Amir Babaiyan

Experience

• 

  Tejarat Bank بانک تجارت

  Jan 2011 - Feb 2012

  Network Administrator

  • Designing, implementing and maintaining WAN connectivity of more than 2200 branches • Designing, implementing country-wide Dynamic routing protocols EIGRP and OSPF for more than 2200 branches. • Deployed AAA by Cisco ACS for all routers in Bank Tejarat• Deployed traffic management and QOS entire the Bank Tejarat Network

• 

  Remis

  Jan 2012 - Jan 2014

  Network Administrator

  • Configuring and Implementing Active Directory Domain Service, Group Policy, DNS, DHCP, Remote Desktop Services, TMG and so on.• Configuring and Implementing SCOM 2012• Maintaining Cisco Network and Firewalls • Running security hardening protocol for entire network• Maintaining Cisco Network and Firewalls

• 

  Azadnet Resaneh Co. آزادنت رسانه

  Dec 2014 - Jan 2016

  Network Consulting Engineer

  • Maintaining OSPF and improving BGP Routing protocols• Improving network performance by enhancing QOS• Designing and implementing DMVPN phase 2• Designing, implementing, and maintaining PFR and Policy base NAT for Internet load balancing for several customers• Maintain Entire network and redesigning IP Plan

• 

  Pajand Electronics (Pajal) Co., Ltd

  Jul 2015 - Dec 2016

  Information Technology Manager

  • preparation re-engineer plan for Bahman Group• Designing and implementing dot1x with Cisco ISE v2.0• Designing and implementing DMVPN phase 2• Preparation Migration plan implementing from ESX 5.0 to 5.5• Designing, implementing, and maintaining PFR and Policy base NAT for Internet load balancing • Performing centralized management, device configuration audit, advanced troubleshooting, creating customized configuration templates, performance monitoring, and network monitoring using Cisco Prime Infrastructure 3.0• Running security projects such as NTPv4, SNMPv3, Device Access limitations, Authorizations, FHS (DAI, DHCP Snooping and ARP Inspection) on layer 2 devices and so on.• Designing and deploying DMZ on Cisco ASA 5512-X, NETASQ Minder weergeven

• 

  Solico Group

  Jan 2017 - Apr 2019

  Senior Network Security Engineer

  • Administered IT infrastructure, including network, data centers • Deployed remote access SSL-VPN, posture assessment, and endpoint security policies on FortiGate 300E.• Designing and deploying DMZ on Cisco ASA 5525-X, FORTINET FORTIGATE 300D, and FORTINET FORTIGATE 300E and HA on Cisco ISR 3900 Series, Cisco ISR 4000 Series, and Cisco 3850 in 3 data centers• Deployed Security futures like Application control, IPS, Antivirus, User base authentication, Web filter and DLP and IPS signature adjustment.• Designed and implemented Port-based Network Access Control(802.1X) with dynamic VLAN membership using RADIUS-based authentication and MAB on Cisco ISE 2.0.• Configured and managed a multi-hub DMVPN with 160 spokes over 4 link types in 4 VRFs.• Implemented and maintained MP-BGP for inter-VRF routing and EIGRP for DMVPN routing.• Traffic engineering deployment via dynamic routing protocols on 5 link types (MPLS, VPN, Internet, VSAT and Radio links)• Reserving bandwidth for collaboration traffic via QoS over MPLS, Internet, and VPN links• Running SolarWinds 2016 NPM and IP SLA Monitoring and Management• Secured the company's DCN network using FortiGate 300D & 300E and Cisco ASA 5545-X firewalls.• Deployed SD-WAN on FortiGate 300D & 300E firewalls for effective internet traffic management.• Deployed network security measures such as NTPv4, SNMPv3, DAI, DHCP Snooping, and IP Source Guard.• Designed and deployed Cisco Secure ACS 5.8 as an AAA server for Cisco, MikroTik, and FORTINET devices.• Managed centralized network management, troubleshooting, and performance monitoring using Cisco Prime 3.1. Minder weergeven

• 

  MAPNA Group

  Jun 2019 - Jul 2021

  Network and security consultant

  • Network evaluation• Designer and solution provider• Deployed SD-WAN on FortiGate 300D & 300E firewalls for effective internet traffic management.• Consulting to improve security and network re-engineering • Running policy base NAT and automating Internet failure based on public Ip address• Deployed remote access SSL-VPN, posture assessment, and endpoint security policies on FortiGate 300E.• Deployed Security futures like Application control, IPS, Antivirus, User base authentication, Web filter and DLP Minder weergeven

• 

  NetQloud BV

  Jan 2022 - Sept 2023

  Senior Network Consultant and project manager

  • Design, manage, develop and maintain the HQ and some branches include LAN, Wireless, FW and SDWAN• Reengineering and redesigning the entire Network including IP plan.• Reengineering and redesigning entire LAN network and replacing the old Switches with Meraki devices• Design, develop and replacing wireless network with Meraki Aps• maintaining Meraki SD-WAN• Implementing 802.1x with Microsoft NPS for wireless network• Replacing cisco ASA with MX 68 firewall• Running Site to Site and remote access VPN with Microsoft NPS and MFA with cisco Duo• Running security features include IPS, Antivirus, Application inspection, Web filter• Implementing Prime Infrastructure for more than 100 wired and wireless devices• Network automation based on cisco prime and python 3(NAPALM)• Designing and deploying DMZ on SonicWall• Maintaining Wireless network for Cisco lightweight APs and WLC 5500• Implement, reconfigure and maintain network devices• Reengineering and redesigning network an replacing cisco old devices with cisco 9000 series.• Deployed network security measures such as NTPv4, publishing service DNAT, SNMPv3, DAI, DHCP Snooping, and IP Source Guard.• Maintained core services including AD, DNS and DHCP• Developed network automation tools using Python for troubleshooting and reporting. Minder weergeven

• 

  Nationale-Nederlanden

  Nov 2023 - now

  Senior Network Engineer

  ⦁ Designing SD-WAN network for the new environment (Cisco SD-WAN) ⦁ Designing LAN networking (collapsed core) with Cisco switch 9300, 9500 and catalyst center⦁ Designing wireless network with WLC 9800 and AP 9166I for the new environment⦁ Maintaining data center dell OS10 network (BGP VXLAN EVPN)⦁ Maintaining NSX-T⦁ Automating data center network devices (dell OS10) with Ansible⦁ Maintaining Cisco ISE(device admin and 802.1.X)⦁ Implementing IBNS 2.0 ⦁ Implementing Cisco SD-WAN policy: ⦁ centralized policy (Topology, DIA,AAR, Cflowd) ⦁ Security policy (URLF,IPS, FW) ⦁ Localized policy (QOS)⦁ Configured SD-WAN controllers (vManage, vSmart, vBond) and WAN Edge devices to enable secure and scalable network connectivity.⦁ Conducted system performance optimization, troubleshooting, and user training for [team/organization]⦁ Implementing Wireless network (WLC 9800, AP 9166I) ⦁ Flex connect ⦁ Local mode⦁ Integrated wireless networks with Cisco DNAC for centralized policy enforcement, telemetry, and assurance⦁ Ensured compliance with security protocols by implementing 802.1X, WPA3, and segmentation through WLANs.⦁ Automating LAN network implementation with Catalyst center (DNAC) Minder weergeven