- Over 10 years of professional experience in designing and developing software for networks processors, real time networking SMP processors for enterprise solutions.
- Worked on fast-path architecture for layer 3 and layer 4 data path modules including Stateful Firewalls and NAT, Application Level Gateways, WAN protocols and Differentiated Services.
- "Worked on layer 3 and layer 4 attack detection, scanning of attacks and implementation of prevention mechanism for Flood attacks (TCP SYN, UDP, ICMP), smurf attacks (UDP, ICMP), Scans (TCP FIN, NULL, XMAS, PORT), Invalid combination of TCP Flags, LAND Attack Prevention, IP Spoofing, Teardrop, Ping of Death.
- Development experience on TCP/IP Stack on VxWorks and Linux Platforms.
- Worked on Application level gateway framework for applications like FTP, SIP, Real Audio, CuSeeme, MSN Messenger, Instant Messenger, H.323, Net Meeting, DHCP Relay, and DNS Relay.
- Development experience on IP over ATM and Routed Bridge modules for ADI's network processors.
- Worked on Linux based SNORT module integration with Netdevices SMP proocessor and also developing CLI and CMI for this module.
- Designed of VOIP Security features for Linux based Net Devices enterprise solutions
- Working experience on creating Virtual Machines using QEMU for different operating systems to run simultaneously to replay the pcaps for analyzing the captured traffic. Runtime snapshots for these Virtual Machines are used for quick start to analyze the data.
- Self motivated team player with excellent communication and interpersonal skills.
- Excellent troubleshooting, debugging and problem solving skills.
- Making performance oriented design changes for L3 data path modules, Worked closely with the customers to get the requirements and making them implemented.
- Experienced working with business team, Field Application Engineers and Customers. Very adept at utilizing and integrating best practices and leading edge technologies while being aware of business requirements.
Programming: C, Shell Scripting, Multithreading, Socket API and IPCs
RTOS: VxWorks, Linux
Domain specific: TCP/IP, Firewalls, NAT, ALG'S, Http Proxy, DOS Attack Preventions, Differentiated Services, SNMP Agent, Event/message Logger, WAN Protocols, ARP, DNS, FTP, Netfilters, Connection tracking.
Knowledge in: VOIP applications SIP, IDS
Tools: CVS, SmartBits 2000, RedBack Server, Majic Debugger and EPI tools, Chariot Tool, Ethereal, Tornado, Nmap, Tcpdump, Iptest, IP phones.
Working Environments: UNIX, Linux, Solaris and Win 2000/NT
Third Party Software: embedded Mind, tallmaple
Confidential March, 2010-tilldate
Senior Software Engineer
The WSP architecture is a fast-path/slow-path state full architecture. The hardware blocks and the Processing Elements (PEs) in the Classifier block implement the fast path and the Host processor performs the slow-path.
Responsible for developing fast path code, the adaptation of the Linux kernel using net filters etc and the drivers to configure the hardware. The firmware and the software support Linux IP Contracts and ALGs implementing firewall functions etc. The API for the low level blocks is provided such that the integration is facile with any operating system. The software organization is as below and it is color coded to indicate the modules that are modified from standard Linux and the modules that are developed by Posedge.
Confidential Feb, 2008-Feb, 2010
Senior Software Engineer.
Confidential appliances use a multi-stage analysis engine called Confidential Analysis and Control Technology or FACT. FACT detects Web malware and botnets by analyzing real-time Web and network traffic flows. Analysis of dynamic, polymorphic Web malware can be reliably automated to create new signatures, dynamic malware blacklist URLs, extract C&C locations, capture callback coordinates, and confirm Web malware.
Responsible for Malware Input process, User submits URL's or list of URL's for downloading the content, analyzing the content. Analysis engine will start the virtual machine and auto mount to the cdrom and auto plays the ISO file created by the malware input process. Event logger will notify, if any changes on the OS or any application will be notified to the analysis engine.
Responsible for creating Virtual Machines using QEMU for different operating systems to run simultaneously to replay the pcaps for analyzing the content. Runtime snapshots for these Virtual Machines are used for analyzing the content. Different types of runtimes are saved for running VM's in different modes of the appliance.
Responsible for Managing Configuration daemon and management database. The management backplane consists of a daemon process responsible for managing the system's configuration and monitoring state and facilitating communication between different components in the system.
Responsible for implementing SNMP agent handler for FireEye MIB to support configuring the appliance and reading the statistics and other variables from the appliance.
Confidential March,2007- Jan,2008
Senior Software Engineer
Confidential formed specifically with the purpose to enable and protect Unified Communications applications converged voice and data networks. Confidential is a hardened security solution with highly tuned kernel and SIP stack with an enterprise-grade transparent proxy solution to ensure that all IP-PBX and UC server SIP communications comply with security and regulatory policies.
Responsible for understanding the embeddedMIND product and integrating with the redshift internetworking product software. Generating Mind Objects using embedded MIND tool for User interface agents for all the modules supported by the redshift product.
Responsible for implementing the south bound interfaces for all the modules supported by the product. Developing Common management interface APIs and shell scripts for all the modules to manage the configuration information from embedded MIND.
Confidential Jan 2005 -Feb 2007
Senior Software Engineer
Confidential SG Family delivers guaranteed performance and scalability for multiple services through its unique OnePassTM approach for common packet classification and inspection across different services.
Responsible for feature development for NAT port overlapping between Source NAT and Destination NAT and SIP Application Level Gateway.
Responsible for porting Linux based SNORT module integration of IDS module with the reference platforms. And also developing CLI and CMI and datapath changes for this module.
Responsible for designing of VOIP Security features for Linux based Net Devices enterprise solutions.
ConfidentialJan 2000 - Dec 2004
Senior Software Engineer
Confidential processors provides an integrated solution for the emerging next generation Broadband applications by providing Wire Speed Security/VPN (IPSec Framework), Packet Forwarding, Control Functions and WAN Processing including Traffic Management, scaleable, fast path QoS engines, policy-driven bandwidth management, scaleable pipelined flows of security under the control of policy management including stateful firewalls.
Involved in Design, Responsible for Development and Testing of Software for stateless firewall (Firewall filters) and Stateful firewall (Stateful Inspection engine).
Responsible for design, development and Testing of NAT features Basic NAT, Static Source NAT, Static Destination NAT, and Policy Based NAT.
Responsible for design, development and Testing ALG framework and NAT ALG'S for some applications like FTP, SIP, Real Audio, CuSeeme, MSN Messenger, Instant Messenger, H.323, Net Meeting, DHCP Relay, and DNS Relay.
Involved in design and Responsible for Implementation and testing of attack detection, scanning of attacks and implementation of prevention mechanism for Flood attacks (TCP SYN UDP, ICMP), smurf attacks (UDP, ICMP), Scans (TCP FIN, NULL, XMAS, PORT), Invalid combination of TCP Flags, LAND Attack Prevention, IP Spoofing, Teardrop, Ping of Death.
Responsible for design and development of IP over ATM and Routed Bridge modules and integration and testing of IP over ATM, Routed Bridge with the DSL router product.
Worked on developing a solution for Modem failures by restoring the Modem to a saved configuration.
Responsible for design and development of the software for classifying the traffic by marking, metering the traffic to manage and utilize the bandwidth per flow.
Responsible for Designing, implementation and Testing of software for logging device events and generating reports sending to external Log Servers.
Responsible for Design, development and unit testing of authentication module which supports maintaining the user database for different services running on DUT like CLI, HTTP, FTP, HTTP Proxy.
Responsible for developing SNMP MIBS and MIB Handlers for SNMP Agent for Firewall, NAT, QOS, IP over ATM and PPP over ATM modules.
- Master of Computer Applications.
- Bachelor of Sciences.