Post Job Free
Sign in

Network Engineer Senior

Location:
Visakhapatnam, Andhra Pradesh, India
Posted:
October 01, 2024

Contact this candidate

Resume:

Prathush Kumar

Senior Network Engineer

C:626-***-**** E: ***************@*****.***

Professional Summary:

Network Engineer with around 8 plus years of Experience in Designing, Deployment and Operations of complex enterprise and service provider networks supporting their Network, Security, Data Centre Infrastructure.

Hands-On experience in Implementation, configuration & troubleshooting various Routing Protocols like RIP, EIGRP, OSPF, BGP.

Experienced in working on Cisco Catalyst switches 9200,9300, 6500, 4500,3750, 2900 series.

Strong experience with Cisco ASA firewalls, Cisco ISE, Aruba Clear Pass, Cisco FMC, FTD, Palo Alto, Check Point, Juniper SRX Firewalls.

Extensive knowledge and hands-on experience with Brocade DSX and VDX

Experience with Network Automation using Python, shell scripting.

Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2Kseries, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.

Worked on 1700, 1800, 2800 series Cisco series router and 2950, 3750, 3800, 3640, 6509,9200,9300 Cisco Switches, Riverbeds Steelhead (550H, 1050 L, 2050H and 5050H).

Deep knowledge and hands on experience with CyberArk- Privilege Identity Management

Experience in layer-3 Routing with, ASR 9K, ASR 1K, Cisco 7600, 7200, 3810, and 3925 series.

Experienced in working on Amazon AWS Cloud Services.

Experience in Cisco Wireless Access points Cisco 3500’s,3600’s,5508.

Experience in VPC, VDC, Fabric path and OTV configurations in nexus 7000,9000 series switches.

Responsible for defending the network against malware, viruses and all threats that negatively impact confidentiality, integrity, and availability.

Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.

Experience in design, installation, configuration, maintenance, migration, and administration of Check Point Firewall R55 up to R77.

Infoblox DNS IPAM for Microsoft DNS/DHCP setup and management.

Extensive working experience of various Switching Technologies STP, RSTP, MST, VLAN& VLAN Trunking Protocol (VTP) along with Failover Mechanisms such as HSRP, VRRP&GLBP on Layer 2 Setup, Inter-VLAN routing, Ether channel using LACP, PAGP.

Worked on Configuration and support of Juniper MX series routers and QFX3500, QFX3600, QFX5100, QFX5200 series switches and SRX3400, SRX3600 series firewalls.

Experience in implementation of Cisco ISE Servers & configuration of TACACS protocols.

Experience on Infoblox and windows server for DNS/DHCP ip management.

Extensively used packet capture tools like TCP dump, Wireshark, and snoop on the devices to identify the potential network issues.

Experience on creating Visio diagrams, LLD, HLD and runbooks for datacentre and branch networks.

Maintaining and updating inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP, NTP.

Technical Skills:

Routers

ASR 9K, ASR 1K, 7600, 7200, 3925, 3810, 3600, 2800 Series, CRS1000V, GSR 12000. Juniper Routers M320 and MX80

Switches

Nexus 2K, 3K,5K,7K,9K’s &Catalyst 6500, 4510, 4500-x, 3800, 3750x, 3550, 2960s Juniper Switches Ex2200, Ex2500.

Firewalls & Load Balancers

Checkpoint, ASA 55xx series, F5big-IP LTM/ GTM, Palo Alto, Juniper SRX

IP Routing Protocols

BGP, OSPF, EIGRP, RIP v1 & v2, VRFs, Route redistribution, Route filtering, Summarization, Static route

IP Services

HSRP, VRRP, DHCP, GLBP

MPLS

LDP/TDP, MPLS VPN, RSVP, VRF

LAN Switching

RSTP, STP, VTP, VLAN & Inter-VLAN routing, Dot1q

WAN /Core

Frame Relay, PPP, HDLC, Channelized links(E1/T1/E2/T2).

NEXUS Features

VDC, VPC, FEX, F&M series line cards

Cisco

NX-OS, IOS-XR, IOS, Cat IOS

Protocols

IPv4, IPv6, TCP, UDP, ICMP, NAT, DHCP, SNMP, IPSEC, SSH, DNS, S2S VPN

Security

Server Protocols

TACACS+, Radius,

Quality of Service

Queuing (CBWFQ, LLQ), Traffic Shaping, RED/WRED

Network Monitoring Tools

Cisco Works, solar winds, Cisco WAN Manager, HP Open view, Wireshark

Operating Systems

Microsoft XP/Vista/7/8, UNIX, Linux

Certifications:

Cisco Certified Network Associate – CCNA

Cisco Certified Network Professional- CCNP

Palo Alto ACE Engineer

Professional Experience

EVRAZ, Chicago, IL, Remote Feb 2024 – Present

Senior Network Engineer

Responsibilities:

Experienced in configuring the routers Cisco 7600 (7609), ASR 9K (9922), ASR 1K and CSR 1000V series.

Experience with Installing and configuring the Nexus Switches NX-9K (9300), NX-9500, NX-7K (7010) andNX-3K (3064) Nexus 5K series switches.

Troubleshooting complex networks layer 1, 2to layer 3 (routing with MPLS, BGP, EIGRP, OSPF protocols) technical issues.

Troubleshooting Layer 2 issues, Spanning Tree protocol, RSTP, MST, VTP, VLAN on Cisco – 9000,6500 series switches.

Experience in monitoring, debugging, and resolving Cisco infrastructure issues like routing, Network Hardware/Software failure, configuration, WAN outages, and performance issues.

Installing, Configuring, Maintaining and Troubleshooting of Cisco ASR 1K, 7200, 7750,7950, 3925E and 2951E Routers and Cisco catalyst 9000 series,6500, 4510, 4500-X, 4948, 3560X, 3750X and 2960S Switches for deployment on production.

Efficiently utilized Cisco Nexus 9k,7K, 5K, and 2K in managing and deploying data center switch upgrade to a 10GB infrastructure, resulting in a new virtual port channel technology.

Worked on different platforms IOS-XE IOS-XR and NXOS, Cisco SP platforms (GSR, CRS, ASR9K, ASR1K, NCS5500), Cisco ISR, Catalyst product families as well as in Cisco DC platforms (N3K, N7K, N9K).

Experience in all or most of the following: ISIS, BGP, OSPF, EIGRP, LAN Switching, STP, MPLS, Traffic Engineering, Multicast, Virtualization, EVPN, QoS, IPv4/Ipv6, MST, PIM, DMVPN, NetFlow and Cisco ASA, IPSEC Tunneling and VMWare Virtualization. Test Tools; Ixia.

Expert in troubleshooting production issues and resolving incidents and change tickets related to ACI.

Designed for SD-WAN team and deployed silver peak SD WAN devices to branch offices.

Configured, management of and monitored Silver Peak SD-WAN product.

Capable of managing Clean Access Manager and Servers, installing and configuring Cisco NAC Appliances in Virtual Gateway mode, and configuring Nokia CLI.

Worked on BGP Path manipulation attributes Local preference, multi path, multi homing for having a proper Failover connectivity.

Oversaw migration of 2 Data Centres from Frame Relay to private MPLS WAN links to new service provider.

Analyzed and fixed intricate routing problems by determining how ERO configurations affected network traffic.

Worked on configuring EPG, application profile, BD, leaf switch interface profile, VPC policy on Cisco ACI.

Deployment Cisco ACI fabric to ensure each tenant is secured and has separation from other tenants. Use L3/L2 outs via common tenant.

range of Aruba network issues, encompassing connectivity challenges, RF interference, and authentication discrepancies, ensuring swift resolution and uninterrupted network operations.

Expertise and extensive experience in managing ASA Firewalls, Catalyst switches and customer integration. Ability to setup devices, modify ACL’s and trouble shoot issues.

Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 on ASA-55xx Firewalls.

Writing exceptions on FMC in some cases to avoid the downtime.

IP addressing and design schemas for a variety of IP Pools using DHCP scope or local IP pools for NAC Controls.

Configured and Trouble shouted BGP, OSPF MPLS for Enterprise level network,

Implemented IPS, DLP and UTM features on the firewall for added security purposes.

Performing URL filtering and content filtering by adding URLs in Bluecoat Proxy SG's.

CVS Health, Chicago, IL, Sep 2022 – Feb 2024

Sr. Network Engineer

Responsibilities:

Maintain, upgrade and commission of branch and campus sites connectivity into data centers and create a seamless network hardware standard across all North American branches.

Installing, Configuring, and troubleshooting Cisco Routers (ASR1002X,3945,3845,2800, 3600) and C 4500, 6800 routers to perform functions at the Access, Distribution, and Core layers.

Installing, Maintaining and Troubleshooting of Cisco ASR 1K, 7200, 7750,7950, 3925E and 2951E Routers and Cisco 6500, 4510, 4500-X, 4948, 3560X, 3750X and 2960S Switches for deployment on production.

Create, assign and provide IP and DNS records for server and application teams using Microsoft DNS server.

Oversaw migration of 2 Data Centres from Frame Relay to private MPLS WAN links to new service provider.

Worked on F5 BIG IP LTM 3600 load balancers to configure Nodes, Pools, and VIPs on a need basis.

Completed basic configurations on the F5 Big-IP LTMs and GTM load balancer on existing network to split traffic on webservers.

Expert in design, configuration, and deployment of F5 Solutions with extensive experience working with APM and ASM technologies.

Involved in Configuring and Maintaining Cisco ISE Combining authentication, authorization, accounting.

Configured and Deploying ISE in wired environment to perform Dot1x port-based authentication configure the Posture policies perform Change of Authorization CoA for users connecting to the corporate network.

Provided engineering support and technical assistance by ensuring the Cisco ISE server is correctly installed and licenses are applied.

Worked on Configured High availability, User ID on Palo Alto firewall.

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools Editing and Changing Palo Alto Polices and Monitoring threats on firewalls.

Analyzed traffic pattern and implemented URL filtering using the Palo Alto Firewall. Troubleshooting and configuring Palo Alto FW's 3060 & 5060.

Configured VManage for centralized management and orchestration of SD-WAN fabric, streamlining network operations and facilitating policy enforcement.

Collaborated with vendors and external partners as necessary, leveraging their expertise and resources to ensure successful SD-WAN migrations and deployments.

Perform Operational and Maintenance for DHCP on Infoblox.

Migration of core DNS, DHCP and NTP services from Microsoft to Infoblox.

Extensively worked on Juniper models EX-2200, EX-4200, EX-4500.

Worked on troubleshooting, configuration and maintenance of Juniper MX240, MX480, MX960, MX2010.

Utilized the Monitoring tools, Packet capture tools for the analysing the traffic flows.

Handling various trouble tickets, firewall rule changes, assisting other teams to bring the device to production, making DNS changes in Infoblox and routing changes.

Implemented Cisco Application Centric Infrastructure (Cisco ACI) as a solution for data centres using a Spine and Leaf architecture.

Performed ISSU upgrade on Nexus 7010 devices by operating the supervisors in active/standby mode on the devices by determining ISSU compatibility.

Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.

Participated in the installation, configuration, and post installation routine operational tasks and configuration of the Cisco Nexus Switches.

Cisco APIC-EM (IWAN) deployment using CSR1000v Switch and VMware for Cisco ACI.

Worked with other network engineers to deploy the Cisco ACI fabric.

Configured the Encapsulation Dot1Q on ASR 9k 10G interfaces for solar providing connectivity to various Virtual Private clouds on AWS and Maintaining Different VLANs based on applications.

Involved in design, implementation, and configuration of HSRP for load balancing on L3 switches on different location of office on the switched network.

Fixing the Wi-Fi and Access Point issues and troubleshooting the APs on the Wireless Controllers (WLC’s), Cisco Prime. Hard resetting the AP’s,

Provided technical assistance for LAN/WAN management & troubleshooting and complex customer issues using Network monitoring tools such as Solar winds.

Solely Responsible for Solar Winds Implementation of NPM, NCM.

Successfully executed scheduled changes on the Aruba OS 8.X platform and ClearPass Policy Manager, showcasing a strong command of these systems.

Utilized Aruba Airwave and ClearPass Insight to fetch and analyze reports, contributing to informed decision-making.

Experience configuring and maintaining Juniper SRX firewalls and Hands on experience writing firewall rules and putting a working server behind a firewall.

Citi Bank, Dallas, TX Sep 2021 – Sep 2022

Network Security Engineer

Responsibilities:

•Provide high-level technical support to backbone network infrastructure, which consists of Cisco 72xx, 39xx Series Routers, ACS terminal servers,2950, 3750, 3800 and 65xx Cat switches.

Installed, Configured, and maintained 2600, 3600, 7613 Cisco Routers and 3750, 4500 and 6500 series Cisco Switches.

Experience with deploying Fabric Path using Nexus 7000 Devices.

Designed & Deployed Cisco ISE 2.1/2.3 for Enterprise RADIUS Authentication with Active Directory, RSA Secure ID, Proxy Radius Services to Cisco ACS and Radiator Radius.

Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.

Configured Cisco ISE for Domain Integration and Active Directory Integration.

Experience with working on Palo Alto Next-Generation Firewalls Security profiles.

Configuration and providing management support for Palo Alto and Checkpoint Firewalls (R75, R76 and R77).

Configuration, Troubleshooting, and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.

Configured SNMP on Palo Alto firewalls 3060, 5060, 7050 for receiving incident alerts and notification and wrote SSL decryption policies for decryption of traffic to provide Anti-virus, Malware protection.

Configuration of policies, objects and applying NAT & Web Filtering on firewalls like Checkpoint, Palo alto. Working experience on upgrading Checkpoint old devices/Software to new platforms like R70 to R75.20.

Configuring Site-Site VPN on Checkpoint Firewall with R77 GAIA.

Experience in migrating Cisco ASA to Checkpoint firewall in the test environment.

Configuring VPN, clustering and ISP redundancy in Checkpoint firewall.

Configuring, maintaining, and troubleshooting IPS and IPS-1 in Checkpoint.

Troubleshooting of protocol-based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow.

Configured ACLs in Cisco 5550 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT.

Involve in deployment for cisco ASA (5505,5520,5585).

Integrating ExtraHop with Simple Network Management Protocol (SNMP) enables the gathering of extra performance metrics from routers, switches, and firewalls.

Proficient in deploying and configuring F5 Web Application Firewall (WAF) policies to fortify web applications against diverse cyber threats, including SQL injection and cross-site scripting (XSS) attacks, ensuring robust security posture and safeguarding sensitive data from exploitation.

Implemented vSmart controllers to intelligently steer traffic and optimize path selection, thereby enhancing application performance across the SD-WAN infrastructure.

Designed and implemented SD-WAN policies and configurations to optimize network performance, improve application visibility, and streamline traffic routing.

Configuration of Cisco IP phones (7900s, 6961s, 9900s) for device profiling and Cisco Call Manager phone registration via Cisco ISE, Printer Profiling, Mobile device profiling etc.

Worked on Adding, removing, modifying the DMZ and Firewall Policies in Checkpoint FWs (DDOS, IDS).

Created static routers in Firewall and applied security levels to DMZ as per requirement.

Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.

Installed and Configured the Cisco NAC Appliances in Virtual Gateway mode - Central Deployment Mode with Clean Access Manager 3355 and Clean Access Server 3355-3500, Clean Access Server 3315-500 of release 4.7.0 and 4.7.2

Configured and managed Cisco access layer routers and switches & carried out route redistribution & manipulated route updates using distribute lists, route-maps & administrative distance, and offset-lists.

Configured routing protocols like EIGRP, OSPF & BGP and troubleshooting layer3 issues.

Learned and Tested various BGP attributes like local preference, MED, Weight and replicated customer issues in the testing environment lab.

Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, applying downloadable ACLs through Cisco ISE, and Configuring Standard and Extended ACLs locally and on the upstream switches for Cisco NAC & ForeScout NAC Solution.

Federal Aviation Administration, Oklahoma City, Ok April 2020 –Aug 2021

Network Engineer

Responsibilities:

Responsibilities include software upgrade, license activation, configuring/installing new GSR router 7000,12000, Nexus switch 9000, 5000,3000, 9504, 9300, 3200, 2308, F5-5050 and maintaining network documentation.

Experience working with High performance data center switches like nexus 9000, 7000 series.

Experience in configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018.

Configured Nexus 2000 Fabric Extender (FEX), which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.

Configuration of Fabric path and connectivity between Nexus 5K and Nexus 7k.

Worked as a part of data center deployment where we converted from Cisco 6500 to Nexus.

Experience with configuring FCOE using Cisco nexus 5548.

Hands-on Experience with CISCO Nexus 7000, Nexus 5000, and Nexus 2000 platforms.

Automated network implementations and tasks and designed monitoring tools using python scripting.

Configured Voice ports and dial peers on the call manager for the VoIP call to reach remote destination.

Implemented site to site VPN on Cisco Meraki MX64, MX65, MC84, and MX400.

Implementing Cisco Meraki Wireless network.

Experience with configuring DMVPN tunnels for the MPLS and ISP clouds, which are responsible for Transport Independent Design of IWAN.

Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.

Performed site refreshes on Cisco switching and Aruba wireless infrastructure.

Migrated from Cisco 3650 switches to Aruba 3810 series switches.

Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.

Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.

Responsible for upgrading the 6 Cisco FMCs in the environment from the last 3 years.

Deployment, Migrate from Cisco ASA to Cisco Firepower 2100/4100 with ASA logical system and FTD.

Optimized IPS signatures on the Cisco Fire Power management center to reduce false positives by disabling unnecessary rules and using the threshold, suppression, and pass rules features.

Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions.

Coordinating with Vendors for creating and modifying firewall and NAT rules and Maintaining Site to Site and SSL VPN.

Configured EBGP load balancing and Ensured stability of BGP peering interfaces.

Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes and route filtering using Route-maps.

Implemented site to site VPN in Juniper SRX as per customer.

Worked sniffing tools like Wireshark, TCP Dump and Capsa to monitor and troubleshoot access issues.

Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.

Implementation of L3 MPLS-VPN and Migration of branches to the new MPLS cloud4.

Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.

Wipro, Hyderabad, India Feb 2018 – April 2020

Network Engineer

Responsibilities:

●Responsible for configuration and troubleshooting & management of juniper Net screen firewalls, juniper switches, cisco switches.

●Configuration, Troubleshooting and Maintenance of Palo alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.

●Configure VPN tunnels between various vendor's hardware and software firewalls.

●Configured Routing protocols such as OSPF and policy-based routing.

●Configuring Cisco IOS AAA with TACACS+ and RADIUS and Local privilege authorization fallback

●Extensive experience in configuring and implementing OSPF, BGP and MP-BGP

●Planning and configuring the entire IP addressing plan for the clients' network.

●Implemented Positive Enforcement Model with the help of Palo alto Networks.

●Manage project task to migrate from Cisco ASA firewalls to Check point firewalls.

●Team member of Configuration of Cisco 7206 router and Configuration of Catalyst switches.

●Supported on Cisco Nexus 5000 and Nexus 7000 Series Switch fabric links.

●Implemented new ultra-secure networks in multiple data centers that included Cisco 6500 juniper security devices, and F5 Big IP's

●Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.

●To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.

●Worked on Cisco Routers, Active /Passive Hubs, Switches.

●Involved in upgrades to the WAN network from existing 7200vxr with ASR 1004 and 3845/3945 routers.

●Involved in configuration of Juniper security appliances SRX 220, SRX 240, SRX 550, NS 50, SSG 550M, SSG 520M

L&T Hyderabad, India Jan 2016 – Feb 2018

Network Administrator

Responsibilities:

Experience in deploying EIGRP/BGP redistribution and changing the metrics for the primary and backup.

Worked on Riverbed devices for WAN bandwidth Optimization in the data centers for the sensitive

Involved in Troubleshooting of DHCP and other IP conflict problems.

Performed Switching Technology Administration including VLANs, inter-VLAN Routing, Trunking, STP, RSTP and Port Aggregation & Link Negotiation.

Worked on Cisco Layer 2 switches (spanning tree, VLAN, QoS, VoIP).

Performed RIP & OSPF Routing Protocol Administration.

Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different applications and blocking others.

Worked on 4500 Catalyst switches for the purpose of LAN requirement and for troubleshooting LAN issues.

Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access.

Provided tier 3 support for Checkpoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.

Design and implemented a remote access solution using Checkpoint Firewalls Site to Site VPN blade.

Maintained Corporate Firewalls & Analysis of firewall logs using various tools. Configured and troubleshooting of HSRP on Cisco routers.

The network consists of Heavy Cisco equipment such as Cisco 2500, 2600, 3640, 3945, 7200 series Routers, Cisco 6500, 4500, 3560, 2950, 2924 Switches.

Involved in New Branch Network Systems. Resolved Network Issues and Prepared Network



Contact this candidate