Home

Zubair Ahmed - Network Engineer

[email protected]

Location: Houston, Texas, USA

Relocation: Yes

Visa: H1B

Resume file: Zubair Network Resume Updated_1771018806800.doc Please check the file(s) for viruses. Files are checked manually and then made available for download.

Mohammed Zubair A Senior Network & Security Engineer (917) 640-3525 | [email protected] | Houston, TX SUMMARY PROFESSIONAL: Senior Network & Security Engineer with 11+ years of experience in the implementation, optimization, and support of enterprise campus, data center, and WAN environments across multi-vendor networks. Hands-on experience working in multi-vendor environments, including Cisco Nexus (9K/7K/5K), VXLAN EVPN fabrics, BGP/OSPF routing, and Silver Peak and Cisco SD-WAN platforms. Experience securing global infrastructures using Palo Alto (PAN-OS), FortiGate, and Cisco Firepower (FTD) next-generation firewalls. Extensive hands-on experience executing large-scale implementations, complex hardware migrations, and end-to-end technical deployments; proven track record in Tier 3 troubleshooting, resolving critical outages, and hands-on configuration of secure access solutions including NAC, 802.1X, and enterprise Wi-Fi in high-pressure environments.Deployed and managed Forescout CounterACT to provide real-time visibility and control over enterprise IT, IoT, and OT devices. Demonstrated ability to support hybrid environments by integrating on-prem infrastructure with AWS and Azure using Direct Connect and ExpressRoute. Experienced in troubleshooting complex network issues, leading change windows, coordinating vendors, and maintaining high-availability environments using monitoring, analytics, and automation tools. Known for clear communication, strong ownership, and delivering stable, secure, and scalable network solutions in large enterprise environments. CERTIFICATIONS: Cisco Certified Network Associate (CCNA) Cisco Certified Network Professional (CCNP) Palo Alto Accredited Configuration Engineer (ACE) TECHNICAL SKILLS: Core Infrastructure & Network Operations: Data Center Cisco Nexus (9K/7K), Spine-Leaf Architecture, VXLAN EVPN Fabric, Cisco ACI, Arista CloudVision (CVP), and VDC/vPC configuration. Enterprise Routing Advanced BGP (Route Reflectors, Communities), OSPF (Multi-area), EIGRP, MPLS, and VRF-Lite. Campus Switching Cisco Catalyst 9000 Series (9300/9500/9800), Aruba/HPE switching platforms, StackWise Virtual, 802.1Q Trunking. Network Security & Edge Next-Gen Firewalls including Palo Alto (PAN-OS, Panorama), Fortinet (FortiGate 100-600 series), Cisco Secure Firewall (FTD/FMC), ASA, and Check Point. SD-WAN Silver Peak (Unity Orchestrator), Cisco Viptela, and Meraki SD-WAN. Secure Access Zscaler (ZIA/ZPA), Cisco ISE, Aruba ClearPass (CPPM), 802.1X, RADIUS, and TACACS+. VPN Technologies Site-to-Site IPsec VPN, GlobalProtect, FortiClient, and AnyConnect SSL VPN. Cloud & Application Delivery Hybrid Cloud AWS (VPC, Direct Connect, S3, EC2), Azure (ExpressRoute, VNET, NSG), and Cloud-based Virtual Firewalls. Load Balancing (ADC) F5 BIG-IP (LTM/GTM), A10 Networks, Citrix NetScaler, iRules development, and SSL Offloading. DDI Services Infoblox (DNS/DHCP/IPAM), BlueCat DDI, Microsoft DNS Wireless & Mobility Wireless Infrastructure Cisco WLC (9800/5508), Aruba Mobility Conductors/Controllers (7200 series), and Meraki Dashboard. Optimization RF Spectrum Analysis, Ekahau Site Surveys, Aruba AirWave, AirMatch tuning, and Guest Portal management. Monitoring, Automation & Tools Observability SolarWinds (NPM/NCM), Cisco ThousandEyes, LogicMonitor, Splunk, Wireshark, tcpdump, NetFlow, and SNMP performance tuning. Automation Python, Ansible, Terraform, and Git for Network Infrastructure as Code (IaC). Operations ServiceNow (ITIL), Jira, MS Visio (HLD/LLD Documentation), and Change Management (MOPs). PROFESSIONAL EXPERIENCE: Norwegian Cruise Line Holdings (NCLH) | Miami, FL (July 2025 Present) Senior Network Engineer Wireless Modernization: Executing hands-on deployment and technical staging of a global wireless refresh, performing RF tuning, site validation, and controller-based configuration for international office hubs, using Ekahau for predictive modeling and site surveys to optimize RF coverage and client roaming performance. Network Migrations: Executing migrations from legacy Cisco Catalyst infrastructure to Meraki cloud-managed solutions, including SSID configuration, hands-on AP provisioning, and RF profile tuning for high-density environments. Wireless Operations: Managing and provisioning enterprise wireless environments using Cisco Catalyst 9800 WLCs, Catalyst Center (DNAC), and Meraki dashboards to support reliable, business-critical operations. Aruba Gateways & SD-Branch (Exposure): Familiar with Aruba Campus and Branch Gateway platforms (9240, 9012, 9004) including gateway role concepts, control/data plane separation, VPNC integration, and policy-based forwarding in SD-Branch environments NetBrain: Used dynamic network mapping, path visualization, and intent-based troubleshooting to accelerate root cause analysis across routing, firewall, and SD-WAN incidents in multi-vendor environments. NAC & Endpoint Security Operations: Supported enterprise NAC operations using Forescout and Cisco ISE to identify, classify, and control unmanaged and managed endpoints; worked closely with security teams to enforce access policies, isolate non-compliant devices, and support incident response activities. Utilized NetBrain dynamic mapping and path analysis to accelerate root cause analysis for complex routing, firewall, and SD-WAN-related incidents across multi-vendor environments. Used NetBrain runbook-assisted diagnostics alongside CLI and monitoring tools to standardize troubleshooting workflows and reduce mean time to resolution (MTTR). Leveraged NetBrain dynamic topology maps and path analysis to quickly identify routing asymmetry, policy misconfigurations, and traffic flow issues during production outages. Security & Identity Access: Resolving complex L2/L3 connectivity and authentication failures within Cisco ISE, troubleshooting 802.1X (Dot1x) authentication flows, RADIUS attribute mapping, and dynamic VLAN assignment for secure network segmentation. Vulnerability Remediation: Analyzing Qualys security findings to identify and patch critical vulnerabilities across the global estate, coordinating with security teams to decommission EOL systems and harden FortiGate and Palo Alto firewall policies. Deployed and managed Forescout CounterACT to provide real-time visibility and control over enterprise IT, IoT, and OT devices. Integrated Forescout with SIEM, firewall, EDR, and IAM solutions to automate security workflows and incident response. Reduced mean time to respond (MTTR) by integrating Forescout with tools like Splunk, Palo Alto, Cisco, CrowdStrike, or ServiceNow. Change Management: Owning critical change windows by authoring detailed Methods of Procedure (MOPs) for core switch firmware upgrades and firewall cutovers, ensuring minimal impact to production services. Advanced Troubleshooting: Serving as the senior escalation point for multi-vendor network anomalies involving SD-WAN (Silver Peak) path selection, BGP routing adjustments, and VPN tunnel stability. Documentation: Authoring detailed as-built guides, technical cutover execution plans, and configuration templates to support ongoing operations and audit requirements. DTarform | Houston, TX (May 2024 June 2025) Senior Network Engineer Multi-Client Fabric Implementation: Executed hands-on CLI configuration of Spine-Leaf VXLAN EVPN fabrics and successfully migrated legacy client environments to Nexus 9K platforms during production maintenance windows with zero unplanned downtime. SD-WAN Deployment & Tuning: Executed hands-on deployment and tuning of Silver Peak (Aruba EdgeConnect) and Cisco Viptela SD-WAN solutions across 50+ global sites, implementing intelligent traffic steering and Path Conditioning to reduce MPLS dependency and improve application performance. Hybrid-Cloud Connectivity: Provisioned and configured secure, high-bandwidth connectivity to AWS Direct Connect and Azure ExpressRoute, utilizing virtual firewalls and NSGs to ensure seamless data flow between on-prem data centers and cloud VPCs. Hands-on experience configuring and supporting Cisco Nexus platforms (9K/7K/5K), including vPC, VDC, VLANs, port-channels, and BGP/OSPF routing in production data center environments. Security & NAC Integration: Assisted clients with NAC and endpoint visibility initiatives, integrating Forescout and firewall platforms to enforce network access policies and improve visibility across enterprise LAN and data center environments. Firewall Migration & Hardening: Executed the migration of perimeter security to FortiGate 600F and Palo Alto 3400 series NGFWs; implemented SSL inspection, User-ID, and automated threat prevention. Network Automation (IaC): Developed and maintained a library of Python scripts and Ansible playbooks to automate VLAN provisioning, multi-vendor firmware upgrades, and security policy compliance audits, reducing manual configuration errors. Performed firmware upgrades, capacity expansions, and troubleshooting on Nexus switches, validating traffic flow and stability during and after maintenance windows. Data Center Operations: Executed physical and logical infrastructure buildouts at Equinix colocation facilities, handling cross-connect provisioning, ISP peering, and rack-and-stack deployments for high-density server environments. Escalation & Operations Support: Served as the Tier 3 escalation point for critical network outages, using SolarWinds and Wireshark for deep packet analysis to resolve complex routing and latency issues within SLA requirements. Ultragenyx | Bedford, MA (July 2022 April 2024) Senior Network Engineer Hybrid Infrastructure Integration: Provisioned high-speed interconnectivity between on-premise infrastructure and Equinix Cloud Exchange, facilitating secure, low-latency handoffs for multi-cloud service delivery. Data Center Implementation: Executed physical and logical build-out of enterprise data center environments using Cisco Nexus 9300/9500 platforms, performing hands-on CLI configuration for VXLAN EVPN peering and vPC domains. Edge Routing & Financial Connectivity: Supported large-scale BGP and OSPF routing environments on Cisco ASR 9000 (IOS-XR) platforms, performing route-map optimization and traffic analysis to ensure low-latency data transit. SD-WAN Global Rollout: Deployed and supported a high-availability Silver Peak (Aruba EdgeConnect) SD-WAN environment across 18+ sites, tuning path selection and Business Intent Overlays. Application Delivery (ADC): Optimized global application availability using F5 BIG-IP LTM/GTM, developing custom iRules for header manipulation, advanced health monitoring, and automated DNS-based failover. Supported Cisco ACI environments by configuring and troubleshooting tenants, VRFs, bridge domains, endpoint groups (EPGs), and contracts to maintain secure and segmented data center connectivity. Next-Gen Security Operations: Administered Palo Alto NGFWs, FortiGate, and Cisco ASA/FTD firewalls; performed policy management, SSL Decryption, User-ID configuration, and Panorama-based centralized operations. Assisted with day-to-day ACI operations including policy validation, fault analysis, and coordination with application teams during deployments and change activities. Enterprise Security Operations: Supported NAC and firewall-driven access controls in regulated enterprise environments, working with security teams to maintain compliance requirements and respond to network security incidents. IPv6 Compliance: Implemented and supported IPv6 addressing schemes and dual-stack configurations across core infrastructure to meet scalability requirements. Hybrid Cloud & Wireless Support: Provisioned secure connectivity to AWS Direct Connect and Azure ExpressRoute; managed enterprise wireless using Cisco Catalyst 9800 WLCs and Meraki MR points with 802.1X (Cisco ISE) troubleshooting. DDI & Network Services: Managed Infoblox DNS, DHCP, and IPAM services, supporting enterprise-scale IP address management and Grid operations. Jefferies | NY (April 2020 December 2021) Network Security Engineer Data Center Migration: Executed hands-on migration from legacy Cisco infrastructure to Arista 7000 series environments using VXLAN EVPN and CloudVision (CVP) to support low-latency trading workloads. Network Automation: Developed and deployed Python scripts and Ansible playbooks to automate the configuration and validation of 250+ Arista switches, accelerating data center provisioning. Extensive experience working in enterprise data center environments, supporting spine-leaf architectures, routing and switching, firewall integration, load balancers, and hybrid cloud connectivity. Multi-Vendor Firewall Management: Executed security policy lifecycle management across environments involving FortiGate (600 series), Cisco ASA/FTD, and Check Point, ensuring compliance with industry standards. Hybrid Cloud Security: Designed and provisioned secure transit gateways for cloud workloads, utilizing Azure ExpressRoute, AWS Direct Connect, and NSGs to maintain a consistent security posture. Advanced Security Operations: Administered Palo Alto (PAN-OS) clusters, implementing High Availability (HA), GlobalProtect VPN, and centralized management via Panorama. SDN & Fabric Operations: Supported Cisco ACI environments, configuring Spine-Leaf topology, Endpoint Groups (EPGs), and contract-based security policies. Participated in data center build-outs, migrations, and hardware refreshes, including rack-and-stack coordination, cabling validation, circuit turn-ups, and post-deployment testing. Cloud-Edge Integration: Configured Meraki SD-WAN (MX series) to establish secure Auto-VPN tunnels between branch offices and AWS-hosted domain controllers and services. Mattel | CA (September 2018 March 2020) Network Security Engineer Global Collaboration Fabric: Executed the 100G hardware refresh and CLI configuration of Arista networking environments utilizing VXLAN and LACP to support high-bandwidth global collaboration and video services. DDI Modernization: Implemented and supported Infoblox (DNS, DHCP, IPAM), performing the technical migration of DHCP scopes and DNS records into an Infoblox Grid Manager environment for automated IP management. Security & Perimeter Hardening: Managed Check Point (R80.x) Provider-1 environments, performing R80.x platform upgrades, configuring Site-to-Site IPsec VPN tunnels, and providing Tier 3 troubleshooting for firewall clusters. Network Programmability: Created custom Python applications to automate routine network health checks and configuration audits, improving overall operational baseline and compliance. Application Delivery: Executed migration from Cisco ACE to F5 BIG-IP LTM, configuring Virtual Servers and iRules to optimize application load balancing and session persistence. Tango Analytics | TX (September 2017 August 2018) Network Engineer Core Routing & Switching: Managed the configuration and troubleshooting of BGP and OSPF routing protocols on Cisco Catalyst 6500 and Nexus 7000 platforms to improve convergence and resiliency. Secure Remote Access: Implemented and supported Check Point firewall security policies and Remote Access VPNs, ensuring secure connectivity for a geographically dispersed workforce. Virtualization Networking: Provisioned and supported network connectivity for VMware ESXi environments, configuring VDS (Virtual Distributed Switches) and 802.1Q VLAN tagging for high-density server clusters. WAN Performance: Managed MPLS circuit turn-ups and ISP peering; performed traffic engineering and bandwidth optimization to ensure stable application delivery across multi-site environments. Tech Throne IT Solutions | India (February 2015 August 2017) Junior Network Engineer Foundation Infrastructure: Configured and supported Layer 2/3 campus networks on Cisco Catalyst switches, implementing VLAN segmentation, STP (PVST+) tuning, and HSRP for default gateway redundancy. Migration Support: Executed data center hardware refreshes, including the physical installation and initial CLI configuration of Cisco ISR routers and ASA firewalls (ACLs, NAT, and Object Groups). Technical Documentation: Developed and maintained detailed network topology diagrams and IP Address Management (IPAM) schemes using MS Visio to support rapid infrastructure growth. Keywords: sthree information technology ffive microsoft mississippi California Florida Idaho Massachusetts New York South Dakota Texas Wisconsin