Ravi Kiran R
Certified Network Engineer
908-***-**** *********.*******@*****.***
SUMMARY:
Around 8 years of Experience with Implementation as well as operational support of Firewalls/gateways specifically Check Point, Cisco ASA, Juniper, Palo Alto and Fortinet Firewalls.
Certified in Cisco CCNA and certified in both Checkpoint CCSA and CCSE.
Experience working with Bluecoat Proxy as forward proxy for URL filtering.
Experience in layer-3 routing and layer-2 switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches).
Experience in Juniper product line for configuring and troubleshooting MX 480, MX 960 routers, SRX-1500, SRX-3600, SRX-5800 Firewalls.
In-depth expertise with F5 BIG-IP […] series installation/ configuration/ support.
Configured F5 Big IPs with VIPs, Pool, iRules and SSL certificates to ensure traffic was load balanced.
Experience with Management Platforms such as Provider-1/MDS, Juniper NSM, Cisco CSM.
Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform; including implementing, configuring, and integrating F5 GTM, LTM, APM, ASM, iRules, IPv6, SSL,
Experience with Firewall Virtualization Platforms such as Check Point VSX, Cisco Multiple Context Firewall as well as VDC
Expert level understanding in implementing TCP/IP addressing scheme, LAN/WAN Protocols, and IP Services
Experience working in Enterprise scale Security implementations with hundreds of security gateways segmented through multiple DMZ, Perimeter and External zones with Heterogeneous network/security appliances
Knowledge on Cisco network routing/ switching (Layer 2&3) experience, including LAN, WAN & SDN, implementation which include Layer 1 to Layer 7 experiences.
Good knowledge on VOIP protocols like H.323, SIP, MGCP and SS7 and interfacing of TDM to VOIP system
Vulnerability assessment using tools such as Nessus and Qualys.
Flexible for On Call Rotation and off hour support especially upgrades & Maintenance.
Demonstrated abilities in enterprise wide network design, integration and support.
Unsurpassed customer service, dedicated, positive, team-oriented attitude with proven leadership and success in highly visible roles for various sized project implementations.
TECHNICAL SKILLS
Hardware : Check Point using Gaia, splat, ipso, Crossbeam, Cisco ASA Firewalls including 5585, 5525, 5540, PIX 535. Juniper Netscreen-5200 and 5400, SRX110, SRX210 running Jun OS 9.x, 10.x., Fortinet FortiGate Appliances including 3200D, 1500D, 1200D running Latest 5.2 FortiOS. Cisco Core, distribution and access layer network devices including Nexus 7K, 5K, 1K, Cisco 7200 series routers, Cisco Catalyst switches including 6500 switches.
Networking Protocols: OSI Layer, TCP/IP, T1, T3, GRE, MPLS, ATM, LAN and WAN routing protocols, including RIP, EIGRP, OSPF, BGP, HSRP, network service protocols and standards (e.g., DNS, DHCP, NTP, FTP(S), HTTP(S), SSL, SMTP, etc)
Security : Design and implement secured Firewalls for corporate network at layer 2 (transparent mode) layer 3 (Routed mode), MSP and IDC using various security hardening procedures e.g.: DMZ, ACL (Access lists), Application inspection, NAT, reverse path verification etc. Cisco IDS (Intrusion detection system) and alert management, Vulnerability Scan using Nessus, building secure IPSec Remote/Site to Site VPN connections using strong encryption (3DES/AES) & authentication.
Additional Skills : Troubleshooting of CSU/DSU, Private Line, Frame Relay, ATM, VLAN configurations, 802.1q trunking, and spanning tree, STP, VTP, IP Addressing, IP Subnet, VRF, NAT/PAT, IPSec based VPN, IPsec over GRE Tunnels, VOIP, DNS, DHCP, ADS, Exchange, IIS, SNMP V2, load balancing and high availability. BIG IP from F5 Load balancer configurations. Packets level troubleshooting using sniffer tools like Wireshark.
Professional Experience:
Client: Safeway, Pleasanton, CA Jun 2017- Till Date
Sr. Network security Engineer
Responsibilities:
Managed Firewalls with Checkpoint, Cisco ASA and reviewed information security requirements, assessed security risks, and defined security requirements.
Reviewed, Analyzed and Documented current firewall configuration and monitor for any post-production issues and fix issues.
Designed the migration from current firewall technologies to the new firewall standard (s) and execute the migration in production environment ensuring minimal customer impact and application downtime.
Prepared SDD (Specific Delivery Document), Deployment document, Test Plan and Test cases document that encompass the functional testing on the new firewalls, migration steps including focus on maintaining the availability of services during the migration and execute testing in the new firewall in a test environment.
Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NAT'ing, NAC product sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.
Ensured interoperability with other Network security and Network components remains intact.
Good knowledge of IPv4 and IPv6 Addressing, Fixed Length and Variable Length Subnet Masking (VLSM), OSI and TCP/IP models.
Monitors host based IPS, Network IPS, IDS, and Anti-Virus logs.
Analyzing and Managing networking requirements of different environments (VLANs, trunking, multicast, VRFs, OSPF& BGP routing, in a Cisco based environment)
Performed upgrades for all IP series firewalls from previous Checkpoint versions (R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77) to R77.10
Prepare test plans for checking the configuration on the CLI and GUI writing iRules, scripts.
Worked on lab testing and prod testing to drive the development of Overlay and underlay SDN.
Experience on Checkpoint GAIA R77. Environment consisted of 30+ Check Point firewalls and performed configuration, troubleshooting, and maintenance.
Worked on, groups, and updating access-lists and responsible on Checkpoint Firewall, apply static, hide NAT using smart dashboard.
Understanding of SDN/NFV ecosystem SDN controller with Real-time engagement, support diagnostics, billing and business automation for SDN.
Produced all "Qualification" documentation for the Firewall environments and Document migration plan
Managing security policy configuration and policy setup, proxy servers, manage content filtering.
Experience working with Nexus 2000, 4000, 7000 series
Setting up Cisco Miraki MX84 and MS 225 in the Lab for testing the new pilot project with the Cisco Miraki MS225 switches and also testing the Dongle to allow access to wireless broadband.
Experience with different Network Management Tools and Sniffers like Wireshark (ethereal), HP-Open view, RSA envision, Netflow to support 24 x 7 Network Operation Centre.
Installed, Administrated, Upgraded, and Deployed the Blue coat proxy servers, content filtering, and policy including the BCAAA (Blue coat Authentication Agent) Servers.
Strong knowledge and experience in implementing, configuring VPN technologies like IPSec, MPLS.
Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning,
Proficient in Checkpoint, Cisco, Juniper, Lucent, Fortinet and Blue coat technologies.
Client: Anthem Inc, Virginia Beach, VA Feb 2016 – May2017
Sr. Network Security Engineer
Responsibilities:
Implementation and support of firewalls in the environment including policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
Perform Firewall upgrades with minimum or no downtime.
Work in a Checkpoint VSX environment with Virtual firewalls.
Configure High Availability Checkpoint ClusterXL on VSX as well as perform Upgrades
Experience working in Provider-1 Environment with Multiple CMA’s and dozens of gateways.
Optimizing Firewall Policy, grouping objects, verify NAT and clean-up of unused firewall rules.
Building of New Check Point Security Gateways and performing in place upgrades.
Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
Work with Site to Site VPN including building new tunnels as well as support existing tunnels.
Use Provier-1 /Multi Domain Security MDS platform with several hundreds of gateways administered through group of CMA’s / Smart Centers.
Analyse logs, traces from Cisco UCS Servers and provide root cause analysis to clients for network related issues.
Work with partners who use, Cisco UCS Servers, Cisco Nexus series, Cisco catalyst switches, Cisco NX-OS Software operating system, Cisco UCS Manager, UCS B-series/C-series servers, Cisco UCS
Manage Cisco ASA Firewalls using CLI, CSM (Cisco Security Manager).
Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
Strong TCP/IP understanding. Knowledge of debugging Cisco ASA Firewall.
Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
Understand different types of NAT on Cisco ASA firewalls and apply them.
Worked on Checkpoint Firewalls, Juniper (SRX, SSG/ISG), Blue coat proxies, Palo Alto firewalls. Installed, configured Checkpoint via GAIA, R55 and NGX R60, R75, R77.3, 77.2.
Implementing the High Availability both Active/Passive and Active/Active using NSRP in Juniper firewalls.
Installing Drives for all supported OS in UCS B-series and C-series
Experience with deploying Fabric Path using Nexus 7000 Devices. Designed & Deployed Cisco ISE 1.2/1.3 for Enterprise RADIUS Authentication with Active Directory, RSA Secure ID, Proxy Radius Services to Cisco ACS and Radiator Radius.
Implementing Citrix NetScaler 10 for Networking and Traffic Optimization (CCA) (BETA), Citrix License CTX482174 November 2012
Migrating the juniper ISG firewalls form L2 mode to L3 mode and also implementing the active/passive configuration using NSRP. network
Supported Tipping Point's full range of Intrusion Prevention devices with any issues from configuration to upgrades and packet analysis.
Configure NAT in Juniper SRX platforms using Jun OS based on the zones.
Configure and troubleshoot Remote Access VPN using Juniper SA VPN / MAG appliance for Vendor access and also for all employee corporate Access.
Implementation of High Availability by creating the HA zones for Netscreen firewalls using NSRP and also supporting the cluster pairs.
Managing the firewalls in Juniper management environment NSM 2010.x, 2012 Jun OS Space 13.x,14.x.
Configuring and troubleshooting Juniper MX series high performance Ethernet service routers for advanced QoS and low latency.
Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
Administer and support Big IP LTM for all Local Load balancing and use GTM for load balancing between DC
Vulnerability assessment using tools such as Nessus and Qualys, and implementation of Security Policies.
Knowledge in design and deploy of F5 LTM, GTM, APM, ASM solutions.
Experience with working on latest cisco switches like Nexus 2000,5000,6000 and 7000 series switches while implementing advanced features like VDC, VPC, OTV and Fabric path.
Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
Support Data Center Migration Project involving physical re-locations.
Design and configuring Overlay Transport Virtualization (OTV) on Cisco NX-OS devices like Nexus 7000.
Created well-defined requirements documentation and process for F5 LTM, GTM, ASM, APM deployment.
Client: PayPal, San Jose, CA Jun 2014 - Dec 2015
Firewall Engineer
Responsibilities:
Configured various Routing protocols such as RIP, OSPF, EIGRP, static routing.
Hands on experience with Catalyst L3 switches and Cisco Nexus switches: 2232, 2248, 5548, 6001 and 7018(Sup 2E).
Operated in Administration of L2 technologies like VLANs, VTP, Trunking, RPVST, Inter-VLAN routing, Ether channeling, and Switch port Security on Access Layer switches.
In the process of Data center fabric migration from legacy Catalyst to Nexus switches, deployed, configured and maintained 5548, 7018 switches.
Coordinated efforts with Engineer's to ensure all network devices conformed to defined network standards.
Configure, troubleshoot Spanning- Tree, EIGRP, OSPF, BGP, PAT/NAT, ACLs, HSRP and IPSEC/GRE tunneling.
Configuration and extension of VLAN from one network segment to other segment between different vendor switches (Cisco, Juniper)
Implemented Positive Enforcement Model with the help of Palo Alto Networks.
Deployed and maintained Juniper firewalls-globally.
Apply firewall configurations on Juniper ISG 2000 firewalls
Configured CIDR IP RIP, PPP, BGP and OSPF routing.
Troubleshoot TCP/IP problems; troubleshoot connectivity issues in multi-protocol Ethernet, Environment.
Configuring and troubleshooting with Cisco ASA (5550/5520), Juniper SRX (3600/650).
Configuration of STP and Port Security on Catalyst 2900, 4900, 6500, 6509 and 7509 switches.
Configuring VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches.
Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
Functioned in upgrading system images on 5k and 7k Nexus switches using kick start and FTP server.
Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, network devices.
WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP address.
Configured and maintained OSPF, EIGRP, RIP and BGP on Cisco routers.
Built and support VRRP / Cluster based HA of Checkpoint firewalls
Troubleshooting of DNS, DHCP and other IP conflict problems.
Troubleshooting L2/L3 environments. Troubleshooting the issues with the MPLS VPN connectivity and also Configured Virtual Routing Forwarding (VRF) on Cisco routers.
Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
Troubleshooting of Cisco 2800, 2900, 3700, 3900, 7200, 7600 routers.
Creating PVLANs and preventing VLAN hopping attacks and mitigating spoofing with snooping and IP source guard.
Key contributions include troubleshooting of complex LAN/WAN infrastructure.
Enabled STP enhancements to speed up the network convergence that includes BPDU Guard, Port-fast, Uplink-fast on various layer 2 and layer 3 switches.
Monitor, troubleshoot, test and resolve Frame Relay, ATM, and PPP.
Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
Configuring policies on ASM using manual policy enforcement and auto policy enforcement with F5 ASM, LTM, APM.
Knowledge in implementing and configuring F5 Big-IP LTM load balancers.
Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
Performing network monitoring, providing analysis using various tools like WireShark, Solarwinds and CiscoWorks, Tcpdump.
Environment: Cisco 2900, 4900, 6500, 6509 and 7509 switches. Cisco (2800, 2900, 3700, 3900, 7200, 7600) Routers, MPLS, OSPF, BGP, EIGRP, NAT, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP), RTSP, BPDU, PPP, ATM
Client: Accenture, Hyderabad, India. June 2012- April 2014
Network Engineer
Responsibilities:
Administer Checkpoint firewall with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Center based Smart Dashboard.
Monitor the health and logs using Smart view tracker and smart monitor on the Checkpoint firewall.
Check Point Firewall Log review and analysis using Manage Engine.
Administer and Support Check Point Firewalls in the network between various security zones.
Responsible for ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
Created VLAN& Inter-VLAN Routing with Multilayer Switching.
Configured and Maintained TACACS for AAA.
Vlan implementation, Spanning Tree Implementation and support using rapid stp and mst avoid loops in the network. Trunking and port channels creation.
Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
Troubleshooting firewall using CLI including packet captures to identify issues related to policy, NAT and Routing.
Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
Project Documentation and MS Visio for drawing Network Diagrams and managing IP address information.
Worked on implementation and support of VOIP and Unified Communications.
Client: Polaris, Hyderabad, India Sep 2010 – May 2012
Jr. Network Engineer
Responsibilities:
•Manage office network with Cisco devices with network devices including 2500 and 3600 series routers and 3500, 2900, 1900 series switches.
•Configured and managed networks using L3 protocols like RIPv2, IGRP.
•Designed networks and provided security between various offices of the organization.
•Configured VLANs, Private VLANs, VTP and Tracking on switches.
•Configured L2 and L3 security features on devices.
•Hands on Experience in Inter-VLAN routing, redistribution, access-lists.
•Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
•Monitor performance of network and servers to identify potential problems and bottleneck.
•Real time monitoring and network management using Cisco Works LMS.
•Monitoring Memory/CPU on various low-end routers in a network.
•Configuring routers and send it to Technical Consultants for new site activations and gives online support at the time of activation.
•Provided technical support on hardware and software related issues to remote production sites.
•Performed administrative support for RIP, OSPF routing protocol.
•Experience on Cisco IOS and Upgrading Cisco IOS using TFTP server.
•Involved in SNMP Network management.
•Worked on various Sniffing tools like Ethereal, Packet Sniffer.
•Backups of Cisco router configuration files to a TFTP server.