Network Engineer Senior
Resume:
Shafia Amtul
Senior Network Engineer
+1-847-***-**** ******.*******@*****.***
Professional Summary:
Over 9 years of experience as a Senior Network Engineer with expertise in network design, deployment, and management for enterprise environments.
Skilled in configuring and troubleshooting Cisco routers (ISR series) and Catalyst/Nexus switches, including 9000 series, for robust network infrastructure.
Extensive hands-on experience with routing protocols like OSPF, EIGRP, BGP, and MPLS, optimizing routing efficiency and network reliability.
Managed the transition from legacy WAN to SD-WAN, utilizing solutions such as Cisco Meraki, SilverPeak, and Viptela to enhance connectivity.
Proficient in firewall configuration and policy management, including Palo Alto, Cisco ASA, Checkpoint, and Fortinet, enhancing network security.
Implemented IPsec and SSL VPNs, securing remote access with advanced firewall configurations on Palo Alto and other platforms.
Experienced in load balancing solutions, managing F5 LTM/GTM configurations to distribute traffic efficiently across server pools.
Deployed and managed cloud infrastructure on AWS and Azure, leveraging VPCs, security groups, IAM, ECS, and EKS for scalable cloud environments.
Advanced knowledge of network automation using Python, Terraform, and Juniper REST APIs to streamline network management tasks.
Conducted major data center migrations, including the deployment of ACI leaf and spine architecture for scalable network environments.
Configured and maintained wireless solutions, including Cisco Meraki and Aruba access points, ensuring reliable wireless network connectivity.
Skilled in Quality of Service (QoS) configuration, utilizing policy-maps and class-maps to optimize data traffic within the network.
Proficient in network monitoring tools such as SolarWinds, Cisco Prime, and Wireshark, ensuring proactive management of network performance.
Expertise in security compliance with Infoblox DNS/DHCP solutions and network device license management.
Designed and implemented Infrastructure as Code (IaC) solutions with Terraform and AWS CloudFormation, improving deployment efficiency.
Hands-on experience with Cisco DNA Center, enabling automated network assurance, device onboarding, and policy enforcement.
Configured and managed VPNs across multiple firewall platforms, including Check Point, Fortinet, and SonicWall, securing site-to-site and client access.
Developed and implemented load balancing strategies on AWS ELB, F5, and NGINX to ensure high availability and scalability.
Extensive experience in network protocols (TCP/IP, VLAN, STP, HSRP, VRRP) and routing protocols for both LAN and WAN environments.
Proficient in network security, including IPS configurations, Bluecoat proxy management, and SIEM tools like Splunk for threat detection and response.
Technical Skills:
Routing
OSPF, EIGRP, BGP, MPLS, DMVPN, SD-WAN
Switching
Cisco Switches: Catalyst 2960, 3560, 3750, 4500, 6500, 9000 series, Arista 7250QX series switches, Cisco Nexus 7000, 5000, 2000, 9000 series
Security
Palo Alto firewalls, Cisco ASA, Fortinet, Checkpoint UTM, Fire Power
Load Balancer
F5 LTM, F5 GTM
Wireless
Cisco Meraki, Aruba wireless access points: 802.11ac
Cloud
Azure: Compute services, Web Apps, Data & Storage, Networking, IAM
AWS: IAM, encryption, network security, compliance, ECS, EKS
Automation
Junos Automation scripts, Python, Juniper REST APIs, Terraform
SD-WAN
viptella, Cisco Meraki,SilverPeak
Professional Experience:
Hyatt, Chicago, IL Oct 2022 – Till Date
Sr. Network Engineer
Responsibilities:
Designed, deployed, and upgraded Cisco ISR routers, Catalyst switches, and Nexus switches.
Worked extensively with Cisco routers (2821, 2921, 3925, ISR 4K series) and Catalyst series switches.
Replaced end-of-life switches with Catalyst 9300 and 9500 series to enhance network efficiency.
Configured IPsec and SSL VPNs on Palo Alto firewalls, implemented Zone-Based Firewall, and utilized Prisma for cloud security.
Extensive experience with Cisco Routing and Switching, including 3600, 3700, 3800, 5300, 6500, 7200, 7600 series routers, Nexus 7k, Nexus 5k, Nexus 2k, ASR 9000, 1000 series routers, and Meraki products.
Managed migration from OSPF to EIGRP and oversaw license upgrades for network devices.
Supported centralized DNS/DHCP operations using Infoblox, Cisco DNA Center, and Cisco ISE.
Implemented security profiles and VSYS on Palo Alto Next-Generation Firewall and participated in Positive Enforcement Model.
Configured, troubleshot, and deployed various IP routing protocols (RIP, EIGRP, OSPF, and BGP) on both Cisco and Juniper devices.
Led the migration of NiSource's legacy WAN network to SD-WAN with virtual firewalls on WAN routers.
Converted Cisco ASA rules to Juniper SRX-based solutions.
Configured TCP/IP, Network routing protocols, firewalls, L2/L3 switches, & tools such as Wireshark.
Deployed and managed F5 solutions in Azure cloud, including daily support and application migration.
Engineered and configured virtual servers, pools, iRules, and monitored F5 LTM (Local Traffic Manager).
Managed IPAM for a large network using SolarWinds IPAM and Infoblox DNS/DHCP servers.
Upgraded Cisco DNA Center firmware, supported the F5 environment, and troubleshot LTM and APM (Application Performance Management).
Involved in the network capacity planning to support 300,000 VOIP endpoints.
Responsible for configuring network devices at field offices to support the new Cisco VoIP system.
Implemented VxLAN to support VMotion across data centers, reducing downtime by enabling the live migration of virtual machines.
Designed and implemented Azure Network Limits and configured tunnels from NetScaler to Zscaler cloud.
Implemented QoS policy-maps and class-maps to enhance data transmission within the enterprise network.
Collaborated with the wireless team on Cisco ISE integration with Wireless LAN controllers and Active Directory.
Created security policy according to user's requirement in cisco ASA-5580, Juniper-SRX-5800 ISG-1000 firewall using CLI GUI.
Procured network equipment, recommended industry best practices, and coordinated with ISPs for MPLS migration.
Manage the migration of customer lines and voice traffic from end of life Siemens switch and Oracle SBC platforms .
Expertise in configuring switching protocols (ARP, VTP, PPP, VLAN, STP, RSTP, PVST+, HSRP, GLBP, VRRP) and routing protocols (RIP, OSPF, BGP, EIGRP, IS-IS, MPLS, SD-WAN).
Assisted in the installation of Spine (Nexus 9500 series) and Leaf (Nexus 9300 series) switches for ACI (Application Centric Infrastructure) environments.
Managed tenant networking and policies within the ACI architecture.
Conducted network monitoring and analysis using SolarWinds and Wireshark
Liberty Mutual, MA Mar 2020 - Aug 2022
Sr. Network Engineer
Responsibilities:
Configured Cisco Nexus switches (3k, 5k, 7k) with VPC, VDC, and FCoE setups for data center environments.
Implemented Cisco 6500 VSS (Virtual Switching System) in the Data Center Distribution layer.
Managed VPN systems utilizing Cisco ISR 800, 1000, and ASR 1000 routers.
Implemented Quality of Service (QoS) with shaping, policing, and priority queuing to optimize network performance.
Proficient in Python scripting for automation and participated in the Cisco DNA Voucher Operations Program.
Deployed, configured, and managed Cisco DNA Center, ISE, NGFW, Prime, ESA, WSA, VPN, and CWS solutions.
Conducted firewall policy reviews, audits, and cleanup using Tufin and Splunk for enhanced security.
Managed and maintained cloud environments, ensuring optimal uptime and performance through proactive monitoring and automation.
Upgraded Palo Alto firewalls, configured DMZ, PAT, SSL encryption, and App-IDs; migrated from Cisco PIX/ASA. Troubleshot Palo Alto firewalls and configured BGP on Nexus, Juniper, and Cisco ASR routers.
Led the migration of systems from Cisco’s legacy data centers to new ACI (Application Centric Infrastructure) leaf and spine fabric path data centers.
Assessed customer requirements for wireless networks, explaining how Cisco Meraki integrates with existing infrastructure and addresses future needs.
Configured and managed VPNs (IPSec/DMVPN/SSL) with Check Point, Palo Alto, Cisco, Juniper, Fortinet FortiGates, and SonicWall UTMs.
Designed and implemented VxLAN on Cisco Nexus series switches and configured port-profile for VxLAN VTEPs.
Administered Cisco ASA and Juniper SRX firewalls across customer networks.
Managed Infoblox DNS traffic control, DHCP, and IPAM, updating DNS records during migrations.
Performed complete network upgrade using 2 Nortel Passport 8610 L2/L3 switches in full mesh design with VRRP and SMLT for immediate failover.
Determined appropriateness of hardware/software changes and/or modifications related to VOIP on Cisco routers, switches, and call
Upgraded Palo Alto firewalls, Cisco routers, Nexus switches, and Bluecoat proxy devices.
Deployed and managed SD-WAN network solutions (Cisco Meraki) for WAN connectivity.
Configured wireless LAN security (PEAP, EAP-FAST), assigned RADIUS, and TACACS for new deployments.
Assisted in rolling out Cisco Identity Services Engine (ISE) and configured endpoint profiling policies.
Designed and implemented perimeter security policies, including firewall ACLs and client VPN technologies.
Maintained, upgraded, and improved VMware ESXi infrastructure, with exposure to SDN and Cisco ACI.
Implemented load balancing strategies such as round-robin, least connections, and IP hash to optimize traffic distribution and server performance.
Designed SD-WAN (Versa) and LAN optimization technologies for efficient application data delivery across LAN and WAN.
Developed and deployed Infrastructure as Code (IaC) using Terraform and CloudFormation, streamlining resource management and deployment processes.
Worked on Cisco Unified Communication Manager, Call Manager Express, Cisco Unity Connection, UCCX, UCCE, IM and Presence, SRST, and Voice Gateways.
Familiar with Cisco Meraki switching and wireless LAN technologies.
Ensured business continuity by meeting SLAs and collaborating with engineering teams.
Charter Communications, Denver, CO Jan 2018 – Feb 2020
Network Consultant Aws
Responsibilities:
Designs, tests and deploys IT security systems, solutions and ecommerce environment.
Working on Service Now ticket management tool by providing support service to client by implementing and working on change request, Incident request and troubleshooting.
Experience using Nessus & Qualys Tool for networking discovery and mapping, asset prioritization, vulnerability assessment and tracking.
Configuration of checkpoint firewall mainly VSX according to client topology and checkpoints features such as Application & URL filtering, IPS, Identity Awareness, IPS, VPN.
Configuration of Palo Alto Next-Generation Firewall mainly VSYS according to client topology and working on Content-ID, User-ID, App-IP.
Experience in Qualys policy compliance in detecting internal and external threats and vulnerability.
Perform troubleshooting by packet capture analysis using TCP Dump, Wireshark and analyzing the PCAP.
Bluecoat proxy server’s setup, configuration, upgrade and Troubleshooting with optimization of WAN Application, SSL traffic, Web traffic, URL filtering & Content filtering.
Created Voice VLANS on switches and all DHCP scopes for voice VLANS on MSFCs.
Experience in working with designing, installing and troubleshooting of Palo Alto firewalls.
Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN.
Migration from Cisco to Palo Alto firewall & Cisco to Checkpoint firewall.
Instrumental in managing and configuring Confidential' s VXLAN and IP Network.
Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN.
Firewall as well as virtualization of firewall, both VSX and VSYS.
Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering). Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Worked on network packet analyzer tools such as, Wireshark, Microsoft Network Monitor, Snort, Tcpdump, SSL Dump etc.
Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.
Represent the changes at the weekly change review and application migration meeting.
Create policies, alerts and configure using SIEM tools (Splunk, Solar Winds, and LogRhythm).
IBM, India Sep 2016 – Dec 2017
Network Engineer Azure
Responsibilities:
Implemented cutting-edge 100G Arista environment for high-bandwidth global collaboration network utilizing VxLAN and EVPN.
Conducted routine maintenance and upgrades on Nexus switches in the data center, ensuring minimal downtime and continuous network reliability.
Skilled in integrating Cisco routers with security appliances such as Cisco ASA and Firepower Threat Defense for comprehensive network security and threat mitigation.
Developed and implemented security policies on Nexus 9300 and 9500 Series switches, enhancing network security and compliance with industry standards through effective access control and monitoring mechanisms.
Proficient in network automation and programmability using Junos Automation scripts, Python, and Juniper REST APIs, facilitating efficient configuration management, orchestration, and SDN integration.
Sound knowledge in Routing, Switching, and MPLS Technologies.
Deployed, scaled, and automated networks across multiple global datacenters in both existing and new locations.
Strong communication and collaboration skills, with a proven track record of effectively liaising with cross-functional teams to deliver successful Juniper switching solutions aligned with organizational objectives.
Proficient in network management and monitoring using Cisco Prime Infrastructure, DNA Center, and SNMP-based tools for proactive monitoring and troubleshooting.
Expertise with installation of Arista 7250QX series switches on Spine Platform.
Configured/Managed Intrusion Prevention Systems (IPS): Cisco IPS, Fortinet, and Checkpoint UTM.
Configured Windows USER-ID agent to collect host information using Palo Alto Global Protect.
Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility, and control over traffic.
Performed network security, administration, analysis, and problem resolution for networks, including NT 4.0, Windows 2000, UNIX (Solaris & BSD), Cisco, TCP/IP, and Checkpoint firewalls.
Regular upgrade and maintenance of infrastructure, installing, configuring, and maintaining Cisco Switches (Catalyst 2960, 3560, 3750, 4500, 6500 series), Cisco Routers (ISR 4000 series, ASR 1000 series), Nexus 7000, 5000, and 2000 series, F5 BIG-IP, Palo Alto Firewalls.
Configuration and troubleshooting of F5 LTM and providing level 2 and level 3 support for customers.
Good knowledge in Azure compute services, Azure Web Apps, Azure Data & Storage, Azure Media & Content Delivery, Azure Networking, Azure Hybrid Integration, and Azure Identity & Access Management.
Strong communication and collaboration skills, with a proven track record of effectively liaising with cross-functional teams to deliver successful Meraki wireless solutions aligned with organizational objectives.
Allocated and designed appropriate virtual IPs for F5 ADC through IPAM Infoblox.
Used Terraform to write infrastructure as code and created Terraform scripts for EC2 instances, Elastic Load Balancers, and S3 buckets.
Strong understanding of network protocols, TCP/IP, routing, and switching concepts.
Experience in the field of Networking (Security, Routing, Switching, and SD-WAN).
Whitehat Jr, Mumbai, Ind Sept 2015 – Aug 2016
Network Engineer aws
Responsibilities:
Troubleshooted and resolved network issues by analyzing traffic patterns, utilizing Cisco IOS commands, and applying appropriate solutions to maintain uptime and security.
Configured and managed Cisco routers and switches to ensure optimal network performance and reliability, including setting up VLANs, routing protocols (EIGRP, OSPF), and ACLs.
Assisted in the setup and maintenance of datacenter infrastructure, including rack installation, cable management, and hardware configuration to support enterprise network requirements.
Monitored and optimized datacenter network performance by implementing best practices for load balancing, redundancy, and failover strategies to ensure high availability and scalability.
Deployed and managed cloud-based network solutions using platforms such as AWS and Azure, including configuring VPCs, subnets, security groups, and VPN connections.
Automated network management tasks in cloud environments through scripting (e.g., Python, Terraform) to enhance efficiency, scalability, and consistency in network configurations.
Conducted network performance analysis and capacity planning to support future growth and ensure alignment with business requirements and goals.
Implemented network security measures, including firewall configurations, intrusion detection/prevention systems, and VPN setups, to safeguard organizational data and resources.
Contact this candidate