SUMMARY:

• Cisco certified Network Engineer with 8+ years of experience in Network engineering, performing Analysis, Design, Implementing, and Troubleshooting with focus on performance tuning and support of large Enterprise Networks
• Inspected configuration, checked configuration compliance, test IT Controls functionality and inspected logs. Reviewed signatures within IDS/IPS tools (Snort) to ensure signatures are up to date to minimize false positive and false negative in the System.
• Deeply involved in Cybersecurity frame work, Threat analysis, Vulnerability assessment and Penetration testing and perform risk analysis
• Experienced in Vulnerability scanning tools, as well as network security and monitoring tools such as IDS/IPS, Nexpose, Qualys, Splunk and Wireshark.
• Analyze, monitor, troubleshoot, and investigate security - related anomalies with various tools such as AlienVault SIEM, Imperva Secure Sphere Web Application Firewall, Barracuda WAF and SCCM
• Analyze and investigate logs, payloads, and packets in IBM QRadar SIEM including Sourcefire IDS, Palo Alto Firewall, Checkpoint, Windows Server, Linux Server, and Symantec Endpoint Protection for remediation.
• Performed the review of a newly implemented Security Incident and Event Management (SIEM) system. Reviewed technical specifications for SIEM, logging and proposed recommendations to improve the overall deployment of the solution
• Developed correlation rules for Security Incident and Event Management (SIEM) system. Reviewed the solution implemented for "log forwarding" from various network devices to HP ArcSight central logging for alerting and security monitoring
• Implemented NIST and ISO technical controls on Network and Security devices by following the security standards provided by DOD guidelines
• Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Experienced in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions.
• Led a comprehensive security infrastructure upgrades of SIEM, QualysGuard, maintaining Microsoft Active Directory, routers, switches, and Symantec backup.
• Experience in Service Validation, Gateway support and Troubleshooting Network & Security infrastructure on routers, switches & firewalls
• Good working Experience with Cisco Routers, Cisco Switches, Nexus 7K, 5K and 2K series, Load Balancers and Firewalls
• Expertise in Configuration of Virtual Local Area Networks using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trunking using 802.1Q
• Experience and strong knowledge of Palo Alto firewalls, Juniper SRX. Experience with PA, SRX Firewalls in Multi-VSYS and Multi VRF configurations, experience configuring IPsec Tunnels, Security Policies, Objects & NAT, PAT Rules, ACL’s, and Zones.
• Experience with F5 GTM/LTM 8950, 10000 series and VIPRION configuration/installation/support.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550) .
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Experience in designing, deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP.
• Analyze network & system responses and determining tuning recommendations to improve performance
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• Experience in F5, Cisco ACE 4710, F5 load balancers - LTM, GTM series like 6400, 6800, 5000, 2000 for the corporate applications and their availability.
• Experience in implementation, configuration & troubleshooting of Access Control Lists (ACL), NAT and Cisco IOS
• Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and Checkpoint R 75 firewalls.
• Worked as Network engineer supporting CISCO routers, switches, Bluecoat proxy servers. implementing vulnerability management Protocols in BCP (Business Continuity Process)
• Hands on experience working with Cisco Nexus 7K, 5K & 2K Switches.
• Worked on NXOS, IOS, and IOS-XR BXB to N7K-NXOS (MPLS) system test.
• Good knowledge of CISCO NEXUS data center infrastructure with 5000 and 7000 series switches includes (5548, 7010) including CISCO NEXUS Fabric Extender (223, 2248).
• Experience in working with load balancer for converting CSS to ACE
• Developed workflows and procedures for email monitoring in support of the Data Loss Prevention(DLP) program.
• Experience in Implementing Symantec Data Loss Prevention in Three Tier architecture for Enterprise organizations and integrating DLP with Exchange Server and Data Insight.
• Worked on Implementing Symantec Data Loss Prevention(DLP) to secure all end points
• Participated in the deployment of QoS in the network focusing mainly on VoIP services in the network
• Highly focused engineer experienced in designing, implementing and maintaining high availability carrier grade VoIP networks with emphasis on the Broadworks Softswitch Platform (AS, NS, MS, WS, XSP, PS and EMS)
• Extensively worked on Cisco catalyst router 6509 and implemented VSS along with VDC and VPC on Nexus 5505, 7010 switches
• Strong hands on experience on PIX, Firewalls, ASA 5500 series firewalls. Implemented Security Policies using ACL, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
• Hands on experience in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems
• Implementation of Data Center migration from 6500 based Data Center to Nexus based data center with 7k-5k-2k dual home design with multiple VDC's, VPC, OTV and FEX
• Configured ASR 1K routers as the companies head end WAN routers and implemented BGP with VRF and OSPF instances running parallel
• Experience on Virtual Private Network (VPN) for operating Network and Data Center.
• Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
• Experience with Internet/Intranet Networking Protocols and Services
• Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
• Access control server configuration for RADIUS & TACAS+.
• Excellent qualities such as Teamwork, Negotiation, Analysis and Communication.
• Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.

TECHNICAL SKILLS:

LAN/WAN Technologies: Ethernet/ Fast Ethernet/ Gigabit Ethernet networks, VLANSVTP, STP, PVST, RSTP, 802.1W, Frame Relay, ISDN, PPP, MPLS, leased lines and exposure to PPP, HDLC DS1, DS3, OC3, OC12, OC48, T1/T3 and E1/E3

Routing/ Switching: Cisco routers (7206 VXR, 4431, 4331, 3945, 3925, 3845, 29012811, 2620, 2612, 1900, 1800, 800) Cisco Catalyst switches (6800, 6509, 6506, 6513, 3750, Catalyst 37xx stack, 3550, 2960, 2800, 1900 series), Cisco Nexus (7000 series 10- slot switch, 5548P, 5548 UP, 2248TP. 2248TP-E, 2232PP), VPC, VDC, OTV

Security: Cisco ASA 5500 series (5505, 5512-X, 5525, 5545) and PIX 515E, 525 series, Juniper (220/550) SRX, Palo Alto, Checkpoint, IPsec VPN Configuration, RADIUS, TACACS+, IDS/IPS, 3060 VPN Concentrator, PKI, ACL, NAT/PAT, Route maps

Wireless: Autonomous AP's, Lightweight AP's, Cisco Wireless LAN, Airdefense, Services Platform(ADSP), Wing Controller, Cisco AP s Controller 2400, 5500 Series, WDS, and WLSE, Standards 802.11 a/b/g

Management Tools: Cisco Prime Infrastructure, Solarwinds, Firemon, Cisco NCSNetMRI, Show and Share, Wireshark, NetQOS Super-Agent

AT&T Tools: Snooper, Balance Manager, IWOS

Operating Systems: UNIX, LINUX, Sun Solaris, Mac OS, Windows server 20002003, 2008, Windows 7/NT/ XP/Vista, Cisco IOS, Cisco IOS-XE, Cisco NX-OS, VMware

Tools: Wireshark, Tcpdump, VMWare, Splunk, Nessus.

WAN Optimizer: Riverbed Steelhead Appliance viz: SaaS, IaaS, DHCP and DNS Infoblox

Programming: C, C++, MATLAB, Python, Perl

Documentation: MS-Office (PowerPoint, Excel, Word), MS-Visio, SharePointGoogle Docs

PROFESSIONAL EXPERIENCE:

Confidential, Cumberland, RI

Information Security Engineer

Responsibilities:

• Responsible for Data Loss Prevention(DLP) configurations, monitoring activity, AirDefense configurations and threat detections
• Configured the DLP tools, worked on scripts and provided support to team with info on daily meetings, activities.
• Responsible work Fidelis configurations, worked on tools on threat prevention and information security on both mail exchange and share drives.
• Worked on Fidelis, Worked on license additions, monitoring and ldap. Monitored through debug, threat prevention and detection process and configs are peer reviewed by teams
• Experienced in Vulnerability scanning tools, as well as network security and monitoring tools such as IDS/IPS, Nexpose, Qualys, Splunk and Wireshark.
• Worked on corporate and retail environment Airdefense set up and firmware upgrades, sensor set up, application monitoring
• Airdefense sensors set up for scanning and security, Cisco AP's are set up for general networking and internet access. The corporate environment has 1 AirDefense appliance and 1 WiNG appliance, the WiNG appliance is used primarily for firmware upgrades and general profile creation, sensor-server AirDefense application, location and passwords etc.
• Monitoring wireless using Aruba Airwave Perform wlc installations, access point monitoring issues, Provide support to issues with wireless connectivity and heat map regions
• Configured email relay and alerts in the environment., Configured syslog’s for the application.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 and PA5000 series as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Prevented various malware attacks using IDS and IPS which are identified by signature based and anomaly-based engines.
• Experienced in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions
• Coordinate Symantec DLP, endpoint protection manager and anti-malware bytes exploit for endpoints agent and software upgrades. Experience in cloud security, threat monitoring, and prevention.
• Identified the vulnerabilities and non-compliant issues in the network and applications using vulnerability scanners and SIEM tools.
• Migrated from a predominantly Cisco ASA and Checkpoint environment to a Palo Alto global solution.
• Exposure to Global Protect VPN, wild fire advance malware detection using IPS feature of Palo Alto
• Hands on experience in conducting Web Application Security scan, Ethical Hacking using commercial and non-commercial applications and methodologies such as SANS Web application assessment, OWASP Top 10 and CVSS Scoring using IBM App Scan.
• Worked in IDS/IPS to trigger the alerts which intern used for forensic purposes
• Utilized Splunk for monitoring and reporting purposes and to identify potential threats.
• Configuring network devices to send Syslog messages externally, which contains the required amount of data for forensic and compliance.
• Involved in migration of network from cisco catalyst switches/ASA firewalls to palo alto.
• Install, upgrade and configure Next-Gen Palo Alto Firewall series PA-200,PA-500
• Configuring & managing around 500+ Network & Security Devices that includes Juniper (NetScreen) Firewalls, F5 BigIP Load balancers, Citrix Netscalar and 3DNS, Blue Coat Proxies and Plug Proxies.
• Worked with configuring Juniper SRX firewalls for new datacenter.
• Vulnerability assessment using tools such as Nessus and Qualys, and implementation of Security Policies. Knowledge in design and deploy of F5 LTM, GTM, APM, ASM solutions.
• Strong experience in Configuring F5 LTM 8950, 6900, VIPRION 2400 models.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as NITRO, Splunk, Forcepoint and many other tools.
• Oversee Vulnerability assessment /penetration testing of scoped systems and applications to identify system vulnerabilities.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations
• Use Splunk Security Manager to identify threats and assigned category.
• Solid Understanding of IBM QRadar.
• Strong understanding of DLP Architecture, Rules and Policies and its implementation
• Assist in the creation of an end-to-end technology strategy for SIEM to address current and future security concerns, emerging threats, regulatory compliance and alignment with technology and the business
• Provide support in security architecture, design, developing, monitoring and supporting enterprise infrastructure environment
• Antivirus McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite.
• Configuring Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210

Confidential, Boston, MA

Sr. Network Security Engineer

Responsibilities:

• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Deployed the Nexus 7000/5000/2000 architecture into production securing competitive advantage across multiple verticals.
• Performed routine monitoring of Checkpoint firewall from security perspective and troubleshooting the connectivity issues.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA firewall.
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to GetVPN.
• Involved in the activity of DATA-Center migration of regular Cisco catalyst switches with the new Nexus2148, 2224T, 5548, 6018, 7010using F3/M3 line-cards with 10GE & 40GE interfaces and Supervisor 2E.
• Upgrades, installs, configuration and administration security and monitoring tools on Linux.
• Responsible for design, implementation and management of email data loss prevention (DLP)
• Developed workflows and procedures for email monitoring in support of the Data Loss Prevention(DLP) program so-fareast-font.
• Experience with Security- Firewalls, NAT / PAT, IPSEC, S2S.
• Experience working with F5 LTM/GTM network load balancers for various applications depending on the requirements.
• Involved in configuring Checkpoint (R76) Firewall rules and objects as per the requirements.
• Configuring Cisco ACS along with TACACS+ server authentication.
• Configuration, support and administration of Palo Alto and Checkpoint and to migrate all gateways and management servers to new hardware and software - Checkpoint SG appliances running GAiA OS and Checkpoint R75.40.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and Checkpoint.
• Provided remote assistance for replacing exiting switches with new Cisco switches and configured various routing protocols like OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4.
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst switches.
• Implementation of Palo Alto firewalls ( URL Filtering, IPS, DPI, VPN)
• Implemented site to site VPN in Juniper SRX as per customer.
• Implemented various EX, SRX & J series Juniper devices.
• Performing Vulnerability Analysis test for Firewalls and other network devices and providing the closures for vulnerabilities.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Performing the ACL requests change for various clients by collecting source and destination information from them.
• Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPSec and SSL encryption.
• Worked on Palo Alto firewalls in creating and implementing the policies required by the company.
• Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0.
• Design and Implement DMZ for FTP, Web and Mail Servers with CISCO PIX 506, PIX515
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Migrated, created, and managed pools and clusters in F5 BigIP GTM 3DNS load balancers across multiple Datacenters.
• Involved in Configuration of Access lists (ACL) on Juniper and Palo Alto firewall for the proper network routing for the B2Bnetwork connectivity.
• Provided daily Palo Alto firewalls administration such as Threat prevention, URL filtering, IPSec and SSL VPNs.
• Performed database maintenance and support functions utilizing data warehouse concepts such as fact tables, queries, sorting, table spaces, and bitmap indexes.
• Switching technologies like VLAN, Inter-VLAN Routing, Ether-channel, VTP, MLS, HSRP, VRRP
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Experience of IP/MPLS/Optical Transmission network for access transport & back haul network to facilitate 2/3/4G Network.
• Troubleshooting and management Cisco, Juniper, Huawei, Red back and extreme devices.
• Understanding of 2/3G services and traffic flow.
• Troubleshooting and management of NetScreen and SRX Firewalls

Confidential, Fremont, CA

Network Engineer

Responsibilities:

• Configuring, Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and troubleshooting Remote infrastructure management of offices in different locations nationwide.
• Provide direct day to day support for various technologies such as: WAN technologies (MPLS, Frame Relay, etc.), Data Center infrastructure (VLANs, trunks, teaming, L2 & L3, etc.), Campus switching, Load Balancer and Virtualization, Routing protocol support (BGP, IEGRP & OSPF), VPN technology support, VoIP communications and infrastructure, enterprise wireless, RADIUS services, enterprise DNS / DHCP and other various enterprise technologies and services.
• Configure and Deploy VOIP servers, hardware, applications, and monitoring tools
• Responsible for maintaining and ensuring the proper functioning of all network devices (i.e. Juniper routers/switches, Cisco Routers/Switches, Juniper net screen firewalls, Cisco ASA firewalls, and load balancers (LTM)).
• Responsible for complete branch network infrastructure that includes Cisco Switches, Cisco Nexus, Palo Alto Firewalls, Cisco ASA Firewalls, Cisco Routers, and WAP’s, WLC’s, F5 LTM Load balancers, HP IPS
• Troubleshooting and escalation management of day-to-day issues for offices. Managing Co-location and Datacenter infrastructure in North America.
• Configured EIGRP and OSPF as interior gateway protocols with route filtering and route redistribution. Troubleshot complex LAN/WAN infrastructure that include routing protocols EIGRP , OSPF and BGP .
• Responsible for all aspects of TCP/IP functionality across multiple enterprise environments.
• Performed OSPF , BGP , DHCP Profile, HSRP , IPV6 , Bundle Ethernet implementation on ASR 9K redundant pair.
• Involved setting up the TFTP server for backing up the IOS images and configuration files of Cisco Routers and Switches and troubleshooting the file servers.
• Upgrades, installs, configuration and administration security and monitoring tools on Linux.
• Experience with Security- Firewalls, NAT / PAT , IPSEC , S2S .
• Experience with ALG ( RTP , RTSP and FTP , DNS , HTTP ), DHCP .
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering
• Configuring Palo Alto policies and setting different device configurations.
• Implemented Symantec Data Loss Prevention in Three Tier architecture for Enterprise organizations and integrating DLP with Exchange Server, and Data Insight.
• Responsible for network evaluations, troubleshooting a variety of network problems, and implementing various software and hardware upgrades efficient performance.
• Designed and implemented DMZ for Web servers , Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Generating RCA (Root Cause Analysis) for critical issues of layer1 / layer2 / layer3 problems.
• Provided redundancy to the network, implemented hot standby routing protocol ( HSRP ) and Load sharing for effective utilization of routers.
• Configuring, implementing and troubleshooting VLAN's , VTP , STP , Trunking , Ether channels.
• Packet capturing, troubleshooting on network problems with Wireshark , identifying and fixing problems
• Implementing, configuring, and troubleshooting various routing protocols like RIP , EIGRP , OSPF , and BGP etc.
• Performing network monitoring, providing analysis using various tools like Wireshark , Solarwinds etc.
• Evaluate, manage and support the IP PBX SIP interop program consisting of customers' self-interop and vendor interop.
• Security policy review and configuration in Palo Alto and Junipers Firewall in US offices and Datacenter. Designed and configured of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Analyzed customer application and bandwidth requirements, ordered hardware and circuits, and built cost effective network solutions to accommodate customer requirements and project scope
• Installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800)
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.

Confidential

Jr. Network Engineer

Responsibilities:

• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Team member of Configuration of Cisco 7206 router with VPN and Configuration of Catalyst switches.
• Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN.
• Configured Routing protocols such as RIP, OSPF, EIGRP, static routing and policy based routing.
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Configuration and troubleshooting link state protocols like OSPF in single area and multiple areas.
• Redesign of Internet connectivity infrastructure for meeting bandwidth requirements.
• Performed packet tracing using OPNET.
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Providing Technical Support and solutions for Network Problems.
• Planned, tested and evaluated various equipment's, systems, IOSs and procedures for use within the Network / security infrastructure.
• Upgrading IOS, troubleshooting network outages.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long term planning, implementation, project management and operations support as required.
• Configured and troubleshoot cisco WAP, and cisco prime
• Hands-on experience in the network management of circuits using TDM and Frame Relay network, performing configuration and provisioning management, fault management and performance monitoring

Confidential

Network Administrator

Responsibilities:

• Created network diagram for employees using the Microsoft Visio.
• Preparing Client Machines for users with Operating Systems, Software, antivirus and required utilities and mailing clients etc.
• Primarily responsible in designing and maintaining the budget for the whole network.
• Perform daily maintenance, troubleshooting, configuration, and installation of all network components.
• Configuration of CISCO Routers (3600, 4000 Series) and 3550, 4500 series switches.
• TCP/IP network planning, Implementation and Management with subnets.
• Enabled SNMP traps for our Cacti Monitoring tool to monitor traffic and check the regular health of Servers and Network Devices
• Implementation of Virtual LANs across Routers and Switches.
• Implemented and Configured IP Routing Protocols: OSPF, EIGRP, and RIPv2
• Implemented and configured LAN Protocols: Ethernet, VLANs, VTP and STP.
• Worked with Remedy Ticketing tool in maintaining and keep a track of logs/monitor
• Designed and implemented IP Addressing, Subnetting, Route Summarization and Route Distributions
• Monitoring the Servers and Networks.