SYED IZZATH ULLAH

Senior Network security engineer (Certified)

Cell No: +1-609-***-****

Email id : ads6r6@r.postjobfree.com

Experience : 11+ Years United states citizen Michigan

Linkedin : www.linkedin.com/in/syedizzath

Employer details

Satya Chinta Sr. Bench sales lead Email : ads6r6@r.postjobfree.com Cell No : +91-949-***-****

LinkedIn: www.linkedin.com/in/employersatya

PROFESSIONAL SUMMARY

●Worked on Bluecoat, IronPort, Zscaler Cloud Proxies for Internet web traffic. Worked on Zscaler ZIA, ZPA, ZAPP. Extensive experience with AD group-based policies, URL filtering, Cloud APP control, Zero Trust Network Access using ZPA to replace SSL VPN solution

●Results-driven professional offering a progressive extensive experience and a strong background in Network Engineering, Designing, Integrating, Deploying, Maintaining and Supporting broad range of technologies in Networking and Network Security.

●Strong hands on experience in Installing, Troubleshooting, Configuring of Cisco900x, ASR1k, 7200vxr, 3900, 3800, 2900, 2800 series routers and Cisco Catalyst 6500, 4500, 3850, 3750, 2960, Cat 9k series Switches.

●Hands on experience working with Cisco Nexus 9K, 7K, 5K & 2K Switches. Configuration of VPC, VDC, Peer Gateway, HSRP and FEX on Nexus family.

●Hands on experience in Cisco IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4, MPLS, NAT, VLAN, STP, VTP, HSRP & GLBP.

●Experience working in large-scale environments on L1/L2 troubleshooting, Network Design, IDF and MDF architecture, Datacenter Architecture, Spine Leaf Architecture and support roles, IOS upgrades, downtime procedures, Migration projects to different vendor equipment

●Experience in F5 BIG IP and Cisco ACE Load balancers for load balancing and traffic management of business applications. Migration Experience from ACE to F5.

●Well Versed with Various Network Topologies which includes LAN, WAN, Remote sites, IDF/MDF, DC core, IDR, Extranet, DMZ, WLAN, SD-WAN, Proxies, Firewall, Application Delivery Controllers, SSL VPN, Cloud Connectivity and Security.

●Hands on experience with Juniper EX, QFX Fabric switches and MX, M series routers.

●Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP ability to interpret and resolve complex route table problems.

●Design and configure various Azure and AWS Networking resources like Virtual Network (VNET), IP addressing scheme, DDoS protection, Subnets, Address Spaces, BGP, route tables, hubs and spoke connectivity, shared services, IPSEC tunnels to onsite. Experience connecting on-premises to cloud using Express routes, DirectConnect. Configuring Security groups.

●.Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network.

●Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/)&ASA 5500(5510/5540) Series, Palo Alto, Checkpoint and FortiGate Firewalls.

●Extensive Knowledge on the implementation of Cisco ASA 5500 series and Checkpoint R 75 firewalls.

●Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.

●Worked on Next Gen Firewall features like URL filtering, SSL Forward Proxy, SSL Decryption, APP ID and ThreatID, Panorama in PA firewalls.

●Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Experience with Virtual servers, Pools, Monitors, SNAT, proficient in iRule scripting, Persistence, Profiles, WideIP’s, Zones, Listener IP, Static and Dynamic Load balancing techniques on LTM and GTM.

●Proficient using the F5 based profiles, monitors, VIP’s, pools, SNAT, SSL offload, iRules, virtual Servers, IAPPS. Migration experience from ACE to F5.

●Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches. Worked on Aruba WLAN7200 Series Controllers. Extensive knowledge in all Wi-Fi Standards including 802.11a, b, g, n, ac. Worked on installing of Cisco and Aruba Wireless Controllers. Worked on Cisco CWAP, LAWP, Aruba 225, 325, AP groups, SSID’s, Authentication rules, 802.1X for Wireless etc.

●Experience in working with Cisco Identity Services Engine (ISE) and ACS. Worked on Security groups, tags, AAA profiles on ISE and Aruba ClearPass.

●Knowledge of Cisco Meraki Cloud managed Switches (MS250, MS350, MS410) and SD-WAN (MX 65, MX100, MX400). Worked on Cisco Viptella and Versa SD-WAN.

●Hands on experience on Aruba Activate, Aruba Airwave, Analytics and Location Engine (ALE), ClearPass Access Management & ClearPass Captive portal servers etc.

● Worked on Aruba IAP which supports Zero-touch provision cloud-enabled architecture.Worked on Aruba Airwave for provisioning the IAPS (instant Access points) and Aruba Intermediate switches.

●In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.

●Experience working with cloud network infrastructure with any cloud provider such as AWS and Microsoft Azure.

●Used Python scripting for network sniffing and managed parameters for pool of servers and updated, automated, and migrated different services and software by means of Ansible

TECHNICAL SKILLS

Routers

Cisco 1800, 2600, 2800, 3700, 3800, 3900, 7200, 7600 series, ASR 9k, juniper ACX series routers.

Switches

Cisco Catalyst 3550, 3750, 4500, 6500 series & nexus 7k, 5k, 2k, 1000v, juniper Ex4200, Ex9208, ACX 1000

Load Balancer

Cisco CSS, F5 Networks (BIG-IP) LTM, GTM

WAN Optimization

Cisco WAAS, PPP Multilink, Riverbed

Routing

OSPF, EIGRP, BGP, PBR, Route Filtering, Redistribution, Summarization, Static Routing, TCP/IP protocols, IPV4, IPV6.

Switching

VLAN, VTP, STP, RPVST+, Inter VLAN routing & Multi-Layer Switching Layer 3 Switches, EtherChannel’s, Transparent Bridging

LAN

Fast Ethernet & Gigabit Ethernet.

WAN

Leased lines 64k - 155Mb (PPP / HDLC), Fiber Optic Circuits, Frame Relay, MPLS, DMVPN

Voice

Cisco call manager 8.x, 7.x

IP Telephony

VOIP, ISDN, PRI, Unified Call Manager

Wireless

Cisco 4400, 5500 Wireless Controller (WLC) and 3500, 3700 series Access Points

Firewalls

Cisco ASA, Juniper SRX, Palo Alto, Checkpoint FW’s

Features & Services

IOS and Features, HSRP, GLBP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, FTP and FTP Management

Network Monitor Tool

MRTG, Net brain & SolarWinds & Cisco Prime Infrastructure

Protocol Analyzer

Wireshark, NetFlow

Operating System

Windows (XP, 7, 10), Cisco IOS/XR/XE, Juncos, Pan-OS

EDUCATION

●Bachelor’s

●Engineering

●Osmania University, Hyderabad

CERTIFICATION

●Cisco Certified Network Professional (CCNP)

●Cisco Certified Network Associate (CCNA)

●Palo Alto Security Certified.

PROFESSIONAL EXPERIENCE

Dish Network, CO ( Remote)

Aug 2019 to Present

Senior Network Engineer

Responsibilities:

Managed AD Domain Controller, DNS and DHCP Servers and configurations.

Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication for Wireless and Wired users, 802.1X, EAP, PEAP etc.

Worked with Cisco Channel partners to build practices around Cisco ACI, worked on configuring tenant policies, VXLAN, VTEPS, VNI, Bridge Doamins.

Experience working on Cisco ASR 9K, Nexus 7k and 9K. Configured and designed OSPF, EIGRP and BGP at Distribution and Core layers. Configured OTV layer 2 connection between Data centers, VPC, VDC and FEX on Nexus.

Worked on Juniper devices like M, MX, T routers on advanced technologies like MPLS VPNs, TE and other service provider technologies.

Palo Alto design and installation (Application and URL filtering, SSL decryption, SSL Forward Proxy). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls. Successfully installed PA-5000 series firewalls in Data Center as perimeter Firewalls.

Migration of ASA firewalls to PA next gen Firewalls using migration tool in PA. Migrated all IPSEC tunnels, ACL’s, NAT rules and policies.

Developed a python script, which will parse all trace files and calculate throughput, latency and drop rate.

Intensive applications of Network automation tools and testing for network automation and configuration management using Ansible, Python scripting

Used Python programming and language to develop a working and efficient network within the company.

Worked on Migration from Juniper Pulse to Citrix NetScaler Gateway SSL VPN solution. Configured Policies, End Point Analysis, SSL VPN profiles in NetScaler’s end to end.

Experience with configuring BGP, OSPF in Juniper M and MX series routers. Worked on several BGP attributes like MED, AS-PATH, Local Preference for route optimization. Worked on Route-Reflector, Route-Redistribution among routing protocols.

Experience working with Juniper devices like EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX650, SRX240

Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2960, 3500,7600, 3750, 3850 series, 6500 series) Cisco Routers (4800, ASR 9K, 800), Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls, Bluecoat Proxy and Riverbed Steelhead appliances.

Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using SolarWinds IPAM and Infoblox DNS and DHCP servers. Experience with DHCP scopes, IP reservations, DNS host entries, pointers, delegations, Zones, DNSSecetc.

Provides expert level security and networking knowledge in the planning, researching, designing, and testing of new networking technologies for perimeter firewall security, Intrusion Prevention/Protection System (IPS), DNS and DMZ security, and Internet Security in support of established Info Security program initiatives for the next 3 years.

Worked om migrating from Bluecoat to Zscaler Proxies with Cloud and local Pzens, Policies, integrate with Azure AD.

Worked on network design improvements involving BGP,EIGRP, OSPF, IPmetric tweaking and load balancing.

Customize Layer 2 and Layer 3 networking between VMware, networking components, and storage for high availability and maximum performance.

Extensively worked on virtual F5 LTM module on VMware for application testing.

Participated on VMware, Solar Wind application (ADL) testing team for server consolidation/higher system availability project.

Worked on Checkpoint Firewall to create new rules and allow connectivity for various Applications. Checkpoint is used as an internal firewall for application security in Kodiak network.

Implemented Firewall rules and Nat rules by generating precise methods of procedure (MOPs). Responsible for packet capture analysis, syslog and firewall log analysis.

Experience with F5 load balancers LTM and GTM and reverse proxy design and setup. Migration from A10 to F5.

Experience in F5, Cisco ACE 4710 Load balancers. Migration Experience from ACE to F5 and NetScaler’s to F5. Worked on critical applications on Layer 4 and layer 7 load balancing. Experience with Virtual server, Pool, Node, Profiles – TCP, http, https, ftp, fastl4, Persistence – Source IP, SSL, Cookie, SNAT, iRules, iAPP, SSL offloading.

Experience with F5 GTM and in-depth knowledge of DNS, Global level load balancing, Wide IP’ s, Zones, Prober pools, Delegation from Windows DNS server to listener IP.

High-level network troubleshooting and diagnostic experience using Packet capture tools like Wireshark.

Configured network using routing protocols such as RIP, EIGRP, BGP and OSPF and troubleshooting L2/L3 issues.

Experience with Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater visibility and scalability in a data center environment.

Charter communication, CO

Feb 2017 to July 2019

Senior Network Engineer

Responsibilities:

Juniper SRX Migration to FortiGate Firewalls, F5 Operations, Migration from Cisco 6500 to Nexus family switches, Configuration of Arista Core routers, WLAN, Cisco ISE, Infoblox and SolarWinds.

Troubleshooting FortiGate CPE 80 series firewalls and Fortinet manager along with fore scout Counteract.

Worked on Splunk to analyze logs and write scripts to parse logs in Splunk for various network devices in the environment.

Experience with converting Checkpoint VPN rules over to the Fortinet solution. Migration from Cisco 6500 to Nexus 5k, 2k in FEX mode in access layer and Nexus 7k in Aggregation.

Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with Fortinet Firewalls.

Experience with how to support repeatable, reliable, and scalable network architectures with fault tolerance, performance tuning, monitoring systems, statistics/metrics collection, and disaster recovery

Designing and supporting the consolidation of data centers utilizing Cisco 6500, Nexus 2K, 5K and 7K

Infrastructure.

Worked on configuring Arista Core routers in Data center for Data center Core, WAN core and Internet core routers. Configured OSPF and BGP protocols.

Configure and maintain all FortiGate Firewalls as well as a centralized management system (Forti Manager) to manage large scale Firewall deployments.

Migration experience from Juniper SRX to FortiGate Firewalls.

Created and configured management reports and dashboards using Fortinet and FortiGate manager.

Scripting for automation of processes for Windows Servers. Familiarity with main script languages like Power Shell, PHP, Shell, Perl, Python.

Worked on Python, shell scripting and automation Rest APIs integrations

Automated network implementations and tasks designed monitoring tools using python scripting

Worked on URL Filtering, AD based Policies, SSL Decryption and Layer 7 Security Features on FortiGate Firewalls.

Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators.

Configured Cisco ISE for Domain Integration and Active Directory Integration.

Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network AccessControl integration with Cisco ISE.

Hands on experience on all software blades of Check Point Firewall. 24x7 on-call step-up support as a part of the safety operations team.

Used Python scripting for network sniffing and managed parameters for pool of servers and updated, automated, and migrated different services and software by means of Ansible

Installed and configured Meraki (MX80, MX60) Appliance via Meraki MX400 Cloud. Installed and configured Cisco Meraki (MR66, MR74, MR84) wireless Access points in the warehouses.

Implementation of Cisco Meraki wireless solutions and the deployment of wireless access points.

Worked on the implementation of Cisco Meraki Enterprise Cloud Wireless Bridge/Repeater to extend the LAN for multiple buildings.

Enhanced level of knowledge with, MPLS. Experience with design and deployment of MPLS Layer 3 VPN, MPLS Traffic Engineering, and MP Architecture LS QOS

Worked on Cisco ISE deployment which was a replacement for the ACS and provided new long term and short-term guest wireless services for the Port Authority.

Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.

Hands on experience installing and configuring Cisco ISE 1.3 and later upgrading to 1.4.

Implemented Cisco ISE 2.0 for Wireless 802.1x Authentication and Authorization with Flex connect

Layer 2 Technologies: VSS, STP, VPC, SPAN, OTV, VPLS.

Layer 3 Technologies: QoS, MPLS, OSPF, BGP, Multicast, DMVPN.

Responsible for installation, configuration and troubleshooting of Cisco NAC on both client end and Manager Server.

Configuring user's roles and policies for authentication using Cisco NAC and monitoring the status of logged users in network using Cisco ISE.

Provided full visibility and notification of authorized and unauthorized network access with integration of CISCO ASA and NAC solutions

Worked on F5 LTM, GTM series like 6400, 6800, 8800, VIPRION for the corporate applications and their availability.

Perform Migration from F5 BIG-IP 5000 Series to VIPRION 2200 and troubleshooting.

Installed FortiGate 100E, 6000 & 60E, Fortinet, Forti Manager & Forti Analyzer & utilizing F5 Load Balancing with LDS and BIG, IP.LTM & GTM.

Design, install, configure, troubleshoot, and maintain load balancers including Citrix NetScaler.

Configure and Manage site-to-site IPSEC VPN with different partners. Troubleshoot remote access services like Citrix NetScaler, Cisco VPN clients and for the users to access their enterprise network

Worked on F5 BIG-IP LTM 8900, Citrix and NetScaler configured profiles, provided, and ensured high availability.

Monitored network traffic using tools like Solar Winds, Wireshark, NetScaler, NetFlow.

Support network security devices such as firewalls and proxies on remote access technologies such as VPN and Citrix NetScaler.

Hands on experience designing and implementing networking solutions leveraging multiple services within public cloud providers and/or cross platform APIs (e.g. AWS and/or Azure).

Environment: Nexus 2k/5k/7k, Cisco 6500/7500/7200 Routers, Cisco 3550/4500/6500 switches, Juniper SRX100, Fortinet Next Generation Fire Walls, LAN, WAN, OSPF, RIP, BGP, EIGRP, HSRP, PPP, VPN, Cisco ASA, AWS, TCL, Riverbed, Citrix NetScaler, F5 LTM and GTM, Cisco Meraki.

Eplus, NYC

July 2014 to Jan 2017

Senior Network Security Engineer

Responsibilities:

Implemented Ansible to manage all existing servers and automate the build/configuration of new servers.

Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.

Implementation of Access Lists for allowing/blocking desired traffic.

Responsibilities: Worked extensively in Configuring, Monitoring and Troubleshooting Cisco ASA's 5585.

Packet capturing, troubleshooting on network problems, identifying, and fixing problems.

Experience working in Datacenters environment, configuration changes as per the needs of company.

Configured Policies to allow customer traffic in Juniper Netscreen/SRX firewalls

Support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process.

Contribute to the support forums (specific to Azure Networking, Azure Virtual Machines, Azure Active Directory, Azure Storage) for Confidential Developers Network.

Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and configure 2k, 3k,7k series Routers

Provide support for escalated issues in Azure Platform

Working on Azure for highly available customer facing B2B and B2C applications.

Deploying and managing applications in Datacenter, Virtual environment, and Azure platform as well.

Drafted and installed Juniper SRX Firewall rules and policies

Level 3 support Firewall Engineer (Checkpoint and Juniper SRX)

Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls

Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls

Experience configuring Virtual Device Context in Nexus 7k series switch.

Strong knowledge on networking concepts like TCP/IP, Routing and Switching.

Designed, configured, implemented site-site VPN on cisco ASA 5500 firewall.

Experience with configuring Load Balancing methods in F5 LTM and configured the virtual server.

Working with Checkpoints, ASA’s (Other Remote sites), Palo Alto’s FW’s

Worked in projects converting P2P circuits into MPLS circuits, commissioning and decommissioning of the MPLS circuits.

Performing network monitoring, providing analysis using various tools like Wire shark, Solar winds etc.

Provided proactive threat defense with ASA that stops attacks before they spread through the network.

Designed, Validated, and implemented LAN, WLAN & WAN solution to suite client’s needs.

Sian infra, Hyderabad, India

May 2011-June 2014

Senior Network Engineer

Responsibilities:

Responsible for the implementation and maintenance of firewall-based security zones (DMZ*s).

Provide support to internal project teams by adding firewalls, switches and routers tomanaged DMZs.

Configure the layer 2 and layer 3 on Cisco Nexus 7K, 5K, 6509, 9710, 5596 UP, 4500, 3850, 3950, ASR and 2960

Configured VLANs with IEEE 802.1q tagging, private VLANs, VTP on Cisco 4500 and 6500 series switches. Configured trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.

Worked with Checkpoint, Cisco ASA, and Palo Alto Networks solutions

Experience in HSRP standby troubleshooting & Experience in configuring & upgrading of Cisco IOS.

Implementing & Troubleshooting of T1, MUXES, CSU/DSU and data circuits.

Experience on designing and troubleshooting of complex BGP and OSPF routing problems,

Have sound knowledge of Firewall architecture, routing and VPN.

Have experience working on HP Open view Network Node Manager.

Configured VLANs with IEEE 802.1q tagging, private VLANs, VTP on Cisco 4500 and 6500 series switches. Configured trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.

Upgrade firewalls in accordance with change management & Document changes to firewalls.

Have experience with Cisco Works LAN Management Solution.

Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.

Testing VPC, BGP, OSPF, EIGTP, RIP, SPAN, Sflow, VlanTrunking, SVI and power supplies on Nexus and ASR devices

Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.

Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.

Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data center environment.

Involved in configuring IP Quality of service (QoS).

Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.

Experience in designing, installing & configuring of Cisco PIX, ASA & FWSM (Firewall service module).

Worked extensively in configuring, monitoring and troubleshooting Cisco's ASR 5500

Experience in configuring routing protocols like EIGRP, RIP v2, OSPF & BGP and Cisco ACS protocols like RADIUS and TACACS.

Experienced in WAN environments, installing and troubleshooting data circuit problems (MPLS, T1).

Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment.

Involved in designing GRE tunnels for encryption of data flow from source to destination.

Implemented and deployed VoIP using ASR 1k series SBC (Session Border Controller).

Experience in configuring VLAN’s STP (Spanning tree Protocol) & RTSP (Rapid Spanning Tree Protocol).

Contact this candidate