Sai Darshan - Sr. Network Engineer |
[email protected] |
Location: Austin, Texas, USA |
Relocation: yes |
Visa: GC-EAD |
+1 (469)-988-5899
[email protected] Sr. Network/Network Security Engineer SUMMARY Around 8 years of Experienced Telecommunications and Network Professional working on medium to large scale environments, enterprise, and Data center networks. Highly motivated with the ability to work independently or as an integral part of a team and committed to highest levels of professional, Experience in Networking and Security domain which includes designing, Deployment and providing network support, installation, and Operation for a broad range of LAN / WAN Environment. Experience working in large-scale environments on high priority troubleshooting issues, several Proof of concepts for installations and Migrations to different vendor Equipment or implementing a new technology. Network Design, IDF and MDF architecture, Datacenter Operation and support roles, IOS upgrades, downtime procedures, Migration projects to different vendor equipment. Architected and maintained Kubernetes clusters, ensuring high availability, scalability, and reliability for diverse microservices and applications. In-depth knowledge and hands-on experience with Arista CVaaS and Spine/Leaf architectures, working with Arista switch models such as 7358X4, 720XP, 7050SX3, 7280CR3, 7280SR3, and 7280SR3K. Experience and basic understanding in network Automation using python and ansible to automate network configuration using playbooks and integrate various network tools using REST API. Proficient in AWS and Azure Cloud platforms and setting up connectivity and Security in the cloud. Worked with various teams in migrating applications from on premises to Cloud. Knowledgeable in using Jenkins plugins to integrate with different tools and technologies such as Git, Ansible, Docker, and Kubernetes. Demonstrated mastery in managing network element operating systems, including EOS, NXOS, IOS, JUNOS. Proven expertise in virtualization technologies, particularly VMware vSphere, with a focus on optimizing server performance and resource utilization. Strong troubleshooting skills with a track record of efficiently resolving technical issues and ensuring continuous system optimization. Produced comprehensive pre-deployment documentation and diagrams for all established CUCM designs, facilitating efficient project execution. Successful track record in implementing backup and disaster recovery strategies, enhancing system resilience and data protection. Managed the configuration and support of backbone connections, including ExpressRoute for Azure and Interconnect for Google Cloud Platform (GCP). Successfully established and maintained a variety of interconnects through virtual gateways, ensuring seamless connectivity between on-premises and cloud environments. Implemented redundancy and failover mechanisms to enhance backbone connection reliability and minimize downtime. Experience working in complex environments which includes Layer 2 Switching, L3 routing, Network security with perimeter and VPN firewalls, Load balancing and Access policies management in F5/NetScaler. Experience deploying Wireless projects with different vendors Cisco, Aruba Wireless Controllers and architecture, design, deployment and maintenance of large enterprise wireless networks. Led and provided oversight for a critical Cisco SD-WAN upgrade project, ensuring successful execution within defined timelines. Implemented robust security measures within the datacenter environment, ensuring compliance with industry standards. Experience in installing, configuring, and maintaining Cisco Switches (2960, 3500, 3750, 3850, 4500, and 6500) in enterprise Environment and Nexus 2k, 3k, 5k, 7k and 9k, CISCO ACI, Arista Cloude vision in Datacenter Environment. Expertise in installing, configuring, and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series). Showcased strong scripting skills in Python and PowerShell to automate routine network tasks and improve operational efficiency. Demonstrated advanced knowledge of Splunk administration, including installation, configuration and troubleshooting. Experience in Design & Deployment of Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators. Designed and implemented a highly resilient and securely segmented Virtual Network (VNet) architecture in Microsoft Azure, optimizing network performance and ensuring data isolation for critical cloud workloads. Experience in configuring, implementing and troubleshooting F5 and Citrix Load Balancer in a large environment with sensitive applications. Worked on APM module with integration with RADIUS server and RSA secure ID for applications that require 2-factor authentications. Proficient in managing and deploying SDA for both wired and wireless infrastructures using Cisco DNAC. Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE. Virtualized and migrated 60+ legacy v10 appliances with over 5000 VIPs and 12000 pools t0 F5 TMOS v11 vCMP across 2 global data centers, including substantial iRules updates to support the new architecture. Basic Experience in Automation using iControl and Python v3 for configuration and backups in f5. Managed all web content functions for a 10 node, 300 VIP LTM environment, including SSL offload, URL/URI redirection, Application Security, and Authentication Policy Experience in VSS, VPC, and VDC technologies on Nexus devices. Experience working on Gateway redundant protocols HSRP, VRRP, and GLBP. Experience with Access, Distribution and Core Layer Architecture in Datacenter. Experience in Spine Leaf Architecture. Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800, ASR 9k). Expertise in installing, configuring and troubleshooting Juniper Routers (E, J, M, and T-series). Extensive experience in configuring and maintaining SolarWinds for real-time network monitoring, resulting in network uptime. Experience with cisco ACI and Arista Cloud Vision on a POC. Knowledge on Spine leaf Architecture in Datacenter. Worked on EVPN, VXLAN, VTEPS, Bridge Domains, MP-BGP etc. Experience and high-level technical knowledge in OSPF, EIGRP, RIP and BGP routing protocols. L1/L2 troubleshooting skills in Routing in complex environments. Worked with MPLS over BGP. Worked on upgrading Edge routers, failing over ISP circuits for maintenance. Managed the firewalls, proxy servers, site to site and B2B VPNs, client SSL and IPsec VPN gateways for 50 networks with 9000+ users and hundreds of public web apps. Experienced in network and applications diagnostic and reporting tools such as Wireshark, TCPDump, SSLDump, firewall session logs, Splunk, etc. Developed and implemented security policy around the Cisco ACS (Authentication Control System), with RADIUS and TACACS authentication support against an Active Directory database, including device management, wireless and VPN applications Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation. Extensive Knowledge of the implementation of Cisco ASA 5500 series - 5505, 5510, 5512-X firewalls with Firepower module. Palo Alto firewall policies, panorama and Checkpoint firewalls NG, NGX. Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Experience with Next Gen Firewalls PA 200, 500, 3020 and VM series firewalls for both Internet and internal traffic filtering. Experience with Panorama M100 series and maintaining up to 23 firewalls in large networks. Experience in SSL forward Proxy, URL filtering and Policies on PA Firewalls. Experience with McAfee Web Gateways and Bluecoat Proxies for the internet traffic. Worked on Zscaler Internet Access and Zscaler Private Access, ZDX. Good experience with migrating from Bluecoat and Cisco Ironports to Zscaler. Experience working with Aruba and Cisco Wireless LAN controllers, Configuring and Provisioning AP s, Virtual AP s, RTLS, Wireless SSID s, remote and campus AP s, upgrading WLC, worked in Active/Active local Controllers and Master controller. Worked on RAP3 for remote access. Experience in EDR/XDR technology, enhancing threat detection and incident response capabilities. Support Quality Inspections and Operational Test (OT) events related to the 2GWLAN Aruba Networks Controllers, and Access Points. (Aruba 6000 controller, Aruba AP65,70,124,85,125) system. Develop and support of the SevOne monitoring platform and maintaining current SevOne installation and SevOne user interface. Worked on SolarWinds NPM, NCM, IPAM. Experience working with Avaya and Cisco VOIP environments with assigning VOICE Vlans, troubleshooting call quality and basic level proficiency in QoS. Worked on configuration of Avaya VOIP gateways, voice VLANS, DHCP scopes for VOICE VLAN, DSCP marking for VOIP traffic, Policing, shaping of VOIP traffic from access to Core Layers. Involved in troubleshooting network traffic and its diagnosis using tools like ping, trace route, Gigaton, Wireshark, TCP dump and Linux operating system servers. Experience with Akamai kona WAF and implemented http and https inspect rules for SQL injections, malicious file execution, cross site scripting. Extensive knowledge in all Wi-Fi Standards including 802.11a,b,g,n,ac. Worked on installing of Cisco and Aruba Wireless Controllers. Worked on Cisco CWAP, LAWP, Aruba 225, 325, AP groups, SSID s, Authentication rules, 802.1X for Wireless etc. Worked on Automation tools like TUFFIN. Configured SDWAN router Viptela to connect remote sites over the Internet Developed Splunk infrastructure and related solutions as per automation toolsets Engineering, Implementation, Installation, Integration, version upgrade and patch installation of APM applications: Dynatrace Knowledge on Amazon AWS Virtual private cloud services. TECHNICAL SKILLS Networking Technologies LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVSTP, MSTP Networking Hardware Cisco Switches, Cisco Routers, ASA/Pix/Palo Alto/Fortinet/Juniper firewalls. Routing Protocols OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting Security Technologies PAP, CHAP, Cisco PIX, Palo Alto, ASA, Fortinet, Checkpoint,CISCO NAC VPN technologies IPSEC, SSL, DMVPN, OPEN VPN, MPLS over VPN, Split tunnel, Tunnel all Network Monitoring SolarWinds, Wireshark, HRping, Whatsupgold, Infoblox Operating Systems Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS XR, IOS-XE, NX-OS Routers 1800, 2611, 2800, 3600, 3845, 3900,4300, 4400, 4500, ASR 1000X, 7206VXR, Juniper M & T Series, Arista 7508 Routers Load Balancers F5 Networks (BIG-IP), NetScaler (Citrix) Proxy devices Bluecoat, Zscalar proxy Capacity & performance Cascade Riverbed (Flow Monitor), WAN Killer Switches CISCO 2960,3750,3850, CAT 9300, CAT9400, CAT 9500,4500,6500,6800 Nexus 7k,5k,2k, Arista 7150S ,7160 switches Programming Languages C, C++, Perl, Power Shell, Python, Yang, XML, Ansible Simulation Tools GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence Firewalls Juniper Net Screen (500/5200), Juniper SRX (650/3600), Pix (525/535), ASA (5520/5550/5580), McAfee Web Gateway, Checkpoint, Palo Alto firewalls. AAA Architecture TACACS+, RADIUS, Cisco ACS,Cisco ISE Features & Services IOS and Features, HSRP, GLBP, VRRP, IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVR s, HLD and LLD documents, Dell equal logics WORK EXPERIENCE Yamaha Motors, Kennesaw, GA Aug 2021 Till Date Role: Sr. Network Engineer Responsibilities: Support, Maintain and Troubleshooting various Network Infrastructure devices and services in Datacenters. Experience in administrating Viptela SDWAN enterprise deployment and implementations of Network and Devices for SDWAN environment. Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment. Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE. Significant experience building out Application Performance Monitoring solutions with Dynatrace. 24x7 Support management of the monitoring environment using tools including Dynatrace, Splunk. Designed, implemented and maintained AWS backend infrastructure. Experienced in using Ansible to automate infrastructure provisioning, configuration management, and application deployments. Configured and fine-tuned Zscaler policies based on traffic patterns. Worked closely with Imperva support for troubleshooting and resolving complex issues, ensuring optimal performance and responsiveness of the Imperva security stack. Played a pivotal role in deploying and fine-tuning EDR solutions, enhancing the organization's ability to detect and respond to security incidents promptly. Integrated ZIA with AWS for comprehensive security coverage. Engaged in incident response activities related to Imperva alerts, promptly addressing potential security incidents and continuously improving rule sets for better detection. Implemented SSL inspection policies in ZIA to enhance security for encrypted traffic. Conducted rigorous testing and validation of CUCM configurations in the lab environment. Spearheaded the implementation of version control systems, specifically Git, for meticulous tracking and management of Infrastructure as Code (IaC), ensuring a streamlined collaborative development approach. Designed and implemented Layer 3 WAN connectivity solutions, optimizing network performance for geographically distributed locations. Leveraged ZDX analytics to perform root cause analysis for network and application performance issues. Implemented role-based access controls in ZPA to enforce least privilege access principles. Implemented and monitored Imperva's DDoS protection mechanisms, safeguarding against distributed denial-of-service attacks and ensuring uninterrupted service availability. Utilized ZDX data for capacity planning and resource optimization in the network. Collaborated with cross-functional teams to integrate security controls into cloud-based applications, addressing security considerations throughout the development lifecycle. Conducted periodic vulnerability assessments on web applications protected by Imperva, addressing and mitigating identified vulnerabilities to maintain a robust security posture. Championed the use of automation tools within the NOC scheduler environment. Developed scripts and workflows to automate routine tasks, such as reporting generation, configuration changes, and data backups. Optimized server monitoring and maintenance routines by scheduling batch jobs with Control M. Automated tasks like log file analysis, disk space checks, and security scans, freeing up NOC personnel for higher-level tasks Successfully integrated Juniper Mist with SD-WAN solutions, creating a cohesive and efficient network infrastructure that meets the demands of modern enterprise environments. Conducted thorough reviews and audits of IaC codebase, enforcing best practices, maintaining high code quality standards, and fostering a culture of excellence in automation development. Spearheaded the integration of Arista CVaaS, streamlining network management and ensuring seamless operations across diverse network environments. Orchestrated remote hands for hardware installation at designated sites, providing detailed installation diagrams and instructions. Developed customized Linux packages tailored to application requirements, ensuring compatibility and optimal performance. Identified and resolved network packet broker issues in real-time, minimizing downtime and ensuring uninterrupted network services. Actively contributed to the solution design of OSS Inventory Solutions, encompassing Network Planning, Network Inventory, Discovery, and Reconciliation, enhancing overall network efficiency. Configured Control M to trigger automated alerts for critical server metrics exceeding thresholds or abnormal system behavior. Created multi-level escalation workflows to ensure timely notification of relevant technicians for swift issue resolution. Integrated MPLS seamlessly into Layer 3 networks, ensuring compatibility and efficient data routing. Orchestrated the design and implementation of MPLS networks, optimizing connectivity, and ensuring efficient data transfer across multiple locations. Ensured secure operation of the NOC scheduler environment by implementing access controls, monitoring security logs, and staying informed about emerging cyber threats. Implemented Juniper Mist's location-based services to enhance tracking and management of network devices, contributing to improved asset visibility and security. Proactively engaged in infrastructure planning sessions, providing IaC expertise and proposing tailored automation solutions to meet the dynamic needs of evolving IT landscapes. Utilized FireMon to efficiently manage and optimize firewall policies, ensuring that rules align with organizational security objectives and compliance standards. Spearheaded the expansion of the global network infrastructure, implementing CloudGenix SD-WAN to connect remote offices, data centers, and cloud services. Resulted in a 30% improvement in overall network efficiency. Implemented OS upgrades and patches, ensuring the security and efficiency of Yamaha Motors' network infrastructure. Led the integration of automated IP address assignment processes, reducing manual errors by 25% and enhancing overall network reliability. Implemented change management processes in FireMon, streamlining the review and approval of firewall rule modifications to minimize the risk of misconfigurations. Conducted regular security audits using NetBrain to assess network vulnerabilities and compliance with industry standards. Skilled in implementing high availability features of IOS-XR such as NSF, SSO and grateful restart mechanisms, ensuring network reliability. Developed custom scripts to enhance network monitoring, automate configurations, and streamline troubleshooting processes. Maintained comprehensive audit trails and logs within FireMon, facilitating auditing processes and providing a detailed history of firewall policy changes for compliance purposes. Established and maintained forward and reverse DNS lookup zones, contributing to a 15% reduction in network latency and enhanced user experience. Orchestrated the setup of Azure ExpressRoute connections to establish dedicated, high-speed links between on-premises data centers and Azure, enhancing data transfer and network performance. Configured Azure Load Balancers to distribute traffic across multiple virtual machines, optimizing application availability and fault tolerance. Administered Active Directory services, managing user accounts, group policies, and access controls. Conducted regular system audits and performance tuning to optimize server and network efficiency. Developed and maintained IP address and subnetting schemes, accommodating the expansion of network infrastructure and supporting future scalability requirements. Implemented DNS monitoring solutions, utilizing tools like SolarWinds and custom scripts, to proactively identify and address potential DNS-related issues before they impact network performance. Developed and maintained comprehensive documentation for IP address assignments, DNS configurations, and network topology, fostering streamlined troubleshooting and network optimization. Orchestrated the migration of DNS services to cloud-based platforms, optimizing scalability and resilience while minimizing downtime during the transition. Managed and maintained Windows and Linux server environments, ensuring high availability and performance Implemented and optimized DHCP (Dynamic Host Configuration Protocol) servers, automating IP address assignments and ensuring seamless connectivity for dynamic network environments. Maintaining Alight 200+ Network Hardware such as Cisco Nexus (7K, 5K, 2K), Catalyst switches, Cisco ISR Series routers, Juniper MX, QFX routers, Nortel Switches under Access, Distribution and Core Networks. Heavily involved with data center migration from Cisco to primary Arista with minimal downtime utilizing VxLAN. Working experience on Arista 7150s,7160 series switches and 7508R Routers Configure IPSEC VPN (Site-Site to Remove Access) and Maintain external Client Connectivity. Established and enforced DNS naming conventions, promoting consistency and clarity in the organization's DNS records and configurations. Implemented real-time automation scripts using APIs, significantly reducing manual intervention and enhancing the efficiency of iXia, Gigamon, and Arista packet broker operations. Implemented automation scripts for routine IPAM and DNS tasks, improving operational efficiency and reducing manual workload by 30%. Configuration and Administration of Alight Network Firewall to manage large scale firewall deployments, Palo alto, Cisco ASA-X Firepower, Juniper SRX, and Open-source BSD Firewalls. Supporting the application migration and represent the Network configuration and Security ACL on incidents and resolve any connectivity issues. Demonstrated ability to diagnose and resolve complex network issues on IOS-XR platforms using debugging tools and packet analysis techniques. Designed and customized alerting mechanisms within SevOne to promptly detect anomalies and critical events, reducing mean time to resolution (MTTR) by 25%. Implemented role-based access controls (RBAC) within the IPAM system, ensuring secure and restricted access to sensitive IP address information. Configure and Maintain Authentication Services such as Alight Cisco ACS and Aruba ClearPass around the Environment with Troubleshooting AAA (TACACS+ & RADIS) services for users. Troubleshooted and debugged issues in Ansible deployments. Provisioning (IP assignment, core network configuration, DNS setup, monitoring and graphing for colocation, leased lines, customer backup and other customer network services). Configure and implement production and operations management in various Network projects which enhances the performance of the network. Demonstrated expertise in using DNAC for policy-based network segmentation and automation, resulting in improved network security and efficiency. Implemented IP address version control mechanisms, ensuring consistency across IPv4 and IPv6 address spaces and accommodating evolving network protocols. Conducted regular IP address audits, ensuring compliance with IPAM policies and identifying discrepancies for prompt resolution. Actively monitored network health and performance through NOC scheduler dashboards and alerts. Identified potential issues early and proactively initiated troubleshooting procedures before impacting users. Regularly reviewed server monitoring job logs and performance metrics to identify areas for improvement in the Control M scheduling processes. Implemented best practices and optimized job scheduling sequences to enhance efficiency, reduce redundancy, and minimize resource consumption. Configured WAN connections with Meraki and FortiGate SD-WAN. Configured VRF to create isolated network instances and enhance network security. Deploying, Scaling and troubleshooting many Datacenters across all of AWS network fabrics. Deploy the code to AWS instances and spin new instances when and where required Worked with Cisco Channel partners to build practices around Cisco. Implemented Cisco ACI as a solution for data centres using a Spine and Leaf architecture. Responsible for the secure development lifecycle environment form NX-OS to ACI in Data centre, implemented in the lab environment. Implemented MPLS and Segment routing to provide seamless connectivity and traffic engineering capabilities. Used Cisco ACI Fabric which is based on Cisco Nexus 9000 series switches and Cisco Application Virtual Switch (AVS) Experienced in Cisco Catalyst and Nexus network switches and routers and Cisco ASA firewalls and wireless controllers and access points. Configured, supported, and monitored network segmentation solutions, actively applying policies for network-attached devices. Implemented VDC, VPC, and OTV on the Nexus 5K and 7K switches. Performed sizing calculations of VMware environments based on current systems and future growth. Implement best practices associated with Network and security appliances value-driven development ensuring quality from deployment of various Network Infrastructure in the firm. Troubleshooting L2 and L3 Network Environments, performing installation, configuration, and deployment of WAN and LAN networking hardware, including the configuration and implementation of Routers, Switches and Firewalls. Network involves various device from desktops to switches, routers, firewalls. All this are configured and deployed in Network accordingly as per the requirements within Change Window. Upgrade software version on yearly basis on all Alight networks and security devices necessary. Working with Cisco Meraki Wireless Switches and SDWAN (MX100). Keeping Alight Network Structure up to date for any bug fixes, systems improvement. This involves use of different applications. Utilized Juniper Mist's AI-driven analytics to proactively identify and resolve network issues, resulting in improved performance and reduced downtime. Designed and deployed Google (VPC) networks to provide a secure and scalable foundation for GCP resources. Expertise in leveraging Devo for log management and analysis, enabling quick detection and response to security incidents, reducing incident resolution time. Perform audits to identify vulnerabilities, malware, spyware and remediate problems to ensure compliance using automation tools like Tufin and Riverbed Net Profiler over Switches, Routers and Firewalls to discover, generate and deploy the Production configuration. Worked on F5 LTM and GTM modules. Proficient and high-level expertise using the F5 based profiles, monitors, VIP s, pools, SNAT, SSL offload, iRules, virtual Servers, iAPPs. Migration experience from ACE to F5/ old F5 to New F5. Expert in TMSH. Maintain network performance by using SNMP monitoring tools such as SolarWinds, Omni Center to perform network monitoring, analysis as well as troubleshooting network problems. Performs system administration functions such as traffic monitoring, performance tuning, log management, disk space monitoring, and application troubleshooting in Linux and Windows platforms. In addition, installation, configuration, log analysis and tuning of DHCP, DNS, FTP Web, and proxy servers. Implemented real-time monitoring strategies, utilizing tools and dashboards to keep a vigilant eye on the health and performance of network packet brokers. Developed and optimized Helm charts for Kubernetes deployments, automating application lifecycle management and reducing manual intervention. Proactively identified areas for improvement in the CloudGenix SD-WAN environment, regularly implementing updates and enhancements. Resulted in a 20% reduction in incidents and improved overall network stability. Perform incident capture, verification, and diagnostics including Support with the TAC (Cisco, Juniper, Tufin, Palo alto) cases associated with the technical issues through the problem resolution in finding the root cause analysis of the Network failure there by curbing it using tools of operational research and methods. Create High level diagrams, templates documentation for existing platform and the new deployments Providing Technical solutions to the enterprise team, submitting the whitepapers on technical challenges and resolutions, demonstrating the working Infrastructure to the client as per business needs using Visio and other tools. VMWare, Ashburn, VA Apr 2019 Jul 2021 Role: Sr. Network Engineer Responsibilities: Configured, managed, and troubleshoot F5 BIG-IP Application Load Balancers for internal access and external Internet facing VIPs. Created locations for each site once the GRE Tunnel is up on the respected location for the traffic flow. To granulize the traffic created Sub-locations for each site. Utilized EDR solutions to monitor and analyze endpoint behavior, identifying anomalous patterns indicative of potential malware infections or malicious activities. Leveraged NetBrain to automate network discovery, mapping, and troubleshooting. Hands on experience in installing, con guring & troubleshooting multiple products on Cisco and Juniper routers, switches, Arista, Aruba switches, load balancers, Network access controllers etc. Leveraged EDR dashboards and reports to communicate security insights and trends to stakeholders, facilitating data-driven decision-making. Implemented Tanzu for VMware environments, streamlining the deployment and management of containerized workloads and enhancing overall system efficiency. Engineered Docker and Podman-based container solutions, overseeing the entire container lifecycle from development and testing to deployment. Engaged in the selection and implementation of EDR solutions, enhancing the organization's capabilities to detect and respond to advanced threats in real-time. Ensured remote access to all CUCM devices post-installation, validating configurations to align with expected results. Led the integration of Infrastructure as Code (IaC) principles into the development lifecycle, ensuring that automation solutions align with CI/CD pipelines and contribute to the overall efficiency of the software delivery process. Implemented automation scripts to streamline the deployment of Layer 3 network policies, reducing manual errors and enhancing overall network management efficiency. Leveraged advanced troubleshooting skills to support day-to-day CUCM operations, addressing issues promptly and minimizing downtime. Demonstrated expertise in troubleshooting MPLS-related issues, addressing connectivity problems, and optimizing MPLS configurations for optimal performance. Conducted regular rule cleanup initiatives in FireMon to remove redundant or obsolete rules, improving firewall performance and reducing the attack surface. Deployed Cisco Umbrella to enhance network security by leveraging cloud-delivered DNS security services, preventing malware, and securing internet access. Leveraged Linux/Unix systems and shell scripting to enhance IaC capabilities, showcasing a versatile skill set for developing automated solutions across diverse operating environments. Implemented Cisco DUO MFA solutions to strengthen access security, requiring multi-factor authentication for users accessing critical systems and applications. Proven expertise on design and implementation of high-density Data Center and DR. Responded promptly to changing network conditions, dynamically adjusting configurations and settings on iXia, Gigamon, and Arista packet brokers for optimal performance. Designed and maintained container registries, ensuring secure storage and efficient distribution of container images. Fine-tuned the performance parameters of network packet brokers in real-time, addressing fluctuations in network traffic and maintaining consistent reliability. Configured access policies in Cisco DUO to enforce security controls based on user roles, devices, and contextual factors, ensuring secure access to sensitive resources. Generated and analyzed security reports from Cisco Umbrella, providing insights into internet usage patterns, potential threats, and overall security posture. Led the successful implementation of Cisco ACI, playing a crucial role in designing and deploying the ACI framework. Implemented backup and disaster recovery strategies for virtual machines, enhancing overall system resilience. Conducted routine system updates and patches to mitigate security vulnerabilities and improve system stability. Troubleshooting firewall rules in Cisco ASA, Checkpoint, Zscaler. Conducted performance analysis of containerized applications, identifying bottlenecks, and implementing optimizations for enhanced efficiency. Enhanced endpoint visibility by integrating Cisco DUO with various endpoints, ensuring secure access controls and real-time monitoring of user authentication attempts. Led a successful migration project at VMware, transitioning from legacy networking infrastructure to newer Arista switch models (7358X4) to align with evolving technology standards and business needs. Administered and maintained virtualized environments using VMware vSphere, ensuring optimal performance and resource utilization. Configured and customized Cisco APIC controllers, ensuring optimal performance and adherence to organizational requirements. Involved in operations and administration of WAN consisting Ethernet Handoffs, T1, DS3, and Optic Fiber Designed, developed and tested scalable cloud-based solution architectures and infrastructure AWS and Azure, Such as Route 53, ELB, Security group, VPC, VPN, NACL, NSG and VNET. Worked on migration from juniper firewall to Palo Alto and juniper to ASA firewall using virtual tools. Worked on Blue Coat Proxy migration to Zscaler. Provided technical support to end-users, addressing system-related issues and ensuring a seamless computing experience Worked on ZPA for replacing traditional SSL VPN. Configure, Manage and Monitor Palo Alto firewall models (Specifically the PA-5050 and the PA-5260). Performed migrations from Check Point firewalls to Palo Alto using the PAN Migration Tool MT3.3. Implement advanced Palo Alto Firewall features like URL filtering, User-ID, App-ID, Content-ID on both inbound and outbound traffic. Conducted in-depth analysis using SolarWinds to identify and resolve network performance issues, resulting in a 25% reduction in latency and improved user experience. Installed, configured Cisco Meraki equipment and web-based monitoring platform for MR32 wireless access points. Strong Routing experience working under complex WAN and SD WAN environment. Represent Network Operations function related queries for all change management. Work with infrastructure service vendors for service improvements plan initiatives. Complete understanding of Cloud Technology and has hands-on experience working on AWS or Azure cloud. Experience in using network management tools for performance, tuning, troubleshooting and capacity planning. Adhere to Global network standards, policies, guidelines in-line with meeting regulatory requirements wherever applicable policies, guidelines. Developed and maintained custom scripts and automation routines within analysis tools, streamlining repetitive network tasks and improving operational efficiency Collaboration with cross-functional teams internally for support issues. Deploy ISE technology in infrastructure to establish secure and authenticated network and ISE development with profiling and certificate-based authentication. Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404 ,5508 for Wireless Network Access Control integration with Cisco ISE. Troubleshoot issues and outages on Trunks and Router interfaces and firewalls extensively. Created URL category for each service based on the requests Created URL Policies for each URL Category Created. Created SSL Inspection Bypass for particular internal Sites Created Firewall Control Policies as per organization and requester choice. Created Hosted PAC Files based on the organization request what to be accessed before and after authentication. Configuration of web filtering and managed firewall services PAC file creation and GRE tunnel configuration Provided Desktop Support for internal users. Handle Service-Now tickets related to Cisco ASA & Zscaler, & VPN along with the connectivity issues and provide support when any issue is raised. Conducted regular audits of Kubernetes environments, identifying and addressing security vulnerabilities, and ensuring compliance with industry standards. Implementing and troubleshooting firewall rules in Cisco ASA 5525, 5580, Checkpoint R77.20 Gaia and VSX as per the business requirements. Optimized Layer 3 protocols, including OSPF and BGP, ensuring efficient routing and responsiveness of the network. Utilized deep-rooted experience to troubleshoot and resolve complex issues related to Arista CVaaS and Spine/Leaf architectures, minimizing downtime and ensuring continuous network availability Deployed Palo Alto firewalls using Confidential NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV. Responded promptly to changing network conditions, dynamically adjusting MPLS configurations for optimal performance and troubleshooting connectivity issues. Enable file forwarding to Wildfire cloud through Content-ID implementation to identify new threats. Leveraged Palo Alto Networks Wildfire inspection engine to prevent Zero-Day attacks. Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance. Implement the Global Protect VPN, IPSec VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity. Applied Juniper Mist tools for dynamic packet capture and analysis, facilitating in-depth troubleshooting and resolution of complex network challenges. Deployed Active/Standby modes of High Availability (HA) with Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on the application of Active/Active HA mode. Enforce policy checks on north-south and east-west data center traffic through Panorama M-500. Provided escalated technical support in troubleshooting firewall and network issues. Hands-on experience with Bluecoat Proxy Secure Web Gateways for content filtering, Data loss prevention and preventing Zero-Day exploits. Experience in designing, configuring, and optimizing wireless networks using Juniper Mist, ensuring seamless connectivity and enhanced user experiences. West Marine, Watsonville, CA Nov 2017 Mar 2019 Sr. Network Engineer Responsibilities: Created an OAM Model for open config platform. Worked on vendor neutral case for OAM model. Configured Blue Coat Proxy, SG Web Application Reverse Proxy for securing. Worked on Zscaler cloud proxies and supported migration from iron port to zscaler. Configured policies on Zscaler using ad groups. Integrated Zscaler with azure AD SCIM for ad groups and user saml attributes. Provided operational support for CUCM, handling switching, routing, wireless, SDWAN, WAN, firewall, and load balancing requests through the corporate ITSM solution. Acted as a central communication hub within the NOC, facilitating seamless information flow among team members and departments. Seamlessly integrated Control M with NOC monitoring tools. Leveraged Control M APIs and scripting to automatically trigger job executions based on specific alerts or events from the monitoring system, streamlining incident response Integrated Control M with disaster recovery plans to automate critical server backups and job resubmissions in the event of an outage. Minimized data loss and ensured rapid service restoration for mission-critical systems. Collaborated effectively with external vendors and partners, ensuring seamless integration of their systems into the IaC framework, thereby extending the capabilities and interoperability of automated processes. Executed seamless software upgrades on Arista infrastructure at West Marine, ensuring the incorporation of advanced features and maintaining a robust security posture in compliance with industry standards. Involved in checking how the model goes with QOS related work. Experience in writing JSON for different scripting languages. Experience in working on Git hub. Conducted comprehensive capacity planning for IT infrastructure, anticipating growth and ensuring resources are adequately provisioned. Played a pivotal role in the evaluation and selection of cutting-edge tools and technologies related to Infrastructure as Code (IaC), ensuring that the automation stack remains current and aligned with industry best practices. Implemented Layer 3 security measures, including ACLs and firewalls, to safeguard network integrity and prevent unauthorized access. Established automated incident response workflows within Cisco Umbrella to streamline the detection and mitigation of security incidents, reducing response times. Spearheaded the HQ data center performance and capacity upgrade project, focusing on ACI and Nexus/Catalyst Switches. Worked on bluecoat proxies with ids and ips sensors. Leveraged expertise in EDR/XDR technology to bolster the organization s threat detection capabilities and streamline incident response procedures. Utilized Cisco Umbrella for comprehensive user and device visibility, enabling precise monitoring of network activities and enforcing security policies based on user identity. Successfully led the migration from traditional MPLS to CloudGenix SD-WAN, seamlessly integrating with existing infrastructure. Reduced operational costs by 25% while maintaining high network availability. Led high-availability deployments at West Marine, configuring Arista 7280SR3K switches in redundant configurations to guarantee uninterrupted network services and resilience against hardware failures. Orchestrated hybrid network environments, seamlessly integrating SD-WAN with existing MPLS and internet connections to balance traffic and optimize connectivity. Implemented automation scripts to streamline the deployment of network policies in CloudGenix environments. Automated routine tasks, reducing manual errors and enhancing overall network management efficiency. Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones. Collaborated with cross-functional teams to design and deploy DNAC solutions that align with business objectives, resulting in a more agile and responsive network infrastructure. Implemented Azure Site-to-Site VPNs to establish secure connections between on-premises networks and Azure VNets, enabling seamless integration of hybrid environments. Worked on kona cloud platform to inspect traffic for all applications before reaching the actual server Worked on url categories, whitelisting, balck listing urls for users, ad groups, departments, locations using ip subnets. Worked with snipping tools like Ethereal (Wireshark) to analyze the network problems. Maintenance and troubleshooting of network connectivity problems using PING, Trace Route. Performed scheduled Virus Checks & Updates on all Servers & Desktops. Collaborated with vendors and network engineers to design and deploy Nexus SDA solutions that met the organization's requirements for scalability and security. Implemented Google Cloud VPNs to enable encrypted communication between on-premises data centers and GCP VPCs, adhering to strict security standards. Leveraged SevOne's NetFlow monitoring capabilities to analyze traffic patterns, detect network bottlenecks, and optimize network routing for improved performance. Implementing Routing and Switching using the following protocols; OSPF, BGP on Juniper M series routers. Experience with working on firewalls like CISCO ASA 5500 series (5510,5540), JUNIPER SRX series and also PALO ALTO (pa-3060, pa-5060), etc. Has experience in Bash and Python scripting with focus on DevOps tools, CI/CD and AWS Cloud Architecture and hands-on Engineering. Managed and automated configuration across multiple systems using Ansible, including tasks such as managing software packages, configuring network devices, and maintaining consistent server configurations. Involved in dealing with Composite Network models that consists of Ciena 39 series and ACX Platforms. Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE. Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex Connect Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404 ,5508 for Wireless Network Access Control integration with Cisco ISE. Upgrading Cisco ISE appliances company wide. Recently rolled out OpenDNS including onsite VM appliances. Experience on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG. Proficient in managing and deploying Cisco SDA solutions using DNAC. Worked on Network Configurations of difference models related to automation. Experience in Scripting languages like Yang and XML, Ansible. Developed custom Splunk apps and scripts to extend platform functionality and meet specific business needs. Experience with Design, installation and troubleshooting networks with hand-on experience with OSPF, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering. Extensively worked on virtual F5 LTM module on VMware for application testing. Configured and Managed User group, permission, Role, Resource pool on VMware virtual center. Genpact, Hyderabad, India August 2015 Oct 2017 Role: Network Engineer L2 Responsibilities: Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018 Experience with configuring FCOE using Cisco nexus 5548 Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network. Worked on Cisco ISE deployment which was a replacement for the ACS and provided new long term and short-term guest wireless services for the Port Authority. Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls. Offered hands-on support for MPLS networks, addressing user needs, recommending hardware and software solutions, and ensuring the confidentiality, integrity, and availability of the network. Implemented Arista CloudVision for automation solutions at Genpact, reducing manual configuration efforts and enhancing network agility in response to dynamic business requirements. Applied hands-on experience in configuring MPLS on Cisco ASR 9k routers, ensuring seamless communication between different network segments. Utilized monitoring tools to analyze Layer 3 traffic patterns, detect network bottlenecks, and optimize routing for improved performance. Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices. Migrated to Juniper EX series switches from Cisco 3500 series and 6500 series switches Configuring user's roles and policies for authentication using Cisco NAC and monitoring the status of logged users in network using Cisco ISE. Hands on experience installing and configuring Cisco ISE 1.3 and later upgrading to 1.4. Implemented Cisco ISE 2.0 for Wireless 802.1x Authentication and Authorization with Flex connect Experience with setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer Performed wireless site surveys using industry standard tools such as Air Magnet and Cisco & Aruba Switches Managed and completed over 100 projects installing/upgrading client's wireless infrastructure to Aruba and Supported wireless networking team working on Aruba wireless. Experience with configuring Cisco 6500, 6800, 4500 VSS in Distribution layer of the Data center network Configuring and managing F5 LTM (Local Traffic manager) in large scale environment. Configure and troubleshoot Juniper EX series switches. Fostered continuous collaboration with Arista at Genpact, participating in technology forums, updates, and workshops to stay informed about the latest advancements, which directly influenced the design and operations of the network. Network security including NAT/PAT, ACL, and ASA/SRX/Palo Alto/Fortinet Firewalls. Good knowledge with the technologies Site to Site VPN, DMVPN, SSL VPN, WLAN and Multicast. Well Experienced in configuring protocols HSRP, GLBP, PPP, PAP, CHAP, and SNMP. Experience with communicating with different customers, IT teams in gathering the details for the project Experience in installing and configuring DNS, DHCP servers. Established and maintained Layer 3 security policies, including NAT/PAT, ACLs, and firewalls, to meet the organization's security standards. Responsible for layer 2 security which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports. Applied strong analytical skills in troubleshooting Layer 3 issues, resolving complex technical issues with customers in real-time. Used Extra hop for the detection of any abnormalities in the network, tracking file access in databases and storage for data security, and locate bottlenecks over the network Strong hands-on experience on, ASA Firewalls, Palo Alto Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS). Implemented and documented best practices for Nexus SDA configuration, ensuring consistency and reliability across the network infrastructure. Installation and Configuration of Cisco Catalyst switches 6500, 3850 & 2960, 9300 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy it also includes the configuration of port channel between core switches and server distribution switches Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, prevention where needed. Configuration and Administration of Cisco and Juniper Routers, Switches and mixed vendor Firewalls. Performed Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Configuration, Assigning DHCP profiles Switching tasks include VTP, ISL/ 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trucking, Port Security, STP and RSTP. Keywords: cprogramm cplusplus continuous integration continuous deployment artificial intelligence active directory information technology ffive California Georgia Idaho Pennsylvania South Dakota Virginia Wisconsin |