Sr. Network Security Specialist with 8+ Years Experience
Resume:
Abbas Ali Syed (USC)
Email: *********@*****.***
Ph: +1-281-***-****
Sr. Network Security Specialist
LinkedIn: https://www.linkedin.com/in/syed-abbas-ali-9938522b3/
Professional Summary:
Network Engineer with 8+ Years experience in the industry, which includes expertise in the areas of Routing Switching and Security.
Documented network topology, fabric architecture, and operational procedures for VXLAN/eVPN environments.
Expert Level Knowledge about TCP/IP and OSI models.
Experience in Planning, Analysis, Designing and implementing, configuring, troubleshooting and testing of enterprise Networks (LAN/WAN) and related hardware and software designs and documentation of LAN/WAN architecture and good experience VoIP services.
Provided Tier-3 support and RCA for complex VXLAN/eVPN issues including BGP EVPN route flapping and blackholing.
Design Expertise for the SDWAN (Versa, Viptela), SDLAN and WAN optimization technologies for efficient delivery of application across LAN and WAN.
Hands on experience of data center environment and implementation of VPC, VDC, EtherChannel, VSS and Fabric path on Nexus 9K, 7K, 5K, & 2K Switches and Configuration of Cisco Catalyst switches 2800, 2948, 2960, 3500, 3550, 3560, 3750, 3850, 6500, 6550, 9300, 9500 switches.
Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series). Good understanding of networking concepts such as routing protocols, VLANs, IP address management and network security.
In-depth knowledge and hands-on experience on IP Addressing, Subnetting, VRF-Lite, VLSM, VTP, port-channel, Stacking, ARP, reverse & proxy ARP, SNMP, RADIUS, TACACS+, DNS & DHCP, Ping and Traceroute concepts. Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
Hands on experience and configuration of setting up Cisco routers 1900, 2600, 2800, 3700, 3800, 7200, 7800 series and Cisco ASR routers 1k and Cisco ISR routers 4k routers to perform functions at the access, distribution and core layers.
Good understanding of JUNOS platform and worked with IOS upgrade of Juniper devices.
Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP, IS-IS, multicast PIM sparse, IGMP ability to interpret and resolve complex route table problems. Configured policy-based routing for BGP for complex network systems.
Provided firewall policy configuration and services with Juniper SRX 240 650 series.
Implemented traffic filters on Cisco routers using Standard and Extended Access list and security polices using firewall, IPSec, SSL, AAA, TACACS+, RADIUS, SNMP.
Provided cross-domain expertise spanning networking, wireless, security, load balancing, and IP telephony technologies.
Leveraged deep knowledge of LAN, WAN, IPT, IPCC, and security to resolve high-severity customer incidents efficiently.
Coordinated with third-party suppliers and carriers to resolve WAN, SD-WAN, and circuit-related issues.
Ensured adherence to operational processes while delivering rapid incident resolution and service restoration.
Played a key role in stabilizing customer environments during outages involving F5 Big-IP LTM, firewalls, and routing platforms.
Provided cross-domain expertise spanning networking, wireless, security, load balancing, and IP telephony technologies.
Leveraged deep knowledge of LAN, WAN, IPT, IPCC, and security to resolve high-severity customer incidents efficiently.
Coordinated with third-party suppliers and carriers to resolve WAN, SD-WAN, and circuit-related issues.
Ensured adherence to operational processes while delivering rapid incident resolution and service restoration.
Played a key role in stabilizing customer environments during outages involving F5 Big-IP LTM, firewalls, and routing platforms.
Utilized NetBrain for pre-change and post-change validation during global maintenance windows.
Performed firewall rule audits, policy rationalization and clean-up across Palo Alto, Fortinet, and F5 environments.
Designed load-balanced application services using F5 VIP, pools, monitors, and SSL certificates.
Enhanced WAN performance with QoS, traffic shaping and application prioritization on Cisco routers.
Integrated Aruba wireless security with Fortinet and Palo Alto firewall authentication services.
Delivered root-cause analysis and deep troubleshooting of complex network outages using NetBrain automation.
Experience in configuring router redistribution between routing protocols and troubleshooting them.
Experience in authentication protocols PAP, CHAP, 802.1x and Port Security and Configuring Security policies including NAT, PAT, VPN (DMVPN, GRE), Route-maps, prefix lists and Access Control Lists.
Hands-on configuration and experience in setting up Cisco and juniper, routers to perform functions at the Access, Distribution, and Core layers.
Configured remote workforce solutions using IPSec/SSL VPN on Fortinet, Cisco ASA, and Palo Alto GlobalProtect.
Responsible for Check Point, Juniper and Firewall administration across global networks
Design and implement Cisco ACI in data centers, created a strategy that allows use of containers for end users and developers.
Designed ACI fabric to ensure each tenant is secure and has separation from other tenants. Use L3/L2 outs via common tenant to reduce TCAM and RAM utilizations
CORE COMPETENCIES
Network Design Architecture Network Configuration Troubleshooting and Optimization LAN WAN MPLS
Wireless Security Data Center Cisco Arista Aruba Palo Alto Networks Networking Protocols VTP
Spanning-Tree Trunks, EtherChannel Network Security Principles TCP/IP BGP/MPBGP OSPF EIGRP MPLS
QoS SDA SD-WAN VLANs VRF HSRP VRRP VTP Spanning-tree Trunk/EtherChannel IPSEC VPN.
Technical Skills:
Networking-WindowsServer2008/2016, Active Directory, DHCP, DNS, WINS, VPN, VLAN, SSH, TELNET, IP Routing Protocols –RIP, EIGRP, OSPF, BGP, LAN Protocols- EtherChannel-Spanning Tree-VLAN-VTP-ISL-DOT1Q Trunking IOS features-ACL-NAT-PAT-Security-Advanced IP, ASA and FIREPOWER FIREWALL, MULTICASTING, VOIP, QUALITY OF SERVICE, NEXUS SWITCHES-VPC, VDC, FEX, VXLAN SPINE/LEAF, F5 BIG-IP LTM Load Balancer, VRF, MPLS L3 VPN, HSRP, SITE TO SITE VPN, DMVPN, MICROSOFT AZURE
Routers: Cisco 2500/3000/2800/3900 router, Switches: Cisco 6500/4500/3560/4500 Layer 3 Core switches-Cisco 2900/2950/3500 Workgroup Switches – Cisco Aironet 1200/1250 WAP’s
Operating Systems: - WindowsServer2016/2012/2008/2003/10/7/XP/Vista/NT4.O, Workstation/Server/Windows 9X
Database: Microsoft SQL Server
LAN-Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring, ATM LAN, Emulation
WAN-Leased lines 64k - 155Mb (PPP / HDLC), Channelized links (E1/T1/E3/T3), Fiber Optic Circuits, Frame Relay, ISDN, MPLS, Riverbed, DMVPN
AAA Architecture- TACACS+, RADIUS, Cisco ACS
Professional Experience:
Fannie Mae – Washington, DC (Remote) July 2023 – Present
Sr. Network Security Engineer
Responsibilities:
Provide ownership and facilitation of project deliverables which may include complete business cases, project solution charters, impact analysis, high level architecture.
Data center admin: Hardware/IOS, LAN, WAN, security, VMware, routing and switching.
Configuring, monitoring, and troubleshooting local area networks (LAN)/ Wide Area Network (WAN) to ensure seamless connectivity and optimal performance
Designed and deployed VXLAN-based overlays using Arista EOS in spine-leaf data center fabric environments.
Deployed Layer 2 and Layer 3 VXLAN bridging and routing across distributed data centers.
Designed large-scale enterprise network architectures using Cisco routing/switching, Fortinet firewalls, F5 load balancers, Palo Alto NGFW, Aruba wireless, and automated mapping through NetBrain.
Led end-to-end network design and implementation for global data centers leveraging Cisco Catalyst, Nexus, and ISR/ASR platforms.
Developed automated network documentation and topology intelligence using NetBrain dynamic maps for complex multi-vendor environments.
Served as the primary technical point of contact for enterprise customers across the Americas, providing end-to-end support for LAN, WAN, SD-WAN, security, and IP telephony environments.
Acted as the local customer interface to the global operations team in Paris, ensuring seamless coordination on network, security, and collaboration initiatives.
Delivered expert-level routing and switching support using Cisco routers, Nexus, and Catalyst switches in complex enterprise environments.
Provided hands-on troubleshooting and configuration for Cisco routers, Nexus, and Catalyst switches, ensuring high availability and optimal performance.
Led day-to-day operational support and change activities for large-scale SD-WAN deployments across multiple customer sites.
Managed and optimized SD-WAN architectures to improve application performance, resiliency, and network visibility.
Supported secure network access and segmentation using Cisco ISE, including policy enforcement, authentication, and authorization services.
Integrated Cisco ISE with wired, wireless, and VPN environments to strengthen identity-based access control.
Delivered enterprise firewall support across Cisco ASA, Check Point, Palo Alto, and Fortinet platforms.
Performed firewall rule optimization, NAT policies, and threat prevention tuning on Check Point, Palo Alto, Fortinet, and Cisco ASA devices.
Led incident response and troubleshooting for advanced security incidents involving Palo Alto, Fortinet, and Cisco ASA firewalls.
Supported global and regional load-balancing services using F5 Big-IP LTM for mission-critical applications.
Configured, monitored, and optimized F5 Big-IP LTM virtual servers, pools, and health monitors.
Provided escalation-level support for F5 Big-IP LTM during major incidents and performance degradation scenarios.
Owned and drove major incidents outside global “core hours,” coordinating restoration efforts across networking, security, and telephony teams.
Co-managed major incidents during global core hours, ensuring effective collaboration between regional and global teams.
Implemented advanced security segmentation using Fortinet FortiGate firewalls with VLANs, SD-WAN, IPS/IDS and policy automation.
Engineered high-availability application delivery solutions using F5 LTM, F5 GTM, SSL offloading, and traffic steering.
Deployed Palo Alto next-generation firewalls with App-ID, User-ID, threat prevention, URL filtering and advanced WildFire security.
Designed enterprise-grade wireless infrastructures using Aruba WLAN controllers, ClearPass, AirWave, and role-based access.
Built secure remote access and site-to-site VPN solutions across Cisco, Fortinet, and Palo Alto platforms.
Optimized multi-vendor firewall rulesets and policies across Fortinet, F5, and Palo Alto environments.
Managed network lifecycle upgrades, patching and maintenance for Cisco, Aruba, Fortinet, F5, and Palo Alto systems.
Created scalable L2/L3 designs include OSPF, BGP, EIGRP, HSRP, VRRP and VXLAN EVPN on Cisco platforms.
Integrated NetBrain automation workflows for troubleshooting, device diagnostics, and change verification.
Configured global load balancing and application delivery using F5 GTM/DNS and F5 LTM modules.
Migrated legacy security appliances to modern Palo Alto and Fortinet NGFW architectures.
Conducted advanced packet capture, traffic analysis and network diagnostics using NetBrain, Wireshark, and Cisco tools.
Designed redundant WAN architectures integrating Cisco SD-WAN, Fortinet SD-WAN, and VPN failover.
Implemented symmetric and asymmetric IRB (Integrated Routing and Bridging) for VXLAN routing in Arista fabrics.
Configured Cisco and juniper Routers for OSPF, IGRP, RIPv2, EIGRP, IS-IS, Static and default route.
Actively involved in Switching Technology Administration including creating and managing VLANS, Port, security- 802.1x, Trucking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009.
Utilized OSI-layered approach to troubleshoot complex network issues, isolating packet drops and latency to Layer 3 (Network) and Layer 4 (Transport) misconfigurations.
Design, Implement & troubleshooting of Juniper switches, routers and Firewalls.
Configuring VSS, VLANS, VTP’s, VRF, STP, HSRP, VRRP and enabling trunks between Cisco Catalyst switches.
Design and configuration experience on Cisco ACI- Spine-Leaf switches, APIC and APIC- EM controller, Nexus switches, VMware NSX-T/NSX-V, NSX Edge, NSX logical router, NSX load balancer, NSX distributed Firewall.
Updated software code on the Aruba 2920, 5406R switches and Aruba IAP-275 outdoor, IAP-325 indoor wireless access points. Design, Implement & troubleshooting of Juniper switches, routers and Firewalls
Troubleshooting of complex LAN/WAN infrastructure that includes routing protocols EIGRP, OSPF, BGP, MPLS, IS-IS. Provided firewall policy configuration and services with Juniper SRX 240 650 series.
Managed firewall using Fort iGATE to allow or block IPs, created policies added different interfaces and vlans.
Continuous industry knowledge upgrade per the SDWAN products, cloud resources and firewall for enterprise and service providers to ensure SDWAN clients/ISP expectations are met.
Worked extensively on Cisco NGFW (Cisco Next-Generation Firewall) like Cisco ASA 5500(5510/5540) Series with Firepower Service, experience with converting PIX rules over to the Cisco ASA solution.
Designed and implemented NAT overload/PAT on Cisco NGFW (Next-Generation Firewall) like Cisco ASA 5585 and 5520 Firewall to provide address translation between private addresses of the network and public address over the internet.
Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco NGFW (Cisco Next-Generation Firewall), Cisco ASA VPN experience.
Johnson & Johnson – New Brunswick, NJ Jan 2020 – June 2022
Network Security Engineer
Responsibilities:
Provide network solutions, outsource customers. Interface with customers and network vendors to provide project leadership and oversee network infrastructure design and review for data center LAN, WAN, and Wireless.
Providing technically accurate and financially complete solutions for network migrations and enhancements.
Configuring Layer 2 & Layer 3 interfaces and port channels and VDC on Cisco Nexus Switches 9508.
Experience in deploying MLAG (Multi-Chassis Link Aggregation) with Arista for link redundancy and active-active traffic forwarding.
Configured route-target filtering and route-distinguisher settings in eVPN for granular traffic engineering.
Utilized Arista EOS advanced telemetry and streaming analytics for proactive fabric monitoring and alerting.
Designed and supported inter-fabric VXLAN stitching to extend Layer 2 services across multiple Arista domains.
Delivered in-depth Root Cause Analysis (RCA) reports with actionable recommendations for recurring network and security issues.
Participated in daily customer zone incident huddles, providing expert technical insights on active tickets and service requests.
Maintained direct access to customer network devices to execute complex troubleshooting and approved change activities.
Supported enterprise wireless solutions using Cisco autonomous access points and WLC-based wireless architectures.
Delivered LAN/WAN operational excellence across multi-site enterprise networks built on Cisco routers, Nexus, and Catalyst switches.
Provided end-to-end IP Telephony support for IPT and IPCC environments, ensuring high voice quality and service reliability.
Supported enterprise voice infrastructure leveraging CUCM for call control, routing, and endpoint management.
Integrated CUCM with Cisco UCS platforms to deliver scalable and resilient collaboration solutions.
Delivered operational and troubleshooting support for Cisco UCS compute environments hosting voice and collaboration workloads.
Provided collaboration services support for WebEx, ensuring seamless conferencing and enterprise collaboration experiences.
Supported IPCC platforms, troubleshooting call flows, CTI integrations, and customer contact center issues.
Demonstrated strong understanding of customer business drivers, critical sites, and third-party vendor dependencies.
Acted as a trusted technical advisor to customers, translating business requirements into secure and scalable network solutions.
Collaborated closely with security teams to align Check Point, Palo Alto, Fortinet, and Cisco ASA policies with compliance standards.
Delivered change management activities across routing, switching, SD-WAN, security, and collaboration platforms.
Ensured network stability and resilience through proactive monitoring and lifecycle management of Cisco routers and Catalyst switches.
Supported enterprise core and data center switching environments built on Cisco Nexus platforms.
Collaborated with security teams to implement micro-segmentation and traffic isolation using VXLAN and access control lists.
Integrated intrusion prevention systems (IPS) and firewalls to detect and block threats across multiple OSI layers, particularly at Layers 4 and 7.
Implemented NAC (Network Access Control) solutions using Aruba ClearPass for wired/wireless security.
Secured data center perimeters with Palo Alto zone-based architecture and granular security policies.
Designed resilient wireless mesh and campus networks using Aruba access points and controllers.
Coordinated firewall rule migrations from legacy platforms to Fortinet and Palo Alto with zero-downtime strategies.
Built automated change management and impact validation steps with NetBrain Runbooks.
Configured multi-context and high-availability clusters on Fortinet and Palo Alto firewalls.
Tuned F5 iRules and profiles to optimize application delivery and security posture.
Designed and maintained hybrid cloud connectivity (Azure/AWS) using VPN, BGP and firewall policies.
Delivered enterprise VoIP and video-optimized network designs across Cisco platform.
Ensured 24x7 availability through proactive monitoring, alerting, and automation via NetBrain and NMS tools.
Deploying Cisco Application Centric Infrastructure (Cisco ACI), Spine-Leaf, APIC, and VXLAN
Addressed technical issues and questions regarding confidential ISE include troubleshooting and modifications.
Configuration of port channel between core switches and server distribution switches.
Performed secure routing and segmentation using VRFs, MPLS, BGP communities on Cisco platforms.
Bring up new remote sites by deploying Cisco ISR routers and catalyst switches with dual homed circuits.
LAN cabling in compliance with CAT6 standards; Installing new hardware and swap out hardware physically.
Managed VPN, IPSec, DMVPN, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Checkpoint Firewalls.
Managing the DNS entries and DHCP networks using Infoblox.
Hands on experience on using crimp tools, punch down tools to punch cables to the 110 data/voice blocks.
Installed, configured and set security policies on Cisco Checkpoint, Fortinet and Juniper SRX Firewalls.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
IBM – Albany, NY Jan 2018 – Nov 2019
Network Engineer
Responsibilities:
Configured, Managed the Cisco ISR Routers, Cisco ASR Routers and Cisco Catalyst Switches, Cisco Nexus Switches, and Implementation of IS-IS, RIP, EIGRP, OSPF, BGP routing protocols and troubleshooting Remote infrastructure management of offices in different locations.
Configured STP (PVST, RSTP) for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
Managing wide area networks (WAN) by configuring and optimizing routing protocols such as BGP, IS-IS, EIGRP and OSPF. Prepare, update, and maintain technical and logistical network documentation.
Configured routing protocol EIGRP on 2600, 2800 routers and static routing on 3750 switches.
Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP, IS-IS, RIP with Access Control lists implemented as per Network Design.
Continuously improved operational procedures and knowledge sharing between regional and global engineering teams.
Recognized for delivering reliable, secure, and scalable enterprise solutions across Cisco ISE, Cisco ASA, Check Point, Palo Alto, Fortinet, SD-WAN, CUCM, Cisco UCS, and WebEx environments.
Deployed redundant load-balancing frameworks using F5 Active-Standby and Active-Active designs.
Implemented Quality of Service (QoS) on PE and CE as per BTs templates and upgrading bandwidth and CoS as per client requirement. Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
Worked on deploying new WLCs such as 8500, 9800 and configured Access Points (APs) 3800, 3700, 9800 to attach them with WLCs across the organization.
Implemented Quality of Service (QoS) on PE and CE as per BTs templates and upgrading bandwidth and CoS as per client requirement.
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
Worked on deploying new WLCs such as 8500, 9800 and configured Access Points (APs) 3800, 3700, 9800 to attach them with WLCs across the organization.
Experience with setting up MPLS L3VPN cloud in data center and working with BGP WAN towards customer.
Managing wide area networks (WAN) by configuring and optimizing routing protocols such as BGP, IS-IS, EIGRP and OSPF. Prepare, update, and maintain technical and logistical network documentation.
Performed Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Config, Assigning DHCP profiles
Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
Education & Certification:
Bachelor’s in computer science and engineering from Lords Institute of Engineering and Technology, 2016
Cisco Certified Network Associate
Cisco Certified Network Professional
Cisco Certified Specialist
PCNSE: Palo Alto Certified Network Security Engineer
Contact this candidate