SHIVA
**********@*****.***
SUMMARY:
7+ years of professional experience in Network Designing, Deployment, Configuring, Troubleshooting and testing of networking system. Expert Level Knowledge about TCP/IP and OSI models.
Configured Routing protocols such as RIP, EIGRP, OSPF, BGP, static routing and policy based routing.
Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP and RSTP.
Maintain and configure HSRP and VRRP for consistency on all VLAN’s across a redundant Core.
Experience with Cisco catalyst 6500 switches. Experience with Nexus 2k,5k,7k,9k series switches
Good knowledge and experience in Installation, Configuration and Administration of Windows Servers 2003/2008, Active Directory, FTP, NTP, DNS, DHCP, TFTP, WINS, Linux OS under various LAN and WAN Environments .
Experience with Cisco Applications Centric Infrastructure (ACI). Working experience on tools and devices like GIGAMON, Source Fire, Fire eye, Aruba, Cisco ASA, Cisco ISE.
Experience in hardware provisioning, installation, configuration, maintenance, and troubleshooting optical networks. Experience in the certification of optical platforms.
Configuration and Deployment of VoIP systems for Cisco 8851 phones on CUCM/Unity 11.5
Deployment of VoIP systems for various models of Cisco and Avaya solutions (CUCM/Unity 9.x/10.x, Cisco 88xx series phones)
Performed role as Level 2 support for multiple functions (ranging from networking and VoIP to mobile and desktop support) as needed
Experience in Designed and documented to-be state for networking and VoIP cutovers.
Network Design, Implementation and Troubleshooting for Cisco networking and VoIP technologies. Knowledge and experience working in EMS/NMS domain.
Experience in development of management interfaces of variety of protocols such as SNMPv1, SNMPv2, TL1, CLI, XML, optical Element Management System and CORBA.
Knowledge and experience in developing power packs in Science Logic/EM7 tool
Experience in mission-critical 24x7 environments. Experience with F5 VIPRION Load Balancing
Hands on experience on F5 load balancers and troubleshooting on LTMs and GTMs. Experience in network security, vulnerability assessment, and encryption methods. Experience with Networking and security technologies.
Experience with Checkpoint and Cisco firewall administration across global networks
Experience with Cisco Fire Power and Adaptive Security Appliance(ASA) firewalls
Experience with Checkpoint firewalls and Virtual private networking(VPN)
Migrated Cisco ASA firewalls to next generation Palo Alto firewalls. Experience with Palo Alto Firewalls 3060, 5060, 7050.
TECHNICAL SKILLS:
Cisco Routers
Cisco7200,7600,3800,3600,3400, 2800,2600,2500,1800, ASR 1K, 7K, 9K, GSR 12K
Cisco Switches
6500, 5000, 4900, 4500, 3750, 3700, 2950, 1720, Nexus 7K, 5K, 2K.
Juniper
EX-2200, EX-4200, EX-4500, MX-480, MX960, M Series, SRX210, SRX240, SRX 650/3600, Net Screen 500/5200.
LAN
Ethernet, Fast Ethernet, Gigabit Ethernet, DDI, CDDI, Token Ring, ATM LAN Emulation
WAN
Leased lines 64k - 155Mb (PPP / HDLC), channelized links (E1/T1/E3/T3), Fiber Optic Circuits, Frame Relay, ISDN, and Load Balancing.
Firewalls
Cisco ASA Firewalls 5505-5585,PIX(506E/515E/525), Palo Alto Firewalls, IPSEC &SSL VPNs, IPS/IDS, DMZ Setup, CBAC, Cisco NAC, ACL, IOS Firewall features, IOS Setup & Security, Checkpoint R76/77.
PROFESSIONAL EXPERIENCE:
Client: FTB, Sacramento, CA
Network Engineer May 2017 -Till Date
Responsibilities
Responsible for support of network security and network devices such as a routers, and wireless access points.
Responsible for designing and implementation of Network Infrastructure.
Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices.
Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
Implementation of BGP to optimize WAN routing on the core and edge routers.
Implement changes on switches, routers, load balancers (F5 and Brocade), wireless devices as per engineer’s instructions and troubleshooting any related issues.
Mutual redistribution of OSPF and BGP routes using route maps.
Involved in upgrades to the WAN network from existing 7200vxr with ASR 1004 and 3845/3945 routers.
Upgrading branch network connectivity with total refresh of the network infrastructure with new 3845 routers and 2960 switches.
Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MST related issues coming in network environment.
completed design and deployment of New Cisco Spine and Leaf Data centers using VXLAN
Designed a test manual and automated test cases are perform the over Network testing tool IXIA and Spirent.
Setup, install, maintain and troubleshoot Juniper Wireless 5GT, SSG 320, NS 204 and SSG 5 IPSec Firewall/Gateway.
Implementation and configuration of GLBP/HSRP on multilayer switches for first-hop redundancy
Hands on experience testing I Rules using browser (IE), HTTP watch on F5 load balancers.
Design and implement the security application ASA and Sonic wall for the Site to Site; any connect, SSL and Remote access VPN of many clients.
Worked with IXIA test. Also used different tools like ANUE and JDSU.
Worked with Check Point, Smart Console R70.20 R75.40, Smart Dashboard Check Point External Cluster, Smart View Tracker, Smart View Monitor, Smart Provisioning, Smart Update, Eventia Reporter and Analyzer, SIEM, IPS/IDS.
Responsibilities to maintain existing and develop new IT Infrastructure services for the CIA. Tasks involved administering Server/ Network Infrastructure, configuring Rorke Data Fiber Switches, Rorke Data SAN, Spectra Logic T950, NetApp Storage
Intrusion Prevention System - IDS/IPS (IBM ISS IPS) Implementation and Upgrade for Site Protector.
Managed F5 BIG-IP LTM application to load balance server traffic. Configuration of virtual Servers, Nodes, and load balancing tools.
Implemented the Policy Rules, DMZ and Multiple VDOM's for Multiple Clients of the State on the Fortigate Firewall.
Planning/Implementation of the Cisco VPN clients to Cisco any connect.
Design and configuring of OSPF, BGP on Juniper Router and SRX Firewalls.
Configuration and extension of VLAN from one network segment to their segment between different vendor switches (Cisco and Juniper).
Provide Tier II Load Balancer expertise on F5 BIG-IP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the BIG-IP Load Balancers.
Experience on Network Monitoring & Testing tools such as Wire shark/Ethereal, Cisco Works, and IXIA, Spirent.
Strong experience working with Cisco routers IOS-XR, ASR1k, 7600, 7206vxr, 7505, 7507, 4540, 3645, 2621,and […] 2550, 2950, nexus 2k,7k,9k switches.
Configuration and troubleshooting of Cisco Routers such as Cisco 3640, ASR1K, ASR 9K.
Convert campus WAN links from point to point to MPLS and to convert encryption from IPSec/GRE to Get VPN.
Configuring AAA on Cisco ASA, configuring Authentication, authorization, radius attributes, TACACS+ AV Pairs, configuring accounting.
Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed.
Troubleshooting and installing of CRS, ISR, GSR, ASR9000, and Nexus devices.
Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-truncking, deployed port security when possible for user ports. Responsible for Cisco ASA firewall administration across our global networks.
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF, and BGP. Involved in the redistribution into OSPF on the core ASA firewall.
Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol. Involved in the modification and removal of BGP from the MPLS routers.
Also prepared documentation for various VLAN’s and Voice sub networks and worked on Visio for the same.
Migrating of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
Environment: Cisco Spine and Leaf, Cisco ASA 5505/5510/5520, Cisco Routers 2900 series, Cisco Switches 2950/2960/3750 HSRP, Ether channel, OSPF, EIGRP, BGP, STP, RSTP, PVST,VTP, SAN, MPLS, ATM, PPP, HDLC, SNMP, DNS, DHCP, MS exchange 2010, Xen server 6.0, x center.
Client: UNION BANK, Monterey Park, CA
Network Engineer May 2016– Apr 2017
Responsibilities:
Implementing Security Solutions using PaloAltoPA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20Gaia and Provider-1/MDM.
Configuration and administration of firewalls, which includes Checkpoint, Juniper and Cisco ASA firewalls.
Configured and maintained rule sets in the firewalls and updated them on the daily basis.
Monitors the network traffic and maintain the records with the help of SPLUNK.
Knowledge of Cisco ASA firewall, VPN, GRE over IPSec tunnel configuration and Route-maps.
Extensive knowledge of and experience configuring and troubleshooting layer 3 routing protocols (EIGRP, OSPF, RIP, BGP)and High Availability on Cisco devices.
Designed AWS Cloud Formation templates to create custom sized VPC, subnets, NAT to ensure successful deployment of Web applications and database templates.
Create and validate SMOPS for upgrade, replace, add and remove Cisco VOD equipment.
Work with Load Balancing to build connectivity to production & disaster recovery servers through Citrix Net scalar.
Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for state full replication of traffic between active and standby member.
Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
Researched, designed and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
Handling Modern related issue like that of RAD & Aruba. Responsible for the deployment and associated tasks for the implementation of the tanium Endpoint Security and Systems Management product.
Configuring rules and maintaining Palo Alto Firewalls& Analysis of firewall logs using Panorama.
Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone-Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto.
Configuration and Maintenance of Cisco ASA 5580-20, ASA 5540, ASA 5520, ASA 5510 series firewalls.
Hands on Experience with Cisco Wireless Controllers 5500's and 2500's and coming to access points, worked on 3700's, 3500's and 1142 access points.
Configured and installed Cisco routers 2500, 2600, 3601 and 4000 series. 2950 Switches & Link sys wireless access points.
Configuring and install hardware and software required to conduct network penetration testing.
Configure Sys log server in the network for capturing and logs from firewalls.
Provided tier 3 support for Check Point and Cisco ASA Firewalls to support customers, Backup and restore of Checkpoint and Cisco ASA Firewall policies.
Monitoring Traffic and Connections in Checkpoint and ASA Firewall. Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third-party connectivity.
Installed and configured a variety of Cisco devices like Cisco Routers (1841, 1900, 2600, 2800, 3800, ASRs and more), Cisco switches (3560, 3750, 4507 catalyst, 6500 catalyst Switch and more) and Nexus 7000 series, Nexus 5000 series, Nexus 2K Fabric Extenders and F5 appliances.
Applied knowledge of Ethernet switch and router configuration to configuration/design MPLS connections. Understanding of Layer2/3 VPN's, MPLS, Metro Ethernet and LAN switching.
Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.
F5 Big IP I rule programming and troubleshooting. Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 Big IP Load Balancers.
Configure and Monitor Cisco Source fire IPS for alerts.
Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
Worked on VPN configuration, routing, NAT, access-list, security contexts and failover in ASA firewalls.
Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel
Implemented configuration back-ups using Win SCP, cyberfusion to automate the back-up systems with the help of public and private keys.
Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
Working on the network team to re-route BGP routes during maintenance and FW upgrades.
Running vulnerability scan reports using Nexus tool. Use of Citrix Net scalar for the application delivery control.
Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including crypto map, encryption domain, psk etc.
Provided administration and support on Bluecoat Proxy for content filtering and internet access to primary, remote site offices and VPN client users.
Follow information security policies, methods, standards, NIST standards and practices to organize information systems, IT reference material and interpret regulations.
Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.
Actively use SIEM technology for searching and monitoring real-time events for network security and compliance. Review daily log data gathered from various resources such as sensors, alert logs, firewall logs, content filtering logs.
Monitor Intrusion Prevention System (IPS). Experience with converting Cisco 6500 IOS to Cisco Nexus NX-OS in the data center environment.
Install updates on new signatures. Working on day-to-day service tickets to solve troubleshooting issues. Experience using Service Now ticketing tool and provided 24x7 Support.
Environment: Cisco ASA5580/5540/5520, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA-5000/3000, Big IP F5 LTM/GTM, Nexus switches, APIC, Leaf/Spine, TCP/IP, VPN, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring, Service Now.
Client: NUTEC Hyderabad, India Oct 2010 to Nov 2015
Network Engineer
Responsibilities:
Works with client engineering groups to create, document, implement, validate and manage policies, procedures and standards that ensure confidentiality, availability, integrity and privacy of information.
Researched, designed and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations.
Configured, implemented and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540, 5000 series firewalls for the client environment.
Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
Worked on VPN configuration, routing, NAT, access-list, security contexts and failover in ASA firewalls.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Configured and maintained IPSEC and SSL VPN's on Palo Alto, Cisco ASA Firewalls.
Configuring, Administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
Configured IPSec VPN (Site-Site to Remote Access) on Cisco ASA (5200) series firewalls.
Working with the rule base and its configuration in Cisco ASA, Palo Alto, Juniper and Checkpoint firewalls.
Rule consolidation and rule lockdown process in the ASA firewalls. Supported 200 Cisco ASA firewalls in configuring and maintenance.
Deployment of Cisco ASA firewalls and migration of end of life ASA firewalls to New ASA firewalls
Cisco Firewalls include ASA 5585x, 5580, 5550 Series Hardware managed through CLI, ASDM as well as CSM.
Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static & Hide NAT's.
Experience in creating multiple policies and pushing them into Checkpoint Firewall (Gateways) and hands-on experience in managing the Checkpoint Management Server and Gaia operating system.
Experience working with Palo Alto firewalls managed through Panorama management platform.
Configure High Availability on Palo Alto firewalls.
Defining, tracking and maintaining the standard baselines and configuration sets of security devices and implementing industry best practices with regards to Firewall, IDS/IPS, IPSec VPN, SSL VPN.
Applied security enhancement by implementing certificates and RSA keys for authentication.
Installed and administered RSA Secure ID token authentication servers.
Support Citrix Net scalar F5 platform, configuring, implementing, & troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway, & content switching configuration solutions.
Configured F5 GTM solutions, which includes Wide IP, Pool Load Balancing Methods, probers and monitors.
Work with the Cisco Meraki Sales team and on strategic sales initiatives like customer outreach and channel training to grow business in targeted regions.
Defined AWS Security Groups which acted as virtual firewalls that controls the incoming traffic and configured the traffic allowing reaching one or more AWS EC2 instances Virtual private cloud (VPC), subnets, Internet Gateways.
Privileged and access management using AWS and Microsoft Azure.
Physically deployed new Cisco Nexus devices, Catalyst and Nexus replacement blades, FWSMs, Cisco ASAs, Citrix Net scalar MPX and SDX chassis.
Verify Firewall status with Checkpoint Monitor. Creation and implementation of Application delivery architectures which includes load balancing on F5 BIG IP modules.
Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
Use of Web application firewall providing reverse proxy based protection for applications deployed in physical, virtual / public cloud environments.
Involved in the deployment and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
Involved in F5 LTM GTM and ASM planning, designing and implementation. Actively involved in F5 ASM policy configuration and deployment. Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Net screen firewalls
Configured High availability, User ID on Palo Alto firewall.
Configured and utilized many different protocols such as OSPF, ISIS, BGP/MP-BGP, OER, MPLS, LDP, Multicast, IPv4/IPv6 protocols.
Utilized knowledge of Spanning Tree Protocol, BGP, MPLS, OSI model layers 1-2 to create network layouts.
Stateful firewall, VLAN to VLAN routing, Link bonding / failover, 3G / 4G failover, Traffic shaping / prioritization, WAN optimization, Site-to-site VPN, Client VPN, MPLS to VPN Failover, Active Directory and LDAP integration.
Responsible for investigating Data Loss Prevention using Symantec DLP.
Configured EIGRP routing and BGP route maps to allow traffic from subnets out to the core to Datacenter on the ASR 1002 devices.
Implementation and configuration of Cisco L3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, dot1Q trunk, ether channel
Configure and troubleshoot Routing protocols such as OSPF and EIGRP for routing internally and BGP for external routing.
Use BGP attributes such as AS-PATH pre-pending and communities to influence routing amongst different paths.
Worked and maintained various network, application monitoring tools like Solar Winds, Cisco Prime, Fore Scout, Wire shark, TCP Dump.
Fore scout Counter ACT- NAC, endpoint compliance, real-time intelligence and policy-based control.
Experience with Monitoring wireless networks and performing site surveys. Involved in Troubleshooting IP Addressing Issues and Updating IOS Images using TFTP. Used BMC Remedy tool for ticketing purpose.
Environment: Cisco ASA5580/5540/5520, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA-5000/3000, Juniper SSG, SRX, Big IP F5 LTM/GTM, Nexus switches, Routers, TCP/IP, VPN, Bluecoat Proxy servers, IDS/IPS. SIEM and monitoring, BMC Remedy, Cisco Prime