Home

Mohammed Afroz - Senior Network Engineer

[email protected]

Location: Richmond, Virginia, USA

Relocation: Initial Remote

Visa: H1B

Mohammed Afroz Senior Network Engineer (571)363-5140 [email protected] Richmond, VA Initial Remote H1B PROFESSIONAL SUMMARY: Around 8 years of experience in Network Automation, Cloud Connectivity and Security, IP Network Design, Network Security, Firewall, Load Balancers, Network Integration, Monitoring and Network Management tools, deployment, and troubleshooting. Strong Exposure to Routing, switching, Firewalls, proxies, Load balancers, Radius, DNS, DHCP, Monitoring, Log Collectors. Strong hands on experience in Installing, Troubleshooting, Configuring of Cisco cat 9300, ASR1k, 7200vxr, 3900, 3800, 2900, 2800 series routers and Cisco Catalyst 6500, 4500, 3850T, 3750, 2950 and 3500XL series Switches. Experience with Azure AD for authentication to cloud apps using SAML. Hands on experience working with Cisco Nexus 7K, 5K & 2K Switches. Configuration of VPC, VDC, Peer Gateway, HSRP and FEX on Nexus family. Experience with Palo Alto and checkpoint firewalls with next gen firewall features that includes app id, threat id, url filtering, user id, ssl decryption. Experience and exposure to Arista routers, Juniper MX, QFX and Ex series devices, Extreme network devices. Establishing and maintaining of setup to Build and deploy the application to the Cloud AWS. Experience with Azure cloud connectivity using express routes. Hands on experience in Cisco IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4, MPLS, NAT, VLAN, STP, VTP, HSRP & GLBP. Hands on experience working with Cisco CSR1000v. Experience in fiber channel infrastructure. Experience with Zscaler cloud proxies ZIA and ZPA. Experience with data center technologies that include spine leaf, cisco ACI, Arista cloud vision. Well versed with Nexus family switches to implement vpc and vdc. Experience with Versa SD WAN for remote site connectivites over mpls network, configuration of routing and application policies in SD WAN. Experience with F5 and avi networks for application load balancing. Configured express routes and Nsg in could security experience with Azure cloud security center, cloud application security. Worked on BGP for ISP connectivity, Edge network, Internet Core. Exposure to IBGP, EBGP, Route reflector, Confederations, Local Preference, MED, AS Path, IP prefix lists, RT, RD, EVPN, VXLAN. Experience with Cisco ACI. Worked on Nexus 9K switches in Spine and leaf topology. Experience with Bridge domains, VNI, VTEPS, VXLAN tunneling, Asymmetric and symmetric routing IRB. Implemented Site-to-Site VPNs over the internet utilizing security standards such as 3DES, AES/AES-256 with ASA 5580 Firewalls. Experience in working with Cisco Identity Services Engine (ISE) and ACS. Worked on Security groups, tags, AAA profiles on ISE. Worked on remote site connectivity using Viptella SD-WAN solution. Experience with network segmentation using illumio and Palo Alto firewalls for traffic filtering and applying polcies on illumio central manager. Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network. Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series Extensive working on the implementation of Cisco ASA 5500 series and Checkpoint R 75 firewalls. Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall. Worked on Next Gen Firewall features like URL filtering, SSL Forward Proxy, SSL Decryption, APP ID and ThreatID, Panorama in PA firewalls. Experience in F5 BIG IP and Cisco ACE Load balancers for load balancing and traffic management of business applications. Migration Experience from ACE to F5. Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Experience with Virtual servers, Pools, Monitors, SNAT, proficient in iRule Persistence, Profiles, WideIP s, Zones, Listener IP, Static and Dynamic Load balancing techniques on LTM and GTM. Worked on configuring policies in illumio for east west and north bound traffic flows using tags. Configured F5 Viprion load balancers for MS Exchange, Skype for Business, Citrix ICA, Airwatch SEG as well as other business applications. Worked on LTM guest Operating Systems and created multiple Route Domains to separate the traffic between different tenants. Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls(SRX240, SRX550). Worked on Zscaler Cloud Proxies. Migration from IronPort Proxies to Zscaler Proxies. Configuration of Policies, URL categories, Integration with Azure AD for SAML Authentication, AD group-based policies, ZAPP configuration. Installing new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations. Regularly review the configuration and controls of Palo Alto Networks firewalls and Sourcefire Intrusion Detection System(IDS), further follow up to mitigate the risks. Experience with Layer 2 and Layer 3 protocols like, FRR CEF, MLS, Ether Channel VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVSTF, HSRP, VRRP and GLBP. CERTIFICATION: Cisco Certified Network Professional (CCNP) Cisco Certified Network Associate (CCNA) Palo Alto Certified Network Security Engineer (PCNSE) EDUCATION DETAILS: Bachelor s in Computer Science in JNTU University in 2012 TECHNICAL SKILLS: Routers Cisco 1800, 2600, 2800, 3700, 3800, 3900, 7200, 7600 series, ASR 9k, juniper ACX series routers. Switches Cisco Catalyst 3550, 3750, 4500, 6500 series & nexus 7k, 5k, 2k, 1000v, juniper Ex4200, Ex9208, ACX 1000 Load Balancer Cisco CSS, F5 Networks (BIG-IP) WAN Optimization Cisco WAAS, PPP Multilink, Riverbed Routing OSPF, EIGRP, BGP, PBR, Route Filtering, Redistribution, Summarization, Static Routing Switching VLAN, VTP, STP, RPVST+, Inter VLAN routing & Multi-Layer Switching Layer 3 Switches, EtherChannels, Transparent Bridging LAN Fast Ethernet & Gigabit Ethernet. WAN Leased lines 64k - 155Mb (PPP / HDLC), Fiber Optic Circuits, Frame Relay, MPLS, DMVPN Voice Cisco call manager 8.x, 7.x IP Telephony VOIP, ISDN, PRI, Unified Call Manager Firewalls Cisco ASA, Juniper SRX, Palo Alto, Checkpoint FW s Features & Services IOS and Features, HSRP, GLBP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, FTP and FTP Management Network Monitor Tool MRTG, Netbrain & Solarwinds & Cisco Prime Infrastructure Protocol Analyzer Wireshark, Netflow Operating System: Windows (XP, 7, 10), Cisco IOS/XR/XE, JunOS, Pan-OS PROFESSIONAL EXPERIENCE: Client: Fujitsu Oct 20 Till Date Location: Sunnyvale, CA Role: Senior Network Engineer Responsibilities: Worked on installation of F5 LB and Palo alto firewalls in Shared services to control traffic flow from on premises to cloud and cloud to internet. Provided redundancy in a very multi homed Border Gateway Protocol (BGP) network by tunings AS-path. Worked on Infoblox DNS, DHCP and IPAM configuration with Internal, External and Cache grids. Worked on Delegations, DNS forwarding. Worked on Global Load Balancing using GTM WideIP delegations from Infoblox. Utilize Netscaler features (Load balancing, Global Server load balancing, responders, rewrites etc.) Worked on VPC configuration end to end, subnets, internet gateways, Carrier Gateways, NAT devices, DHCP, Route Tables, VPC Peering, VPN connections etc. Redundant load balancers with features similar to those offered by F5 products, but on low-cost cloud servers. This includes full fault tolerance with SSL acceleration. Worked on Security Groups and Network ACLS in VPC, Configuration of private and public subnets. Worked on High Availability features using Availability Zones, Network Firewalls, rule groups and Firewall Policies. Setting up new DMZ environment, ISP connections, perimeter firewalls- Palo Alto, with External Application load balancers F5 LTM, GTM and APM. Configure Citrix Web interface system in house and Internet with CAG/NetScaler. Configuration of F5 LTM, GTM and APM for local, global traffic load balancing and Authentication, respectively. Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario. Connection of Edge routers and perimeter firewalls to Super Spines in Spine leaf Architecture. (Cisco ACI). Performed Imperva Secure Sphere DAM on WAF Health Checks. Troubleshooting in python automation script and networking issue with remote connection. Installed and configured LAN/WAN Networks, Hardware, Software, and Telecommunication services- Cisco Routers and Switches. Implemented IPv4 and IPv6 on PTX platforms. Implementation and administration of PKI to include Enterprise Root CA and Subordinate CA design. Routing protocol configuration such as OSPF, IS-IS, EIGRP and BGP, Router redundancy configuration (HSRP, VRRP and GLBP) and Build automations for networking stack - Cisco Switching and Routing, Arista, F5 and AVI network load balancers, Firewall automations, VMware NSX, Infoblox etc. Successful Data Center Migration Planning and Successfully developed Python automation scripts to perform Cisco firewall rule assessments. Upgrading IOS in the Data center switches and routers. Worked on change controls and cut overs during weekend on routing, switching and security. Working with Ansible for provisioning, configuration management and upgrading process for ASA devices. Network Security that includes perimeter security for Internet, Extranet, DMZ, Internal Server farms, Web-traffic security with Proxies, Web Application firewalls. Worked and migrated multi-vendor equipment and Next generation firewall technologies. Worked on ASA, Firepower, Checkpoint and Palo Alto firewalls. Client: Principal Financial Group Oct 18 Sept 20 Location: Des Moines, IA Role: Senior Network Engineer Responsibilities: Worked on Deploying Cisco ACI using Nexus 9k switches in Spine and Leaf. Worked on BGP Underlay and VXLAN overlay technology using Cisco ACI. Worked with AWS and GCP cloud networking and security. Experience with Cloud Exchange providers like Equinix. Performed ISE role as subject matter on Web Application Firewall appliance (WAF, Imperva SecureSphere) as implemented in front of public, customer facing web applications and sites. Experience in maintenance of Cisco LANs and WAN devices. Worked on configuration of Tenants, Bridge Domains, EPG groups, Application templates, VRF configuration of various traffic flows. Configuration includes Arista 7000 series core routers, Border Leaf, Palo Altos for perimeter security, F5 LTM and GTM for application load balancing. Configured LACP, OSPF protocols on Arista 7250qx-64 switches. Implementation of the routing protocols BGP (EBGP, IBGP) and EIGRP to enable MPLS on the sites. Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, Cisco UCS, and fabric-path technologies. Worked on migration from ASA to Palo alto firewalls. Expereince with URL Filtering, APP ID, SSL decryption, SSL forward proxy for internet traffic flows. Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network. Configured Elastic Load Balancers with EC2 Auto Scaling groups. Good understandings of AWS Elastic Block Storage (EBS.) NetScaler assessment to insure remote user stable connection of load balancing between three web interface servers. Worked extensively on the Cisco Catalyst 3560, Catalyst 3650, Catalyst 4500-X series, Catalyst 6500 series, Catalyst 9200, Catalyst 9300, and Catalyst 9500 series. Switching tasks include VTP, ISL/ 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trucking, Port Security, STP and RSTP. Worked extensively on the Cisco2821, Cisco2921, Cisco3925, Cisco ISR 4K series routers. Part of project team to deploy Zscaler Cloud proxies using GRE tunnels to Zcloud from Edge routers, Azure AD SSO authentication, user group policies on Cloud based proxies for Internet traffic. Worked on Infoblox DNS, DHCP and IPAM configuration with Internal, External and Cache grids. Worked on Delegations, DNS forwarding. Worked on Global Load Balancing using GTM WideIP delegations from Infoblox. Set up and configure Citrix Web interface system in house and Internet with CAG/NetScaler. Implemented Quality of Service (QoS) Policy-maps, Class-maps to segregate and provide better data transmission within the enterprise network. Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN. Experience with configuration and troubleshooting in routing protocols that include OSPF and BGP. Expereince with OSPF configuration in Data Centers and WAN. BGP attributes in ISP side on Edge and Internet core routers. Expereince with Vsys, Security policies, App tags, U-turn NAT, Virtual routers, Zones, URL filtering using Domains, SSL decryption, NAT policies, monitoring, Panorama, APP ID on Palo Alto firewalls. Worked on Virtual servers, irules, Profiles, Monitors, Persistence, WideIP, Upgrade procedures, SNAT, Network configuration, VLANS, SELF IP, Route Domains on F5 LTM and GTM. Worked with LAN protocols (VLAN, VTP, STP, RSTP, MST) & Port Channel Protocols (LACP, PAGP). Experience on Juniper SRX 3600, 5800 Firewalls, Palo Alto 2K, 5K and 7K series Firewalls. Installation Management Services, NetScaler, Branch Repeater and Access Gateway CAG with Advanced Access Control, Application Profiling, Streaming, Certification and Management. Deploying the different Network devices that include configuration of the devices and maintain and upgrade all these devices in the Network periodically for better performances. Hands on experience on F5 BIG-IP LTM 11.2, F5 BIG-IP GTM, F5 BIG-IP APM and F5 BIG-IP ASM. Environment: Cisco routers (7600, 3800, 2800) and Cisco switches (6500, 3700, 4900, 2900), Nexus (7K, 5K &2 K), Data Centers, FEX, Routing Protocols (EIGRP, OSPF, BGP), ASA, Palo Alto, Fortinet, F5 load balancing, STP, VLAN, MD5, 3DES, AES, OTV, CitrixVLANS, SNMP, NAT, cisco IO, HSRP, VLAN trunking 802.1Q, F5 Networks Big IP, CISCO ASA and Checkpoint firewall, Palo Alto 3000, 5000 series. Client: Blue Cross Blue Shield of Tennessee Apr 17 Sep 18 Location: Chattanooga, TN Role: Senior Network Security Engineer Responsibilities: Designing and Deployment of Access, Distribution and Core layers in Data Center environment using Juniper QFX and MX series switches. Worked on OSPF and BGP configuration. Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, and fabric-path technologies. Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience. Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices. Provided Level-3 Network support for Cisco Switches and Cisco ASA 5500 Series Security. Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewalls. Implementing routing, ACL's with ISP using OSPF and BGP. Strong hands on experience on, ASA Firewalls, Palo Alto Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS). Configure and maintain all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments. Migration from Checkpoint firewall cluster to Cisco ASA 5580 firewalls in a failover pair configuration. Provided application level redundancy and accessibility by deploying F5 load balancers. LTM and GTM Installation and operation. Worked extensively in Configuring, observation and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover demilitarized zone socialization & configuring VLANs/routing/NAT. Prepared, arranged and tested Splunk core search strings and operational strings Worked with Cisco, Palo Alto, Juniper, Splunk, Force point, Nessus, Stealth watch, Checkpoint, Zscaler and other vendors to provide a stable, high-speed, secure network Managing a TACACS server for VPN user authentication and network devices authentication. Performed Imperva Secure Sphere DAM on WAF Health Checks. Managing and providing support to numerous project groups with regards to the addition of recent instrumentation like routers switches and firewalls to the DMZs. Implementing traffic engineering on existing Multiprotocol Label Switching (MPLS) network and Open Shortest Path First (OSPF). Provided redundancy in a very multi homed Border Gateway Protocol (BGP) network by tunings AS-path. Configured and troubleshooting Riverbed WAN optimization software to improve the network acceleration at the user end. Earlier efforts included verification of DOCSIS upstream logical channels, proprietary RF spectrum management algorithms, system high availability, etc. Deploy, scale, and automate network across multiple global datacenters supporting Amazon Web Services (AWS). Used Cisco ACI Fabric which is based on Cisco Nexus 9000 Series Switches and the Cisco Application Virtual Switch (AVS). Configure the best route map configurations in the new Cisco IOS XR Routing Protocol Language (RPL). Supporting EIGRP and BGP supported network by partitioning level two & three issues of internal groups & external customers of all locations. Extensive active expertise with complicated routed local area network LAN and WAN networks, routers and switches. Design and Building Software-Defined Data Center environment, including Vmware, VCenter, NSX and Cisco ACI. Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools. Configured Windows Clusters, Windows NLB, H/W Load Balancers (F5, Netscaler). Deployed, configured and troubleshooting runtime errors related to .Net applications on 7.0/7.5 Web Servers and Windows Server 2008/2008 R2 in Dev, QA & Pre-prod environments. Environment: Nexus 2k/5k/7k, Cisco 6500/7500/7200 Routers, Cisco 3550/4500/6500 switches, Juniper SRX100, Fortinet Next Generation Firewalls, LAN, WAN, OSPF, RIP, BGP, EIGRP, HSRP, PPP, VPN, Checkpoint, Cisco ASA, AWS, TCL, Riverbed, Clustered SQL server 2014/2012/2008R2/2008/2005, DC migration, Active-Active& Active-Passive Clustering, Windows 2012/2008R2/2008/2003. Client: T Mobile Feb 16 Mar 17 Location: Bellevue, WA Role: Senior Network Security Engineer Responsibilities: Hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment. Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls. Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario. Demonstrated understanding of network security concepts and systems including F5, WSA, Palo Alto, ASA Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones. Performing URL filtering and content filtering by adding URL s in Bluecoat Proxy SG s. Managing & administering Cisco WSA. Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI. Expert in Next Gen Firewall Techniques for traffic filtering such as URL Filtering, SSL decryption, Forward proxy, Security policies, Zones, NAT/PAT, ACL, policy-maps etc. Configured and deployed VPC, VSS, OTV, FABRIC PATH between Nexus 7010 and Nexus5596, 5548 switches along with FEX2248 Performing network monitoring, providing analysis using various tools like Wireshark, Riverbed and Solar winds. Deep understanding of IDS/IPS such as Sourcefire and Foresight. Implementing Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM. Working on the network team to re-route BGP routes during maintenance and FW upgrades. Cisco ASA security appliances including Sourcefire, Fire POWER services and Fire Sight Management Console. Implemented configuration back-ups using WinSCP, Cyberfusion to automate the back-up systems with the help of public and private keys. Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations. Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response. Environment: Cisco ASA5580/5540/5520, Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, Big IP F5 LTM/GTM, Solarwinds, Nexus switches, TCP/IP, VPN, Cisco Sourcefire, Splunk, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring. Client: Sonata Software Pvt Ltd May 14 Oct 15 Location: India Role: Network Engineer Responsibilities: Maintaining the Network Infrastructure, Installation, migration and configuration of routers and switches for clients. Configured Routing protocols such as OSPF and policy-based routing. Team member of Configuration of CISCO 7206 router and Configuration of Catalyst switches. Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN. Create and test Cisco router and switching operations using OSPF routing protocol. Configuration and troubleshooting link state protocols like OSPF in multiple areas. Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches. Optimized performance of the WAN network consisting of CISCO 3550/4500/6500 switches by configuring VLANs. Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture. Configured BPDU Guard, port-fast, uplink fast and other spanning tree features. Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers. Configured IP access filter policies. Implementing NAT solutions on Cisco IOS routers. Upgrading IOS, troubleshooting network outages. Worked on Cisco Routers, Active /Passive Hubs, Switches. Environment: Cisco 3550/4500/6500 switches and Cisco 2500, 2600, 3000, 6500, 7500, 7200 routers, VLAN. Keywords: quality analyst active directory rlang information technology ffive trade national microsoft California Idaho Iowa Pennsylvania South Dakota Tennessee Virginia Washington Wisconsin