Network Security Engineer Resume
Chicago, IL
SUMMARY:
- Network Security Engineer with Over 7+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
- Implementation, Configuration and Support of Checkpoint (NGX R65, R70 and R71), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo Alto Networks Firewalls models (PA-2k, PA-3k, and PA-5 k)
- Experience in Proliferating the query performance with modification in T-SQL queries, removing unnecessary columns, eliminating redundant and inconsistent data, normalizing database, establishing necessary joins, creating useful clustered index and non-clustered indexes.
- Responsible for Checkpoint and Cisco Firewall administration across global networks worked on Cisco Catalyst Switches 6500/4500/3500 series.
- Policy development and planning / programming on IT Security, Network Support and Administration.
- Worked on cisco Nexus 5000 series switches for data center.
- Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN.
- Hands on in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
- Using Smart Update, user management and authentication in Check Point Firewall.
- Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices.
- Designed and implemented redundant Internet circuits with automatic BGP-failover of public subnets (class C addresses) between the two primary U.S. locations (disaster recovery).
- Designed and implemented disaster recovery configuration for the Globalscape Enterprise File Transfer system (Secure FTP with PGP encryption).
- Assisted with the installation and configuration of the new Sioux Falls Nexus switches - 7000, 5000, 2000, and 9000 series (ver 7.0.2). Configured the FEX connections, VDCs (virtual device contexts), VPC (virtual private circuits), etc.
TECHNICAL SKILLS:
LAN Technologies: VLAN, VTP, Inter-Vlan routing, STP, RSTP, PVST, 802.1x
WAN Technologies: Frame Relay, ISDN, PPP, ATM, MPLS, Leased lines
Network Security: NAT/PAT, VPN, Filtering, IDS/IPS, IPSec, ACL
Routing Protocols: RIP, IGRP, EIGRP, OSPF, BGP, IS-IS, HSRP
Routed Protocols: TCP/IP, IPX/SPX
Infrastructure Services: DHCP, DNS, SMTP, MIBs, Syslog, POP3, FTP, TFTP
Network Management: SNMP, SSH, Telnet, ICMP
IP Telephony: VOIP,FXO/FXS/E&M/T1/ISDN/PRI, Call manager Express
Operating Systems: Windows Vista/XP/NT/2003, MS DOS, UNIX, Linux
Comm. Protocols: Wi-Fi, WiMax, CDMA, 3G
Protocol Analyzers: OPNET, Wireshark.
Languages/ Tools: Python, Linux Red Hat
PROFESSIONAL EXPERIENCE:
NETWORK SECURITY ENGINEER
Confidential - Chicago, IL
Responsibilities:
- Expertise in configuring and troubleshooting of Palo Alto, NetScreen & SRX Firewalls and their implementation.
- Experience working on Palo Alto firewalls such as PA-3000, PA-5000 and PA-7000 series.
- Actively participated in a Data Center migration where I involved in migrating all the security appliances.
- Experience on working with external business partners for site-to-site VPN migration.
- Hands on experience on building VPN tunnels between Palo Alto and Fortigate, PfSense, Azure Virtual Gateway, Checkpoint.
- Worked on VPN migration from a router to Palo Alto PA-5260 firewall.
- Design and Implementation of VPN site-to-site tunnels on Palo Alto firewalls.
- Migrated firewall security policies from PA-3000 series to PA-5000 series using PAN Migration tool 3.0
- Wifi testing for the purpose of verifying security levels
- Worked on enabling zone protection on all interfaces on Internet gateway firewalls.
- Worked on configuring SSL decryption for outbound traffic flow and troubleshooting connectivity issues by validating the signed certificates.
- Worked on port forwarding NAT rules and security policies. Worked on APP-ID, Content ID, PBF (Policy Based Forwarding).
- Entered Wifi testing results and network information while maintaining data integrity.
- Configured User based policies to allow USER-ID authentication using LDAP servers.
- Managed ADOMs by using Forti Manager to manage multiple Fortigate firewalls.
- Configured destination and source NAT on Fortigate firewalls by creating virtual and Pool IPs. Worked on DHCP relay implementation with IP-helper address.
- Migrated security policies from a PA firewall to Fortigate firewall using FortiConverter and worked on enabling the interfaces in production.
- Configured high availability on Palo alto and Fortigate firewalls.
- Hands on experience working on Blue Coat Proxy devices to enable web-filtering for external business partners using Virtual policy manager.
- Monitor, analyze, troubleshoot Aruba APs, wireless controllers and s3500 switches using the Airwave management systems
- Experience with Security- Firewalls, NAT / PAT, IPSEC, S2S.
- Troubleshoot and customize office 365 applications including Word, Excel, One Note, Skype.
- Installed and monitored extreme networks S-series, 7100 stackable switches and E4G-400, 1800 router to support VMware machines in NCFAST.
- Involved setting up the TFTP server for backing up the IOS images and configuration files of Cisco Routers and Switches and troubleshooting the file servers.
- Upgrades, installs, configuration and administration security and monitoring tools on Linux.
- Experience with Security- Firewalls, NAT / PAT, IPSEC, S2S.
- Experience with ALG (RTP, RTSP and FTP, DNS, HTTP), DHCP.
- Responsible for network evaluations, troubleshooting a variety of network problems, and implementing various software and hardware upgrades efficient performance.
- Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
FIREWALL ENGINEER
Confidential - Texas
Responsibilities:
- Installation, configuration and troubleshooting of Checkpoint (5000, 4400, 1400 series with GAIA OS) and ASA Firewalls.
- Hands-on experience Installing & configuring firewalls - Checkpoint NG & NGX, Cisco ASA (5500), Cisco Pix, ISA, and IP tables.
- Responsible for maintaining multi-vendor network environment including Cisco ASA, Juniper JUNOS, Fortinet firewalls, Palo Alto PA-200 and configuring different policies to provide connectivity.
- Experience working on F5 Load Balancing devices, specifically LTMs and GTM's. Experience in conducting upgrades, fail over, configuring pools and virtual servers and also managing certificates on the F5 devices.
- Migrated and implemented new solutions with Cisco ASA Firewall (5500) series.
- Provide technical expertise and support of network devices and security peripherals including Cisco routers and switches.
- Experience with Bluecoat Proxy servers, LAN & WAN management.
- Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
- Extensively worked on Data Center switching technology including Nexus 7K, 9K and 5K and Catalyst switches.
- Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
- Experience in configuring site-to-site VPN tunnels and MPLS between various site offices.
- Worked with the architects and application teams across the globe to ensure that the requirements are met according to the network architecture for the successful migration of the applications.
- Created and implemented firewall policy to allow/block services on specific TCP/UDP ports in production firewall.
- Majorly involved in Office Move, Network Upgradation, Network Standardization projects.
- Provided best solution to user's ServiceNow incidents by maintaining the security standards of the organization
- Key contributions include troubleshooting of complex LAN/WAN infrastructure that include Configured Firewall logging, DMZs & related security policies & monitoring Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
- Other responsibilities included documentation and change control
- Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall
- Used various scanning and sniffing tools like Wire-shark
- Documenting and Log analyzing the Cisco PIX series firewall
- Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues
- Performing maintenance activities in Cisco switches, routers and checkpoint firewall.
- Using TCP Dumps and Wireshark captures for determining the flow of traffic across the Intranet to Internet and vice versa.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- DNS administration like adding/modifying/deleting IP and DNS assignments using log messages on Infoblox.
- Worked on PCI compliance, Smart Optimize and removed all the unwanted rules and unused objects.
- Experience with ALG (RTP, RTSP and FTP, DNS, HTTP), DHCP Worked with ITIL (Information and technology information library) for managing our services.
- Working with ITS networking teams to install an Avaya VoIP phone system and test phone system connectivity and functionality.
- Knowledge of with API's for troubleshooting Network issues using Wireshark and NTOP.
- Configured static NAT, dynamic NAT, dynamic NAT overloading.
- Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server.
- Configured and perform trouble shooting on Dell Power Connect Switch 5548 used to connect VM Servers and Flex Systems.
- CSU/DSU loop testing in examining WAN link issues by implementing hardware and software loops.
- Extensive Packet level debugging and troubleshooting on Palo Alto Firewalls to resolve numerous network issues.
- Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
- Configure and maintain security policies on Fortinet firewall and managing Fortinet Analyzer.
- Hands-on experience in configuration of firewalls - Palo Alto, Cisco, Fortinet, and Firefly.
- Expertise in configuring and troubleshooting of Palo Alto, Fortinet, SRX Firewalls and their implementation.
NETWORK ENGINEER
Confidential
Responsibilities:
- Designed MPLS VPN and QoS for the architecture using Cisco multi-layer switches
- Implemented and configured Cisco IOS, IOS-XR, CAT-OS and Nexus hardware and software: 1000v to 7000 series.
- Configure, IPS and QOS by SDM and provide security by Prefix list, Access- List and By Distribution List.
- Designed and configured the commands for QoS and Access Lists for Nexus 7K, 2K and 5K.
- Figure and manage printers, copiers, and another miscellaneous network equipment.
- Handled the tasks of documenting network problems and resolutions for future reference.
- Utilized VMware ESX configured and installed it properly to implement Cisco, Microsoft Server 2008, Linux, MySQL builds, designs, throughout the entire Network Infrastructure.
- Managing enterprise BGP setup by configuring and troubleshooting BGP related issues. My responsibility was also to add new BGP peers for remote branch offices and business partners.
- Create and troubleshoot VDC, allocate resources, interfaces, NTP
- Maintenance and Troubleshooting of LAN connectivity problems using Ping, Trace route.
- Experience on a mesh 6500 and 5500 series switches to support the core trading system.
- Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
- Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
- Vulnerability Management using Security Information & Event Management
- Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
- Monitoring network platforms include IBM Tivoli Netcool management systems, Siebel CRM, WebTop, utilizing HP Service Manager 9 logging tools.
- Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
- Network design and administration experience.
- Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access
- Responsibilities included configuration and installation of software and hardware.
- Performed routine network maintenance checks as well as Responsible for gathering and compiling data for special projects as well as prepare weekly status reports.
- Figure and manage printers, copiers, and another miscellaneous network equipment.