Network Engineer Security
Resume:
Ajay Y
aczrf3@r.postjobfree.com mailto:aczrf3@r.postjobfree.com
Sr. Network Engineer
Professional summary:
* ***** ** ********** ** Network planning, testing, implementation, support and enterprise infrastructure networks.
6 years of hands on experience with BIG-IP environment utilizing two or more of the following: GTM, LTM, APM or ASM.
Extensive level of experience on Network firewall security like Palo Alto, ASA, IPS/IDS, checkpoints, NGX R65 Gateways, Secure Platforms.
Enterprise level experience on LAN/WAN/MAN technologies including T1, T3, ISDN, HDLC, Point to Point, ATM and Frame Relay communication systems.
Professional experience on Network analysis, design, Visio diagram, Implementing with focus on performance tuning and support of large Networks.
F5 VIPRION hardware products like LTM, GTM series like 6400, 6800, 8800.
Experience working on network security Palo alto firewall Using Panorama for managing Palo alto to provides a comprehensive, graphical view of network traffic.
Good knowledge on ASA next generation firewalls (ASA 5545-X,5585-X,5525-X) and configuring VPN load balancing clusters firewall systems and Checkpoint firewalls.
Good understanding on networking Protocols like RIP, IS-IS, OSPF, IGRP, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA.
Hands on experience with Routing and Switching on Cisco Catalyst 6500, 4500, 2900, 3500, 3750 XL series switches, Cisco 1800, 2500, 2600, 2800, 3600, 3800, 7200 series routers.
Experience working with Cisco, Juniper and Nexus devices.
Experience in implementation, support and troubleshooting in data center environment.
Good working experience with the following technologies MPLS, QoS, L2VPN, Multicast HSRP and GLBP.
Strong knowledge and understanding with devices like Juniper EFX/ MX/ SRX series Routers.
Proficient knowledge and troubleshooting in data communication protocols likewise IEEE802.3, Token Ring, TCP/IP, Cable Modem, ADSL, PPPOE, Multilayer Switching.
Experience on working with service applications like Service now, ITG, jeera.
Experienced in handling all L2 and L3 tickets and Standard Changes on BMC Remedy.
Responsible for implementing Layer 3 static routes, BGP and OSPF for internal and external traffic to the data network over MPLS and this may include influencing route-maps, communities, policies, and access-list for customer traffic.
Worked on infoblox, DNS vital QIP appliance (QIP 500, QIP 700, QIP 1200, QIP 1200-RAID, QIP 5000.
Experience in supporting and troubleshooting Unix/Linux Networking services and protocols like OSPF, LDAP, DNS, DHCP, FTP, SSH and Monitoring tasks on Linux server services.
Good knowledge on IP address management (IPAM) applications for planning, tracking, and managing the Internet Protocol address space used in a network.
Education Background:
Bachelors of Technology in Electrical Engineering in 2008.
Certifications:
Cisco Certified Network Professional (CCNP)
Cisco Certified Network Associate (CCNA)
Technical Skills:
IP Routing: OSPF, EIGRP, BGP, RIP v1/v2, IS-IS, Route redistribution, Route Filtering, Summarization, Static route.
Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, MPLS, HDLC and ISDN
Redundancy Protocols: GLBP, HSRP, VRRP
Topologies: Frame Relay, ATM, Ethernet, Cable Modem, and Wireless.
Switch Technologies: VLANs, VTP, STP, DTP, MLPPP, MPLS, ISL and dot1q.
Network Hardware: Cisco switches (2960, 3550, 3560, 4500, 6509, and 6513), Nexus Switches (2248,2232,5548, 5596,7009, 7018,9K), Cisco routers (1900, 2900, 3900, 7200,7606, ASR-1k/9k,), Cisco ASA 5500 series.
Load Balancers: F5 Network (Big-IP) LTM, GTM 8900, 6400 & 6500, ACE, A10, NetScaler
NEXUS Features: VDC, VPC, VRF, FEX, Fabric Path, F & M Series line cards.
Network Management Tools: MRTG, HP Open view, Wireshark, SNMP, bluecoat proxy Net flow, Solar winds, VMware, Skybox profiling tool.
Security: NAT/PAT, Ingress & Egress Firewall Design, VPN, Internet Content Filtering, URL Filtering -Web-sense, SSL, IPSEC, IKE, Static, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS).
VPN Technologies: DMVPN, GRE Tunneling, Remote Access VPN, Site-to-Site VPN, B2B VPN
Cisco security products: Cisco Secure Remote Access and VPN, Cisco AnyConnect Secure Mobility Solution, Cisco Protection and Access, Cisco Data Loss Prevention.
Firewall: Palo Alto firewall PA 5020,5050,3020, Juniper SRX, ASA 5550/5540,5510,5520. cisco IDS/IPS, Juniper SRX Firewall 1500,3600, 5400, Checkpoint R75, R76, McAfee Network Security Platform.
Operating Systems: Windows, UNIX, Active Directory, Linux.
Professional Experience:
United Health Group, Plymouth, MN. Aug 2016 -Present
F5 Network Engineer
Responsibility:
Configuring of Virtual Servers, Pools, Nodes and load balancing methods on F5 LTM.
Worked on device series like Chs402762s, chs403931s and models like v2400,4200,5200,3400,8900, 6400, 6800, 8800 and Versions like 11.5.x(11.5.1,11.5.3,11.5.4),10.1.0,10.2. x.
SSL offloading, Cert management and Troubleshooting experience on F5 using TCP and SSL dumps and Wireshark analysis.
Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments.
Technical support for improvement, up-gradation & expansion of the network architecture as per business requirement.
Capable enough to work independently with minimal supervision and multitasking.
Worked on upgrading F5 device from 11.4 to 11.5.3 to remediate HTTP classes and profiles and Upgrading and relicensed F5 LTM.
Configuration, migrations, upgrades of F5 Big IP LTM 3400, 6400, 8900 running v4.x to 10.2.x, Active/Standby.
Worked on SSL handshake proxied to a Big-Ip Viprion to do all the hardware SSL work dealing with layer 4 throughput work, to upgrade the SSL license limits.
Comfortable working with both command line interface and the GUI access of an F5.
Configuring Cisco 3750, 6500 catalyst switches and Nexus 5000,7000 and routers 2600, 2900, 3600, 3900, 7200 series
Security policy configuration including NAT, PAT, VPN, Route-maps and Access Control Lists.
Configured F5 GTM Wide IP, Pool Load Balancing Methods, probers and monitors recreating Http and https redirect VIP’s to client from data servers.
Worked on F5 issues using packet capture like TCP dump, Wireshark and SolarWinds and curl commands.
Experience on 2400 Viprion model, creating Guest's, upgrading new F5 hardware, installing, licensing, configuring and upgrading.
when required Teaming up with the app teams, setting of new applications on the F5 as per requirement.
Worked on DNS using vital QIP application for DNS related work to provide domain resolution for VIP on both LTM and GTM.
Received Diamond recognition appreciation bravo award for expediting the F5 modifications for the Payment Gateway projects.
Design and deployed F5 LTM and GTM load balancer infrastructure per business needs from the ground up approach.
Noridian Mutual, Fargo, ND Sep 2014 – Jun 2016
Sr. Network Engineer
Responsibilities:
Worked on Nexus 7010,7018 using features like VDC and VRF on and Deployed Fabric Extender (FEX) 2248 for access layer.
Worked on Nexus devices for implementing Virtual Port Channels, profiles also VPC peer links using fabric path.
Configured Cisco 6500, 4500 (SUP 6) & 3750 Catalyst Switches for network access.
Worked on Migrating of PIX firewalls to ASA next generation firewall rules over to the Cisco ASA solution.
Monitor, support and troubleshoot network and all LAN\WAN Activity using Lansweeper, Wireshark and Angry IPScanner.
Configured rules on Palo Alto security firewall and Analysis of security firewall logs.
Proficient knowledge on cisco Sourcefire and IPS/IDS.
replaced ASA legacy firewalls with ASA next generation firewalls as per business requirements.
Configured F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Migrated and deployed cisco 6500 catalyst to Juniper EX-4200 switches at core layer.
Configure and support Private BGP Peering with transit providers.
Provided hands-on day-to-day support to a global MPLS network infrastructure for several clients throughout the United States and several parts of India and the U.K.
Experience working in security device like Palo alto, McAfee GTI, IPS solutions.
Worked on BIG-IP Access Policy Manager (APM) contextually secures, simplifies, and protects user access to apps and data, while delivering the most scalable access gateway.
Worked on SSL elliptical curve cryptography (ECC) hardware acceleration for Offload SSL encryption. Accelerates key exchange, bulk encryption to provide SSL performance using F5 viprion devices.
Executed the F5 Viprion to deal with high traffic volume for L7 traffic on 2250 blade while Thunder 6630 using viprion chassis.
Customizing and compiling the Linux kernel according to the requirements also good in networking concepts and various protocols
Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies
Experience working with Juniper Routers (MX960, MX480, M320) and Switches (EX2400, QFX Virtual Chassis Switches) with BGP, OSPF, VSTP, MST layer 2 and layer 3Technologies.
DTCC Global Financial Services, Jersey City, NJ Oct 2013 – Aug 2014
Network Engineer.
Responsibilities:
Expertise in implementing setup, configure, upgrade, manage and troubleshoot on Cisco routers, switches, VPN, firewalls, 802.11 wireless access points and load balancers.
Even worked on wireless installation apply access points using controllers like cisco WLC and LAN controller’s.
Troubleshot and provided support on complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF and BGP.
Working knowledge of BGP/OSPF/EIGRP routing protocols over MPLS networks
Performed event log analysis and network event correlation using IPS and IDS.
Configuration & troubleshooting of routing protocols BGP, OSPF, EIGRP to build network for various WAN connections in network.
Expertise utilization of multitenant, API-accessible management in McAfee Network Security for multitenant management platform for device automates deployment and controls risk and compliance across multiple customers.
Implemented cisco 3750, 3650 and 3850 stack switches in data center environment.
Performed continues software patches for Cisco 3750 & 3560 stack switches to remediate vulnerabilities, bug fixes and to attain network stability.
Documented standard operation policies for Cisco IOS, IOS-XR, IOS-XE, NX-OS and ASA firewalls.
Performed the Nexus upgrades at core and distribution layer switches on nexus 5k and 7k.
Server load-balancing utilizing F5 LTM-Big IP, including APM, ASM and viprion device modules
Install, maintain, and configure Unix/Linux environments on all servers including networking, clustering, storage, and applications.
Using the visibility tools Panorama on Palo alto for Application Command Center (ACC), logs, and the report generation analyze, investigate and report on all network activity.
Hands on experience on VIPRION 2200 Chassis (chs405262s,405190s, f5-Irpj-pkfg) for maintaining High-performance interconnection between Ethernet ports and processors, L4 offload and Hardware-accelerated SYN flood protection.
Configuring rules and Maintaining Palo Alto security firewall logs.
Configuring, Administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
Provided on call supports 24/7 and worked in NOC (Network operations center) to reach business requirements.
Direct Energy, Montebello, NY Jul 2012 – Sep 2013
Network Engineer
Responsibilities:
Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
Configured VLANs using 802.1q tagging for Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
Worked on Citrix NetScaler Access Gateway and F5 load balancers for creating SSL Client-Server.
Maintained Extensive audit work on VIPRION 2400 Chassis regarding scaling improves performance, Operational scaling enables consolidation and Application scaling boosts capacity and resiliency performance.
Troubleshoot MPLS and BGP connectivity issues between SAP sites and various ISP providers.
Experience on DNS, IP configurations, and management/configuration of Linux networking services.
Installed and configured of Juniper J-Series (J2350), Juniper SRX series and M-Series (M10) routers.
Installed and configured the ACE and CSM for firewall/Server Load balancing for Cisco Catalyst switches.
Implemented and supported with McAfee Network Security Platform for performance and reliability on a single appliance, asymmetrical routing and native active-active failover configuration.
Configuring IPS, IDS, VLAN, STP, Port security, SPAN, Ether channel in Cisco Composite Networks.
Managing Large Palo Alto Firewall network including 50 remote offices, and three Data Centers using 5000,3060 series firewalls using Palo Alto Management Software Panorama.
Troubleshooting Linux network, security related issues, capturing packets using tools such as IP Tables, TCP wrappers.
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP.
Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
Configured, installed, & managed DHCP, DNS, & WINS servers.
Polaris, India Jan 2011 – Jul 2012
Network Engineer
Responsibilities:
Responsible for configuration, monitoring on security of network infrastructure including (LAN/(WAN), firewalls, DHCP and DNS.
Installing the Network devices in datacenter environment and clearly articulate complex network designs and drawings through documentation (Visio) as well as verbal training sessions.
Experience in Configuring Site-to-Site and Remote Site VPNs, NAT/PAT policies
Managing Cisco Secure ACS for TACACS+, RADIUS authentications.
Experience on designing and troubleshooting of EIGRP, OSPF routing issues
Supporting and performing projects for the client WAN environment at a global level.
Well experienced in troubleshooting bug related issues on L2, switch ports, stacking, Installation.
Providing networking services coordinate tasks and ensure their execution in accordance with established corporate standards.
Sify Technologies, India Jun 2008 – Dec 2010
Network administrator
Responsibilities:
Managed the LAN Switching Environment including creating and maintaining VLANs, STP, Trucking, Port Security, Vlan Security etc.
Involved with the Systems team to Install, configure, & maintain DNS, DHCP on Windows 2000/2003 Server, also configured a FTP server; Installed configured & maintained MS Exchange Server.
Involved in configuration of WAN connection using a 3600 series Router and Frame relay method.
Implementation of NAT with a pool of 2 public IP addresses.
Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
Designed and implemented an IP addressing scheme with subnets for different departments.
Used various Network sniffers like Ethereal, Wireshark.
SNMP network management using MRTG and Cisco works.
Contact this candidate