Data Center Network Engineer
Resume:
Zahid Pervez
M: 914-***-****
E: *******@*****.***
Visa Status: (Permanent residence)
SUMMARY:
With 18-year background in collaborating with system integrators and managing enterprise-scale setups, I am presently working with Vertex consulting services where they have different projects related to education, Government, Banking and Medical sector.
In my previous role as a Sr. Network Engineer, I gained invaluable experience in leading cross-functional teams and coordinating multiple projects within a fast-paced environment. Throughout my tenure, I honed my ability to plan, prioritize and coordinate operations, delivering solutions that satisfied team objectives. Additionally, my experience in managing team members and budgets have equipped me with top-notch planning and organizational skills.
I've matured into a seasoned professional through hands-on experience and comprehensive technical training, holding esteemed certifications such as CCIE Data Center, CCIE Service Provide CCIE Security (written), CCNP R&S, CCNP Sec, CCNP Voice CCNA, AWS (associate), and Fortinet NSE 7 and F5.
I am an expert in Cisco ACI configurations tailored to specific needs, leveraging leading platforms like Cisco, Fortinet, and Palo Alto.
SKILLS & TECHNOLOGIES:
Data center Cisco ACI (Cisco APIC controller, leaf and spine switches),Cisco NDFC, Nexus 5k,7K,9k
LAN network: SD Access
Next Generation Firewalls: FortiGate, Palo Alto.
Secure SDWAN: Fortinet FortiGate. Cisco SDWAN
Next Gen IPS: Cisco AMP for Networks (Firepower) and Cisco ISE
Load balancing: F5 Big IP LTM and GTM
Access Policy Manager: F5 Big Ip APM
Cloud: AWS, Cisco Meraki
Voice: CUCM, presence,Unity and Voice Protocol SIP, H.323, G.729, G.711a
Network Management: Forti Manager, Forti Analyzer, FMC, Panorama,
Routing: RIP, EIGRP, OSPF, BGP and MPLS
Switching: Cisco Switches (VPC, Ether channel (LACP & PAgP Port-Channels, VLANs,vxlan Trunks, SDA, ACLs, HSRP, VVRP, GLBP,STP), DOTIQ, RSTP and DNAC.
Virtualization: VMware ESXi, VMWare vCenter.
Systems: Microsoft AD, DNS, DHCP, CA and Infoblox.
Monitoring: SolarWinds, net brain and NetFlow analyzer.
Switching Platforms: Cisco 6800.Cisco 6500, Cisco Nexus 9K/7K/5K, Cat3K, 4K, and Cisco Nexus 9k.
Routing Platforms cisco 2800,38000, Cicco 8500, ISR4K, ASR1K and Cisco ASR 9k
CERTIFICATION & EDUCATION:
Master in Information Technology Virtual University Lahore Pakistan March 2016- April 2019
Cisco Certified Design Expert
CCIE Cisco Certified Internetwork Expert Data Center CCIE #38776
CCIE Cisco Certified Internetwork Expert Service provider CCIE #38776
CCIE Security ( Written)
Cisco Certified Network Professional (CCNP Wireless)
Cisco Certified Network Professional (CCNP) R& S )
Cisco Certified Network Professional (CCNP Voice)
Microsoft certified System Admin (MCSA )
F5 Load Balancer (101).
Infoblox training and exam.
EXPERIENCE:
Network Solution Architect (Network and Security) Sep 2024 to till Date
Vertex Group https://thevertexgroup.com NY Zip Code 10707
IGT (customer)
Responsibilities:
Network design and planning and identify the needs of a project or organization and design a digital communication network.
Migrate Cisco old router to Fortinet firewall.
Configured FortiGate firewalls in High Availability (HA) ensuring seamless failover and uninterrupted connectivity.
Designed and deployed IPSec VPN tunnels between HQ, DC, and remote sites, enabling access for users within the SD-WAN infrastructure.
Work on different enterprise projects related to SDA and DNAC .
Configured member interfaces (IPSec, MPLS, Leased lines, ADSL) within the FortiGate SD-WAN deployment.
Implemented health checks and monitoring mechanisms to assess the availability and performance of SD-WAN links.
Documentation and records maintenance: Maintain accurate and up-to-date documentation of the network infrastructure, such as network diagrams and configuration files.
Provide network Support and implementation.
Results-oriented network security specialist with a track record of successful project planning, design, and implementation of Security Solutions in Greenfield and brownfield environments.
Sr. network Engineer Nov 2011 to August 2024
Gulf Business Machine Gulf Business Machine (Cisco Gold Partner) (www.gbmme.com) Abu Dhabi, UAE
Responsibilities:
Responsibility includes Network design, installation, and configuration. Network and Security support for the Abu Dhabi Customers.
Network Architecture Design/Optimization & Implementation. Business Continuity/DR Planning/Execution &Migration of large-Scale System Integration. Focusing on Software define network, Legacy R&S, SP MPLS Networks, Data Center, Voice, IPT, Conferencing, and Wireless & Network Security, Cisco ISE, Fortinet Firewall and Palo Alto firewall configuration.
Configure and manage security-related hardware and software systems, including Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA).
Administer and enforce security policies, including through Zscaler management portals.
Software defines network (ACI) project in different customer include bug scrub and upgrade and support them for day2 operation.
Upgrade customer network through DNAC.
Implementation SDWAN project for different customer.
Abu Dhabi Company for Onshore Oil Operations Nexus deployment, Nexus 7K,5K and 2K and provide network support for all network and Palo Alto Implementation.
Commercial Bank ACI implementation and support (Software design network.
Implement different voice project including CCM, Presence and Jabber MRA. Support customer on WebEx cloud.
Relocate the datacenter one of biggest entity in Abu Dhabi and redesign the network according industry standard. Providing support, Voice, data network including iron port and F5.
Deploy different monitoring solution include SolarWinds, NetFlow analyzer
SDWAN infrastructure Project
Designed and implemented SDWAN solution for Headquarters (HQ), Data Center and remote sites.
Configured Cisco access layer, Core Layer and WAN network switches in Headquarters.
Configured Cisco switches stacks, VLANs, Trunks, aggregated interfaces, SVI’s and static routing.
Established physical connections of WAN links (MPLS, lease lines, ADSL) to WAN switches and implemented VLANs on FortiGate firewalls to logically terminate the links on FortiGate firewalls.
Configured and established Dialup IPSec VPN connections between the headquarters (HQ) and remote sites over ADSL connections, ensuring secure and encrypted communication channels.
Configured route-based and policy-based IPSec VPNs to establish secure connections between the headquarters (HQ) and Federal entities, central bank, and international payment systems.
Established connectivity between the headquarters (HQ) and remote sites with the Azure cloud (DC), leveraging IPSec VPNs and MPLS ExpressRoute.
Configured OSPF on FortiGate firewalls with route filtering for connecting HQ with other entities via MPLS.
Configured member interfaces (IPSec, MPLS, Leasedlines, ADSL) within the FortiGate SD-WAN deployment.
Implemented health checks and monitoring mechanisms to assess the availability and performance of SD-WAN links.
Implemented SD-WAN rules to govern application traffic, leveraging intelligent routing and ensuring seamless connectivity and efficient utilization of network resources across multiple locations.
Implemented advanced security features, such as firewall policies, SSL VPNs, Intrusion Prevention System (IPS), anti-virus and web filtering, application filtering, SSL inspection to protect the network from malicious activities.
Integrated with Directory services to authenticate SSL VPN users and control identity based Internet access.
Disaster Recovery (DR) Site Project @ Country’s largest commercial Bank
•Led the network security implementation for a full disaster recovery site of the headquarters, ensuring protection and continuity of operations.
•Implemented a comprehensive security architecture, leveraging with the following industry-leading technologies:
•Cisco Firepower Threat Defense (FTD) Datacenter Firewall:
•Gather the details of Servers and applications communication, along with servers replication traffic from HQ.
•Configured and deployed the Cisco FTD devices in HA mode, ensuring seamless failover and redundancy in case of an outage.
•Configured all server gateway addresses on the DC FTD and created security zones.
•Configured access control rules with network port details to control east-west network traffic. o Applied AV and Intrusion Prevention policies.
•
Cisco ACI: Project :
Implementation Cisco ACI as green field and experience to migrate legacy network from brown environment.
Provide support to customer upgrade the Cisco APIC controller, leaf and spine switches.
Cisco SDAccess and DNAC:
Implementation Cisco SD Access as green field and experience to migrate legacy network from brown environment. Manage customer legacy network legacy and DNA network from DNAC.
F5 BigIP Load Balancer Project
•Configured F5 load balancer in the DMZ to ensure high availability and efficient load distribution.
•Configured VLANs, Self IPs, Health-checks, Nodes, Pools and virtual servers. Configured client and server-side SSL profiles and used in virtual server.
Cisco voice project
Deign and implementation different cisco voice project and work cisco CUCM, Unity, presence and Jabber MRA .
Saudi Tawadi Health care
Network Administrator April 2009 to Nov 2011
Responsibilities:
•Conduct post-sales design workshops with clients to understand their network security requirements and objectives.
•Evaluate existing network security infrastructure and propose deployment methods of newly procured security solutions in their environment.
•Create high-level network security designs based on clients' needs, outlining the overall structure and security mechanisms.
•Develop detailed low-level designs, specifying configurations, protocols, and technologies required to implement the proposed security solutions.
•Prepare and share comprehensive project prerequisites with clients, outlining the necessary information and resources needed to begin the design process. Coordinate with customers to gather detailed network and security requirements.
•Installed and configured Cisco FirePower in transparent mode to provide network-wide Advanced Malware Protection (AMP).
•Designed custom policies and rules to ensure efficient detection and blocking of malicious network activities.
Arwen tech LTD March 2006 to April 2009
Lahore Pakistan
Responsibilities:
•Duties include Network Solution Design & Implementation in all Major technologies Country Wide. Some of the Major projects are as follows.
•Expo Center Lahore: Designed and executing MPLS based 10Gig Core supporting up to 3000 Nodes on Access.
•A first project of its kind with Integrated IP Video Telephony & Conferencing, IP based Access Control, Fire Alarm, Security, Display and Management System. DG cement.
•Technologies include Routing & Switching, MPLS (including MPLS TE- FRR), IP Voice/Video Telephony, Unified Communication, Security (Firewall, IDS and VPN devices), Wireless (with WLAN Controllers).
Contact this candidate