Network Security Engineer Resume
Plano, TX
PROFESSIONAL SUMMARY:
- Network Security Engineer with 8+years of experience in design, install, configure, support, and troubleshoot including a broad range of LAN/WAN/MAN, Public/Private Cloud enterprise networks and security using Cisco routers/switches/firewalls.
- Implementation, Configuration and Support of Checkpoint (R80, R77 Gaia, R75 and R71), VSX,MDM/MDS, Provider - 1, Juniper Firewalls (SSG 550M, SSG520M, ISG 1000, ISG 200, SRX5400, SRX5600, and SRX5800), Cisco Firewalls (ASA 5505, 5506-X, 5585 with firepower), Palo Alto Networks Firewall models (Panorama M-100, PA-2k, PA-3k, and PA-5 k).
- Hands on experience using Expedition Palo Alto networks migration tool to convert a configuration from Checkpoint or Cisco or any other vendor to a PAN-OS.
- Implementing security policies using AAA, ACL's, NAT, Policy NAT, PBF/PBR, Route-maps, Distribution lists and IPsec VPN' s on different series of routers and firewalls.
- Worked on CiscoASA (5540/5550) Firewalls and firepower 2k and 4k. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
- Hands-on experience on Palo Alto Rule changes PA-2000/PA-4000 series, templates, object creation, planning, configuration changes, OS upgrades and CLI troubleshooting.
- Proficient in using SolarWinds Network Management tools like Network Performance Monitor (NPM), NetFlow Traffic Analyzer, Network Configuration Manager (NCM), Server and Application Monitor (SAM), SolarWinds Web Performance Monitor and SolarWinds Virtualization Manager.
- Planning, Designing, Installing, Configuring of Cisco 6500, 4500, 2900, 3500, 3750 XL series switches, Nexus 5k, 7k series switches, Cisco 1800, 2500, 2600, 2800, 3600, 3800, 7200 series Routers and Juniper EX Switches.
- Hands on experience in implementation and deploying BIG-IP F5 LTM, GTM series like 6400, 6800, 8800 for load balancing and network traffic management for business applications.
- Experienced in working on network monitoring tools like SolarWinds, Nagios, NetFlow, Sniffing tools like Wireshark, Splunk and TCPDUMP.
- Configuring,Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/Routing/NAT with the firewalls as per design.
- Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP, NTP.
- Hands on experience in configuring and supporting site-to-site and remote access Cisco, IPsec, VPN solutions using ASA/PIX firewalls, Cisco, B2B VPN client in addition to providing TACACS+ and RADIUS services.
- Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
- Extensive experience in configuring and troubleshooting of protocols RIP v1/v2, EIGRP, OSPF, BGP and MPLS. Basic knowledge on Wireless Access points of 802.11 a,b,g.
- Creating and maintaining network documentation, design drawings, security diagrams, procedures and policies using MS word and Visio.
- Worked on virtual Palo Alto firewalls integrated with Azure Cloud - VM PA-200, PA-300.
- Install, configure, Upgrade of Red Hat Linux 4.x/5.x,6.x, Solaris 9.x/10.x, CentOS operating systems, configure kick start server and implemented patches via Redhat Satellite server.
- Extensive experience in AWS Cloud native services like EC2, ELB, VPC, Auto Scaling, Security Groups, Subnets, Launch Configuration, S3, SNS, AWS Macie, IAM, CloudWatch, CloudTrail, Elastic IP’s,so on.
TECHNICAL SKILLS:
Management Tools: TCPDUMP, Solarwinds, Orion products, Snort (IDS), Netflow Analyzer, WhatsUP Gold, Wireshark, SPLUNK, Remedy, Service Now, HPSM, HP NAS, IBM Qradar, Splunk, Visio,Tufin, Algosec and Firemon.
Firewall Products: Checkpoint R 80.10,77 GAIA, R75, R71, NGX R65/R60, Cisco PIX 525E, 535 & ASA 5510, 5520, 5540, Provider-1, Smart Center Server, SPLAT, VSX, Juniper SRX and SSG, NSM, Jun OS, Screen OS, SPACE, ASDM, Cisco ACS, Palo Alto PA-7000, PA-5000, PA-3000, PA-2000,PA-850,PA-820,PA-220,PA-200, Panorama.
AWS: ELB, VPC, EC2, Subnets, Security Groups, S3, Route 53, Cloud Front, etc.
Cisco Products: Routers (1800, 2500, 2600, 3200, 3600, 3700, 3800), Cisco L2 & L3 Switches (2900, 3560, 4500, 6500), Nexus 3000, 5000, 7000, 9000 series Switches.
Protocols/Services: Routing Protocols (RIP, IGRP, EIGRP, OSPF, BGP), QOS, TCP/IP, IPSEC, MPLS, TACAS+, RADIUS, Cisco NAC
WAN Technologies: CDP, Access Control List (ACL), Network Address Translation (NAT), PAT, Redistribution, OSPF Virtual Links and GRE Tunnel, VPN3000 Concentrator, Bluecoat SG Proxy
PROFESSIONAL EXPERIENCE:
Confidential, Plano, TX
Network Security Engineer
Responsibilities:
- Configure and implement security solutions for various clients as per their requirements in Checkpoint R77, R75, R65, Provider-1, Palo Alto firewalls, Panorama, Cisco ASA firewalls, ASDM and in CSM.
- Configured and Maintained rules on Palo Alto Firewalls (PA-220, PA3060) & Analysis of firewall logs using various tools.
- Configured High availability, User ID, App-ID and Global protect on Palo Alto firewall.
- Implemented failover (Active-standby and Active-Active) and clustering with ipv4 on ASA Firewall.
- Converted Port based rules to APP ID based rules in Palo Alto firewalls.
- Pushed Policies from Panorama to Firewall in Palo Alto, Configured and Maintained Palo Alto Firewalls.
- Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
- Exposure to wildfire advance malware detection using IPS feature of Palo Alto.
- Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
- Worked on different software blades of Checkpoint firewall like IPS, VPN and NAT.
- Implemented two factor authentications for the users, third-party vendors connecting organization’s network .
- Migration and implementation of new solutions with Palo Alto Next-Generation Firewall series PA-3060 and PA-5060.
- Experience on working with Palo Alto Next Generation firewall with security,networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.
- Extracted the logs, perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
- Installed and configured protocols like TCP/IP and Internet protocols including Local Area Networking, routing and HTTP.
- Responsible for the design and implementation of the network architectures including firewalls, load balancers, IDS, VPN, DNS, switching, routing,wireless security, TCP/IP, VPN and Content Filtering.
- Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
- Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
- Provided support for 2Tier and 3Tier firewall architecture, which includes various Check Point, Cisco ASA firewalls and Palo-Alto firewalls .
- Working with customers Site-to-Site and Remote Site VPNs using Cisco routers to Cisco routers, ASA Firewall to Palo Alto Firewall, Cisco Router to Palo Alto Firewall and troubleshoot and modify existing VPN.
- Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) and GTM's for managing the traffic and tuning the load on the network servers.
- Centrally managed all Palo Alto Firewalls using Palo Alto Panorama M-100 management server.
- Worked on Confidential to create Incidents tickets and change requests to apply the remediation identified.
Confidential, Seattle, WA
Network Security Engineer
Responsibilities:
- Supporting and troubleshooting Checkpoint (R77.10 Gaia, R77, R76, Provider-1, MDM/MDS, VSX, SPLAT and IPSO) and Cisco firewall (ASA 5550, 5540, 5520, PIX 525, 535, CSM and ASDM) technologies.
- Migration and implementation of new solutions with Palo Alto Next-Generation Firewall series PA-5060, PA-3060 and PA-500 .
- Troubleshooting connectivity issues on the Checkpoint Firewall using smart view tracker, monitor health of the appliance using smart view monitor.
- Responsible for planning, documenting and implementation of complex Firewall and VPN solutions .
- Configured Juniper SRX and SSG firewalls using NSM and via CLI.
- Adding zone-based rules in Juniper SRX and SSG Netscreen(6500, 6000, 5400) firewalls as per client requirements.
- Extracted the logs, perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
- Engineered BLS Checkpoint infrastructure which consists of 500+ firewalls running different flavors of hardware and Checkpoint OS such as (R71, R75, R76 and R77).
- Converting Checkpoint VPN rules over to the Cisco ASA solution and migrating with both Checkpoint and Cisco ASA VPN.
- Implemented Site-to-Site VPNs between ASA Firewall and Router.
- Performing packet captures using TCPDUMP, fw monitor, Snoop, Wireshark and other network monitoring tools.
- Worked with Checkpoint Firewall (SPLAT/Gaia) for management (Smart Dashboard, Smart Monitor), Logging (Smart Log, Smart View Tracker).
- Configuration of Fabric path and connectivity between Nexus 5K and Nexus 7k .
- Involved in Datacenter build and support, Implementation, migrations network support, Interconnectivity between an old Datacenter and new Datacenter.
- Worked on Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX 240, SRX 1600 SSG 550 .
- Designed and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
- Worked on Bluecoat ProxySG to block list/ whitelist websites, URL Filtering and content filtering as per business request.
- Configure Access List ACL to allow users all over the company to access different applications, Internet and compliance to the security policy and standards.
- Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH).
Confidential, Rockville, MD
Network Security Engineer
Responsibilities:
- Responsible for maintaining multi-vendor network environment including Cisco ASA, Juniper JUNOS, Fortinet firewalls, Palo Alto PA-200 and configuring different policies to provide connectivity.
- Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
- Maintenance and Troubleshooting of connectivity problems using Ping, Traceroute.
- Configured access control lists. Troubleshooting DNS/DHCP issues within the LAN network .
- Experience configuring various networking protocols, specifically OSPF, BGP, EIGRP andtroubleshooting issues with the network .
- Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
- Configure and maintain security policies on Fortinet firewall and manage Forti-Manager/ Forti-Analyzer.
- Expertise in IP subnetting and worked on various designing and allocating various classes of IP address to the domain.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
- Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
- Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
- Involved in troubleshooting network traffic and its diagnosis using tools like ping, traceroute, WireShark, TCPdump and Linux operating system servers.
- Documentation involved preparing Method of Procedures (MOPs) and Work Orders. Also creating and submitting Remedy tickets for user auditing.
Confidential
Network Security Analyst
Responsibilities:
- Installation and Configuration of networks, router/switches configuration and wireless access point/router with security, TCP/IP, VPN, Content Filtering, Access Control Lists on router/switches, VLANs (port mapping, naming etc.), and routing IP address in both LAN/WAN and wireless networks.
- Interface directly with the client in business units to determine project objective, cost estimates and ensure customer satisfaction and timely delivery of services ordered.
- Worked on wide array of different projects, ranging from server installs / probes to configuring Layer 2 and Layer 3 devices, for implementation into new and existing switching blocks.
- Implementation of New Backbone, Core and MAN/WAN routers for the New Data center.
- Configure Cisco 6500 Layer 2 and Layer 3 and supervise equipment installation and cabling work.
- Worked on Visio Software, update client network diagrams.
- Worked with Network Operations with trouble tickets.
- Configuring DNS and DHCP configuration in Infoblox.
- Coordinating the implementation of switched networking infrastructure for server and client building blocks
- Supervise moves, additions and changes in LAN environment, and update DHI database.
- Preparing Client Machines for users with Operating Systems, Software, antivirus and required utilities and mailing clients etc.
- Migration of RIP V2 to OSPF, BGP routing protocols.
Confidential
Network Administrator
Responsibilities:
- Designed and implemented IP Addressing, Subnetting, Route Summarization and Route Distributions.
- Implemented and configured LAN Protocols: Ethernet, VLANs, VTP and STP.
- Have ability to install and maintain Microsoft Exchange and worked extensively on different applications.
- Perform daily maintenance, troubleshooting, configuration, and installation of all network components.
- Worked on IGMP, PIM protocols for implementing IP multicast routing in the enterprise network .
- Configuration of CISCO Routers (2800, 3600 Series) and 2900, 3750 series switches.
- TCP/IP network planning, Implementation and Management with subnets.
- Enabled SNMP traps for our Cacti Monitoring tool to monitor traffic and check the regular health of Servers and Network Devices.
- Implemented and Configured IP Routing Protocols: OSPF, EIGRP, and RIPv2.
- Monitored network using SNORT.
- Upgrades and backups of Cisco router configuration file to a TFTP server.
- Configured SSH on all network switches and routers for secure management purposes.
- Configured and Implemented VLANS over the core Switch, configured VTP to manage VLAN database.
- Worked with Remedy Ticketing tool in maintaining and keep a track of logs/monitor.