Senior Network & Security Engineer (CCIE)

AFFAN SHAH

(Network & Security Engineer)

*********@*****.*** 647-***-****, Dual CCIE Certified # 11601

OBJECTIVE

I am Cisco and Palo Alto Certified Engineer, seek a position as Network Engineer/Security Engineer challenging position that utilizes my knowledge and experience and provides me with versatile and challenging responsibilities.

TECHNICAL PROFICIENCIES & QUALITIES

Dual CCIE R/S & SP Certified Engineer Over 10 years of experience with EIGRP, OSPF, BGPv4, GRE, MPLS, VLANS, Traffic Engineering, NAT, HSRP, VRRP, DNS, DHCP, NTP, SNMP, IP SLA, Route Filtering, Redistribution, ACI, creation of tenants, 9K Nexusswitches Multicasting,, IP accounting, syslog, TACACS, radius, 802.1X authentication. Expert in ip subnetting, SDWAN Viptela, Cisco and Aruba wireless, Cisco STP, RSTP, MSTP, VTP, DTP, VLANs, Trunk, Layer 3 capabilities, Ether channels NX-OS Layer 2 and Layer 3 functionality, VDC, VPC, OTV, FEX, fabric path, VLANS, PVLANS, SPAN and ERSPAN Cisco Nexus Series switches (9508/9396PQ/PX/EX/FX, 2248TP) and (7010/7018, 5548UP and 2248TP), ASR1013, ASR1001-X, Catalyst 6509/4507RE, ISR4431, 3850, 9200, Cisco Meraki. 8200 router and 9300 switches, Palo Alto 220, 3220, 5430, 5220, Cisco ASA 5545-X

PROFESSIONAL EXPERIENCE

Company: MAFAZA Ontario Jan 2024 – Feb 2026

Network and Security Engineer

Worked on Cisco SD WAN /SD Access project

This includes configuring, managing, and monitoring the SD WAN/SD Access environment, creating a Method of Procedure (MOP), coordinating with change control teams. Schedule and execute the cutover of Cisco Catalyst 9300 switches and Cisco 8200 routers, minimizing downtime.

Configure AAA, 802.1x, BGP, VLANs, and other necessary settings through DNAC templates for a standardized approach. Implement wireless configurations and standard port assignments to maintain network consistency. Implement custom Bidirectional Forwarding Detection (BFD) templates to monitor path characteristics such as latency, jitter, and packet loss.

Monitor WAN transport path characteristics to maintain the integrity of data traffic routing

integrate MPLS and broadband transports into the SD WAN architecture for robust connectivity.

Device hardening and conducting a Network Security Assessment are crucial steps in reinforcing the network's security posture and implementing improvements to safeguard against evolving threats not only enhances network performance and reliability but also fortifies security measures, setting a new standard for enterprise networking solutions.

Updating documentation. Rigorous pre-migration, post-migration, and User Acceptance Testing (UAT) are essential to ensure a seamless transition.

Prisma Access configuration for Service Connection/IPSec tunnel/Routing Configuration

Configured Prisma Access Global Protect according to the requirements.

Configured Prisma Access Global Protect for split tunnel, for Always-on

Configured Prisma Access Global Protect for HIP as per requirements

On boarded Firewalls on Strata Cloud Manager for centralized Management.

Onboard Firewalls on Panorama for centralized Management

Set up High Availability (Active/Standby), security/NAT rules, ipsec tunnels on various Palo Alto platforms

Migrated Cisco firewalls to Palo Alto using Expedition

Setup day one configuration of Palo Alto Firewalls

Company: Walmart Canada Nov 2020- Jan 2023

Network and Security Engineer

Held meetings with several Walmart store's managers in discussing their online grocery projects requirements for the installation of Cisco and Aruba APs. Advising them of the proper location of parking lots which could be used by customers for their online grocery pickup.

If there was an existing AP then tested with Walmart associates that the parking locations are receiving proper signals by making associates walk thru those parking area using their hand held device (T72/T70X).

Attended meeting with Walmart’s managers and building owner's of Walmart to explain them the procedure of installation of new APs.

Sent all the requirements for the installation of APs to the installation vendor technicians. Provided them AP map, AP location picture from google map and switch/port information Helped technician on the night of Change for if they needed any help.

Also worked with project manager, our manager and other teams for the preparation of SOW for replacing all Cisco APs with Juniper MIST APs thru out the walmart all over Canada.

We prepared the requirements and the procedures for the vendors to follow before and after the installation of new APs. Provided the number of APs required for each store for the vendors so that they can provide the bid.

Also went thru the vendor's bids along with manager, project manager and other in-house teams for the selection of vendor to replace/procure Juniper Mist APs.

Held meetings with each vendor so that they could explain their bids and methods of installation of APs.

Designed and implemented online grocery project. Held meeting with Walmart store managers. Designed the location of External APs in all the 480 Walmart stores to cater the number of Parking stalls required for that location. Prepared the MOPs, update AP map, coordinated with on site tech on the cut over day. Mades sure that APs have been connected to right switch/port, Ran the script on wireless Controller to configure the AP.

Setup Security/NAT rules on Palo Alto Firewalls

Company: EIA IT Consulting Caterpillar June 2019 to Feb 2020

Senior Network Engineer

Led end-of-life (EOL) projects across various countries for Caterpillar, focusing on migrating data centers and remote partner devices from legacy Cisco equipment to new Cisco platforms.

Deployment and upgrade of Cisco devices across global Caterpillar offices/factories, including models 6880, 4500, 3850, 3750, and 2800, and integration of Silver Peak for SD-WAN solutions to enhance network performance and reliability.

Implementation of OSPF and BGP routing protocols to ensure efficient network traffic management.

Performed Ekahau survey for Cisco APs before and after the APs installation.

Standardization of network configurations, including AAA, 802.1x, NTP, password settings, access lists, subnet additions, and VLAN setups. Revision of firewall configurations (ASA, Check Point, Palo Alto) tailored to individual site requirements, in collaboration with security teams.

Ensured design and implementation aligned with client requirements. Participated in meetings with customers and various departments to strategize final design and implementation plans.

Developed an equipment workbook to document the upgrade/replacement of EOL devices and crafted an implementation plan for customer review.

Assurance of service continuity post-migration, confirming operational status matches pre-migration performance. Conducting Ekahau surveys for optimal Access Point placement and coverage analysis.

Provision of Day 1 supports post-deployment, assisting network operations with troubleshooting tasks.

Compilation of final deliverables for customer review, including updated Network Implementation Plan (NIP), final configurations, Network Ready for Use (NRFU) documentation, Ekahau survey results, and photographic documentation of Access Points.

Setup Security/NAT rules on Pal Alto firewalls.

Configured Ipsec tunnels on Palo Alto firewalls

Worked with the technical team in the deployment, configuration and validation of Palo Alto firewalls

Assisted in the development of MOPs for deployment of Palo Alto firewalls.

Company: Rogers Communication Inc Nov 2015 - Dec 2018

Senior Network Engineer

Worked in 3 data centers with Spine and Leaf architecture, configured 9K switches using ACI, tenants, contracts, integration, fabric configuration etc.

Developed and executed Method of Procedures (MOPs) for the implementation and upgrade of network infrastructure projects. Successfully implemented and upgraded IOS and NXOS across multiple platforms in Data Centers (Spine and Leaf architecture), including ASR, Nexus 9k, 7k, 5k, and 2k series, as well as in remote LAN/WAN sites.

Authored comprehensive documentation for upgrading Cisco 4500, 4100 ASR, and 3850 switches, ensuring alignment with project specifications.

Facilitated the addition of new VLANs and fulfilled port requirements in accordance with project needs.

Oversaw the decommissioning of end-of-life routers and switches, replacing them with updated models in both Data Centers and remote sites.

Conducted a thorough analytical survey of all Data Centers to account for all network devices.

Configured new switches, established VLANs, and set up ports to support LAN team operations.

Collaborated with DNS, Infoblox, and IPAM teams to address customer requirements effectively.

Designed network architectures and presented them to stakeholders for approval and feedback.

Engaged with security teams to implement necessary changes in Check Point, ASA, and Palo Alto firewalls, as well as coordinating with Load Balancer and Wireless teams to enforce customer-specific policies.

Took charge of decommissioning various outdated routers and switches as part of network optimization efforts. Updated engineering drawings to reflect current network configurations and upgrades.

Worked with the technical team in the deployment, configuration and validation of Palo Alto firewalls

Assisted in the development of MOPs for deployment of Palo Alto firewalls.

Configured Palo Alto firewalls from scratch.

Company: CIBC May 2014 - Nov 2014

Network Engineer

Developed comprehensive documentation aligning with project requirements for a financial institution.

Facilitated cross-team collaboration to establish DNS, TACACS, and DHCP configurations for new hosts, ensuring client requirements were clearly communicated and understood.

Managed routing and switching projects, including the creation and network-wide advertisement of VLANs.

Executed installation and configuration of Cisco Nexus 7K, 5K, and 2K switches, followed by rigorous pre-production testing. Tailored network solutions to individual client needs, incorporating their specific requirements into configurations on Cisco routers, switches, and firewalls.

Drafted and implemented Methods of Procedure (MOPs) to introduce new routing VLANs, supporting network expansion and the construction of new environments.

Installed and configured a range of Cisco Catalyst switches (3500, 4500 series) and 3845 series routers.

Configured Nexus 7k, 5k, and 2k fabric extenders to support the network expansion and meet the growing demands of data center infrastructure. Conducted advanced and complex configurations of Virtual Port Channels (VPC), Fabric Extenders (FEX), and routing for new subnets, ensuring zero downtime.

Implemented intricate route filtering strategies within the network, utilizing EIGRP and BGP to prevent loops in a highly redundant and multipath network environment. Created and executed MOPs for the addition of new VLANs, successfully implementing the changes.

Offered expertise in Cisco networking hardware, providing guidance on routers and switches and applying routing and switching skills to fulfill project objectives.

Set up NAT /Security rules on Palo Alto

Company: CISNET March 2011 - Nov 2015

Delivered comprehensive instruction aligned with curriculum objectives (on as needed basis)

Developed detailed lesson plans covering IP subnetting, routing, switching, DNS, DHCP, and VLANs.

Employed interactive teaching strategies to foster student engagement and participation.

Contributed to the development and assessment of curriculum and educational resources.

Designed and instructed courses and workshops (on as need basis) in key technology areas including:

a) Routing Information Protocol (RIP)

b) Open Shortest Path First (OSPF)

c) Enhanced Interior Gateway Routing Protocol (EIGRP)

d) Border Gateway Protocol (BGP)

e) VLAN routing and configuration

f) Advanced IP subnetting techniques

g) Domain Name System (DNS) management

h) Dynamic Host Configuration Protocol (DHCP) operations

i) Network Administration principles

j) Adaptive Security Appliance (ASA) failover protocols

k) Virtual Private Network (VPN) configurations

l) Network Address Translation (NAT) practices

m) Network load-balancing solutions.

Company: TELUS July 2004 - July 2013

Network Consultant

Led a team of 20 in supporting data networks for various government and private organizations within TELUS network operations. Key clients included TD Bank with over 1700 branches, HRDC offices across Canada, CPRail, CFIA, and CATSA.

Utilized Lynx and Remedy tools for efficient ticketing and issue tracking.

Designed and configured complex network infrastructures using a variety of routing protocols such as RIP, OSPF, EIGRP, and BGP, including Inter-VLAN Routing and route redistribution.

Established and managed VLANs, and configured trunk and access ports on switches to support LAN teams.

Enhanced network security by implementing access lists on Cisco routers and deploying Fortinet, Checkpoint, and ASA (PIX) firewalls. Operated within a multi-vendor environment, handling equipment like ATM 5620 Switches, various Cisco Router and Switch series, Nexus 7k, 5k, and 2K, and Avaya routers.

Supported diverse network types including Ethernet, fiber optics, ISDN, ADSL, and frame relay.

Configured Virtual Routing and Forwarding (VRF) and Multi-Protocol BGP (MPBG) specifically for the TD Bank network. Provided second and occasionally third-level support for network-related issues, maintaining professional relationships with customers.

Troubleshot and resolved issues within MPLS networks and monitored routes using object tracking and IP SLA. Set up traffic engineering tunnels, GRE tunnels, and implemented policy-based routing, load sharing, and failover strategies. Engaged in communication and negotiation with users, specialists, other staff, and customers to ensure smooth operations.

Managed and resolved complex and chronic network problems, particularly chronic circuit issues.

Delivered prompt and efficient service to clients, managed new project implementations, and network designs. Adhered strictly to policy and procedure guidelines and service level agreements as per customer contracts. Managed both on-net and off-net customers on a national scale.

Conducted knowledge transfer and provided training to new team members on IP Subnetting, DNS, DHCP, and routing protocols like EIGRP, OSPF, and BGP.

Implemented network changes according to customer requirements, utilizing advanced routing and switching skills.

Updated NAT/Security rules on Palo Alto

EDUCATION

MS Engineering, New Jersey Institute of Technology (NJ, USA).

BS Engineering, NED University of Engineering and Technology

Certifications:

CCIE Service Provider

CCIE Routing and Switching

CCNP Security

Palo Alto PCNSE

Prisma Access Training (SCM Managed)

Prisma Access Training (Panorama Managed)

Panorama Training

Prisma SDWAN Training

Contact this candidate