Home

Mohammed Habeeb Ahmed - Senior Network Engineer

[email protected]

Location: Riverwoods, Illinois, USA

Relocation: Yes

Visa: H1B

Name Mohammed Habeeb Ahmed Sr Network Engineer Email ID: [email protected] Ph No: +1773-828-2165 Professional Summary Senior Network Engineer with over 9 years of expertise in Routing, Switching, and Firewall Security, including network planning, implementation, configuration, and troubleshooting of network devices. Zscaler Internet Access (ZIA) to provide secure internet access, ensuring web security, content filtering, and data loss prevention. Provided troubleshooting and technical support for network issues related to Versa SD-WAN deployments. Automate network configuration and management tasks using GCP s Cloud Deployment Manager and Terraform. Design and implement scalable and secure network architectures on Google Cloud Platform (GCP). Monitor Terraform deployments and resources to optimize performance and cost-efficiency. Troubleshooting complex network systems, including high-end routers such as Cisco GSR, ASR1K, ASR9K, 2600, 2800, 3600, 7200, and 12000 Series Routers, and switches like Catalyst 4500, 6500, and 7600 series. Hands-on experience with Aruba 7200 and 3600 series wireless controllers. Extensive experience with Cisco Identity Services Engine (ISE) version 2.4 for Wireless, Dot1x, AnyConnect, and BYOD Authentication. Monitored and optimized the performance of Cisco firewalls to ensure efficient and reliable network security. Designed, implemented, and managed Palo Alto firewall policies to protect network resources and manage traffic flow effectively. Extensive experience in deploying, managing, and maintaining Azure infrastructure services including Virtual Machines, Virtual Networks, and Azure Storage. Experience with Versa SD-WAN for remote site connectivity over MPLS networks, including configuration of routing and application policies. Expert in configuring and managing standard and extended ACLs on Cisco routers and switches to control traffic flow and enhance network security. Expert in configuring and managing Fortinet firewalls, including FortiGate models, to ensure robust network security. Designed, deployed, and managed comprehensive Meraki networks, including MR series access points, MS series switches, and MX security appliances. Expert in configuring and deploying Cisco ISE to manage and enforce network security policies across wired, wireless, and VPN environments. Strong expertise in Cisco (Switches, Routers, Nexus, ACI, ASR 9000 series), Juniper (Switches, Routers), F5/NetScaler Load Balancers, and Citrix Load Balancer. Familiarity with Spine Leaf Architecture, VSS, VPC, VDC, EVPN, VXLAN, and MP-BGP. Proficient in Configuring Virtual Local Area Networks (VLANs) using Cisco routers and multi-layer switches, supporting STP, RSTP, PVST, RPVST, along with troubleshooting inter-VLAN routing and VLAN trunking using 802.1Q. Implemented redundancy with HSRP, VRRP, GLBP, EtherChannel technology (LACP, PAgP), etc. Strong understanding of cloud technologies, including managing systems and networks in the AWS Environment. Knowledge of Cisco Meraki Cloud-managed Switches (MS250, MS350, MS410) and SD-WAN (MX65, MX100, MX400). Extensive knowledge and experience in configuring protocols like TCP/IP, Routing Protocols (RIP v1/v2, OSPF, BGP, IGRP, and EIGRP). Expert in deploying and managing SD-WAN solutions, including Cisco Viptela, Citrix, and Versa, to optimize network performance and reduce costs. Document Terraform workflows, configurations, and best practices for knowledge sharing and team training. Experience of network protocols [e.g., TCP/IP, SSL/TLS/EAP, Active Directory/LDAP, Radius, TACACS+, 802.1x] Worked closely to identify the packet level troubleshooting and analyzing packet for real time sensitive traffic Reduced troubleshooting time 25% for finding repeated information right from the NetBrain on the device. Experience with F5 load balancers for load balancing and network traffic management for business applications. Experience with Cisco ASA/Checkpoint/Palo Alto Firewall/Fortinet troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes. Collaborated with a team of network engineers to implement industry-leading SD-WAN infrastructure to provide secure, carrier-independent WAN connectivity across the enterprise. Hands-on experience in deployment of GRE tunnelling, SSL, Site-Site IPSEC VPN, and DMVPN. Experienced working with network monitoring and analysis tools like SolarWinds, Cisco Works, Riverbed, and Wireshark. TECHNICAL SKILLS: Cisco Routers/Switches Cisco1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200, ASR 1K, 9K, 6500, 7600,4000, 3500, 4500, 5000, Nexus 2K, 3K, 5K and 7K,9K, MSFC, MSFC2. Cisco Nexus 5020, 5548, 5596T, 2148, 2248TP, 2348UPQ, 7010, 7702. WAN Technologies Frame Relay, PPP, HDLC, (E1/T1/E3T3), DS3, OC192. Network Security Cisco ASA, ACL, IPSEC. OS products/Services DNS, DHCP, Windows (2000/2003/2008, XP), UNIX, LINUX. PAN OS. Routing Protocols OSPF, EIGRP, BGP, ISIS, VRF, PBR, Route Filtering, Redistribution, Summarization, and Static Routing, RIP Gateway Load Balancing HSRP, VRRP, GLBP, EBGP Various Features / Services IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP. Network Management Tools Wireshark, NetFlow Analyzer, Cisco Works, Ethereal, SNMP, HP open view. Security Server Protocols TACACS+, RADIUS. Cloud Computing and Automation Azure AD, AWS, Python, Ansible, TCL Facilities DS0, DS1, DS3, OCX, T1/T3 Load Balancers Cisco CSM, F5 Networks (BIG-IP) LTM 8900, BIG-IP GTM 6800, Cisco ACE 4710. Operating Systems Windows (98, ME, 2000, XP, Server 2003/2008, Vista, Windows 7/8), Linux, UNIX, WINTEL Firewall & Security Checkpoint (R62, R65, R70, NGX), Cisco ASA, Palo Alto, Juniper SRX, FortiGate 5000-series,Zscaler. CERTIFICATIONS: CCNA - Cisco Certified Network Associate CCNP Cisco Certified Network Professional PCNSE - Palo Alto Certified Network Security Engineer EDUCATION: - Bachelor s Degree -- B.com Computer s from Osmania University, India Master s Degree -- Management Information Technology from Indiana Wesleyan University, USA EXPERIENCE: Client: Hackensack Meridian Health, NJ Jun 2023 - Present Role: Senior Network Engineer Responsibilities: Proficient in configuring a variety of network devices, including ASR 9K (9010, 9922), Nexus 7000, 5000, 2000, Cisco 6500 series switches, Cisco 2960s, 3560/3750/3850 switches. Designed, implemented, and managed Cisco firewall policies to protect network resources and control traffic flow. Expertise in setting up Virtual Device Context (VDC) and Virtual Port Channel (VPC) configurations between Nexus switches, alongside Fabric Extender (FEX) integration. Familiarity with Fabric Path technology. Played a key role in migrating data centres to Application Centric Infrastructure (ACI) and integrating various components into the ACI framework. Designed, deployed, and managed Versa Secure SD-WAN solutions to optimize network performance and security. Design, configure, and deploy F5 load balancers (BIG-IP) to optimize application delivery and availability. Applied advanced techniques in manipulating Border Gateway Protocol (BGP) attributes for optimal routing. Implemented Cisco Identity Services Engine (ISE) 2.4 for Wireless 802.1x Authentication and Authorization, including Flex Connect functionality. Developed and maintained shell scripts to automate routine system administration tasks such as backups, log rotation, and system monitoring. Deployed and administered Palo Alto Next-Generation Firewalls (NGFW) to enhance network security and performance. Developed Python scripts to automate network configuration and management tasks, improving efficiency and reducing human errors. Configured and maintained detailed ACLs on Cisco firewalls to enforce security policies and control access to network resources. Integrate GCP networking services with on-premises and hybrid cloud environments. Orchestrated redundant internet access setups using Border Gateway Protocol Version 4 (BGP4) across multiple ISPs. Implemented and managed 802.1X authentication on Cisco ISE for secure access control, ensuring only authorized devices and users can connect to the network. Implemented SD-WAN policies to optimize application performance and bandwidth utilization, ensuring reliable and efficient network connectivity. Automate infrastructure provisioning and management using Terraform scripts. Configured and managed VPCs, subnets, NAT gateways, and VPN connections to create secure and efficient network architectures. Utilized the Meraki Dashboard for centralized cloud management, monitoring, and configuration of network devices, ensuring real-time visibility and control. Implemented Zscaler Private Access (ZPA) for secure remote access to internal applications without the need for VPNs, enhancing security and user experience. Managed Azure Active Directory (AAD) for identity and access management, including user provisioning, role-based access control (RBAC), and multi-factor authentication (MFA). Proficient in creating and implementing security policies, firewall rules, and NAT configurations to secure network environments. Proficient in configuring and troubleshooting routing protocols such as MP-BGP, OSPF, LDP, EIGRP, RIP, and BGP v4. Deployed and administered Arista switches within the datacenter environment, utilizing Cloud Vision Portal (CVP) for management and configuration standardization. Led routing optimization initiatives, transitioning default route learning to BGP circuits from EIGRP. Provided essential support for enterprise network operations, addressing technical interventions on network and security infrastructure. Implemented and optimized Meraki MR access points for high-density environments, ensuring seamless wireless connectivity and performance. Configured and managed Azure Virtual Networks, subnets, and network security groups (NSGs) to ensure secure and efficient network traffic flow. Created shell scripts to set up and configure development and production environments, ensuring consistent and repeatable deployments. Configured and maintained Versa SD-WAN appliances, ensuring seamless network connectivity and performance across multiple sites. Developed and configured detailed security policies and rules within Palo Alto firewalls to ensure comprehensive protection against cyber threats. Created and managed security policies in Zscaler to control web and application access, ensuring compliance with organizational security standards. Configured and managed complex routing protocols and technologies, including OSPF, EIGRP, and BGP. Implemented strategic adjustments to BGP attributes to ensure optimized routing configurations and seamless failover mechanisms. Utilized AWS data analytics services such as Redshift, Athena, and Kinesis to process and analyze large datasets. Developed and configured detailed security policies and rules within Cisco firewalls to ensure comprehensive protection against cyber threats. Configured and managed guest access services in Cisco ISE, providing secure and controlled network access for visitors. Experienced in configuring and maintaining FortiGuard IPS for intrusion detection and prevention, ensuring real-time threat protection. Integrated SD-WAN solutions with security frameworks, including firewalls, VPNs, and threat detection systems, to enhance overall network security. Built Python applications to interact with various APIs, integrating external services and enhancing system functionality. Define and deploy cloud resources and services across multiple providers (e.g., AWS, Azure) using Terraform modules. Spearheaded the establishment of Software-Defined Data Center (SDDC) environments, incorporating VMware, vCenter, NSX, and Cisco ACI technologies. Collaborated with cross-functional teams to troubleshoot LAN/WAN infrastructure complexities, addressing issues related to routing protocols. Implemented and managed security policies using Versa's integrated security features, including firewall, IDS/IPS, and URL filtering. Utilized ACLs for IP traffic filtering, ensuring that only authorized users and devices can access specific network resources. Provide training and support to IT staff on GCP networking best practices and troubleshooting techniques. Monitored network performance and optimized Fortinet configurations to ensure efficient and secure network operations. Utilized Palo Alto s threat prevention features, including URL filtering, anti-virus, anti-spyware, and vulnerability protection, to safeguard the network. Planned and executed the migration of legacy MPLS and Internet sites to Viptela Software-Defined Wide Area Network (SDWAN) solutions. Conducted comprehensive bandwidth assessments to inform provisioning of new SDWAN circuits. Oversaw configuration and staging of Viptela v Edge devices, conducting meticulous link testing to validate network integrity. Managed and maintained firewall technologies, including Cisco ASA, Fortinet, and Palo Alto. Deployed Cisco Meraki solutions for streamlined management of remote branch office networks and internet connectivity. Designed and managed IPsec VPN tunnels, facilitating secure connectivity for customers and remote offices. Diagnosed and resolved connectivity issues within Palo Alto firewall environments, ensuring uninterrupted network operations. Utilized Python libraries like Pandas and Matplotlib for data analysis and visualization, providing insights and supporting data-driven decision-making. Monitored security events using Cisco firewall logging and reporting tools and responded to incidents to mitigate risks. Collaborate with application teams to ensure seamless integration of applications with F5 load balancers. Led maintenance and upgrade initiatives for Palo Alto firewall platforms across branch offices and data centers. Use GCP monitoring tools (e.g., Stackdriver, Network Intelligence Center) to monitor network health and performance. Version control Terraform configurations using Git or other version control systems. Implemented Azure Security Center recommendations to enhance security posture, including configuring security policies, threat detection, and vulnerability assessments. Collaborated with teams to migrate applications from legacy Cisco Load Balancers to F5 BIG-IP Local Traffic Manager (LTM). Configured and optimized F5 BIG-IP LTM environments, ensuring high availability and performance. Client: Miso, IN Apr 2021 May 2023 Role: Senior Network Engineer Responsibilities: Configured and managed various Cisco Nexus models (7010, 5548, 5020, 2148, 2248) and Cisco router models (7200, 3800, 3600, 2800, 2600, 2500, 1800 series), alongside Cisco Catalyst switches (6500, 4500, 3750, 3500, 2900 series). Integrated Versa SD-WAN solutions with existing network infrastructure and security tools. Designed and implemented high availability and redundancy features for Cisco firewalls to ensure continuous network protection. Proficient in Cloud Computing Virtualization using VMware NSX and Windows Hyper-V. Configured and maintained site-to-site and remote access VPNs using Palo Alto firewalls to ensure secure communication channels. Developed and maintained incident response plans for security breaches and network incidents involving Cisco firewalls Wrote and executed shell scripts to monitor system performance, identifying and resolving performance bottlenecks and ensuring optimal resource utilization. Implemented Python-based monitoring solutions to track system health and performance, generating alerts and notifications for critical events. Extensive experience in layer-3 Routing Protocols (OSPF and BGP) and layer-2 Switching. Configured and enforced security policies using Meraki MX appliances, including firewall rules, content filtering, and intrusion detection/prevention systems (IDS/IPS). Designed VMware environment architectures and performed sizing calculations based on current systems and future growth projections. Utilized Azure DevOps for continuous integration and continuous deployment (CI/CD) pipelines, automating code deployments, and managing project workflows. Utilized Zscaler's advanced threat protection features to detect and prevent malware, phishing, and other cyber threats, enhancing the overall security posture. Implemented posture assessment policies to check endpoint compliance with security standards before granting network access. Configured traffic engineering policies to prioritize critical applications and ensure optimal performance across multiple WAN links. Provide technical support and training to IT teams on F5 load balancer features and best practices. Deployed and decommissioned VLANs on core ASR 9K, Nexus 9K, 7K, 5K, and downstream devices. Troubleshot Cisco Nexus 9000 Series Switch ACI Solution and integrated with VMware environments. Collaborated on data center migration from Cisco to Arista, ensuring minimal downtime and utilizing VxLAN for ASR 9K integration. Managed regular updates and patching of Cisco firewall devices to maintain security posture and compliance with industry standards. Configured ACLs in conjunction with NAT (Network Address Translation) and PAT (Port Address Translation) to control and manage traffic entering and leaving the network. Skilled in setting up and managing IPsec and SSL VPNs on Fortinet devices for secure remote access and site-to-site connectivity. Utilized Cisco ISE's device profiling capabilities to automatically identify and classify devices on the network for improved visibility and security. Assisted in deploying DNAC solutions for network infrastructure enhancement. Played a key role in migrating Checkpoint 41k firewalls to Palo Alto 5250 and installing Virtual Appliance (Palo Alto VM) in Azure Cloud. Design and implement perimeter security strategies to protect network infrastructure from external threats. Collaborate with development and operations teams to streamline CI/CD pipelines using Terraform. Integrated Zscaler logs and alerts with Security Information and Event Management (SIEM) systems for centralized monitoring and incident response. Set up and maintained Azure Monitor, Log Analytics, and Application Insights for monitoring application performance, diagnosing issues, and gaining actionable insights. Integrated Cisco firewalls with Security Information and Event Management (SIEM) systems to enhance threat detection and response capabilities. Configured Cisco ISE for network access control and security. Set up and maintained site-to-site and client VPNs using Meraki MX appliances, providing secure remote access to corporate resources. Installed and configured LAN/WAN as per organizational/client requirements, governed by communication protocols. Implemented User-ID and App-ID features to improve visibility and control over user activities and applications on the network. Implemented next-gen firewall technology like URL Filtering, SSL Forward Proxy, APP ID, Threat ID on Palo Alto and Checkpoint firewalls. Developed and maintained ACLs for firewall rule sets, ensuring comprehensive security coverage and minimizing vulnerabilities. Designed and implemented high availability (HA) configurations for SD-WAN to ensure network redundancy and uptime. Managed Palo Alto, Checkpoint firewall operations across global networks. Deployed and managed SD-WAN solutions (Viptela, Citrix) for large-scale enterprises and configured FCOE using Cisco Nexus 5548. Provide training and support to IT staff on GCP networking best practices and troubleshooting techniques. Ensure compliance with regulatory requirements and industry standards (e.g., GDPR, PCI-DSS) related to perimeter security. Worked on AWS and Azure cloud configurations for network connectivity and security, including VNETs, Security Groups, Direct Connect, and Express Routes. Installed and configured Firepower Management Center 6.0 on VMware and added ASA Sourcefire Agents and Firepower NGIPS for monitoring and management. Conducted firewall troubleshooting and implemented policy change requests for network segmentation. Configured Palo Alto Firewalls with multiple zones, including DMZ and perimeter, to meet traffic segregation requirements. Configured and managed SSL/TLS decryption on Cisco firewalls to inspect encrypted traffic for threats while maintaining privacy compliance. Migrated Virtual Machines and applications from on-premises cloud to AWS. Implemented data-filtering profiles in Palo Alto devices for sensitive information prevention. Configured WAF, F5 ASM, F5 APM, Citrix NetScaler, and Microsoft Office 365 for application traffic security. Implemented high availability (HA) configurations and redundancy mechanisms to ensure network reliability and uptime. Used cron jobs to schedule and automate regular maintenance tasks, improving system reliability and reducing manual intervention. Managed Virtual Machines on AWS Cloud, including EC2, Route53, and RDS. Provisioned Firewall Policies on Palo Alto devices using Web UI and PANORAMA. Provided operational support for firewall and VPN platforms, including upgrades and maintenance. Configured rules and analysed firewall logs using various tools. Provided support for Cisco SD-WAN fabric devices and managed security zones and interface configurations on Palo Alto Firewalls. Built SolarWinds Environment and worked on projects replacing Aruba APs with Meraki and cloud management. Configured and managed NAT policies on Cisco firewalls to facilitate internal and external network communications. Proficient in configuring and managing Fortinet's FortiGate firewalls for network security and intrusion prevention. Client: Mizuho, NY Nov 2019 Apr 2021 Role: Network Security Engineer Responsibilities: Responsible for an internal and external customer request for enterprise infrastructure including planning, maintaining and supporting infrastructure Implement Identity and Access Management (IAM) policies to secure GCP resources. Install, configure, deploy and maintain routers, switches, firewalls, and other network infrastructure tools. Lead a project from initiation to completion, Train & guide team members on tools and technologies. Setup ExpressRoute, site-to-site VPN: create Virtual network, VPN gateway, authentication certificate in Azure Maintained detailed documentation of Versa SD-WAN configurations, policies, and procedures, and generated reports on network performance and security incidents. Configured and managed SSL decryption to inspect encrypted traffic for threats while maintaining privacy compliance. Provide training and guidance to IT teams on perimeter security best practices and procedures. Worked in Agile methodology for creating user stories from prioritized features, and then manages and prioritizes sprint backlogs Conducted security audits and ensured compliance with organizational and regulatory requirements using Cisco firewall features. Designed, Implemented, Tested and Documented IP-CLOS Fabric with Spine-Leaf topology using EVPN Implemented, Tested at Scale and documented Transit VPC solution using Juniper vSRX inside AWS Experience configuring and managing Azure AD, MFA, OneDrive, SharePoint and B2B collaboration Responsible for configuring, change access and implanting customers IPSEC VPN setup/troubleshooting Worked extensively on F5 LTM for creating and managing VIP and Pool member configuration Experience of network protocols [e.g., TCP/IP, SSL/TLS/EAP, Active Directory/LDAP, Radius, TACACS+, 802.1x] Worked closely to identify the packet level troubleshooting and analyzing packet for real time sensitive traffic Reduced troubleshooting time 25% for finding repeated information right from the NetBrain on the devices Closely worked in change management environment for routine maintenance of network devices, such as software updates Monitored security events using Palo Alto's logging and reporting tools and responded to incidents to mitigate risks. Created detailed documentation for Cisco firewall configurations and procedures, and provided training to team members on best practices. Closely worked in a change management environment for routine maintenance of network devices, such as software updates and 24x7 support. Client: Tango Analytics, TX Mar 2017 Oct 2019 Role: Network engineer Responsibilities: Extensively worked on the implementation of policies on Router, Switches, and Firewall, enabling IDS/IPS signatures in Firewall and fine-tuning of TCP and UDP. Configure multi-cloud networking solutions to ensure seamless connectivity between GCP and other cloud providers. Deployed and managed Palo Alto Global Protect for secure remote access and mobile user security. Designed perimeter security policy, allowing access to specified services, worked on Network Environment segmentation migrations for all PII/PHI application to securing data Configured Object Grouping, Protocol Handling and analyze the legitimate traffic for Class-I data. Performed in-depth troubleshooting for firewall, remote access, and site-to-site VPN-related issues Code upgraded on Cisco ASA firewall, CSM and ASDM tool. Responsible for creating and maintaining diagrams and documentation of network systems. Involved in survey and Installation networking equipment and associated software products Maintain network inventory, prepare documentation to pertain management and maintenance. Opening and closing the ports based on business requirement and Pushing policies in Zone-Based Firewalls. Responsible for service request tickets generated for troubleshooting, maintenance, upgrades, patches, and fixes with all-around technical support. Client: Infotech, Ind Jul 2014 Dec 2015 Role: Network Support Engineer Responsibilities: Responsible for creating and maintaining customer cases and troubleshoot and document network details. Perform responsibilities of supporting the daily operations of the infrastructure and troubleshooting issues. Replicate and test customer issue in engineering lab to provide fixes to ensure the solution resolves Designed and installed switching environment for campus wired LAN for internal business customers Responsible for updating the IOS and configuring the new Router and Catalyst Switches Integrated Palo Alto firewalls with Security Information and Event Management (SIEM) systems to enhance threat detection and response capabilities. Troubleshoot and resolved many user-end issues and performed network testing and baselining. Keywords: continuous integration continuous deployment user interface active directory information technology ffive hewlett packard microsoft Idaho New Jersey New York South Dakota Texas