Network Security Engineer Resume
Moorestown, NJ
SUMMARY:
- 6 Years’ Cisco Certified Network Engineer with experience in implementing, testing, troubleshooting, and maintenance of network devices for networking and security
- Experience in Cisco Routing, Switching along with in - depth Cisco hardware/software knowledge on Cisco Routers such as 7200, 7600, Cisco Multilayer Switches 4500, 6500.
- Experience in configuration, management and troubleshooting of Checkpoint, Fortinet Juniper and Cisco ASA Firewall in various domain such as Internet, VLAN, WAN, DMZ, Rapid 7 tools and Remote-Access VPN.
- Experience in IP addressing & sub netting with VLAN, VLSM, configuring and supporting TCP/IP, DNS, installing, implementing and configuring proxies.
- Responsible for assessing the client's security data Centre from Intrusion Detection System (IDS)/Intrusion Protection System (IPS) that include Sourcefire and Fire-eye, firewall logs which include Checkpoint and Fortinet, anti-virus logs from Symantec, and Security Incident and Event Management (SIEM) from ArcSight and Splunk.
- Experience in configuring Access Lists (ACLs) in Cisco, Nexus and Juniper Routers and Switches and Aruba RAP devices.
- Experience and knowledge in design, configuration, implementation and troubleshooting of Palo Alto, Firewall rules for Site-to- Site VPN and MPLS Circuits for internal as well as vendor connectivity and SSL VPN connectivity through Pulse Secure for the same.
- In-depth knowledge in Layer 3 Routing protocol configurations: RIP, EIGRP, OSPF, BGP, & MPLS.
- Experience with multiple Network Management Tools like Wireshark, Anti-virus like Symantec and next generation CB Defence, SIEM tools like HP ArcSight & Splunk to support 24 x 7 Network Operation Centre and Security Incident Response Centre.
- Knowledge on Project Management and Operations Planning skills as well as experience on creating daily reports for tracking all incidents worked by individual team members.
TECHNICAL SKILLS:
Operating Systems: Windows (Server 2003/2008, Vista, Windows 7), Basic Linux OS, MAC OS
Routers: Cisco 1900, 2900, 7200, 7600
Routing: MPLS, OSPF, EIGRP, BGP, RIP, Redistribution, Summarization, Static and Dynamic Routing.
Switches: Cisco 3750, 4507, 4510 & 6500 series switches, HP Aruba
Switching: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN WAN routing & Multi-Layer Switch.
Network Security: Firewalls, ACL, IPSEC VPN, GRE VPN, IPS/IDS, Bluecoat Proxy SG, Nexpose, Risk Fabric, Legal point.
Antivirus and SIEM: Wireshark, Symantec, CB Defence, ArcSight, Splunk
Reports: Microsoft Visio, Microsoft Office and Excel
PROFESSIONAL EXPERIENCE:
Confidential, Moorestown, NJ
Network Security Engineer
Roles and Responsibilities:
- Design, implementation and troubleshooting of firewall connectivity on Checkpoint and Fortinet
- Experience in implementing and troubleshooting SSL VLAN WAN VPN through Pulse Secure, Site-to- Site VPN and MPLS Circuits for vendor connectivity on Checkpoint and Fortinet.
- Blocking of malicious and phishing URLs and IP addresses on Bluecoat, Sourcefire and Websense.
- Monitoring alerts for all security devices within company’s environment and taking necessary actions for resolving alerts.
- Configured Access Lists (ACLs) on Cisco, Palo Alto Nexus and Juniper Routers and Switches.
- Monitoring ticketing tools like JIRA and Remedy and Archer for handling incident management requests.
- Performed TCP dump and firewall monitor to provide analysis of packets using checkpoint command line including tools like Wireshark.
- Checking authentication logs for employees and vendors on SIEM tools like ArcSight.
- Troubleshooting and whitelisting of Aruba RAP devices used in various environment for internal connectivity.
- Responsible for analysing threats in the general threat landscape and specific threats targeting the client's environment.
- Responsible for monitoring and researching information on security threats and identifying indicators of compromise (IOCs).
- Responsible for assessing the client's security data Centre from Intrusion Detection System (IDS)/Intrusion Protection System (IPS) that include Sourcefire and Fire-eye, firewall logs which include Checkpoint and Fortinet, anti-virus logs from Symantec, and Security Incident and Event Management (SIEM) from ArcSight and Splunk.
- Analysing security Data Centre for repeating trends, attacks, malicious Internet Protocols (IP), and anomaly type events.
- Performing forensic security investigations using ArcSight Logger Appliance
- Working on cases generated on ArcSight ESM created by various security tools logs fed into the logger appliances.
- Perform scans, review and provide recommendations to client for various vulnerabilities to have them remediated within limited period of time using Rapid 7 tools.
- Maintaining data integrity and analysing incidents to prevent loss of sensitive data outside corporate network with help of DLP VLAN tool by Symantec & S3 Risk Fabric and providing solution to the client for any such incidents.
- Attending calls from Law Enforcements and 911 Centres for Emergency life or death situations that involve information related to Xfinity subscribers and later releasing information only after verifying the caller thoroughly.
- Listening to recorded calls of compromised subscriber accounts, analyse the data using different security tools including Splunk and later escalating the analysis to Legal team for further actions to be taken.
- Assisting in creating weekly report and maintaining documentation of standard procedures, daily reports for tracking all incidents worked by individual team members.
Environment: Checkpoint, Fortinet, Cisco and Juniper Routers and Switches, IPS/IDS Sourcefire and Fire-eye, Bluecoat Proxy SG, ArcSight, Splunk, Symantec, Risk Fabric, CB Defense, Nexpose, AirWatch, Wireshark, Legal Point, Active Directory
Confidential, New Jersey
Network Support Engineer
Roles and Responsibilities:
- Checking and configuring Cisco 7600 and 7200 routers at data Centre for 802.1Q remote sites’ issues.
- Troubleshoot of DNS, DHCP and other IP conflicts and used DHCP to automatically assign reusable IP addresses to DHCP clients
- Configured RIP, EIGRP and OSPF on router and installed multi-protocol multi-interface Cisco routers.
- Maintenance of layer 2 switching tasks which advocate VLAN, WAN, VTP, RSTP, PVST, RPVST
- Maintenance and support of Windows Server 2008/2012
- Performed network monitoring and provide analysis using tools like Wireshark.
- Installation and configurations of DLP Endpoints using Digital Guardian
- Integrate new or update existing DLP configurations by leveraging the proven and repeatable methodology
- Worked on ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL and VPN
- Involved in Configuration of Palo Alto Access lists (ACL) on ASA firewall for the proper network routing for the B2B network connectivity.
- Provide support for Anti-Virus/ Anti-Malware protection using Kaspersky
- Installation, implementation and support for RSA tokens roll out and ticketing using JIRA.
- Initiated installing, implementing and support for mobility device management using Checkpoint Good Work on android and iPhone.
- Work on Other Security Rapid 7 tools Related Services including Mac Encryption.
Environment: Network Security, anti-virus, anti-malware, firewall, Kaspersky, RSA, DLP, Cisco Routers/Switches, DNS, DHCP, VLAN, WAN, Subnetting, Trunking
Confidential
Network Engineer
Roles and Responsibilities:
- Configured VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
- Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
- Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
- Troubleshooting IOS related bugs based on past history and appropriate release notes.
- In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
- Planning and configuring the routing protocols such as OSPF, EIGRP, RIP, and Static Routing on the routers.
- Performed and technically documented various test results on the lab tests conducted.
- Assisted senior engineers in planning and configuring the entire IP addressing plan for the clients' network.
- Assist the certification team and perform configuration of LAN\WAN technologies such as Ethernet, Fast Ethernet, and Gigabit Ethernet.
- Supported networks, which are comprised of 2000+ Cisco devices.
- Supported nationwide LAN infrastructure consisting of Cisco 4510 and catalyst 6513.
Environment: Cisco 3750/3550/3500/2960 switches and Cisco 3640/ 0/3845/3600/2800 routers, TCP/UDP, Cisco ASA5510, Checkpoint, Palo Alto, Cisco Nexus7K/5K.