We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

Sanjose, CA

SUMMARY:

  • Cisco Certified Network Engineer with 6years of professional experience, performing Network analysis, design, implementing, capacity planning with focus on performance tuning and support of large Networks.
  • Experience in Cisco Routing and Switching using 3600, 3700, 3800, 5300, 6500, 7200, 7600, Nexus 9K,7K, 5K, &2K, ASR 9000, 1000 series routers.
  • Experience in configuring and troubleshooting of static and dynamic routing protocols such as RIP v1/v2, EIGRP, OSPF, IS - IS BGP and MPLS.
  • Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
  • Worked with IPSEC VPN and B2B VPN design connection and protocols, IPSEC tunnel.
  • In-depth knowledge and hands-on experience on OSI model, TCP/IP, Subnetting, VLSM, ARP, reverse & proxy ARP, Ping Concepts.
  • Worked on NX-OS, IOS, IOS-XR BXB to N7K-NX-OS (MPLS) system test.
  • Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment.
  • Expertise in Data Center Core layer, Access layer, Aggregation layer, Services layer.
  • Strong work experience with MPLS, VPN, WLAN and Multicast technologies.
  • Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
  • Advanced knowledge installation, configuration, maintenance and administration of Palo Alto firewalls, Panorama, Checkpoint, Fortinet Firewalls.
  • Good knowledge of SNMPv3, Syslog, Net flow management protocols
  • Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using Wireshark protocol analyzer and recommended solution for better performance.
  • Configure Palo Alto Networks Firewall models (PA-2K, PA-3K, PA-5K etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
  • Network monitoring and testing from Operation Centre (NOC) from a network management perspective.
  • Good knowledge on DMZ zone-based security configuration on Cisco routers.
  • Experience in configuring Layer 2 protocols in Alcatel Lucent Switches.
  • Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
  • Network security including NAT/PAT, ACL, IDS/IPS, and Cisco PIX, ASA/ Firewalls.
  • Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
  • Proficiency in monitoring and analysing the load balancing of network traffic using Wire shark and Solar Winds and Net flow.
  • Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP
  • Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.
  • Automated network implementations and tasks and designed monitoring tools using python scripting.
  • Scripting for automation of processes for Windows Servers. Familiarity with main script languages like Power Shell, PHP, Shell, Perl, Python.
  • Experience in Physical cabling, IP addressing, configuring and handling network failure issues.
  • Excellent communication and interpersonal skillswith excellent problem-solving capabilities.
  • Demonstrated experience with IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.

TECHNICAL SKILLS:

Cisco Platforms: Nexus 9k,7K,5K,2K & 1K, Cisco routers (7600, 7200, 3900,3600, 2800,2600,2500,1800 series & Cisco Catalyst switches (6500,4900,3750,3850, 3500, 4500,2900 series) ASR1001,2900,3900,7200,7600 & ASR9000 series

Juniper Platforms: MX, EX series Routers and Switches

SMTP, VLAN, Inter: VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.

WAN Technologies: MPLS, VPLS, Frame Relay, PPP, HDLC, (E1/T1/E3T3), DS3, OC192

Network Security: Cisco ASA, Juniper SRX.

OS products/Services: DNS, DHCP, Windows (2000/2003/2008 , XP), UNIX, LINUX

RIPv2, OSPF, EIGRP, IS: IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing

Gateway Load Balancing: HSRP, VRRP, GLBP

Various Features / Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP.

Network Management Tools: Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP open view

Load Balancers: F5 Networks (Big-IP) LTM 6400

IKE, IPsec, SSL: VPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, and GLBP. TACACS+, Radius, AAA, IPv4 and IPv6.

Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, 7, 10), Linux.

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Firewall & Security: Checkpoint (NGX R65, R77-80), Cisco ASA, Palo Alto, ASA 5505 Firewall, Juniper Net Screen firewall

Languages: Perl, C, C++, SQL, HTML/DHTML, Python scripting

PROFESSIONAL EXPERIENCE:

Confidential, Sanjose, Ca

Sr. Network Security Engineer

Responsibilities:

  • Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
  • Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions Configured VLAN’s, Private VLAN’s.
  • Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
  • Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
  • Good knowledge on analyzing the sip traces on Avaya SM and Audio Codes syslog client for Audiocodes SBC.
  • Configuration and troubleshooting of EIGRP, OSPF, BGP, CSM, integration with ASA devices.
  • Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment. migration path from current ASA to next gen Palo Alto firewall.
  • Experience with SAN switches (Cisco and Brocade) and optical Ethernet switches (Dell, Brocade, and Mellanox). configuration of ECMP- OSPF on both Nexus and Palo Alto, moved several Server VLANs (SVI) interfaces from Brocade core to Palo Alto.
  • Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
  • Providing support to various Aerospace COEs to provide Cyber Security, standards before sending products out to customers.
  • Implementing VoIP solutions using SIP & H.323, also have sound knowledge of Avaya VoIP product.
  • Involved in Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter VLAN routing, LAN security etc.
  • Helped author a Cyber Security,Guidelines document for Aerospace COEs, Lead plugin developer for an internal Python framework for penetration testing
  • Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
  • Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018, FCOE using Cisco nexus 5548.
  • Experience working with Nexus 9k, 7K, 5K and 2K.
  • Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
  • Work Experience on Avaya Aura CM 6.2, 5.2, Aura System platform, SMGR, Session Manager, Avaya Experience Portal 6.0 And Aura WFO (ACR & QM).
  • Implemented site to site VPN in Juniper SRX as per customer. Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
  • Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
  • Configured rules and maintained Palo Alto Firewalls & analysis of firewall logs using various tools.
  • Design for Guest Network and Mobile Access Network for NAC Solution, comprising of a Wireless LAN Controller solution in DMZs/Internet Gateways with Cisco ISE Appliances for NAC.
  • Implemented site to site VPN on Cisco Meraki MX64, MX65, MC84, and MX400. Implementing Cisco Meraki Wireless network.
  • Helped support Cyber Security,tasks to certify airborne products
  • Configured and troubleshooting Aruba Wireless products like Access Points and Mobility Access Switches.
  • Performed site refreshes on Cisco switching and Aruba wireless infrastructure.
  • Hands on experience in Aruba S2500 switches, Aruba 7200, 3600 serieswireless controllers.
  • Experience using Identity Authentication technologies, including Active Directory, LDAP, RADIUS TACACS, RSA, 802.1X, NAC, and token-based systems.
  • Design, and configuring of OSPF, BGP on Juniper Routers and SRX 5400/5600Firewalls
  • Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
  • Configure various LAN switches such as Cisco catalyst 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
  • Proficiency with Cisco security SDM, NAT/ACLs, AAA, Layer 2 security, Layer 3 security, IPS/IDS, Cryptography, VPN, IPsec.
  • Provided host based and network based analysis for Cyber events generating comprehensive incident reports
  • Experience in managing and migration of large scale enterprise networks, extensive knowledge in developing test plans, procedures and testing various LAN/WAN products and protocols
  • Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP
  • Manage Network capacity in cooperation with the Network Operations Center (NOC)
  • Worked on Datacenter Migration project to migrate the existing 6509, 4509 devices to a Nexus 7010, 5010 and Nexus 2248 FEX based solution.
  • Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
  • Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
  • Configured EBGP load balancing and ensured stability of BGP peering interfaces
  • Conducted on site QOS testing and prepared reports for the engineering team on ways the networks could be improved
  • Handpicked from 152 colleagues to develop and deliver training pipeline reports that informed space Cyber defense stakeholders
  • Designing, Implementing and Troubleshooting Cisco Routers and Switches using different routing protocols like RIP, OSPF, EIGRP, BGP, ISIS & MPLS L3 VPN, VRF.
  • Implement LAN protocols like STP, RSTP, VTP, VLAN and WAN protocols like Frame relay, PPP, port channels protocols like LACP, PAGP.
  • Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.

Environment: Cisco 3640/1200/7200/3845/3600/2800/2600/3500/7613 Routers,Cisco 3750/3550/3500/2960/4500/6500 Switches,LAN,WAN,EIGRP,OSPF, BGP,F5 Load Balancer, Avaya Communication Manager VTP, Cyber Security, VLAN,HSRP,HTP,IPV4,Nexus 5K,7K,LTM,GTM, Palo Alto 3000, 5000 series, Routing Protocols (EIGRP, OSPF, BGP), ASA, Cyber Security engineering.

Sr. Network Engineer

Confidential, Atlanta, GA

Responsibilities:

  • Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E.
  • Worked on OSPF, BGP and EIGRP routing protocols, sub-netting, NAT, DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP, RTSP & Multicasting protocols
  • Design and implement Catalyst/ASA Firewall Service Module for various LAN’s.
  • Designed 10 gigabit networks using Cisco Nexus 7000 series switches, Cisco 3800 series routers
  • Worked on Cisco ASA 5580, Juniper NS5400, SRX550
  • Deploy and support network load balancers, such as F5 LTM/GTM and configuration (Profiles, I Rules) of F5 Big-IP LTM-6400 load balancers.
  • Configured Alcatel Lucent switches as per the requirement of the customer and used layer 2 protocol like STP to avoid loops.
  • Perform vulnerability assessments of Systems/Network device. Working knowledge of some Security ,tools like Cyber Ark, IDS/IPS, SIEM, PIM, Cisco ASA Firewalls.
  • Deployed and managed Cisco Meraki products SD-WAN including Cisco Meraki Security Appliances (MX25, MX450, MX400, MX600 and MX100), Cisco Meraki switches and Cisco Meraki Wireless Aps (MR84, MR74, MR52).
  • Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
  • Supported corporate enterprise Avaya PBX with internal customers.
  • Built B2B VPN connections to 3rd party vendors for access to branch facility and Data Center applications.
  • Configuration, troubleshooting of Palo Alto Firewalls - PA200, PA2K, PA3K, PA4K and PA5K series as well as a centralized management system (Panorama) to manage large scale firewall deployments.
  • Created VSYS Builds from ASA to Palo Alto Panorama Database Zone, Access Zone.
  • Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
  • Experienced Professional as an IT Security , Professional in IT Infrastructure, Vulnerability, Risk Security ,SOC Analyst, SIEM, Information Security , and Cyber Security ,
  • Provide Design, Troubleshooting, and Support regarding the following for LAN (Ethernet, Ether-Channel, STP, 802.1q, trunks, VTP, Private VLAN, SPAN) Tier 2 and 3 Support Onsite and Remotely for over 200 Sites in the Dallas Fort Worth Area with the following support for (Cisco Router and Switches, HP Switches, Dell Switches, VOIP PBXs, Cisco Wireless Access Point) to the ongoing support for the following groups (Data Center NOC, Help-Desk NOC, and Customer Support/ End-User).
  • Designed, implemented, and troubleshot Avaya Converged Solutions - Avaya Media Gateway's G450, G430, and G650 Avaya Call Manager platform v. 6.0-7.0.
  • First command to pass Navy Cyber Security ,inspection with score of 87%. Previous 6+ commands achieved less than 70% scores.
  • Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /WAN
  • Involved in the deployment of Content Delivery Networks (CDN).
  • Experience working with Network-attached storage (NAS) to provide Local Area Network (LAN) nodes with file-based shared storage through a standard Ethernet connection.
  • Monitoring and configuring Cisco 7600 routers and replaced old 6500 and WAN routers from DR testing site Confidential data center.
  • Wrote standards based on the Cyber Security ,Framework (CSF) applying ISO 27001, HIPAA and PCI for information Security , and privacy.
  • Provide remote BU training for Avaya IP Office support,
  • Implementing 3750 Stackable switches using Cisco Stack Wise technology. Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow.
  • Involved in Firewall Policies implementation to meet access requirements of various teams. Worked on Cisco ASA/Juniper SRX Firewalls primarily with tasks involving policy changes, policy management as per vendor/client requirements add/design policies management with proposed solution upgrades to corporate Avaya PBX and Avaya IP Office systems regularly.
  • Lead Cyber Security ,Program Manager for the Surgeon General's Office.
  • RMF accreditation, Cyber Security engineering , ITPM for Tele-medicine technologies being delivered to the special operations forces.
  • Used Fluke tool for monitoring WAN (both MPLS & ST) traffic and Wireshark for LAN traffic.
  • Working Knowledge on wireless devices (5508,7500 WLC Controllers and 2500,3600,3700 Access points.
  • Worked on Solar winds Orion for analysis and monitoring purposes.
  • Performing SIP protocol packets flow using Wireshark.
  • Cyber Security engineering consulting, accreditation packages, and business development strategy consulting to emerging technology companies bringing technologies into the DoD.
  • Proposal development and capture management through the submission process for various Cyber Security technologies/customers.
  • Configuring VDC, VPC and FCOE, upgrading NX-OS for Nexus Family Switches.
  • Experienced in Palo Alto Firewalls, Juniper Firewalls, Checkpoint firewalls, Fortinet Firewalls, Cisco WSA/CWS, Cisco ASA, SSL VPN, Cisco Nexus, Cisco ACS, Cisco ISE and IPS.
  • Provided proactive threat defence with ASA that stops attacks before they spread through the network.
  • Maintaining and troubleshooting SAN backup networks.

Environment: Cisco 3640/1200/7200/3845/3600/2800/2600/3500/7613 Routers,Cisco 3750/3550/3500/2960/4500/6500 Switches,LAN,WAN,EIGRP,OSPF,RIP,BGP,Avaya Administration Nexus Citrix VLANS, SNMP, NAT, Cyber Security, It Security, Network Security,Cisco IO, HSRP, VLAN Avaya Communication Manage Palo Alto 3000, 5000 series.

Network Engineer

Confidential, CO

Responsibilities:

  • Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall
  • Deploying Cisco routers and switched such as 7200, 3800, 3600 and 3500, 4500, 5500.
  • Implemented TCP/IP,TFTP and related services like DHCP/DNS/WINS
  • Check for DNS issues by pinging the server’s name. Experience with Wireshark, Test TCP& OPNET
  • Escalating customer problems to management and support groups utilizing standard escalation model.
  • Provided installation and initial user configuration of Nexus switches Confidential the data center and providing IP addressing and different user session priorities on the switch.
  • Remote diagnostics and maintenance of Avaya switches, applications & peripherals Projects
  • Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
  • Correlates call issues with WAN performance for advanced troubleshooting
  • Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices
  • Configured and maintained SSL VPN, IPSEC VPN on ASA, Palo Alto and SRX series firewalls, Site-to-Site VPN between ASA Firewall and router
  • Lead engineer, in replacing Fort Benning military base LUCENT 5ESS central office switch with Avaya S8710
  • Responsible for Data Center Migrations and its operations.
  • Secure authentication, redundancy and troubleshooting issues on BIG-IP LTM, ASM, APM and edit policies on F5 network access control.
  • Avaya 96xx/46xx series phone configuration & training Configuration of multiple tenants/locations on Avaya each with their own ARS
  • Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
  • Experienced in configuring Cisco ASA firewalls in various contexts and modes to have the network secure.
  • Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN.
  • Experience in migration from Cisco infrastructure to Juniper MX routers and switches such as EX and QFX-3500, QFX-5100
  • Implement changes to the firewall rule base, network routing tables and ACL to allow only authorized users to access the servers.
  • Created security policy according to user’s requirement in Cisco ASA-5580, Juniper-SRX-5800 and ISG-1000 Fire-wall using CLI & GUI.
  • M.A.C. on Avaya CMgr, Aura Voicemail & CMS R15/16/17 Avaya 96xx/46xx series phone configuration & training
  • Avaya One-x Communication & One-x Agent configuration & training, TDM and SIP Trunk configuration, maintenance testing
  • Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a data centre access architecture
  • Installed Juniper firewalls to replace existing Firewalls which increased network uptime.
  • Experience in Layer 3 Routing protocol configurations: EIGRP, OSPF, BGP.
  • Worked as senior engineer with Avaya System PHI migration, merging Voicemail system, custom dial planning.
  • Designed and deploy various network security & High Availability products like Cisco ASA other security products
  • Coordinate and perform VPN Lan2Lan as well as Remote VPN and Firewall security policies as well as NAT Configurations.
  • Implemented Security policy by Configuring PIX firewalls.

Environment: Cisco 2600/2800/3600/3800 Routers,Cisco 2950/3700/6500/7613 switches,Firewall,RIPv2,OSPF,BGP,EIGRP,LAN,WAN,MPLS ,Avaya GXXX Media Gateways , VLAN, Trunking, ATM, PPP.

Network Engineer

Confidential

Responsibilities:

  • Develop and implement strategies to support the current and future needs of the company.
  • Configured Cisco 2600/3600/7200 series routers using RIP, OSPF,EIGRP and tested authentication.
  • Worked extensively on Checkpoint firewalls for analyzing firewall change requests and implementing changes into existing firewall policies, maintaining security standards
  • Troubleshooting complex Checkpoint issues, Site-to-Site VPN related. Performed upgrades for all IP series firewalls from R75-R77.
  • Migrated the rules from Checkpoint firewalls to ASA firewalls
  • Good Experience on Avaya Contact Analyzer to get different type of historical reports as per customer.
  • Identifying technical problems and debugged hardware and software related to LANs/ WANs.
  • Implemented redundancy in BigIP F5 loads balancers to provide uninterrupted services to clients.
  • Implementing and configuring F5 LTM for VIP and Virtual servers as per business needs.
  • Switching related tasks included implementing VLANS, VTP and configuring ISL trunk on Fast - Ethernet channel between switches.
  • Taking scheduled backups for CM, AAM/MM, CMS as per the Avaya projected.
  • Configured and implemented Nexus 5K and 2K in lab environment
  • Created network diagrams under senior supervision using MS VISIO.
  • Resolved all computer related problems, monitored and maintained system functionality and reliability by identifying ways to prevent system failures.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960/6500 switches and Cisco 3640/ / 00 / 2800 routers, Cisco Nexus 7K/5K, Palo Alto, Cisco ASA 500, SolarWinds, BGP, EIGRP, LAN, WAN, VPN, HSRP, WAP 561, WAP 571, 1850i, 2800i, 3800e.

Hire Now