Sr. Network And Security Engineer Resume
Fort Worth, TX
SUMMARY:
- 11+ years of experience in data networking with Medium and large Enterprise and ISPs.
- Hands on experience in Design, Implementation, Operations, Architecture, Troubleshoot, Maintenance and Deployment of Multivendor Routers, Switches, Load - Balancers and Firewalls in Data centers and Offices.
- Hands on experience in Cloud and Devops model technologies like Jenkins, Git, Docker, Python and Terraform.
TECHNICAL SKILLS:
Domain: Routing, Switching, Security, Load balancers, Automation.
Load Balancers: F5 LTM GTM APM ASM, Citrix-netscaler, Nginx Plus, A10,Appview-X
Routing Protocols: EIGRP, OSPF, BGP, RIP, MPLS.
Other Technologies: IP Sec, GRE, DHCP, VPN, NAT, TCP/IP, FTP, HSRP, QOS, ACLVLAN, STP, ETHERCHANNEL, DNS, GSLB,HTTP Automation, Python Scripting, Devops, GitHUb, JenkinsIBM, Azure cloud technologies, Docker, Kubernetes
Monitoring tools: WhatsUP GOLD, Solar Winds, MRTG, CACTI.
PROFESSIONAL EXPERIENCE
Confidential, Fort Worth, TX
Sr. Network and Security Engineer
Platforms used: Palo Alto, Cisco ASA, F5, Netscaler, Nginx Plus, Appview-X, Cloud, Devops
Responsibilities:
- Analyze, design, implement and maintain the network Load Balancer infrastructure across four data centers with F5 LTM, GTM DNS, APM, ASM, Citrix Netsclaer, NGINX-Plus.
- Configuring and maintaining Static,OSPF,BGP routes on L3 devices for load balancer infrastrure.
- Analyze networks to find vulnerabilities and capacity issues to meet PCI audit compliances.
- Creating policies, NAT on firewall Palo Alto as per customer requirement.
- Daily change management tools using Archer, Service Now and internal tools.
- Deploying templates, object creations,Rule changes on Palo Alto firewalls.
- Working with risk team and Vulnerability managemen team for PCI Compliance for firewall change approval process and Security Policy creations as per Zone basis.
- Deploy new software load balancer Nginx Plus on-premise in various data centers and migrating EOSL F5 LTM to Nginx-plus.
- Designed and Implemented the NGINX+ solution by tightly integrating Devops model with with GIT, Jenkins, Docker.
- Deliver applications and services at high velocity by automate the engineer tasks using DevOps model Github with CI/CD capabilities and jenkins, infrastructure automation tools and orchestration.
- Automate the configuration tasks and SSL certificate renewals using scripting like python.
- Offer architecture/ engineering expertise for new implementations, cloud environment, integrations, and project designs.
- Troubleshooting by packet flow and packet capture diagnostics to reverse engineer web http applications.
- Coordinate with multiple managed service providers using standardized engagements.
- Determine specific network hardware or software requirements such as platforms, interfaces or routing schemes.
- DNS functionality setup with F5 GTM for global system load balancing and Infoblox solutions for IPAM DHCP and DNS.
- Implementing and testing centralized management tools like appviewX, BigIQ, dynatrace, nginx controller for load balancer solutions.
- Create ASM policies to protect from attacks like Cross-site scripting,DDos, OWASP etc
- Engineer and onboard new applications in Azure
- Migrating applications from AA datacenter to Azure Cloud platform
- Confgured Azure Cloud load balancer and Avi networks software load balancer for application infrastructure.
- Create Load balancer FrontEnd IP, BackEnd Pool, Health Probe, SNAT, rules on Azure Cloud load balancer.
- Coordinate with network team and cloud team for Azure load balancer infrastrure.
- Working with other teams for different cloud environments IAAS, PAAS and SAAS Azure and Google.
- Set up SAML SSO with F5 APM
- Part of cisco anyconnect vpn setup for AA enterprise network
Confidential, Redmond, WA
Network Security Engineer
Platforms used: Cisco ASA firewalls, checkpoint firewall, Juniper Netscreen and SRX firewalls, Juniper NSM, Cisco Nexus Switches 3k,5k and 7K,cisco IOS based Switches 4500,6500,F5 BIG IP load balancers and Netscaler devices.
Responsibilities:
- Understanding customer's technical requirements and map those to a technical solution.
- Part of the team for deploying new devices, upgrading production devices and decommissioning existing devices.
- Migrating and upgrading EOL software router switches and moving from one data center to another.
- Configuring and troubleshooting OSPF,BGP routes, ip helpers on routers as per customer requirement
- Configuring and troubleshooting STP, ether channel, vlans, trunks, VPC on switches as per customer requirement
- Configuring and troubleshooting security policies and implementing NAT and ACL’s on routers and netscreen, SRX firewalls, Checkpoint firewalls.
- Configuring global objects, firewall policies on checkpoint and reviewing firewall rules as per user requirement.
- Reviewing checkpoint logs and analysing the security attacks based on traffic flow
- Testing firewall changes in LAB device before implementing on production
- Implementing Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) to protect application servces.
- Investigating implementation of failure tickets and resolving within SLA.
- Configuring vlans,virtuals,pools,monitors,profiles,snat,snatpool,high availability (failover) on F5.
- Configuring Irules as per customer requirement and co-coordinating with escalation team & F5 TAC for support on irule scripting.
- Configuring and renewal SSL certs for virtuals on F5
- Worked on Shell Scripts for pushing, sorting and backing up the configuration of network devices from FTP Server.
- Configuring system entities, vlans,service monitors, load-balancing virtual servers,,high availability (failover) on netscaler.
- Configuring access control lists, RNAT, Content Switching VServers on netscaler.
- Installing and renewing SSL certs and SSL offload on netscaler.
- Network documentation using MS Visio 2010.
- Creating knowledge base / Standard operation procedure (SOP)
- Performing RCA (Root cause analysis) for critical incidents and documenting the same.
- Troubleshooting the issues by packet capture with tcpdump, wireshark
- Participating in the CAB (Change Advisory Board), to highlight risk attached to a change (Architecture or major changes), and resolving queries of clients.
- Train team members through both formal and informal training programs.
- Managing Network which consist More than 2000 Nodes and providing 99.99% of Uptime to the Services/Network.
Confidential
NOC Engineer
Responsibilities:
- Implementation of VLANs, Inter-VLAN Routing and Providing Security in Switched Network.
- Designing and configuring the network for new clients with redundancy connectivity.
- Monitoring the WAN Links using WHATS UP GOLD, Solar Winds, and Loriot Pro.
- Interaction with ISPs in case of outage of Wan Links.
- Involved in Configuring Advanced Routing Protocols (OSPF).
- Configuring static and default routes in Routers and Firewalls.
- Creating VLANs, Propagating VLAN Configuration with VTP.
- Configuring VLAN Trunks using ISL & 802.1Q.
- Implementing RSTP,Link Aggregation with Ether Channel.
- Mitigating Layer 2 Attacks (CAM table Over Flow, MAC address Spoofing & DHCP Starvation).
- Installation of Router IOS and Backup of IOS image.
- Managing and configuring WiMaxAperto EMS (NMS)
- Provisioning Sectors & SS in EMS, adding profiles for Sectors & SS in EMS, assigning frequency and channel Bandwidth in BSR, firmware upgradation
- Supporting High Volume, high revenue impacting operations, 24*7 setup, focusing on failsafe network.
- Troubleshooting over Customer Query Calls, from a Sophisticated corporate to an Individual Customer
- Managing corporate Checkpoint Firewall implementing security rules and mitigating network attacks.
- Deploying Site to Site and Client to Site VPNs utilizing Checkpoint Firewall
- Configuring NAT on Checkpoint
- Code upgrade on checkpoint firewalls
- Configuring scheduled backup for checkpoint firewalls
- Installation and administration of Checkpoint R 75.40 Firewall