Senior Network Engineer Enterprise & Cloud Security
Resume:
AL-WAHAB Certified Network Engineer
Contact: 312-***-****, Email: ***********@*****.***, LinkedIn:www.linkedin.com/in/workwithwahab
Professional Summary:
●Results-driven Network Engineer with 7 years of hands-on experience designing, deploying, and securing complex enterprise and hybrid cloud networks across diverse industries. Demonstrated expertise in Cisco routing and switching (Catalyst, Nexus), LAN/WAN design, VLANs, STP, OSPF, EIGRP, BGP, and VPN technologies.
●Skilled in firewall configuration and security policy enforcement using Cisco ASA, Firepower, Palo Alto Networks, and Check Point platforms. Possesses a strong background in wireless networking with Aruba AOS 8/10, AirWave, ClearPass, Aruba Central, and Cisco WLCs, supporting large-scale WLAN deployments.
●Proficient in network automation and SD-WAN solutions leveraging Cisco vManage, Fortinet, and Python/Ansible-based scripting for configuration management and zero-touch provisioning. Experienced in integrating cloud networking solutions across AWS and Azure environments, including VPCs, VPN Gateways, and hybrid connectivity architectures.
●Experienced in network monitoring and performance optimization using SolarWinds, PRTG, Wireshark, and Cisco Prime Infrastructure. Implemented enterprise-grade security frameworks using TACACS+, RADIUS, and 802.1X authentication via Aruba ClearPass and Cisco ISE, enabling identity-based access control across wired and wireless infrastructures.
●Skilled in designing and deploying Zero Trust Network Access (ZTNA) architectures to enhance enterprise security posture, enforce granular identity-based access controls, and ensure secure, seamless remote connectivity. Proficient in troubleshooting Prisma Access tunnels, SAML/LDAP authentication, and service connections to Azure and AWS.
●Delivered end-to-end support for remote access VPNs, including Cisco AnyConnect, Palo Alto GlobalProtect, and Check Point VPN, encompassing policy configuration, certificate-based authentication, and advanced troubleshooting. Contributed to global network migration projects, assisting with device staging, configuration validation, change management coordination, and post-deployment performance optimization.
Education:
●Master of Science in Information Systems, Dakota State University -SD, USA
Certifications:
●CCNA - Cisco Certified Network Associate
Technical Skills:
Category
Skills & Technologies
Routing & Switching
BGP (iBGP/eBGP), OSPFv2/v3, EIGRP, Static & Default Routing, MPLS L3VPN, VRF, Route Redistribution, HSRP, VRRP, GLBP, VLAN Trunking (802.1Q), EtherChannel (LACP/PAgP), STP/RSTP/MSTP, VTP, QoS, Port Security, Policy-Based Routing (PBR)
Network Platforms
Cisco (ASR 1000/9000, ISR 800/4000, Catalyst 2960X/3850/9300/4500/6500, Nexus 2K–9K, WLC 5508/9800), Juniper (MX, SRX, EX), Aruba (AOS 8/10, Airwave, ClearPass), Meraki (MX, MS, MR)
Firewalls & Security
Palo Alto NGFW (PAN-OS 10.x), Cisco ASA/FTD 5500-X, Check Point R81.x, Fortinet FortiGate, Juniper SRX, ZTNA, IPS/IDS (Snort, Suricata), SSL Decryption/Inspection, App-ID Tuning, Content-ID, NAT, ACLs, TACACS+, RADIUS, 802.1X, VPN (IPsec/SSL)
Load Balancing & Application Delivery
F5 BIG-IP LTM/GTM/WAF (iRules, health monitors, SSL offload), Citrix ADC (NetScaler), F5 AFM/ASM for DDoS and web application protection
Cloud & Hybrid Networking
AWS (VPC, Transit Gateway, Route 53, Site-to-Site VPN), Azure (VNets, NSG, ExpressRoute), GCP (VPC firewalls), Cisco ACI (Fabric, APIC Policies, L3Out), Hybrid Cloud VPN Integration, Cloud IAM Security Groups
SD-WAN & Remote Access
Cisco SD-WAN (Viptela), Meraki SD-WAN, DMVPN, GRE Tunnels, Policy-Based Routing, Cisco AnyConnect, Palo Alto GlobalProtect, FortiClient VPN, Dual-ISP Failover
Network Automation & Scripting
Python (REST API calls, Netmiko, Paramiko), Ansible (playbooks, inventory automation), Terraform (IaC), Git/GitHub CI/CD, YAML/JSON templating, Cisco DNA Center API integration
Monitoring & Analysis
SolarWinds Orion (NMS, NetFlow, SNMPv3), Cisco Prime Infrastructure, ThousandEyes, Wireshark (packet captures), Splunk Enterprise Security, QRadar, Panorama, FortiManager, Syslog Servers, SNMP Trap Correlation, ServiceNow Alert Integration
Protocols & Services
TCP/IP, UDP, DNS, DHCP, NAT/PAT, NTP, FTP/SFTP, SSH/SCP, HTTPS/PKI, ICMP, LLDP/CDP, ARP, Syslog, TFTP
Virtualization & Compute
VMware ESXi/vSphere, Hyper-V, VirtualBox, Cisco Nexus 1000v, Cloud VPN Gateways, Virtual Firewall Instances
Operating Systems & Tools
Windows Server 2016/2019, Linux (Ubuntu, RHEL), macOS, Visio, TFTP/FTP clients, Notepad++, PuTTY/SecureCRT
Network Management & Governance
ITIL Change Management, Config Backup & Version Control, Patch Compliance, Network Performance Tuning, Audit and Rollback Procedures, RCA Documentation
Collaboration & Ticketing Tools
ServiceNow, Jira, Remedy, Confluence, Microsoft Teams, Slack
Professional Experience:
Verizon, VA — Sr. Network Engineer Jan 2024 – Present
●Supported multiple enterprise clients under an MSP framework, maintaining secure, resilient, and scalable LAN/WAN infrastructures built on Cisco Catalyst 9K/4K and Nexus 7K/9K platforms.
●Assisted in designing and tuning BGP (iBGP/eBGP), OSPFv2/v3, and EIGRP topologies to improve path selection, convergence, and route redistribution across enterprise networks.
●Configured advanced VLAN segmentation, RSTP/MSTP, EtherChannel (LACP), and Layer-3 SVIs, ensuring deterministic redundancy and loop-free high availability.
●Supported VRF-based segmentation, policy-based routing, and route-maps to enforce traffic separation between business units and partners.
●Assisted in HSRP/VRRP configuration, failover validation, and gateway pre-emption tuning to maintain seamless inter-VLAN routing.
●Provisioned and validated layer-1 cabling, fiber patch panels, SFP/GBIC optics, and link-aggregation interfaces to ensure physical connectivity integrity.
●Performed port-channel diagnostics, CRC error analysis, and duplex/speed tuning during escalation to resolve intermittent connectivity or high-latency incidents.
●Integrated SolarWinds Orion with ServiceNow, enabling automated fault ticketing, interface health polling, and NetFlow-based traffic correlation for proactive detection.
●Conducted utilization audits, QoS policy validation, and SNMPv3 trap analysis to ensure optimal traffic prioritization across WAN circuits.
●Assisted in ACL, NAT, and VPN policy configuration on Palo Alto, Cisco ASA/FTD, and Check Point NGFW appliances, reinforcing perimeter and remote-access security.
●Supported multi-site firewall migrations using Palo Alto Migration Expedition, ensuring configuration parity between legacy Cisco ASA, Fortinet, and PAN-OS 10.x deployments.
●Configured HA pairs of PA-5020/7050 firewalls, validating link-state synchronization, session persistence, and redundancy under failover load.
●Supported SSL decryption, App-ID tuning, and custom application signatures to refine traffic visibility and reduce false positives.
●Administered Panorama for centralized policy push, dynamic address-group automation, and template stack control across 700+ distributed firewalls.
●Configured OSPF and BGP peering on perimeter firewalls to optimize route advertisement and maintain symmetric forwarding paths.
●Assisted in deploying IPsec, SSL, and GlobalProtect VPNs with SAML/LDAP integration to secure hybrid connectivity between data centers, AWS VPCs, and Azure VNets.
●Contributed to Python/REST API automation for rule cleanup, object normalization, and compliance-driven policy validation across multi-tenant firewalls.
●Assisted with F5 BIG-IP LTM/WAF configuration—defining virtual servers, SSL offload profiles, health monitors, and traffic-steering iRules for resilient application delivery.
●Supported Cisco WLC (9800/5508) environments, assisting in SSID creation, 802.1X/RADIUS authentication, and RF optimization to strengthen wireless stability.
●Troubleshot L2/L3 adjacency issues, spanning-tree root selection, and first-hop redundancy behavior across multi-vendor campus environments.
●Provided Tier-3 escalation for routing loops, black-holing, and asymmetric traffic, leveraging Wireshark, ThousandEyes, and advanced CLI trace diagnostics.
●Assisted with Viptela SD-WAN edge deployments, vManage template validation, and TLOC path preference tuning to align performance with SLA baselines.
●Performed firmware upgrades, config backups, and rollback testing for switches and firewalls per ITIL change-management guidelines.
●Participated in network capacity planning, circuit augmentation, and interface-level benchmarking to support client growths.
●Documented configurations, MOPs, and post-implementation results in ServiceNow, ensuring full audit compliance and knowledge-based standardization.
United Airlines, IL — Network Security Engineer Aug 2022 – Dec 2023
●Supported enterprise network and security operations for nationwide backbone and corporate environments, maintaining availability, compliance, and defense-in-depth across airport hubs, data centers, and hybrid-cloud networks.
●Assisted in the configuration, tuning, and policy optimization of Cisco ASA/FTD, Palo Alto, and Fortinet NGFWs, enforcing access control and segmentation policies across WAN edge and internal zones.
●Monitored firewall traffic, NAT translations, and VPN sessions through Firepower Management Center (FMC) and Panorama, validating session persistence and bandwidth utilization.
●Supported site-to-site and remote-access VPNs built on IPsec and SSL/TLS, integrating multi-factor authentication (MFA) for secure workforce connectivity across distributed airport and corporate sites.
●Managed and optimized IDS/IPS platforms (Snort, Suricata) to detect malicious patterns and anomalies; validated signature deployments and escalated correlated alerts to the SOC.
●Monitored and analyzed event flows through Splunk Enterprise Security and IBM QRadar, assisting in log correlation, alert tuning, and dashboard creation for high-fidelity threat detection.
●Assisted in vulnerability scanning and remediation tracking using Nessus, OpenVAS, and Qualys, coordinating with patch management teams to mitigate exploitable CVEs.
●Configured ACLs, VLAN segmentation, and 802.1X port authentication on Cisco Catalyst switches to enforce endpoint access control at the distribution layer within airport and data center facilities.
●Supported Zero Trust and micro-segmentation rollouts by applying role-based policies, static ACLs, and TACACS+/RADIUS authentication in critical network segments.
●Assisted in managing Secure Web Gateway (SWG) and Web Application Firewall (WAF) policies using F5 BIG-IP ASM and Zscaler Internet Access (ZIA) for web and application layer defense.
●Supported AWS Security Groups, Azure NSGs, and GCP VPC firewalls, validating hybrid-cloud routing and enforcing consistent east-west segmentation.
●Maintained and enhanced network monitoring via SolarWinds Orion and Cisco Prime Infrastructure, correlating alerts with ServiceNow incidents to improve MTTR and ticket lifecycle visibility.
●Assisted with Ansible playbooks and Python scripts for configuration backup, ACL audits, and automated compliance checks, reducing manual errors and deployment lag.
●Participated in change management, implementing firewall and routing updates within ITIL process controls and ensuring rollback readiness through versioned configuration snapshots.
●Supported DDoS mitigation and traffic inspection policies through F5 LTM, BIG-IP AFM, and ISP scrubbing coordination, maintaining business continuity for airline operations during volumetric attacks.
●Collaborated with cross-functional teams on incident containment, root cause analysis (RCA), and post-incident review, contributing detailed technical findings for RCA reports.
●Assisted in maintaining documentation for firewall policies, VPN maps, network diagrams, and runbooks, ensuring operational continuity and audit preparedness.
●Participated in threat-hunting exercises, SOC escalation triage, and compliance audits (PCI DSS, NIST 800-53, ISO 27001), reinforcing United Airlines’ overall security posture.
Fresenius Kabi, IL — Network Engineer Oct 2020 – July 2022
●Supported day-to-day operations of Cisco Catalyst and Nexus switching infrastructure, assisting with configuration backups, firmware updates, and interface troubleshooting.
●Assisted in configuring EIGRP, OSPF, and BGP routing for remote site connectivity, verifying neighbor adjacencies and route redistribution during maintenance windows.
●Managed basic Layer-2 operations, including VLAN provisioning, trunk configuration, and EtherChannel (LACP/PAgP) creation to maintain consistent access-layer performance.
●Assisted in configuring HSRP and GLBP for gateway redundancy and load balancing across distribution switches.
●Monitored switch and router health using SolarWinds and NetFlow, investigating interface errors, CRC counts, and latency spikes across WAN links.
●Supported Cisco ASA and Palo Alto PA-Series firewalls for policy updates, NAT rules, and VPN configuration, escalating complex rule conflicts to senior engineers.
●Helped maintain site-to-site IPsec VPN tunnels between regional data centers, performing validation pings, phase-1/phase-2 verification, and logging analysis.
●Assisted in firmware upgrades and configuration audits for routers, switches, and firewalls as part of scheduled change windows under ITIL process control.
●Contributed to troubleshooting of L1/L2/L3 connectivity incidents, performing cable tests, duplex/speed checks, and ACL reviews to isolate packet loss.
●Supported F5 BIG-IP LTM/GTM load-balancing environments, validating pool member status and SSL certificate renewals for production VIPs.
●Collaborated with senior engineers on VLAN migrations and hardware refreshes, helping stage new Cisco 4500/6500 series switches prior to deployment.
●Created and updated Visio diagrams, SOPs, and runbooks documenting network topologies, interface mappings, and recovery procedures.
●Provided on-call remote support for priority incidents, coordinating with regional teams to restore services and verify change rollbacks.
●Assisted in RCA documentation for network outages, summarizing incident timelines, corrective actions, and lessons learned for internal review.
Colan Infotech, India — Junior Network Engineer July 2018 – Sept 2020
●Began professional IT career supporting enterprise LAN/WAN operations, assisting senior engineers with switch configuration, cabling, and connectivity validation.
●Configured and maintained VLANs, trunk ports (802.1Q), and EtherChannels to segment traffic and improve performance across access and distribution layers.
●Supported OSPF, EIGRP, and static routing configurations under supervision, verifying neighbor adjacencies and path selection during site connectivity tests.
●Assisted in HSRP and STP configuration to ensure redundancy and loop prevention within campus networks.
●Monitored network health and interface utilization using SolarWinds and command-line diagnostics, escalating anomalies to the NOC for proactive remediation.
●Performed racking, stacking, labeling, and fiber patching for Cisco routers and switches; verified physical connectivity through ping and traceroute testing.
●Assisted with Cisco IOS upgrades, configuration backups, and hardware lifecycle replacements under maintenance supervision.
●Troubleshot DNS, DHCP, and IP addressing conflicts, restoring user connectivity and minimizing downtime in branch offices.
●Documented network diagrams, IP address maps, and standard operating procedures (SOPs) for internal knowledge sharing.
●Configured access lists (ACLs) and port security on Catalyst switches to reinforce basic LAN security practices.
●Participated in redundancy and failover testing, validating link recovery and gateway failover during maintenance cycles.
●Supported Cisco 6500/7500 series devices, assisting with VSS pair configuration and interface redundancy checks.
●Recreated production issues in a lab environment to test fixes and verify post-change outcomes before rollout.
●Provided Tier-1 and Tier-2 incident response, documenting steps taken, resolution timelines, and escalation details in ServiceNow tickets.
Contact this candidate