and operation, implementing security rules, and

mitigating network attacks.

Working with Checkpoint Support for resolving escalated issues.

Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.

Provide Tier III Level Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM).

Designing F5 solutions/support for migration work of applications and websites from Cisco CSS

Load Balancers to the F5 BigIP Load Balancers.

Configuring IPSEC VPN (Site-Site to Remote Access) on Juniper SRX firewalls 210,220 and 240

series and built chassis clusters on them.

Prepare a replacement strategy for EOS firewalls with Cisco and Juniper.

Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.

Once trouble ticket has been created, keep customer informed of status of ticket and estimated time to

repair.

Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.

Coordinating with service providers for WAN link outages.

Checking and configuring Cisco 7600 and 7200 routers at data center for remote sites issues.

Working on Cisco 6509 and 4507 series switches for LAN requirements that include

Upgraded and updated Cisco IOS from 12.3T to 12.4. Used to DHCP to automatically assign reusable

IP addresses to DHCP clients.

Used PIX Firewall and ACLs for authentication of EIGRP to ensure high security on the network.

Configure and implement remote access solution for customers: IPSEC, Site2Site, GRE tunnel end-

to-end

Configured Cisco 7200 routers, which were also connected to Cisco PIX 535 security appliances

providing perimeter, based firewall security.

Used load balancers ACE and load balancing technique with multiple components for efficient

performance and to increase reliability through redundancy.

Involved in migration from Frame-Relay/ATM network to MPLS-based VPN for customers WAN

infrastructure.

Used Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess

and pinpoint networking issues causing service disruption.

Environment: Cisco routers 7200, IOS 12.4 & switches 3750, 4500, 6500; RIP, OSPF, EIGRP,

VLAN, DHCP, DNS, MPLS, ISDN, DSL, T1 Lines.

Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by

configuring VLANs.

Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card

(module) for the Nexus 5000.

Extensive knowledge and troubleshooting in data communication protocols and standards including

TCP/IP, UDP, IEEE 802.3, Token Ring, Cable Modem, PPPOE, ADSL, Multilayer Switching, DoD

standards.

Expertise on F5 ASM modules upgrades and configurations.

Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday

task of creating WIP and VIPs.

Other responsibilities included documentation and supporting other teams.

Environment: Cisco3750/3550/3500/2960switches and Cisco3640/12000/7200/3845/3600/2800 routers,

OSPF, BGP, VLAN, HSRP, LAN, WAN, F5 ASM, ISE, Palo alto IPV4, Infoblox, ASA Firewall, AVC, Net

flow, Checkpoint, Nexus 7K/5K/2K.

Univar, Redmond-Washington Dec 2011 to Jan 2013

Network Admin/Engineer

Responsibilities:

Implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN

networking systems.

Configured and troubleshoot OSPF and EIGRP.

Planning and configuring the routing protocols such as OSPF, EIGRP, RIP, and Static Routing on

the routers.

Tested authentication in OSPF and BGP.

Troubleshoot traffic passing managed firewalls via logs and packet captures

Configured and resolved various OSPF issues in an OSPF multi area environment.

Worked with telecom vendors regarding network fault isolation.

Hands-on experience with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols

(BGP/OSPF), and IP addressing.

Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering).

Successfully installed Palo Alto PA-3060 Firewalls to protect Data Center.

Integrate Data Center technologies such as ASR, Catalyst, Nexus, UCS and Storage as well as Layer

4-7 devices including but not limited to Firewalls and Load balancers with ACI and APIC.

Implemented Positive Enforcement Model with the help of Palo Alto Networks.

Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.

Configured CIDR IP RIP, PPP, BGP and OSPF routing.

Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP,

RIP, BGP v4. Configured IP access filter policies.

Experience with Firewall Administration, Root cause analysis, Rule Analysis, Rule Modification.

Modified internal infrastructure by adding switches to support server farms and added servers to

existing DMZ environments to support new and existing application platforms.

Deployed 7613 as PE and CE router and Configured and troubleshoot the Edge Routers.

Excellent troubleshooting knowledge on T1, T3, OC-3 and OC-12.

Generated RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.

Configuration and troubleshooting of Cisco catalyst 6509, 7613 with supervisor cards.

Worked with Juniper Firewalls.

Helped the Partners with F5 ASM security policies creation and upgrades.

Experience with implementing and maintaining network monitoring systems (Cisco works and HP

Open view) and experience with developing complex network design documentation and

presentations using VISIO.

Estimated Project costs and created documentation for project funding approvals.

Configured ASA 5540 to ensure high-end security on the network with ACLs and Firewall.

Used IPsec VPN tunneling to provide access to user machines and partners in another network.

Provided application level redundancy and availability by deploying F5 load balancers LTM.

Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco

ASA VPN experience

Environment: Net Flow, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, CSM, SUP720, Ether Channels,

Cisco 7200/3845/3600/2800 routers, F5 ASM, Juniper Net screen and SRX firewalls, Fluke and Sniffer,

Cisco 6509/ 3750/3550/3500/2950 switches, Cisco ASA firewalls.

Roads Software Corporation, Hyderabad India April 2010 Nov 2011

Network Support Engineer

Responsibilities:

Configured RIP and EIGRP on 2600, 2900 and 3600series Cisco routers

Involved in troubleshooting of DNS, DHCP and other IP conflict problems

Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500series Cisco

Catalyst switches

Configuring and troubleshooting on WLC and WAP.

Provided on-call support for installation and troubleshooting of the configuration issues

Configured Standard, Extended, and Named Access Lists to allow users all over the company to

access different applications and blocking others

Planned and implemented Sub netting, VLSM to conserve IP addresses

Configured STP for loop prevention and VTP for Inter-VLAN Routing

Provided Technical support for improvement, upgradation, and expansion of the existing network

architecture

Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet

environment

Environment: Cisco Switches, Routers, TCP/IP, DNS, DHCP, WLC, WAP, VLAN

I2Space Technologies, Hyderabad, India Dec 2009 - Mar 2010

Network Engineer

Responsibilities:

Provided Level 1 Support for Broadband Connection to Virgin Media customer

Worked as a Technical Support Executive under Virgin Media.

Received inbound calls of technical nature, independently resolved customer complaints, concerns

and inquiries regarding their Internet connection.

Managed LAN and Wireless Network and performed troubleshooting on LAN, WLAN, Customer

Modems (NTL 250, TERAYON, and MOTOROLA) And CPE Router (Cisco-Linksys, Belkin, D-

LINK and Dynamode).

Set up Home Network and provided troubleshooting and full support on virgin- media security

Software (PC-guard).

Troubleshoot a wide range of technical support issues and connectivity problems such as

authentication, connection speed, e-mail configuration, and loss of synchronization.

IOS upgrades on catalyst series switches like 2900, 3560, 3750.

Troubleshoot TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.

Implemented Trunking protocols like 802.1q on 3750 switches.

Configured ACLs to provide accessibility and restrict unauthorized users.

Involved in maintaining STP, RSTP and PVST+ for the catalyst switches I worked on.

Configured and maintained RIP, OSPF and routing protocols on 2600 and 3600 series Cisco routers.

Maintaining and troubleshooting of connectivity problems using Ping, Traceroute.

Assisted in racking and stacking.

Technical assistance for LAN/WAN management and customer issues.

Other responsibilities also included documentation.

Environment: Cisco Switches, Routers, TCP/IP, DNS, DHCP, VLAN



Contact this candidate