Home

Rohith Reddy - Sr. Network Security Engineer
[email protected]
Location: Orlando, Florida, USA
Relocation:
Visa: OPTEAD
Rohit Reddy
Sr. Network Security Engineer
Ph. No: 908-360-8035
Email: [email protected]
Professional Summary:
Over 8+ years of experience in Cisco/Juniper Networking, Security which includes designing, Deployment and providing network support, installation, and analysis for a broad range of LAN / WAN protocols.
Hands On experience Cisco IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP, BGP v4.
Experience Arista Cloud Vision on a POC. Working on Spine leaf Architecture in Data center. Worked on EVPN, VXLAN, VTEPS, Bridge Domains, MP-BGP etc.
In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
Good knowledge of Palo Alto Firewalls and the Panorama Network Security Management Box.
Configuring Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210
Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
Experience in Designing and assisting in deploying enterprise-wide Network Security and High Availability Solutions for ASA.
Navigated through Algosec and Palo Alto, Checkpoint to find risky ports and unused firewall rules to help with firewall audit.
Experience in upgrading IOS in the Data center switches and routers.
Worked on change controls and cut overs during weekend on routing, switching and security.
Datacenter experience create new cable run list (L1), document runbook and Solution planning and upgrading, architect VXLAN, ACI and ASA cluster firewall with NAC, ISE.
Experience in NS2/NS3 and other network Simulators.
Hands-on experience implementing Palo Alto, including Prisma Access, Prisma Cloud and optionally Prisma Cortex.
Extensive work experience with Cisco Routers, Cisco Switches, Load Balancers and Firewalls.
Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 9K, 7010, 5000 series to provide a Flexible Access Solution for a datacenter access architecture.
Experience with Cisco DNA solutions ISE, NGFW, Prime, ESA, WSA, VPN and CWS implementations.
Experience with Spine Leaf Architecture, EVPN, VXLAN, VTEPS, VNI, BGP. Experience with Overlay and underlay technologies. Basic Knowledge on scripting in Python and Ansible.
Responsible for Check Point (Secure Platform R70) and Cisco ASA firewall administration across global networks.
Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
Implemented and maintained Sourcefire intrusion detection/ prevention (IDS/IPS) system and hardened protection standards, IDS/IPS signatures on Firewall for Fine-tuning of TCP and UDP services.
Implemented traffic filters using standard and extended access-lists, distribute-lists and route maps.
Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
Proficiency in Cisco ASAs, ISRs, Catalyst/Nexus, HP Switches, Cisco Meraki, Aruba, EIGRP, OSPF, BGP.
Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
Participated in troubleshooting SDN/SD-WAN deployments.
Provide consultation regarding segmentation, security and policy of the SDN network.
Deployed, Managed, monitored and supported Bluecoat Pulse/ZScaler Proxy for content filtering, internet access between sites and VPN client users, forward proxy scenario and reverse proxy scenario for security and worked on adding URLs in Bluecoat Proxy SG's for URL filtering.
Worked extensively on Cisco ASA 5500(5510/5540) Series. Experience with Palo Alto 5K series. Migration from ASA to PA.
Experience in configuring VPC, VDC and ISSU software upgrade in Nexus 7010.
Experience with setting up MPLS Layer 3 VPN cloud in data center and also working with BGP WAN towards customer.
Extensive experience in cloud management systems and integrated with Azure for AD.
Acquired knowledge in working with Meraki Wireless access points MR 16, MR 18, MR 32, MR 42, MR 72 etc.
Experience with SSL decryption, APP ID, Threat ID, URL filtering in PA firewalls.
Worked on upgrading Aruba controllers and Access points in troubleshooting the onboarding devices with the networks.
Experience on WAN Optimization Technology, Riverbed.
Worked on Cisco Firewalls Cisco ASA 5500(5510/5540) Series and Checkpoint R75, 76, NGX R70 Firewalls.
Worked with Automation script with Python module like Chef & Ansible.
Experience on Fortinet FortiGate Appliances including 3200D, 1500D, 1200D running Latest 5.2 FortiOS.
Configuring Cisco Wireless Controllers and AP s.
Experience with building Ultra Low Latency Data Center Design End-to-end design approach.
Configuring the Network Admission Control (NAC).
Configuring Cisco WAAS.
Excellent customer management/resolution, problem solving, debugging skills and capable of quick learning, effectively analyze results, and implement and delivering solutions as an individual and as part of a team.
Hands on Experience testing iRules using Browser (IE), HTTP watch on F5 load balancers.
Provided support that included resolving day-to-day operational issues with tickets generated by a server.
Good understanding of SNMP, IP SLA and Network Monitoring with experience in tools like PRTG.

Technical Skills:
Networking Technologies: LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP, SDN, SDWAN
Cloud Computing and Automation: AWS, Microsoft Azure, Cisco Meraki, C++, Python scripting, Ansible, Cloud Migration.
Networking Hardware: Cisco Switches, Cisco Routers, ASA/Pix firewalls, IronPort
Routing Protocols: OSPF, IGRP, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting
Security Technologies: PAP, CHAP, Cisco PIX, Blue Coat
Network Management and Monitoring: Wireshark, Infoblox, Cisco Prime, Security Device Manager (SDM), CiscoWorks; TCP Dump and Sniffer; SolarWinds NetFlow Traffic Analyzer, Network Performance Monitor (NPM), Riverbed
Operating Systems: Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS XR
Routers: CISCO 2600, 2800,3600,3800,7200, Juniper M & T Series, Cisco CRS-1, CRS -3, GSR
Load Balancers: Cisco CSM, F5 Networks (BIG-IP), Citrix NetScaler
Capacity & performance: Cisco works
Switches: CISCO 2900, 3500,4500,5000,6500, Nexus 7k,5k,2k
Simulation Tools: GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence
Layer Three Switching: CEF, MLS, Ether channel (PAGP and LACP, Load Balancing).
Wireless: Cisco Meraki Wireless Access points (MX-65, MX-64, MS-225-48PS, MS-220-48PS, MR-42), Aruba Access points 200, 207,300,320, Wireless controllers 7280, 7240, Cisco Wireless controller 5508 and Cisco Aironet 3700 series.
Firewalls: Juniper Net Screen (500/5200), Juniper SRX (650/3600), Pix (525/535), ASA (5520/5550/5580), McAfee Web Gateway, Checkpoint, Palo Alto firewalls.
AAA Architecture: TACACS+, RADIUS, Cisco ACS
Features & Services: IOS and Features, HSRP, GLBP, IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVR s, HLD and LLD documents, Dell equal logics

Professional Experience:

Amtrak, Washington, DC (Remote) Aug 2021 - Present
Senior Cloud Network Engineer (Data Center-SDWAN, Security Engineer)

During this project, my main aim was to maximize network performance by monitoring performance, troubleshooting network problems and outages, scheduling upgrades and collaborating with security architects on network optimization for providing better security to the firm.

Responsibilities:
Configuring user's role and policies for authentication using cisco NAC and monitoring the status of logged users in network using Cisco ISE.
Configure / Troubleshoot CISCO 12000, 7500, 3800 series routers and 3560 series switches for LAN/WAN connectivity.
Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
Installed, configured, and maintained with vendors Cisco, Juniper, Alcatel-Lucent, Arista, Brocade, Riverbed, Enterasys, Fortinet networking and Wireless technologies and protocols.
Performing standard network operations via ITIL standard with Incident Management and Change Management.
Deployed and Manage SDWAN network (Cisco Viptela Solution) for WAN connectivity.
Assisted in the migration from DMVPN to Cisco Viptela SDWAN, consisting of V-SMART controllers, V-BOND edge routers.
Implemented and configured Prisma Access & Panorama
Hands on experience on Prisma Cortex, running play books.
Created detailed AWS Security Groups which behaved as virtual firewalls that controlled the traffic allowed to reach one or more AWS EC2 instance.
Working in identity and access control policy related technologies such as authentication, authorization, accounting (AAA), 802.1X.
Using AlgoSec Fire Flow and Analyzer for implementing the simple changes.
Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management, and reporting tools Orion and AlgoSec.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
Cisco PRIME to manage WLC s.
Replacing Checkpoint VPN and Bluecoat proxy with Zscaler and worked on implementing Zscaler in Production.
Helped design and build out a very large 100G Layer3 Leaf & Spine architecture (eBGP) using Arista switches to support the network consolidation in the new data center.
Configured LACP, OSPF protocols on Arista 7250qx-64 switches.
Automation practice and coding in Terraform and Ansible.
Worked on the installation and configuration of Cisco ISR 800, 1000 series and ASR 1000 series routers.
Working as a network access controls (NAC) ISE engineer in planning and designing client s global network for network access solution.
Monitored usage of network resources with Cisco works, and Algosec on Cisco ASA Firewalls.
Design, Deployment, Installation, Configuration, and Upgrading the Cisco ISR routers, Catalyst and Nexus switches.
Working on the SDWAN implementations at all Greenfield and Brownfield medical facilities/hospitals by deploying Viptela hardware.
Expertise with Installation of Arista 7250QX series switches on Spine Platform.
Configured CSP hypervisor to support NFV platform for both Cisco and third-party VNFs.
Configured CSP hypervisor Increased automation and operational agility.
Provide the network and security boundary between the borderless cloud infrastructures and regular cloud DMZs.
Configuration management and infrastructure automation tooling Jenkins, Terraform, Ansible/Tower, Puppet/Chef, vRA/vRO, and other orchestrators and configuration management frameworks.
Deploy, configure, and support CISCO WLC controllers and AP devices globally.
Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP, MPLS
Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 Catalyst switches to Juniper Layer 3 EX4200 & EX3200 switches.
Worked on Zscaler policies, cloud app control policies, advanced threat, malware, sand box-based policies.
Worked on Azure AD SAML authentication for Zscaler authentication and AD group-based policies.
Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.
Worked with Cisco Umbrella to manage policies and evaluate effectiveness related to client and server DNS protection.
Deployment of Cisco AAA product ISE and its integration with other Cisco Security products such as DNAC, StealthWatch, Firepower.
Integrate Splunk with AWS deployment using puppet to collect data from all EC2 systems into Splunk.
Monitored and Created traffic Pattern on Arista 7250 switches using Open flow.
Cisco advanced security products including tetration, Stealthwatch, NAC and Client.
Objectives for Security Operations, which includes perimeter security, endpoint security, malware protection systems and implementation of Cisco EA (ISE, Stealthwatch and Umbrella).
Working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
Removed huge amounts of redundant Access Control Lists from various ASA 5500 series Firewalls as part of the Firewall Rule Optimization Project using tools like Algosec as part of it
Perform troubleshooting and issue resolution related to SIEM solution, including reports.
Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and configure 2k, 3k, 7k series Routers.
Managed DHCP, DNS and IP address thru Infoblox, and Admin for Internet sites access thru Zscaler.
Configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018
Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
administer IPv4 enterprise network infrastructure utilizing Juniper routers like Juniper MX80, MX 480 and MX960.
Devised new VPN solution utilizing Cisco Firepower and Cisco AnyConnect.
Designed perimeter security policy; Implemented Firewall ACL's; Allowed access to specified services; Enabled IDS/IPS signatures in Firewall & fine-tuned TCP & UDP.
Design and implement Catalyst/ASA Firewall Service Module for various LAN s.
responsible for managing Cisco routers, switches, HP switches, F5 load-balancers using SNMP MIBs for fault detection and for fault isolation.
Providing second/third level technical support for ACI (Application Centric Infrastructure), APIC technologies.
Responsible for the secure development lifecycle for Cisco's Nexus line of products, including Application Centric Infrastructure (ACI), Application Policy Infrastructure Controller (APIC) - Cisco's Software Defined Network (SDN).
Deploying Application Centric Infrastructure, Spine-Leaf, APIC and VXLAN.
Automation frameworks (Terraform, Ansible, Chef, Puppet) and automation scripts to support the Azure environment tools (Azure Resource Manager Templates).
Configuring ASM policies for external applications.
Function as part of a Firewall and Security team in support of Checkpoint Firewalls, Zscaler Proxy, Juniper Portals, SecAuth, Open LDAP, and Active Directory.
Administrating on F5 LTM, GTM, ASM, APM on series 5050, 10000 8900.
Working on products for Wi-Fi alliance and WLAN testing & pre and post deployment Wireless security WEP, WPA, EAP
Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex Connect
Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404 ,5508 for Wireless Network Access Control integration with Cisco ISE.
Upgrading Cisco ISE appliances company wide. Recently rolled out OpenDNS including onsite VM appliances.
Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.
Configuring Cisco NAC for Secure access by utilizing 802.1X. Cisco TrustSec
Fortinet Firewall administration configuration of FortiGate 500D,3000, 3815 series as per network diagram
Understand OSPF configuration and authentication settings to migrate routing over to the Firepower platform.
Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
Integrate Microsoft active directory (LDAP) into checkpoint for identity awareness and user authentication.
Implemented Cisco and Aruba Wireless Controllers, Aruba Wireless Access Points at corporate site as a part of WLAN Infrastructure.

Environment: Cisco 12000, 7500, 3800 series routers and Cisco 3560 series switches, Pulse , Juniper EX4200, EX3200 Switches, Juniper MX80, MX480, MX960 Routers, AWS, F5 ADC, FHRP: HSRP,Algosec,GLBP, ASR 9000, zscaler ,Cisco Firepower, Palo Alto, Cisco Nexus Switches 2232, 5596, 7009, VLAN, 802.1Q.

State of MD, Remote Nov 2019 Jul 2021
Resident Network Engineer / Network Security Engineer

Deploy and Maintain SDWAN solution, routers and Switches, Cisco ASR, Juniper SRX and Fortinet firewalls. Worked as a customer facing engineer to Deploy new hardware, Upgrade IOS, troubleshoot any ongoing issues with Routing, Security, SDWAN and coordinate with support and professional services. Worked in multi-Datacenter environment for LAN and WAN connectivity.

Responsibilities:
Firewall policy provisioning on Fortinet FortiGate appliances using Forti Manager.
Change control / ITIL Service Controls / PCI compliance. Coordinating with various teams to perform Network Changes.
Migrated to Juniper EX series switches from Cisco 3500, 3700 series and 6500 series switches. Worked on setting up Cisco ASR as edge routers. Worked on BGP for inter Data center connectivity.
Migrated Virtual Machines and applications from on premises cloud to AWS.
Architect, plan and deploy SIEM solution migration for splitting one SIEM into two environments.
Working on the ISE integration in DNA Center.
Hands-on expertise with routers Cisco 2900, 3600, 3900, ISR 4K series (4221, 4321, 4351, 4451), ISR 1002-X, and Juniper ACX, E, M, MX960 series in Core, Distribution and Edge in Data centers.
Worked on Application traffic security with WAF, F5 ASM, F5 APM for Authentication, Citrix NetScaler s for ICA proxy, Citrix VDI, Microsoft Office 365, Azure AD, AWS, Zscaler Cloud based proxies, Cisco IronPort and Blue Coat proxies.
Worked on setting up tunnels from f5 devices to Zscaler cloud.
Upgrading 3x data canters network and Optical fiber infrastructures with an Arista spine-leaf.
Configure cisco DNA for Secure remote workforce with zero trust policies and dynamic segmentation of endpoints.
Configure DNA for Policy-driven provisioning and guided remediation increase network uptime.
Specific expertise in multiple Security technologies including: Firepower NGFW, ISE, TrustSec, Stealthwatch, ASA, NGIPS, AMP, AnyConnect, Threat GRID, Umbrella, Web Security Appliance, E-mail Security, Cloud Lock, ACI, Tetration, and primarily in Meraki MX.
Configuring rules and Maintaining Palo Alto & Analysis of firewall logs using various tools. Build Cisco UCS 6200 series fabric interconnect.
Working on the SDWAN implementations at all Greenfield and Brownfield medical facilities/hospitals by deploying Viptela hardware.
Configured Cisco DNA Voucher Operations Program as a DNA Mentor to provide mentoring service to sales eligible Cisco Partners.
Experience in upgrading IOS in the Data center switches and routers. Worked on change controls and cut overs during weekend on routing, switching and security.
Developed the network-on-Network simulator NS2. Implemented lab setup for multiple deployments and tested.
Configured policies, encryption methods for WAN traffic. Worked on L1/l2 issues with customer and Nokia professional services.
Worked on designing, implementing, and operational Wireless Network setup with WLC S and AP S.
Documenting the network design using Microsoft Visio and GNS3.
Rapid firewall security assessments through Python automation.
Successful Data Center Migration Planning and Successfully developed Python automation scripts to perform Cisco firewall rule assessments.
Performed Switching Technology Administration including VLANs, inter-VLAN Routing, STP, RSTP and Port Aggregation on Cisco catalyst devices and Arista 7K.
Deployed applications and host websites on AWS cloud involving blackboard.
Created the AAA servers for LDAP and Active Directory authentication in F5 APM.
Configure and manage LDAP User management with Checkpoint Smart Directory. Implemented the policy rules and DMZ for multiple clients of the state on the Checkpoint firewall.
Worked with several network engineers for the understanding of Juniper SRX firewalls along with the changeover to Palo Alto. Palo Alto Firewall Management-Panorama.
Configured and deployed Cloud Lifecycle Management (CLM) DNS solution to automate IP address assignment and DNS record updating for new servers created in the CLM environment.
Experienced in handling and installing Palo Alto Firewalls
Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 Catalyst switches to Juniper Layer 3 EX4200 & EX3200 switches.
Used Python scripting for network sniffing and managed parameters for pool of servers and updated, automated, and migrated different services and software by means of Ansible.
Developed a Python script, which will parse all trace files and calculate throughput, latency and drop rate.
Intensive applications of Network automation tools and testing for network automation and configuration management using Ansible, Python scripting.
Performed configuration for end users on CUCM, IM&P, Jabber, WebEx, Telepresence Video Communication Server, SX80 and end points DX80's, SX20's and SX10's.
Configured and managed APM as an SSL VPN solution for remote management.
Provided Layer-3 redundancy by implementing HSRP and GLBP for High availability
Implementation and Configuration (Profiles, iRules) of F5 Big-IP LTM-6400 load balancers
Implemented Access lists and policy mapping on Juniper router installed in each branch across all the states.
Worked on configuration commissioning and upgradation of the MPLS circuits for various branch offices. Disabling all unused ports and putting them in unused VLAN.
Configuring policies on ASM using manual policy enforcement and auto policy enforcement with F5 ASM, LTM, APM.
Implemented, analyzed and recommended appropriate system for the out of band management monitoring. Utilizing SolarWinds for primary and disaster recovery site.
Monitored and responded to network anomalies utilizing SolarWinds/Orion's software and recommended appropriate network solutions for issues.
Configured Connectors along with Zscaler TAM and DAS team
Assist external as well as internal customers on the installation, testing and activation of new services. Services included T-1, DS3, SONET, Ethernet, MPLS and Direct internet Access.
Perform WLAN testing of newly installed WLAN controllers and Aps. Interface daily with customers and NOC reporting production milestones and any issues
Performed virtualization and deployed various VMs using VMware ESXI 6.5
Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment.
worked with Cisco Channel partners to build practices around Cisco ACI.
Extensive experience in cloud management systems and integrated with Azure for AD.
Configured Cloud Computing Engineering, concepts, service models (IaaS, PaaS, etc.)
Involved in working with Data Center hardware and management software.
Performed Virtualization (compute, storage, network) e.g. VMWare, KVM.
Update customer networks by configuring routers, switches, and incorporate the SDWAN into the network design.
Worked on issues with IPS/IDS servers, Zscaler and Bluecoat Proxies.
Performed in-depth analyses and complex troubleshooting overall Network telecom infrastructure and IT system using Compuware Dynatrace, and Wireshark.
Implementing large Data Center infrastructures with Cisco ACI, Cisco N9K, N7K, N5K, N3K, Cisco Cat 9500/9300, 6500, 4500/4900, Cisco ISR 4451, Cisco ASR1001.
Planning and development of designs for Migrating to AWS cloud.
Configuration and Administration of Cisco and Juniper Routers and Switches
Instrumental in the planning and architecture development of SDN based virtual enterprise gateways (infrastructure as a service -IaaS) reducing the customer time to deployment from months to days.
Network Management of IP and WAN networks (includes HP-OV, SNMP, and CLI knowledge).
Configuring IP Networking: Security Settings, QoS, Routing Protocols (OSPF, ISIS, BGP), signaling protocols like RSVP, LDP etc.
Setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer
Configured VTP to manage VLAN database throughout the network for Inter-VLAN Routing.
Worked in setting up Inter-VLAN routing, redistribution, access-lists and dynamic routing.

Environment: Cisco 3500, 3700, 3900 series Routers, Cisco ASA Firewalls, F5 ADC, Cisco ACI, VMware, Aruba, VTP, Juniper SSG-140, Palo Alto Wildfire, Juniper EX series switches, Cisco Firepower, Bluecoat, Aruba Wireless, WLC, Juniper SRX, Routing Protocols: BGP, OSPF, AAA (TACACS+ & RADIUS), TCL Scripting, ACL Configuration.

Oracle, Seattle, WA Jun 2018 Oct 2019
Network Security Support Engineer

To establish enterprise-wide information-security program; oversee companywide efforts to identify and evaluate all critical systems. Design and implement security processes, procedures, and presenting results to senior management. Develop curricula and facilitate awareness training. Supervise daily activities of Computer Security Assistant and Internet Administrator. Data center wide IOS refresh for multi-vendor equipment.

Responsibilities:
Performed Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Configuration, Assigning DHCP profiles.
Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and configured 2k, 3k, 7k series Routers.
Acquired strong skills in working with cloud-based WLAN technologies like 802.11ac/b/n/g Cisco WLAN, CISCO Meraki and Aruba Wireless.
Hands on experience in managing IT Network infrastructure in Meraki Dashboard (Access points, Switches etc.).
Working on network monitoring and analysis tools like, SOLAR WINDS, CISCO works and Riverbed and Wireshark.
Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018
Experience with configuring FCOE using Cisco nexus 5548.
Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
Experience with configuring Cisco 6500 VSS in Distribution layer of the Data center network.
Managing and configuring Aruba Wireless devices and Cisco Access Points
Configuring and managing F5 ASM (Application security manager). Developed security policies.
Configure and troubleshoot Juniper EX series switches.
Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x.
Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators.
Support Open config introduction into provisioning systems.
Involved in writing test automation for network manageability feature such as ZTP (Zero Touch Provisioning), various Open config Models, Netconf over TCP.
Configured Cisco ISE for Domain Integration and Active Directory Integration.
Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
Performing network monitoring, providing analysis and network topologies using various tools like NS3, Wireshark, SolarWinds etc.
Redundancy &Management HSRP, VRRP, Wireshark, SolarWinds, SNMP, CISCO Works, GNS3, Riverbed.
Performed WLAN validation of newly installed APs using Netscout SurveyPro analytical software.
Hands on Experience working with security issue like applying ACL's, configuring NAT and VPN.
Responsible for design and implementation/migration from Cisco Wireless platform to Aruba Wireless platform.
Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP.
Worked on integrating existing Layer 2 and Layer-3 networks with ACI.
Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment.
Well Experienced in configuring protocols HSRP, GLBP, PPP, PAP, CHAP, and SNMP.
Work with Load Balancing team to build connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers.
Perform WLAN testing of newly installed WLAN controllers and Aps. Interface daily with customers and NOC reporting production milestones and any issues
Configured & Implemented Cisco Firepower Services with Cisco ASA 5500-X advanced security defenses.
Switching tasks include VTP, ISL/ 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trucking, Port Security, STP and RSTP.
Configure and install Aruba Wireless controllers 7210 and access points.
Implementing PCI policies and procedures, ITIL practice in customer infrastructures.
Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IP Sec/GRE to Get VPN.
Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible, for user ports.
Involved in configuring Juniper SSG-140 and Cisco ASA firewall.
Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a Spine and Leaf architecture.
Strong hands-on experience on, ASA Firewalls, Palo Alto Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Setting up and Managing Virtual Machines on AWS Cloud including working on EC2, Route53, RDS, Lambda.
Implemented Zone Based Firewalls and Security Rules on the Palo Alto Firewall. Exposure to wildfire feature of Palo Alto. Supported Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls.

Environment: Cisco ASA Firewalls, F5 ADC, Cisco 3900 Routers, Cisco Catalyst switches 6500, 3750, 3550, 2960 Switches, Juniper SSG-140, Palo Alto Wildfire, Juniper EX series switches, Riverbed, Cisco Firepower, Aruba Wireless, WLC, Nexus 9k, 7k, 5k, ASR 9k, ASR 1k, Nexus 2000 FEX, Juniper SRX, Routing Protocols: BGP, OSPF, AAA (TACACS+ & RADIUS), TCL Scripting, ACL Configuration.

Verizon, Dallas, TX Oct 2016 May 2018
Network Engineer / Network Analyst


Responsibilities:
Configure / Troubleshoot CISCO 12000, 7500, 3800 series routers and 3560 series switches for LAN/WAN connectivity.
Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
Designed and implemented support for streaming Open config models in model driven telemetry.
Performing standard network operations via ITIL standard with Incident Management and Change Management.
Actively involved in Switching Technology Administration including creating and managing VLANS, Port security- 802.1x, Trucking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009.
Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP, MPLS
Experience with deploying PIM Sparse-mode/Dense-mode multicasting in Campus locations.
Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 Catalyst switches to Juniper Layer 3 EX4200 & EX3200 switches.
Design, implement and administer IPv4 enterprise network infrastructure utilizing Juniper routers like Juniper MX80, MX 480 and MX960.
Participated actively in proof-of-concept projects implementation which included storage and backup solutions from private cloud providers Amazon AWS & Microsoft Azure.
Devised new VPN solution utilizing Cisco Firepower and Cisco AnyConnect
Designed perimeter security policy; Implemented Firewall ACL's; Allowed access to specified services; Enabled IDS/IPS signatures in Firewall & fine-tuned TCP & UDP.
Design and implement Catalyst/ASA Firewall Service Module for various LAN s.
responsible for managing Cisco routers, switches, HP switches, F5 load-balancers using SNMP MIBs for fault detection and for fault isolation.
Working on products for Wi-Fi alliance and WLAN testing & pre and post deployment Wireless security WEP, WPA, EAP
Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex Connect
Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404 ,5508 for Wireless Network Access Control integration with Cisco ISE.
Upgrading Cisco ISE appliances company wide. Recently rolled out OpenDNS including onsite VM appliances.
Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.
Troubleshoot Fortinet Firewall, issues, edited policies and created rules.
Fortinet Firewall administration configuration of FortiGate 3000, 3815 series as per network diagram
Understand OSPF configuration and authentication settings to migrate routing over to the Firepower platform
Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
Responsible for the secure development lifecycle environment form NX-OS to Application Centric Infrastructure (ACI) in Data center, implemented in the lab environment.
Used Cisco ACI Fabric which is based on Cisco Nexus 9000 series switches and Cisco Application Virtual Switch (AVS)
Implemented Cisco ACI infrastructure for supporting rapid application change by reducing complexity with a common policy framework that can automate provisioning and resource management.
Installed and configured latest Cisco equipment including Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per business requirements.
Integrate Microsoft active directory (LDAP) into checkpoint for identity awareness and user authentication.
Implemented Cisco and Aruba Wireless Controllers, Aruba Wireless Access Points at corporate site as a part of WLAN Infrastructure.
Rapid firewall security assessments through Python automation.
Successful Data Center Migration Planning and Successfully developed Python automation scripts to perform Cisco firewall rule assessments.
Created the AAA servers for LDAP and AD authentication in F5 APM.
Configure and manage LDAP User management with Checkpoint Smart Directory. Implemented the policy rules and DMZ for multiple clients of the state on the Checkpoint firewall.
Worked with several network engineers for the understanding of Juniper SRX firewalls along with the changeover to Palo Alto. Palo Alto Firewall Management-Panorama.
Configured and deployed Cloud Lifecycle Management (CLM) DNS solution to automate IP address assignment and DNS record updating for new servers created in the CLM environment.
Experienced in handling and installing Palo Alto Firewalls
Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 Catalyst switches to Juniper Layer 3 EX4200 & EX3200 switches.
Performed configuration for end users on CUCM, IM&P, Jabber, WebEx, Telepresence Video Communication Server, SX80 and end points DX80's, SX20's and SX10's.
Configured and managed APM as an SSL VPN solution for remote management.
Provided Layer-3 redundancy by implementing HSRP and GLBP for High availability.
Implementation and Configuration (Profiles, iRules) of F5 Big-IP LTM-6400 load balancers
Implemented Access lists and policy mapping on Juniper router installed in each branch across all the states.
Worked on configuration commissioning and upgradation of the MPLS circuits for various branch offices. Disabling all unused ports and putting them in unused VLAN.
Implemented, analyzed and recommended appropriate system for the out of band management monitoring. Utilizing SolarWinds for primary and disaster recovery site.
Monitored and responded to network anomalies utilizing SolarWinds/Orion's software and recommended appropriate network solutions for issues.

Environment: Cisco 12000, 7500, 3800 series routers and Cisco 3560 series switches, Juniper EX4200, EX3200 Switches, Juniper MX80, MX480, MX960 Routers, F5 ADC, FHRP: HSRP, GLBP, ASR 9000, Cisco Firepower, Juniper SSG-140, Cisco Nexus Switches 2232, 5596, 7009, Checkpoint Firewall, VLAN, 802.1Q Trunking.

Tech Mahindra, India Aug 2014 Jul 2016
Network Engineer

Responsibilities:
Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
Working on MPLS switches, and routing protocols like BGP, OSPS and EIGRP. Design and Implemented OSPF and BGP on various sites for routing enhancement, high availability and reducing administrative overhead.
Experienced in troubleshooting various WAN technologies like Frame-Relay, MPLS, T1, DS3 and ISDN.SD
Knowledge of DOS/Terminal functionality, Windows XP/7/8, iOS devices, Unix/Linux, Basic Perl/Python, Nmap, ESXI 5.1, VMware vSphere 5.0, Metasploit with Armitage, Penetration Testing, and usage of Qualys Guard Vulnerability Management/Policy Compliance/WAS/ Asset Management / PCI.
Basic knowledge of Multi-Protocol Label Switching (MPLS), Voice over IP (VoIP), Firewall PIX, Cisco Call Manager and routing protocol BGP.
Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time.
Configuring VPN both B2B and remote access SSL and centralized policy administration using Forti Manager, building FortiGate High Availability using FortiGate Clustering Protocol (FGCP).
SDN switches can be used for RGDD via installation of rules that allow forwarding to multiple outgoing ports.
Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and Port channels creation.
Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances
Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
Configuring static NAT, dynamic NAT, Inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
Deployed a Syslog server to allow proactive network monitoring.
Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
Configured Firewall logging, DMZs and related security policies and monitoring.
Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
Documentation and Project Management along with drawing network diagrams using MSVISIO.

Environment: CISCO routers and switches, Access Control Server, RIP V2, OSPF, EIGRP, VLAN, Trunk Protocols, CISCO ASA, DHCP, Perl/Python, SDN, DNS, Spanning tree, Nimsoft.
Keywords: cplusplus active directory rlang information technology ffive hewlett packard microsoft Idaho Maryland Pennsylvania South Dakota Texas Washington Wisconsin

To remove this resume please click here or send an email from [email protected] to [email protected] with subject as "delete" (without inverted commas)
[email protected];173
Enter the captcha code and we will send and email at [email protected]
with a link to edit / delete this resume
Captcha Image: