Post Job Free
Sign in

Security Engineer Data Center

Location:
Manhattan, NY, 10176
Salary:
150000
Posted:
March 29, 2025

Contact this candidate

Resume:

Raees Ahmed

1-309-***-****/******@*****.***

*** ******** *** ****** **** NJ 07306

linkedin.com/in/raees-ahmed-8a2475b

OBJECTIVE:

My objective is to secure a position as a Network/Security Engineer. I have 15 years of extensive experience in delivering IP voice, and Security networks (Palo Alto, Fortinet, Cisco) in North America. I Believe in successful delivery of projects thorough planning, exceptional organization and excellent communication with clients and colleagues.

EDUCATION:

MSc. In Entomological Science, University of Agriculture, Pakistan

Associate Degree in Network Professional Toronto ON, Canada.

CERTIFICATION:

2009 Cisco Certified Internetwork Expert-Service Provider (CCIE SP# 21677)

2008 Cisco Certified Internetwork Expert-R&S (CCIE R&S# 21677)

2014 Cisco Certified Internetwork Expert Data Center (Written)

2007 Cisco Certified Network Professional (CCNP), Cisco Systems

2006 Cisco Certified Security Professional (CCSP), Cisco Systems

2006 Cisco Certified Voice Professional (CCVP), Cisco Systems

2004 Cisco Certified Network Associate (CCNA), Cisco Systems

2020 AWS Solution Architect

SKILLS:

Currently working on Fortinet Firewalls, FortiSwitches, FortiAPs, FortiManager, FortiAnalyzer, FortiNac, SDWAN, ADVPN, Site to Site VPNs in about 17 US States, Forti SASE, FortiClient EMS,

● Network Devices Cisco Routers 4400, 3900, 2900, 3800, 3700, 2800, 2600 Series.

Cisco Switch 6500, 34500, 3550, 3560, 2950 Series.

Cisco Nexus Switches, 5K, 7K, 9K, FEX 2K

Cisco Aironet 1100, 1200 Series Access Points, 1400 Series Bridges, Wireless LAN Controllers.

Blue Coat, SolarWinds, Wireshark, F5, Scrutinizer and WhatsupGold

● Security Protocols- Cisco LEAP, PEAP, 802.1X, WEP, WPA/WPA2, IPSec, RADIUS, TACACS

VPN- Site-to-Site and Remote Access VPNs, Global Protect, Cisco VPN Client Servers

● Security Devices FortiGate Firewalls (60D, 100D, 300D, 600D, 1000D), Palo Alto Firewalls (V-50, PA-220, PA-

5220), Cisco ASA (5510, 5520, 5525).

● Wireless WCS, WiSM, and WLC, spectrum analyzer (AirMagnet), Cisco Small Business APs (100, 200,

300, 500)

● LAN/WAN Frame Relay, ISDN PRI BRI, Fast Ethernet, Gigabit Ethernet,

VTP, VLAN, STP, 802.1Q Trunking, Ether Channels, IPX/SPX, TCP/IP, SNMP,

RMON, L2VPN, AToM, CsC, MVPN

● Routing Protocols RIP V1/V2, IGRP, EIGRP, OSPF, BGP.VPC, OTV, HSRP, UCS, SAN, VPC, OTV, NPV, NPIV

● Cisco IP Telephony Call Manager CUCM 7.x, 8.x, 9.x, 10.x, 11.x CUC 10.x, RTP, h323, g729a, g711, IP

Telephony, IP Video Conferencing, STST, CAC, E911, Multicast MoH, IP-IVR, SIR, MGCP,

SCCP, QoS, Unified Messaging and Integration, Dial plan design, LDAP, Active Directory

Integration and Cisco Unified Border Element (CUBE)

● Protocols/WIN (H.323, SIP, MGCP, SCCP, RTP) and NT/2000/2003,2010, VMWARE

Professional Experience & Achievements:

Epstein Becker & Green, P.C.

875 3rd Ave Manhattan NY

Senior Network Engineer December 2022-February 2025

● Fortinet Firewalls- Configuring, troubleshooting, and securing all the Firewalls in EBG

● FortiSwitches, FortiAPs- Installing, upgrading and configuring the FortiSwitches and APs

● Cisco Switches Nexus 9K- Troubleshooting complex VPC, Port-Channels and Trunk issues in Nexus

● FortiManager-Deploying and configuring FMG and controlling all FWs with single FMG

● FortiAnalyzer-Storing all logs in FAZ and anayzing them in need. Maintaining and making sure all logs are stored in FAZ in real time

● FortiNac- Protecting the EBG environment by securing all the end devices using FortiNAC

● SDWAN, ADVPN- Configuring SDWAN, rules and SLAs in EBG Firewalls

● Azure subnetting- Helping the Azure team in setting up new subnets in the Cloud

● Azure VPN tunnelling with Fortinet VMs- Making sure all the tunnels between Azure Cloud VMs are connected On Prem Firewall via VPN

● Site to Site VPNs with remote sites- Deploying dual VPNs for all Brach Sites to the HUB in the Data Centers

● Forti SASE-Deploying Forti SASE solution in the Data center

● FortiClient EMS- Troubleshooting day to day issues in the client connectivity using FortiVPN

Fried, Frank, Harris, Shriver & Jacobson

NYC NY

Senior Network Engineer September 2021-December 2022

● Currently working on Migration project for converting EIGRP into BGP firmwide

● Along with this project, implementing SDWAN Project using Fortinet Firewalls

● For authentication, using NAC Solution

● For monitoring, using Solarwinds for day-to-day troubleshooting

● For Wireless, using WLC 9800 series firmwide

● Azure Networking and subnets allocation

● Azure VPN tunnelling

● Site to site IPSEC VPN tunnelling

● Security side, experience in Palo Alto along with Fortinet Firewalls

● Basic knowledge of updating DNS entries, PDC servers, DCHP servers and Radius fuctionality

● On wan side, adding new circuits either directly to DMZ switches or Firewalls or directly to Core Switches

AT&T Consulting (Jackson National Life Insurance)

Lansing, MI

Lead Network Engineer January 2021- August 2021

● Last project on Cisco ACI with Leaf and Spine technology and its integration with the Gigamon monitoring tool. Apart from this the major responsibility is its deployment, configuration and migration from tier3 legacy architecture to SDN infrastructure

● Day to day working on F5 VIPs, Pools, Members

● Working on Infoblox

● SolarWinds management and adding nodes and alerts to the added nodes

● Monitoring Upgrade Projects for Routers and Switches

● Started learning Checkpoint Firewalls

Extreme/PCM/Insight - Chicago March 2017 – June.2020

Principal Network Engineer

Extreme Networks is a networking company based in San Jose, California. Part of the team is bought by PCM, Inc. and finally PCM merged with Insight technologies.

Responsibilities

Working with Network Design and implementation teams on various projects across North America.

● Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.

● Experience with design and implementation of Data center migration

● Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.

● Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.

● Configured CIDR IP RIP, PPP, BGP, MPLS and OSPF routing.

● Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.

● Switches Replace branch hardware with new 2851 routers and 2960 switches.

● Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP OSPF is used for local routing only which involves new wan links.

● Lead Engineer for Network refresh project for Multinational insurance company. Providing remote assistance for replacing exiting switches with new Cisco switches.

● Configuring routing protocols OSPF, EIGRP,RIP, MPBGP, LDP and BGPV4

● Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst

● Build Logical design and Implementation of Wireless Solution

● PFR designing and implemention. Designing Master Controller and Border routers for implementing the policies

● Involved in the configuration troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.

● Deploying Site to Site VPN tunnels in Cisco ASA and troubleshooting with different Firewall vendors

● Performing the ACL requests change for various clients by collecting source and destination information from them.

● Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPSec and SSL encryption.

I was Involved in multiple project-based assignments. Such as, Greenfield deployments as well as a project involving migrating clients from existing Cisco/Palo Alto firewalls to the FortiGate firewalls. Here are some of the main projects:

Clients Migration Project

● I was part of the managed services team. The first task was to migrate the traffic from Cisco firewalls to the FortiGate firewalls. There were about 27 managed clients on those firewalls which I had to migrate one by one without disrupting the traffic between the customers and the company. Salient features of this project were:

● Configuring and changing the remote peer IP as well as other phase 1 parameters

● Exchange of pre-shared keys

● Phase2 parameters discussion with the clients and understanding their devices like Cisco, Sonic, Fortinet and Checkpoint Firewalls

● Created and presented Visio engineering designs to the C level management

VCloud/OVH Integration

● The task was to forward all traffic from multiple clients to the VCloud where all our virtual machines existed. The main features of this project were as follows:

● Finalized the plan with VCloud team to create a VPN tunnel between our main core 600D FortiGate firewall to the VCloud gateway.

● Allocated the block of Public IPs for the gateway purposes and assigned it to the interface.

● As per the requirement, organizational VDCs were created to simplify the configurational networking task and access control

● VPN tunnel established and diverted all clients traffic to the VCloud and ultimately to the virtual machines.

Sears Project

Sears was one of the main clients and their data was very sensitive. They had two Data Centers in Chicago and Michigan. It was mandated to have full redundancy and 100% uptime. The link status monitoring feature was leveraged in the Fortigate firewalls with creating two VPN tunnels with the Active/Passive functionality. In case Active Tunnel goes down the Passive will change state and start passing Traffic. Along with this project, designed, configured, implemented and troubleshooted hundreds of Fortinet firewalls in Sears environment

Meijer Project

Meijer is a supercenter like Walmart in the Mid-West USA. There are about 350 stores and all need to be connected with the central firewall for outbound to the internet and inbound traffic to the stores. Designed, configured and installed around 400 hundred Fortinet firewalls in Meijer’s stores nationwide. It was a huge project and several teams were involved. Here are the main features of this project:

● Expert in creating PA objects, addresses, Services and Groups

● More than six years experiences in configuring firewall security zones, interface types and V wires.

● Implemented, configured high availability, firewall clustering and Virtual Systems in Fortinet

● Created IPsec VPN tunnels and SSL VPN in Fortigate Firewalls

● Daily monitored the PA firewall Next Generation features like Anti-Virus, Anti Spyware, URL filtering and Denial of Service Protection

● Expert in creating IPSEC site-to- site tunneling (interface mode and tunnel mode)

● Evaluated both of the features for active/active and active/passive and decided to go with the active/passive mode.

● For the time being we relied only on single ISP connection with dual connections to the firewall from the switch

● Helped the team in changing the configuration in the firewall while new stores were being added each time.

● Firewall was deployed as DHCP server and all stores were configured like zone interfaces and clients in the stores got their IPs from the firewall

● As a last part of the project, management decided to add another ISP or dual connection. Explaining them, Active/Active is not possible with dual ISP connection, so a pair of firewalls remained on Active/Passive mode.

● To overcome the problem of ISP utilization, configured the SD-WAN configuration for load balancing. All around 1000 firewall flows were modified to load balance the traffic as if there were no global command to do this.

● For logging purposes, advised the management to log the traffic away from the firewall on FortiAnalyzer. Convinced management to add another device in the data center to get the granularity of the traffic and various kinds of reports.

Zebra Technologies - Chicago, IL Sep2014- –March 2017

Network Engineer

Worked with Zebra Technologies in Lincolnshire IL. They recently bought part of the Motorola organization and my main task was to migrate the clients/servers/users from Motorola to Zebra. These were my main responsibilities:

Responsibilities

● First task was to group the Motorola users into groups and assign VPN access as per their group.

● Allowed external customer to reach to the DMZ or internal servers by configuring MPLS routers and DMVPN routers along with other firewall rules.

● In the beginning users were given access based on static routes in the firewall but later on BGP was configured both on Motorola side and Zebra side.

● Documented each and every IP and subnets both on Motorola and zebra side and their mapping

● For Wan Acceleration and Reverse Proxy used Bluecoat. Extensive utilization of PAC files to allow Motorola users to access Zebra internal applications. Maintenance windows were to be created to make any change in the PAC files.

● Excessive use of SolarWinds and Scrutinizer for logging and troubleshooting.

● Part of the project team who worked on creating VDCs in Nexus 7K routers and creating OTV between distinctly located two data centers.

● Troubleshooted on DMVPN routing using hub and spoke technology.

● Cisco 9K Experience with Leaf Spine switches using APIC. Expert in VXLAN configurations along with Overlay and Underlay network concepts of VXLAN. Basic. Knowledge of Cisco ACI scripting with Json and Python

● Apart from these responsibilities, extensively worked on daily basis for troubleshooting PA firewalls destined for IPSEC tunnels to various clients including AWS and AZURE

● Responsible for PAN-OS software upgrades

● Configured and implemented backups, revisions and restores in PA firewalls

● Configured installed and implemented the Panorama for central management of the PA firewalls

● Designed Global Protect remote access VPN portal for remote users and implemented it

● Configured Global protect gateway while implementing global protect remote access vpn

● Monitored logging traffic while troubleshooting VPN tunnels as well as other related issues on daily basis

Walgreens. – Chicago, IL Feb2014-Sep2014

Voice Engineer

This was a short project job. I was part of the team who was mainly responsible for upgrading the CUCM to the new version. Here are the main achievements:

Responsibilities

● Worked on various UC Technologies like SME, CER, SAF, CUSP and CVP

● Upgraded CUCM including CER 7.x, and CUC 7.x to updated version 10.x running on a virtualized platform

● Cluster upgrading from SU3 to SU4

● Migrated UCCX to UCS (P to V)

● Migrated Users from Nortel to new Cisco Cluster

Worldwide Technology, Inc. Bloomington, IL July 2012 – Feb 2014

Senior Voice Engineer (Cisco)

Member of the Team; responsible to deliver and deploy end to end Cisco VoIP solution for over 18000, State Farm Agency sites across North America and Canada. During the project; carried out following responsibilities but not limited to:

Responsibilities

● UC Deployment Engineer responsible for the Day 1 implementation, configuration and support of various Cisco Unified Communication products within a massive roll-out exceeding 300 remote sites per week.

● Provide immediate solutions for Tier 1 / Tier 2 Engineers in an effort to complete daily Agency site installs.

● Suggest improvements in State Farm UC Low Level Design as site deployment progress and lesson learnt.

● Primary Resource for sites considered to be complex agency sites, Queue sites.

● Active member of the Testing team of State Farm engaged in testing various tasks assigned by the production team.

● Actively engaged in Load Testing Tool with Cisco TAC in the Test lab. Tools tested like Camelot (Beta)for IP Phones and Breaking Point

HP Canada Jan. 2011 – Mar. 2012

Cisco Engineer

This was a contract job for about one year. HP has two Data Centers located in Toronto and I was their main Engineer handling all types of issues. Salient features of this job were:

Responsibilities

● Analyzed existing computer hardware and software in order to provide recommendations for upgrades and improvements to current computer systems

● Analyzed, designed configured, supported and implemented LAN/WAN networks, troubleshooting for issues that arise during the deployment and implementation of these new systems and solutions

● Designed and implemented BMS project. Worked as a Lead Engineer for this project. Created DPS (Design Proposal Summary) that involved gathering of customer requirements and then designing the High-Level Design document for BMS. Provided cost estimation for the project. Actively participated in all phases of the project

● Designed and implemented solutions for MTS regarding their connectivity from the perimeter firewall to the Toronto Gateway Routers

● Created Engineering Work Orders for TEKNION, AVEOS, SONIC, GPAY, TD that involved particularly work on BGP, ACLs, QOS, Load Balancers, Vlans and Port assignments.

● Designed and implemented solution for Clorox CSD (Customer Screening Devices) by Route Injection method in BGP in Toronto

● Troubleshooted all elements of Data Center networking, DWDM, troubleshooting all over the world at HP Data Center networks

IBM Canada Jan. 2007 – Dec, 2010

Computer System Analyst

Worked as Computer System Analyst in a team of around fifty engineers. It was Level 2 Engineer job and main task was to manage the various customers involving different technologies. Main features of this job were:

Responsibilities

● Member of a team of engineers in IBM’s Global Technical Services that provides Problem determination and Problem Source Identification (PD/PSI) for OEM hardware and software products including Cisco and Juniper routers, switches, and firewalls.

● Deployed Nexus 7k and 5K for Canadian tire. Configured VPC and port channel. Enabled layer 3 features like BGP, OSPF and Multicast for them. Provided constant troubleshooting support for this client

● Knowledge of Data Center application Services like ACE, CSS, and GSS

● IOS installation and upgrading in Data Center located in IBM.

● Identified the Bug ids in the images of all the routers and switches in Data Center environment.

● Remotely troubleshooting by telnetting into the customer’s devices while in production using Sametime, Webex and TeamViewer

● Analyzed Show Tech and crash-info and logs for the affected devices

● Developed new systems to improve production or workflow to improve efficiency.

● Recommended new information systems to meet current and future user requirements.

● Trained office staff on application and usage of hardware/software technology.

● Provided application support, troubleshooting and incident resolution for systems.

● Troubleshooted hardware and software problems and replaced defective components.

● Maintained Password/PIN configurations and resets for Cisco Unity VM users.

Technical Focal for Safeway USA (April 2009-September 2009)

Worked as a Technical Focal for Safeway Inc. USA and supervised their 1500 stores around the country. Provided assistance in troubleshooting the problem and resolving the issue in a timely manner.

Technical Focal for BJ’s Wholesale Club USA (Oct 2009-Dec 2009)

Assisted in the installation of new networks and provided technical support in escalated situations. Prepared monthly reports and attended the meetings with the management and discussed the progress in relation to the interaction of BJ’s wholesale club and IBM.

Soroc Technologies – Toronto, ON, Canada Feb2005 – Dec.2006

Lan Admin

Responsibilities

● Network Assessment and Documentation (including technical, operational, and economic assessment)

● Analyzed existing computer hardware and software in order to provide recommendations for upgrades and improvements to current computer systems

● Direct communication with internal and external clients.

● Provided onsite support in installing and configuring the applications and discuss the possible upgrade requirements for the customers

● Analyzed existing computer hardware and software in order to provide recommendations for upgrades and improvements to current computer systems

● Fixed issues raised during the deployment and implementation

● Provide feedback to Field Operations Manager on potential Customer situations.

Computer Clinic and Associates Toronto ON, Canada (Part time) Jan.2003–Jan.2005 Computer Technician

● Repair, Upgrades and Installation

● System Ad-On and Peripheral Installation

● Network Services

● Operating System Software Support

Civil Secretariat, Lahore, Pakistan Sep. 1996 – Nov.2000

Systems Analyst

● Responsible for installing and upgrading the operating systems in computers

● Troubleshooted hardware as well as software issues

● User management, user’s password and permissions management.

● Maintained User’s account database

● Introductory level of Routing and Switching

Note: References available upon request



Contact this candidate