Network Engineer Security
Resume:
Sandeep Kumar
Professional Summary:
Cisco Certified Network engineer with over 8 years of expertise in Designing, Implementing and troubleshooting various Network Technologies.
Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enables business functionality.
Hands-on experience, specializing in Cisco Environment in Data Center, systems, network and user administration, LAN / WAN and Security.
Administration, engineering, and support for various technologies including proficiency in LAN/WAN, routing, switching, security, application load balancing, and wireless.
Experienced in installation, configuration, design and ongoing maintenance of Cisco router and switches.
Advanced knowledge in design, installation and configuration of Juniper Netscreen Firewall SG 1000/2000, SSG series and NSM Administration
Worked on Cisco Catalyst Switches 6500/4500/3500 series,
Responsible for Checkpoint and Cisco firewall administration across global networks.
Knowledge of managing, maintaining, administering, troubleshooting high end network devices such as cisco routers switches and firewalls.
Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration
Policy development and planning / programming on IT Security, Network Support and Administration.
Implementing and maintaining F5 LTM Devices (Versions 9.x, 10.x and 11.x). Responsibilities include device builds for continuous application availability and Windows/Unix load balancing, code upgrades, and configuration management.
Juniper, Check Point Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration
Knowledge of Checkpoint VSX, including virtual systems, routers and switches
Experience in Network LAN/WAN deployment,
Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
Cisco ASA Firewalls, Palo Alto Networks Firewalls.
Network Administration, monitoring networks for vulnerabilities or intrusions.
Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
Configured IP addresses and subnet masks of workstations
Configured Cisco routers and switches to hosts or servers Configured mail exchange servers, and other servers on Microsoft Outlook, and Mozilla Setup email on mobile phones and email exchange servers such as POP, POP3, IMAP, and SMTP.
A broad understanding of computer hardware and software, including things such as installation configuration, management, troubleshooting, and support.
Experience in Active Directory, GPOs, File & Print Server, FTP, Terminal Server, NAT, and Exchange Mail Server.
Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers, SharePoint, File and Print and FTP/SFTP servers.
Extensive experience in Windows 2008 R2/2008/2003 Wintel Servers at single or multi domain platforms.
TECHNICAL SKILLS:
Cisco Platforms : Nexus 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800
series) & Cisco Catalyst switches (6500, 4900, 3750, 3500,4500, 2900 series)
Juniper Platforms : SRX, MX, EX Series Routers and Switches Networking Concepts, Access Lists,
Routing, Switching, Subnetting, Designing, CSU/DSU, IPsec, VLAN, VPN,
WEP, WAP, MPLS, VoIP, Bluetooth, Wi -Fi
Firewall : ASA Firewall (5505/5510), Checkpoint, Cisco ASA, Network Tools, Solar Winds,
SNMP, Cisco Works, Wireshark
Load Balancers : Cisco CSM, F5 Networks (Big-IP)
WAN Technologies : Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3,
T1 /T3 & SONET
LAN technologies : Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port-Channel, VLANS,
VTP, STP, RSTP, 802.1Q
Security Protocols : IKE, IPSEC, SSL-VPN
Networking Protocols : RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP,
VRRP, GLBP, TACACS+, Radius, AAA
Languages : Perl, C, C++, SQL, HTML/DHTML
Operating System : Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, UNIX
Documentation : MS Office, MS Visio
PROFESSIONAL EXPERIENCE:
Pepsico, Frisco, TX Jan 2015 – Present
Sr. Network Engineer
Responsibilities:
Worked on migration from F5 LTM to A10 LTM Creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 in LTM module.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
Experience in configuring and Troubleshooting BIG-IP F5 load balancer LTM.
Prepare equipment orders based on templates. Develop detailed template-based plans including: implementation, testing and back out procedures for all network implementations, upgrades and modifications.
Brocade hardware products include Fibre Channel SAN directors and switches
Virtual Cluster Switching (VCS) on the VDX[9] ultra-low-latency datacenter switch product line
Configured DCX 8510-8, 6500 Series, 5100 Series, 7800 and Encryption Switch
Brocade support in iSCSI, FCIP, GigE, FICON, FCoE, DCB/CEE, and Layer 4-7 networking protocols
Solar Winds Firewall Management and Solar winds network management operation
Orion Network Performance Monitor on Solar Winds
Assist in creating network design standards for hardware and software.
Developing and maintain Network Documentation (Visio diagrams, Excel spreadsheets, Word documents, etc
Configure and troubleshoot network elements in a test environment.
Experience working with market data networks and dealing with clients and deploying network designs
Involved in design and implementation of Datacenter Migration, worked on implementation strategies for the expansion of the VPN networks
Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800
Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
Experience working with High performance data center switch like nexus 7000 series
Experience working with Nexus 7010,7018, 5020, 2148, 2248 devices
Migration of existing IPSEC VPN tunnels and Firewall rules from one Datacenter to another Datacenter, due to decom of existing Data Center, which involved working with Partner Companies
Responsible for Updating Access-list, prefix-list to 2500 Retail Routers across the country.
Experience with LAN protocols like STP, RSTP, MST, VTP, VLAN and Port Channel Protocols like LACP, PAGP.
Experience with Network Redesign for Company Campus Locations and Moving from 6500 based DataCenter to Nexus based Data Center.
Experience with design and configuring Overlay Transport Virtualization (OTV) on Cisco NX-OS devices like Nexus 7000
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 with ACL, NAT, Object Groups, Failover, Multi-Contexts.
Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports
Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN.
Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with ASA Firewalls.
Responsible for cabling the switches, assigning IPs, port turn up and also troubleshooting the connection.
Provide front end on-call network support 24x7x365 for all network infrastructures in the co-operation
Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
Responsible for Check Point and Cisco firewall administration across global networks.
Policy development and planning / programming on IT Security, Network Support and Administration.
Experience in configuring and Troubleshooting BIG-IP F5 load balancer LTM.
Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
Environment: Cisco routers (7200, 3800, 2800) and Cisco switches (6500, 3700, 4900, 2900), Nexus (7K, 5K & 2K) Routing Protocols (EIGRP, OSPF, BGP), Checkpoint, F5 load balancing, Cisco ASA, Checkpoint, Palo Alto, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN.
EMC, Santa Clara, CA Oct 2013 – Dec 2014
Network Engineer
Responsibilities
Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding.
Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
Worked on HSRP for load balancing.
Experience in designing data communications and networks utilizing that utilize a mixture of frame relay,
point to point T1, T3 & OC3 lines
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
Involved in iRule management like loading rules, writing iRule syntax using TCL language
Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
Experience converting Cat OS to Cisco IOS on the Cisco 6500 switches
Designed MPLS VPN and QoS for the architecture using Cisco multi-layer switches
Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data centre environment
Hands on experience installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in the core network
Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
Experience in deploying EIGRP/BGP redistribution and the changing the metrics for the primary and backup
paths for the packet prioritization and EIGRP tuning
Experience on a mesh 6500 and 5500 series routes and switches to support the core trading system. Involved
Hands on Experience testing iRules using Browser(IE), HTTP watch
Involved in SNMP Network management. Worked on various scanning and Sniffing tools like Ethereal
Upgrades and backups of Cisco router configuration files to a TFTP server
Implementing and maintaining backup schedules as per the company policy
Experience working with Nexus 7010,7018, 5020, 2148, 2248 devices
Experience working with High performance data center switch like nexus 7000 series
Manage Cisco Routers and troubleshoot layer1, layer2 and layer3 technologies for customer escalations
Configuring IPSEC VPN on SRX series firewalls
Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
Worked on Juniper J series j230, M 320 routers and EX 3200 series switch.
Created engineering configuration, Security Standards, documenting processes and Network documentation using Microsoft Visio
Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices.
Installation, Configuration and Administration of ADS,DNS,DHCP and Web proxy(ISA)server
Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP
Implemented the concept of Route Redistribution between different routing protocols
Switching related tasks included implementing VLANS, VTP, STP and configuring on Fast Ethernet
Administration of Cisco 11.x and 12.1 versions and higher
Monitored all Cisco equipment’s using Cisco Works
This includes Artifacts for regular Health Checks, IP and System Integrity, Change management, Problem management, Logical Access Controls, Network Connectivity, Service Registration and Performance Management
Installed and configured the Cisco routers 2800 in two different customer locations. It includes coordinating with Verizon and AT&T in order to bring the serial interface up for T3 link. Also, configuration includes frame relay, BGP and VPN tunnel on GRE
VLAN Configurations, troubleshooting and Firewall ACLs and Object-Groups configuration and support
Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800
Environment: Juniper firewalls 5GT, 208, SSG 5, 140, 550, 550M, NSM, IDS/IPS 6500/3750/3550/3500/2950 switches, Juniper (M320, T640), Load balancing, Cisco 7200/3845/3600/2800 routers, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, Ether Channels.
Capital One, Mclean, VA Aug 2012 – Sep 2013
Network Engineer
Responsibilities:
Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between core switches and server distribution switches
Router/ Microsoft VPN Server in order to access certain limited network resources from customer locations
Involved in the redistribution into OSPF on the core ASA firewall.
Experience on HSRP for load balancing.
Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
Involved in the modification and removal (wherever necessary) of BGP from the MPLS routers.
Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
Tuned BGP internal and external peers with manipulation of attributes such as metric, origin and local Preference.
Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
Installed and configured four PIX 525 and two ASA 5505 in customer locations. In addition to that, two PIX firewall configured for the Guest access
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP
Configuring, Installing and troubleshooting on Check Point Devices.
Good knowledge on Intrusion Detection and Intrusion Prevention System.
Knowledge on multiplex techniques such as DWDM.
Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Netscreen firewalls.
Experience with Synchronous Optical Networking (SONET) over optical fiber.
Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 5000, 6500 Series switches.
Configured networks using routing protocols such as RIP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
Managing health check of Network devices this is involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration
Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS
Installation, Configuration and troubleshooting Cisco switches and Firewall on multi-mode context based environments
Implemented various OSPF scenarios on networks consisting of 7600 routers.
Configured policy based routing for BGP for complex network systems.
Configured Multiprotocol Label Switching (MPLS) VPN with Routing Information Protocol (RIP) on the customer’s Site.
Environment: CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, Spanning tree, Nimsoft.
GV Technologies, Hyderabad, India Dec 2010 – Jul 12
Network Engineer
Responsibilities:
Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.
Worked on HSRP for hop redundancy and load balancing.
Configured the Cisco router as IP Firewall and for NATing Configured RSTP, MST and used VTP with 802.1q trunk encapsulation.
Provided port binding, port security and router redundancy through HSRP.
Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
Provided testing for network connectivity before and after install/upgrade
Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security
Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation
Routing protocols OSPF, RIP & BGP
Implementation of name resolution using WINS & DNS in TCP/IP environment
Configured FTP server for inside/outside users & vendors
Environment: Cisco 7200/3845/3600/2800 routers, TACACS, EIGRP, RIP, Vulnerability Assessment tools like Nessus, Red Hat, Solaris, Juniper VPN’s, SSL
Sarayodha Soft. Technologies, Hyderabad, India Nov 2008 – Oct 2010
System/Network Engineer
Responsibilities:
Worked on Cisco routers 7200, 3800, 2800 and Cisco switches 4900, 2900
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include
Configured Firewall logging, DMZs & related security policies & monitoring
Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
Installed and configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN on Cisco PIX Firewall
Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink-fast and Backbone-fast
Configured network access servers and routers for AAA Security (RADIUS/ TACACS+)
Other responsibilities included documentation and change control
Responsible for Configuring SITE_TO_SITE VPN on Cisco Routers between Head Quarters and Branch locations
Implemented the security architecture for highly complex transport and application architectures addressing well known vulnerabilities and using access control lists that would serve as their primary security on their core & failover firewalls
Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall
Involved in troubleshooting of DNS, DHCP and other IP conflict problems
Used various scanning and sniffing tools like Wire-shark
Hands on Experience working with security issue like applying ACL’s, configuring NAT and VPN
Documenting and Log analysing the Cisco ASA 5500 series firewall
Configured BGP for CE to PE route advertisement inside the lab environment
Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues
Environment: Netrep, Solar winds, Windows server NT /2000 Windows XP.
EDUCATION:
B.Tech in Computer Science and Engineering
PROFESSIONAL CERTIFICATION
•Cisco Certified Network Associate (CCNA)
•Cisco Certified Network Professional: (CCNP)
Contact this candidate