Sr. Network Security Engineer Resume
Parsippany, NJ
SUMMARY:
- Cisco Certified Network Engineer with 8+ years of professional experience, performing Network analysis, design, implementing, capacity planning with focus on performance tuning and support of large Networks.
- Experience in Cisco Routing and Switching using 3600, 3700, 3800, 5300, 6500, 7200, 7600, Nexus 9K,7K,5K, &2K, ASR 9000, 1000 series routers.
- Experience in configuring and troubleshooting of static and dynamic routing protocols such as RIP v1/v2, EIGRP, OSPF, IS - IS BGP and MPLS.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
- In-depth knowledge and hands-on experience on OSI model, TCP/IP, Subnetting, VLSM, ARP, reverse & proxy ARP, Ping Concepts.
- Worked on NX-OS, IOS, IOS-XR BXB to N7K-NX-OS (MPLS) system test.
- Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment.
- Expertise in Data Center Core layer, Access layer, Aggregation layer, Services layer.
- Strong work experience with MPLS, VPN, WLAN and Multicast technologies.
- Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
- Advanced knowledge installation, configuration, maintenance and administration of Palo Alto firewalls, Panorama, Checkpoint, Fortinet Firewalls.
- Configure Palo Alto Networks Firewall models (PA-2K, PA-3K, PA-5K etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Network monitoring and testing from Operation Center (NOC) from a network management perspective.
- Good knowledge on DMZ zone-based security configuration on Cisco routers.
- Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
- Network security including NAT/PAT, ACL, IDS/IPS, and Cisco PIX, ASA/ Firewalls.
- Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
- Proficiency in monitoring and analysing the load balancing of network traffic using Wire shark and Solar Winds and Net flow.
- Automated network implementations and tasks and designed monitoring tools using python scripting.
- Scripting for automation of processes for Windows Servers. Familiarity with main script languages like Power Shell, PHP, Shell, Perl, Python.
- Experience in Physical cabling, IP addressing, configuring and handling network failure issues.
- Excellent communication and interpersonal skills with excellent problem-solving capabilities.
TECHNICAL SKILLS:
Cisco Platforms: Nexus 9k,7K,5K,2K & 1K, Cisco routers (7600, 7200, 3900,3600, 2800,2600,2500,1800 series & Cisco Catalyst switches (6500,4900,3750,3850, 3500, 4500,2900 series) ASR1001,2900,3900,7200,7600 & ASR9000 series
Juniper Platforms: MX, EX series Routers and Switches
LAN Technologies: SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
WAN Technologies: MPLS, VPLS, Frame Relay, PPP, HDLC, (E1/T1/E3T3), DS3, OC192
Network Security: Cisco ASA, Juniper SRX.
OS products/Services: DNS, DHCP, Windows (2000/2003/2008 , XP), UNIX, LINUX
Routing: RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
Gateway Load Balancing: HSRP, VRRP, GLBP
Various Features / Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP.
Network Management Tools: Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP open view
Load Balancers: F5 Networks (Big-IP) LTM 6400
Security Protocols: IKE, IPsec, SSL-VPN
Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, and GLBP. TACACS+, Radius, AAA, IPv4 and IPv6.
Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, 7, 10), Linux.
AAA Architecture: TACACS+, RADIUS, Cisco ACS.
Firewall & Security: Checkpoint (NGX R65, R77-80), Cisco ASA, Palo Alto, ASA 5505 Firewall, Juniper Net Screen firewall
Languages: Perl, C, C++, SQL, HTML/DHTML, Python scripting
PROFESSIONAL EXPERIENCE:
Confidential, Parsippany, NJ
Sr. Network Security Engineer
Responsibilities:
- Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
- Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
- Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
- Configured VLAN’s, Private VLAN’s.
- Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
- Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
- Configuration and troubleshooting of EIGRP, OSPF, BGP, CSM, integration with ASA devices
- Migrated complex, multi-tier applications on AWS. Defined and deployed monitoring, metrics and logging systems on AWS. Migrated existing on-premises applications to AWS
- Monitored infrastructure with Nagios like Firewalls, Servers, Services, Network devices, applications, web portals etc. Resolution of tickets fresh & pending
- Selecting appropriate AWS service to design and deploy an application based on given requirements.
- Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment.
- Worked as a lead consultant for a consultation project to help clean up legacy FW policies and create migration path from current ASA to next gen Palo Alto firewall.
- Review and optimize firewall rules using Tufin SecureTrack and run firewall audit reports. Migrated datacenter firewall rules for Yum Global based on Tufin Analysis/query and Reports.
- Managed and Supported all of Bluecoat ASG S, S, Reporter and Management Center devices in the Yum Network.
- Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI s. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
- Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018, FCOE using Cisco nexus 5548.
- Experience working with Nexus 9k, 7K, 5K and 2K.
- Removing old unused ISP ACL’s from the routers on MX 960'S and ASR 9K.
- Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
- Implemented site to site VPN in Juniper SRX as per customer. Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps
- Worked on wild fire advanced malware detection using IPS feature of Palo Alto.
- Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
- Configured rules and maintained Palo Alto Firewalls & analysis of firewall logs using various tools.
- Design for Guest Network and Mobile Access Network for NAC Solution, comprising of a Wireless LAN Controller solution in DMZs/Internet Gateways with Cisco ISE Appliances for NAC.
- Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of Cisco ISE Appliances in all WAN Consolidation Points, and Data Centers.
- Worked on Cisco ISE v2.1, ACS for providing secure network access.
- Configured virtual servers, nodes and load balancing pools on the F5 LTM 6400, 6800 devices for various medical/biomed applications and their availability
- Experience using Identity Authentication technologies, including Active Directory, LDAP, RADIUS TACACS, RSA, 802.1X, NAC, and token-based systems.
- Responsible for Juniper SRX firewall management and operations across our corporate networks.
- Design, and configuring of OSPF, BGP on Juniper Routers and SRX 5400/5600Firewalls
- Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
- Configure various LAN switches such as Cisco catalyst 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
- Maintained and created scripts in Python that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements
- Worked on Datacenter Migration project to migrate the existing 6509, 4509 devices to a Nexus 7010, 5010 and Nexus 2248 FEX based solution.
- Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
- Perform ISSU upgrade on Nexus 7010 devices by operating the supervisors in active/standby mode on the devices by determining ISSU compatibility.
- Experience on working scripting languages Power Shell and Perl for code upgrades and configurations of devices.
- Testing and Verification of Cisco core routers CRS-1 and GSR-12000
- Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
- Configured EBGP load balancing and ensured stability of BGP peering interfaces
- Conducted on site QOS testing and prepared reports for the engineering team on ways the networks could be improved
- Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
- Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
Confidential, Richmond, VA
Sr. Network Security Engineer
Responsibilities:
- Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E.
- Worked on OSPF, BGP and EIGRP routing protocols, sub-netting, NAT, DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP, RTSP & Multicasting protocols
- Design and implement Catalyst/ASA Firewall Service Module for various LAN’s.
- Designed 10 gigabit networks using Cisco Nexus 7000 series switches, Cisco 3800 series routers
- Worked on Cisco ASA 5580, Juniper NS5400, SRX550
- Deploy and support network load balancers, such as F5 LTM/GTM and configuration (Profiles, I Rules) of F5 Big-IP LTM-6400 load balancers
- Configured Virtual servers, pool, pool members, worked on load balancing methods for LTM
- Built B2B VPN connections to 3rd party vendors for access to branch facility and Data Center applications.
- Configuration, troubleshooting of Palo Alto Firewalls - PA200, PA 2K, PA 3K, PA 4K and PA5K series as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Created VSYS Builds from ASA to Palo Alto Panorama Database Zone, Access Zone.
- Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
- Monitoring and configuring Cisco 7600 routers and replaced old 6500 and WAN routers from DR testing site at data center.
- Implementing 3750 Stackable switches using Cisco Stack Wise technology. Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow.
- Involved in Firewall Policies implementation to meet access requirements of various teams. Worked on Cisco ASA/Juniper SRX Firewalls primarily with tasks involving policy changes, policy management as per vendor/client requirements add/design policies
- Used Fluke tool for monitoring WAN (both MPLS & ST) traffic and Wireshark for LAN traffic.
- Working Knowledge on wireless devices (5508,7500 WLC Controllers and 2500,3600,3700 Access points.
- Worked on Solar winds Orion for analysis and monitoring purposes.
- Performing SIP protocol packets flow using Wireshark.
- Worked on Infoblox for creating the DNS entries, A records and CNAMEs.
- Configuring VDC, VPC and FCOE, upgrading NX-OS for Nexus Family Switches.
- Provided proactive threat defence with ASA that stops attacks before they spread through the network.
- Maintaining and troubleshooting SAN backup networks.
Confidential, San Jose, CA
Network Engineer
Responsibilities:
- Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall
- Deploying Cisco routers and switched such as 7200, 3800, 3600 and 3500, 4500, 5500.
- Implemented TCP/IP,TFTP and related services like DHCP/DNS/WINS
- Check for DNS issues by pinging the server’s name. Experience with Wireshark, Test TCP& OPNET
- Escalating customer problems to management and support groups utilizing standard escalation model.
- Provided installation and initial user configuration of Nexus switches at the data center and providing IP addressing and different user session priorities on the switch.
- Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
- Correlates call issues with WAN performance for advanced troubleshooting
- Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices
- Configured and maintained SSL VPN, IPSEC VPN on ASA, Palo Alto and SRX series firewalls, Site-to-Site VPN between ASA Firewall and router
- Responsible for Data Center Migrations and its operations.
- Secure authentication, redundancy and troubleshooting issues on BIG-IP LTM, ASM, APM and edit policies on F5 network access control.
- Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Experienced in configuring Cisco ASA firewalls in various contexts and modes to have the network secure.
- Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN.
- Experience in migration from Cisco infrastructure to Juniper MX routers and switches such as EX and QFX-3500, QFX-5100
- Implement changes to the firewall rule base, network routing tables and ACL to allow only authorized users to access the servers.
- Created security policy according to user’s requirement in Cisco ASA-5580, Juniper-SRX-5800 and ISG-1000 Fire-wall using CLI & GUI.
- Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a data center access architecture
- Installed Juniper firewalls to replace existing Firewalls which increased network uptime.
- Experience in Layer 3 Routing protocol configurations: EIGRP, OSPF, BGP.
- Worked as senior engineer with Avaya System PHI migration, merging Voicemail system, custom dial planning.
- Designed and deploy various network security & High Availability products like Cisco ASA other security products
- Coordinate and perform VPN Lan2Lan as well as Remote VPN and Firewall security policies as well as NAT Configurations.
- Implemented Security policy by Configuring PIX firewalls.
Confidential
Network Engineer
Responsibilities:
- Develop and implement strategies to support the current and future needs of the company.
- Configured Cisco 2600/3600/7200 series routers using RIP, OSPF, EIGRP and tested authentication.
- Worked extensively on Checkpoint firewalls for analyzing firewall change requests and implementing changes into existing firewall policies, maintaining security standards
- Troubleshooting complex Checkpoint issues, Site-to-Site VPN related. Performed upgrades for all IP series firewalls from R75-R77.
- Migrated the rules from Checkpoint firewalls to ASA firewalls
- Identifying technical problems and debugged hardware and software related to LANs/ WANs.
- Implemented redundancy in Big IP F5 loads balancers to provide uninterrupted services to clients.
- Implementing and configuring F5 LTM for VIP and Virtual servers as per business needs.
- Switching related tasks included implementing VLANS, VTP and configuring ISL trunk on Fast - Ethernet channel between switches.
- Configured and implemented Nexus 5K and 2K in lab environment
- Created network diagrams under senior supervision using MS VISIO.
- Resolved all computer related problems, monitored and maintained system functionality and reliability by identifying ways to prevent system failures.