SUMMARY

• Overall 5 years of experience as a Network Security Engineer, network and application security expertise, troubleshooting and presenting enterprise security solutions.
• Having Ability to implement Security on Switches and Routers.
• As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions, Dormant & Never Logged IDs clean - up.
• Review and optimize firewall rules using Secure Track tool and run firewall audit reports.
• Working experience on Palo Alto and Checkpoint Next Generation firewall.
• Daily responsibilities included design, implementation, support and administration of multiple security products running Check Point Provider-1 and VSX, Source Fire, and ISS Real secure.
• Conducted security risk assessment, independent reviews, periodic inspections, and implementation of security policy.
• Worked with Active Directory, LDAP/UNIX groups, Networks, human Resource systems for Identity and Access Management.
• Experienced on Windows(Vista,7,10) and LINUX (Kali, Ubuntu, CentOS, RedHat).
• Configured, Administered and troubleshooted the Checkpoint, Palo Alto and ASA firewall.
• Experienced in implementing SNMP (Simple Network Management Protocol), NetMRI.
• Created technical implementation plans, project plans, and worked closely with internal and external customers to supply solutions that fulfill their needs.
• Regularly performed firewall audits around Checkpoint Firewall-1 solutions for customers.
• Evaluate Operating system (Windows, UNIX, Linux), application (Webservers, databases), network device (firewalls, routers) and events within the SIEM.
• Skilled in network and web related protocols such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols.
• Managing and deploying Microsoft security updates and specialized software authorized by Group Policy under Active Directory associations.
• Validating client and Server network security configurations for McAfee Host Base Security System & Symantec Endpoint Protection.
• Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features, IDS/IPS, security risk analysis, attack mitigation & penetration tests based on LPT methodology.
• Manage virtual machines using VMware Sphere Client and VMware Horizon View Administrator.
• Experienced network security engineer with proficiency in installing, upgrading, troubleshooting, configuring, and supporting variety of Network & Security Devices.
• Experienced in optimizing network performance using techniques such as caching, compression, acceleration.

TECHNICAL SKILLS

Security/Firewalls Technologies: Cisco Security Manager Suite, Cisco ASA 5500 series firewalls, Cisco FWSM, Cisco IPS/IDS, Cisco ACS, Advanced Firewall Manager (AFM), Cisco ASA 1000V cloud firewall, Checkpoint Firewall, Juniper SRX series, Palo Alto, IPS, IDS, RADIUS, SSH, VPN, IPSec, SSL/IPSec, Data Loss Preventing, Public Key Infrastructure (PKI), Pretty Good Protection (PGP), Internet Key Exchange Policy, Port Security, MAC Address Filtering, Cisco Routers.

LAN Technologies: VLAN, VTP, STP, RSTP, PVST

WAN Technologies: HDLC, PPP, ATM, SONET, MPLS, VPN, IPSec-VPN,HTTP,HTTPS,SSL

Network Securities: NAT/PAT, VPN, Filtering, ACL, Cisco ASA Firewall and Palo Alto Firewall, Checkpoint Firewall.

Routing Protocols: RIP, IGRP, EIGRP, HSRP, IPv6, DHCP, DNS, TCP/IP, UDP

VPN Services: Cisco, ASA, Microsoft Direct Access(VPN)

Network Managements: SNMP,SNMP, SSH, Telnet, ICMP, LT M, APM Net flow, F5 Load Balancers.

Tools: and skills: MATLAB, Wireshark, SolarWinds, Breakpoint, Spirent, TeraVM, Splunk, CyberArc

Operating Systems: Windows, MS DOS, UNIX, Linux, UBUNTU, RedHat Enterprize

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential

Responsibilities:

• Responsible for setting up Checkpoint devices, configuring, maintaining and troubleshooting.
• Worked on IPSO and secure platform. Nokia hardware platforms like IP360 & IP560.
• Experience with Data Loss Prevention (DLP) Software.
• Functional understanding of TCP/IP networks and firewalls.
• Configured and upgraded Nokia &Checkpoint devices. Worked on R65, R70, and R71& R75 platforms.
• Worked on testing tools like Breakpoint, Spirent and TeraVM.
• Extensive knowledge and experience regarding F5 BIG-IP LTM VIP configurations.
• Troubleshooting, optimizing and documenting LAN/WAN technologies and T1/T3 WAN technologies.
• Good experience in VPN services like Microsoft Direct Access.
• Working knowledge of ITSM Remedy ticketing system
• Providing M/T series high level technical support to lead tier-1 carriers
• Security audit to customer like vulnerability assessment and Penetration testing.
• Worked on Cisco FWSM.
• Setup Juniper Network Management platform application and install Security Director, Service Insight, Service Now, and Network Director.
• Authoritative and Non-Authoritative Applications Configuration using Active Directory, Flat file, JDBC and LDAP connectors to load the Identity Cubes.
• Working experience with A10 and F5 Load Balancers.
• Configured Checkpoint Cluster XL, VRRP for redundant setups.
• Upgraded the platforms using the checkpoint upgrade tools.
• Upgraded Virus definition on messaging and enterprise servers MacAfee.
• Utilized Check Point smart-dash board for Firewall and troubleshooting.
• Monitoring performance of network appliances and WAN utilizing using network analyzer like Wireshark.
• Implementation and configuration of IDS and IPS.
• Controlling, monitoring and troubleshooting LAN, WAN and VoIP technologies.
• Configuring ipsec/gre tunnels, access-lists, routing protocols as per client requirements.
• Configuring and troubleshooting Palo Alto.
• Extensive knowledge and experience with F5 BIG-IP GTM Wide IP configurations.
• Deployed Nexus Switches, with complete understanding of the limitations of the line cards for N7ks.
• Familiar with PCI. I got a good Experience with Disaster Recovery.
• Set up Cisco ISE Identity Services Engine.
• Performing backup testing of different client sites to confirm redundancy.
• Coordinating with different Internet service providers for link outages, link flaps, packet loss.
• Installing, configuring virtualization products such as VMware Workstation, Virtual box and vSphere. Experience with ISP carriers.
• Using Cisco Works to verify router configuration changes, backing up IOS and router configs.
• Upgrading IOS on routers and switches. Using HP Open view for monitoring the router interfaces, power status.
• Experience with firewall NAT/PAT. I am Familiar with Wireless technologies (3G, 4G/LTE) and Datacenter technologies.
• Configured VPN routers for remote sites access with correct security policies.
• Creating hosts on different zones and domains, adding forward /reverse PTR /alias records.

Network Engineer

Confidential

Responsibilities:

• Implemented layer 3 routing on large Campus LAN.
• Worked Effectively and improved overall performance of Campus network with simplified HA firewalls.
• Design and customization to integrate SailPoint with Active Directory, MS Exchange, Office 365, Databases, webservices, legacy applications, ServiceNow, Salesforce for access provisioning and deprovisioning.
• Configured access lists to block access to CDP websites from known malicious public networks.
• Meticulously research bugs and security vulnerabilities for public facing services and remediate risks.
• Created Encrypted endpoint security solution for online messages info.
• Expert in VPN service. I can easily access any VPN services.
• Installation of Cisco Routers, Switches. Hands on Switching & Routing.
• Thoroughly analyzed network data to understand our network capacity to aid in future network designs.
• Consistently and efficiently work with desktop technicians to resolve any technology related issue that may arise.
• Experience with F5 BIG-IP iRule programming and troubleshooting.
• Worked in Dell secured environment.
• Involved in Application development by using connector configurations like JDBC and Active Directory etc.
• Upgraded all Cisco devices with new Cisco IOS.
• Designed Test network. This test network allows us to perform changes in a non-production environment while observing the consequences of the change on the infrastructure. All without the risk of causing downtime.
• Designed file filtering rules to block downloads of zip and executable files to user's desktops. Effectively minimizing the risk of malware, add-ware, and virus exposure.
• Designed and configured Cisco ASA and connected devices for internal, external, and DMZ networks.
• Configured Port Address Translation for Email transport and TLS encryption.
• Configured NAT translation rules for external service.
• Used SNMP to gather network information and plan for growth and necessary upgrades.
• Built and maintained relationships with internal and external network and datacenter teams.
• Responsible for building and maintaining daily NOC procedures.
• Managed budgets for the NOC department.

Network Engineer

Confidential

Responsibilities:

• Efficient follow-up on escalated fault tickets to ensure timely response to customer.
• Setup the new switches and harden the switch configuration as per the company policy.
• Perform Initial Problem determination & assigning higher team to get the issue fixed.
• Experienced with Active Directory.
• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
• Assigning VLAN's to specific Switch Interfaces.
• Creation and Updating the VLAN's as per the requirement.
• Installation of Cisco Routers, Switches. Hands on Switching & Routing.
• Review of high level and detailed level design document to suggest any changes/improvement.
• Built and configured the device based on the inputs from the design documents (HLD, DLD).
• Performed extensive testing around the upgrade, migration and configuration functionality of our software.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Checkpoint and Cisco ASA VPN experience.
• Configure, verify & troubleshoot IPv4 and IPv6 static routing, STP related optional features, Port Fast, BPDU guard.
• Address any findings before handover.
• Troubleshooting any issues with traffic flow through the new solution after customer applications are deployed.
• Proactively monitoring and managing customer networks on the Tools like Cramer, Remedy, clarify thereby ensuring timely completion within specified SLA.
• Strong capability to motivate in a supervisory position.
• Familiar with Wireless technologies (3G, 4G/LTE) and Datacenter technologies.
• Proficient in analytical problem solving.
• Set up Cisco ISE Identity Services Engine.
• Worked on Cisco FWSM.