Sr.Network Engineer
Resume:
Raju
adci48@r.postjobfree.com
Professional Summary:
•Certified Network Engineer with 8 years of experience in Network engineering, performing Analysis, Design, Implementing, and Troubleshooting with focus on performance tuning and support of large Enterprise Networks.
•Hands on Experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series devices.
•Implementation, Configuration and Support of Checkpoint R80.10, R77.20, R77.30 and Cisco ASA 5505, 5506-X, 5585, 4100, Palo Alto PA-2k, PA-3k and PA-5k Firewalls.
•Hands on experience with F5, Infoblox, Cisco, Checkpoint and Palo Alto vendors.
•Maintain and administrator for F5 load balancers, DHCP, DNS, and Checkpoint.
•Experience with Bluecoat and Zscaler Proxy servers, LAN & WAN management.
•In Depth knowledge of Zscaler Proxy for access management, Web filtering and managing PAC files.
•Implementing IP addressing schemes, LAN/WAN protocols, IP Services, to meet network requirements in different environments.
•Experience with AWS services like VPC-Peering, TGW, IGW, NLB and Route 53
•Expertise in Configuration of Virtual Local Area Networks (VLANs) using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trunking using 802.1Q.
•Hands on Experience on F5 Hardware Platforms BIG-IP VIPRION 4400, 2400 Chassis, 2100, 2150, 4200 blades and BIG-IP 5250.
•Experience on several Ticketing Tools like JIRA, Change Management, Service Catalog, Remedy, IP center, ServiceNow.
•Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPsec VPN and DM VPN.
•Extensive hands on support of F5 BIG-IP Products including ASM, LTM, GTM and F5 BIG-IQ.
•Engineering and configuring Virtual Server, Pools, iRules, Profiles, Persistence, and monitor on F5 LTM and GTM devices
•Comprehensive expertise in the implementation of optimization, analysis, troubleshooting and documentation of LAN/WAN networking systems.
•Working knowledge on configuring access lists. Troubleshooting DNS/DHCP issues within the LAN network.
•Experience with scripting like Ansible, Python and Shell scripting.
•Knowledge of cryptography concepts, PKI, SSL, Host Security Modules (HSM), Smart cards, Symmetric, Asymmetric (Public/Private-PKI).
•Experience on HTTP, telnet and SSL traffic using Wireshark, SNMP, tcpdump and sniffer tool.
•Experienced on network monitoring tools such as, Cacti, Netcool, Netflow Analyzer, Solar winds, Cisco Prime, SNMP, Remedy.
•Extensive knowledge and experience of routing and switching protocols RIP, OSPF, EIGRP, BGP, Multicast and PBR.
•Expertise in troubleshooting and configuring DNS, DHCP, TFTP, VPLS, SSH, FTP, ARP and NFS.
•Proficient in Cisco IOS for configuration & troubleshooting of routing protocols MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
•Great team player with an ability to work under pressure on a 24x7 duty rotation.
WORK EXPERIENCE
Fannie Mae, Reston, VA Feb’17 – Present
Network Administrator
Hosting & Services
•Plan and implement F5 LTM (Local Traffic Manager) hardware refresh for stand-alone devices, Viprion chassis, and blades. Design and test disaster recovery scenarios for F5 LTM virtual servers to deliver continuous availability and reliable flow of network traffic.
•Execute traffic capture software to identify, evaluate, and troubleshoot TCP packets impacting network and application flows as needed. Primarily responsible for F5 LTM & GTM advanced
troubleshooting.
•lead the Resonate GLB to F5 Global Traffic Manager (GTM) Migration to successfully migrate 1500+ DNS rules / wide IP addresses.
•Responsible for the day to day operations for the F5 platform (LTM/GTM) to include all Tire III level troubleshooting analysis, configuration changes, upgrades and management.
•Recently Upgraded large scale of F5 LTM’s from Firmware version 11.6.1 HF2 to version 13.1.3
•Created GTM's (Global Traffic Manager) global sync group, including three GTMs in U.S. locations to communicate changes in real time made at one Location to others within sync group.
•Addressed critical security issue with unauthorized access through design flaw for human resources
application by generating iRule. Solution blocked non-human resources IP addresses and eliminated
future breaches.
•wrote iRules with Tool Command Language (TCL) code to perform custom URL parsing and redirects based on values contained in URL suffixes.
•Lead the blade upgrade project, upgraded 2100 to 2150 on 2400 chassis.
•Execute traffic capture software to identify, evaluate, and troubleshoot TCP packets impacting network and application flows as needed. Primarily responsible for F5 LTM & GTM advanced
troubleshooting.
•Created GTM's (Global Traffic Manager) global sync group, including three GTMs in U.S. locations and two GTMs in Singapore locations to communicate changes in real time made at one
location to others within sync group.
•Addressed critical security issue with unauthorized access through design flaw for human resources
application by generating iRule. Solution blocked non-human resources IP addresses and eliminated
future breaches.
•Involved cloud projects AWS network connectivity, Azure VDI and VMC SDDC infrastructure.
•Deployed F5 BIG-IQ could edition modules like tire I service scaler (SS or ADC), tire II Service scaler group (SSG) and DCDs Data Collection Devices in vCenter on VMC cloud and provided visibility to application traffic and security threads.
•Created and supporting AWS service including VPN's, AWS Direct Connect, Route53 Experience with ALB, ELB, VPCs, Private Links, Security Groups, firewall, and VPC peering Design and deploy dynamically scalable, highly available,
•Experience with monitoring and log aggregating frameworks like CloudWatch, CloudTrail, AWS X-Ray, and AWS Config.
•Implementing, troubleshooting and managing Zscaler – a cloud-based solution for Web content filtering.
•Configure rules and policies according to the security policy and needs of the users in Zscaler cloud proxy.
•Zscaler cloud security implementation (Zscaler internet access and Zscaler private access) for zero trust security.
•Troubleshoot authentication issues on Zscaler.
•Presenting solutions to CBS managements for DHCP, DNS and IPAM within the Infoblox Grid.
•Reviewing the CBS DNS migration plan into Infoblox. Working with CBS and Infoblox design engineers to deliver a streamline and coherent migration solution.
•Troubleshoot all Infoblox DHCP and IPAM issues that may occur. Working with other CBS engineers, as well as Infoblox Sales Engineers and TAC.
•Create and distribute Visio Network diagrams depicting topology and interconnectivity.
•Upgraded checkpoint operating system from R77. 30 to R80.10 and applying Hot fixes.
•Installing & configuring firewalls – Checkpoint NG & NGX R75, R77 Gaia, R80.10, Provider-1/MDS and VSX.
•Support and administration of multiple security gateway with Multi-Domain Security Management.
•Involved on Reviews, develop, tested while implementing new vendors on our environment.
•Maintain high-level and low-level security design infrastructure.
•Conduct forensic investigations and perform root cause analysis.
•Configure security gateway via site-2-site IPsec VPN with multiple security vendors.
•Train and provide instruction for management and teammate on Checkpoint, Zscaler and F5 platform.
EMC-Santa Ana, CA Jan’16 – Feb’17
Network Engineer
Responsibilities:
•In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services and Data center environment.
•Working in high availability Nexus Environment and provide Level 3 Network Support.
•Worked closely with Data center management to analyze the data center sites for cabling requirements of various network equipment.
•Strong knowledge and hands on experience in Data Center Migration using PlateSpin.
•Supported Data center network infrastructure consisted of multiple Nexus 9Ks,7Ks, 5Ks, 2Ks, FWs, Security systems, F5, and VMware environment by maintaining and deploying new technologies.
•Designed an F5 virtual Clustered Multi-Processing (vCMP) solution for Client Environment and then implemented the design by installing the vCMP feature of TMOS version 11.5.4 onto four (4) F5 Viprion 4480 chassis. Each Viprion chassis was equipped with two (2) 4300 Viprion Blades, and each hypervisor was populated with four (4) HA vCMP guests.
•Installed and configured pairs of 2400 hardware Viprion devices with five Guests on each Host with firmware version 13.0.5 on remote Data Center.
•Wrote BASH scripts containing TMSH commands to create and / or modify wide IP’s, GTM pools and GTM virtual servers. I also wrote the F5 LTM Standard Build document and the F5 GTM Standard Build documents
•Setup LTM/GTM hardware in disaster recovery site to establish structured approach for unplanned
incidents that compromised IT infrastructure.
•Evaluated network & server teams' web application projects to deliver recommendations and architecture assistance.
•Centralized, standardized, and automated backups for F5 Devices' configuration files through BIG-IQ.
•Worked and automated BIG-IQ High Availability cluster feature.
•Expertise in creating custom iRules, Health monitors, VIP’s, pools, nodes for F5 LTM/GTM.
•Supporting OSPF and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
•Manage project task to migrate from Cisco ASA firewalls to Palo Alto firewalls.
•Performing troubleshooting on VPN connectivity issues, slow network connectivity issues, identifying the root cause of the issues.
•Assisted in the installation of company network devices (rack and stack).
•Provided TCP/IP, DNS and DHCP troubleshooting and installation
•Performed OSPF, BGP, DHCP Profile, HSRP, IPv6, Bundle Ethernet implementation on ASR 9K redundant pair.
•Performing troubleshooting on slow network connectivity issues, routing issues involves OSPF, BGP, black box and identifying the root cause of the issues.
•Experience working on QIP to manage DNS names and IP addresses.
•Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Environment.
•Troubleshooting Multicast issues between Juniper devices.
•Configured static NAT, dynamic NAT, dynamic NAT overloading.
Univar, - Redmond, WA Jan’15-Dec’15
Network Security Engineer
Responsibilities:
•Day-to-day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
•Implementation configuration and troubleshooting of Checkpoint firewall R75.40.
•Worked on Check Point Security Gateways and Cisco ASA Firewall.
•Firewall Clustering and High Availability Services using Cluster XL on Check Point.
•Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
•Experienced in F5 BIG-IP Application Security Manager (ASM) to protect from threats and vulnerabilities.
•Experience with converting WAN routing from EIGRP/OSPF to BGP (OSPF is used for local routing only) which also involved converting from Point to point circuits to MPLS circuits.
•Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs exploitation varied tools.
•Performing network monitoring, providing analysis using various tools like HP OpenView, Wireshark, SolarWinds, SNMP etc.
•Worked on physical and virtual networks to provide functionality on additional layers on VMware NSX.
•Configured and deployed PIM multicast Routing.
•Experience in Installing and configure the VMware NSX appliances for a setup including VMware vSphere, VMware NSX and Openstack.
•Configured and managed policies on Palo Alto firewalls using Panorama GUI.
•Troubleshoot fiber optic infrastructure, TCP/IP layer 2/3 connectivity, software and hardware bug issues, OSPF and BGP routing, and multitude of customer requested issues as they arise.
•Experienced using Palo Alto Panorama to manage global firewall deployments.
•Implemented Zone primarily based Firewalling and Security Rules on the Palo Alto Firewall
•Provide technical Support for F5 load balancers (GTM, LTM), Bluecoat proxy, Firewalls (ASA, Checkpoint, Palo Alto) and IPS/IDS systems.
•Isolated network traffic via F5 load balancers for GTMs and LTMs
•Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
•Used Cisco web interface for Cisco WSA (IronPort) management.
•Design & implement SME cluster and SIP trunks using Acme Packet and CUBE
•Maintained and managed networks running EIGRP and BGP routing protocols Regularly performed firewall audits around stop Firewall-1 solutions for purchasers.
•Configuration of routing protocols EIGRP and BGP for little to medium sized branches supported company branch standards, together with distribution and route maps.
•Provided full visibility and notification of authorized and unauthorized network access with integration of CISCO ASA and NAC solution.
•Managed End Point AV solution i.e Symantec.
•Managed NAC appliances- Profiler and Access manager, to create endpoint profiles for the new devices and monitoring the unauthorized access.
•Performed Proof of concept with Splunk, Tripwire, Qualys and RSA Envision tools
•We used different kinds of APM's as part of POC on different hosts to identify best APM tools.
•Monitored the system performance using Splunk and created daily and weekly dashboard reports
•Excellently used Splunk to research and monitor incident management and incident resolution issues.
•Setup Multicast Routing to alleviate the traffic across the network.
•Backup and restore of stop and Cisco ASA Firewall policies.
•Experienced by using API to investigate and inspect data on Palo Alto firewall.
•Manage project task to migrate from Cisco ASA firewalls to examine purpose firewalls.
•Involved in troubleshooting of DHCP and other IP conflict problems.
•Participated in on call support to troubleshoot the configuration and installation issues.
•Configured switches with port security and 802.1x for enhancing customer’s security.
Shell Network and Solutions – Hyderabad, TS, India Jan’12 – Dec’14
Network Admin
Responsibilities:
•Configured Routing protocols such as RIP, OSPF, EIGRP, MPLS, static routing and policy-based routing.
•Project lead for Cisco VoIP Integration for multiple Corporate offices.
•Regular upgrade and maintenance of Juniper Switches & Routers.
•Upgraded IOS, and JunOS images on Cisco and Juniper Devices.
•Efficiently exploitation ServiceNow tool for generation of tickets, distribution severity to incidents, following up with incident standing and troubleshooting incidents.
•Configuring, testing, troubleshooting multiple vendor device platforms like Cisco routing and switching: Cisco ASR9010, ASR901, ASR903, Catalyst Cisco 7609, 2960, and Juniper routing and switching devices: MX960, MX 480, ACX2200, EX2200, ALU service aggregation router: 7705 SAR 8 and 7750 service router.
•Major deployment projects including VOIP, Network Monitoring, and conversion of field locations to MPLS.
•Performing standard network operations via ITIL standard with Incident Management and Change Management.
•Designed expansion of additional offices with Avaya G450 and LSP S8300.
•Maintained Firmware on all TN boards and servers both Avaya and non-Avaya products
•Configure SIP servers, Avaya ERS, RADIUS, RSA and Firewalls for the test beds.
•Configured ACLs on Cisco ASA 5540 firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT, PAT.
•Installing and configuring new cisco instrumentation as well as Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per the need of the corporate.
•Troubleshooting routing issues on Cisco and Juniper routers running routing protocols like BGP, OSPF.
•Provide Wi-Fi configurations and connectivity using Virtual Network Computing (VNC) application for WAP adoptions on Juniper Ex2200 and 2100.
•Installation and configuration of virtualization using VMware.
•Build Clusters on SRX240, EX4200, EX4500 Juniper series and Cisco 3750 switches
•Troubleshooting Layer 2 issues, Spanning Tree protocol, RSTP, MST, VTP, VLAN on Cisco – 6500 series Switches and Juniper EX-4200 switches.
•Experience in troubleshoot network issues including boundary protection devices, Cisco Nortel/Avaya and Bluecoat Proxy Servers.
•Experience in troubleshooting in a Splunk Enterprise environment.
•Configured VLANs with 802.1q tagging & Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
•Install and configure puppet server and Customizing Linux servers using puppet server
•Implementation of TCP/IP & related Services-DHCP/DNS/WINS and Upgrading Firewall versions.
•Administer and manage files on various Linux based servers using SSH Secure Shell, perl, and PUTTY.
•IPv4 addressing, VLANs, Basic WAN (Frame Relay) connectivity and troubleshooting.
•Installation, Configuration and upgrades of Redhat Linux 4/5.
•Worked on configurations and installations Linux servers using PXE and Kick start.
•Provided on-call support for installation and troubleshooting of the configuration issues.
•Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
•Implemented site to site VPN in Juniper SRX3600 firewall as per customer.
•Monitoring and troubleshooting network issues between client site and 85 remote sites with legacy switches and routers.
•Worked on Configuring Juniper MX/EX/QFX routers and switches using CLI.
•Install and configure network monitoring tools like Remedy, JIRA, Change Management.
•Worked on Juniper J series J230, M 320 routers and EX 3200 series switch.
•Design and Implement DMZ for FTP, Web and Mail Servers with Cisco PIX 506, PIX 515.
•Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
•IOS upgrade 1900, 2900, 3500 series Cisco Catalyst switches and 2500, 2600, 3600 series Cisco routers using TFTP.
Certifications:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Checkpoint Certified Security Administrator (CCSA)
F5 Certified Administrator, BIG-IP (F5-CA, BIG-IP)
EDUCATIONAL QUALIFICATION:
Masters in Executive MS Information systems security.
Bachelor of Technology in Electrical and Communication Engineering.
Contact this candidate