Sr. Network Security Engineer Resume
Irvine, CA
SUMMARY:
- Cisco Certified Network Engineer with 8.2 years of professional experience, performing Network analysis, design, Implementing, capacity planning with focus on performance tuning and support of large Networks.
- Expert Level Knowledge about TCP/IP, Spanning - tree, and OSI models.
- In-depth knowledge and hands-on experience on IP Addressing, Subnetting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
- Experience in configuring and troubleshooting of static and dynamic routing protocols such as RIP v1/v2, EIGRP, OSPF, IS-IS BGP and MPLS,VPLS,QOS.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
- Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
- Worked on NX-OS, IOS, IOS-XR BXB to N7K-NX-OS (MPLS) system test.
- Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment.
- Experience in Cisco Routing and Switching using 3600, 3700, 3800, 5300, 6500, 7200, 7600Nexus 7K,Nexus 5K, Nexus 2K & ASR 9000, 1000 series routers,Meraki products.
- Strong work experience with MPLS, VPN, WLAN and Multicast technologies.
- Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
- Advanced knowledge installation, configuration, maintenance and administration of Palo Alto firewalls, Panorama, Checkpoint,Fortinet Firewalls and VPN.
- Configure all Confidential Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Automated network implementations and tasks and designed monitoring tools using python scripting.
- Network monitoring and testing from Operation Center (NOC) from a network management perspective.
- Good knowledge on DMZ zone based security configuration on Cisco routers.
- Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
- Network security including NAT/PAT, ACL, IDS/IPS, and Cisco PIX, ASA/ Firewalls.
- Proficiency in monitoring and analyzing the load balancing of network traffic using Wireshark , Solarwinds and Netflow.
- Scripting for automation of processes for Windows Servers. Familiarity with main script languages like Power Shell, PHP, Shell, Perl, Python.
- Excellent experience in Checkpoint Firewall installation, configuration and troubleshooting.
- Experience in Physical cabling, IP addressing, configuring and supporting TCP/IP
- Extensive experience in handling network failure issues.
- Excellent communication and interpersonal skills.
- Fast learner with excellent problem solving capabilities.
TECHNICAL SKILLS:
Cisco Routers:: ASR1,9, 3900, 3800, 3700, 7206VXR, 7500, ASR 9K
Cisco Switches:: 6500, 4510, 3750X, 3550, 3650, 3750G, 2960
Routing Protocols:: EIGRP, OSPF, BGP, RIPv2
Switching Concepts:: VLAN, STP, RSTP, VTP, Ether Channel, Port Fast, IP access Control lists, Uplink Fast and Backbone Fast, HSRP, VRRP.
Network Securities:: NAT/PAT, VPN, Filtering, Load Balancing using F5, Netscalar and Cisco ACE, Cisco ASA Firewalls, IPSEC and SSL VPNs, IPS/IDS, DMZ Setup, CBAC, Cisco NAC, ACL, IOS Firewall features, IOS Setup and Security Features.
Network Topologies:: Frame Relay, ISDN, Gigabit Ethernet, OSI and TCP/IP layered architecture.
LAN:: 10/100/1000 & 10 GBPS Ethernet
WAN:: MPLS, Frame Relay, Dialup, VoIP, Cisco Routers and Switches, CSU/DSU
WLAN:: IEEE 802.11, PHY and MAC layer functionality, WLAN controller/Aruba/Meru
Operating Systems:: Windows Servers 2003/2008/2012, Windows 7, Windows Vista, Windows XP troubleshooting, Office 365.
Sniffers:: Solar winds, Wire shark, Packet tracer.
Scripting:: Python and Shell scripting
PROFESSIONAL EXPERIENCE:
Confidential, Irvine, CA
Sr. Network Security Engineer
Responsibilities:
- Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
- Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
- Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
- Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
- Configured VLAN’s, Private VLAN’s.
- Migrated complex, multi-tier applications on AWS. Defined and deployed monitoring, metrics and logging systems on AWS. Migrated existing on-premises applications to AWS
- Monitored infrastructure with Nagios like Firewalls, Servers, Services, Network devices, applications, web portals etc. Resolution of tickets fresh & pending
- Selecting appropriate AWS service to design and deploy an application based on given requirements.
- Replaced the Legacy 3750 stackwise with Juniper EX 4200 switches in the LAN Environment.
- Worked as a lead consultant for a consultation project to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall.
- Knowledge of cleaning up log auto-discovered sources in Qradar SIEM by identifying duplicates, correcting misidentified log sources, and identifying log sources from their logs.
- Replaced a few of 5505's with new 5506X with firepower module set configuration. Created all new IPSEC VPN L2L sites for remote sites to connect with main office and DR site and Threat pulse web content filtering. Created all filtering and SSL interception rules.
- Implement SSL VPN solutions including Confidential Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
- Worked on wild fire advanced malware detection using IPS feature of Palo Alto.
- Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering) as per GLBA act.
- Configured rules and maintained Palo Alto Firewalls & analysis of firewall logs using various tools.
- Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
- Migrated and converted all traffic from end of life proxy platforms Solaris/Checkpoint, Solaris/Sun Proxy and NetCache to multiple Blue Coat Proxy SG units separating the traffic to point to specific lines of business designated proxies.
- Set up and configure new 810 and 9000 Blue Coat Proxy SG units to YUM standards, updating these standards when needed.
- Responsible for configuration and troubleshooting issues related to F5 GTM/LTM devices such as 4200v, 5200v, Viprion 2200 and F5 APM
- Worked on F5 load Balancer and Netscalar, configured Virtual servers, pool, pool members, worked on load balancing methods for LTM
- Configured virtual servers, nodes and load balancing pools on the F5 LTM 6400, 6800 devices for various medical/biomed applications and their availability
- Automated some F5 task with Python
- Worked on Palo Alto firewall migration tool.
- Responsible for Juniper SRX firewall management and operations across our corporate networks.
- Design, and configuring of OSPF, BGP on Juniper Routers and SRX 5400/5600Firewalls
- Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
- Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
- Worked on ASR9K running native IOS-XR
- Worked on Datacenter Migration project to migrate the existing 6509, 4509 devices to a Nexus 7010, 5010 and Nexus 2248 FEX based solution.
- Maintained and created scripts in Python that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements.
- Manage Solarwinds Orion NPM/NCM, IPAM to identify daily network traffic quality issues
- Experience in working with Cisco Cleanpipe and CoPP
- Experience configuring VPC(Virtual Port Channel), VDC(Virtual Device Context) in Nexus 7010/7018
- Experience with configuring FCOE using Cisco nexus 5548.
- Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
- Perform ISSU upgrade on Nexus 7010 devices by operating the supervisors in active/standby mode on the devices by determining ISSU compatibility.
- Experience on working scripting languages Power Shell and Perl for code upgrades and configurations of devices.
- Testing and Verification of Cisco core routers CRS-1 and GSR-12000
- Configuration and troubleshooting of EIGRP, OSPF, BGP.
- Configuration and troubleshooting of CSM, integration with ASA devices.
- Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
- Implementation of Access Lists for allowing/blocking desired traffic.
- Configured EBGP load balancing and ensured stability of BGP peering interfaces
- Conducted on site QOS testing and prepared reports for the engineering team on ways the networks could be improved
- Implemented site to site VPN in Juniper SRX as per customer Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
- Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
- Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
- Configure new F5 Application Security Manager(ASM) security policies and follow established change management procedures.
- Coordinate with customers to schedule maintenance on their UCS servers and chassis
- Worked extensively on Cisco ASA 5500(5510/5540) Series
- Preformed IOS upgrades on cisco routers and switches
- Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
Confidential, Washington DC
Sr. Network Engineer
Responsibilities:
- Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E.
- Worked on Network Automation using Python and Power Shell.
- Involved in Firewall Policies implementation to meet access requirements of various teams. Worked on Cisco ASA/Juniper SRX Firewalls primarily with tasks involving policy changes, policy management as per vendor/client requirements add/design policies
- Analyze network traffic with Splunk and IBM Qradar tools on network traffic, firewall (Source Fire defense center) and AV (McAfee) logs.
- Designed and Implemented Cisco UCS Pods in Nexus 7000 and Cisco 6500 Platform
- Responsible for developing a NG partner Pod based architecture expanding the capabilities of NetApp's FlexPod offerings allowing greater opportunities in the marketplace.
- Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NAT’ing, sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols
- Installing configuring and maintaining DHCP, TACACS+, DNS and solar winds network monitoring tools and IPAM tools.
- Working under UNIX environment in development of application using Python and familiar with all of its commands.
- Implementing 3750 Stackable switches using Cisco Stack Wise technology. Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow.
- Design and implement Catalyst/ASA Firewall Service Module for various LAN’s.
- Implemented various EX, SRX & J series Juniper devices.
- Working on Cisco ASA 5580 Juniper NS5400, Juniper SRX550
- Implementation and Configuration (Profiles, I Rules) of F5 Big-IP LTM-6400 load balancers
- Deploy and support network load balancers, such as F5 LTM/GTM
- Built VPN connections to 3rd party vendors for access to branch facility and Data Center applications.
- Designed 10 gigabit networks using Cisco Nexus 7000 series switches, Cisco 3800 series routers
- Installed, configured and administered Palo Alto firewalls.
- Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 and PA5000 series as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Working experience on CLOS (Leaf Spine) architecture.
- Created VSYS Builds from ASA to Palo Alto Panorama Database Zone, Access Zone.
- Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations
- Monitoring and configuring Cisco 7600 routers at data center.
- Configure and Troubleshoot Juniper Router (J2320) with IOS (JUNOS 9.3).
- Actively involved in switching technology Administration including creating and managing VLANS, Port security - 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009.
- Maintained Avaya Dual HA CMS/BCMS for three ACD locations, building VDNs, Vectors, Hunts/Skills, per Call Center and Union recommendations.
- Administration device deployment, wireless and mobile telephony solutions for telework, an Enterprise Telephony Manager Voice Firewall solution, Unified Communications, Avaya 1X Applications and Server design and implementation.
- Design and implementations of Vmware infrastructures over UCS backbone on all continents.
- Developed strong understanding of a network infrastructure & familiarity with congestion avoidance techniques to ensure high voice quality Installation, design, configuration, and integration of the CUCM.
- Worked on Data, VOIP, Security as well as wireless installations and technologies.
- Worked on IPAM Solar winds Orion for analysis and monitoring purposes. Performed SIP call flow & other protocol packets flow using Wireshark.
- Worked on Infoblox for creating the DNS entries, A records and CNAMEs
- Replaced old 6500 and WAN routers from DR testing site and Installed Nexus 7K and ASR 9, 1k routers.
- Configuring VDC, VPC and FCOE, upgrading NX-OS for Nexus Family Switches.
- Developed design specifications for various POD product variations
- Provided proactive threat defense with ASA that stops attacks before they spread through the network.
- Maintaining and troubleshooting SAN backup networks.
- Configurations of vdc, vrf on Nexus 7k & 5k devices.
Confidential, Plymouth Meeting, PA
Network Engineer
Responsibilities:
- Implemented Site-to-Site VPNs between ASA Firewall and Router
- Escalating customer problems to management and support groups utilizing standard escalation model.
- Secure authentication, redundancy and troubleshooting issues on BIG-IP LTM, ASM and APM.
- Supported on Cisco Nexus 5000 and Nexus 7000 Series Switch fabric links.
- Experience with devices Palo Alto firewalls such as security NAT, Threat prevention & URL filtering.
- Correlates call issues with WAN performance for advanced troubleshooting
- Experience working with High performance data center switch like nexus 7000 series
- Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices
- Configured IPSEC VPN on SRX series firewalls
- Responsible for Data Center Migrations and its operations
- Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Experienced in configuring CISCO ASA firewalls in various contexts and modes to have the network secure. Maintained IPSEC and SSL VPN tunnels through the Firewalls.
- Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series
- Worked on Cisco DataCenter Switches such as Nexus 6500, 7000.
- Experience in migration from Cisco infrastructure to Juniper MX routers and Switches such as EX and QFX-3500, QFX-5100
- Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall
- Implement changes to the firewall rule base, network routing tables and ACL to allow only authorized users to access the servers.
- Check for DNS issues by pinging the server’s name.
- Experience with Wireshark, TestTCP
- Created security policy according to user’s requirement in Cisco ASA-5580, Juniper-SRX-5800 and ISG-1000 Fire-wall using CLI & GUI.
- Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a data center access architecture
- Installed Juniper firewalls to replace existing Firewalls which increased network uptime.
- Experience in Layer 3 Routing protocol configurations: EIGRP, OSPF, BGP.
- Worked as senior engineer with Avaya System PHI migration,merging Voicemail system, custom dial planning.
- Provided installation and initial user configuration of NEXUS 7K switches at the Data Center and providing IP addressing and different user session priorities on the switch.
- Designed and deploy various network security & High Availability products like Cisco ASA other security products
- Configuration and edit policies on F5 network access control.
- Coordinate and perform VPN Lan2Lan as well as Remote VPN and Firewall security policies as well as NAT Configurations.
- Familiar with blue coat servers and blue coat web sense.
- Implemented Security policy by Configuring PIX firewalls.
- Implemented TCP/IP,TFTP and related services like DHCP/DNS/WINS
- Deploying Cisco routers and switched such as 7200, 3800, 3600 and 3500, 4500, 5500.
Confidential
Network Engineer
Responsibilities:
- Develop and implement strategies to support the current and future needs of the company.
- Configured Cisco Routers 2600 series using RIP, OSPF, and EIGRP.
- Configured Cisco Switches 2900.
- Worked extensively on Checkpoint firewalls for analyzing firewall change requests and implementing changes into existing firewall policies, maintaining security standards
- Troubleshooting complex Checkpoint issues, Site-to-Site VPN related. Performed upgrades for all IP series firewalls from R75-R77.
- Support various Routers like 2600/3600/7200 series routers.
- Tested authentication in OSPF and BGP.
- Migrated the rules from Checkpoint firewalls to ASA firewalls
- Identifying technical problems and debugged hardware and software related to LANs/ WANs.
- Implemented redundancy in BigIP F5 loads balancers to provide uninterrupted services to clients.
- Implementing and configuring F5 LTM's for VIP's and Virtual servers as per business needs.
- Configure positive and negative model F5 ASM security policies
- Switching related tasks included implementing VLANS, VTP and configuring ISL trunk on Fast - Ethernet channel between switches.
- Configured and implemented Nexus 5K and 2K in lab environment
- Resolved all computer related problems, monitored and maintained system functionality and reliability by identifying ways to prevent system failures.
Confidential
Support Engineer
Responsibilities:
- Perform responsibilities of supporting the daily operations of the network, telecom and troubleshooting network issues.
- Responsible for updating the IOS and configuring the new Router and Catalyst Switches.
- Designed and installed small Windows XP based LANs for business clients
- Troubleshot and resolved many user issues Performed network testing and base lining
- Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
- Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with PIX Firewalls
- Troubleshoot and Worked with Security issues related to PIX firewalls
- Experience with converting Cisco 6500 IOS to Cisco Nexus NX-OS in the data center environment.
- Provided testing for network connectivity before and after install/upgrade
- Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
- Responsible for creating and maintaining diagrams and documentation of network systems