We provide IT Staff Augmentation Services!

Sr. Network And Security Engineer Resume

Pittsburgh, PA

SUMMARY:

  • 7+ years of experience in Configuring, Implementing and Troubleshooting routers, switches and complex network designs.
  • Strong hands on experience in installing(rack and stack), configuring, CSM and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500, 1800 series Routers and Juniper J series j230, M 320 and MX960 routers, Cisco Catalyst 6500, 4500, 3750, 2950, 3500XL series switches.
  • Work experience with NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cisco (ASA, PIX), Juniper firewalls (SRX & SSG), Cryptography, Checkpoint R77 Gaia, R75, R70, SPLAT, IPSO, Provider - 1, MDM, VPN 3000 concenter, Site to Site IPsec and remote access VPN.
  • Configure Fortinet Networks Firewall models (100E, 200E, 600D etc.) as well as a FortiManager to manage large scale firewall deployments and FortiAnalyzer to collect logs from all FortiGate firewalls.
  • Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
  • Experience in building, configuring and troubleshooting Cisco ASA 5540, 5550 and 5580 firewalls with firepower, managing them via CLI, ASDM and CSM.
  • Configured and troubleshooted on Juniper SRX240, SRX 5600, SRX 1400, SSG520M, SSG550M using CLI and NSM.
  • Proficiency includes checking server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, troubleshooting, analyzing and resolving security breaches and vulnerability issues
  • Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
  • Implemented and maintained Big-IP F5 load balancing solution across multiple datacenters
  • Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting including DNS, WINS, LDAP, DHCP, FTP, TFTP, HTTP, HTML, HTTPS, SMTP, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.
  • Experience in working with Cisco Nexus Switches in creation and management of VLANs, VPCs, VDCs and VRFs for Nexus 7K, 5K, 2K devices.
  • Experience with McAfee and Splunk SIEM tools for log analysis and threat management analysis.
  • Used tufin to remidiate non usage rules in checkpoint firewalls.
  • Working on firewall optimization tool Tufin to generate different reports for rules usage, object usage to find out what rules need to be modified.
  • Using Infoblox IP Address Manager (IPAM) provides a centralized management of the IP address space, including IPv4 and IPv6 Address Management.
  • Experience in migrating Check point to the Cisco ASA Devices. Also, migrating from Cisco to Palo Alto.
  • Experiences dealing with OS upgrading/Patching for various vendors like F5 (TMOS), CISCO (IOS, NX-OS), PANOS, JUNOS, Web sense, Bluecoat.
  • Extensively used the packet capture tools like TCP dump, Wireshark and snoop on the devices to identify the potential network issues.
  • Experience in testing Cisco routers and switches in laboratory scenarios and then deploy them on site for production.
  • Excellent communication skills, Enthusiastic, motivated and a team player
  • A highly organized individual who adopts a systematic approach to problem solving, effectively analyzes results and implements solutions
  • Have experience and knowledge on IPSEC VPN, SSL VPN, GRE tunnels, DMVPN tunnels and also migrating IPSEC VPN’s from one network to another network.
  • Have good knowledge of Cisco ACS 5.x version and Cisco ISE

PROFESSIONAL EXPERIENCE:

Confidential, Pittsburgh, PA

Sr. Network and Security Engineer

Responsibilities:

  • Maintain and implement all Checkpoint firewall, Cisco ASA firewall and Paloalto change requests from clients. This includes assisting in the correct determination of application flows necessary.
  • Provide necessary problem determination in the Checkpoint firewall environment which has Gaia R77, R75, SPLAT, Provider-1 and VSX .
  • Configuration and Maintenance of CheckPoint R75, R75.40 Gaia Firewalls.
  • Migration of the firewall rules from Cisco ASA, Checkpoint to Palo Alto firewalls using migration tool from PAN.
  • Managed global policy, global groups and global objects in checkpoint Provider-1/ Multi Domain Manager.
  • Managed the security infrastructure of the service provider which includes Fortinet Firewalls, Cisco ASA’s, Juniper SRX, and PaloAlto.
  • Responsible for firewall rule set migration from Cisco ASA, Checkpoint to newly implemented Palo Alto.
  • Configuring HA on checkpoint security gateways using cluster XL and PaloAlto firewalls.
  • Integrating Panorama with PaloAlto firewalls, managing multiple PaloAlto firewalls using Panorama
  • PaloAlto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
  • Configured and maintained IPSEC and SSL VPN's on PaloAlto Firewalls using Global Protect .
  • Strong working knowledge of Cisco ASAs including software versions 8.x and 9.x
  • Upgrading checkpoint and Cisco ASA firewalls in cluster with minimal downtime.
  • Extensive usage of firewall traffic analyzing tools such as tcpdump, snoop, fw monitor, packet captures, and debugs for troubleshooting complex communication problems.
  • Used firewall optimization tool Firemon for generating usage reports and disable the unused rules accordingly.
  • Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of the Palo Alto placed in the Data Center with MS Visio.
  • Design and build utility tools for fault detection and automation of various operational tasks related to management of automation.
  • Infrastructure automation design and implementation using powershell, ansible, jenkins, python, shell.
  • Used Splunk SIEM tool to check the logs, create reports and dashboards.
  • Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
  • Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation PaloAlto appliances serving as firewalls and URL and application inspection.
  • Configure Virtual Servers, Nodes, and load balancing Pools in F5 BigIP LTM.
  • Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
  • Configured Session based persistence and configuring i-Rules for specific redirection purpose and also i-rules for persistence
  • Configure SSL VPN to facilitate various employees access internal servers and resources with access restrictions
  • Used Bluecoat proxy servers for URL and content filtering.
  • Using Infoblox IP Address Manager (IPAM) provides a centralized management of the IP address space, including IPv4 and IPv6 Address Management.
  • Document test cases, perform operational readiness testing to ensure the networking environment performs as required and document actual results.
  • Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
  • Have experience on ITIL methodology and SOX/PCI compliance process.

Confidential, Phoenix, AZ

Network Security Engineer

Responsibilities:

  • Troubleshoot and hands on experience on security related issues on Checkpoint R75, Cisco ASA, Juniper SRX/SSG Net screen firewalls.
  • Implementing and troubleshooting firewall rules in Checkpoint R77.20 Gaia, Cisco ASA 5540, 5580 Implementing and troubleshooting firewall rules in Juniper SRX 5400, 550, 5600 Checkpoint R77.20 Gaia and VSX as per the business requirements.
  • Configured and deployed the NGFW Firewall Features in Fortinet, like App control, Web Filter, FSSO, Proxy, and DNS, IPS/IDS.
  • Hands-on experience of configuring ASAs into multiple context, Active/Active failover, Active/Standby Failover, Policy Maps, Layer 2 attack prevention and Cisco Sourcefire.
  • Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments
  • Upgrade of Juniper firewalls and management servers from Juniper SRX 110 to SRX 5400
  • Extensively Used Tufin Secure track for optimizing the firewall policy and policy clean up.
  • Working on firewall optimization tool Tufin to generate different reports for rules usage, object usage to find out what rules need to be modified.
  • Worked on F5 BIG-IP Local Traffic Manager (LTM) to automate, and customize applications in a reliable, secure, and optimized way
  • Established IPSec VPN tunnels between branch offices and headquarter using Cisco ASA Firewall
  • Programmed iRule in F5 BIG-IP device based on F5's exclusive to unprecedentedly control and directly manipulate and manage any IP application traffic.
  • Expertise in the administration, support and operation of the Orion SolarWinds platform including Network Performance Monitoring (NPM), Network Configuration Manager, Server & Application Monitor (SAM), NetFlow, Traffic analyzer and IP address Manager.
  • Responsible for Check Point, Cisco ASA and Palo-Alto firewalls configuration and administration across global networks for providing IPS/IDS.
  • Upgrade of Juniper firewalls and management servers from Juniper SRX 3750 to SRX 6509.
  • Worked on the migration project of Juniper SSG to Juniper SRX firewalls.
  • Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
  • Implemented Cisco ISE for delivering consistent, highly secure access control across wired and wireless multivendor networks and remote VPN connections.
  • Configured and worked on Juniper MX240 and MX40 router, and optimized network for application delivery in virtualized network environment.
  • Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
  • Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
  • Optimizing Citrix HDX Protocols for remote agents located across the globe.
  • Deployed Citrix UPM solution to reduce profile load time and corruptions.
  • Configured F5 GTM Wide IP, Pool Load Balancing Methods, probers and monitors recreating Http and https redirect VIP's to client from data servers.
  • Worked on F5 issues using packet capture like TCP dump, Wireshark and Solarwinds and curl commands.
  • Configuration of Checkpoint R77.30 series firewalls and implementation for outbound traffic via blue coat proxy server.
  • Extensive implementation of firewall rules on Juniper SRX 3600, SRX 650 and SRX 220 on a daily basis, using NSM and SPACE as well as CLI when needed.
  • Worked with level-2 team on migration project of CMA's from one Provider-1 to other Provider-1.
  • Troubleshooting and Configuration of Cisco ASA 5580, 5540, FWSM firewalls.
  • Worked on changing global objects and global rules to local objects and local rules for migration project.

Confidential, Morristown, NJ

Network Engineer

Responsibilities:

  • Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
  • Responsible for installation, troubleshooting of firewalls (Cisco firewalls, Checkpoint R70 firewalls) and related software, and LAN/WAN protocols
  • Worked on the migration of Cisco PIX firewalls to Cisco ASA firewalls.
  • Migrated legacy Cisco PIX firewalls to new Cisco ASA firewalls also upgraded IOS images on ASA firewalls.
  • Extensive implementation of firewall rules on Juniper SRX 3600, SRX 650 and SRX 220 on a daily basis using NSM and CLI.
  • Worked on an ansible to provision AWS services and infrastructure automation in IAC environment and for dynamic scaling-up and scaling-down of machines.
  • Experience building firewalls, mainframes, and UNIX based platforms at the data center and implementing the initial policies, configuring NAT, Routing etc
  • Implementing IPsec and GRE tunnels in VPN technology.
  • Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches.
  • Configuring access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
  • Configured inside ACL and interfaces, outside ACL and interfaces.
  • Configured NAT and PAT policies.
  • Configuration and troubleshooting of EIGRP, OSPF, BGP.
  • Design OSPF areas for reliable Access Distribution and for Core IP Routing.
  • Support the project manager in defining the work and the associated effort, duration, and resource needs to deliver the solution.

Confidential

Jr. Network Engineer

Responsibilities:

  • Troubleshooting using various command tools on CISCO routers and network segments at various OSI layers. Maintenance of Cisco 2500, 4000, 6500 series routers.
  • Worked on HSRP for hop redundancy and load balancing.
  • Configured the Cisco router as IP Firewall and for NATing Configured RSTP and used VTP with 802.1q trunk encapsulation.
  • Designed ACLs, VLANs, troubleshooting IP addressing issues and performing back up of the configurations on switches and routers.
  • Secured configurations of load balancing in F5, SSL/VPN connections, troubleshoo t CISCO ASA firewalls.
  • Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
  • Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
  • Responsible for Internal and external accounts and, managing LAN/WAN.
  • Co- ordinating with the system/Network administrator during any major changes and implementation
  • CMS and Security Reporter are couple of Security applications supported.
  • Creation and implementation of Filters on the Routers for Security purpose.
  • Remotely Configuring the Network.
  • Support and maintain networking devices, cabling and standalone systems as part of job duties. Maintain systems up to date with the latest OS patches. Install different software on the systems. Install and managing network devices including Hubs, Switches.

Hire Now