We provide IT Staff Augmentation Services!

Network Security Engineer Resume

Cabazon, CA

SUMMARY:

  • 7+ years of professional experience in Network Engineering with Cisco Certified Network Engineer, performing Network analysis, design, Implementing, planning with a focus on performance tuning and support of large Networks.
  • Strong knowledge in Cisco Routing, Switching and Security with Cisco hardware/software experience.
  • Extensive work experience with Cisco Routers, Cisco Switches, Load Balancers and Firewalls.
  • Firewall monitoring/administration with iptables, pf, and Palo Alto Pan OS.
  • Up - grading of Cisco-IOS & firmware of different Cisco devices and modules.
  • Experience on Palo alto Pa-500, PA-3k, PA-5k series firewalls and panorama. as well as a centralized management system (Panorama) to manage large scale firewall deployments.
  • Experience in Manage and maintain Check Point VPN-1 firewall, strong abilities in installation and configuration of Check Point security Gateway, Smart Console and Smart Center server.
  • Working on Firewall optimization tools like Tufin Secure track and secure change.
  • Migration of firewall rules from Cisco ASA, Checkpoint to Palo Alto firewalls using migration tool from PAN.
  • Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
  • Responsible for Check Point and Cisco ASA firewall administration across global networks.
  • Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
  • Extensive knowledge about Amazon Cloud (AWS) and Cisco Meraki Dashboard/ Meraki MX64 Firewall and Cisco ACI.
  • Configuring DMVPN tunneling between the branches.
  • Implementing QOS and Content Filtering on Meraki
  • Configured and implemented multi-data center OTV for data replication and disaster recovery.
  • Worked with team to complete data center using OTV data connection between the two data centers.
  • Running packet capture on Wireshark and Meraki to monitor the internet traffic flow
  • Good knowledge in network hardware and technologies including routers, Black listing and White listing of web URL on Bluecoat Proxy servers.
  • Experiences with using Virtualization tools like Citrix, VMware, Hyper V
  • Configuring Site-Site VPN on Cisco ASA and Checkpoint Firewall with R77 GAIA.
  • Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
  • Advanced knowledge, design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77 .
  • Good understanding of NFV concepts and working knowledge developing VNF Manager
  • Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
  • Experience deploying BIG-IP F5 LTM Load Balancers for load balancing and traffic management of business application .
  • Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco Sourcefire IDS/IPS and IPSEC/SSL VPN .
  • Knowledge in Documenting and preparing the Process related Operational Manuals
  • Finely tuned analytical/critical thinking and debugging skills with excellent verbal and written communication skills.

PROFESSIONAL EXPERIENCE:

Confidential, Cabazon, CA

Network Security Engineer

Responsibilities:

  • Responsible for installation, configuration, maintenance and administration of Palo Alto firewalls PA-7k, PA -5k and PA- 500 and PA- 200 firewalls.
  • Managing and added new Palo Alto devices to Panorama.
  • Implementing firewall rules using Palo Alto panorama, Checkpoint smart dashboard, Provider- 1 and Cisco CSM.
  • Worked on Palo Alto APP-ID, User-ID and other security profiles like Anti-virus, Threat Prevention, URL-filtering and Wildfire etc.
  • Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewalls.
  • Performing backups and upgrades from time to time on different type of firewalls mostly on Palo Alto and Cisco ASA firewalls.
  • Performed firewall migration from Cisco ASA platforms to Palo Alto firewalls using Palo Alto conversion tool.
  • Performed hardware refresh in the ACI infrastructure by installing the new hardware for the leaf switches from Nexus 9396 to Nexus 93180-YC in multiple data center locations.
  • Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /WAN.
  • Configuring DMVPN tunneling between the branches.
  • Responsible for Configuration of Azure API gateway service.
  • Successfully deployed new ASA Firewalls (5585's) dedicated to ACI infrastructure in multiple Cisco data center locations.
  • Worked on extensively on troubleshooting multiple issues and driving Incident calls to resolution by doing packet capture techniques and performing other troubleshooting scenarios.
  • Configuring and troubleshooting Access-lists, Service Policies, and NAT rules, Network Object Groups, Service Object Groups on ASA 5585 and 5505 Firewalls.
  • Experience in implementing, designing and supporting Cisco wireless controllers LWAPP environment which supports both 802.11n and 802.11b/g.
  • Successfully launched Brocade Flow Optimizer, the first SDN app based on Brocade SDN controller that provides visibility of large flows in the network.
  • Installing and configuring F5 LTM load balancer in Active-Standby mode and Creating Virtual Servers, VIP’s and server pools based upon application requirements.
  • Supported remote LAN and WAN hardware at remote datacenters, working with operations and network technical teams globally
  • Configured ACI Policies, Tenants, Bridge Domain, Private Networks, Contracts and Filters for new implementations and supporting the existing applications.
  • Performed hardware refresh in the ACI infrastructure by installing the new hardware for the leaf switches from Nexus 9396 to Nexus 93180-YC in multiple data center locations.
  • Deployed new leaf switches in the infrastructure as part of the DC expansion.
  • Successfully deployed new ASA Firewalls (5585's) dedicated to ACI infrastructure in multiple Cisco data center locations.
  • Have in-depth knowledge on Citrix NetScaler and Cisco ACE load balancers.
  • Performed upgrading of load balancers from Cisco ACE to Citrix NetScaler load balancer to improved functionality, reliability and scalability in the system.
  • Load Balancing, SSL Offloading, Content Switching, Headers, Policies, ICA proxy, PBR, GSLB, NetScaler Gateway, Session Profiles/Policies, VDX/SDX configuration.
  • Experience in implementation of new VPX/SDN devices for supporting the load balancing.
  • Experience on load balancing strategies/techniques, expertise in application switching/traffic management, knowledge of persistence and SSL certificates
  • Worked on the Bluecoat proxies for URL and content filtering solutions.
  • Performing Firewall rule audit and Firewall policy optimization using Tufin analyzer tool.
  • Working on trouble tickets in remedy ticketing system which comes to our queue.
  • Participating in 24*7 on-call support and implementing changes in different time zones as per the client requirements.
  • Continually monitor, assess and improve network security, test and implement new security technologies.
  • Profound knowledge of VPN (all types), NET APPS Filler FAS (2000, 3000, 6000 series models), NFS, CIFS Protocols in NET APPS Filler, SDLC, STLC, BLC, Cloud Computing, VMware, vSphere, FLEX POD (Product of VMware, NET APPS, CISCO) and CUCS (Cisco Unified Computing System
  • Implementing QOS and Content Filtering on Meraki
  • Implementing Layer 3 firewall rules and policies on Meraki
  • Concept testing in datacenter lab with Open Contrail as SDN controller, OpenStack for web/app/database server virtualization, and vSRX firewall as VNF.
  • Experience with LTM & GTM F5 component to provide high availability with providing services across datacenters.

Confidential, Highlands Ranch, CO.

Network Support Engineer.

Responsibilities:

  • Network Security Engineer with experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
  • Implemented and configured firewall rules in Checkpoint Gaia R77.20, R75, VSX and Palo Alto Pa-5K, Pa- 3000 series, panorama.
  • Working with app teams and engineering teams to review the requests before they get implemented.
  • Created virtual systems (firewalls) in the Palo Alto and Checkpoint firewalls.
  • Review of Firewall Access requests to ensure adherence to enterprise security standards
  • Escalate Firewall Requests with violations against the Enterprise policies to Security Architecture team for further analysis and review.
  • Responsible for configuration and support for contrail, Aruba wireless controllers and Access Points.
  • Primarily worked on Checkpoint Security Gateways running R77, R76, and R75 Gaia Firewalls
  • Implementing and troubleshooting firewall rules in Checkpoint R77 Gaia, R75.40, VSX also managing 15k, 41k series checkpoint appliances, Open servers as per the business requirements.
  • Performing creation and deletion user accounts and global group’s creation in global policy in Provider-1.
  • Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPsec/GRE to GET VPN.
  • Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IPsec VPN tunnels.
  • Supporting data center consist of Nexus 7k, 6500, 3750x, 3850x, Various Cisco router 39xx, 29xx, 28xx and 4431 equipment and install new products and debug network insures.
  • Adding firewall rules in checkpoint smart dashboard as per user requirements.
  • Extensively worked and still working on ACI migrations, where we are moving all the existing VM's and Bare Metal servers from Traditional (IOS/Nexus) environment to ACI Infrastructure.
  • Worked on integrating existing Layer 2 and Layer-3 networks with ACI.
  • Moderate knowledge in configuring and troubleshooting Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics.
  • Upgrading and applying hot fixes to checkpoint firewalls in the maintenance window.
  • Built site to site VPN and any connect VPN connections using Cisco ASA firewalls.
  • Lab Implementation of multiple security contexts in ASA firewalls and Checkpoints configures redundancy (Active-Active failover and active-standby failover) among them.
  • Provided senior network support for over 1500 ASA firewalls and F5 LTM support.
  • Provided support of F5 BigIP and F5 GTM’s load balancer network issues and changes.
  • Troubleshooting the VPN tunnels by analyzing the debug logs and syslog’s in firewalls.
  • Worked on F5 and CSM load balancers deploying many load balancing techniques with multiple components for efficient performance.
  • Automated network implementations and tasks and designed monitoring tools using python scripting.
  • Implementing and configuring F5 LTM’s for VIP’s and Virtual servers as per business needs.
  • Configured ACLs in Cisco 5550 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT Control using Object NAT.
  • Adding Websites to the URL filtering block list in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
  • Experience with cloud services like AWS and Microsoft Azure.
  • Successfully installed Palo Alto PA-3060 firewall to protect data centers.
  • Running packet capture on Wireshark and Meraki to monitor the internet traffic flow
  • Provided support of F5 BigIP and F5 GTM’s load balancer network issues and changes.
  • Maintenance of Cisco ACS server - Authenticating, Authorization and Accounting for several Network Devices in the environment
  • Developing a stateless firewall in Lab Environment using RYU SDN controller to filter network traffic in both directions, Technologies used are Python, SDN, Mininet, OpenFlow switches in both Lab and Production Environments
  • Monitored LAN/WAN related hardware and coordinate with vendor to run intrusive testing to avoid downtime worked on leading research and engineering team on rapid prototyping next generation cloud computing and software defined networking (SDN) products and services
  • Participated in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short- and long-term planning, implementation, project management and operations support as required.

Confidential

Jr. Network engineer

Responsibilities:

  • Involved in all technical aspects of LAN and WAN projects including, short- and long-term planning, implementation, project management and operations support as required.
  • IOS upgrades and backup of Cisco routers and Switches.
  • Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
  • Troubleshoot and fix any backup and monitoring systems related issues in conjunction with Systems team and external vendors
  • Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like pre-emption.
  • Work related to Inter-vlan routing, redistribution, access-lists and dynamic NAT’ing
  • Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
  • Extensively worked on setting up WLAN and configure cisco AP’s.
  • Involved in design and deploying various network security & High availability products like Cisco ASA and other security products.
  • Created the foundation for the dynamic and automated data center with VMware ESX and ESXi.
  • Support customer with the configuration and maintenance of ASA firewall systems.
  • Troubleshoot and resolved dynamic routing, Ethernet switching and host connectivity issues in a window and network environment.
  • Dealt with the service providers in the case of WAN outages.
  • Created & documented wiring and network diagram using MS- Visio.

Hire Now