To obtain a position as a Senior Network Security Engineer/ Architect in a renowned organization that will provide me an opportunity to use my skills in prepare, plan, design, implement, operate and optimize IT Infrastructure that meets today and future Business requirements and drive cybersecurity risk management , advisory services and leadership across the organization.
- I have more than 17 years of experience as a Senior Network and Security Engineer/ Architect with LAN/WAN and Network Security.
- MS in Computer Science, BS in Computer Engineering have worked to prepare, plan, design, implement, operate and optimize administration of networking equipment such as routers, switches, Nexus Switches 9K, 7K/5K/2K, 1000v,VBLCOK, firewalls, Virtual Firewalls, DDOS Protection, IPS, HIDS, EDR, SSL VPN, Load Balancer, NAC(Network Access Control), WAN Optimization, RSA Secure ID, Cisco MDS, IaaS Cloud, Campus in Cloud with AWS, Next Generation Endpoint Detection Response (EDR) NSX Deployment in Data Center, Symantec, Avaya IP PBX, HP Enclosures, Cyber Security, Confidential CIP, Vulnerability Assessment, Security Dashboard, Cisco Wireless Controller and Access Point, Aruba Controller and Access points Web Security, network management and structured cabling. Leveraging Network programmability for automation, orchestration of API’s, RESTCONF, NETCONF, YANG, Ansible, ACI, APIC - EM, ODL and python scripting .
- Excellent Communication, project management and high customer services satisfaction skills and believe in continuously improving the Technical/Managerial skills.
LAN / WAN :
Routing Protocols: EIGRP, RIP, OSPF, BGP, TCP/IP, IPv4
Hardware Platform: Routers; Cisco 800, 1700, 2600, 3600, 4500, 7500, 3800, 6500,6800,6880,Arista 7500
Switches: 3550, 3600, 3700, 3750, 6500, Nexus 2000, 5000, 7000,9000, Nexus 1000v,VBLCOK, UCS C and B Series, Arista 7000 Arbor Network DDOS, MDS922i and HP C Class and P Class Enclosures
Wireless: Cisco and Aruba Wireless controller and AP’s deployment in Campus .
Security & VPN :
Security Protocols: IPSec, RSA, SSH, SSL
Hardware Platform: Palo Alto 200,3000,5000,7000 and Panorma, Checkpoint IP 560 IP 390, Checkpoint 4600 Appliance, Checkpoint 12600,Check Smart 1 25 and Check Point Smart 1 50 Cisco VPN concentrator, Cisco ASA 5505 Cisco ASA 5510,Cisco ASA 5540, Cisco PIX 501, Cisco Pix 515E, Cisco PIX 525 Cisco PIX IDS, IPS, Pix Firewall, Juniper SSL VPN, Checkpoint Firewalls, Juniper SRX 5500, Sonic Wall NSA5600, Checkpoint Network Access Control (NAC), SAV for NAS, Tipping Point, Mimesweeper, Qualys, Cyphort, Fireeye, Crowd Strike, Carbon Black
Network Management :
Security: Team Cymru, Qualsys Guard,Cyphort
LAN/WAN: OPSware, HP Openview, Cisco works, Tivoli, Solar Winds, Netbrain, Whatsup Gold
Sniffer: Ethereal, Wire Shark, Observer, Fluke Networks
Application Performance :
Load Balancer: Experienced in CSS, F5 (BigIP and 3DNS), Foundry LB and Radware Alteon’s,, AVI Networks
Silver Peak NX 10700 and VRX:
System Logging: RSA Envision, QRadar, Tripwire
Content Filtering: Web Sense
Remote Authentication: RSA Secure ID, Cisco ACS, Steel Belted Radius and Crypto Card
Network Diagram: Microsoft Visio
Senior Security Engineer/ Architect
- Responsible to improving the security posture for Confidential and communicate the security priorities with C Level Management.
- Directed all facets of the IT department to include: corporate information architecture, data and voice infrastructures, information security, database and reporting strategy, software development efforts, and project management. Provided strategic planning to senior management.
- Patch management, vulnerability assessment, vendor selection, Penetration testing and day to day analysis on daily threats and their remediation.
- Conducting Security Awareness Training, Patch Management, Security Dashboard for C Level Executive and analyzing day to day threats.
Confidential, Santa Clara -California
Senior Network Engineer/Architect
- Provide day to day and new office deployment via PAN firewalls at more then 30 Remote Offices ( Over 200 Firewalls), Data Centers, Cloud and also support the upgrade and bug fixes .
- Design, implement and provide support for all network related hardware/software.
- Deploy Campus in Cloud with AWS .
- Install, support and maintain hardware and software infrastructure according to best practices, including routers, Load balancers, switches, wifi controllers, and firewalls.
- Perform network security design and integration;
- Diagnose problems and solve issues, often under time constraints;
- Provide network and host based security, incident response, firewall and VPN management and administration;
- Implement the necessary controls and procedures to protect information systems assets from intentional or inadvertent modification, disclosure, or destruction;
- Provide network documentation;
- Ensure system uptime and backup for network related equipment.
- Conduct security assessments (with security team) and make recommendations on data/voice network (LAN/WLAN/WAN/DMZ/Internet), disaster recovery, remote access, network appliances, servers, and directory services security
- Provide security incident triage and response, including working with firewall and device logs, investigating security events, protecting forensic value of data and establishing monitoring and incident reporting and response procedures.
- Work closely with engineering to help report issues and manage project deliverables and provide status and progress reports
- Provide on-call support for L3 Network engineering on rotation
Confidential, San Mateo, California
Senior Network Engineer/ Architect
- Working on designing and implementing Data Centers for the new and existing customers with an objective for minimum or no downtime.
- Provide day to day support to Cisco UCS architecture, Cisco Nexus Switches, Cisco Nexus 1000v
- Provide day to day support Cisco ASA, Juniper SRX and Sonic Wall Firewalls
- Provide day to day support to F5, Foundry and Alteon load balancers.
- Develop procedures and policies for supporting the Global Networks, SLA's, and Network Security
- Ability to comprehend, analyze and research problems of a complex nature, make judgment decisions and recommendations as to their solution
- Excellent interpersonal, organizational, leadership and mentoring skills
- Ability to prioritize, multi-task and maintain flexibility in a fast-paced environment.
- Proactively Support Engineering, Development and Lab Infrastructure
- Develop and design the BCP for the Data Centers and create strategic ways to avoid the downtime for the transition during the Data Centers Fallback/Fall forwards with minimum impact to business critical applications.
- Leading the teams by example and initiate the brainstorm and collaboration session with the Engineering Teams, Application Developers, Customer Support, Network Operation Center, CIO and CTO .
Senior Network Engineer/ Architect
- Preparing and maintaining Reliability Standard Auditing Worksheets ( Confidential ) and involved in Setting up the Confidential Zone and preparing documentation for Confidential CIP Audits.
- Prepare, plan, design, implement, operate and optimize the Enterprise Campus across multiple locations by upgrading it from the Cisco 4500 Switches to Cisco Stackable Switches 3750's and also deploy Checkpoint Firewall with Identity Awareness and Application Control for User's Segment.
- Prepare, plan, design, implement, operate and optimize the Enterprise Edge across multiple locations by upgrading the WAN Link to meet business requirements and upgrade the IT infrastructure to Juniper SSL VPN 2500 for Production and Development.
- Prepare, plan, design, implement, operate and optimize the Enterprise Data Center across multiple locations by upgrading it from the Cisco Catalyst 6500 to Cisco 6800 with VSS and upgrading the access to Nexus Switches from Cisco Catalyst Switches
- Prepare, plan, design, implement, operate and optimize the Enterprise Edge security parameter across multiple locations by upgrading it to Tipping Point IPS 1200 E and then upgrading them to Tipping Point IPS 1400 E with Geo Locations.
- Prepare, plan, design, implement, operate and optimize the Enterprise Edge across multiple locations by deploying Checkpoint Firewalls, Cisco Load Balancer and Tipping Point IPS 1200 E.
- Prepare, plan, design, implement, operate and optimize the Infrastructure Voice Services of existing PBX to Avaya Voice Solution with CS1K, Session Manager, System Manager and Survivable Media Gateway and CIC IBM Contact Center for multiple locations.
- Prepare, plan, design, implement, operate and optimize the Enterprise Remote Access across multiple locations with Site to Site VPN with Cisco ASA’s and Checkpoint Firewalls with Managed and Unmanaged Edge Firewall and deploying thick Client Check Point NAC which includes ( Firewall, VPN, Full Disk Encryption, Media Encryption)
- Upgrade the existing RSA Secure ID version 6.1 to RSA Secure ID Appliance Authentication Manager 7.1 and recently in 2014 to 8.1 P 05
- Prepare, plan, design, implement, operate and optimize Confidential isolation which includes several pairs of Cisco ASA’s 5550, Cisco Routers 3800, Cisco Switches and Tipping Point 1200 E to enhance the posture of Critical Cyber Assets in Production and Dev Environment.
- Works as a stakeholder for the Security patches and vulnerabilities. Identify the vulnerabilities across the entire infrastructure and upgrade the devices if possible.
- Works as Project Manager on several projects and create several Business Cases and Project Plan of Juniper SSL VPN, F5 Load Balancer Deployment, RSA Secure ID Upgrade and Checkpoint NAC Deployment.
- Upgrade the Checkpoint Management consoles for Checkpoint Firewalls IP390’s, IP560’s, IP530’s and in several DMZ Zones for Production, Sandbox and QA Environment in Primary Site and Backup Operation Site from R65 to R71.10.
- Upgrade Checkpoint Firewall from NGX R65 to R71.10 and R75.40 ( Gaia) also deploy Checkpoint Firewall with Identity Awareness and Application Control.
- Deploy several HP C- Class Enclosures and also troubleshoot day to day problems related to HP C and P Class Enclosures and Rack Mount Servers
- Recreation of problems in a lab environment and filled bugs with several vendors.
Senior Network Engineer
- Design, deploy and implement several new Managed, Complex Colo and Colo Customers
- Provide day to day and final level of escalation as a Tier 3 Support Engineer for existing and new customers
- Identify and Perform Security patches on Network devices.
- Installed, configured and troubleshooting of several Cisco devices, Checkpoint, F5 (BigIP and 3DNS), Nortel and other tools.
- Excellent customer services skills
- Recreation of problems in a lab environment and filled bugs with several vendors
- Implementation of several customers in the data center based on complex project scope
- Provide day to day support and deploy new customer on Cisco Pix’s, Cisco ASA’s, F5 BIG-IP LTM,F5 BIG-IP GTM, Check Point Firewalls, Cisco VPN Concentrator, Cisco CSS’s, in Toronto, Vancouver and Montreal Data Center.
National Broadband/VPN Specialist
- Drove Broadband connected systems in Canada from 38% to 70 %, successfully achieving the target for 2005 and resulted in approximately 10% less calls to the Customer Centre and reduced FSR site visits by 20%.
- Increased the Canadian VCP Credits by $300K CAD per month for the Broadband Service contract.
- Supervised with Milwaukee to create a Broadband Workbench to access the Broadband Compatible systems for Canada.
- Design and coordinate the Site-to-Site VPN using Cisco PIX, Cisco Routers and Linux FreeSwan, Sonic Wall for connectivity with customers.
- Provide assistance to VPN team and Customer for setting up and troubleshooting problems with Site to Site VPN with Checkpoint NG, Cisco Pix, Cisco Concentrator 3.6 or higher, Cisco Router 12.2 or higher, Juniper Netscreen, Sonicwall Pro +TZ, Symantec Raptor, Watchguard Firebox.
- Good relationship builder with Customers by positive approach, re-enforcement of mutual goals and establishing trust relationship and provide assistance in understanding, designing, securing and developing Site to Site VPN with almost every firewall vendor and with customers all over the Canada.
- Coordinate and lead Confidential Healthcare VPN Team, Field Team, Project Manager Teams, Online Engineering Team, Sales Team and Services Team.
Senior Network Engineer
- Network Engineer leads the Network Department within the design and implementation of IT infrastructure center, provides and supports all local voice and data network.
- Designed and implemented a topology where remote nodes (moving ships) can get 24/7 IP & Voice services through Teleports (Earth stations). This involved setting up earth stations to provide services from four different locations (Glenwood, New Jersey; Holmdel, New Jersey; Leuk, Switzerland & Brewster, Washington ).
- Design and implementation of Site-to-Site VPN using Cisco PIX, Cisco routers, Sonicwall and Red Hat Fedora Core 2 for backup connectivity between branch offices.
- Network implemented running RIP2 & OSPF over Frame Relay.
- Designed, implemented and managing Network operations center (NOC).
- Worked with Cisco(3600, 1720, Switches), Memotec (CX800, CX950) & IBM 2210 Router's and Sonic Wall Pro 100, Pro 230 and Cisco Pix firewall 515E.
- Implementing Site to Site VPN between Cisco PIX, Cisco router (1720, 3640) and Red had Linux.
- Network Engineer in making plans including operations, troubleshooting, and expansions of the current network and communication links. Network monitoring including performance of the network, links utilization, and network troubleshooting
- Installation and Configuration of 3Com switches Core Builder 9000 & 3500 Layer3 switch and GIGA interfaces, also configuration of 3Com Super Stack Switch 3300 Configuration of VLAN and implementation of security using QOS Classifiers and Controls. Cisco 2900 switch, Switches IBM 8271, Access Servers IBM 8235 032 and Ethernet Stackable hubs IBM 8224 Series.
- Design, implement and setup of Network Monitoring Software (IBM Tivoli, HP Open View, Cisco Works for Windows and 3Com Transcend Enterprise Manager)
- Administered Cylink PrivateWire Gateway as encryption/decryption tool using RSA and Triple DES technologies - Created users, group, defined the rule(s), certified authorities and certified the public keys.
- SoHo Solutions - ISDN: legacy DDR, Dialer profile and Dial Backup, Bandwidth on Demand from main site to backup site.
- Involved in Design, Installation, Configuration, network testing, Operations & Administration of Internetwork. Project leader for implementation of Disaster Recovery Site & structured cabling for CDC networks.
- Configure Site to Site VPN between Cisco Routers and monitor the performance of network