We provide IT Staff Augmentation Services!

Network Security Engineer Resume

Costa Mesa, CA


  • 4.8 years of experience in design, implementation, troubleshooting, development and maintaining enterprise security network systems in Data Center environment dealing with Checkpoint, Palo Alto and Juniper Firewalls, Cisco Routers and Switches in a Day - to-Day Schedule.
  • Intense knowledge of working and security aspects of TCP/IP protocol suites.
  • Installing, Configuring and end-end troubleshooting of Checkpoint, Palo Alto and Juniper Firewalls.
  • Hands on experience with designing, implementing and troubleshooting of site-to-site VPN services on Checkpoint and Palo Alto Firewalls.
  • Hands on experience on IDS and IPS systems.
  • Working knowledge on SIEM tool LogRythm and monitoring tool OP5.
  • Knowledge and experience of routing protocols RIP, OSPF, EIGRP and BGP.
  • Experience in implementing and troubleshooting VLANs, VTP, STP, RSTP, DTP, Root Guard, BPDU Guard, Port Fast, Uplink Fast, Backbone Fast, LACP and 802.1Q.
  • Working experience of protocols Frame relay, MPLS, EVPL, PPP.
  • Implemented redundancy with HSRP, VRRP, and GLBP technology.
  • Excellent in troubleshooting issues on NAT configuration and related access lists and DNS/DHCP issues within the LAN network.
  • Excellent problem solving, troubleshooting, and written documentation skills.
  • Efficient in preparing Technical Documentation using Microsoft VISIO.
  • Developed IT strategies, policies and procedures consistent with the businesses strategies and vision while effectively protecting: data confidentiality, integrity, and availability in turn providing security and limiting liability.


Cisco router platforms: 2500, 2600, 2800, 2951, 3600, 3700, 3800, 3925E, 7200, 7609.

Routing Protocols: RIP, OSPF, EIGRP, and BGP.

Cisco Switch platforms: 2900XL, 2950, 2960, 3560, 3750, 4500, and 6500.

Switching Protocols: VTP, STP, RSTP, MST, VLANs, PAgP, and LACP.

Security Protocols: IKE, IPsec.

Firewalls: Checkpoint, Cisco ASA, Cisco PIX

Cryptographic Algorithms: DES, 3DES, RSA, SHA, MD5, Diffe-Hellman Key exchange.

Load Balancer: Cisco ACE 4700 series, F5 Big-IP.

WAN technologies: FRAME RELAY, ISDN T1/E1 (PRI/BRI), PPP, ATM, MPLS, leased lines, DSL modems.

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, FDDI.

VOIP Devices: Cisco IP phones.

Operating Systems: Windows 2000/XP/Vista, Windows server 2003, Linux, Unix

Network management: Cisco Network Assistant, HP Openview, Solar winds.


  • Planning, designing, Installing and Configuring of Cisco Routers (1700, 1800, 2500, 2600, 3200, 3600, 3700, 3800 and 7200, 7609) & Cisco L2 & L3 Switches (2900, 3560, 4500 & 6500).
  • Configuring and implementing Routed and Routing protocols including: TCP/IP, IPX/SPX, RIP, RIP2, OSPF, EIGRP, IS-IS, BGP.
  • Designing & implementing Cisco 3-tier LAN Network Architecture (Core, Distribution and Access).
  • Configuring STP, RSTP, VLAN, VTP, SPAN port and Port binding.
  • Implementation of HSRP, VRRP protocol on routers.
  • Configuring Intrusion Prevention Systems (IPS) using Cisco Routers & configuring Intrusion detection system (IDS) using SNORT.
  • Implementing Cisco Secure Access Control Server (ACS 4.0) for Tacacs+/ Radius
  • Configuring Cisco Call Manager for VOIP solutions and designing video solutions like video conferencing.
  • Worked on different load balancing products such as F5’s - BIG IP, Cisco ACE
  • Configuring and Implementing IPsec and GRE in VPNS.
  • Installing & configuring firewalls like Checkpoint NG & NGX, Cisco ASA & Pix.
  • Planning and executing changes and upgrades to firewall software, per licensing agreement(s).
  • Planning and executing changes and upgrades to the operating systems of servers directly supporting firewall components and functionality.
  • Implement security policies using ACL, PIX firewall (515, 520), ASA & Routers.
  • Executing change requests to the firewall rule base.
  • Executing changes to the authentication configuration established at the user, client, and session levels.
  • Implementing changes to the network routing tables and ACLs.
  • Executing changes to the system back-up schedule.
  • Planning, Designing & Implementing VPN connections using Checkpoint, ASA, Cisco PIX, and Cisco Routers using site-to-site VPN’s.
  • Proposal & Deployment of security & Network connectivity details for Offshore Development Centers (ODC’s).
  • Implementing changes to the supported encryption configuration and domains of enabled client(s) to the firewall VPNs
  • Installing and maintaining SSL VPN’s, Cisco Easy VPN servers attaining the work from home concept.
  • Designing and Implementing of BCP (Business Continuation Plan) for project connectivity’s.
  • Designing and Implementing Remote access VPN server using Checkpoint & Cisco ASA.
  • Disaster Recovery Planning.


Network Security Engineer

Confidential, Costa Mesa, CA


  • Complete rename of all firewall objects and rules and upgrade of checkpoint firewalls.
  • Design of traffic using AlgoSec.
  • Responsibilities included design, implementation, support and administration of multiple security products CheckPoint Provider-1 and VSX.
  • Responsible for managing the security tools such as Checkpoint Firewall, RSA Security
  • Designing and establishment of the VPN environment for partner connectivity.
  • Design and creation of firewall diagram using MS-Visio.
  • Decommission and migration of the partner VPN tunnels to the new environment.
  • Troubleshooting of network connectivity and established firewall rules.
  • Migration of firewall rules from CISCO ASA to checkpoint.
  • Automate the process of vulnerability management and policy compliance across the enterprise, providing network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk.
  • Install and maintain security infrastructure, including Firewall, IDS/IPS, log management, and Security Information Event Management tools.
  • Perform operating system, network and application vulnerability assessments to identify security exposures in the environment.
  • Document and perform system upgrades, regular product updates, emergency patch applications, and define monitoring requirements.


Network Security Engineer, Canton, OH


  • Worked extensively in Configuration, Implementation, and Change requests administration of Checkpoint, Palo Alto and Juniper Firewalls.
  • Configuring and troubleshooting site-to-site IPSEC VPN tunnels on VPN concentrators and ASA firewalls with private vendors
  • Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, InterVlan routing, LAN security.
  • Troubleshoot network issues using Checkpoint Smart Tracker and CLI (clish and bash mode)
  • Auditing and removing old rules which are no longer in use.
  • Generating hit counts for all the rules to provide priority assessment to upper management.
  • Documentation involved preparing MOPs, Change Request Sheet, VPN Specification Sheet, also creating and submitting Remedy tickets.
  • Experience with Juniper JUNOS operating system.
  • Analyzed network problems and coordinated resolutions. Monitored network infrastructure traffic and access logs.
  • Worked on EasyIT and STIM Solution for Network Management System and Ticketing.
  • Worked with LogRythm Log servers for Security Information and Event Management (SIEM).
  • Designing and implementing staging and production network scenarios in the LAB environment.


Network Consultant

Environment: Cisco ASA, Check Point Firewall, Routing & Switching, Cisco Nexus, Juniper, F5 LTM/GTM


  • Experience working on Network design and support, implementation related internal projects for establishing connectivity in various field offices and Datacenters.
  • Configure GLBP, VLAN Trunking 802.1Q, STP, Port Security on Catalyst 6500 switches.
  • Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, InterVlan routing, LAN security.
  • Managing enterprise BGP setup by configuring and troubleshooting BGP related issues
  • Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture
  • Troubleshoot network issues using Checkpoint tracker tool.
  • Identifying and removing rules which are no longer in use.
  • Generated hit counts for all the rules
  • Configuring and troubleshooting site-to-site IPSEC VPN tunnels on VPN concentrators and ASA firewalls with private vendors.
  • Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) for managing the traffic and tuning the load on the network servers.
  • Implementing iRules on LTMs for http traffic redirection
  • Setting up Wide IPs for customer application on Big-IP F5 GTM to provide geo redundancy between data centers
  • Worked on Datacenter Refresh project - moving from Cisco to Juniper core.
  • Documentation involved preparing MOPs, Work Orders, DCE cabling and NEMS request. Also creating and submitting Remedy tickets and Homer work orders.
  • Worked on configuring MPLS based network using Cisco 3845.
  • Upgrade from 1gig to 10gig links between core routers and GGSN's while configuring BGP and MPLS connectivity between them.
  • Decommissioning Juniper M20s and M120s from various sites within T-Mobile network
  • Installed, configured and managed DHCP and DNS servers.
  • Analyzed network problems and coordinated resolutions. Monitored network infrastructure traffic and access logs using Solar winds
  • Worked on commissioning and decommissioning of the MPLS circuits for various field offices.
  • Worked on HP open view map for Network Management System and Ticketing.
  • Worked on the security levels with RADIUS, TACACS+.
  • Designing and implementing production network scenarios in the LAB environment


Network Engineer

Environment: Cisco Routers 7200, 3800, 3700, 2800; Cisco Catalyst switches 6500, 4500, 3500, 2900; Cisco Nexus Switches 5000, 2000; Cisco PIX Firewalls 535, 525; Cisco ASA 5550, 5520; VTP, VLAN and 802.1Q trunking; Routing Protocols OSPF, BGP; VPN, Frame Relay, Big-IP F5 Load Balancer, Citrix Netscalers; Solar winds; MS Visio


  • Installed, configured, and managed Cisco routers such as 7200 series, 3800 series, 3700 series, 2800 series and Cisco Catalyst switch series 6500, 4500, 3500, and 2900.
  • Designed a reliable and fully redundant network implementing routing protocols OSPF and BGP
  • Implemented Layer 2 security by enabling STP, BPDU& Root guard, locking down VLAN trunking.
  • Upgraded the data centre network environment with Cisco ASA 5520. Configured Access Control Lists on Cisco Switches. Also configured routers as terminal servers.
  • Managed and configured HSRP, VLANs, VTP, port security and 802.1Q trunking on Fast Ethernet channel between switches. Designed schemes for IP Addressing and subnetting.
  • Good Knowledge on Access Control Lists, Juniper SRX 5800 and Cisco Firewalls - ASA and FWSM.
  • Migrated from Cisco PIX 500 to Cisco ASA5500 series firewalls and configured syslog messages.
  • Installation, Configuration, and Administration of Cisco ASA5500 series firewalls.
  • Involved in implementing VPN connectivity for new sites, includes client and site-to-site VPN’s
  • Configured Site-to-Site GRE over IPSEC VPN using Cisco SDM feature for easy deployment at various locations
  • Configured and implemented security policies on Firewalls FWSM.
  • Implementation and configuration of F5 Big-IP LTM-6400 load balancers.
  • Secured network access using Cisco Secure (RADIUS/TACACS+).
  • Implemented the Cisco Secure Access Control Servers for AAA security to offer centralized command and control for all user authentications.
  • Responsible for designing and installing Virtual Private Networks. T1/DSL LAN based internet connectivity
  • Installed redundant paths on devices using HSRP
  • Performed troubleshooting and configuration aspects on the WAN Frame Relay
  • Responsible for layer 2 security, securely managed all switches and routers and deployed a syslog server to allow proactive network monitoring.


Network Intern

Environment: Cisco routers 3700, 3800, 7200, 7604, Cisco catalyst series Switches 2960, 3750, 3560, 6500 VOIP equipments, MPLS, Frame Relay, VRF, DSLAM, RIPv2, OSPF, BGP, IPSEC, VLAN, STP, VTP, HSRP, Checkpoint, Cisco ASA.


  • Configuration of Cisco routers 3700 series, 3800 series, 7200 series, 7600 series and Cisco Catalyst series switches 2960, 3750, 3560, 6500 at central and remote locations.
  • Worked with senior network engineers for multiple site Upgrades for data and VOIP equipment’s and in re-configuring the new device and making sure projects are done under defined project timelines.
  • Providing Network Support in the design and implementation of P2P over T1s Frame Relay, IP over Frame Relay, MPLS over Frame Relay and DSL over ATM, Gigabit Ethernet and VRF.
  • Assigned and configured IP VRF (Cisco) forwarding for customer usage of the MPLS network.
  • Involved in the implementation of VRF module. VRF which adds the IP capability to DSLAM. VRF takes care of IP related configurations namely VRFs, interfaces, IP addresses, and routes.
  • Configuring and troubleshooting routing issues related to protocols like RIP, OSPF, BGP.
  • Implemented several MPLS Solution involving Routing protocols like OSPF, BGP.
  • Managing and Working with IPSEC tunnels, LAN to LAN VPN implementations.
  • Planning, Designing & Implementing VPN connections using site-to-site VPN’s.
  • Maintaining and providing Level 2 and Level 3 technical supports for all network related issues and providing the requirements of the customer by interacting with the customer on daily basis via email and phone.
  • Responsible for managing and configuring Layer 2 and layer 3 devices for customer’s network.
  • Configuring and troubleshooting QOS, Vlan, Spanning Tree, VTP, HSRP, Trunking.
  • Making configuration change recommendation for routers, switches and firewalls.
  • Managing and working with VPNs within the organization and to third-party entities.
  • Performing an analysis of source host and destination path by tracing it through the network router and switches as well as the firewalls it passes.
  • Attending the managerial and Technical meetings to discuss the current progress of the project.
  • Creating a detailed design drawing of the sites, which are under up-gradation and getting it validate from the technical design team.
  • Maintaining and managing the remote site network, consisting of QoS design, IP addressing, Visio Drawings.

Hire Now