We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

Seattle, WA

SUMMARY:

  • 7.5 years of professional experience in Network Planning, Implementing, Configuring, Troubleshooting and testing of networking system on both Cisco and Juniper Networks.
  • Hands - on Experience with CISCO Nexus 9000, Nexus 7000, Nexus 5000, and Nexus 2000 platforms.
  • Extensive hands-on experience with complex routed LAN and WAN networks, routers and switches
  • Hands-on configuration and experience in setting up Cisco routers to perform functions at the Access, Distribution, and Core layers
  • Experienced in using iRule and Mikrotik platforms on F5.
  • Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.
  • Experience of routing protocols like EIGRP, OSPF, RIP, and BGP
  • Enhanced level of experience with OSPF, BGP, and TCP/IP
  • Worked on Cisco 7200, 7300, 3800, 3900, 3600, 2800, 2600, 1800 series Routers and Cisco 2900, 3500, 3850, 4500, 4900, 5500, series switches.
  • Proficiency in configuration of VLAN setup on various Cisco Routers and Switches
  • Configure Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large-scale firewall deployments.
  • Network monitoring and debugging tools: Netscout, Wireshark, Nagios, SiteScope, Wily, AppDynamics and ELK.
  • Worked on various network projects involving Cisco Routers- ASR 1000/9000, Switches-Nexus 7K/5K/2K.
  • Hands-on experience in using network monitoring tool SolarWinds Orion.
  • Experience with BIG-IP F5 load balancers, version 9.x, 10.x, 11.x, Citix Netscalers and Web Accelerators.
  • Excellent leadership with good written and oral communication.
  • Installed, configured and deployed Cisco IP Telephony and good knowledge of Cisco RSA .
  • Worked extensively on Juniper MX Series Routers and EX Series Switches.
  • Have performed scripting and development of tools to monitor networks using Python.
  • Great team player and able to work under pressure 24x7 duty rotation.
  • Strong knowledge of HSRP, VRRP redundancy Protocols.
  • Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
  • Access control server configuration for RADIUS & TACAS+.
  • Experienced in implementing, maintenance and usage of ADC, Firewalls, Content Filters and Security Controllers.
  • Have very good experience in Wireless deployment in an enterprise environment and preparing coverage maps as well as spectrum analysis, on Motorola, Cisco, Extreme and Aruba hardware.
  • Experience in physical cabling, IP addressing and Subnetting with VLSM, configuring and supporting TCP/IP, DNS, installing and configuring proxies.
  • Experienced in halting and patching through DDoS attacks on existing networks.
  • Hands-on experience using Cisco Virtual Switching System (VSS).
  • Good knowledge of Bluecoat proxy server SG• Knowledge of advanced technologies like VOIP, H.323, SIP, QoS, Multicasting, MPLS, and MPLS-VPN.
  • Good knowledge of CISCO NEXUS data center infrastructure with 5000 and 7000 series switches includes (5548, 7010) including CISCO NEXUS Fabric Extender (223, 2248)

TECHNICAL SKILLS:

Cisco Platforms: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series)

Juniper Platforms: SRX, MX, EX Series Routers and Switches

Networking Concepts: Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi

Firewall: ASA Firewall (5505/5510), Checkpoint, Cisco ASA

Network Tools: Solar Winds, SNMP, Cisco Works, Wireshark, AppDynamics, Wily, SiteScope, Netcool, ELK, Nagios

Load Balancers: Cisco CSM, F5 Networks (Big-IP)

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1,DS3,OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port-channel, VLANs, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPsec, SSL-VPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6

Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix, Python Shell 2.x and 3.x

PROFESSIONAL EXPERIENCE:

Confidential, Seattle, WA

Sr. Network Security Engineer

Responsibilities:

  • Modify pilot ISE environment for production scaling and performance
  • Works with client engineering groups to create, document, implement, validate and manage policies, procedures and standards that ensure confidentiality, availability, integrity and privacy of information.
  • Executing RADIUS pre-deployment tasks like ISE setup, loading templates into Cisco Prime.
  • Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations.
  • Configured, implemented and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540, 5000 series firewalls for the client environment.
  • Contribute to the development and overall strategy of the penetration testing program
  • Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.
  • Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN
  • Configuration and Integration of Cisco Identity Services Engine (ISE) 1.2
  • Worked on VPN configuration, routing, NAT, access-list, security contexts and failover in ASA firewalls.
  • Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
  • Configured and maintained IPSEC and SSL VPN's on Palo Alto, Cisco ASA Firewalls.
  • Configuring, Administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
  • Configured IPSec VPN (Site-Site to Remote Access) on Cisco ASA (5200) series firewalls.
  • Working with the rule base and its configuration in Cisco ASA, Palo Alto, Juniper and Checkpoint firewalls.
  • Deploying ISE Wired and Wireless Authentication, Authorization and Accounting.
  • Deployment of Cisco ASA firewalls and migration of end of life ASA firewalls to New ASA firewalls
  • Cisco Firewalls include ASA 5585x, 5580, 5550 Series Hardware managed through CLI, ASDM as well as CSM
  • Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
  • Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints
  • Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550)
  • Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static & Hide NAT's.
  • Configure High Availability on Palo Alto firewalls.
  • Defining, tracking and maintaining the standard baselines and configuration sets of security devices and implementing industry best practices with regards to Firewall, IDS/IPS, IPsec VPN, SSL VPN.
  • Applied security enhancement by implementing certificates and RSA keys for authentication.
  • Installed and administered RSA Secure ID token authentication servers.
  • Support Citrix NetScaler F5 platform, configuring, implementing, & troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway, & content switching configuration solutions.
  • Coordinate and evaluate vendors and associated products/tools in facilitating the Penetration Testing initiatives
  • Configured F5 GTM solutions, which includes Wide IP, Pool Load Balancing Methods, probers and monitors.
  • Defined AWS Security Groups which acted as virtual firewalls that controls the incoming traffic and configured the traffic allowing reaching one or more AWS EC2 instances Virtual private cloud (VPC), subnets, Internet Gateways.
  • Physically deployed new Cisco Nexus devices, Catalyst and Nexus replacement blades, FWSMs, Cisco ASAs, Citrix NetScaler MPX and SDX chassis.
  • Verify Firewall status with Checkpoint Monitor. Creation and implementation of Application delivery architectures which includes load balancing on F5 BIG IP modules.
  • Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
  • Use of Web application firewall providing reverse proxy-based protection for applications deployed in physical, virtual / public cloud environments.
  • Involved in the deployment and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
  • Involved in F5 LTM GTM and ASM planning, designing and implementation. Actively involved in F5 ASM policy configuration and deployment. Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Net screen firewalls
  • Configured High availability, User ID on Palo Alto firewall.
  • Configured and utilized many different protocols such as OSPF, ISIS, BGP/MP-BGP, OER, MPLS, LDP, Multicast, IPv4/IPv6 protocols.
  • Utilized knowledge of Spanning Tree Protocol, BGP, MPLS, OSI model layers 1-2 to create networklayouts.
  • Stateful firewall, VLAN to VLAN routing, Link bonding / failover, 3G / 4G failover, Traffic shaping / prioritization, WAN optimization, Site-to-site VPN, Client VPN, MPLS to VPN Failover, Active Directory and LDAP integration.
  • Responsible for investigating Data Loss Prevention using Symantec DLP.
  • Configured EIGRP routing and BGP route maps to allow traffic from subnets out to the core to Datacenter on the ASR 1002 devices.
  • Implementation and configuration of Cisco L3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, dot1Q trunk, ether channel
  • Configure and troubleshoot Routing protocols such as OSPF and EIGRP for routing internally and BGP for external routing.
  • Worked and maintained various network, application monitoring tools like Solar Winds, Cisco Prime, ForeScout, Wireshark, TCP Dump.
  • ForeScout CounterACT- NAC, endpoint compliance, real-time intelligence and policy-based control.
  • Involved in Troubleshooting IP Addressing Issues and Updating IOS Images using TFTP.

Confidential, Lexington, KY

Sr. Network Engineer

Responsibilities:

  • Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
  • Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices
  • Involved in upgrading switches from 6500 E to 4500-X.
  • Implemented BGP to optimize WAN routing on the core and edge routers.
  • Mutual redistribution of OSPF and BGP routes using route maps.
  • Involved in upgrades to the WAN network from existing 7200vxr with ASR1004 and 3845/3945 routers.
  • Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
  • Configuring rules and Maintaining Palo Alto & Analysis of firewall logs using various tools .
  • Build Cisco UCS 6200 series fabric interconnects.
  • Experience in Layer 3 routing - Cisco Routers: 2500, 2600, 3600, 3800, 3900, 7200 series, ASR 9000, 9001, 9006 series
  • Monitored performance using Nagios and AppDynamics tools.
  • Involved in design and implementation of Data Center Segmentation and worked on implementation strategies for the expansion of the MPLS VPN networks.
  • Tools which we use in the project are DC, IDS, IPS, ASDM, CSM and traffic generator tools like BPS, IXIA.
  • Provides direct support for all hardware moves, add and changes for the VoIP devices and troubleshot with customers on-site and remote.
  • In-depth knowledge of Cisco ASA and Juniper Netscreen Firewall security, spanning-tree, VLANs, TCP/IP, RIP, OSPF, QoS, VRRP and VPN technologies.
  • Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
  • Recommend and design equipment configurations for LAN/WAN/VOIP deployment on Cisco, Adtran, Fortinet, F5, Radware, and Bluecoat .
  • Configured and maintained Fortinet Firewall systems, on Fortinet 100, 500 and 1500D. Also maintained 99% uptime on Firewalls, as well as full and complete intrusion detection and prevention systems.
  • Provides Level-3 incident response and problem management support for IP Telephony platforms, interfacing with other key Corporate IT teams, such as LAN, WAN, Security and/or IT Service Center
  • Worked on F5 and CSM load balancers deploying many load balancing techniques with multiple components for efficient performance.
  • Configuration and maintenance of routers, firewalls, and load-balancers. Included configuration of Juniper ISG 2000, Juniper EX4200, F5 BIG-IP 3600, and Cisco 6500. Includes protocols such as MPLS, BGP, OSPF, and VRRP.
  • Also worked with Cisco ASA's 5505 and 5520, 5512X, 5515X.
  • Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco ASR 9000, 9001, 9006, 6500 series Routers .
  • Created labs for F5 APM, ASM, and LTM implementations of Microsoft Exchange, Microsoft SQL, Microsoft IIS services, LAMP servers.
  • Developed and implemented core network consolidation plan. Included redundant configuration of Juniper EX8200.
  • Racking, Stacking, configuring, Nexus 5K, 7K, and 9K, Static pinning fabric interface connection, PortChannel fabric interface connection, configuring a Fabric PortChannel Created Build-Outs of New Safe Zone in Palo Alto Panorama VLANs, VIP, IP, VRF, BGP.
  • Expert in troubleshooting F5 software modules, including BIG-IP LTM, ASM, APM, and iRules (Tcl-based script).
  • Created VSYS Builds from Checkpoint to Palo Alto Panorama Database Zone, Access Zone.
  • Migrated over 50+ 3845 infrastructure to a 3945 series router. The new platform positioned corporate-wide move to IPv6 to support depletion of IPv4 .
  • Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
  • Used ADC to ensure timely delivery of content for offsite location.
  • Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MST related issues coming in network environment.
  • Developed monitoring tools using Python 3.x for the Network. Also developed deployment interface using Python 3.x for the network.
  • Put together Cisco BoM in preparation for IP Telephony migrations.
  • Involved in the redesign of the routing architecture while replacing the 6500’s edge routers with ASR 9K routers in the data centers .
  • Migration of existing IPSec VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling
  • Configuring and maintaining the Network connectivity to Cloud Providers such as AWS, Azure using AWS VPC, AWS Direct.
  • Experience in migration of data to Cloud environment. Good working knowledge of Azure and AWS.
  • Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
  • Have configured and installed Aruba Clear Pass Policy Manager configuration and performed its installation for VMWare appliances and hardware appliances for one section of the client’s office network.
  • Handling Checkpoint and Checkpoint firewalls appliances, Checkpoint Provider-1/Multi-Domain-Mgmt. the, Check point Smart Console R70.20 & R75.40, R77.10, R77.20.
  • Implementation and configuration of GLBP/HSRP on multilayer switches for first hop redundancy
  • Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed

Confidential, Chicago, IL

Sr. Network Engineer

Responsibilities:

  • Maintain and track the status of device supplied to the client.
  • Syslog and SNMP Expert
  • Coordinating with JTAC for faulty part replacement and configuring standby device to support the customer with minimal downtime.
  • Installation & Maintenance of Juniper switches routers &firewalls.
  • Implemented Juniper firewall & switches.
  • Implementing and maintaining WAN/LAN and WLAN networks in different diagrams
  • Involved in troubleshooting L3VPN issues and updating Junos images, UTM Anti-virus and IDP.
  • Configuring RIP, OSPF and Static routing on Juniper M and MX Series Routers
  • Configuring VLAN, Spanning tree, VSTP, SNMP on EX-series switches.
  • Implementation and installation of Aruba Clear Pass Policy Manager, and it’s configuration and installation for VMWare appliance and hardware appliances.
  • Implemented cluster and configuration of SRX-110 Juniper firewall.
  • Work closely with customers, sales, and support team to identify key customer pain points and define innovative solutions to address them. Custom integration with SolarWinds NTA and Gigamon products
  • Develop product requirement documents and maintain ongoing product feature roadmaps
  • Work closely with the engineering team to drive the product feature development process
  • Create, capture, and share knowledge using internal knowledge management and communication tools
  • Installed Trapeze-MX 2800 wireless controller and light weight access points.
  • Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
  • Monitor performance of network appliances and WAN utilizing using network analyzer like Wireshark.
  • Responsible for providing support for IT infrastructure in the laboratory. Surveillance activities for physical and virtual switches. OpenFlow, 802.1x and MAC authentication test.
  • Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Netscreen devices for easier management and common configurations.
  • Involved in the migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher security.
  • BigIP ASM Positive and Negative Policy Reinforcement, iRule, Full proxy for HTTP, Server Performance Anomaly Detection .
  • Design and integration of Juniper SSG series firewalls, SA VPN Appliances, J series Routers and EX-series switches.
  • Configuring Routing protocols like BGP, OSPF, MPLS, multicast and L2 protocols in ASA to check it is passing through via ASA in customer deployments.
  • Maintenance and trouble-shooting of LAN, WAN, IP Routing, Multi-Layer Switching.
  • Perform Packet shaper Bluecoat 75000 OS upgrade, maintenance and configurations
  • Shipping Aruba bundle to work with home users
  • Palo Alto/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
  • RTMT experience with VoIP and VoSIP (monitoring clusters).
  • Configure Aruba routers for work at home Humana employees.
  • Responsible for providing Certification and Accreditation support for Cisco VoIP systems and helping with Voice Engineering efforts.
  • Optimizing and monitoring the performance of a WLAN, LAN, WAN and user's segments
  • Maintain connectivity for approximately 300 switches and routers in a 500+ node network.
  • Troubleshooting any and all network problems involving LAN, WAN, BGP, EIGRP, MPLS/VPN, VRF - VPN Routing and Forwarding Instance, SIP Trunking, Internet ISP, Multi homed - BGP with Level-3 Datacenters.
  • Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
  • Design and deployment of MPLS QoS, MPLS Multicasting per company standards.

Confidential

Senior Network Specialist

Responsibilities:

  • Actively participated and completed many projects based on MPLS VPN, Internet Solutions for corporate customers Backbone.
  • Hands-on experience working with Cisco 7600, 12K, ASR routers & Juniper MX series and Juniper BRAS.
  • Currently working on a wireless upgrade project for Allegheny Health network and their EPIC roll out.
  • Verifying IPv4/IPv6 Addressing Architecture.
  • Verifying Dynamic Host Configuration Protocol for IPv6 (DHCPv6) and DNSv6 options .
  • Performed wireless network design, site surveys, as well as Troubleshooting and repairing any issues that occurred on site.
  • Managing proxy server for branches and head office for internet access through Bluecoat Proxy SG600 for URL Filtering, traffic acceleration and visibility reporting with Bluecoat reporter .
  • Configuration and troubleshooting of many link types i.e. SONET Controllers for sub E1/T1, E3/T3 and POS controllers for STM1 links.
  • Provided tier 3 support for Checkpoint Firewall -1 software to support customers.
  • Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways .
  • Implementation and testing of ISDN BRI/PRI circuits.
  • Migrated Vlans from ASA (perimeter firewalls) to FWSM’s for better security management
  • Responsible to troubleshoot the connectivity between CPE router and the COLT's edge router (SAR).
  • Worked closely with RIR(Regional Internet Registry) to procure PI(Provider Independent) and PA
  • Responsible for troubleshooting complex networking issues in service provider MPLS & internet
  • Aggregately) IP addresses and AS numbers for COLT and customers.
  • Set up DNS Reverse Delegation according to RIPE rules in RIPE Database.

Confidential

Junior Network Engineer

Responsibilities:

  • Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
  • Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications.
  • Supporting Development team for the access to corporate network and outside world. Providing access to specific IP, Port filter, and port access.
  • Monitoring Memory/CPU on various low-end routers in a network.
  • Configured the Cisco router as IP Firewall and for NAT. Switching (Ethernet) related tasks included implementing VLANs and configuring ISL trunk on Fast-Ethernet channel between switches.
  • Installing new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations.
  • Installing and maintaining local as well as network printers.
  • Validating existing infrastructure and suggesting new network designs.
  • Working on creating new load balancing policies by employing BGP attributes including Local Preference, AS-Path, and Community, MED.
  • Providing technical support to LAN & WAN systems.
  • Configuring all the required devices and equipment for remote vendors at various sites and plants.
  • Installation and maintenance of new network connections for the customers.
  • Installing and maintaining Windows NT Workstations and Windows NT Server.
  • Monitor performance of network and servers to identify potential problems and bottleneck.
  • Real-time monitoring and network management using Cisco Works LMS.
  • Configuring routers and send it to Technical Consultants for new site activations and gives online support at the time of activation.
  • Provided technical support for hardware and software related issues to remote production sites.
  • Performed administrative support for RIP, OSPF routing protocol.
  • Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP.

Hire Now