Network Security Engineer Resume
West Chester, PA
SUMMARY:
- Over 8 years of professional experience in Planning, Implementing, Configuring, Troubleshooting of networking system on Cisco devices.
- Experience with the escalation problems for Routing, Switching and WAN connectivity issues using ticketing systems like remedy and Magic.
- Experience working on CISCO NEXUS d Confidential center infrastructure with 2000, 5000 and 7000, 9000 series switches includes (5548, 7010, 9396, 9572) including CISCO NEXUS Fabric Extender (2248).
- Experience working with Cisco Nexus 2248 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for d Confidential center access architecture.
- Strong knowledge in HSRP, VRRP redundancy Protocols.
- Experience of routing protocols like EIGRP, OSPF and BGP.
- Excellent knowledge of TCP/IP protocols IPV - 4 and IPV-6.
- Knowledge of Checkpoint VSX, routers and switches.
- Experience in Network LAN/WAN deployment.
- Experience with DNS/DHCP/WINS Standardizations and Implementation.
- Worked on Cisco 7200, 6500, 3800, 3600, 2800, 2600, 1800 series Routers and Cisco 2900, 3500, 4500, 5500, 6500 series switches.
- Advanced knowledge in design, installation and configuration of ASA 5520, 5555, 5585-X Administration.
- Knowledge of VMware vSphere administration within Cisco Unified Computing System environment.
- Juniper SRX and SSG series, Check Point VSX series, Cisco ASA series, Cisco PIX and Palo Alto Firewalls Administration.
- Extensive hands-on experience with complex routed LAN and WAN networks, routers and switches.
- Hands-on configuration and experience in setting up Cisco routers to perform functions Confidential the Access, Distribution, and Core layers.
- Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks.
- Hands-on experience in using network stimulator tools like OPNET, SolarWinds Orion.
- Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.
- Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
- Knowledge on BIG-IP F5 LTM, GTM Load Balancers for load balancing and traffic management of business application.
- Experience in Network Management Tools and sniffers like SNMP, Wireshark and Cisco works.
- Experience in physical cabling, IP addressing and subnetting with VLSM, configuring and supporting TCP/IP, DNS, VOIP-Cisco Call Manager installing and configuring proxies.
- Good knowledge on Riverbed Virtual Services Platform (VSP) and Big-IP F5 Load balancers.
- Ability to Install, Manage & Troubleshoot Large Networks & Systems Administration on Windows & Linux platforms in Development, Lab & Production Environments.
- Sound knowledge of virtual firewalls like checkpoint VSX, IDS, IPS, encryption techniques including virtual systems.
- Good knowledge on VLAN Trunk Protocol (VTP).
- Access control server configuration for RADIUS & TACACS+.
- Hands-on experience using Cisco Virtual Switching System (VSS).
- Cisco Router and Switch configuration using Cisco 6509's running VSS.
- Knowledge of advanced technologies like Multicasting, MPLS and MPLS-VPN.
- Design, configure, troubleshoot and implement wireless and/or d Confidential networking(LAN/WAN) solutions for mid-sized to enterprise-level clients.
- Conduct Wireless RF Surveys and document results.
- Develop comprehensive project-based System Designs, Network Diagrams, Migration Plans, and Test Plans.
- Effectively communicate with internal Account Executives and potential clients to assess and make solution recommendations.
- Extensive knowledge of computer hardware and software applications.
- Configuring cisco switches with NX-OS and IOS-XE& implementing VLANs
- Work as Layer 3 IP Network Engineer on ASR9k Edge router with IOS-XE Platform in a network lab environment.
- Research and apply Cisco IOS-XE images to L3 C Confidential lyst 3650 switches
- Supporting and running four Cisco c Confidential lyst Switches 4500, 6500, 3650, 3560, 3750 (inter VLAN routing and EIGRP)
- Configuration of IPSEC, DMVPN and GRE tunneling technologies.
- Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/ GRE to GetVPN.
- Excellent leadership with good written and oral communication. Great team player and able to work under pressure 24x7 duty rotation.
TECHNICAL SKILLS:
Routers: (2800,2900, 3600, 3900, 3800, 7200).
Cisco Switches: (2800,2911,3750,4500, 6500, Nexus 93128,9504).
Firewall: Checkpoint (R65/R70/R75/R77) Palo Alto(PA-500, PA-3060, PA-5060, PA-7050, PA-7080)
Access Point: Cisco (Air Cap 35021, Universal AP Air Cap 2700)
Routing Protocol: (BGP, OSPF, EIGRP, IGRP, RIP), Routed Protocol TCP/IP, Multicasting.
Management tools: Cricket, Syslog, Infoblox, IPAM, hp NCM, Splunk, Cisco Prime 3.1
LAN Protocol: VLAN, VTP, Inter-vlan routing, ISL, dot1q, STP, RSTP, PVST, HSRP, Ethernet, Port security.
Network Management: SNMP v2, SolarWinds, Cisco ACS
Network Security: Knowledge of Firewall, Checkpoint, PA3020, ASA, Cisco ASDM IPSec, IPS/IDS (snor), Cisco NAC, NAT/PAT, Ingress &Egress Firewall Design and VPN Configuration.
Application Protocols: DHCP, DNS, FTP, TFTP, HTTP, FTP SMTP, SSL.
Documentation: Microsoft Office, Visio, Cisco TAC Cases.
Languages: Linux
WORK EXPERIENCE:
Confidential, West Chester, PA
Network Security Engineer
Responsibilities:
- Troubleshooting & implementation of VLAN, STP, MSTP, RSTP, PVST, 802.1Q, DTP, HSRP, VRRP, GLBP, LACP, ACL, PAGP, AAA, TACACS, RADIUS, MD5, VTP & SVI.
- Experience in L2/L3 protocols like VLAN, STP, VTP, ISL, MPLS, 802.1q and Trunking protocols
- Migrated whole d Confidential center environment from Cisco C Confidential lyst 6500 to Nexus 9K’s and 2K’s.
- Installing and configuring Cisco ASA 5520 to ASA 5585-X with Firepower Module.
- Migration of Checkpoint to ASA 55XX-X.
- Implementing, maintaining and troubleshooting switching tasks such as VLANs, VTP, VLAN Trunking using ISL & 802.1Q, STP, RSTP, PVST+, Ether channel using LACP, Inter-Vlan routing.
- Worked on migration of Inter D Confidential center routers from ASR X.
- Extensive experience with Cisco IOS, IOS-XR, NX-OS Windows client/server operating systems, Linux, Networking technologies, Firewalls.
- Hands on experience in configuring Cisco Nexus2232, 2248, 5548, 6001 and 7018(Sup 2E) and worked on nexus protocols VPC, VRF, VDC and FEX Links.
- Worked on troubleshooting port issues regarding QSFP, CRC errors, Cable replacements in Production environment.
- Providing technical support on Nexus 2000/9000 switches and operating systems (NX-OS) create vpc domain, design single sided vPC, design double sided vPC, design vPC peer-keepalive, vPC peer-link, vPC member ports.
- Tier 3 Troubleshooting of Layer 3 issues related to EIGRP, BGP.
- Migrated servers connected from Legacy Switch environment to 9K’s.
- Involved in planning and design of various environments.
Confidential, Mayfield, Ohio
Network Security Engineer
Responsibilities:
- Implementation and Troubleshooting Cisco Routers such as Cisco 1900, 2900, Cisco ASR 1k and Cisco 9k.
- Experience working with ASR 9000 series switches with IOS-XR.
- Experience with migrating from Cisco ASA 8.2 version to Cisco ASA 8.4 Version.
- Migrated juniper firewalls to Palo Alto network firewalls and carried out troubleshooting and configuration of the same.
- Configuring Cisco Switches Such as 4500, 6500, stack switches 3750.
- Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256.
- Experience with setting up MPLS Layer 3 VPN cloud in d Confidential center and working with BGP WAN towards customer.
- Hands on Experience testing I Rules using Browser (IE), HTTP watch for f5 load balancers.
- Configure and Juniper EX and MX series switches and routers.
- Worked on Network Layer technologies including Routing & Signaling protocols, Layer3 VPN and Multicast supported by juniper core and edge, MX series routers.
- Experience working with JUNOS OS on juniper routers and Switches.
- Configured LDP, OSPF, and BGP for new deployments of core/edge routers (Cisco and juniper).
- Implemented antivirus and web filtering on Juniper SRX 240 Confidential the web server.
- Migrated Juniper EX series switches to Cisco 3500 series and 6500 series switches.
- Network Redesign for Small Office/Campus Locations. This includes changes to both the voice and d Confidential Environment.
- Created documents for various platforms including Nexus 7k, ASR1k enabling successful deployment of new devices on the network.
- Experience configuring Virtual Device Context in Nexus 7k series switch.
- Experience with configuring Nexus 5000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000.
- Expertise in VPN configuration, routing, NAT, access-list, security contexts in ASA firewalls.
- All-encompassing execution& configuration proficiency of Firewalls, Cisco ASA Appliance ASA 5510.
- Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS) and deploying GRE Tunnel.
- Experience in analyzing security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, network flow systems, Anti-Virus, and/or other security logging sources.
- Monitor SIEM and IDS/IPS feeds to identify possible enterprise threats. Actively investigate, respond to and remediate security incidents.
- Worked on Virtual Switching System (VSS) in combination of c Confidential lyst 6500 series switches.
- Network security including NAT/PAT, ACL, and ASA Firewalls.
- Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as Firewalls and URL and application inspection.
- Good knowledge with the technologies VPN, WLAN and Multicast.
- Well Experienced in configuring protocols HSRP, GLBP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
- Installation and Configuration of Cisco C Confidential lyst switches 6500, 3750 & 3550 series and configured routing.
- Protocol OSPF, EIGRP, BGP with Access Control lists implemented as per
- Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between
- Experience with communicating with different with different customers, IT teams in gathering the details for the project. vBlock up gradation such as VCenter server up gradation, ESXi, UCS blades.
- Serve as part of a team of network engineers responsible for network upgrade from Cisco Layer 3 C Confidential lyst switches to Juniper Layer 3 EX4200 & EX3200 switches across multiple offices.
- Design, implement and administer enterprise network infrastructure utilizing Juniper routers across locations.
- Installed dual DS-3 SAN replication WAN with Riverbed Interceptors and 6050 Steelhead appliances to optimize the traffic.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
- Experience in migration with both Checkpoint and Cisco ASA VPN.
- Hands-on experience with converting Checkpoint VPN rules over to the Cisco ASA solution.
- Configured, Monitored and Troubleshot Cisco's ASA Security appliances.
- Switching tasks include VTP, ISL/ 802.1q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port \Security, STP and RSTP.
- Experience in installing and configuring DNS (BT Diamond), DHCP servers.
- Replace branch hardware with new 3900 routers and 2960 switches.
- Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
- Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to Get VPN.
- Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports.
- Setting the user ports to non-trunking, deployed port security when possible for user ports.
- DesigningF5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 Big-IP Load Balancers.
- Installed and Configured the F5 BIG-IP LTM, configured virtual servers and associate them with pools for Internal web servers.
- Involved in configuring Juniper SSG-140 and Check point firewall.
- Involved in the TACACS+ implementation.
- Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP.
- Disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention
- Worked on configuration commissioning and upgradation of the MPLS circuits for various branch offices.
- Knowledge of modifying and maintaining bluecoat proxy pac files.
- Added websites to the URL filtering blocklist in bluecoat proxies.
- Responsible for leading and implementing IP network build-outs and provide Tier2/3 operational production support in a mixed Cisco Router/Switch/Wireless, Load balancer, Infoblox, Palo Alto Global Enterprise network.
- Entered new network devices In Infoblox, reserved IP in DNS for UPS / Switches for deployment. Made DHCP and DNS changes through infoblox.
- Configured DNS entries using Infoblox. Used Infoblox to create and manage newly created DHCP scopes.
- Responsible for Enterprise DHCP Server (InfoBlox) and VPN, SSL, and Net Motion Accounts.
Confidential, Dallas TX
Network Engineer
Responsibilities:
- Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201 and 3945E.
- Experience working on CISCO NEXUS d Confidential center infrastructure with 2000, 5000 and 7000 series switches by enabling networked devices to communicate effectively
- Hands-on knowledge in configuring cisco 3500, 4500 series switches to implement information sharing and resource allocation for increased productivity.
- Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, WISM, STP (Spanning tree Protocol), RTSP & Multicasting protocols
- Helping them to set up point to point OSPF connection on their Cisco and juniper routers like MX, EX, ASR series devices with their current network
- Worked on In-Service Software Upgrade Infrastructure which enables user to upgrade between two different
- Junos OS releases with no disruption on the control plane and with minimal disruption of traffic
- Automated network implementations and tasks and designed monitoring tools using python scripting
- Configured networks using routing protocols such as RIP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure
- Work in groups with other engineers to solve customer network complications.
- Monitoring tools: Design, implementation, tuning and troubleshooting. Worked on to pre-configure router in d Confidential center for new connection as network design structure.
- Working on troubleshooting, implementing and configuring new devices and helping them to build new d
- Confidential center and moving devices from one d Confidential center to another by moving all devices.
- Set up point to point OSPF connection on juniper SRX and SSG series.
- Tested JUNOS images on juniper MX router platforms covering various protocols and technologies like OSPF, BGP, LDP, MPLS, Layer3 VPNs
- Working on to set up OSPF dynamic routing on Cisco ASA Firewalls by using and following their current network structure.
- Monitor, operate and support network security devices such as cisco ASA, juniper and checkpoint VSX firewalls
- Experience configuring VPC, VDC and ISSU software upgrade in Nexus 7010.
- Installed and configured C6506 switches with VSS configuration as core switches.
- Deployed Cisco UCS, Cisco ACI D Confidential Center switches like N9K, N5K, Cisco FI switch 6200 and Cisco 3850 switches, etc.
- Deployed VXLAN on the Nexus 9000 to map the physical VLANs to the Virtual Overlay VLANs.
- Deployed the Nexus 9000 Application Virtual switch to support network telemetry applications and 9000 Core with VPC and 3172 TOR.
- In corporate Cisco Nexus 9000 NXOS to ACI fabric to work in concert with existing Nexus 7000s and ASRs for Multi-Protocol Label Switching(MPLS)
- Working on as security devices Cisco ASA series, checkpoint VSX, juniper SRX & SSG series, Palo Alto firewalls.
- Configuring rules and Maintaining checkpoint VSX, Palo Alto Firewalls & Analysis of firewall logs using various tools
- Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
- Firewall policy configuration on Checkpoint, ASA and Palo Alto Firewalls. Site to site VPN configuration checkpoint firewall ASA and Palo alto Firewalls.
- Migrated firewall rules from Cisco ASA to Palo Alto and Checkpoint Firewalls. Remote access VPN configuration and administration on Cisco ASA 5540 firewalls.
- Establishing VPN Tunnels using IPSec encryption standards and configuring and implementing site-to-site VPN, Remote VPN.
- Providing daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.
- Designed & implemented VPN connectivity for customer premise equipment to Cisco VPN 3000 series concentrator.
- Experience in site-to-site and remote access VPN solutions. Configured security policies including NAT, PAT, and VPN, Route-maps, Prefix lists and Access Control Lists.
- Managing & administering Cisco WSA. Experience Network security concepts and systems including F5, WSA, Palo Alto, ASA.
- Responsible for deploying, maintaining, and monitoring Cisco IronPort email and web security appliances (ESA, WSA respectively).
- Implemented Infoblox DDI for rendering seamless DNS, DHCP, and IP management services
- Troubleshoot all Infoblox DHCP and IPAM issues that may occur.
- Configuring NAT onto the Juniper SRX firewalls using Infoblox.
- Experience configuring and managing Cisco Web Security Appliance (WSA) in an enterprise environment.
- Hands on experience in F5 load balancers, its methods, implementation and troubleshooting on LTMs and GTMs.
- Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
- Documenting workflow process, managing and implementing standard policy and procedures.
- Worked in AWS technologies that support automation using cloud formation to create EC2 instances.
- Configured and managed tool that auto discovers auto scaling EC2 instances in VPC.
- Worked with automation tools such as puppet, implementing cookbooks in chef, Jenkins, etc.
- Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Dealt with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL.
- Migrated multiple sets of F5 LTM devices from version 10.x to version 11.x operating systems.
Confidential, MI
Network Engineer
Responsibilities:
- Implemented antivirus and web filtering on Juniper SRX 240 Confidential the web server
- Dealt with creating VIP (virtual servers), pools, nodes and applying I Rules for the virtual servers
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5585 Security appliance
- Configured cisco ASA 5510 firewall to establish logical separation between Legacy network & lab environment.
- Performed network monitoring, troubleshooting, implementation and maintenance of juniper and checkpoint firewalls
- Migrating the policy from cisco ASA firewalls into Palo-Alto & vice versa.
- Implemented Zone Based firewall and Security Rules on the Palo Alto Firewalls
- Regularly performed firewall audits around CheckPoint firewall solutions for customers.
- Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing
- DMZ environments to support new and existing application platforms.
- Experience with converting cisco c Confidential lyst 6500 switches to Cisco Nexus in the d Confidential Center environment
- Associate. Responsible for design, installation, configuration, administration and troubleshooting of LAN/WAN network infrastructure and security using Cisco and juniper routers
- Implementation and Configuration (Profiles, I Rules) of F5 Big-IP LTM-3600 load balancers
- Routine Administration (Design, Implementation & Operations support) of Citrix, BIG-IP and F5 load balancers
- Experience configuring VPC, VDC and ISSU software upgrade in Nexus 7010
- Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP, MPLS
- Worked on external customer wireless network infrastructure
- Leverage understanding of LAN/WAN technologies to support, design, and integrate complex wireless LANs
- Worked with a team on planning, designing, configurations, deployments and support of LAN/WAN/WLAN infrastructure
- Worked with VMware hypervisor and virtualization monitoring tools.
- Participated in the evaluation of vendor hardware, software, and wireless communications products
- Operational support and troubleshooting of production wireless network issues
- Provided technical support case escalation for customer wireless infrastructure
- Documentation of advanced enterprise wireless solutions and designs
- Wireless design and validation, including RF site surveys of complex indoor and outdoor deployments
- Supported internal wireless network infrastructure operational requirements
- Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access
- Experience with deploying PIM Sparse-mode/Dense-mode multicasting in Campus locations.
- Design, implement and administer enterprise network infrastructure utilizing Juniper routers across locations
Confidential, Torrance, CA
Network Support Engineer
Responsibilities:
- Experience in working with cisco ASA firewalls.
- Implement Cisco IOS Firewall IDS using 2600 series router.
- Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
- Configured and debugged policy-based routing for special traffic, route filtering with route maps, route redistribution.
- Configured VLAN Trucking 802.1Q, STP, and Port Security on C Confidential lyst 6500 switches.
- Performed OSPF, BGP routing protocol administration.
- Worked on F5 load balancers and ASA firewalls.
- Router memory & IOS upgrade with TFTP.
- Network Assessment and Documentation (including technical, operational, and economic assessment).
- Responsible for designing and implementation of customer’s network infrastructure.
- Help negotiate hardware, software, and circuit contracts for customers.
- Redesign customers office copper and fiber cable plant for scalability.
- Build and maintain Visio documentations for Clients.
- Was Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches, fixes, and all around technical support.
- Ensured network, system and d Confidential availability and integrity through preventative maintenance and upgrade.
- Support for new store rollout, circuit and wan installations.
- Configured and supported multiple remote site installations.
- IP Address management using IPAM.
- Maintain and troubleshoot Hub and spoke frame relay with EIGRP.
- Installation & configuration of ISDN BRI/PRI circuits.
- Implement port security on Cisco switches.
- Responsible for monitoring & operations of all d Confidential network related products and services.
Confidential
Network Support Engineer
Responsibilities:
- Configure and install applications according to the specifications and requirements of the organization and business process.
- Testing of computers and ensuring that computer systems are functioning properly.
- Physical setting up of computers and software system installation for various computer applications and programs. Provide specifications of the systems and equipment as required.
- Identifying and solving any problem that affects computer/operating systems performance.
- Install and upgrade computer peripheral devices such as photocopier, printer, scanner and modems.
- Networking and connecting computers within the same organization to enhance communication. and orienting employees with computer system hardware and software.
- Troubleshooting routine problems and maintenance of servers.
- Responsible for computer systems requisition and procurement, working in close liaison with the purchasing and supplies department.