SUMMARY:

• Cisco certified Network Engineer with 5+ years of experience in Network engineering, performing Analysis, Design, Implementing, and Troubleshooting with focus on performance tuning and support of large Enterprise Networks
• Inspected configuration, checked configuration compliance, test IT Controls functionality and inspected logs. Reviewed signatures within IDS/IPS tools (Snort) to ensure signatures are up to date to minimize false positive and false negative in the System.
• Deeply involved in Cybersecurity frame work, Threat analysis, Vulnerability assessment and Penetration testing and perform risk analysis
• Experienced in Vulnerabiliy scanning tools,as well as network security and monitoring tools such as IDS/IPS,Nexpose,Qualys,Splunk,and wireshark.
• Analyze and investigate logs, payloads, and packets in IBM QRadar SIEM including Sourcefire IDS, Palo Alto Firewall, Checkpoint, Windows Server, Linux Server, and Symantec Endpoint Protection for remediation.
• Performed the review of a newly implemented Security Incident and Event Management (SIEM) system. Reviewed technical specifications for SIEM, logging and proposed recommendations to improve the overall deployment of the solution
• Developed correlation rules for Security Incident and Event Management (SIEM) system. Reviewed the solution implemented for "log forwarding" from various network devices to HP ArcSight central logging for alerting and security monitoring
• Implemented NIST and ISO technical controls on Network and Security devices by following the security standards provided by DOD guidelines
• Experience with enterprise - class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Experienced in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content
• Filtering, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access
• Management (IAM) solutions.
• Led a comprehensive security infrastructure upgrades of SIEM, QualysGuard, maintaining Microsoft
• Active Directory, routers, switches, and Symantec backup.
• Experience in Service Validation, Gateway support and Troubleshooting Network & Security infrastructure on routers, switches & firewalls
• Good working Experience with Cisco Routers, Cisco Switches, Nexus 7K, 5K and 2K series, Load Balancers and Firewalls
• Expertise in Configuration of Virtual Local Area Networks using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN trunking using 802.1Q
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Experience in designing, deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP.
• Analyze network & system responses and determining tuning recommendations to improve performance
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• Experience in F5, Cisco ACE 4710, F5 load balancers - LTM, GTM series like 6400, 6800, 5000, 2000 for the corporate applications and their availability.
• Experience in implementation, configuration & troubleshooting of Access Control Lists (ACL), NAT and Cisco IOS
• Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls.
• Worked as Network engineer supporting CISCO routers, switches, Bluecoat proxy servers.

TECHNICAL SKILLS:

LAN/WAN Technologies: Ethernet/ Fast Ethernet/ Gigabit Ethernet networks, VLANSVTP, STP, PVST, RSTP, 802.1W, Frame Relay, ISDN, PPP, MPLS, leased lines and exposure to PPP, HDLC DS1, DS3, OC3, OC12, OC48, T1/T3 and E1/E3

Routing/ Switching: Cisco routers (7206 VXR, 4431, 4331, 3945, 3925, 3845, 29012811, 2620, 2612, 1900, 1800, 800) Cisco Catalyst switches (6800, 6509, 6506, 6513, 3750, Catalyst 37xx stack, 3550, 2960, 2800, 1900 series), Cisco Nexus (7000 series 10- slot switch, 5548P, 5548 UP, 2248TP. 2248TP-E, 2232PP), VPC, VDC, OTV

Security: Cisco ASA 5500 series (5505, 5512-X, 5525, 5545) and PIX

515E, 525 series, Palo Alto, Checkpoint, IPsec VPN Configuration, RADIUS, TACACS+, IDS/IPS, 3060 VPN Concentrator, PKI, ACL, NAT/PAT, Route maps

Wireless: Autonomous AP's, Lightweight AP's, Cisco Wireless LAN, Airdefense Services Platform(ADSP), Wing Controller, Cisco APs Controller 2400, 5500 Series, WDS, and WLSE, Standards 802.11 a/b/g

Management Tools: Cisco Prime Infrastructure, Solarwinds, Firemon, Cisco NCSNetMRI, Show and Share, Wireshark, NetQOS Super-Agent

AT&T Tools: Snooper, Balance Manager, IWOS

Operating Systems: UNIX, LINUX, Sun Solaris, Mac OS, Windows server 20002003, 2008, Windows 7/NT/ XP/Vista, Cisco IOS, Cisco IOS-XE, Cisco NX-OS, VMware

Tools: Wireshark, Tcpdump, VMWare, Splunk, Nessus.

WAN Optimizer: Riverbed Steelhead Appliance viz: SaaS, IaaS, DHCP and DNS Infoblox

Programming: C, C++, MATLAB, Python, Perl

Documentation: MS-Office (PowerPoint, Excel, Word), MS-Visio, SharePointGoogle Docs

PROFESSIONAL EXPERIENCE:

Confidential, Cumberland, RI

Information Security Engineer

Responsibilities:

• Responsible for Data Loss Prevention(DLP) configurations, monitoring activity, AirDefense configurations and threat detections
• Configured the DLP tools, worked on scripts and provided support to team with info on daily meetings, activities.
• Responsible work Fidelis configurations, worked on tools on threat prevention and information security on both mail exchange and share drives.
• Worked on Fidelis, Worked on license additions, monitoring and ldap. Monitored through debug, threat prevention and detection process.
• Experienced in Vulnerabiliy scanning tools,as well as network security and monitoring tools such as IDS/IPS,Nexpose,Qualys,Splunk,and wireshark.
• Worked on corporate and retail environment Airdefense set up and firmware upgrades, sensor set up, application monitoring
• Airdefense sensors set up for scanning and security, Cisco AP's are set up for general networking and internet access.
• Monitoring wireless using Aruba Airwave Perform wlc installations, access point monitoring issues, Provide support to issues with wireless connectivity and heat map regions
• Cloud administration schedule, run jobs, data center on azure security.
• Configured email relay and alerts in the environment., Configured syslog’s for the application.
• Prevented various malware attacks using IDS and IPS which are identified by signature based and anomaly-based engines.
• Used Cloud Front to deliver content from AWS edge locations to users, allowing for further reduction of load on front-end servers.
• Experienced in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions
• Coordinate Symantec DLP, endpoint protection manager and anti-malware bytes exploit for endpoints agent and software upgrades. Experience in cloud security, threat monitoring, and prevention.
• Identified the vulnerabilities and non-compliant issues in the network and applications using vulnerability scanners and SIEM tools.
• Hands on experience in conducting Web Application Security scan, Ethical Hacking using commercial and non-commercial applications and methodologies such as SANS Web application assessment, OWASP Top 10 and CVSS Scoring using IBM App Scan.
• Worked in IDS/IPS to trigger the alerts which intern used for forensic purposes
• Utilized Splunk for monitoring and reporting purposes and to identify potential threats.
• Configuring network devices to send Syslog messages externally, which contains the required amount of data for forensic and compliance.
• Vulnerability assessment using tools such as Nessus and Qualys, and implementation of Security Policies..
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as NITRO, Splunk, Forcepoint and many other tools.
• Oversee Vulnerability assessment /penetration testing of scoped systems and applications to identify system vulnerabilities.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations
• Use Splunk Security Manager to identify threats and assigned category.
• Solid Understanding of IBM QRadar.
• Strong understanding of DLP Architecture, Rules and Policies and its implementation
• Assist in the creation of an end-to-end technology strategy for SIEM to address current and future security concerns, emerging threats, regulatory compliance and alignment with technology and the business
• Antivirus McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite.

Confidential, Boston, MA

Network Security Engineer

Responsibilities:

• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Deployed the Nexus 7000/5000/2000 architecture into production securing competitive advantage across multiple verticals.
• Performed routine monitoring of Checkpoint firewall from security perspective and troubleshooting the connectivity issues.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA firewall.
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Involved in the activity of DATA-Center migration of regular Cisco catalyst switches with the new Nexus2148, 2224T, 5548, 6018, 7010using F3/M3 line-cards with 10GE & 40GE interfaces and Supervisor 2E.
• Deploying, managing, and operating scalable, highly available and fault tolerant systems on AWS .
• Upgrades, installs, configuration and administration security and monitoring tools on Linux.
• Developed workflows and procedures for email monitoring in support of the Data Loss Prevention(DLP) program so-fareast-font.
• Experience with Security- Firewalls, NAT / PAT, IPSEC, S2S.
• Involved in configuring Checkpoint (R76) Firewall rules and objects as per the requirements.
• Provided remote assistance for replacing exiting switches with new Cisco switches and configured various routing protocols like OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4.
• Performing Vulnerability Analysis test for Firewalls and other network devices and providing the closures for vulnerabilities.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
• Performing the ACL requests change for various clients by collecting source and destination information from them.
• Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPSec and SSL encryption.
• Worked on Palo Alto firewalls in creating and implementing the policies required by the company.
• Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Involved in Configuration of Access lists (ACL) on Juniper and Palo Alto firewall for the proper network routing for the B2Bnetwork connectivity.
• Performed database maintenance and support functions utilizing data warehouse concepts such as fact tables, queries, sorting, table spaces, and bitmap indexes.
• Switching technologies like VLAN, Inter-VLAN Routing, Ether-channel, VTP, MLS, HSRP, VRRP
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Experience of IP/MPLS/Optical Transmission network for access transport & back haul network to facilitate 2/3/4G Network.
• Troubleshooting and management Cisco, Juniper, Huawei, Red back and extreme devices.
• Understanding of 2/3G services and traffic flow.
• Troubleshooting and management of NetScreen and SRX Firewalls

Confidential, Fremont, CA

Network Engineer

Responsibilities:

• Configuring, Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and troubleshooting Remote infrastructure management of offices in different locations nationwide.
• Provide direct day to day support for various technologies such as: WAN technologies (MPLS, Frame Relay, etc.), Data Center infrastructure (VLANs, trunks, teaming, L2 & L3, etc.), Campus switching, Load Balancer and Virtualization, Routing protocol support (BGP, IEGRP & OSPF), VPN technology support, VoIP communications and infrastructure, enterprise wireless, RADIUS services, enterprise DNS / DHCP and other various enterprise technologies and services.
• Configure and Deploy VOIP servers, hardware, applications, and monitoring tools
• Troubleshooting and escalation management of day-to-day issues for offices. Managing Co-location and Datacenter infrastructure in North America.
• Configured EIGRP and OSPF as interior gateway protocols with route filtering and route redistribution. Troubleshot complex LAN/WAN infrastructure that include routing protocols EIGRP , OSPF and BGP .
• Responsible for all aspects of TCP/IP functionality across multiple enterprise environments.
• Performed OSPF , BGP , DHCP Profile, HSRP , IPV6 , Bundle Ethernet implementation on ASR 9K redundant pair.
• Involved setting up the TFTP server for backing up the IOS images and configuration files of Cisco Routers and Switches and troubleshooting the file servers.
• Upgrades, installs, configuration and administration security and monitoring tools on Linux.
• Experience with Security- Firewalls, NAT / PAT , IPSEC , S2S .
• Implemented Symantec Data Loss Prevention in Three Tier architecture for Enterprise organizations and integrating DLP with Exchange Server, and Data Insight.
• Responsible for network evaluations, troubleshooting a variety of network problems, and implementing various software and hardware upgrades efficient performance.
• Designed and implemented DMZ for Web servers , Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Generating RCA (Root Cause Analysis) for critical issues of layer1 / layer2 / layer3 problems.
• Provided redundancy to the network, implemented hot standby routing protocol ( HSRP ) and Load sharing for effective utilization of routers.
• Packet capturing, troubleshooting on network problems with Wireshark , identifying and fixing problems
• Implementing, configuring, and troubleshooting various routing protocols like RIP , EIGRP , OSPF , and BGP etc.
• Performing network monitoring, providing analysis using various tools like Wireshark , Solarwinds etc.
• Evaluate, manage and support the IP PBX SIP interop certification program consisting of customers' self-interop and vendor interop.
• Security policy review and configuration in Palo Alto and Junipers Firewall in US offices and Datacenter. Designed and configured of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Analyzed customer application and bandwidth requirements, ordered hardware and circuits, and built cost effective network solutions to accommodate customer requirements and project scope
• Installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800)
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.

Confidential

Jr. Network Engineer

Responsibilities:

• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Team member of Configuration of Cisco 7206 router with VPN and Configuration of Catalyst switches.
• Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN.
• Configured Routing protocols such as RIP, OSPF, EIGRP, static routing and policy based routing.
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Configuration and troubleshooting link state protocols like OSPF in single area and multiple areas.
• Redesign of Internet connectivity infrastructure for meeting bandwidth requirements.
• Performed packet tracing using OPNET.
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Providing Technical Support and solutions for Network Problems.
• Planned, tested and evaluated various equipment's, systems, IOSs and procedures for use within the Network / security infrastructure.
• Upgrading IOS, troubleshooting network outages.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long term planning, implementation, project management and operations support as required.
• Configured and troubleshoot cisco WAP, and cisco prime
• Hands-on experience in the network management of circuits using TDM and Frame Relay network, performing configuration and provisioning management, fault management and performance monitoring

Confidential

Network Administrator

Responsibilities:

• Created network diagram for employees using the Microsoft Visio.
• Preparing Client Machines for users with Operating Systems, Software, antivirus and required utilities and mailing clients etc.
• Primarily responsible in designing and maintaining the budget for the whole network.
• Perform daily maintenance, troubleshooting, configuration, and installation of all network components.
• Configuration of CISCO Routers (3600, 4000 Series) and 3550, 4500 series switches.
• TCP/IP network planning, Implementation and Management with subnets.
• Enabled SNMP traps for our Cacti Monitoring tool to monitor traffic and check the regular health of Servers and Network Devices
• Implementation of Virtual LANs across Routers and Switches.
• Implemented and Configured IP Routing Protocols: OSPF, EIGRP, and RIPv2
• Implemented and configured LAN Protocols: Ethernet, VLANs, VTP and STP.
• Worked with Remedy Ticketing tool in maintaining and keep a track of logs/monitor
• Designed and implemented IP Addressing, Subnetting, Route Summarization and Route Distributions
• Monitoring the Servers and Networks.