Post Job Free
Sign in

Data Center Palo Alto

Location:
Chicago, IL
Posted:
January 07, 2025

Contact this candidate

Resume:

Name : Yawar Ali

Email : ***********@*****.***

Contact : +1-312-***-****

Professional Summary:

• Over 9+ years of experience in the design, implementation, support, and maintain 24x7 network services serving as one of the highest levels of escalation for network and security issues. Make ongoing recommendations of network policies and standards., troubleshooting and documentation of LAN/WAN networking systems in Branch, telecommunication and Data Center environments

• Hands - on experience in configuring Cisco routers/ Switches to perform functions at the Access, Distribution, and Core layers.

• Installation, configuration and maintenance of Checkpoint, Cisco, Palo Alto, Juniper, Fortinet Firewalls.

• Solving issues in intra wireless n/w like dealing with access controllers and access points.

• Excellent working knowledge of TCP/IP protocol suite and OSI layers.

• Experience in configuring and troubleshooting IPSEC site to site VPN solutions.

• Working experience with Datacenter Switches such as Nexus 2K, 5K and 7K.

• Solid understanding of GSM, UMTS & LTE Network architecture, Call flow and Traffic Engineering

• Working knowledge of transport connectivity such as T1, CAT5&6 Ethernet, DS1, DS3, Fiber, OC3 and OC12, OC48

• Hands on experience on Checkpoint UTM and NGX series Firewall and Application URL filtering, and strong understanding knowledge on PALO ALTO Product firewall.

• Having proposals of change the environment form NX-OS to Application Centric Infrastructure (ACI) in Data center, implemented in the lab environment.

• Responsible for Checkpoint and Cisco ASA firewall administration across our global networks.

• Experience in Tier- 2 support, BMC Remedy tool, NMS ticketing system, network troubleshooting, handling escalation, and Root cause analysis (RCA) and SLA's.

• Hands on experience on Meraki SD-WAN wireless devices MX65, MX84, MX100 series.

• Hands on experience with ACI (Application Centric Infrastructure) with spine and leaf architecture.

• Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment.

• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN, Trunks, VTP, Ether channel, STP, RSTP and MST

• Proficiency in configuration of VLAN setup on various Cisco Routers and Switches

• Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy

• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools

• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, AAA (TACACS and LDAP)

• Proven ability in problem-solving, decision analysis, prioritizing work flow, multitasking and team collaboration and Demonstrated leaderships skills and have ability to lead team if necessary

• Design WAN solution using the AutoVPN technology with Cisco Meraki MX security appliances including DC to DC failover and SD-WAN capabilities.

• Primary responsibilities include daily support of Palo Alto Firewalls. Cisco ISE, Cisco Fire SIGHT/FirePOWER, Client VPN and Multi-Factor Authentication, and IP space administration.

• Experienced in developing Web Services with Python programming language.

• Strong hands on experience on PIX, Firewalls, and ASA Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ &RADIUS).

• Expertise in VOIP protocols like H.323, MGCP, SIP, and SCCP.

• Experienced with Python frameworks like Webapp2 and Flask

• Good Knowledge of Python and Python Web Framework Django Technical Skills:

Routers Cisco 2600, 2800, 3600, 4400, 7200, 7609 Series,7600, Cisco CSR, ASR1k, ASR 9k, ISR4k, ISRG2. Switches Cisco 2900, 3500, 3700, 5000, 6500 Catalyst Series, Cisco 7000, 5000, 2000, Switches 9K series Firewall

Checkpoint R65/R70/R75/R77/Provider-1 firewall, Palo Alto, Cisco PIX 500 series, Cisco ASA, IDS CISCO IDS 4520 Juniper, Imperva SharePoint 2010, Imperva WAF, FortiGate Load Balancer F5-Big-Ip, LTM, Ax10

Communication

Protocols TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP Routing Protocols BGP, ISIS, OSPF, EIGRP, VRRP, HSRP, GLBP, RIP2, Infoblox Switching Protocols STP, RSTP, PVSTP, VTP, ARP, VLAN IP Services DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN WAN Technologies ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS Network

Technologies IPsec, GRE, NAT/PAT, ACL, IPv4, IPv6

Network tools Wireshark, Cisco Anyconnect, AirWatch Software Sniffer Pro, Microsoft FIM, MS Lync, MS Exchange, Trunking and STP Operating Systems Windows XP/7/8, Linux

Riverbed, ASP 9K

Scripting languages C#, Perl, Python, PowerShell, TCL, Bash PROFESSIONAL EXPERIENCE:

Client: NBC Universal,NY July 2022 – Till Date

Role: Sr Network Engineer

Responsibilities:

• Managed multiple large-scale projects in a fast-paced environment and provided leadership to other members of the team for the 58 branches of Confidential across United States and 1 branch in India. Quickly turned business problems into technical solutions. Managed configurations and the deployment of equipment in compliance with established technology policies. Recommended technical solutions that will enhance performance, increase redundancy, and add flexibility to the existing infrastructure. Troubleshoot network outages and report of network performance issues. Maintain system and network availability and monitoring of services. Participated in rotating 'on-call' schedule with engineering team.

• Maintained the appropriate relationships with 3rd party vendors and evaluate vendor hardware, software, and communications products and to provide recommendations for purchases with ourcorporateobjectivesinmind. Performed capacity planning in various scenarios. (Single/Redundant Circuits, Load Balancing, Aggregation, etc.)

• Performed Office move for san Jose branch.

• Having experience in Cisco Security Solutions; Cisco ASA, Cisco ISE, FirePOWER services (or Sourcefire), AMP for endpoints, and related security tools.

• Installed, Configured new Waps for the entire office in Aerohive manager.

• Updated QoS and DHCP scripts on the switches of the various branches of Confidential as the UCaaS project went live in production.

• Installed Operating System and configured kernel parameters for Linux /Unix servers.

• Updated the Network Diagrams in VISIO.

• Experience with Aruba/Ruckus Wireless Controllers, Access Points and IAP. Aruba ClearPass (TACACS/AAA), Fortinet Forti manager, Aruba Airwave, Aruba Glass, and Backbox (Backup Network Devices)

• Designed and implemented a POC of Cisco ISE vs Aruba ClearPass NAC solution for the corporate network wired. Aruba Networks Wireless (AP225, AP335, WAC 7210, 7240, 3400, 3600).

• Played a key role working with various teams for deploying Aruba ClearPass Policy Manager (CPPM)

• Implement Aruba Wireless infrastructure using Aruba controllers & Access Points.

• Configured Aruba access points troubleshoot connectivity issues with Aruba access points Surveyed, designed and implemented wireless network infrastructure solutions for both indoor and outdoor environments for multiple clients in several distinct markets.

• Worked on various security tools like Aruba Activate, Aruba Activate, Bluecoat, Websense, Source fire, EM7, CADA authentication etc.

• Hands-on experience in some of or all following areas: HSRP, QoS, DMVPN, SSL VPN/IPSec VPN, Wireless technologies, DHCP management, Firewall skills and MPLS services framework, SD-WAN (IWAN, Viptela, Silver Peak, Riverbed) implementation and migration experience.

• Rewrite existing Python/Django modules to convey certain format of data.

• Worked on Aruba Activate and Aruba Airwave for whitelisting and blacklisting the Aruba devices for the users.

• Managed Qradar offenses and monitor logs. Scan email links and attachments in Fire Eye to determine if they're malicious.

• Triage Qradar offense based on severity and type of the offense.

• Create/modify Qradar rules to reduce false positives.

• Integrating Duo authentication to replace crypto card.

• Providing crypto tokens for new users.

• Creating and manage Duo accounts.

• Involved in troubleshooting network traffic and its diagnosis using tools like ping, traceroute, Wireshark, TCP dump, and Linux operating system servers.

• Hardware experience includes Ubiquiti, Meraki, Cisco, HP Aruba, and Ruckus wireless systems.

• Installed Linux OS and configured required network on the virtual machines.

• Maintaining Exabeam, making sure it's up to date and resolve any issues with the tool.

• Improving process flow of Qradar offenses.

• Making sure Qradar is working normally during business hours. Environment: F5, NGX R55 and R65, Checkpoint, Meraki, Fortinet, Bluecoat, Nexus 9396, 7010, 5548, 5520, 2248, Cat 6880, VPC, VDC, VRF, VSS, Alcatel 7750, Cisco ASA, BGP, VPLS, OSPF, EIGRP, QOS, VPM, SDN Solarwinds, STP, VLANS, VTP, Port-Channel, and Switch Stacking.

Client: One Inc, CA March-2020 to June-

2022

Role: Sr. Network Engineer

Responsibilities:

• Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms.

• Configuring, Administering and troubleshooting the Checkpoint and ASA firewall.

• Excellent analytical and problem-solving skills.

• Perform Custer configuration, backup and restore the current Gateway installation

• Analyzing the IPS logs and adjusting the protect mode. Using Smart Update, User Management and Authentication in Checkpoint firewall. Ability to quickly evaluate project needs and provide appropriate solutions in a timely fashion.

• Good understanding of OSI Layers and TCP/IP models, IP Addressing and Sub netting.

• Strong working experience with Layer-2 & Layer-3 Protocols: VLANs, EtherChannel & Trunking, all STP, VTP, HSRP, VRRP, GLBP, CoS

• Experienced on metro and long-haul DWDM infrastructure: Nokia (Alcatel-Lucent) 1830 PSS32/16, Fujitsu FW 9500/7500/4500/4100, Huawei OSN 7500/6800/3500.

• Expertise in designing, lab testing, implementation and operations of IP/MPLS network: Nokia (Alcatel-Lucent) 7750/7705/7210, Cisco CRS-16/ASR 9K Series SAR.

• Experienced and proficient with CLI on Nokia (Alcatel-Lucent) SR OS, Cisco IOS-XR.

• Designed Service, upgraded/configured ALU’s IP/MPLS products (e.g. 7x50 SR/ESS, 7705 SAS, 7210)

• Experienced on IP/MPLS/Multicast related protocols and L2/L3 VPN services: OSPF, IS-IS, BGP, MPBGP, PIM, IGMP, MPLS, LDP, RSVP-TE, VPWS, VPLS, VPRN, QoS.

• Experienced on provisioning and management of IP/Optical network using management tools and protocols: CLI, TL1, WebUI, GUI (Nokia 5620 SAM/1354 Ph.M., Fujitsu NetSmart1500/500).

• Designed and implement MPLS VPN network for cell-tower backhaul of WIND Mobile consisting of 6 core routers and 100+ access routers: Nokia 7750 SR-7, 7705 SAR-8/SAR-F.

• Strong working experience with Static, RIP, EIGRP, OSPF & BGP Routing protocols

• Design implement and managing Wide Area /Local Area Networks and Networking Devices administration

• Implemented and managed SIEM - IBM Qradar suite of products, QRadar SIEM, Qradar Vulnerability Manager (QVM), Qradar Risk Manager (QRM), Qradar Incident Forensic (QIF), Splunk.

• Worked with IBM Qradar SIEM Integration and responsible for integrating the log sources with IBM Qradar.

• Developed a correlated picture of what is occurring right now in an enterprise through integration of information from a variety of devices with QRadar SIEM tool, then normalizing and correlating the information to develop modules that provides real-time (or near real-time) reporting in SOC.

• Integrated other security products to QRadar SIEM through various communication protocols, event correlation for vulnerability detection and flow (JFlow, NetFlow) analysis.

• Familiar with Wireless technologies (3G, 4G/LTE) and Datacenter technologies

• Knowledge of IP networking and network security

• Knowledge in Peripheral Component Interconnect (PCI)

• Configuring and troubleshooting 802.1X and Inter VLAN routing

• SME with Cisco Switches, Routers and Protocols

• Worked with ISR 4k, ASR 1k, CSR 1000v and other IWAN compatible routers. strong hands-on experience in installing, configuring, and troubleshooting Cisco devices like Cisco CSR, ASR1k, ASR 9k, ISR4k, ISRG2.

• Knowledge on virus prevention

• Configure and troubleshoot Remote access and site to site-in Checkpoint & ASA firewalls.

• Configure and Troubleshoot IPSec S2S, Remote Access and SSL VPN on ASA firewall and Checkpoint Firewalls.

• Expert Level Checkpoint Firewalls Administrator. Network Topology Configuration Expert.

• Windows & Red Hat Servers Network Configuration including User Management Active directory and mail servers - Exchange and Cloud.

• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.

• extensively on ClearPass, Aruba wireless AOS, Airwave, networking, 802.1x, ClearPass Deployment & Integration Experience, ClearPass TACACS

• Migrated from Cisco ISE to Aruba ClearPass for wireless and 802.1X authentication in the Bank. Tested and Certified Aruba ClearPass Policy Manager 6.6.7 for Bank Infrastructure. Upgraded from 6.6.2 to 6.6.7. Configured extension on ClearPass to enable Multi factor authentication. Integrated Safe pass application to ClearPass

• IT and Help Desk Expert on Hardware and Software.

• Familiarity with Cloud Security and Cloud Disaster Recovery

• Experience with Cisco ISE platform and Cisco FWSM.

• Knowledge on Huawei & Juniper Routers, HP & IBM blade switches. Knowledge of Active Directory, DNS, Certificate Services (PKI)

• Configuring QOS on Routers and Switches. Experience with VMware, Cisco VPN and Citrix

• Worked on Cisco ASA Software

• Working experience with A10 and F5 Load Balancer

• Installation/upgrade of antivirus server and providing end point security with Trend Micro Office scan.

• Installation of Windows 2003 enterprise and standard editions, R2, Windows 2000 standard and advanced server editions.

• Experienced in DHCP DNS, AD, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management and system troubleshooting skills.

• Experienced systems Engineer and lead technician, setting scope and deliverables, timelines, budgets and maintaining communication between layered teams.

• Thorough knowledge of the installation, termination and troubleshooting of the physical layer and data link layer of the OSI model .

• Contributes a multifaceted data systems skillet with strong business and accounting acumen to drive successful projects and meet modern infrastructure challenges.

• Keep the antivirus section of the network up to date with current versions of antivirus software, latest signatures and relevant documentation.

• Configuring and managing syslog server, automatic configuration backup using event Manager, Archive command scripts

• Vendor coordination for all Network, Security and Wireless services

• Capture and Analyze the logs using Wireshark, NetFlow, Syslog Providing technical security proposals, detailed RFP responses, security presentation, installing and configuring ASA firewalls, VPN networks and redesigning customer security architectures.

• Experience with managing the completed end to end site solutions

• Involved in Datacenter build and support, Implementation, migrations network support, Interconnectivity between an old Datacenter and new Datacenter.

• Converting access-lists to Firewall rule sets on FWSM module with 6509-E Catalyst switches

• Involved in setting up Voice VLANs on distribution switches, and configuring access switches ports for AVAYA IP PHONES

• Managing and Troubleshooting SCCM Servers and SCCM Clients.

• Troubleshooting "Package Replication" on DPs among sites.

• Troubleshooting CAZ to Primary replications\Primary to CAZ\Primary to Secondary\Secondary to primary e.g. (Parent to child) and (child to parent replication).

• Working knowledge of Terminal server and the configurations

• Installation of L3 Switching Engine Policy Feature Card & Distributed Forwarding Card DFC3C Environment: 3750, 3550, 3560,3925, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, 7206, 2611, 6748, 6708, 2960, T1 Controllers, Cisco ISE, DS3 Lines (T3 Lines), Fiber and Ethernet cabling. Client: Infor, Ny Nov-2017 to Feb-2020

Role : Network engineer

Responsibilities:

• Installed Nexus 7010 core switches and Nexus 5548 and 2148 server access switches. Configured 7010's with multiple distribution VDC's running EIGRP for route propagation between them.

• Designed and configured IP addressing scheme and eBGP routing strategy for Century Link MPLS network connectivity. Wrote core and remote router configurations and implementation scripts.

• Implemented EEM scripting on the WAN Routers for redundancy and for the Multihoming.

• Working on L3 protocols such as BGP, OSPF and EIGRP also includes static routing and route redistribution.

• Experienced in Configuring/Troubleshooting Routing Protocols EIGRP/OSPF/BGP/RIP.

• Installed and Configured A10 (AX2500) load balancer as SLB for various application in backend.

• Installed and deployed the Controller based Aruba Wireless Access Point.

• Implemented STP, VTP, and Port-channel and advanced technologies like VSS on the Cat 6500's, OTV, and FCOE.

• Worked extensively on Cisco Switches, Routers, ACE and F5 and A10 load balancers, and Net Screen/Pix/ASA/Junos/FWSM/Sonic/ Checkpoint firewalls.

• Worked on Checkpoint Firewall policy provisioning

• Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5520/5540) Series. Administered Cisco Catalyst 29xx, 19xx series switches.

• Trained on Cisco Application Centric Infrastructure (ACI).

• Troubleshoot layer1, layer2 and layer3 technologies for customer escalations.

• IP Allocation & Maintenance for users and other needs throughout company.

• Working on Quality of service QOS and class of service COS implementations for business-critical applications and prioritize traffic for voice and other critical applications utilizing classification techniques like DSCP, NBAR, Traffic shaping and Policing.

• Configured Cisco Voice Security Gateways and implemented the zone-based firewall services. Environment: Nexus 7010, 5548, 2248, VPC, VDC, VSS, VSG, NGX R55 and R65, Cisco ASA, Wireshark, R76, R77, GAiA, Juniper SRX, EEM script, QOS, VPM, Solar winds, STP, VLANS, VTP, Port-Channel, Switch Stacking. Client: GfK - An NIQ Company Aug-2015 to Oct-2017

Role: LAN/WAN Engineer

Responsibilities:

• Responsible for entire LAN and WAN maintenance and troubleshooting of the company network. Involved in the Team of Data Center Operations to perform duties like administration and deployment of Cisco Routers and Switches according to the organization requirements.

• Performed network administration tasks such as creation and management of VLANS, Port security, Trunking, RPVST+, Inter-VLAN routing, and LAN security.

• Worked with Cisco Catalyst 6500, 4500, 4900 switches and Cisco 2800, 3600, 3800, 7200 &7600 series Routers.

• Worked with Routing Protocols of EIGRP and BGP.

• Configured PVSTP+ for loop prevention and VTP for Inter-VLAN Routing.

• Worked on commissioning and decommissioning of the MPLS circuits for various field offices& POPs.

• Deployed Nexus 2000, 5000 and 7000 series switches.

• GRE tunneling & Site-to Site VPN configuration between other two sites in USA.

• Configured ASA 5520 to ensure high-end security on the network with ACLs and Firewall.

• Played responsible role for implementing, engineering, & level 2 support of existing network technologies / services & integration of new network technologies / services.

• Worked with Cisco Layer 3 switches 3560, 3750, 3925, 4500, 6500; Cisco Nexus 5000 and 7000 in multi VLAN environment with the use of inter-VLAN routing, 802.1Q trunk, and ether channel.

• Key contributions include troubleshooting of complex LAN /WAN infrastructure that include routing protocols EIGRP, OSPF & BGP.

• Involved in design, implementation and configuration of HSRP for load balancing on L3 switches on different location of office on the switched network.

• Provided support for troubleshooting and resolving Customer and user reported issues.

• Worked with Network Engineer's in the installation and configuration of firewalls. Environment: BMC Remedy, Cisco ASA 5540, BIG-IP LTM 8900, QOS, Policy-maps, Class-maps, Nexus, VLans, STP, RSTP, PVSTP, VTP, HSRP, Ether channel, BGP, OSPF, EIGRP, MPLS, ATM, PPP, HDLC. SNMP, TACACS+, DNS, DHCP, Basics of WLA Education: Bachlors of Computer Science from



Contact this candidate