Senior Network Engineer
Resume:
SURYA PRAKASH
Sr. Network Engineer
************@*****.***
Sr. Network Engineer: Certified Network Security Engineer with 9.2 years of experience in the networking field, I have a deep passion for designing, implementing, and managing cutting-edge network solutions that empower organizations to achieve their goals. Renowned for driving technological advancements, enhancing network security, and optimizing performance to meet organizational goals. My journey has been driven by a love for technology and a commitment to excellence in every project I undertake.
PROFESSIONAL SUMMARY:
Strong knowledge in implementing IP addressing schemes, LAN/WAN protocols, and IP Services, to fulfill network requisites in different environments.
Hands-on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 series, and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Cisco Nexus 7000 series, 5000 series, 2000 series data center switches, Juniper EX/ MX/ SRX series.
Expertise in the implementation of optimization, analysis, troubleshooting, and documentation of LAN/WAN networking systems.
Proficient in Configuring Virtual Local Area Networks (VLANS) using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with troubleshooting of inter-VLAN routing and VLAN Trunking using 802.1Q.
Hands-on in the deployment of GRE tunneling, SSL, Site-Site IPSEC VPN, and DMVPN.
Strong experience on Juniper SSG series Firewalls and Checkpoint R75, 76 Firewalls.
Experience with F5 load balancers - LTM, GTM series like 6800 and 8900 for the corporate applications and their availability.
In-depth expertise in the implementation, optimization, troubleshooting, and documentation of LAN/WAN networking systems.
Well-versed and experienced in routing and switching protocols RIP, OSPF, EIGRP, BGP, and VLAN.
Exposed to handling and troubleshooting issues on NAT.
Working knowledge on configuring access lists. Troubleshooting DNS/DHCP issues within the LAN network.
Involved in troubleshooting network traffic and its diagnosis using tools like ping, traceroute, Wire Shark, TCP dump, and Linux operating system servers.
Sound knowledge of Routing and Switching concepts and MPLS design.
Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
Excellent leadership with good written and oral communication.
Certifications:
Cisco Certified Network Professional (CCNP)
Cisco Certified Network Associate (CCNA)
CompTIA A+
Technical Skills:
Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series
Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series -2k,5k,7k
Firewalls Palo Alto Networks, Cisco ASA, Juniper, Checkpoint, PIX, Firepower
Routing Protocols: RIP v1&v2, BGP, OSPF, EIGRP, HSRP, VRRP, GLBP, FTP, SMTP, SNMP
Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN.
IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN
WAN Technologies: ATM, ISDN, MPLS, Frame-Relay, GRE/IPSEC VPN, DMVPN, services, 802.11, 802.11a, 802.11b.
VPN Technologies: Remote access and site-to-site IPSec VPN, IPv6 transition techniques viz, NAT64 and ISATAP
Monitoring Tools: Packet Tracer, Wire Shark, Solar Winds, What’s Up IP, Nagios and Fluke Networks
L2 Networking: 802.1(D, W, S, X), Ethernet, DHCP, Ether-Channel, VSAT, DCI, IEEE 802.ba 40GbE, 100GbE
L3 Networking: IPv4, IPv6, OSPF, EIGRP, RIP (v2), BGP, MP-BGP, OSPFv3, EIGRPv6, RIP, Advanced Redistribution, VRF
Networking: TCP/IP, OSI Model, Socket Programming, LAN/WAN, Switches and Routers, IPV4/IPV6 Addressing & Subnetting, Ethernet, STP, VLAN, DNS, DHCP, NAT, ACL, HTTP, ISDN, MPLS, 802.11, 802.11a, 802.11b, APLUS Web Services (REST & SOAP), Windows Servers 8 & 12
Tools: Solar Winds, VMware Workstation, Wireshark, Nagios
Scripting Language: HTML, Python, JavaScript, CSS, TCL, Perl.
Cloud: AWS & Azure
Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, Windows 7/8), Linux, UNIX
PROFESSIONAL EXPERIENCE:
Client: State of New York, NY Dec 2023 – Till date
Role: Sr. Network Engineer
Responsibilities:
Implementing F5 LTM and GTM changes using CLI (TMSH and advance shell) configurations and experienced in the administration of F5 infrastructure.
Responsible for Check Point Firewall support and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
Provided redundancy in a multi-homed Border Gateway Protocol (BGP) network by tuning AS-path and Worked with Cisco IOS, NX-IOS, and IOS-XR.
Performed Level 3-4 troubleshooting and analysis of disaster recovery issues, security implementations, firewall configurations, vulnerability assessments, intrusion detection and analysis, and customer consultation.
Creating network object groups Access Control lists and Object group services on Cisco ASA 5500 as per client needs.
Worked on F5 BIG-IP LTM 6400 configured profiles, provided and ensured high availability.
Worked with Host Master for shared web hosting and managed Web Application Firewall (WAF), DNS, and DHCP management using Infoblox and Analyzed networks using Wireshark.
Install, Configure, and Upgrade Checkpoint, Cisco, and Palo Alto appliances in the network and build high availability using ClusterXL on a checkpoint, Active/Standby on Cisco
Developed an AWS security roadmap which included the AWS Services and 3rd party tools to be utilized in the AWS Cloud for Security monitoring.
Migrated virtual machines and applications from on-premises cloud to AWS.
Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
Incorporated Cisco Nexus 9000 NXOS to ACI fabric to work in concert with existing Nexus 7000s and ASRs for Multi-protocol Label Switching (MPLS).
Responsible for installation and troubleshooting of Checkpoint firewall and LAN/WAN protocols Implementing firewall rules and configuring Palo Alto, Fortinet Network Firewall.
Worked on Multi-vendor platform with Check Point, Fortinet, and Cisco firewalls requesting net flow for security compliance, coding, and pushing firewall rules after approval and troubleshoot incidents.
Worked on IPS signatures on the Cisco Firepower management center to reduce false positives by disabling
Responsible for building site-to-site IPSEC, DMVPN tunnels, tunnels failover, and WAF
Worked on a wireless network for providing the day-to-day operations including cisco VOIP Phones and working on the wireless access points.
Creating object, groups, updating access-lists on Palo Alto, apply static, hide NAT using smart dashboard.
Designed and configured Azure Virtual Networks (VNets), subnets, Azure network settings, DHCP address blocks, DNS settings, security policies and routing. Configured and maintained Cisco ASA access lists, Proxy technology, and VMware NSX Policy management and design.
Implemented Contracts, Multi-tenants between Endpoint groups using SDWAN in ACI.
Configured FortiGate, FortiManager, FortiAnalyzer, Juniper, and Cisco enterprise products
Configured trunk and access ports and implemented granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network infrastructure than with the previous generation of switches.
Worked on service now ticketing tool for change controls and tickets for any issues.
Worked on multi-vendor load balancers including F5 Big IP LTM, Cisco ACE and VMware NSX between multiple centers.
Install, configure, manage, and troubleshoot Cisco WSA proxies and reporting.
Implemented Python scripts for pre and post checks and in configuring the devices involved in the events.
Responsible for building the automated tools using Python and testing them.
Worked on the URL filtering and upgradation of Palo Alto firewall from PAN-OS 7.1 to PAN-OS 8.0.
Worked on the migration from Cisco ASA to the Palo Alto firewall and the configuration of User-ID’s, App-ID’s, SSL.
Configurations of Check Point, Palo Alto, Cisco, Juniper, Fortinet FortiGate and SonicWall UTMs
Worked on Next Gen Firewall features like Application and URL filtering, SSL Forward Proxy, SSL Decryption, Web-filter, SD- WAN in Fortigate firewalls.
Used solarwinds to monitor Network devices, upgrade device configurations and also Wireshark to capture packets and analyze the packets.
Configured Cisco ISE for Wireless and Wired Authentication on Cisco Wireless LAN
Configured networks using routing protocols such as RIP, EIGRP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
Assisting with the design and deployment of a Cisco Firepower cluster in the core.
Deployment of enterprise firewalls (Palo Alto Networks, Cisco ASA, Check Point) in production environments.
Involved in configuring Juniper SRX 550 and Cisco ASA 5585 firewall and check point firewalls.
Implemented Access lists and policy mapping on Juniper router installed in each branch across all the locations.
Configuring OSPF, Static and default routing on Juniper MX series Routers.
Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
Participating in the design and planning aspects of the network infrastructure that is installed in the new building and testing of the internal network infrastructure in the new building and troubleshooting and remediating any issues.
Responsible for performing the functional testing and bug verification of L3 protocols using cisco routers.
Configured Cisco ISE for Domain Integration and Active Directory Integration.
Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Upgraded load balancers from adware to F5 BIGIP v9 which improved functionality and scalability in the enterprise.
Installed and configured Cisco Meraki (MR66,MR18) wireless Access points in the warehouses.
Worked with F5, CISCO ACE 4710 Load balancers, GSS and Wireless networks.
Deployed Cisco Catalyst 7509, 6500, 4500, 4000, 3750, 3850, 3560 (Layer 2 through 7).
Deployed and configured Cisco ASR 1000, 7000, 9000 series routers.
Worked with Nexus OS, IOS, CATOS and Nexus 9k, 7K, 5K & 2K Switches.
Worked and working with Cisco ASA 5525 firewalls with current and demonstrated expertise with ACL security in a multi-VLAN environment.
Working with LTM and GTM for scaling and securing DNS infrastructure during high volumes.
Client: Deloitte, NY Sep 2022 – Nov 2023
Role: Network Engineer
Responsibilities:
Troubleshooting the TCP/IP networks for connectivity, outages, and slow network issues and recommended appropriate and cost-effective solutions for the congestion.
Responsible for installation and configuration of Cisco ISR-2901 AX used for providing granular visibility, control and optimization of the Application layer.
Worked on F5 and CSM load balancers deploying many load-balancing techniques with multiple components for efficient performance.
Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST, and other VLAN troubleshooting issues and configuring switches from scratch and deployment.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
Responsible for the implementation and level 2/3 support of existing network technologies services and the integration of new network technologies/services.
Configured legacy route map configurations using the new Cisco IOS XR Routing Protocol Language (RPL)
Designed and implemented F5 ASM layer 7 web application firewalls for the DMZ network.
Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network.
Included the ability to setup, configure, upgrade, manage, and troubleshoot Juniper and Cisco routers, switches, VPN concentrators, firewalls, 802.11 wireless access points, and load balancers.
Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers, and Administrating.
Worked on physical and virtual networks to provide functionality on additional layers on VMware NSX.
Responsible for designing and configuring OSPF, and BGP on Juniper Routers and SRX Firewalls.
Managed and configured Citrix Web Application Firewalls (WAF) and performed day-to-day operations.
Maintain current network posture with Fortinet Fortigate firewalls 300, 1000, 2000, and 3700 appliances.
Implementing security Solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520.
Deployed and Managed SD-WAN network (Cisco Meraki Solution) for WAN connectivity.
Setting up and managing virtual machines on AWS cloud including working on EC2, Route53, RDS, and Lambda.
Deployed applications and host websites on AWS cloud involving Blackboard.
Installation and maintenance of Cisco Layer 3 switches 3750, 4500X, 6500 in multi VLAN environment
Configuration and administration of firewalls, which include Checkpoint, Juniper, and Cisco ASA firewalls.
Designed and configured Arista and Cisco Switches and Routers and reviewed technical requirements for deployment.
Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitoring the Sync status for tasteful replication of traffic between active and standby members.
Conduct regular audits and assessments of network health and security posture using AirWave's monitoring capabilities.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Worked, configured, and troubleshoot Cisco ACI, Layer 2/Layer 3-out, BGP and OSFP
Work with Cisco ASA Firewalls as well as Fortinet FortiGate Appliances. Manage Cisco ASA Firewalls using CLI, CSM (Cisco Security Manager).
Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to Palo Alto Wildfire.
Involved in Switching Technology Administration including creating and managing VLANS’s, Port security, Trunking, STP, Inter VLAN routing, LAN security etc.
Installed new Fortinet firewalls to increase security and network control setup IPS, and Application control, as well as logging for compliance.
Design and implementation of security infrastructure for clients focusing on Cisco Firepower and ASA suite of products
Dealt with Infoblox traffic control products to simplify DNS load balancing operations
Deployed a highly available Cisco infrastructure based on Cisco DNAC, Cisco ISE, switches, routers, and access points.
Working with team in developing and maintaining WSA application.
Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
Configured network using routing protocols such as RIPv2, OSPF and troubleshooting L2/L3 issues.
Configured (L2 & L3) multi-vendor Routers, Ethernet switches and Load balancers (F5, A10 etc.) to meet application requirements and Project demands.
Install, configure, and maintain Linux / UNIX operating systems and components. Diagnosed and resolved problems associated with DNS, DHCP, VPN, NFS, and Apache.
Configuring, upgrading and verifying the NX- OS operation system.
Monitored and Troubleshooted the Meraki AP and Meraki Switches through Meraki Port al, Checking the configuration through Solarwinds, checking device utilization through Vital suite, and updating the tickets on ticketing tool Remedy.
Maintained a 90% resolution rate within SLA timeframes, providing prompt and efficient ticket resolution all time.
Configuring and implementing F5 BIG-IP LTM, GTM load balancers to maintain global and local traffic.
Client: MERCK, BANGALORE, INDIA Sep 2018– Jun 2022
Role: Network Engineer
Responsibilities:
Deploying Palo alto firewall using VMWare NSX and Citrix NetScaler SDX version using L2 and L3 interface with VM-100 and Vm-200.
Worked on Design implementation of new data center with products ranging from cisco, ASA with Firepower, Dell Switches, Cisco Meraki, Vmware NSX.
Configured and Deployed 18 Firepower Threat defense with IPS, IDS, AMP and URL filtering and integrated with Firepower Management Center FMC for 5516-X,5545-X,2100 and 4100 series.
Created new VLANs under FabricPath mode and extend the VLANs from Core to Access Layer switches.
Provisioning and management of Wi-Fi-related devices and other wireless technologies
Monitor traffic and access logs to troubleshoot network access issues.
Implemented Positive Enforcement Model with the help of Palo Alto Networks
Implemented cutting-edge 100G Arista environment for high-bandwidth global collaboration network utilizing VxLAN and EVPN
Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
Implemented Ansible to manage all existing servers and automate the build/configuration of new servers.
Troubleshoot and configured FortiGate CPE 40/60/80/100 series firewalls, FortiGate cloud series 5101C firewalls, FortiAnalyzer series 4000 (logging and reporting server), FortiManager series 3000/4000 (centralized control), and Cisco FWSM
Responsible for implementing, configuring, and maintaining various network devices such as Cisco, Arista, Meraki, Aruba, Cisco WLC, and Ansible Tower Act as single point of contact for client wireless infrastructure for Cisco, Arista, Meraki, and Aruba
Involved in designing Layer 2 VPN services and VPN-IPSEC authentication & encryption system.
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
Worked with network based F5 Load balancers with software module GTM and experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Cisco Load Sharing on Cisco clusters.
Worked with F5 APM sessions and manipulating session using iRule and configuring and maintaining Web tops and Portal Access.
Implementing Python scripts for pre and post-checks and in configuring the devices involved in the events.
Performed all maintenance tasks on the Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers Infoblox DNS and Cisco ACI.
Installation of UNIX hardware and software, Troubleshooting hardware and software issues
Configure and maintain VPC and VXLAN infrastructure design including structured
Configured Juniper MX480s, EX8200s, EX4500s, EX4200s, from scratch to match design.
Responsible for troubleshooting on Cisco ISE added new devices on network-based policies on ISE.
Worked on Cisco ASA 5580 and 5585 VPN Firewall for site-to-site Vpn from Cisco ASA to Palo Alto.
Successfully installed Palo Alto PA-3060 and –PA-5020 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Researched, designed, and replaced aging Checkpoint firewall architecture with new next-generation Palo Alto appliances serving as firewalls and URL and application inspection
Client: HSBC BANK, DELHI, INDIA April 2017 – Aug 2018
Role: Network Support Engineer
Responsibilities:
Worked with the security team to evaluate threats, troubleshoot issues, and comply with appropriate security configuration standards of their organizations.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
Configuration and implementation of VMware NSX Network Virtualization and Security products
Designed NetScreen firewall system for securing applications; active/active clustering with OSPF on the trust and BGP on the UnTrust side with the Junipers.
Involved in Network Designing, Routing, DNS, IP Subnetting, TCP/IP protocol.
Analyzed the Policy rules, monitored logs, and documented the Network/Traffic flow Diagram of the Palo Alto Firewalls placed in the Data Center with MS Vision.
Automating Network Provisioning and Configuration Task Using Python Script on Network Devices for Multiple Vendors
Worked with configuration of Network and Security devices such as Cisco routers and switches (Cisco 7K/3K/Nexus 9K/7K/5K), Firewall (Checkpoint 3K, 5K and Cisco FWSM), Load Balancers, DNS and IP Manager (Infoblox).
Responsible in troubleshooting on Cisco ISE added new devices on network-based policies on ISE.
Conducted SD-WAN Proof of Concept (POC) preparation (coordinated logical default route change and re-direction of Internet destined traffic to Fortinet 100D firewalls) for future adoption (Viptela, SilverPeak, Riverbed/Ocedo)
Configured and installed Bluecoat Proxy SGs to a newly designed network scheme, from an inline perspective to a WCCP load balanced network layout.
Configured and maintained IPSEC on PA-5050 Palo Alto Firewalls.
Planning and configuring the dynamic routing protocols such as BGP, OSPF, RIP, and Static Routing on the routers both in remote locations and Data Centers.
Deployed Cisco switches in high availability configuration with HSRP.
Supported end-user network Cisco ACI infrastructure and troubleshot several LTM and APM configuration implementations.
Documented the implementation of FortiGate, FortiAuthenticator and Nexus switches.
Worked on Cisco Layer 2 switches (spanning tree, VLAN, HSRP, VRRP).
Worked with High performance data center switch like nexus 2K/5K/7K/9K.
Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
Installing and troubleshooting applications that run in LINUX/ UNIX environment.
Client: Capgemini, Hyderabad, India Sep 2016 – March 2017
Role: Network Admin
Responsibilities:
Implemented Cisco ACS for wired and wireless user authentication utilizing certificates and MAB for all known company assets.
Worked on the Global-Site Load balancing(GTM/GSS) and Server Load balancing( LTM/SLB) technologies using F5 BIG IP and Netscaler.
Configured Static, Dynamic Load Balancing, and priority-based pool-member activation to manipulate load on F5 Big IP LTM Load Balancer servers.
Provided WAN/LAN Cisco router/switch configuration, implementation, and support to internal customer tickets involving BGP, OSPF, and EIGRP.
Implemented F5 hardware refresh of older 3600 hardware to Viprion.
Responsible for deploying various network security & High Availability in Checkpoint Firewalls.
Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP, and BGP V4.
Responsible for Cisco ASA firewall administration across our global networks.
Configured various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, route maps, and route policy implementation.
Used solar wind for Adding/removing devices on the Network
Support of firewall technologies including Fortinet firewalls
Redesign of Internet connectivity infrastructure to meet bandwidth requirements
Performed redistribution of OSPF on the core Cisco ASA firewall & audited changes in Cisco ASA.
Provisioned Checkpoint firewalls integrated with an AWS environment.
Monitored Network Infrastructure with Cisco Prime, NetBrain, and Splunk for performance and issues.
Implemented wireless, LAN diagrams in MS VISIO & maintained documentation in Office, MS Project.
Education:
Bachelor of Technology, Qis Institute of Technology, 2016
Masters, Saint Peters University, NJ, United States
Contact this candidate