We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

Houston, TX

PROFESSIONAL SUMMARY:

  • Network Engineer having 7+ experience in Networking and Security, widely in Network Security Products and Firewalls.
  • Firewall installation, Policy implementation, NAT translation and System Software Upgradation of existing Firewalls.
  • Expert Level Cisco ASA, Palo Alto, Check Point and Juniper SRX Firewalls Administrator.
  • Involved in Project planning, Product Migration, Project handovers, perform maintenance and backup for the security products.
  • Wide knowledge on cisco Iron port for URL filtering based on categories and for http & https traffic redirection via cisco IronPort.
  • Monitor industry warnings and messages for all system patches, virus activity, and upgrades to maintain the overall information security integrity of the enterprise. Inform and recommend course of action to information security management.
  • Security Policy setting & configuration as per the security requirement in various segments
  • Palo Alto Network Security Device Administrator: Administration of Palo Alto Network Device, Configuration of New Access Policy, Firewall Rules, QOS Rules, User ID agents, Treat Policy. Monitoring the network traffic via wire shark network analyser tool. Creation new Internet access policy for the global network, Trapshooting the internet filter, firewall, OOS.
  • Worked extensively on firewalls and VPN gateways Checkpoint, Blue Coat Web Gateway, CISCO, Juniper, FortiGate and Shell.
  • Cisco switches and routers, LAN networks, VPN configuration, IPsec, PPTP VPN tunnel configuration for the client.
  • Deploying and support Cisco VOIP (Call Manager, Unity Connections and CUPS) and Cisco IOS voice gateway.
  • Hubs, Bridges, Routers, TCP and/or IP protocols, Addressing, Flow control
  • Analysing and troubleshooting network problems and Application slowness issues.
  • Configuring F5 Load balancer LTMs and GTMs to isolate traffic from the web servers.
  • Providing support and troubleshooting the network Problem for the client.
  • Implemented Positive Enforcement Model with the help of Palo Alto Networks.
  • Innovated with support of Palo Alto for remote and mobile users and for analysing files for malware in a separate (cloud - based) process that does not impact stream processing.
  • Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP
  • Assist customer team with the design and placement of Palo Alto Networks devices.
  • Installation, configuration and maintenance of Palo Alto, Cisco ASA 5500, Juniper SRX Firewalls.
  • Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
  • Deploying and support VOIP services with Cisco call manager express/CUCM.
  • Hands on experience on Power over Ethernet (POE) and Ether Channel.
  • Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
  • Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
  • Design, implementation and support for network security technologies and products (WAF, Cisco ISE, AMP, Firepower, etc.)
  • Optimizing and efficient use of policies in Palo Alto-5020 and FortiGate 311B Firewall v5.2.3.
  • Experience in configuring Client-to-Site VPN using IPSEC VPN on SRX series firewalls
  • Migrated Core Internal Network from Core Switch to Palo Alto Firewall and configuring Generating User Activity and Application Reports on PA5020 Firewalls.
  • Managed implementation of Cisco IOS zone-based firewall to perform basic security operations on the network.
  • Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.

TECHNICAL SKILLS:

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series -2k,5k,7k

Palo Alto PA3050, PA: 5050, CISCO ASA 5500, Checkpoint

Routing Protocols: RIP v1&v2, BGP, OSPF, EIGRP, HSRP, VRRP, GLBP, FTP, SMTP, SNMP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN.

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS.

Remote access and siteto: site IPSec VPN, IPv6 transition techniques viz. Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Packet Tracer, Wire Shark, Solar Winds, What s Up IP, Nagios and Fluke Networks

Networking: TCP/IP, OSI Model, Socket Programming, LAN/WAN, Switches and Routers, IPV4/IPV6 Addressing & Subnetting, Ethernet, STP, VLAN, Trunking, DNS, DHCP, NAT, ACL, HTTP, ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS Web Services (REST & SOAP), Windows Servers 8 & 12

Tools: GNS3, Packet Tracer, Solar Winds, What s Up IP, VMware Workstation, Wireshark, Nagios and Fluke Networks

Languages: C, Python

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

DOCSIS: Cisco, RCA, Com21, GI, 3Com, Samsung, and Toshiba

DLP: Websense, Symantec & McAfee

Cloud Environment: Amazon AWS

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Sr. Network Security Engineer

Responsibility:

  • Configuring, Administering and troubleshooting the Palo Alto, ASA and Juniper firewall.
  • Investigate security incidents, troubleshoot, resolve and recommend actions needed to resolve vulnerability issues.
  • Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
  • Experience in working on the Quarterly maintenance windows for failover, reboot of Checkpoint next-generation firewalls and Palo Alto firewalls, as well as other security devices
  • Administer policy settings and upgrades to Forcepoint Triton APX Web, DLP, and Email applications
  • Experience on working on Checkpoint firewall IDS/IPS module for setting up the upgradation of new signature patterns and monthly reporting for auditing purpose.
  • Responsibility is implementation and troubleshooting for Cisco Firewall, Fortigate, Cisco WLC, Routing and Switching, VPN, ISE.
  • Principle SME that successfully led, developed, trained and optimized 64-person military team, as the sole civilian expert. Designed to be fully functional and compliant to operate as a self-contained cyber mission team
  • Analyse/configure different firewall devices - Palo Alto, Cisco, Checkpoint, Imperva
  • Design and implementation of Twenty F5 ASM to replace Imperva WAF.
  • Migration of bluecoat environment for different departments
  • Monitor performance, availability and health on Cisco, Bluecoat, Riverbed and F5
  • Network Analyst SME, Mentor. Responsible for program management and analysis of petabytes sized network data sets utilized for operational and strategic decision-making
  • Managing Cisco ASA 5585, 5555, 5545 series, upgrade and maintain security policies
  • Responsible for installation, configuration of Palo Alto using Panorama
  • Perform networking solution at data Center for Bluecoat Proxies.
  • Performing migration from old network to a new network of millions of users.
  • Provide on call support with network operations teams resolving incidents
  • Deployed Paloalto-7000 series device to the production environment, managed them via Panorama.
  • Worked on the migration of ASA firewalls to Palo Alto firewalls, in cloud environments.
  • Performed code upgrades on the ASA 5585, 5555 series
  • Worked on splunk to gather generated logs for the firewalls, to maintain application flow on firewalls
  • Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
  • Creating NATs as per user’s requirement to getting access for different servers like internal firewalls, DMZ firewalls.
  • Monitoring and Troubleshooting ISE
  • Internet firewalls and also worked on Splunk for troubleshooting.
  • Migrate management, host and transit interfaces of the firewalls to new IP, without affecting data traffic.
  • Migrate NAT rules with counter NATs as per the new IP request
  • Participate daily scrum meetings, maintain project flow to meet deadlines.
  • Migrate and configure Juniper firewalls to Palo Alto using Panorama
  • Setup Global Protect VPN in the production environment, test and maintain VPN firewalls
  • Create and run the automation script to push configuration into the firewalls
  • Maintain definitions in bluecoat proxies, with Splunk integration.
  • Creating Perform and fulfil service now request for Port service, create policies and migrate rules to new subnet
  • Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers .
  • Worked with applications transport protocols SSL, IPSEC, DNS, NTP, SSH, LDAP, RADUS, TACACS+ and AAA on ASA Firewalls

Confidential, Mechanicsburg, PA

Network Security Engineer

Responsibility:

  • Device managing - Palo Alto firewalls (5000, 2000, 500 series) with centralized manage server panorama. Checkpoint (R65), ASA 5520, VPN, Bluecoat proxy, ISA server, Certificate authority, Proventia IBM IPS with Site protector, tipping point with SMS, PIX-535, MacAfee vulnerability manager.
  • Involved in Migration of Check point to Palo Alto firewalls.
  • Installed, operated and supported Mcfee Epo, CA-Etrust console, Symantec Endpoint Protection Manager Console, SOPHOS, TrendMicro. Antispam Brightmail, Symantec Mail Security, Cisco Ironport.
  • Migrating Bluecoat proxy with Palo Alto captive portal solution.
  • Design, Deploy, and Configure Cisco ISE (Identity Services Engine) in multiple environments.
  • Replaced different locations Cisco IOS hardware as well as physical firewall hardware structure with Meraki MX firewalls and MS switches solutions.
  • Worked with Websense ACE to safeguard network resources, define rules for custom filters and provide real time security updates
  • Responsible for installation, troubleshooting of firewalls (Cisco firewalls, Imperva Web app Firewalls, Checkpoint firewalls and Juniper firewalls,) and related software, and LAN/WAN protocols
  • Implementing and troubleshooting Blue Coat Proxy SG-x appliances.
  • Managing Bluecoat proxy devices and IDS, IPS devices. Migration of forward proxies to the centralized Director product, configuring the reverse proxy for the content analysis system (CAS) for newer application.
  • Responsible for designing, implementing, upgrading, and troubleshooting Blue Coat Proxy SG-x appliances.
  • Deploy and manage Forcepoint firewalls, CISCO ASA 5500 and Palo Alto
  • Manage Forcepoint SMC (156 firewalls)
  • Responsible for the implementation, documentation, and day-to-day support of the Imperva Database Firewall.
  • Up gradation of Proventia IBM IPS firmware and Palo Alto firewalls.
  • Exposure to wild fire advance malware detection using IPS feature of Palo Alto
  • Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature.
  • Hands on experience working with products like Checkpoint R77 Gaia and Palo Alto Enforcement Points and P1, TACACS+, F5 LTM and GTM, Crossbeam, SPLAT, Infoblox, SGW, ACME Packets, A10, Cacti, Bluecoat Proxy SG and packet sniffers.
  • Experience with Websense filtering service for selectively filtering unwanted internet requests traffic
  • Worked on checkpoint firewall SMARTEvent Intro module for generating monthly IPS reports
  • Experience on working with SIEM tool LogRhythm on adding the newly build windows and Linux log servers and creating policies for different alerts
  • Deployment of Palo Alto 5000 series firewall and checkpoint 12000 series firewall
  • Worked on Python scripting for generation the firewall security policy through web visualization tool in checkpoint firewall
  • Conducts and assists with vulnerability scanning, penetration testing, application security testing, risk assessment and risk consultation with other teams and business units.
  • Building configurations for Juniper MX 2010 and MX 2020 routers with features like port security, VLANS, VTP, PVST+.
  • Upgrade the Cisco ISE nodes to release versions required by the phase of the project and add nodes to the Cisco ISE deployment.
  • Configuration of Juniper SRX series firewalls for outbound traffic via blue coat proxy server.
  • Implemented inter-VLAN routing (on Juniper EX 3300 and EX 3400 switches) among the VLANs to allow communication on larger internetworks.
  • Monitor and investigate security incidents and alerts with arcsight, FireEye, Palo Alto, SourceFire and McAfee EPO.
  • Modify and implement ACL changes on Client routers and assist the user when there are any issues using Network Authority. Authentication to this is also done through TACACS.
  • Written firewall rules in support of application migration from F5 to A10 load balancer
  • Implemented extended ACLs on Juniper SRX and 3750 to allow communication between the required networks, and to restrict other communications.
  • Implemented various routing protocols such as RIP, EIGRP, and OSPF on Juniper MX routers; also taking care of issues such as discontinuous networks.
  • Analyzing the vulnerability alerts triggered in Arc sight and tune the polices in IPS and firewalls.
  • Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
  • Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
  • Palo Alto design and installation for Application and URL filtering
  • Configured and troubleshot Palo Alto firewall using CLI.
  • Assisting end user operations staff with technical support for Fortinet products
  • Cisco ASA and FWSM, Fortinet FortiGate; F5 AFM, A10 WAF, IDS/IPS systems, and general knowledge of security features and protocols
  • Monitor and run Cisco ISE reports/audits and work with security team to locked down or allow unknown devices that are found on the network.
  • Scanning the servers and hosts using MacAfee found stone manager and analyze the vulnerabilities.
  • VPN creation (Site to site, SSl, RA VPN) and troubleshooting.
  • Managing PKI servers
  • Cyber Security assessment using traffic analysis tools (i.e. WireShark, TCPDump, etc.)
  • ISA server manages.
  • Ability to configure and monitor security tools such as security information and event management (SIEM).
  • Migration of PIX to ASA firewalls.
  • Preparing monthly SLA report and availability reports.

Environment: Cisco Routers:2600, 2800, 3600and 7200 series, Cisco Switches: Cat 3560,3750,4500 and 6500 series; Cisco PIX 525,535, ASA 5510, 5520, 5540, 5550, ASDM, Cisco VPN 3000 Series Concentrator and FWSM module Firewalls; Palo Alto, Check Point, WSA Firewalls, Routing protocols RIPv2, EIGRP, OSPF and BGP; TCP and/or IP protocols, Switching Protocols STP, VTP, RSTP and VLAN; Firewall Security Protocols like NAT, PAT, IPsec, GRE, VPN; LAN, WAN technologies like Ethernet, Fast Ethernet, Gig Ethernet and Fiber Optic.

Confidential, Windsor, CT

Network Engineer

Responsibility:

  • Responsible to Install, Configure, Manage & Monitor Network and Security Infrastructure.
  • Managed the network architecture consisting of Cisco 3750 stackable and 2960 switches in Core, distribution and access layers.
  • Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote.
  • Experience in working with checkpoint, Palo Alto Next-generation firewall, Cisco ASA and Panorama M-100.
  • Worked on SIEM tool LogRhythm for reporting and data aggregation
  • Experience on working with IPsec VPN, IDS/IPS, DLP, Application and URL filtering on checkpoint firewall module
  • Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
  • Expertise in Installation, configuration, maintenance and troubleshooting of Windows Servers, Hyper-V Virtual Machines and Microsoft Azure instances.
  • Conducted periodic reviews of Checkpoint firewall policies rule base for rules consolidation and cleanup in coordination with stakeholders using Firemon tool.
  • Maintained & monitored Cisco 2500 and 2600 series router.
  • Configured port level security on Switches.
  • Implemented routing protocols like RIP, EIGRP and OSPF.
  • Proficient and SME level operator of Fortinet Products to include FortiManager, FortiConverter, FortiNet, and the FortiGate Firewalls
  • Implemented Router Redundancy Protocols GLBP and HSRP.
  • Implemented VLAN’s on layer 2 and layer 3 Switches.
  • Implemented an efficient IP addressing scheme for organizations using VLSM and CIDR.
  • Responsible for carrying out Network and IOS image upgrade.
  • Well versed with Cisco's IOS operating systems, backup and retrieval of IOS and routing configuration.
  • Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering)
  • Successfully installed Palo Alto PA-3060 firewalls to protects Data Center
  • Implemented Positive Enforcement Model with the help of Palo Alto Networks
  • Exposure to wild fire feature of Palo Alto
  • Implementing vulnerability management Protocols in BCP (Business Continuity Process). Worked with Symantec Data loss prevention, DLP, monitoring and managing
  • Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
  • Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
  • Maintained, configured, and installed Cisco and Juniper routers and switches: 7500/catalyst 6500/RV320/2960/catalyst, 6880/ /12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540.
  • Configured Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
  • Worked on DNS server for maintaining database servers and IP addressing.
  • Good in representing network layouts and designs with Microsoft VISIO.
  • Ensuring the quality of implementation is as per the client and industry standard.
  • Adhering to the client schedules and milestones.
  • Responsible for the up-to-date Network health (wired and wireless) including Security, Performance and Reliability.
  • Full responsibility for the implementation of LAN/WAN and support of IP routing.
  • Performed key role in trouble-shooting hardware, software and network problems to maximize the network performance.
  • Responsible for designing and implementation of VLAN, Spanning Tree Implementation and support using PVST, R-PVST, Trunking and port channels creation.
  • Worked on configuration of Virtual standard and distributed switches in ESXi host which helps in reduction of infrastructural cost.
  • Also worked as an Instructor at NIIT for teaching OSI, IP addressing and implication of routing protocols.
  • Worked on network-based IT systems such as Racking, Stacking and Cabling.

Environment: Cisco Catalyst 3750,3550,4509,6509, 6500, Cisco routers 3650, 4500 and 6500, 7200, Cisco PIX (525, 535), TCP and/or IP protocols, ASA (5505, 5510), Palo Alto, Check Point, WSA Firewall, Routing Protocols (EIGRP, OSPF, BGP), Switching protocols (VTP, STP), Site to Site VPN,LAN,WAN Technologies, Remote Access VPN, Cisco VPN 3000 Concentrator.

Hire Now