Home

Raju Thupran - Sr. Network Engineer

[email protected]

Location: Gloversville, New York, USA

Relocation: Yes

Visa: H1B

Profile Summary: Experience in designing, installing, expanding, securing, and troubleshooting complex networking environments. Expertise in creating High-Level Architectural Designs (HLAD) and Low-Level Architectural Designs (LLAD), as well as process guidelines for implementation. A competent professional with nearly 12+ years of experience in the IT industry, specializing in Routing, Switching, Security, and Load Balancers. Extensive hands-on experience with complex routed LAN and WAN networks, configuring and implementing Cisco routers (12000, 7200, VXR, 7500, 3600), switches (Catalyst 9300, 9407, 9500 & Nexus 9k, 7K, 5K, 2K), Arista, NGFWs from various vendors such as Palo Alto, Cisco, and Checkpoint, etc. Experience in wireless network assessments and remediation, troubleshooting wireless LAN networks based on client issues. Good experience in performing network analysis, monitoring, troubleshooting, and assisting in the detection and resolution of any network failures. Experience with Cisco Meraki SD-WAN and wireless managed network infrastructure. Expertise in Azure infrastructure management, ExpressRoute (Azure), and Interconnect (GCP). Experience in AWS, CI/CD, Jenkins, Tableau, Splunk, GitHub, Jira, Confluence, and ServiceNow. Expertise in network automation and monitoring, with the ability to create scripts using Azure PowerShell for automation and the build process. Experience with deploying BIG-IP F5 LTM & GTM and A10 Load Balancers for load balancing and traffic management of business applications. Experience with Cisco DNA Center management. In-depth knowledge of various AWS services, including EC2, VPC (NAT, Peering, VPN), IAM, EC2 Container Service, Elastic Beanstalk, Lambda, S3, CloudFront, Glacier, RDS, DynamoDB, ElastiCache, Redshift, Direct Connect, Route 53, CloudWatch, CloudFormation, CloudTrail, OpsWorks, Amazon Elastic MapReduce (EMR), AWS IoT, SNS, SQS, Lambda, API Gateway, AWS Alexa, etc. Good experience with configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP. Technical Skills: Communication Protocols: TCP, UDP, DHCP, HTTP, HTTPS, FTP, ICMP, SMTP Networking: TCP/IP, LAN, WAN, SD-WAN, WLAN, Telnet, SSH, Ethernet Operating systems: Windows, Linux, CISCO IOS, MAC OS, Junos OS Routing Protocols: RIPv1, RIPv2, OSPF, EIGRP, BGP, Cisco 17XX, 18XX, 26XX, 28XX, 37XX, 38XX, 39XX &72XX, ASR 9K series. Switching Technologies: VTP, STP, RSTP, VLAN, Layer 3 switching, LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & multi-layer switch, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging Security: ACL, SSL, SSH, NAT, PAT, VPN, VTP, IPsec, IDS, IPS, Cisco (ASA, PIX) 5510 Redundancy Protocols: HSRP, VRRP, GLBP, IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, TACACS+, RADIUS, Cisco ACS. Firewall: Cisco ASA 5505, Barracuda, Checkpoint 790, Check Point R77.30, 1450, 3100, 5400 Wireless: Cisco 5500 Wireless controller, Aruba Routers Cisco 2620XM, 2851, 3600, 3825, ASR 9000 Series, Aruba Palo Alto Firewalls (3200, 5020, 7050), Panorama management systems Cisco Gear Nexus7K, 5K, 3K, 2K, Cisco routers (7200VXR.3725, 3660, 2500, 1800 series) and catalyst switches (6500, 4500, 3750, 3500, 2900 series), ASR (1004, ASR9010, ASR5505, ASR9922 devices), NCS 5500, NCS 5700. Load Balancer Cisco ACE load balancer, F5 Networks (Big-IP) Education Qualifications: Bachelor of Science from Kerala University, India MS and MBA from Information systems from Eastern Illinois University Professional Certifications: Cisco Certified Network Associate (CCNA) Cisco ID No. CSCO14068825-valid till November 2024 Professional Experience: Montgomery County of New York, NY May, 2023- Till date Sr. Network & Security Engineer Responsibilities: Conducted network assessments to evaluate existing solutions, identifying potential configuration issues and architectural concerns. Reviewed current Firewall parameters, including NAT rules, access-lists, and Object-Groups. Migrated Legacy Barracuda firewall to next-generation firewalls (Palo Alto) Integrated networks with Public Cloud providers (e.g., Azure, AWS) using transit VPC, IPsec, and other Secure Cloud Interconnects, Private DNS Zone, and Load balancers, etc. Redesigned HLAD and LLAD to implement new technology solutions. Provided day-to-day LAN/WAN level 3 support, diagnosing, and troubleshooting layer 1, 2, 3 problems, complex cloud networking infrastructure issues, etc. Configured/Troubleshooted CISCO 12000, 7500, 3800 series routers, and 3560 series switches for LAN/WAN connectivity. Played a key role in the design and implementation of Data Center Migration and worked on implementation strategies for the expansion of MPLS VPN networks. Installed, configured, and maintained networking and wireless technologies from vendors such as Cisco, Juniper, Alcatel-Lucent, Arista, Brocade, Riverbed, Enterasys, and Fortinet. Performed standard network operations following ITIL standards with Incident Management and Change Management. Deployed and Managed SD-WAN network (Cisco Viptela Solution) for WAN connectivity. Assisted in the migration from DMVPN to Cisco Viptela SD-WAN. Implemented and configured Prisma Access & Panorama. Created detailed AWS Security Groups acting as virtual firewalls controlling traffic to AWS EC2 instances. Performed troubleshooting and issue resolution related to SIEM solutions, including reports. Deployed and decommissioned VLANs on core ASR 9K, Nexus 9K, 7K, 5K, and its downstream devices and configured 2k, 3k, 7k series Routers. Managed DHCP, DNS, and IP address through Infoblox and Admin for Internet site access through Zscaler. Configured VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018. Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network. Administered IPv4 enterprise network infrastructure utilizing Juniper routers like Juniper MX80, MX 480, and MX960. Devised a new VPN solution utilizing Cisco Firepower and Cisco AnyConnect. Designed perimeter security policy; Implemented Firewall ACL's; Allowed access to specified services; Enabled IDS/IPS signatures in Firewall & fine-tuned TCP & UDP. Designed and implemented Catalyst/ASA Firewall Service Module for various LANs. Environment: Cisco 12000, 7500, 3800 series routers and Cisco 3560 series switches, Aruba 2930 switches, Pulse, Juniper EX4200, EX3200 Switches, Juniper MX80, MX480, MX960 Routers, AWS, F5 ADC, FHRP: HSRP, AlgoSec, GLBP, ASR 9000, Zscaler, Cisco Firepower, Palo Alto, Barracuda, Cisco Nexus Switches 2232, 5596, 7009, VLAN, 802.1Q. Charter Communications, CO November 2021- April 2023 Network Security Engineer Level IV Responsibilities: Worked on troubleshooting, configuring, and supporting Cisco ASR routers, including working with one or more dynamic routing protocols (e.g., OSPF, EIGRP, and BGP). Prepared Maintenance Operation Procedures (MOP) and upgraded ASR 9K routers from IOS XR 5.3.3, 6.4.2, and 6.6.2 to 7.4.2 versions. Successfully upgraded many ASR 9000 Series Models (ASR 9922, ASR 9904, ASR 9010, ASR 9912, ASR 9903, ASR 9006, ASR 9910, and ASR 9902). Possess extensive knowledge and firsthand experience in multiple projects to launch new products like gateways, routers, modems, extenders using DOCSIS 3.0, 3.1, and fibre technologies. Created a detailed run book itemizing design options in a matrix style, along with templates and standards for all devices on the network, including LAN/WAN, Data Center, Wireless, and Security. Implemented Cisco Airspace Wireless solution for guest and internal wireless use utilizing LWAPs. Configured several switches using Cisco Meraki for various TCP/IPs & policies. Recognized as a top performer, subject matter expert (SME), and test lead on the fiber gateway project. Worked with layer 2, layer 3, and wireless QoS on optical network units. Collaborated on NBI API for remote management applications. Troubleshoot subscriber profiles for customers and established services such as smart Wi-Fi, IPTV, and VOIP. Utilized Cisco Prime, Access Control Server, Packet ping, self-care portal to manage network devices. Provided on-call support for hardware and software issues for various devices such as CPEs, STBs, extenders, computers, and mobile devices. Also, offered on-call support for network-related issues for customers. Handled day-to-day responsibilities, including troubleshooting various IP conflict problems, VLAN problems, 802.1x port-security issues, testing CPE features to be delivered, and troubleshooting ALPHA, BETA, production customer issues to find the root cause. Defined test cases for automation engineers or scripted automated test cases using the Python scripting language. Environment: Cisco Series Routers - 2900, 3800, 3900, 7200, Cisco Series Catalyst Switches - 2960, 2975, 3750-E, 4500, 6500, OSPF, BGP, VLANS, STP, VRRP, VPN, Bluecoat, load balancer, Access list, Wireshark, Python, Ansible, etc. DART, Dallas TX Aug 2020 Oct 2021 Sr. Network Security Engineer Responsibilities: Work on the redistribution of connected routes on all OSPF devices so that all connected subnets are advertised via OSPF. Configured LACP, OSPF protocols on Arista 7250qx-64 switches. Work independently to collect, consolidate and analyze evidence of the client's PCI DSS compliance and meet the internal quality assurance requirements. Make final reports on compliments to detail the controls observed during security assessments in accordance with various security standards and regulations such as PCI DSS v 4.0, ISO/IEC, etc. Performed security hardening and pen testing of both internal and external networks as per PCI DSS standards. Maintained Switches using Nortel DMS 250/300, Sonus NGS VoIP Products DS3/DS1,0 on CTL Long Distance, Provided LEC Support for Technicians to do nightly maintenance on 3 rd shift. Understand customer requirements for wireless networks and explain how Cisco Meraki will integrate with current infrastructure, as well as service future needs. Built LCM Lab to execute the Test Plan to verify the design with CUCM, VG224, routers, and switches. Working on the SD-WAN implementations at all Greenfield and Brownfield medical facilities/hospitals by deploying Viptela hardware Worked on creating Custom Azure Templates for quick deployments and advanced PowerShell scripting. Used AWS Cloud platform with features EC2, VPC, ELB, Auto-Scaling, Load Balancing, Security Groups, IAM, EBS, AMI, RDS, S3, SNS, SQS, Cloud Watch, Cloud Formation Experienced in one or more of the following security devices: McAfee Stonegate, FortiGate, BlueCoat Proxy, CISCO ESA, Palo Alto firewalls, and A10 Proxy, Panorama management console. Worked with VMware/ Hyper V Update Manger to update VM s and hosts with the latest patch release from Windows and Linux Moderate knowledge in configuring and troubleshooting Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics. Aruba ClearPass Network Access monitoring and access control setup and upgrades to the network giving a complete view of mobile devices of what users can see. Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Environment: F5 - LTM 5100, 6800, GTM, ASM, APM, IRules, Juniper EX, SRX, J, MX series, UTM Antivirus, Bluecoat proxy servers, Cisco ISE, Packet shaper, Checkpoint AWS, Spanning Tree, Cisco ISE, QOS, HSRP, VRRP, GLBP, RSTP, MST, Fabric path, OTV, MPLS, BGP, VOIP. Nike, Beaverton, OR July 2019 - July 2020 Sr. Network Security Engineer Responsibilities: Secure a VMware environment to comply with organizational cyber security requirements. Lead the strategy for Meraki Health across all facets of the Meraki platform. Expertise in with Cisco ASA, and Palo Alto Panorama Configured separate policy rules on the firewalls to ensure the customer meets the requirements as asked. Implementing technology solutions for clients that will address their needs in Networking, Security, Enterprise Data Center, and SDN & SD-WAN focused solutions. Participate in technical research and development and provide recommendations on ways to improve the ITS network availability and functionality for continued innovation. Worked on Cisco, Juniper, Arista, Palo Alto, Check Point, FortiGate, F5, A10, Citrix, Aruba, Bluecoat, Zscaler, Riverbed, Infoblox, SolarWinds, Splunk vendor equipment in various verticals of Network and Security domains. Expert knowledge of Cisco ACI, NxOS and IOS, other SDN products Tiered Domains, QoS, data center network design, cloud infrastructure design and management, OSPF, BGP, VLAN Trunking. Strong understanding of Hyper V and VMware Networking concepts like creation of vSwitches and TOR, different types of port groups, NIC Teaming and VLAN. Worked with SBC s, digit manipulation and NAT/PAT Working on Network design and support, implementation related internal projects for establishing connectivity between the various field offices and data centers. Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance. Strong hands-on experience in installing, configuring, and troubleshooting of Cisco Nexus 7k, 5k, 2k, Cisco 7600, 7200, 3800, 3900, 2800, 2900 series Routers, Cisco Catalyst 6500, 4500, 2960 and 3750 Stack Switches. Updated the HP open view map to reflect and changes made to any existing node/object. Implemented new ultra-secure networks in multiple data centers that included Cisco 6500 s, Juniper security devices, and F5 Big IP s. Salesforce, CA Dec 2018 - June 2019 Network Security Engineer Responsibilities: Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX. Configured Easy VPN server and SSL VPN to facilitate various employees access internal servers and resources with access restrictions. Configured VLAN s, Private VLAN s. Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls. Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it. Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers. Experience working with Nexus 9k, 7K, 5K and 2K. Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment. Configured laptops for testing, Dell switches and Cisco Nexus. Manage Cisco and Dell Switches, and Firewall Experience with SAN switches (Cisco and Brocade) and optical Ethernet switches (Dell, Brocade, and Mellanox) Implemented site to site VPN on Cisco Meraki MX64, MX65, MC84, and MX400. Implementing Cisco Meraki Wireless network. Deployed and managed Cisco Meraki products SD-WAN including Cisco Meraki Security Appliances (MX25, MX450, MX400, MX600 and MX100), Cisco Meraki switches and Cisco Meraki Wireless Aps (MR84, MR74, and MR52). Worked as a lead consultant for a consultation project to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall. Experienced in configuring and maintaining Security Policies, NAT policies, IPSEC tunnels on various firewalls like Palo Alto, Cisco ASA/ Firepower, Checkpoint firewalls and SIEM solutions like Logr Rhythm and McAfee. Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of Cisco ISE Appliances in all WAN Consolidation Points, and Data Centers. Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls. Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018, FCOE using Cisco nexus 5548. Configuring ASA Firewall and accept/reject rules for network traffic. Configured ASA 5555 to ensure high-end security on the network with ACLs and Firewall Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex Connect. Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404, 5508 for Wireless Network Access Control integration with Cisco ISE. Pixbit Solutions Pvt ltd. Kerala, INDIA Sept 2015 June 2017 Network Engineer Responsibilities: Create and maintain documentation of network topology and inventory as well as design and operation of platforms and procedures. Adaptive to cloud strategies based on AWS (Amazon Web Service). Cisco hardware includes Cisco enterprise level L3 switching and Nexus 7K/5K/2K platforms. Configured several switches using Cisco Meraki for various TCP/IPs & policies. Create Network design s documentation based on KP Planning Network Infrastructure standards and deploy network services provided to KP users for LAN, WAN, VoIP & WLAN using Microsoft Visio & excel. Maintenance and analysis of the F5 network for any possible upgradation. Design expertise for the SD-WAN, SD-LAN and WAN optimization technologies for efficient delivery of the application data across LAN and WAN. Configured WLAN Security in the areas of authentication, encryption, IDS/IPS using Radius, AAA authentication, EAP, LEAP, PEAP, PSK, AES-CCMP encryption, Wireless Sniffers, WEP encryption (Wired Equivalent Privacy), WPA (Wi-Fi Protocol Access), WPA2. Provide day to day support to several IP routing platforms including but not limited to several IP routing technologies (e.g., MPLS, OSPF, BGP, HSRP, BFD, Traffic Engineering and MPLS FRR Responsible for implementing Layer 3 static routes, BGP and OSPF for internal and external traffic to the data network over MPLS cloud. Deployed BGP and OSPF for internal and external traffic to the data network over MPLS cloud Planned Install, set configuration for deployment old to new CUCM, verified TFTP connection of MCS Server 7845, VG224, Terminal Server 2821, Router Switch 2851, Cisco Router 1720, Cisco Switch 3560 migrate connection Auto / Manual Gigabit Ethernet, VLAN Voice / Data update & verify CUBE 8.5 Catapult Wireless, Kerala, INDIA June 2011 Aug 2015 Network Support Engineer Responsibilities: Troubleshoot slow network connectivity issues, routing issues to identifying the root cause. Performed smart hand support by identifying the root cause of the hardware issues with switches, routers. Primary for VLAN support for Network Access-layer switching with Cisco IOS. Handled data drops using FLUKE to address network connectivity challenges. Configuring and troubleshooting of Layer 3 routing protocols such as EIGRP, OSPF and BGP. Troubleshoot network issues related to application access and performance. Responsible for troubleshooting day-to-day support issues and Performance related issues. IP management using QIP. Performing the ACL requests changes for various clients by collecting source and destination information. Keywords: continuous integration continuous deployment sthree information technology ffive hewlett packard microsoft California Colorado Idaho New York South Dakota Texas Wisconsin