PROFESSIONAL SUMMARY:

• Having around 12 years of experience in Networking (LAN& WAN). Worked extensively in infrastructure management services in 24/7 production environment.
• Responsible to rise and implement necessary changes, requests as per ITIL Standards for all network and devices in IT infrastructure and data centres.
• Participate in tier 2 and tier 3 security operational technical support for the complete network (LAN and WAN) including complex technologies which involved in data centres.
• Implement, support, and evaluate security - focused tools and services.
• Expertise and identify security issues, risks, and develop mitigation plans.
• Familiar in Nexus Switches.
• Evaluate and recommend new and emerging security products and technologies.
• Customizing the signature policy and configuring Alerts on reaching the attack threshold for the signature in the IPS (Intrusion Detection / Prevention System).
• Configured Crypto maps in Cisco VPN concentrator between branch locations and data centre.
• Worked on Cisco wireless access points.
• Worked on Citrix, F5 Load balancers.
• Experience in CSR generation, installation, building new profile, mapping pool members and new VIP builds in F5.

Confidential

Network Security Engineer

Responsibilities:

• Working on solutions to migrate legacy data center to evolve new data center and disaster recovery plans by meeting the compliance standards.
• Key resource in CISO team to report and assess the impact on the business unit, customer caused by theft, destruction, alteration or denial of access to information and reports to CIO and senior management.
• Deeply involved in Cybersecurity frame work, Threat analysis, Vulnerability assessment and Penetration testing and perform risk analysis for Wisconsin Confidential .
• Troubleshooting all the network and security related tickets.
• Implemented NIST and ISO technical controls on Network and Security devices by following the security standards provided by DOD guidelines.
• Providing Network and Security operational support for Confidential, Division of Criminal Investigation, Division of Law Enforcement Services and other Crime Labs.
• Involved in Network and Security assessment and support for Confidential and Confidential used by DNA identification and forensic teams.
• Supporting MorphoIdent technology used by Sheriff's offices across different locations in USA and also handled connectivity and security issues.
• Reviewing STIGs provided by Confidential and make sure to accredit the network and security devices to meet compliance.
• Handling Network management and HTTP intelligence and protocol assessment in Confidential .
• Blocking threat ip’s daily on the firewalls which are extracted from Confidential .
• Working on Nexpose to reduce the risk of breach to the network architecture and work towards fixing the weak points by scanning perimeter devices.
• Involved in implementing security mitigating controls and remediation process driven by Nexpose.
• Expert knowledge on re mediating the permissive rules on the perimeter firewalls in data centers.
• Deep troubleshooting knowledge on VPNs, NAT, PAT and other involved services in firewalls.
• Expertize in troubleshooting and enable required ACL’s across multiple firewalls by following the network and security zone matrix by considering the application security and Risk Analysis.
• Extensive knowledge on security tools like Tufin to remove the shadowed, unused ACL's and remove the permissive rules from firewalls.
• Worked on Cisco Clock Signal Component Issue to replace critical routers in data centers.
• Operational knowledge in implementing and supporting TORs, switched networks, including ( Underlay, Overlay, VTP, STP, HSRP, trunking, VLANs port security and monitoring) in a multi-vendor environment.
• Operational level knowledge and experience in the deployment and maintenance of service provider network routing architectures using protocols such as OSPF, BGP, EIGRP and RIP.
• Pinpoint the weak links in the attack chain validate and prioritize the exploitation modules and fix the weak points with Metasploit.
• Generate pen test on the most required event sources which are prone to attacks.
• Enabled required sensors, egress traffic enforcement policy and signatures in Sourcefire IPS to prevent attacks from the internet.
• Performs Host-based Forensics and Network Forensics when required.
• Working on F5 suite to load balance the core applications with defined policies and rule sets.
• Involved in design and implementation of 802.1x for the entire organization with Cisco ISE based control solution to meet authentication, authorization, and accounting (AAA) service.
• Evaluating the WSA appliance for URL filtering by replacing with existing Websense.
• Implemented Tufin Orchestration suite to implement and audit the network changes in multiple devices like Firewalls, Routers, Switches etc according to PCI DSS and USP.
• Implemented contexting, Failover, NAT functionality, Access rules in DC and DR enterprise firewalls like ASA 5580 and in other all cisco firewalls which are located in different locations.
• Established OTV technology on ASR routers between DC and DR locations.
• Implemented core switching technology in Nexus switches.
• Various DMVPN tunnels are configured to access different web services with 3 party vendors and different sheriff's offices.
• Involved to advertise required routes, networks and subnets from Department of Administration.
• Point of contact for Network Security operations for various divisions, departments.

Confidential

Network Security Engineer

Roles &Responsibilities:

• Participate in tier 2 and tier 3 security operational technical support for the complete network (LAN and WAN) including complex technologies which involve in data centres.
• Implement, support, and evaluate security-focused tools and services.
• Identify security issues and risks, and develop mitigation plans.
• Checking and configuring access lists.
• Evaluate and recommend new and emerging security products and technologies.
• Customize the signature policy and configuring Alerts on reaching the attack threshold for the signature in the ISS (Intrusion Detection / Prevention System).
• Configure Crypto maps in Cisco VPN concentrator between branch locations and data centre.
• Configure and implement firewalls like Cisco ASA Firewall/FWSM, VPN Client.
• Participate in IOS upgradations for firewalls, routers and other network and security devices.
• Perform Natting rules & access lists in firewalls, routers in order to establish the connectivity between internal and external network.
• Configure and troubleshooting Site-Site VPN’s, in Cisco routers/firewalls
• Support Content Security Modules in firewalls to control the URL filtering.
• Work on Websense to enable Internet Access Policy for different departments in the IT Infrastructure.