Sr. Network Security Engineer Resume
PROFESSIONAL SUMMARY:
- Over 8 years of experience in providing solutions, implementation, configuration and troubleshooting of Cisco Routers and switches, fine tuning of firewalls, VPN configuration, troubleshooting network related problems in Enterprise Network.
- Experience in configuring Cisco switches and Cisco routers and F5 Load Balancers. Experience with various LAN and WAN technologies and protocols like: - TCP/IP, VLAN, VTP, STP, EIGRP, OSPF, BGP, IKE/IPsec VPNs, NAT and access list.
- Knowledge and experience on Protocols such as TCP/IP, SNMP, ICMP, NAT, PAT, Firewall technologies including general configuration, security policy, rules creation and modification of cisco ASA and Palo Alto.
- Experience in addressing Cisco infrastructure issues, monitoring, debugging like routing, WAN outages, Network Hardware/Software failure, configuration and performance issues.
- Practical experience in DNS, DHCP, Group policy, Replication, Active directory domain trust relationship.
- Worked on F5 LTM series like 6400, 6800 for the corporate applications and their availability. Configuring, Administering and troubleshooting the Palo Alto firewall.
- Also proficient in handling Network Monitoring tools and Packet capture tools, technical documentation and presentation tools and also has excellent analytical, organizational, problem solving & resolution skills.
- Configuring and troubleshooting CISCO catalyst 6509, 7609, 7613 with Supervisor cards, Cisco 3640, Cisco GSR 12416, 21418. Extensive experience in designing and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls. Implement/Maintain a Juniper Environment of 600 data collection units across USA.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
- Experience in testing cisco routers and switches in laboratory and deploy them on site production. In-depth knowledge and hands-on experience in IP Subletting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3, Firewalls.
- Responsible for configuring Fortinet & Cisco Firewall rules for Inbound and outbound network traffic Design and Implement all Security Services including URL Filtering, IPS, Firewalls, and VPN on Cisco ASAs and next gen Fortinet Firewalls (60D,90D,200D, etc.).
- Adept in preparing Technical Documentation and presentations using Microsoft VISIO/Office. Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
- Experience with Palo Alto Networks Next Gen firewalls. Installing and configuring FWSM and ACE modules on Cisco 6509 distribution switches.
- Experience with F5 Load Balancing. Strong hands on experience on PIX, Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ &RADIUS).
- Experience in Juniper NetScreen OS, JunOS SRX, Cisco, and Pulse Secure systems.
- Implemented firewalls using Cisco ASA, Cisco PIX, Check Point Provider-1 /SiteManager-1 NGX R65, Firewall-1/VPN-1 NGX R65 Gateways, Secure Platforms. Migration of all the PIX firewalls to ASA firewalls.
- Configuring, Administering and troubleshooting the Checkpoint, Palo Alto, Imperva and ASA firewall
TECHNICAL SKILLS:
Cisco routers: 2600, 2941, 2960, 7200, 7609, ISR 4331, 4551 and CRS-100v
Cisco switches: Cisco 3550, 3750, 3850, 45XX, 65XX series
Nexus: 7k, 5k and 2k
Switching: LAN, VTP, STP, PVST+, RSTP, Inter VLAN routing & Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, MPLS
Firewalls: Juniper (Net screen 5200,5400), SRX-650, SRX-480, Cisco ASA (5510,5520,5540,5550 ), FWSM, PIX (515,525,535), Palo Alto (PA-2k, 3k, 5k), Checkpoint NGX R-55, R-60, R-65ASA Firewalls (5510, 5520, 5540 & 5585)
Network Routing Protocols: OSPF, EIGRP, BGP, VRRP, HSRP, Policy Based Routing, Route Filtering, Redistribution, Summarization, Static Routing
ACL, IPsec, VPN, Portsecurity, Zone: Based Firewalls, NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, Load Balancing, DS/IPS, URL Filtering
Load Balancer: F5 Networks (Big-IP), ACE
IP Services: L2VPN, L3VPN, VPLS, QOS
WAN: Frame Relay, ISDN, PPP, MPLS, exposure to DS1, DS3, OC3, OC12, T1 /T3
PROFESSIONAL EXPERIENCE:
Confidential
Sr. Network Security Engineer
Responsibilities:
- Working on Site migration from Partner network to separate network to SD-WAN solution.
- Documented and developed technical procedures for the maintenance, operation and sustainment of the operating environment.
- Deployed cisco switches and routers from scratch for migrated sites.
- Assisted with code upgrades for cisco environment and operational procedures.
- Assisted with legacy wireless controller and Meraki deployments.
- Experience to review and evaluate current and future design issues as required maintaining network integrity.
- Configuring and maintaining Radius and TACACS server for all network authentication and accounting of network infrastructure.
- Deploying, configuring and managing/troubleshooting the multivendor network devices/instances including Cisco, F5, Infoblox, PaloAlto, Pulse, ASA’s, Proxies.
- Establishing site-to-site IPSEC VPN tunnels on Palo’s and Cisco ASA’s. Installation, configuring and maintaining Checkpoint and Cisco ASA firewalls.
- Worked on route settings and reconfigure cisco switches (3750,3650,3900,4500,6500) to harden IOS policies according to standard operational procedures.
- Cisco Security: SDM, NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cisco (ASA, PIX) 5510, Cryptography, SSL and IPsec VPN and DMVPN.
- Worked on Cisco ASA 5500 series Firewall providing support and configuring for NAT, PAT & advanced Firewall rules implementation IPS/IDS on ASA’s with Botnet protection.
- Created dynamic access policies on the ASA’s for the offshore vendors to be able to VPN in and access the resources they needed for their testing purposes.
- Configure and maintain security policies on Fortinet firewall and managing Fortinet Analyzer. Hands-on experience in configuration of firewalls - Palo Alto, Cisco, Fortinet, and Firefly.
- Expertise in configuring and troubleshooting of Palo Alto, Fortinet, Juniper Netscreen & SRX Firewalls and their implementation. Configure and maintain security policies on Fortinet firewall and manage Forti Manager/ Forti-Analyzer.
- Upgraded the code on multiple ASA’s from 9.6.3(x) to 9.6.4(X) which required a very great deal of configuration changes especially due to the change of syntax for building NAT’s on 8.4.
- Planning, designing and implementation of moving multiple DMZ’s on FWSM’s to ASA’s by creating Multi-Context Environments on the ASA.
Confidential, Miami, FL
Sr. Network Operations Engineer
Responsibilities:
- Campus LAN and WAN solutions were implemented on Cisco products, network segmentation and access control Confidential campus.
- Supported 5 cruise ship with different architecture to every ship and worked on standardization among ships. Moreover, we have supported and administered over 10,000 devices across five ships.
- Worked on Solar winds migration project, migrated NPM from 12.3 to 12.5 with dedicated resources allocated.
- Integrated IP address management and network traffic analyzer module to solar winds to better visibility of devices Confidential ships.
- Working knowledge of dynamic network routing protocols such as Eigrp, OSPF and BGP.
- Working knowledge and providing support with Cisco Nexus 7K, 5K, 2K, VPC, VDC, Port-channels and 802.1q trunks.
- Supported and administered with 3750 and 3850 stacks, ISR WAN 4551-X, 4331 and CSR routers
- Good experience with major routing protocols EIGRP, OSFP, BGP This includes advanced routing techniques such as Policy Based Routing, VRF, and Qos Campus network switching design and configuration including FHRPs, VSS, VTP, Multicast, and Spanning Tree.
- Hands-on technical experience working with VPN technologies like (IPSEC, SSL VPN, and DMVPN,).
- Responsible for the implementation, organization and operation of Palo Alto Firewalls based on perimeter security network (PA-3020, PA-5220). Create and maintain documentation of standards, best practices for supported technologies.
- Good experience of firewall configuration and maintenance, experience with Cisco ASA equipment such as (5525-X, 5545-X and 5585-X along with firepower services.).
- Work within established configuration and change management policies to ensure awareness, approval and success of changes made to the network infrastructure.
- Installation, configuring and maintaining Checkpoint and Cisco ASA firewalls. Responsible for building and maintaining site to site VPN tunnels with other business partners based on the business requirements.
- Supported and administered Cisco wireless and Aerohive wireless network on both ships and campus side.
- Maintaining and administering cisco network environments including systems software, hardware, and configurations. Troubleshoot remote access services like Citrix NetScaler, Cisco VPN clients and for the users to access their enterprise network. Monitoring and analyzing traffic on Check-Point and Fortigate Firewall.
- Experience in installation and troubleshooting Fortinet Firewall. Worked extensively on Palo Alto, Juniper Net screen, Fortinet. Responsible for planning, documenting and implementation of complex Firewall and VPN solutions, VMware, Fortinet .
- Troubleshooting network problems and outages and collaborating with network architects on network optimization.
- Planning, designing and implementation of moving multiple DMZ’s on FWSM’s to ASA’s by creating Multi-Context Environments on the ASA.
- Providing Level-2/3 support and troubleshooting to resolve issues and I have been on 24/7 on-call rotation support.
Confidential, Kansas City, MO
Sr. Network Operations Engineer
Responsibilities:
- Experienced in supporting Nexus 5k, Nexus 7k, catalyst 9300, 6800, 3850, 3650, ASR 1001-x, 1002-x routers and switches.
- Demonstrated success in dealing with firewalls, IDS/IPS, SEIM, access control and load-balancing.
- Configured and performed troubleshooting with routing and switching protocols, including BGP, OSPF, MPLS, and HSRP.
- Coordinated with various teams for disaster planning and performed network backup and monitored recovery processes.
- Logged, resolved and escalated on-site and off-site issues.
- Installed patches and performed backups, system builds and image updates.
- Managed and ensured the stability of all network and wireless services throughout the enterprise.
- Monitored the stability of the network and wireless services to ensure comprehensive stability.
- Monitored network performance and provided network performance statistical reports for both real-time and historical measurements.
- Managed firewall, network monitoring and server monitoring both on- and off-site.
- Maintained Cisco Wireless Network devices, to include Prime, ISE, Cisco Wireless Controllers, and configuring Aruba and Cisco Access Points in a Secure environment for the DoD.
- Migrating Cisco ASA firewalls policy to new Checkpoint appliance with support of vendor specific tool.
- Deployed Cisco FireSight, ISE using certificate authority signed certs with pxGrid remediation module.
- Worked on ISE 802.1X, ISE wired/wireless guest and ISE trustsec implementations.
- Deployed, configured, and managed of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS (Radius and TACACS+), and Cisco Prime Infrastructure.
- Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, IDS/IPS. Responsibility is to design and deploy various Network Security & High Availability products like Check Point R 77.XX and other Security Products.
- Assistance provided with initial installation and configuration for SDA (ISE, DNAC+Assurance, Stealth watch, APIC-EM, Catalyst 9k and programmability) Assessment for the newly implementing customers.
- Firewall technologies including general configuration, optimization, security policy, rules creation and modification of Palo Alto. Experience with working on Palo Alto centralized management GUI PANORAMA.
- Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN. Exposure to wildfire advance malware detection using IPS feature of Palo Alto.
- Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments. Palo Alto design and installation, which includes Application and URL filtering Threat Prevention and Data Filtering.
- Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series, PA5000. Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs. Installing and Configuring Palo Alto Pa-500 series firewalls using Panorama.
- Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments. Hands On experience in push Policy from Panorama to Firewall in Palo Alto. Worked with Palo Alto Firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the Firewall.
- Experience on Palo alto with ACLs, Firewalls, and/or Intrusion Prevention Systems (IPS)
- Experience with monitoring solutions, correlation tools, and identity and access control systems. Solid knowledge and experience with Layer 2-7 protocols and technologies
- Strong knowledge and experience with routing, security protocols, ACLs, Firewalls, and Intrusion Prevention Systems. Prioritized simultaneous projects to perform effectively under shifting deadlines in a fast-paced environment.
- Reviewed technical specifications from clients and vendors to confirm adequacy, accuracy and functionality.
Environment: ASR and ISR (ASR 1001, 1002, 1001-X, 1002-X,), Catalyst switches (9300, 3650, 3750, 3850, and 4500, 6500), Nexus 5K and 7K, Switch/Route protocols (OPSF, BGP, FHRP).
Confidential, Minneapolis, MN
Sr. Network Operations Engineer
Responsibilities:
- Configured, deployed and managed firepower/Sourcefire and legacy IPS (Intrusion Prevention System) across Ameriprise Environment.
- Installation, configuration and maintenance of Palo Alto Firewalls, Cisco ASA firewalls. Deployed and managed Varonis specifically Data Governance, Data Advantage and Data Alert modules in complex environments.
- Worked on upgrades for Legacy IPS and Sourcefire IPS from first version 5.3.1 to newest version 6.1. Worked on migration project from Palo alto IPS to Firepower IPS for guest wireless. Troubleshooting and provided solutions that would fix the problems for Legacy and Sourcefire IPS modules.
- Design, Deploy and installation wireless controller (2500) and access points high profiled site Confidential One world trade center, NY.
- Worked on wireless controller upgrade 5508 and involved in cisco Prime infrastructure upgrade as well.
- Dealt with 3650,3750 and 3850 stack and wan router ASR 1001, 1002, 1001-X, 1002-X upgrades across all the datacenters Confidential Ameriprise networks and Nexus 5k upgrades as well.
- Involved in major project as part of bug fixes and vulnerabilities we upgraded Next generation ASA firewalls like 5515-X, 5525-X, 5545-X, 5585-X.
- Worked as lead engineer for VPN performance to identify client bandwidth issues and worked for VPN bandwidth capacity planning for Super bowl event. Responsible for troubleshooting network and firewall problems, specifically Palo Alto and Cisco ASA’s.
- Responsible for the implementation, organization and operation of Palo Alto Firewalls based on perimeter security network (PA-5020, PA-5050). Create and maintain documentation of standards, best practices for supported technologies.
- Deployed Impulse network access controller and designed policies to prevent unknown devices from connecting to the internal network.
- Supported VoIP infrastructure and its associated software, including IP-PBXs, call management systems, voice mail, and interactive voice response.
- Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls. Deploying of Cisco ISE on Nexus 5000/7000 routers, Cisco switches, and Cisco ASA and Firepower firewalls. Executing RADIUS pre-deployment tasks like ISE setup, loading templates into Cisco Prime.
- Worked as team member on administration, operations, diagnosis and maintenance of the Unified Communications, Call Center and Collaboration platforms.
- As part of SOC2 audit documentation, I am responsible to provide evidence for controls. Worked QOS standardization across the network and troubleshooting video pixilation issues between sites. I have used Putty to perform configuration and implementation on cisco routers and switches.
- Design, setup and configure Cisco wireless networking that supports open or secured access. Troubleshooting failed radius authentication on wired, wireless and guest Wi-Fi in Cisco ISE.
- Worked on NETMRI Infoblox network automation tool to identify standard configuration on routers and switches using Regex and CCS scripting.
- Worked closely with cisco for scrub version recommendations on weekly basis to make sure Ameriprise networks are not vulnerable. Testing and migration of corporate Internet Zscaler tunnel from Washington node and Denver node.
- Manage day-to-day networking engineering and support. Log work and track service problem tickets in centralized ticket tool (service now). Good team player capable of working independently or with other network engineers.
Environment: ASA Firewalls (5515-X, 5525-X, 5545-X, 5585-X), Palo Alto (PA-5020, PA-5050), Sourcefire/Firepower IPS, Legacy IPS, Cisco Wireless Controller, VPN bandwidth, Zscaler tunnel testing, Infoblox, Netmri, QOS, GRE tunnel testing, ASR and ISR (ASR 1001, 1002, 1001-X, 1002-X, ISR 4331), Catalyst switches (3650, 3750, 3850, and 6500), Nexus 5K and 2K.
Confidential, Dallas, TX
Network Engineer
Responsibilities:
- Manage all Network and Firewall devices to include Cisco routers, switches, SSLs, VPNs, Checkpoint as well as content delivery networks (Citrix Netscaler, F5 BigIP LTM and GTM load balancers)
- Work with the following routing/switching protocols: BGP, OSPF, EIGRP, HSRP, VRRP, GLBP, VTP, 802.1d, and 802.1q, ISL, VLAN’s and Port-Channels.
- Configure switch ports connecting to the WAN and LAN networks with separate subnets and VLAN’s, Experience with Checkpoint Firewall policy provisioning. Configuring OSPF as the Routing Protocol between PE and CE routers. Worked on MPLS enabled Backbone
- Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5K and 7K .
- Deployment, configuration, and management of 802.1x solutions to include Cisco Identity Services Engine (ISE), ACS (Radius and TACACS+), and Cisco Prime Infrastructure. Address, ISE Endpoint Information, which is used to estimate the failure, risks before change windows.
- Experience working with design and deployment of MPLS Layer 3 VPN cloud, involving VRF, Route Distinguisher (RD), Route Target (RT), Label Distribution Protocol (LDP) & MP-BGP . Implemented Access lists and policy mapping on Juniper router installed in each branch across all the states.
- Performed circuit provisioning. Coordinated with engineering team and onsite technician for remote configuration of Cisco routers, switches, monitoring the cable design
- Verify the VLAN ID’s are allowed through Unicast filter in MSS in case of troubleshooting, Configured OSPF, MPLS, BFD, QoS , creating VC/VP’s and assigning traffic parameters per the target profile Verification, Validation, Monitoring and Documentation after every day’s work by checking KPI
- Tracked customer network Confidential NOC 24x7, prepared forecasts of network traffic and capacity, and recommend modifications to the network configurations which reduce costs or improve quality of service
- Experience with UC or voice technologies such as Cisco CUCM or SIP. Develop, test and update network and voice plan and operating procedures. Responsible for ongoing maintenance and updates of network and voice infrastructure.
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
- Worked on Cisco ISE to prevent unauthorized access to the network.
- Cisco ISE supports AAA, 802.1X and mobile device management.
- Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x
- Performed upgrade on Cisco ISE from version 1.4 to version 2.0. After performing upgrade took advantage of TACACS and onboarded new network equipment into ISE instead of the unsupported Cisco ACS server.
- Troubleshooting problems on a day to day basis & providing solutions that would fix the problems within their Network Preparing various project reports for identifying areas of obstruction, conducting troubleshooting to rectify the network.
- Firewalls placed in the Data Center with MS Visio. Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
- Ensuring execution of preventive maintenance of networks, including schedules maintenance to ensure trouble free and seamless operations.
Environment: F5 Big-IP, Citrix Netscaler, QOS, MPLS, Cisco Wireless Controller, Switch/Route protocols (OPSF, BGP, FHRP), Checkpoint R77, Catalyst switches (3650, 3750, 3850, and 6500), Nexus 7K, 5K and 2K.
Confidential
Network Engineer
Responsibilities:
- Expertise level 1 in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems. Configured and troubleshoot OSPF and EIGRP.
- Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers. WAN Infrastructure running OSPF & BGP as core routing protocol. Support various Routers like 2600/3600/7200 series routers. Tested authentication in OSPF and BGP .
- Performed and technically documented various test results on the lab tests conducted. Hands on Experience working with security issue like applying ACL’s, configuring NAT and VPN. Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security
- Work on different connection medium like Fiber and Copper Connectivity. Knowledge of Juniper environment including SRX/Junos Space.
- Have used Putty and Securecrt to login into network infrastructure device like switches and routers. Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series
- Responsible for Configuring SITE TO SITE VPN on VPN Concentrators series between Head office and Branch office.
Environment: Switch/Route protocols (OSPF, EIGRP, RIP), Routers (2600/3600/7200), IPSEC VPN, site to site VPN, ASA Software upgrades, Juniper SRX firewall, Firewall NAT.