Application Security Data Center
Resume:
PROFESSIONAL SUMMARY:
Around *+ Years of hands-on experience in Network Engineering, Designing, Integrating, Deploying, maintaining and supporting broad range of Communication Systems. Very good exposure to various networking tools, topologies, multi-vendor equipment and various work environments.
Strong Exposure to Routing, switching, Firewalls, proxies, Load balancers, Radius, DNS, DHCP, Monitoring, Log Collectors.
ists7200vxr, 3900, 3800, 2900, 2800 series routers and Cisco Catalyst 6500, 4500, 3850T, 3750, 2950 and 3500XL series Switches.
Experience with Azure AD for authentication to cloud apps using SAML.
Hands on experience working with Cisco Nexus 7K, 5K & 2K Switches. Configuration of VPC, VDC, Peer Gateway, HSRP and FEX on Nexus family.
Experience with Palo Alto and checkpoint firewalls with next gen firewall features that includes app id, threat id, url filtering, user id, ssl decryption.
Experience and exposure to Arista routers, Juniper MX, QFX and Ex series devices, Extreme network devices.
Experience with Azure cloud connectivity using express routes.
Hands on experience in Cisco IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4, MPLS, NAT, VLAN, STP, VTP, HSRP & GLBP.
Hands on experience working with Cisco CSR1000v. Experience in fiber channel infrastructure.
Experience with Zscaler cloud proxies ZIA and ZPA.
Experience with data center technologies that include spine leaf, cisco ACI, Arista cloud vision. Well versed with Nexus family switches to implement vpc and vdc.
Experience with capacity planning, Fiber Channel and mirroring, backup/archive and recovery solutions, high availability, storage consolidation/migration, performance and tuning.
Worked on setting up tunnels to zscaler zens, zero trust network access.
Experience with Versa SD WAN for remote site connectivity’s over mpls network, configuration of routing and application policies in SD wan.
Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP ability to interpret and resolve complex route table problems.
Experience of wireless 802.11, Cisco Meraki, Aruba, Wireless LAN Controller
Experience with F5 and Avi networks for application load balancing.
Configured express routes and Nsg in could security experience with Azure cloud security center, cloud application security.
Worked on BGP for ISP connectivity, Edge network, Internet Core. Exposure to IBGP, EBGP, Route reflector, Confederations, Local Preference, MED, AS Path, IP prefix lists, RT, RD, EVPN, VXLAN.
Experience with Cisco ACI. Worked on Nexus 9K switches in Spine and leaf topology. Experience with Bridge domains, VNI, VTEPS, VXLAN tunneling, Asymmetric and symmetric routing IRB.
Implemented Site-to-Site VPNs over the internet utilizing security standards such as 3DES, AES/AES-256 with ASA 5580 Firewalls.
Experience in working with Cisco Identity Services Engine (ISE) and ACS. Worked on Security groups, tags, AAA profiles on ISE.
Worked on remote site connectivity using Viptella SD-WAN solution.
Experience with network segmentation using illumio and Palo Alto firewalls for traffic filtering and applying polices on illumio central manager.
Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series
Extensive Knowledge on the implementation of Cisco ASA 5500 series and Checkpoint R 75 firewalls.
Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Worked on Next Gen Firewall features like URL filtering, SSL Forward Proxy, SSL Decryption, APP ID and ThreatID, Panorama in PA firewalls.
Experience in F5 BIG IP and Cisco ACE Load balancers for load balancing and traffic management of business applications. Migration Experience from ACE to F5.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Experience with Virtual servers, Pools, Monitors, SNAT, proficient in iRule Persistence, Profiles, WideIP’s, Zones, Listener IP, Static and Dynamic Load balancing techniques on LTM and GTM.
CERTIFICATION:
Cisco Certified Network Professional (CCNP)
Cisco Certified Network Associate (CCNA)
Palo Alto Certified Network Security Engineer (PCNSE)
EDUCATION DETAILS:
Bachelors in computer science. (India)
TECHNICAL SKILLS:
Technical Skills:
Router Platforms
Cisco Routers series 7300, 4000, 3800, 2000, 1900; F; OnSIP,
Routing Fundamentals and Protocols
Routed and Routing protocols RIP, EIGRP, IS-IS, OSPF, BGP, IPX; MPLS, IPv4 and IPv6 addressing, subnetting, VLSM, Static routing, ICMP, ARP, HSRP, VRRP
Switch Platforms
Cisco Catalyst series 2960, series 3560, 3850, 4500, 6500, 7000; Nexus series 2K, Netgear switches,5K, 7K; Nortel/Avaya 5510, 5520; Juniper EX3300, EX4600, EX4300, EX3400, Arista Cloud Switches
Switching Fundamentals and Protocols
Ethernet technologies, LAN networks, MAC, VLAN and VTP, STP, PVST+, Multicast, RSTP, Multi-Layer Switching, 802.1Q, EtherChannel, PAgP, LACP, CDP, HDLC, RARP
Firewall Platforms
Juniper Netscreen 6500, 6000, 5400, Juniper SSG, SRX5600, SRX5800, CheckPoint (NGX R65, 3100), Cisco Firewalls (ASA 5505, 5506-X, 5585), Netgear Firewall, Palo Alto Networks (PA series 2K, 3K and 5K).
Network Management and Monitoring
Wireshark, Infoblox, HP OpenView, Cisco Prime, Security Device Manager (SDM), CiscoWorks; TCP Dump and Sniffer; SolarWinds Netflow Traffic
Load Balancers
F5 (BIG-IP) LTM 2000, 3900, 6400, 6800, AV 510, ASM, Citrix NetScaler, APM
Cloud Computing and Automation
AWS, Microsoft Azure, Cisco Meraki, C/C++, Python scripting, Ansible, Shell, Cloud Migration
Operating Systems
Windows 10/7/XP, MAC OS, Windows Server, Nexus OS, Cisco IOS-XR, Linux, UNIX
Wireless Technologies
Canopy Wireless Devices, D-Link Point-to-point Wireless, D-Link APs, CISCO 1200 series APs, Aruba wireless and APs, Cisco Meraki, Linksys Wireless/Wi-Fi Routers
Network Management
SolarWinds, Wireshark, Nagios, Cisco Prime Infrastructure, PRTG, NetFlow
PROFESSIONAL EXPERIENCE:
Client: US Radiology Specialists Oct ‘22– Till Date
Location: Raleigh, NC
Role: Senior Network Engineer
Responsibilities:
Worked on Deploying Cisco ACI using Nexus 9k switches in Spine and Leaf. Worked on BGP Underlay and VXLAN overlay technology using Cisco ACI.
Citrix NetScaler load balance scripting for web interface system and other mission critical web system .
Proficiency in High Availability (HA), Load Balancing (DRS), vMotion, vSwitch, Disaster Recovery, Clustering and Access control through vCenter server.
Experience in maintenance of Cisco LANs and WAN devices.
Worked on configuration of Tenants, Bridge Domains, EPG groups, Application templates, VRF configuration of various traffic flows. Configuration includes Arista 7000 series core routers, Border Leaf, Palo Altos for perimeter security, F5 LTM and GTM for application load balancing.
Implementation of the routing protocols BGP (EBGP, IBGP) and EIGRP to enable MPLS on the sites.
Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, Cisco UCS, and fabric-path technologies.
Worked on migration from ASA to Palo alto firewalls. Expereince with URL Filtering, APP ID, SSL decryption, SSL forward proxy for internet traffic flows.
Install and configure VMware vSphere and create clusters for High availability (HA) and Dynamic Resource Sharing (DRS).
Upgraded distribution switches 6509 to Nexus 7010 with Sup1.
Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
Redundancy & Management HSRP, VRRP, Wireshark, SolarWinds, SNMP, Cisco Works, GNS3, Riverbed.
Responsible for maintaining multi-vendor network environment including Cisco ASA, Juniper JUNOS, Fortinet firewalls, Palo Alto PA-200 and configuring different policies to provide connectivity
Citrix and Microsoft, Citrix and Terminal Server environments, Proficient in Citrix NetScaler, Citrix XenServer, VMware virtualization, storage design, Microsoft technologies, network infrastructure and VMWare ESX.
NetScaler assessment to insure remote user stable connection of load balancing between three web interface servers.
Worked extensively on the Cisco Catalyst 3560, Catalyst 3650, Catalyst 4500-X series, Catalyst 6500 series, Catalyst 9200, Catalyst 9300, and Catalyst 9500 series.
Switching tasks include VTP, ISL/ 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trucking, Port Security, STP and RSTP.
Worked extensively on the Cisco2821, Cisco2921, Cisco3925, Cisco ISR 4K series routers.
Part of project team to deploy Zscaler Cloud proxies using GRE tunnels to Zcloud from Edge routers, Azure AD SSO authentication, user group policies on Cloud based proxies for Internet traffic.
Worked on Infoblox DNS, DHCP and IPAM configuration with Internal, External and Cache grids. Worked on Delegations, DNS forwarding. Worked on Global Load Balancing using GTM WideIP delegations from Infoblox.
Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN.
Experience with configuration and troubleshooting in routing protocols that include OSPF and BGP. Expereince with OSPF configuration in Data Centers and WAN. BGP attributes in ISP side on Edge and Internet core routers.
Expereince with Vsys, Security policies, App tags, U-turn NAT, Virtual routers, Zones, URL filtering using Domains, SSL decryption, NAT policies, monitoring, Panorama, APP ID on Palo Alto firewalls.
Worked on Virtual servers, irules, Profiles, Monitors, Persistence, WideIP, Upgrade procedures, SNAT, Network configuration, VLANS, SELF IP, Route Domains on F5 LTM and GTM.
Worked on Citrix NetScaler to deploy VDI, load balancing store front servers and Authentication.
Worked with LAN protocols (VLAN, VTP, STP, RSTP, MST) & Port Channel Protocols (LACP, PAGP).
Experience on Juniper SRX 3600, 5800 Firewalls, Palo Alto 2K, 5K and 7K series Firewalls.
Experience on monitoring network performance and implementing performance tuning when necessary.
Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
Installation Management Services, NetScaler, Branch Repeater and Access Gateway CAG with Advanced Access Control, Application Profiling, Streaming, Certification and Management.
Deploying the different Network devices that include configuration of the devices and maintain and upgrade all these devices in the Network periodically for better performances.
Hands on experience on F5 BIG-IP LTM 11.2, F5 BIG-IP GTM, F5 BIG-IP APM and F5 BIG-IP ASM.
Creating NAT polices for the traffic facing the Internet.
Involving in regular network design meetings and discuss about Internet, VPN, data center to data center communications for servers that are migrating as part data center migration project.
Firewall expertise and Firewall Zone's Segmentation for PCI compliance.
Creating new interfaces on Firewalls and connecting to Spine Switches and ESR Routers.
Implementing the ‘Continues Testing’ approach for end to end System to see the root cause of the issue and fix it. Different Network tools like Splunk, Wire-shark, TCP-dump etc. are used to see the root cause and fix them.
Configuring threat prevention profiles, URL filtering, File Blocking, Wildfire profiles, security rules to the Palo Alto devices which are used as IPS.
Upgrading the OS and creating Antivirus and Anti-Spyware Profiles for all the Palo Alto Devices.
Monitoring the Firewalls which are configured to be monitored by Statseeker Tool through SNMP.
Environment: Cisco routers (7600, 3800, 2800) and Cisco switches (6500, 3700, 4900, 2900), Nexus (7K, 5K &2 K), Data Centers, FEX, Routing Protocols (EIGRP, OSPF, BGP), ASA, Palo Alto, Fortinet, F5 load balancing, STP, VLAN, MD5, 3DES, AES, OTV, CitrixVLANS, SNMP, NAT, cisco IO, HSRP, VLAN trunking 802.1Q, F5 Networks Big IP, CISCO ASA and Checkpoint firewall, Palo Alto 3000, 5000 series.
Client: Altice Apr ‘19–Sep ‘22
Location: Bethpage NY
Role: Senior Network Engineer
Responsibilities:
Designing and Deployment of Access, Distribution and Core layers in Data Center environment using Juniper QFX and MX series switches. Worked on OSPF and BGP configuration.
Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, and fabric-path technologies.
Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
Provided Level-3 Network support for Cisco Switches and Cisco ASA 5500 Series Security.
Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewalls.
Knowledge with following Citrix infrastructure components: Web interfaces, PNAServer, NetScaler setup and administration, License Server management, Edgesight. Management and configuration of RSA SecurID Server.
Implementing routing, ACL's with ISP using OSPF and BGP.
Provided L2 & L3 network support, Building configurations for Juniper EX 3300 and EX 4200 switches with features like Port security, VLANs, VTP, and PVST+. Worked on SRX service gateways and MX Platform routers.
Strong hands on experience on, ASA Firewalls, Palo Alto Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Configuring IP Networking: Security Settings, QoS, Routing Protocols (OSPF, ISIS, BGP), Signaling protocols like RSVP, LDP etc.
Understanding the JUNOS platform and worked with JUNOS upgrade of Juniper devices.
Excellent Knowledge on TCP/IP, SNMP, FIBRE, Ethernet, Gigabit/10-Gigabit, RADIUS/AAA
Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
Configure and maintain all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
Hands on experience on all software blades of Check Point Firewall. 24x7 on-call step-up support as a part of the safety operations team.
Working closely with knowledge center management to investigate the information center sites for cabling necessities of assorted network instrumentation.
Migration from Checkpoint firewall cluster to Cisco ASA 5580 firewalls in a failover pair configuration.
Provided application level redundancy and accessibility by deploying F5 load balancers. LTM and GTM Installation and operation.
Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
Worked extensively in Configuring, observation and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover demilitarized zone socialization & configuring VLANs/routing/NAT.
Managing a TACACS server for VPN user authentication and network devices authentication.
Performed Imperva Secure Sphere DAM on WAF Health Checks.
Managing and providing support to numerous project groups with regards to the addition of recent instrumentation like routers switches and firewalls to the DMZs.
Implementing traffic engineering on existing Multiprotocol Label Switching (MPLS) network and Open Shortest Path First (OSPF).
Provided redundancy in a very multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
Configured and troubleshooting River bed WAN optimization software to improve the network acceleration at the user end.
Deploy, scale and automate network across multiple global datacenters supporting Amazon Web Services (AWS).
Knowledge and skill of 802.11 a/b/g/n LAN normal for wireless Technology.
Used Cisco ACI Fabric which is based on Cisco Nexus 9000 Series Switches and the Cisco Application Virtual Switch (AVS).
Configure best route map configurations in the new Cisco IOS XR Routing Protocol Language (RPL).
Supporting EIGRP and BGP supported network by partitioning level two & three issues of internal groups & external customers of all locations.
Extensive active expertise with complicated routed local area network LAN and WAN networks, routers and switches.
Design and Building Software-Defined Data Center environment, including Vmware, VCenter, NSX and Cisco ACI.
Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
Configured Windows Clusters, Windows NLB, H/W Load Balancers (F5, Netscaler). Deployed, configured and troubleshooting runtime errors related to .Net applications on 7.0/7.5 Web Servers and Windows Server 2008/2008 R2 in Dev, QA & Pre-prod environments.
Environment: Nexus 2k/5k/7k, Cisco 6500/7500/7200 Routers, Cisco 3550/4500/6500 switches, Juniper SRX100, Fortinet Next Generation Firewalls, LAN, WAN, OSPF, RIP, BGP, EIGRP, HSRP, PPP, VPN, Checkpoint, Cisco ASA, AWS, TCL, Riverbed, Clustered SQL server 2014/2012/2008R2/2008/2005, DC migration, Active-Active& Active-Passive Clustering, Windows 2012/2008R2/2008/2003.
Client: Blue Cross Blue Shield of Tennessee Nov ‘17–Mar ‘19
Location: Chattanooga, TN
Role: Senior Network Security Engineer
Responsibilities:
Hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
Demonstrated understanding of network security concepts and systems including F5, WSA, Palo Alto, ASA
Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
Managing & administering Cisco WSA.
Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
Active/Standby and Active/Active HA configuration on Cisco ASA and Palo Alto Firewalls.
Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.
Environment: Cisco ASA5580/5540/5520, Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, Big IP F5 LTM/GTM, Solarwinds, Nexus switches, TCP/IP, VPN, Cisco Sourcefire, Splunk, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.
Client: Aspire NXT Pvt Ltd May ‘15 – Oct ‘17
Location: Hyderabad, India
Role: Network Engineer
Responsibilities:
●Maintaining the Network Infrastructure, Installation, migration and configuration of routers and switches for clients.
●Configured Routing protocols such as OSPF and policy-based routing.
●Team member of Configuration of CISCO 7206 router and Configuration of Catalyst switches.
●Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN.
●Create and test Cisco router and switching operations using OSPF routing protocol.
●Configuration and troubleshooting link state protocols like OSPF in multiple areas.
●Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
●Optimized performance of the WAN network consisting of CISCO 3550/4500/6500 switches by configuring VLANs.
●Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
●Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
●Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
●Configured IP access filter policies.
●Implementing NAT solutions on Cisco IOS routers.
●Upgrading IOS, troubleshooting network outages.
●Worked on Cisco Routers, Active /Passive Hubs, Switches.
Environment: Cisco 3550/4500/6500 switches and Cisco 2500, 2600, 3000, 6500, 7500, 7200 routers, Checkpoint.
Contact this candidate