Sanket Patel
***********@*****.***
Professional Summary:
•8 Plus years of professional experience in Network Engineering with Cisco Certified Network Engineer, performing Network analysis, design, Implementing, capacity planning with a focus on performance tuning and support of large Networks
•Strong knowledge in Cisco Routing, Switching and Security with Cisco hardware/software (heavy Cisco shop) experience
•Experience working on Cisco Catalyst Series 3750, 4500, 4900, 6500; Nexus 2000, 5000, 6000 and 7000 series switches
•Extensive work experience with Cisco Routers, Cisco Switches, Load Balancers and Firewalls
•Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2Kseries, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
•Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy
•Configure VRRP & GLBP and VLAN Trunking 802.1Q & ISL, STP, Port Security on Catalyst 6500 switches
•Involved in troubleshooting of DNS, DHCP and other IP conflict problems
•Responsible for Check Point and Cisco ASA firewall administration across global networks
•Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration
•Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
•Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls(SRX240, SRX550)
•In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls
•Strong knowledge of TACACS+, RADIUS implementation in Access Control Network
•Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA
•Managed the F5 BIG-IP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs. Wide experience in implementing and managing F5 BIG-IP load balancing.
•Responsible for Checkpoint and Cisco ASA firewall administration.
•Worked on administration and configuration of Check Point Firewall, Palo Alto Networks Firewall and Cisco ASA Firewall applied across global network.
•Experienced working with security issues related to Cisco ASR 9K.
•Experience in risk analysis, security policy, rules creation and modification of Checkpoint, Cisco ASA, Palo Alto Firewall
•Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series)
•Enterprise Routing experience using protocols RIP v1 & 2, EIGRP,OSPF and BGP
•Expertise in installing, configuring and troubleshooting Juniper Routers ( E,J,M and T-series)
•Implementing security policies using Cryptography, ACL, SDM, PIX Firewall, IPSec, VPN and AAA Security on different series of routers
•Experience with different Network Management Tools and Sniffers like Wireshark (ethereal), HP-Open view, RSA envision and Cisco works to support 24 x 7 Network Operation Center
•Experience with F5 load balancers and Cisco load balancers (CSM, ACE and GSS)
•Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers
•Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyses results and implement and delivering solutions as an individual and as part of a team
•Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools
•Knowledge of JUNOS platform and worked with IOS upgrade of Juniper devices
•Experience with different Network Management Tools and Sniffers like Wireshark (ethereal), HP-Open view, RSA envision and CiscoWorks to support 24 x 7 Network Operation Center
EDUCATION : Bachelor’s in E&C Engineering, INDIA.
CERTIFICATION : Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Technical Skills:
Cisco routers
Cisco 7200, 2800, 2600, 3945, 3600(ISO -Version 12.0, 12.2)
Cisco Switches
Cisco Catalyst 6509, 6513, 3650, 3850, 4500X, (IOS- Version 12.4)
Cisco nexus data center switches
7000, 5000 (NX- OS version 5.1, 5.2)
Load Balancer
Cisco CSS, F5 Networks (Big-IP)
WAN Optimization
Cisco WAAS, PPP Multilink
Routing
OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing
Switching
VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast Operations, Layer 3 Switches, Ether channels, Transparent Bridging
Firewalls
Checkpoint, Cisco ASA, Fortinet, Palo Alto
PROFESSIONAL EXPERIENCE:
Client: CapitalOne, VA Sep 2017 – Present
Role: Sr. Network Security Engineer
Responsibilities:
•Modify pilot ISE environment for production scaling and performance
•Works with client engineering groups to create, document, implement, validate and manage policies, procedures and standards that ensure confidentiality, availability, integrity and privacy of information.
•Researched, designed and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
•Executing RADIUS pre-deployment tasks like ISE setup, loading templates into Cisco Prime.
•Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations.
•Configured, implemented and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540, 5000 series firewalls for the client environment.
•Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
•Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN
•Configuration and Integration of Cisco Identity Services Engine (ISE) 1.2
•Worked on VPN configuration, routing, NAT, access-list, security contexts and failover in ASA firewalls.
•Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
•Configured and maintained IPSEC and SSL VPN's on Palo Alto, Cisco ASA Firewalls.
•Performed OS upgrades & device replacements on several Cisco devices (6500, Nexus 2K, 3K, 5k,6k and 7k and 9k series switches)
•Configuring, Administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
•Configured IPSec VPN (Site-Site to Remote Access) on Cisco ASA (5200) series firewalls.
•Working with the rule base and its configuration in Cisco ASA, Palo Alto, Juniper and Checkpoint firewalls.
•Deploying ISE Wired and Wireless Authentication, Authorization and Accounting.
•Deployment of Cisco ASA firewalls and migration of end of life ASA firewalls to New ASA firewalls
•Cisco Firewalls include ASA 5585x, 5580, 5550 Series Hardware managed through CLI, ASDM as well as CSM.
•Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
•Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static & Hide NAT's.
•Experience in creating multiple policies and pushing them into Checkpoint Firewall (Gateways) and hands-on experience in managing the Checkpoint Management Server and Gaia operating system.
•Defining, tracking and maintaining the standard baselines and configuration sets of security devices and implementing industry best practices with regards to Firewall, IDS/IPS, IPsec VPN, SSL VPN.
•Applied security enhancement by implementing certificates and RSA keys for authentication.
•Installed and administered RSA Secure ID token authentication servers.
•Support Citrix NetScaler F5 platform, configuring, implementing, & troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway, & content switching configuration solutions.
•Coordinate and evaluate vendors and associated products/tools in facilitating the Penetration Testing initiatives
•Configured F5 GTM solutions, which includes Wide IP, Pool Load Balancing Methods, probers and monitors.
•Work with the Cisco Meraki Sales team and on strategic sales initiatives like customer outreach and channel training to grow business in targeted regions.
•Verify Firewall status with Checkpoint Monitor. Creation and implementation of Application delivery architectures which includes load balancing on F5 BIG IP modules.
•Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
•Use of Web application firewall providing reverse proxy-based protection for applications deployed in physical, virtual / public cloud environments.
•Involved in the deployment and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
•Involved in F5 LTM GTM and ASM planning, designing and implementation. Actively involved in F5 ASM policy configuration and deployment. Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Net screen firewalls
•Configured High availability, User ID on Palo Alto firewall.
•Configured and utilized many different protocols such as OSPF, ISIS, BGP/MP-BGP, OER, MPLS, LDP, Multicast, IPv4/IPv6 protocols.
•Utilized knowledge of Spanning Tree Protocol, BGP, MPLS, OSI model layers 1-2 to create network layouts.
•Stateful firewall, VLAN to VLAN routing, Link bonding / failover, 3G / 4G failover, Traffic shaping / prioritization, WAN optimization, Site-to-site VPN, Client VPN, MPLS to VPN Failover, Active Directory and LDAP integration.
•Responsible for investigating Data Loss Prevention using Symantec DLP.
•Configured EIGRP routing and BGP route maps to allow traffic from subnets out to the core to Datacenter on the ASR 1002 devices.
•Implementation and configuration of Cisco L3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, dot1Q trunk, ether channel
•Configure and troubleshoot Routing protocols such as OSPF and EIGRP for routing internally and BGP for external routing.
•Worked and maintained various network, application monitoring tools like Solar Winds, Cisco Prime, ForeScout, Wireshark, TCP Dump.
Environment: Cisco ASA5580/5540/5520, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA-5000/3000, Juniper SSG, SRX, Big IP F5 LTM/GTM, Nexus switches, Routers, TCP/IP, VPN, Bluecoat Proxy servers, IDS/IPS. SIEM and monitoring, BMC Remedy, Cisco Prime, Fore Scout Counter ACT, Tufin.
State of NY, New York Apr 2016 – Aug 2017
Sr. Network Engineer
Responsibilities:
•Designed, Implemented and Troubleshoot Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR
•Installed, configured and managed Cisco routers such as 7200 series, 3800 series, 3700 series, 2800 series and Cisco Catalyst switch series 6500, 4500, 3500, and 2900
•Upgraded the data center network environment with Cisco ASA 5520 Configured ACL’s on Cisco Switches as well as configured routers as terminal servers
•Configured, maintained Cisco Routers 7613, 7201 and 3945E
• Involved in troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes)
•Designed and implemented Virtual Switching System (VSS) for both User segment and server segment using 6509-V-E catalyst switches
•Worked on design and implementation of Data center migration
•Worked on Migration of Juniper SRX firewalls for isolation of network segments and VPN's, ASR(9k,901,903)
•Configured of ACL’s in Cisco 5520 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT
•Monitoring the traffic through Cisco catalyst switches for Detection of Intrusion using IDSM2 and its Prevention IPS
•Implementing 3750 Stackable switches using Cisco Stack Wise technology. Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow
•Experience with convert Checkpoint VPN rules over to the Cisco ASA solution and worked on RSA secure IDs to providing VPN Token to Company USERS, Migration with Cisco ASA VPN experience
•Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment
•Involved in designing and implementing QOS and policy map to 2800 series routers for all the branches
•Experience Branch Relocation: Connect workstation, servers, etc. Rack and stack Pre-configured new hardware and connect the circuits. Work with Carrier to test and turn-up circuits
•Performed IP address planning, designing, installation, configuration, testing, maintenance and troubleshooting in complete LAN, WAN development
•Involved in operations and administration of WAN consisting Ethernet Handoffs, T1, DS3, and Optic Fiber Handoffs
•Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations
•Racking, Stacking, configuring Nexus 5K, 2K and 7K
•Installed wireless access points (WAP) at various locations in the company
•Actively involved in switching technology Administration including creating and managing VLANS, Port security – 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009
•Created dedicated VLANs for Voice & Data with QOS for prioritizing VOICE over DATA
•Worked on DWDM, SONET
•Configured Voice ports and Dial peers on the call manager for the VOIP call to reach remote destination
•Configured WIFI APs connected in LAN to reduce cable costing by creating AP, worked on Cisco SP Wi-Fi, troubleshoot in Cisco Aironet 3700, 1700 and 600 series
•Worked on configuration and commissioning of the MPLS circuits for various branch offices
•Providing Daily network support for national wide area network consisting of MPLS, VPN and point-to-point site
•Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SMTP, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication
•Managing and providing support to various project teams with regards to the addition of new equipment such as routers switches and firewalls to the DMZs
•Responsible for Data Center Migrations and its operations
•Implemented antivirus and web filtering on Juniper SRX 240 at the web server as well as configuration of F5 load balancers and Cisco load balancers (CSM, ACE and GSS)
•Documenting workflow process, managing and implementing standard policy and procedures
Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960/6500 switches and Cisco 3640/12000 /7200/3845/3600/2800 routers, Cisco Nexus 7K/5K/2K, Cisco ASA5510, Checkpoint, windows server 2003/2008: F5 BIGIP, LTM, OSPF, EIGRP, RIP, BGP, VLAN, VPN, Checkpoint, Juniper SRX
WellPoint Richmond, VA Jul 2015 – Mar 2016
Sr. Network Engineer
Responsibilities:
•Worked as part of a team to manage Enterprise Network Infrastructure as a Tier 3 Support Engineer
•Helped to update IOS of ASR901
•Involved in configuring and implementing of Composite Network models consists of Cisco 7600, 7200, 3800 series routers and Cisco 2950, 3500, 5000, 6500 Series switches
•Conversions to BGP WAN routing, Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links
•Replace branch hardware with new 3900 routers and 2960 switches
•Configuring firewall switch module on Cisco 6506 distribution layer switches, configuring VTPs, trunking, inter-vlan routing, port fast, uplink fast, backbone fast on access layer switches
•Enable STP attack mitigation (BPDU Guard, Root Guard), Using MD5 authentication for VTP
•Planned and installed Frame Relay WAN links to the branch offices
•Maintained and setup wireless access points at various locations in the company
•Great understanding of WLAN including 802.11 standards, Lightweight and Autonomous systems, WPA, PEAP
•Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels
•Knowledgeable in configuration of Voice VLAN’s (VOIP), prioritizing the voice traffic over the data traffic, Telecom, using Dark fiber created fast speed line between two campus, Wireless networks
•Worked on Network Traffic sizing of cloud to network through security firewalls
•Load Balancing From The client side
•Implement the firewall rules using Netscreen manager (NSM)
•Monitoring the network traffic with the help of Qradar and Cisco IPS event viewer
•Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation
•Helped in troubleshooting in DDoS
•Configuring and troubleshooting OSPF routing protocol on the corporate network
•Tested and implemented various BGP attributes such as Local Preference, MED, AS-PATH, Community, Extended community using route-maps
•Worked on migration of Frame Relay based branches to MPLS based VPN for customer’s WAN infrastructure
•Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0, also configured on BIG IP (F5) Load balancers and also monitored the Packet Flow in the load balancers
•Have good working experience with the Trouble Tickets on F5 Load Balancers
•Managing enterprise BGP setup by configuring and troubleshooting BGP related issues
•Scaling of BGP and IGP in the core, dealt with implementation of deployment related to Cisco devices and applying security policies on it
•Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues
•Configuration of NAT
•Maintain effective communications with vendors, peers and clients in resolution of trouble-tickets, equipment RMAs, and support requests
Environment: Cisco 3750/3550/3500/2960 switches and Cisco 3640/12000/7200/3845/3600/2800 routers, Cisco ASA5510, Checkpoint, F5 Load Balancer, CiscoNexus7K/5K, Checkpoint, Cisco ASA
ACI Worldwide, Atlanta, GA Jan 2014 – Jun 2015
Network Engineer
Responsibilities:
•Experience in configuring Site-to-site and remote access VPN solutions
•Installed and configured Cisco 7200 series router and Cisco 2950, 4500, 6500 Series switches
•Configured network using routing protocols such as RIP, OSPF and BGP and troubleshooting L2/L3 issues
•Worked on multiple projects related to Branch networks, Campus networks, extranet clients and Data Center Environments involving in data center migrations from one data center to another
•Provided estimated bandwidth requirements for data replication, to best determine adequate timing for migration service levels
•Created data migration strategies to help with completion of migration of data center from one point to another
•Configuration of Cisco 6500 (SUP 720), 4500 (SUP 6) & 3750 Catalyst Switches for network access
•Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution
•Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
•Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
•Time to time upgrade network connectivity between branch office and regional office with multiple link paths and routers running HSRP, EIGRP in unequal cost load balancing to build resilient network
•Design and implement Catalyst/ASA Firewall Service Module for various LAN’s
•Configured Blue Coat ProxySG Web Application Reverse Proxy for securing and accelerate public web applications
•Key contribution includes troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP
•Troubleshoots in Cisco Aironet 2700 and 600 series
•Configured Client VPN and RSA Token ID technologies including Cisco’s VPN client via IPSEC
•Configuring ACL to allow only authorized users to access the servers
•Participated in on call support in troubleshooting the configuration and installation issues
•Installation, maintenance, troubleshooting local and Wide Areas Network (ISDN, Frame relay, DDR, NAT, DHCP, TCP/IP)
•Provided technical support in terms of upgrading, improving and expanding the network
•Providing technical security proposals, detailed RFP responses and security presentation, installing and configuring ASA firewalls, VPN networks and redesigning customer security architectures
Environment: Cisco 3750/3550/3500/2960 switches and Cisco 3640/12000 /7200/3845/3600/2800 routers, Cisco ASA5510, Checkpoint, F5 Load Balancer Cisco Nexus7K/5K, Checkpoint, Cisco ASA
Fidelity Information Services, Littlerock, AR Feb 2011 to Dec 2013
Network Engineer
Responsibilities:
•Designed and implemented Cisco VoIP infrastructure for a large enterprise and multi-unit office environment. Met aggressive schedule to ensure a Multi-office reconfiguration project which was successfully delivered
•Supporting EIGRP and BGP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.
•Expertise in installing, configuring and troubleshooting Juniper Routers (J,M and MX-series).
•Responsible for Juniper and Cisco ASA firewall administration across global networks.
•Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP
•Handled SRST, implemented, and configured the Gateways, Voice Gateways.
•Configuring HSRP between the 3845 router pairs for Gateway redundancy for the client desktops.
•Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
•Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
•Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
•Worked on the security levels with RADIUS, TACACS+.
•Completed service requests (i.e. – IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
•Configured juniper ACX 1100, Cisco 3900 & 2900 routers and Cisco 4500 and 3750 catalyst switch using routing protocols such as OSPF and BGP also utilized juniper EX3200 Ethernet switch.
•Carry out full installation of Cisco routers, switches and various hubs. Successfully engineered a virtual private network (VPN) solution utilizing Windows 2003 Server. Held responsibilities to configure, install and administer network infrastructure and telecommunication systems.
Environment: NetFlow,TACACS,EIGRP,RIP,OSPF,BGP,VPN,MPLS,CSM,SUP720, Ether Channels, Cisco 7200/3845/3600/2800 routers, Fluke and Sniffer, Cisco 6509/ 3750/3550/3500/2950 switches, Checkpoint firewalls(SPLAT).