Over 7 years of experience in planning, designing, implementation of routing/switching & security for enterprise and service providers packet core networks and data centers.
Working experience on Cisco High end devices, 12816 GSR, 7613, 7609, CAT 6513 & 6509.
Cisco virtual switching system VSS 1440 for data center core chassis redundancy, Configuration of MEC multi chassis ether channel for switches and Servers.
FWSM, CSM & CVDM-SSLSM modules integration on 6500/7600 chassis.
FWSM implementation in active/active and active/failover mode on 6500/7600 chassis.
CSM & ACE modules load balancers implementation in standalone, bridge and router modes.
Working experience on Cisco ASA 5580, 5550, 5540, 5510 series firewalls.
Implementation of Cisco 4GE SSM, AIP SSM 20 for inspection and prevention and CSC SSM content security and control software module for protection against viruses, spyware, spam and unwanted traffic.
IPS signatures fine tuning, customization, up gradation, creating custom signatures, deploying IPS anomaly detection parameters, SPAN/RSPAN.
VPN configurations, site-to-site VPN with pre shared keys, with digital certificates, easy VPN, DMVPN, Web VPN, remote access VPN, split tunneling.
Configuration of IOS application policy firewall, IOS IPS, IOS SSL VPN, IOS zone base security firewall.
Discovering network vulnerabilities and threats, auditing security devices FWSM, PIX, ASA, routers and switches with nipper.
Implementation of Layer 2 & layer 3 attacks mitigation.
IP spoofing attack mitigation using static ACLs and dynamically using uRPF.
Layer 2 attacks and their mitigation, MAC attacks, CAM attacks, ARP attacks, VLAN hopping attacks, DHCP attacks, Spoofing attacks and Control plane attacks.
Identity management, AAA, RADIUS, TACACS, ACS, 802.1x, CBAC.
Network attacks, reconnaissance, Dos, D Dos, MiM, DNS, and Smurf.
Excellent written and verbal communication, listening, negotiation, and presentation skills.
Capability to understand customer requirements and ability to translate them into technical solutions.
Outstanding communication skills proven by effective interaction with management, vendors, peers and users.
Demonstrated ability to satisfy users through analysis and problem resolution. Genuine commitment to quality and customer satisfaction.
CERTIFICATIONS / PROFESSIONAL TRAININGs
CCNP (Cisco Certified Network Professional) Lahore 2008
CCNA (Cisco Certified Network Associate) Lahore 2007
JNCIA (Juniper Networks Certified Internet Associate) Lahore 2007
JNCIS (Juniper Networks Certified Internet Specialist) Lahore 2007
MCSE (Microsoft Certified System Engineer) Islamabad 2001
MCDBA (Microsoft Certified Database Administrator) Islamabad 2001
MCP (Microsoft Certified Professional) Islamabad 2001
Network Security Workshop (Networker Society of Pakistan) Karachi 2008
IP Telephony Workshop (Networker Society of Pakistan) Karachi 2008
RedHat Linux Server Administration Training (Corvit Systems) Lahore 2002
ISP Setup Training (Corvit Systems) Lahore 2002
Data Core Engineer
Currently I am working on Wateen Telecom IP/MPLS core project as Team Lead IP/MPLS core & Data Center. Wateen Telecom is the Abu Dhabi Group's latest venture in Pakistan. Wateen Telecom is the first company in the world to roll-out a WIMAX network at a country-wide scale. WIMAX is a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to wired broadband like cable and DSL.
Supervising operation & integration teams of 15 Engineers to effectively deliver projects on time.
Document Low Level Design for day to day changes in IP/MPLS core of Wateen Networks.
Integration, planning, designing, optimization of IP/MPLS core routing/switching , security & data center services.
Implemented multi-context on Cisco 5580-40 for load sharing and maximum through put on internet edge.
Load balance 32k global IP’s ranges on ASA 5580 multi context.
Implemented Cisco Secure ACS v 4.2 for 700+ network devices.
Implemented SolarWinds NPM 9.5 SLX, SolarWinds Netflow & SolarWinds Syslog Servers for 700+ devices and 20,000 nodes.
Implemented Remote Access VPN, L2L VPN on Cisco ASA 5550 for engineers, management & vendors.
Implemented Cisco IPS 4255 sensor for detection & prevention of network threats and its monitoring on Cisco IPS manager express.
Implemented CS-MARS 200 GC and CS-MARS 100 LC.
Optimize Cisco CSM & ACE modules load balancer using sticky & round robin.
Completed auditing FWSM, data center ASA internet edge ASA firewalls.
Successfully control performance & CPU load of FWSM by modifying inspection rules.
Configuration of BGP, MP-BGP, OSPF, MPLS L2/L3 VPN, IPv4, VPNv4, RR.
Integration of Cisco-12816 GSR, 7613, 7609, 6513, SSG, TAG, TAD, WAE-7326, 10720, ME 3750 & 3400.
Design & implemented layer 2 protocols, MST,RSTP, HSRP, GLBP, VRRP.
Completed documentation including data center and packet core topology diagrams & sop.
Cyber Net Internet Service Provider
Sr. Network Engineer
I have worked for Warid Telecom enterprise data network & data center project. Warid Telecom is providing cellular services in Pakistan, Uganda & Congo. I worked for Warid Telecom as resident Sr. Network Engineer from Cyber Net internet services. Cyber Net is one the leading internet & data service provider in Pakistan.
Played key role in Planning, designing and implementation of DR data center.
Integrate four FWSM on CAT 6509 chassis MSFC and configured their Active/Standby Failover, configured DMZ’s, Object Groups and ACL’s in DR data center.
Planning Network Security, Routing, switching for more than 40 Access Sites including Primary and DR Data Centers, Call Center’s, Business Center’s branch offices, Ware Houses and 300 Franchises.
Configuration of ASA 5540 Active/Active and Active/Standby, configuration site-to-site VPN tunnels with extranets, configuration of VPN remote access.
Configurations troubleshooting of VPN tunnels on Cisco 3000 series Concentrators, site-to-site, SSL VPN, IPSec over GRE.
ACS 3.3 implementation and integration of Routers, switches and security devices for centralized access management.
Cisco IPS 4250 implementation in Promiscuous and Inline modes, Signature up gradation, fine tuning and log monitoring using Cisco Event viewer “IEV”.
Designing & implementation of Interior & exterior routing protocols, BGP, OSPF, EIGRP, IGRP, RIP. Configure MD5 authentication through key chain.
Working experience on Core, Distribution & Access Cisco devices 7609, 6509, 6506, 7206 VXR, 3845, 4948-10G, 4507, 4503, 2811, 2600, 3750, 3550 and 2900.
Scan network vulnerabilities with network scanners, Blue port scan, netcat, nessus, nmap, scan a host using Microsoft Base line security analyzer, Analyze network traffic with ethereal.
Configurations of LAN Protocols HSRP, VRRP, GLBP for redundancy.
Configuration of VLAN’s, VTP Domains, inter VLAN routing, STP, RSTP & MST.
IOS Up gradation of EDN Cisco Routers, Switches, Pix Firewall, VPN Concentrators, Cisco IDS 4250 & IPS 4250 Sensors.
Supervisor Engine IOS up gradation for 7609 Router and CAT 6500 series switches.
Standard Operation Procedures (SOPs), Work Plans and change control forms.
Enterprise Data Network Monitoring using Solar Winds Orion Network performance Monitor 7.8.139 & 8, Solar winds Engineer’s Edition, Kiwi and Linux SYSLOG servers, MRTG, NETFLOW Traffic Analyzer.
Network / System Engineer
I have worked with US based company Nologics Inc with its development house in DHA Lahore as Network / System Administrator from December 01, 2003 to Oct 30, 2004.
Configurations & Management of Dedicated Windows & Linux Servers were placed at Data Center’s in USA for virtual web hosting solutions.
Configuration of Send mail, qmail, vpopmail, qmailadmin, Apache Web servers, FTP servers, E-mails handling, System maintenance, Web mail software’s etc.
Registered & hosted more than 400 domains on UNIX, Linux and Windows Operating System.
Configuration of plesk 5, 6, 7 and C panel.
Configurations of Linux Firewall IP Tables & SSL certificates.
Administration of windows 2000 Active directory Services for 150 nodes.
Installation and troubleshooting of Windows and Linux Operating Systems.
Installation and configuration of Network Printer, Print Servers and third party software’s.
Asst. Network Engineer
I have worked with Kohinoor Maple Leaf Group as Asst. Network Engineer resident engineer from Corvit Networks from Sep 2002 to Nov 2003.
Management, Implementation of Cisco Network Routers, Switches, Windows 2000 Advance Server Domain Controllers for 500 nodes and 800 users.
Management, Implementation of VTP domain vlan’s and Inter vlan’s Routing.
Administration of Linux Servers NFS, DNS, Proxy Server, Mail Server, Web Server, Samba server, Firewall Server.
Installation and maintenance of Windows and Linux Operating systems and software’s.
Installation and Troubleshooting of Hardware devices.
Backup of User data on Dell DLT Tape Drives & Managing disk quota for users.
Installation and troubleshooting of Network Printers and Print Servers.