Network Engineer Security
Resume:
SAI DIXIT
*****.*****@*****.***
SENIOR NETWORK ENGINEER F5 NETWORKS PALO ALTO NETWORKS CISCO
Objective: Worked extensively with multiple Clients in switching, Routing, Network Security (Firewalls and Proxies), Application Delivery Controllers, Authentication, and Wireless environments. Experience in Campus and Data Centre topologies in multi-vendor equipment. Strong team member with good communication and Documentation skills. Innovative new ideas to enhance the workflow in Network Engineering.
PROFESSIONAL SUMMARY
CCNA, CCNP Certified professional with 10+ years of experience with networking installations, configurations, testing, troubleshooting, implementing, optimizing, and maintaining enterprise data networks and service provider systems.
Maintaining a comprehensive set of network and security products. Each component is critical in protecting and optimizing an organization's network.
Ensuring DDoS mitigation strategies are in place (e.g., rate-limiting, IP blacklisting, traffic filtering).
Testing for resilience against large-scale DDoS attacks.
Monitor traffic patterns to identify early signs of a potential attack.
In the context of managing information security events from a Security Information and Event Management (SIEM) or Security Operations Center (SOC), an escalated tier typically refers to a higher level of response when an incident or alert cannot be resolved at the initial or lower levels of investigation. The tiered escalation process ensures that more complex, critical, or sophisticated issues receive the appropriate attention and expertise.
Expert level knowledge of troubleshooting, implementing, optimising, and testing static and dynamic routing protocols such as EIGRP, OSPF, and BGP, ability to interpret and resolve complex route table problems
Worked on the Cisco Nexus 9000 family of switches, whose hardware is based on Cisco ACI.
Experience working on the latest Cisco switches like Nexus 2000, 5000, 6000, and 7000 series switches while implementing advanced features like VDC, VPC, OTV, and Fabric Path.
Well-versed in ACI technology, starting from Fabric discovery to end data center deployment.
Having hands-on good experience on Checkpoint Firewall, along with Confidential ASA and Palo Alto.
Configured Access policies, static bindings, EPGs, Bridge Domain, and VRF.
Working extensively and responsible for the migration from Cisco ASA Firepower to Checkpoint firewall
Configured ACI integration with VMware and worked on integrating existing Layer-2 and Layer-3 networks with ACI.
Configure EPG, update APIC, and implement access and fabric policies in the Cisco ACI environment.
Worked on Migration project from traditional data centre Architecture to Spine Leaf.
Hands-on experience in configuring and troubleshooting Cisco routers, Cisco Wireless Controller, Cisco Catalyst, Nexus switches, Citrix NetScaler, ASA, Palo Alto Next generation, and Firepower Threat Défense FTD Next-generation Cisco Firewalls.
Experienced in DHCP, DNS, NIS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LADP, security management, and system troubleshooting skills.
Proficiently implemented traffic filters using Standard and Extended access lists, distributor lists, Route Maps, and route manipulation using offset lists.
Experience with Network Security, Routing, and Switching,
Experienced in Python and Ansible scripts to automate to configuration of the network devices for the last two projects, infrastructure-as-code, and
Experienced in the Design of Network Security using Palo Alto and ASA Firewalls for the Datacenter for the past 5 years
Experience in implementing network security using NAT, PAT, ACL, IDS, IPS, and ASA firewalls.
Configured VPC and Fabric Extender on Nexus Switches.
Experienced in working on network monitoring tools like SolarWinds, NetFlow, and sniffing tools like Wireshark and TCP dump.
Created different application policies in the ACI, including Tenants, Application Network Profile (ANP), End Point Group (EPG), Contracts, Filters & Labels.
Worked for the NextGen Data Center Cloud Architecture, using Cisco ACI and Nexus 9K.
Expert in performing deep packet analysis to troubleshoot network and application issues using Wireshark.
Experience with the design and implementation of data centre migration and ACI.
Strong understanding of current and future technologies, including TCP/IP, IPv4/Ipv6, RIP, EIGRP, OSPF, BGP, Frame Relay, ACL, VPN, Wireless LAN, and configuration of VLANs.
Strong communicator: able to interact effectively and positively with individuals of all technical abilities; An Out-of-the-box Thinker, believes in Teamwork & Team Spirit, Decision Maker, Proactive, customer-focused, Focused & Good Documentation / Presentation Skills.
Technical Skills:
Networking Technologies
LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP, SDN, SD-WAN
Networking Hardware
Cisco Switches, Cisco Routers, ASA/PIX firewalls, IronPort
Routing Protocols
OSPF, IGRP, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting
Security Technologies
PAP, CHAP, Cisco PIX, Blue Coat
Network Monitoring
Cisco Works 2000, Wireshark, hr PING
Operating Systems
Windows, all platforms, LINUX, Cisco IOS, IOS XR
Routers
CISCO 2600, 2800,3600,3800,7200, Juniper M & T Series, Cisco CRS-1, CRS -3, GSR
Load Balancers
Cisco CSM, F5 Networks (BIG-IP)
Capacity & performance
Cisco works
Switches
CISCO 2900, 3500,4500,5000,6500, Nexus 7k,5k,2k
Programming Languages
C, C++, Perl, PowerShell, Python
Simulation Tools
GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence
Firewalls
Juniper Net Screen (500/5200), Juniper SRX (650/3600), PIX (525/535), ASA (5520/5550/5580), McAfee Web Gateway, Checkpoint, Palo Alto firewalls.
AAA Architecture
TACACS+, RADIUS, Cisco ACS
Features & Services
IOS and Features, HSRP, GLBP, IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVRs, HLD and LLD documents, Dell equal logics
Professional Experience
Client: US Bank (Minneapolis, MN) Sep 2023- Present
Role: Senior Network Engineer
Roles & Responsibilities:
Designed and deployed Cisco/Meraki Enterprise Cloud for Corporate HQ, Co-Locations, and 500+ branches with distinct SSIDs
Proven expertise in market data connectivity infrastructure with a focus on low-latency, high-availability network design.
Escalation in SIEM/SOC environments is a structured process designed to ensure that security incidents are handled with the appropriate level of expertise and resources, minimizing the impact on the organization and facilitating a rapid response to potential threats.
Involved in complete LAN and WAN development (including IP address planning, designing, installation, configuration, testing, maintenance, etc.).
An open protocol for accessing and maintaining distributed directory information. It’s commonly used for querying and modifying directory services, such as Active Directory. LDAP helps with user authentication by verifying credentials stored in a directory.
A protocol that is often used for network access control. It handles the authentication of users and devices trying to connect to a network, especially over VPNs or wireless networks.
A standard for port-based network access control (PNAC). It uses the EAP (Extensible Authentication Protocol) to authenticate devices before they are allowed access to the network. It’s commonly used in wireless networks and switches.
Involved in Switching Technology Administration, including creating and managing VLANS, Port security, Trunking, STP, Inter VLAN routing, LAN security, etc.
Implemented with Cisco Layer 3 switches 3750, 4500, and 6500 in a multi-VLAN environment with the use of inter-VLAN routing, HSRP, ISL trunk, and EtherChannel.
Possess good experience in configuring and troubleshooting WAN technologies like MPLS, T1, T3, DS3, and ISDN. Supporting project test teams in analysing bandwidth utilization.
Experience in designing and implementing F5 web-based solutions.
Experience in writing F5 I Rules.
Experience in implementing F5 solutions in the Azure cloud
Daily Support of the F5 environment to include the Creation of new VIPs/WIPs and I Rules
Engineering and configuring Virtual Servers, Pools, iRules, Profiles, Persistence, and monitoring on F5 LTM.
Responsible for Palo Alto firewall management and operations across our global networks.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls
Configuring rules and maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
Deploying Cisco Meraki Enterprise Cloud Access Points and Wireless Bridges/Repeater for LAN Expansions
Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls, and also implemented Zone-Based Firewall and Security Rules on the Palo Alto Firewall.
Exposure to Palo Alto Wildfire.
Implemented Positive Enforcement Model with the help of Palo Alto Networks
Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using SolarWinds IPAM and Infoblox DNS and DHCP servers.
Experience with Windows, Infoblox DNS, DHCP servers, IPAM, and internal and external grids.
Worked on Infoblox to update the DNS host and A records to assist the part of the migration.
Configuration and administration of the SolarWinds product for both Network and Server/Application monitoring
Configured Solar Winds Orion NCM/NPM Add, change, and remove devices from Solar Winds inventory, add or change alerts, and add or change maps in Orion Network Atlas
Client: Charles Schwab (Westlake, TX) Apr 2022 – Aug 2023
Role: Senior Network Engineer
Roles & Responsibilities:
On-site deployment, Operation and integration, Installation, and Configuration using Meraki Platform and Cisco Switches. Troubleshoot to bring the site up and running for the production workload and smooth Transition of the overall cut.
Zenoss Network Device management tools for SNMP and Syslog, and Monitoring.
Involved in LAN and WAN development (including IP address planning, designing, installation, configuration, testing, maintenance, etc.). Design of primary and redundant data centres with Next-Gen Firewalls, IPS/IDS sensors, switching, and routing.
Upgrade the Firmware of Meraki Security Appliance and Cisco Catalyst 9000 line of product switches to their recommended versions. Cisco Meraki SD-WAN Solutions, for zero-touch cloud provisioning
Dynamic Routing Protocols (OSPF, EIGRP, BGP) Configuration and Troubleshooting.
Migration of ASA firewalls to Meraki next-gen Firewalls. Migration IPSEC tunnels, ACLs, NAT rules, and policies to the SD-WAN Solution.
Currently working with network engineering to build and support SDWAN.
Auto-VPN of Meraki SD-WAN Security Appliance for reachability AWS Hosted Domain Controllers, services hosted on AWS, and the Partners Network.
Meraki Security Appliance MX450, 250, 100, 84 – Unboxing, Firmware Upgrade, Pre-configuration and Deploying, and Troubleshooting.
Subnetting, Routing, Radius servers, NTP Servers, STP, Ether Channel Configuration on Switches (C2960X, C2960S, C9300, C9200, C4500X). IP addressing and subnetting schemas are necessary to build local area networks.
Static route configuration on MX Security Appliance, IP Pools, and Reserved IP Address schemes, VLANs, and SVI.
Install the Access Points, Troubleshooting, and configuration of Static IP address, DNS Servers, Gateways, VLANs, Licenses, etc.
Configure, Manage, Analyse, and Optimize Network Performance, Traffic, SDWAN, VPNs, Security, Firewalls, & Policies
Set up high high-availability ASA pair with Firepower.
Network Design Documentation using Visio.
Palo Alto 5 K firewall pre-production configuration: Staging, Licensing.
Hands-on experience with all software blades of Check Point Firewall. 24x7 on-call step-up support as a part of the safety operations team.
Worked on the Design implementation of the new data centre with products ranging from Cisco, ASA with Firepower, Dell Switches, Cisco Meraki, VMware NSX
Installed and configured Meraki (MX80, MX60) Appliance via Meraki MX400 Cloud. Installed and configured Cisco Meraki (MR66, MR74, MR84) wireless Access points in the warehouses.
Implementation of Cisco Meraki wireless solutions and the deployment of wireless access points.
Worked on the implementation of Cisco Meraki Enterprise Cloud Wireless Bridge/Repeater to extend the LAN for multiple buildings.
Client: DaVita (Denver, CO) Jan 2020 - Mar 2022
Role: Network Support Engineer
Roles & Responsibilities:
Supported multiple migrations in switching, routing, firewalls, LB, and Proxies.
Managed AD Domain Controller, DNS, and DHCP Servers and configurations.
Worked on Cisco ISE for user Authentication, Security Group Tags, MAC-based authentication for Wireless and Wired users, 802.1X, EAP, PEAP, etc.
Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using SolarWinds IPAM and Infoblox DNS and DHCP servers. Experience with DHCP scopes, IP reservations, DNS host entries, pointers, delegations, Zones, DNSSEC, etc.
Provides expert-level security and networking knowledge in the planning, researching, designing, and testing of new networking technologies for perimeter firewall security, Intrusion Prevention/Protection Systems (IPS), DNS and DMZ security, and Internet Security in support of established Info Security program initiatives for the next 3 years.
Regular upgrade and maintenance of Infrastructure, Installing, configuring and maintaining Cisco Switches (2960, 3500,7600, 3750, 3850 series, 6500 series) Cisco Routers (4800, ASR 9K, 800), Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls, Z Scaler Proxy and Versa SD-WAN appliances.
Worked on PAC file updates and Internet proxy migration from IronPort to ZScaler cloud. Access policies, AD-based, user-based, and location-based access. ZAPP client.
Worked on Bridge Domains, VXLANs, VTEPS, and VNID. Configuration of routing using BGP among multiple leaf-to-spine switches. Thorough understanding of Application Profile, Tenants, End Point Group, Inter Subnet Tenant Routing, Routing within Tenants, Router Peering, and Redistribution. Worked on the Migration project from traditional Data Centre Architecture to Spine Leaf.
Worked on connections handoff using a Bridged Interface to an External Route. L3- EPG configurations, AEP configurations. Expert in the GUI of ACI.
Worked on integrating existing Layer-2 and Layer-3 networks with ACI.
Play a key role in the company’s direction towards Cloud Computing platforms by creating a strategy for transition plans. Azure AD and AWS, Office 365.
Worked on network design improvements involving BGP, EIGRP, OSPF, IP metric tweaking, and load balancing.
Design, implement, and develop network designs for applications used in TMO.
Experience with F5 load balancers, LTM and GTM, and reverse proxy design and setup. Migration from ACE to F5.
High-level network troubleshooting and diagnostic experience using Packet capture tools like Wireshark.
Configured network using routing protocols such as EIGRP, BGP, and OSPF, and troubleshooting L2/L3 issues.
Designing, configuring, and troubleshooting QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Voice Gateways, Voice circuits IP /TDM, Cisco Telepresence Infrastructure, QoS, NAT, PAT, and multicast.
Worked on Orion (Solar Winds) for mapping network diagrams, and updated Orion with commissioned and decommissioned network devices.
Company: Dish Network Jul 2014- Mar 2019
Role: Network Engineer/ Technical Support Engineer
Roles & Responsibilities:
Assisted in troubleshooting LAN connectivity and hardware issues in the network of 500 hosts.
Studied and analysed client requirements to provide solutions for network design, configuration, administration, and security.
Involved in troubleshooting IP addressing issues and updating IOS images using TFTP.
Maintained redundancy on Cisco 2600, 2800, and 3600 routers with HSRP.
Troubleshooting in Python automation script and networking issues with remote connection.
Responsible for maintaining the entire Routing and switching domain.
Monitor the performance of the network and servers to identify potential problems and bottlenecks.
Performed RIP & OSPF routing protocol administration.
Interacted with support services to reduce the downtime on leased lines.
Maintenance and troubleshooting of connectivity problems using Ping, Trace route.
Daily responsibilities included monitoring remote sites using network management tools, assisting in design guidance for infrastructure upgrades & helping the LAN administrator with backbone connection and connectivity issues other responsibilities included documentation and supporting other teams.
Configured OSPF over frame relay networks for NBMA and point-to-multipoint strategies.
Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
Configuring rules and maintaining Palo Alto & Analysis firewall logs using various tools. Build Cisco UCS 6200 series fabric interconnect. Recommend and design equipment configurations for LAN/WAN/VOIP deployment on Cisco, ADTRAN, Fortinet, F5, Redware, and Bluecoat.
Troubleshooting of Cisco 2800,2900, 3900, 7200, 7600, ASR9k, CRS, GSR 12k Series routers.
Designed and implemented VLAN using Cisco switch Catalyst 1900, 2900, 5000 & 6000 series.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Built site-to-site IPsec VPNs over Frame-relay & MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures.
Deploy and configure Cisco Meraki SDWAN at 30 sites globally.
Configured the SDWAN router Viptela to connect remote sites over the Internet.
Experience in administrating Viptela SDWAN enterprise deployment and implementations of Networks and Devices for the SDWAN environment.
Configured routers and coordinated with LD Carriers and LECs to turn up new WAN circuits. Configuring and maintaining the Routers and Switches, and the Implementation of RIP,
Deliver IT Services Management (ITSM) solutions based on ITIL best practices that focus on the people, process, technology, and information perspectives of providing business solutions within the IT infrastructure.
Troubleshooting the Network Routing protocols (BGP, EIGRP, and OSPF) during the Migrations and new client connections.
Manage operational monitoring of equipment capacity/utilization and evaluate the need for upgrades; develop methods for gathering data needed to monitor hardware, software, and communications network performance.
Contact this candidate