Chaitanya

443-***-****(***)

aczk74@r.postjobfree.com

PROFESSIONAL SUMMARY

Around 7+ years of experience in Designing, Implementing, Security and Troubleshooting Service Provider Networks and Enterprise Networks and Network administration, implementation, design and troubleshooting Seeking a challenging and interesting opportunity in network engineering which enables me to maximize my technical and managerial skills.

Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls.

Perform Palo Alto network firewall design, integration & implementation for Cyber Trap client networks.

Experience with convert Palo Alto VPN rules over to the Cisco ASA solution. Migration with both Palo Alto and Cisco ASA VPN experience

Experience in configuring and Troubleshooting Juniper routers such as Mx-960, MX-480, MX-80 and Switches such as Ex-4200, EX-8200.

Expertise in security identity management platform such as ACS 5.x, RSA Secure ID 8.x

Good working knowledge of Cisco ASAs including software versions 7.x, 8.x and 9.x.

Managed the security infrastructure of the service provider which includes ASA 5585, 5540, 5520, 5505.

Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.

Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.

Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.

Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 9K,7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.

Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTMs and GTMs.

Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.

Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.

Worked on updating the SSL certificates to the application URL using the F5 LTM and F5 GTM.

Deploying and decommission of VLANs on core ASR 9K, Nexus 9k, 7K, 5K and its downstream devices.

Develop Contact Center Call Routing, Queuing and IVR using ICM, CVP and VXML.

Administering Firewalls i.e. Cisco/Checkpoint, Evaluate firewall access control requests to ensure they conform to Company's security standards and policies, application security reviews using vulnerability assessment tool.

Worked on various RTB tickets related to production issues for many states.

Strong practical knowledge of TCP/IP protocols including Multicast, HSRP, VRRP, STP, NHRP, IPSec, Frame-relay, DMVPN & MPLS L3VPN

Protocols Awareness: OSPF, EIGRP, RIP, BGP, HSRP, ACL, VTP, NAT/PAT, CDP, SSH, HTTP, HTTPS, NTP, SNMP, ARP, STP (802.1D), SNMP, DNS & DHCP.

Expert in implementing Cisco UCCE, ICM, CVP, CTI/CTIOS, Call Manager, Web View.

Background in network design, including Wide Area Networking (WAN), Local Area Networking (LAN), Multiple Protocol Labeling Switching (MPLS), DS3 with Physical Labelling and IP Addressing.

Extensive knowledge in developing test plans, procedures, and testing Various LAN/WAN Products and Protocols.

Excellent problem solving and debugging skills with good verbal/written communication and presentation skills

CERTIFICATIONS:

Cisco Certified Network Associate (CCNA)

Cisco Certified Network Professional (CCNP)

TECHNICAL SKILLS

Routers:

Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600,1800,1700

Routing:

OSPF, EIGRP, BGP, RIP v1/v2, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.

Switches:

Nexus 2K/5K/7K/9K, Cisco Catalyst 2900, 3500,3700,6500, 4500, 3850,3560, 3750, 2960

Switching:

LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Etherchannels, Transparent Bridging.

Network Security:

Palo Alto, Cisco ASA, ACL, IPSEC,F5 Load Balancer, Checkpoint

Load Balancer:

F5 Networks (Big-IP) LTM 8900 and 6400.GTM

LAN:

Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.

WAN:

PPP, HDLC, Channelized links (T1/T3), Fiber Optic Circuits, Frame Relay, VOIP.

Gateway Redundancy:

HSRP and GLBP

WAN Optimizer

Riverbed Steelhead Appliance.

DHCP and DNS

Infoblox

Various Features & Services:

IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP, FTP.

AAA Architecture:

TACACS+, RADIUS, Cisco ACS.

Network Management:

Wireshark, SNMP, Solarwinds

PROFESSIONAL EXPERIENCE

Union Bank, Monterey Park CA Jan 2016 to Till Date

Designation: Sr. Network Security Engineer

Responsibilities:

Reviewing & creating the FW rules and monitoring the logs as per the security standards in Palo Alto Firewalls.

Working on the change management process to implement firewall security policies as per the client requests.

Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls.

Performed Network Address Translation on Cisco ASA 8.2 and 8.3

Responsible for Cisco ASA firewall administration across the network.

Experience configuring Virtual Device Context in Nexus 7010.

Implemented firewall rules in Palo Alto firewalls using Panorama for one of the environment.

Deploying the policies on firewall using the Checkpoint’s Smart Console Manager and Smart Dashboard.

Monitoring and troubleshooting traffic on Palo Alto 5020 firewall.

Troubleshoot the FW related issues by using the Checkpoint’s client software SmartLog&Smartview Tracker.

Experience with F5 load balancers and Cisco load balancers (CSM, ACE and GSS).

24x7 on-call escalation support as part of the security operations team.

Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.

Configure and Implement DMVPN and VLAN schemas to support operations

Managing and providing support to various project teams with regards to the addition of new equipment such as routers switches and firewalls to the DMZs.

Serve as the customer's go-to resource for all matters related to the Palo Alto next-generation firewall.

Planning and designing to incorporate McAfee's IDS/IPS devices into Lowes network at optimized network locations.

Secure and harden network infrastructure based on industry recommended best practice and DISA STIG compliance.

Experience in deploying dot1x infrastructure using Cisco ISE as the AAA platform.

Working with local IT personnel on troubleshooting, problem determination, diagnosis of performance issues, bandwidth issues, throughput traffic prioritization to improve overall application response time across WAN

Involved in Switching Technology Administration including creating and managing VLANS's, Port security, Trunking, STP, Inter Vlan routing, LAN security etc.

Setup simplified and traditional VPN communities, and Cisco Any connect.

Expertise in security identity management platform such as ACS 5.x, RSA SecureID 8.x

Writing the Nat rules in Palo Alto FW manager including troubleshooting & validation.

Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering).

Implemented antivirus and web filtering on Juniper SRX 240 at the web server.

Expert level knowledge about TCP/IP protocol suite and OSI model.

Enabling the TCP, UDP, SMTP ports to allow the traffic between the servers

Participated in design and configuration of Wireless Network using IEEE 802.11, multicast architecture with Cisco multilayer switches for HD-4 video clients ISPs

Responsible for the installation, configuration, maintenance and troubleshooting of the company network.

Troubleshoot and hands on experience on security related issues on Checkpoint IDS/IPS.

Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering).

Experience on Endpoint security SME with McAfee Endpoint, IPS and Anti-virus

Involved in upgrading Rios Riverbeds and IOS upgrade of switches and routers.

Documentation involved authoring MOPs, Work Orders, DCE cabling and NEMS request. Also creating and submitting tickets and Homer work orders.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960 6500 switches and Cisco 3640/12000/7200/ 3845/3600/2800 routers, Cisco Nexus 7K/5K,ASR 1000, 1001X, ASR 9000, 6500, Cisco ASA 500, Checkpoint, windows server 2003/2008: F5 BIGIP LTM, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP

T-Mobile US, Bellevue, Washington June 2013 to Nov 2015

Designation: Network Security Engineer

Responsibilities:

Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).

Involved in Switching Technology Administration including creating and managing VLANS’s, Port security, Trunking, STP, Inter Vlan routing, LAN security etc.

Configured F5 GTM solutions, which includes WideIP, Pool Load Balancing Methods, probers and monitors.

Configuring ASA 5510 Firewall and accept/reject rules for network traffic.

Managing and Working with IPSEC tunnels, LAN to LAN VPN implementations.

Team member in designing and team lead implementing BGP over DMVPN as backup link for the MPLS.

Monitoring Traffic and Connections in Palo Alto and ASA Firewall.

Installation and configuration of Cisco Nexus 9k, 7k, 5k, 2k (Fexus), ASRs, 6500s, 4510s, 3800s, 2900s.

Deploying and decommission of VLANs on core ASR 9K, Nexus 9k, 7K, 5K and its downstream devices.

Experience in deployment of Nexus 7010, 5548, 2148T, 2248 devices.

Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for datacenter access architecture.

Provide technical support in the configuration of Cisco and Juniper routers and switches to include: Cisco Enterprise Equipment, Cisco Routers, Cisco Catalyst Switches, Juniper Enterprise Equipment, Juniper Routers, M-Series, MX-Series, and Juniper EX-Series Switches.

Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering

Experience in Installation, configuration, and troubleshooting on Riverbed Steelheads.

Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers

Provided support for NAC platform including analysis and implementation of NAC requirements

Responsible for Palo Alto firewall management and operations across our global networks.

Involved in Bradford NAC policy development, testing and deployment

Good understanding of JUNOS platform and worked with IOS upgrade of Juniper devices.

Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches

Implemented 802.1X port Authentication Solution using Cisco ISE and Microsoft Active Directory.

Responsible for service request tickets generated by the helpdesk such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support

Designing, configuring and troubleshooting ASA failover for the customer network.

Enabled STP attack mitigation (BPDU Guard, Root Guard), disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed

Checking and configuring Cisco 7600 and 7200 routers at data center for remote sites’ issues.

Working on Cisco 6509 and 4507 series switches for LAN requirements that include Upgraded and updated Cisco IOS from 12.3T to 12.4. Used to DHCP to automatically assign reusable IP addresses to DHCP clients.

Provided firewall policy configuration and services with Juniper SRX 240 & 650 series.

Hosted weekly RTB status meeting with support technical teams to identify root cause of existing issues and determine resolution.

Used Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess and pinpoint networking issues causing service disruption.

Implementation and configuration of F5 Big-IP LTM-6400 load balancers.

Environment: Cisco routers 7200, IOS 12.4 & switches 3750, 4500, 6500; RIP, OSPF, EIGRP, VLAN, DHCP, DNS, MPLS, ISDN, DSL, T1 Lines.

Monitored and maintained networking equipment, ensuring availability and performance of the backbone network infrastructure and all related internetworking devices like routers and switches (Cisco/HP)

Extensive knowledge and troubleshooting in data communication protocols and standards including TCP/IP, UDP, IEEE 802.3, Token Ring, Cable Modem, PPPOE, ADSL, Multilayer Switching, DoD standards.

Deployment, configuration, and management of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS, and Cisco Prime.

Worked on Cisco FWSM/PIX/ASDM, Nokia Checkpoint NG and Juniper SRX platforms.

Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.

Other responsibilities included documentation and supporting other teams.

Environment:Cisco3750/3550/3500/2960switchesandCisco3640/12000/7200/3845/3600/2800 routers, Cisco Nexus 3K, 5K, 7K, 9K, ASR 1000, 1001X, ASR 9000, Palo Alto,CiscoASA5510,Checkpoint,OSPF,BGP,VLAN,HSRP, LAN,WAN,IPV4.

Novartis Pharmaceuticals, Parsippany, NJ Oct 2011– May 2013

Designation: Network Engineer

Responsibilities:

Managed the security infrastructure of the service provider which includes ASA 5585, 5540, 5520, 5505.

Documenting and Log analyzing the Cisco ASA 5500 series firewall

Performed administrative support for RIP, OSPF routing protocol.

Coordinated efforts with Engineer’s to ensure all network devices conformed to defined network standards.

Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.

Configured and troubleshooting HSRP, BGP, OSPF, EIGRP, MPLS WAN, QoS and Route Maps.

Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.

Worked on updating the SSL certificates to the application URL using the F5 LTM and F5 GTM.

Proficient hands on experience in configuring Cisco Catalyst 2900,2960, 3560, 3750, 4500, 4900, 6500series and Nexus 2248, 5548 and 7010 switches.

Create, document, and organize system configuration and cabling of datacenter infrastructure for Palo Alto Firewalls to support internet tools and tenant networks.

Configured Cisco ACS 5.x for user authentication with External Database as Active Directory.

Implemented End to End Quality of Service though out the network infrastructure and was responsible for policy routing.

Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.

Worked on Cisco B series UCS servers using the UCM GUI.

Experience with implementing and maintaining network monitoring systems (Cisco works and HP Open view) and experience with developing complex network design documentation and presentations using VISIO.

Gained hands on experience with VLSM, STP, VTP, VLAN Trunking.

Migrated UCCX sites over to UCCE clusters to incorporate them into the larger and more modern infrastructure.

Installed and set up Cisco routers and switches according to deployment plans.

Installed, configured and set security policies on cisco and Palo Alto firewalls, VPN.

Experience in working with Cisco Nexus 5000 series switches for data center.

Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP.

Real time monitoring and network management using Cisco Works LMS.

Prepared and maintained documentation using MS Visio.

Backup and restore of Palo Alto and Cisco ASA Firewall policies.

Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology.

Worked with other team members in testing of the network architecture.

Supported migration projects from old Brocade Foundry, Cisco CSS to F5 load balancers V10.x and 11.x.

Implemented, configured redundancy protocols HSRP, VRRP, GLBP for Default Gateway Redundancy.

Implementing, configuring, and troubleshooting various routing protocols like RIP, EIGRP, OSPF and BGP etc.

Performing network monitoring, providing analysis using various tools like WireShark, Solarwinds etc.

Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.

Implement the Wireless Deployment of Cisco 2504 and 5508 Series Wireless LAN Controller with BYOD support, through Cisco ISE and NCS, to offer wireless access for employees and guests.

Auto Tuning Palo Alto Signatures and syncing between the data centers, working on PCI's and managing it during peak if needed.

Primary responsibility is to design and deploy various network security & High Availability products like Palo Alto, Cisco ASA other security products

Environment: Cisco4400/7200/3900/7600 Routers, Cisco3650, 6800/6500/3560 Switches.RIP, OSPF, BGP, EIGRP,LAN, WAN, CISCO ASA 5500, Checkpoint, Palo Alto, Nexus Switches 5K/7K, HSRP, VRRP, GLBP, VLAN, QoS, Wireshark, Solarwinds, ASR 9000, 6500, 4500, 3560, Aruba/Cisco wireless controllers, L3 and L2 protocols - OSPF, BGP, Multicast, LACP, LLDP, ECMP, VLAN, STP, MPLS, CMPLS, L3VPN, GRE, IPSec.

Beam, India Aug2009– June 2011

Designation: Network Engineer

Responsibilities:

Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration.

Maintaining Core Switches, creating VLANs and configuring VTP.

Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.

Configured static NAT, dynamic NAT, dynamic NAT overloading.

Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server.

In-depth expertise in the implementation, optimization, troubleshooting and documentation of LAN/WAN networking systems.

Migration of RIP V2 to OSPF, BGP routing protocols.

Implemented ISL and 802.1Q for communicating through VTP.

IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.

Involved in F5 BIG IP LTM administration, familiar with enterprise level traffic managers like 6800, 3600, 1600,3400 series

Involved in updating the VIP’s for pools and pool members, updating iRules for the URL created in the new DNS entry

Working with Client teams to find out requirements for their Network Requirements.

Involved in designing and implementing QOS and policy map to 2800 series routers for all the branches

Installed and configured Cisco IP Phone 794x, 796x, 7937’s and IP Communicator

Provide intranet VPN solution using Cisco 2621 and IPSec Tunneling

Performing network monitoring, providing analysis using various tools like WireShark, Solarwinds etc.

Experience with convert Palo Alto VPN rules over to the Cisco ASA solution. Migration with both Palo Alto and Cisco ASA VPN experience

Responsible for Cisco ASA firewall administration across our global networks

Environment:Cisco3550/4500/6500switches, Cisco 2900/3900/6500/7500/7200 routers,F5Load Balancer,ASA,VOIP,IPPhone, OSPF, BGP, RIP, EIGRP, LAN, WAN, CISCO IOS, Palo Alto firewall.

Contact this candidate