Name: Chandrahaas

Email ID: adcmb7@r.postjobfree.com

Phone: 469-***-****

Professional Summary:

Around 8 years’ experience configuring, administrating and troubleshooting infrastructure with Cisco platform Routing, Switching, Security and Wireless Technology.

•Experience working on Cisco Catalyst Series 3750, 3500, 4500, 4900, 6500, 2950; Nexus 2K, 5K, 7K and 9K series switches.

•Installed and Configured Cisco Routers (3600, 2600, 2500), Catalyst Switches (6500, 5500, 3550, and 2900series), Nexus switches (7K, 5K and 2K series) and Palo alto (5250, 5060, 7000, 7050, 7080, 850, 820) series.

•Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a flexible Access Solution for Data Center access architecture.

•Worked on ASR 901, 920, 903 and 9000 series Cisco routers.

•Managed the F5 BIG-IP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs. Wide experience in implementing and managing F5 BIG-IP load balancing.

•Worked on administration and configuration of Check Point Firewall, Palo Alto Networks Firewall and Cisco ASA Firewall applied across global network.

•Configured Cisco Switches 2900 and firewall (checkpoint) Built and support VRRP / Cluster based HA of Checkpoint firewalls.

•Worked on network analyzing tools like tcpdump, WireShark, for monitoring STRM (Security threat Response Manager), NSM (Network Security Manager) for Juniper firewalls.

•Experienced working with security issues related to Cisco ASR 9K.

•Experience in risk analysis, security policy, rules creation and modification of Checkpoint, Cisco ASA, Palo Alto Firewall and Cisco ISE.

•Experience in configuring, deploying and deployment of Cisco Security Manager (CSM) for Management of ASA Firewall series.

•Security Skill Sets - VAPT (Vulnerability Assessment and Penetration Testing), Network Security Experts, IAM (Identity and Access Management), SOC/SIEM.

•Worked on Web Application Firewalls such as AWS WAF and F5 ASM.

•Responsible for the management of McAfee line of the Nexsys Software portfolio.

•Provide McAfee and Checkpoint support to all local and regional SEC offices.

•Experience with Firewalls - Fortinet/FortiGate, & Palo Alto and/or other next generation firewall solutions.

•Experience with F5 load balancers (6400, 6800, and 8800) and Cisco load balancers (CSM, ACE and GSS), also migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.

•Provided Load Balancing towards Access layer from Core layer using F5 network Load balancers.

•Expert level experience with Cisco ASA products, Riverbed Virtual Services Platform (VSP) and Big-IP F5 Load balancers.

•Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a Spine and Leaf architecture.

•Configure and troubleshoot Fortinet equipment including Fortigate (Firewall) and Fortiweb (WAF).

•Responsible for configuring and maintaining communications including Internet connections, VPN, Checkpoint firewalls, point to point connections, and remote access and VPN technologies

•Security Skill Sets - VAPT (Vulnerability Assessment and Penetration Testing), Network Security Experts, IAM (Identity and Access Management), SOC/SIEM.

•Troubleshooting Cisco Wireless devices using Cisco Meraki.

•Support and troubleshooting during cutover while implementing Cisco firewall configuration from other vendor firewall (like Checkpoint, Juniper, MacAfee sidewinder).

•Partnered with Lead CPPM to ensure organizational readiness to realize effective project plans.

•SQL Server, Visual Studio. Network Security: Vpn-1/Firewall-1, Advanced Black Ice firewall

•Focused on working with Cisco Channel partners to build practices around Cisco ACI.

•Proficient in Cisco IOS for configuration & troubleshooting of routing protocols (MP-BGP, OSPF, LDP, EIGRP, RIP, MPLS and BGP v4).

•Worked on frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATING, sub-netting, also including DNS, WINS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP.

•Provide hands on management of Data Center services, including rack and cable management Experienced in the evaluation, testing, configuration and implementation of Palo Alto firewall security solutions across enterprise networks. Experience also includes working with other vendor firewalls like Cisco's ASA Firewall, Checkpoint Firewall and the Fortinet Firewall.

•Experience in IP addressing and subnetting with VLSM, configuring and supporting TCP/IP, DNS, installing and configuring proxies.

•In depth understanding of IPV4, IPV6, Subnetting implementation, VLSM and ARP, reverse & proxy ARP, Ping Concepts.

•Responsible for Management and documentation of Checkpoint, Fortinet and Cisco ASA Firewalls.

•Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzing results and implement and deliver solutions as an individual and as a part of the team with good verbal/written communication.

Technical Skills:

Cisco routers Cisco 7200, 2800, 2600, 3945, 3600(ISO -Version 12.0, 12.2)

Cisco Switches Cisco Catalyst 6509, 6513, 3650, 3850, 4500X, (IOS- Version 12.4)

Cisco nexus data center switches 7000, 5000 (NX- OS version 5.1, 5.2)

Load Balancer Cisco CSS, F5 Networks (Big-IP)

WAN Optimization Cisco WAAS, PPP Multilink

Routing OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching

VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast Operations, Layer 3 Switches, Ether channels, Transparent Bridging,

Firewalls Checkpoint, Cisco ASA, Fortinet, Palo Alto, McAfee, NAC, Qradar

Education: Bachelor in Electronics, Andhra University-2012, India.

CERTIFICATIONS:

Cisco Certified Network Associate (CCNA)

Experience:

Client: DHL Americas - Miami, FL May 2018 – Till Date

Role: Sr. Network Security Engineer

Responsibilities:

•Makes recommendations on existing projects to improve network security Created Change Requests, Method of Procedures (MOPS) and assisted on-call migrations and changes.

•Performed Level 3-4 troubleshooting and analysis of disaster recovery issues, security implementations, firewall configurations, vulnerability assessments, and intrusion detection and analyze, customer consultation.

•Creating network object groups and Access Control lists and Object group services on Cisco ASA 5500 as per client needs.

•Involved in the integration of F5 Big-IP load balancers with Checkpoint firewalls for firewall load balancing and was responsible was trouble shooting and maintenance.

•Worked with a team in firewall policy management and support on Cisco ASA 5585X, 5540, PIX and Checkpoint Firewalls 12K, 13K.

•Knowledge & experience in network protocols, packet analysis, Cisco ISE, Cisco & Aruba Wireless Controllers and Accesspoits.

•Deployed and managed Cisco Meraki products SD-WAN including Cisco Meraki Security Appliances (MX25, MX450, MX400, MX600 and MX100), Cisco Meraki switches and Cisco Meraki Wireless Aps (MR84, MR74, and MR52).

•Experience with remote access and VPN technologies.

•Worked extensively on firewalls and VPN gateways Checkpoint, Blue Coat Web Gateway, CISCO, Juniper, Fortigate GUI and Shell.

•Experience in creating virtual domains for employing proxy servers on Fortinet firewalls. Configuring VPN both B2B and remote access SSL and centralized policy administration using Forti Manager, building FortiGate High Availability using FortiGate Clustering Protocol (FGCP).

•Configuring & managing around 500+ Network &Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, BlueCoat Proxies and Riverbed WAN Optimizers.

•Telnet into Cisco router to configure and update interface, and subnet TCP/IPv4.

•Troubleshoot and Worked with Security issues related to Cisco ASA, Checkpoint, Fortinet, IDS/IPS.

•Manage the firewall deployment, rules migrations, and firewall administration.

•Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.

•Used QRadar to check logs for troubleshooting firewall as well as network issues.

•Migrated network from EIGRP to OSPF.

•Cisco Viptela SD-WAN, Cisco Wi-Fi, Meraki Wi-Fi, Cisco core routing and switching, WAN (MPLS/BGP)/LAN routing and switching.

•Demonstrated experience with IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.

•Configured and implemented Fortinet Security Systems Firewall.

•Management of proxies, firewalls and F5 load balancers.

•Configuring iRules on F5 Load balancers.

•Migrated from Cisco ASA to Palo Alto.

•Management of Checkpoint, Fortinet and Cisco ASA Firewalls.

•Work on Change Management for migration from Cisco ASA to Palo Alto.

•Used KIWI monitoring tool to troubleshoot network issues.

•Implemented VLAN, VTP domain, Trunking and Ether Channel on Cisco 5500 switches.

•Virtual Private Networks on CISCO ASAs with Any Connect, Cisco ISE for authentication, as well as site to site VPN.

•Troubleshoot and Worked with Security issues related to Cisco ASA, and IDS/IPS firewalls. Large scale Deployment and installation of Juniper SSG5, Cisco ASA, and Fortinet firewalls.

•Monitors network performance and implements performance tuning when necessary.

•Worked with IPSEC VPN and B2B VPN design connection and protocols, IPSEC tunnel.

•Upgraded with Nexus 9k, 7k and 5k switches to deal with the vulnerability issues.

•Manage firewall/security systems by establishing and enforcing policies.

•Work closely with colleagues to meet team goals and improve processes and practices.

•Performs network and security hardware and software maintenance.

•Performs maintenance and management of assigned security technologies and functions that include firewalls, authentication devices, encryption, event log monitoring, reporting, incident response, security analysis and/or

•Researches, evaluates, designs and implements new/improved security software and/or devices that meet risk management objectives.

•Responsible for Management and documentation of Checkpoint, Fortinet and Cisco ASA Firewalls.

•Designed and implementation of the ASCO facility in Stillwater, I designed and configured all networking equipment including Palo Alto Firewalls, HP switches, and Blue Coat Wan ACC Also implemented MPLS network back to Belgium.

•Upgraded Panorama version 7.0 to 8.0 on Palo Alto Firewalls.

•Provides third level technical expertise in the identification and resolution of security related issues/events

•Provide support for DMZ’s creating and developing DMZ designs IDS signatures to meet new and emerging technologies threats.

•Prior experience with Cisco ISE support for both RADIUS/TACACS and security group tagging.

•Troubleshoot, diagnose and resolve complex security attacks.

•Performed DDOS mitigations and analysis.

•Troubleshooting the Network Issues onsite and remotely depending on the severity of the issues.

•Perform research and provide direction on new and emerging security technologies.

•Help to develop response processes, rules and alert notifications.

•Install, configure and maintain Network Security devices. This includes software installation, patches, and upgrades.

•Basic knowledge configuring CISCO networking devices.

•Hands-on experience with all phases of firewall and network operations, firewall change requests, firewall configuration, network services, and network security.

•Ability to troubleshoot complex multi-vendor network issues in the LAN and WAN networks and working with multiple application and system teams to identify bottlenecks and other network configuration issues

•In-depth knowledge in the area of deep packet troubleshooting with Wireshark and/or Riverbed ACE Analyst and tcp-dump.

Client: Wyndham World Wide - Orlando, FL May 2016 – Apr 2018

Role: Sr. Network Security Engineer

Responsibilities:

•Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).

•Involved in Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter VLAN routing, LAN security etc.

•Implemented with Cisco Layer 3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, HSRP, ISL trunk, ether channel.

•Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Ether Channel implementation on ASR 9K redundant pair.

•Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment.

•Provided support for 2Tier and 3Tier firewall, which includes various Checkpoint, Cisco ASA firewalls and Fortinet Firewalls.

• Worked on Design implementation of new data center with products ranging from cisco, ASA with Firepower, Dell Switches, Cisco Meraki, and VMware NSX.

•Provided remote Technical support on implementation of technology using various Juniper Network & Security products and applications and resolve product related issues through research and troubleshooting.

•Experience with next-generation firewalls like Checkpoint firewalls, Cisco ASA, Fortinet firewalls, Palo Alto Firewalls, Cisco WSA/CWS, VPN, Cisco ACS, Cisco ISE, IPS.

•Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series, Access control lists, ISDN, ATM, load balancing switches and configured IPX/SPX, HDLC, BGP, EIGRP, OSPF and VRRP on various sites.

•Setup simplified and traditional VPN communities, and Cisco Any connect.

•Responsible for the secure development lifecycle environment form NX-OS to Application Centric Infrastructure (ACI) in Data center, implemented in the lab environment.

•Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.

•Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.

•Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.

•Troubleshoot and Worked with Security issues related to Cisco ASA, Checkpoint, Fortinet, IDS/IPS.

•Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto.

•Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.

•Involved in Configuration of Access lists (ACL) on checkpoint firewalls for the proper network routing in B2B network connectivity.

•Configured systems log on the Palo Alto firewall and moved the logs to Splunk.

•Worked with Palo Alto firewalls PA5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.

•Worked extensively in Configuring, Monitoring and Troubleshooting Palo Alto with ACL, NAT, Object Groups, Failover and Multi-Contexts.

•Configured, troubleshoot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, hardware or software problems.

•Implementing and troubleshooting (on-call) IPSec VPNs for various business lines and making sure everything is in place. Implementing IPSec and GRE tunnels in VPN technology. Designed, configured, implemented site-site VPN on Cisco ASA 5500 firewall.

•Worked with Data Center Network Manager offers intuitive, multi-fabric topology which supports VXLAN, Layer 2, Virtual Port Channel, Virtual Device Context, Virtual SAN.

•Configured Trunk ports and implements granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network.

•Installing and configuring new Cisco equipment including Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per the requirement of the Organization.

•Worked as a part of data center deployment where we converted from Cisco 6500 to Nexus.

•Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.

•Monitored and managed networks using Cisco Works tools and Wireshark.

•Utilize network monitor tools such as Solar Winds to track network problems and outages

•Support customer with the configuration and maintenance of ASA firewall systems. Troubleshooting of protocol-based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow.

•Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.

•Managing and providing support to various project teams with regards to the addition of new equipment such as routers switches and firewalls to the DMZs.

Client: Business Wire - San Francisco, CA Jan 2015 – Apr 2016

Role: Network Security Engineer

Responsibilities:

•Assisted in troubleshooting LAN connectivity and hardware issues in the network of 500 hosts.

•Performed client requirements to provide solutions for network design, configuration, administration, and security.

•Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.

•Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.

•Worked on Juniper series of firewalls. These include Netscreen 5GT, 208, SSG 5, 140, 550, 550M and high end firewalls like ISG 1000, NS 5200.

•Performed migrations from Checkpoint firewall to Palo Alto using the PAN Migration Tool.

•Created a backup and recovery policy for software application and verified peripherals are working properly.

•Monitor performance of network and servers to identify potential problems and bottleneck.

•Performed RIP & OSPF routing protocol administration. Support services to reduce the downtime on leased lines.

•Troubleshoot problems day to day basis & provide solutions that would fix the problems within their Network.

•Maintenance and Troubleshooting of connectivity problems using Ping, Traceroute.

•Provides Local & Wide Area Network and Network Security Support.

•Involved in configuring and troubleshooting Juniper Firewalls including UTM features like anti-virus, deep inspection (IDP), URL filtering and screening.

•Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.

•Designed and Implemented plan for migration from existing Catalyst switches to Nexus and configured NX-OS Virtual Port Channels, Nexus port profiles, Nexus VPC peer links on Nexus 5k and 7k

•Acquitted with Cisco Meraki for Cisco Wireless Devices Monitoring, managing and troubleshooting Cisco Wireless devices using Cisco Meraki.

•Experienced in configuring and maintaining Security Policies, NAT policies, IPSEC tunnels on various firewalls like Palo Alto, Cisco ASA/ Firepower, Checkpoint firewalls and SIEM solutions like Logr Rhythm and McAfee.

•Cisco ASA/Checkpoint, Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network.

•Supported and executed migration to F5 BIG-IP LTM/GTM ADC Appliances from Citrix NetScaler

•Participated in the installation, configuration, and post-installation routine operational tasks and configuration of the Cisco Nexus Switches.

•Worked with Host Master for shared web hosting and managed Web Application Firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark

•Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH)

•Provided full visibility and notification of authorized and unauthorized network access with the integration of Cisco ASA and NAC solutions. Performed Load balancing using F5 BIG-IP LTM ADC 6400, Cisco ACE 4710.

•Provided redundancy in a multi-homed Border Gateway Protocol (BGP) network by tunings AS-path

•Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.

•Performed all maintenance tasks on the Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers InfoBlox DNS and Cisco ACI.

•Responsible for converting existing rule base onto new platforms.

•Responsible for Checkpoint, ASA, Palo Alto Firewall management and operations across global networks.

•Analyzed customer application and bandwidth requirements, ordered hardware and circuits and built cost-effective network solutions to accommodate customer requirements and project scope.

•Involved in Design and Implementation of complex networks related to extranet clients.

•Troubleshooting the N/W Routing protocols (BGP, EIGRP, and OSPF) in Migrations and new client connections.

•Manage operational monitoring of equipment capacity/utilization and evaluate the need for upgrades; develop methods for gathering data needed to monitor hardware, software, and communications network performance

•Worked towards the key areas of the project to meet SLA's and to ensure business continuity. Involved in meetings with engineering teams to prepare the configurations according to the requirement.

•Creating change tickets according to the scheduled network changes and implementing the changes.

•Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.

Client: Amtrak - Washington, DC Jan 2014 – Dec 2014

Role: Network Engineer

Responsibilities:

•Supported Various CE Routers such as Cisco 3640, Cisco 7200VXR, Cisco 7600 series, Cisco 2600 series for various customer features such as EIBGP load balancing, ORF, EBGP peering.

•Configured and trouble shooted Route-Reflectors to support IBGP peering within the AS.

•Configured routers and coordinated with LD Carriers and LECs to turn-up new WAN circuits. Configuring, Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and troubleshooting. Responsible for implementing QoS parameter on switching configuration.

•Responsible for time to time upgrade network connectivity between branch office and regional office with multiple link paths and routers running HSRP, EIGRP in unequal cost load balancing to build resilient network.

•Managed VLAN architecture and HSRP for default gateway redundancy.

•Involved in implementation and troubleshooting of protocols and technologies, especially in the following: BGP4, EIGRP, IPv4 and Ethernet.

•Maintained BIG IP F5 APM VPN and provided solutions for intricate issues.

•Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issue Other responsibilities included documentation and support other teams

•Worked on various BGP features such as Route-Refresh, AS-Override, EIBGP load balancing and various BGP attributes such as Local Pref, AS-Path.

•Designed and implemented VLAN using Cisco switch catalyst 1900, 2900, 5000 & 6000 series.

•Installed Cisco IOS 12.0 to 12.4 for Routers (Cisco7600, 7200vxr) & configured Switches (3750, 3550, Cat6500).

•Configured QoS to provide proper priority and queuing based on type of the traffic.

•Implemented QoS using CBWFQ, LLQ and DSCP based policies. Configured WRED on egress policies as per Cisco QOS design.

•Maintained BIG IP F5 APM VPN and provided solutions for intricate issues.

•Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating

•Participated in on call support in troubleshooting the configuration and installation issues.

•Provided Technical support in terms of upgrading, improving and expanding the network.

Client: Tera Soft, India Jun 2012 – Sep 2013

Role: Network Engineer

Responsibilities:

•Responsible for adding Policies to the SRX 3600, 240, ISG firewalls and monitoring the logs.

•Interacted with the customers and on call support to troubleshoot the issues.

•Upgraded IDP on the NSM and migrating firewalls.

•Extensively involved in administration & Maintaining of Netscreen Firewall using GUI and using NSM.

•Involved in Implementation, administration: Design / Configuration changes, Defining events/signatures policies and its actions, Logging and Log analysis.

•Managed VLAN architecture and HSRP for default gateway redundancy.

•Supported various LAN environments consisting of Cisco 6500 series switches. Configured ether channels, trunks, VLans, HSRP in a LAN environment.

•Responsible for maintaining and updating VPN Gateways for ensuring force of latest Security policy to deny all input requests from all non-compliant devices.

•IPSEC VPN (site-to-site), client to site VPN’s on Cisco 3000 Concentrators and Cisco VPN client.

•Managed Radius Server on Sun Solaris 10 (Sun-Fire-480R) for authentication.

•Handled virus protection servers (McAfee) and deployment of virus scan and desktop firewall across organization to meet 100% compliance of latest DAT files.

•Documented all communication with the clients.

•Provided remote Technical support on implementation of technology using various Juniper Network & Security products and applications and resolve product related issues through research and troubleshooting.

Contact this candidate