OBJECTIVE

• An experienced professional having around 7+ yrs. of professional industry experience as Networking engineer and seeking an opportunity to enhance my skillset in Network security services.

SUMMARY

• Experienced Network Engineer with a demonstrated history of working in the information technology and services industry. Strong information technology professional skilled in Cisco IOS, Technical Support, Secure Sockets Layer (SSL), SSL Certificates, Confidential Firewalls, Checkpoint Firewalls, Cisco ASA Firewalls, Juniper Firewalls .
• Experience in routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• In - depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), NAT, VLAN, STP, VTP, HSRP & GLBP, QoS.
• Experienced in performing URL and content filtering in Zscaler and Bluecoat Proxy secure web gateways.
• Having hands on good experience on Confidential along with CISCO ASA and Checkpoint Firewalls.
• Experienced in implementing and maintaining B2B extranet VPN’s .
• Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.
• Experience in Aruba Wireless Technology Meraki Wireless Technology Ubiquiti Wireless Technology Cisco 2900 & 3500 series switches MFT Vantive.
• Have experience on different network tools like Tufin, Firemon, Algosec, Splunk, IBM Qradar SIEM
• Worked with Cisco, Confidential, Juniper, Splunk, Force point, Checkpoint, Zscaler.
• Hands-on technical expertise (IDS/IPS, Endpoint Protection, Encryption).
• Development, implementation, troubleshooting and maintenance of network & security environments such as Cisco routers and switches, multiple vendor firewalls.
• Dealt with monitoring tools like ( CA Network performance management, NetScout nGenius Client, SolarWinds, Cisco Works ), network packet capture tools like Wireshark.
• Hands on experience for Implemented Zone Based Firewall and Security rules on the Confidential Firewall.
• Good understanding and experience in migration from CISCO ASA to Next Gen Confidential Firewall.
• Handling end user issues related to transition of RAS service to Confidential Global Protect VPN.
• Strong hands-on experience in layer-3 Routing and layer-2 Switching. Dealt with Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series, Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches, Juniper routers E, J, M & T-Series and Juniper EX switches EX8200, EX4500, EX4200, EX3200, EX2500, EX2200 Series.
• Experience working with Nexus 9K (ACI/SDN), 7K, 5K, 2K devices.
• Implement, Configure, Maintain, Fine Tune & Troubleshoot Data Leak Prevention (DLP) Solution.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Proficient in using firewall technologies including general configuration, security policy, rules creation and modification of cisco ASA, Juniper SRX and FortiGate.
• Extensive implementation of firewall rules on Juniper SRX 3600, SRX 3400 and SRX 5800 daily, using SPACE as well as CLI when needed.
• Experience converting Confidential VPN rules over to the CISCO ASA solution. Migration with both Checkpoint and CISCO ASA VPN experience.
• Hands on experience with load balancers (F5 & Cisco Content Switch), VPN (Cisco, Netscaler, RSA, Deo Security, Entrust & F5).
• Experienced in troubleshooting both connectivity issues and hardware problems on Cisco based devices.
• Experienced with VSS, VPC, Nexus7000.
• Good understanding of NAT & Firewall on Aruba Controllers along with other Network Engineers participated in the management and configuration of Cisco ASA, Cisco ACE, Juniper and Confidential Firewalls, ACL's, and Packet Shaping devices and rules.
• Knowledge of Active Directory, DNS, Group Policies in AD.
• Experienced in shell scripting to push major network changes during a scheduled window.
• Well skilled in configuring protocols like HSRP, GLBP, VRRP, SSH, ICMP, IGMP, PPP, HDLC, and SNMP.
• In depth understanding of IPV4, implementation of Subnetting, VLSM and ARP, reverse and proxy ARP, Ping concepts.
• Experienced in Fault management and Performance management for large networks. Experience in setting of IPSEC VPN between Cisco ASA Firewall and Cisco routers.
• Good amount of Experience on implementation of ASA (5540/5550) Firewalls, Security Policies using Access control list, Secure Sockets Layer, VPN, TACACS+ & RADIUS.
• Resolved Customers request to create firewall policies for Cisco ASA, juniper SRX, Fortigate and NX-OS.
• Experience in ASA Firewall 5000 series such as 5505, 5510, 5540, 5500.
• Worked on Juniper Netscreen firewalls like NS50, SSG 550M, SSG520M, ISG 1000, and ISG 200.

TECHNICAL SKILLS

Routers: (Cisco, Arista, Brocade & Juniper devices)

Cisco Switches: (2900, 3500, 3750, 4000, 4500, 5000, 5800, 6500, CRS1, CRS3, Nexus 2k, 3k, 5k,7k), MSFC, MSFC2.

Routing Protocol: BGP, OSPF, EIGRP, IGRP, IGMP, RIP, IS-IS), ISR, ASR, Routed Protocol TCP/IP, Multicasting (PIM), OMP.

Management tools: SNMP, Syslog, HP Open View NNM, Sniffer, Nessus, NMAP, PCI, OWASP, Aruba and Wireshark

LAN Protocol: VLAN, VxLAN, PVLAN, VTP, Inter-vLAN routing, ISL, dot1q, ARP, CDP, STP, IS-IS, RSTP, MSTP, ISL PVST, LACP, HSRP, VSS, GLBP, VPC, VDC, Ethernet, Port security.

WAN Technology: Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3, ISIS, MPLS

Network Management: SNMP v2, v3, Cisco Works, 3Com Network Analyzer, MRTG, SolarWinds, and Orion

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Firewalls: Confidential PA-500/PA-2K/PA-3K/PA-5K/PA-7k, ASA 5585/5520/5510 , Check Point R65/R70/R75, ISA 2004/2006

Network Security: Working knowledge of Firewall, Cisco ios, ASA, Cisco FWSM/PIX/ASDM, Cisco ISE, Sourcefire IPS/IDS, Cisco NAC, IPsec, Nokia Checkpoint NG, IPS/IDS(Snor), VPN

Juniper: Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800, 3400, Juniper Net screen 6500, 6000, 5400. Juniper SSG Firewalls, Confidential PA 3060/2050, F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810.

PROFESSIONAL EXPERIENCE

Confidential

Network Security Engineer

Responsibilities:

• Developed HLD/LLD/SOP for Network security infrastructure as a lead for products like Cisco, Arista, Confidential firewall, Imperva WAF, Zscaler Proxy, F5 BIG IP, Citrix VM ESXi, Crowdstrike AV, McAfee DLP solution etc.
• Experience building Firewalls, mainframes, and UNIX based platforms at the data centre and implementing the initial policies, configuring NAT, Routing etc.
• Configured Confidential Firewall models PA-3k, PA-5k, PA-7k and centralized management system (Panorama) to manage large scale Firewall deployments.
• Managing major projects for the client base to include system installations, migrations from legacy to VoIP, expansions and decommissions.
• Worked with Confidential engineering to identify a bug in the 8.1.3 code on PA 5020 device, bug was about traffic not being forwarded to DP1 when DP0 queue was full.
• Provided network support for on-boarding process of 200+ domains & web-applications to Imperva cloud web-application firewall. Additional responsibilities include imposing restrictions on network firewalls to allow traffic from Imperva networks alone.
• Provided network support to deploy Crowdstrike AV agent to 65,000+ end points and to allow end points to get updated AV content form internet.
• Deployed new workstations on AWS cloud to cope up with COVID 19 remote work requirements and integrated the cloud network with the corporate network through an extranet VPN connectivity.
• Performed a code upgrade to 9.0 on global data centers PA firewall devices with the best practices recommended by the Confidential networks.
• Performed a security rule clean up on the global PA firewall devices based on the Confidential rule usage feature.
• Worked on transition from port-based rules to App-id based rules based on the report from Confidential app-id identifying feature as a part of firewall performance optimization project.
• Identify, flag and decommission unused B2B extranet VPN connections to optimize running device config and shut down unauthorized access to corporate network.
• Transition from static routing to BGP on a B2B VPN to support dynamic failover, in case of a failure on the primary.
• Provided firewall support for migrating the current infrastructure to cloud.
• Support the RAS service migration from Juniper Pulse to Confidential Global protect VPN.
• Providing comprehensive networking support leveraging VMware, Active Directory, SolarWinds Orion, with Cisco Catalyst and Nexus switches. Involved in load balancing web-based application traffic using Big IPs F5 LTM and GTM.
• Implement and enforce stricter IPS inspection over production traffic using Confidential firewalls.
• Utilizes Wireshark packet capturing tool on network.
• Admin for allowing Internet site access through Zscaler cloud proxy.
• Monitored Global Support Service desk for tickets that were opened dealing with VoIP troubles or changes.
• Implement, Configure, maintain, fine tune & troubleshoot Data Leak Prevention (DLP) Solution.
• Deploying, installing and troubleshooting Confidential firewall and Panorama with integration of Cisco routers, switches, WLAN components.
• Delivered Solutions to improve Cloud architecture, deployment for AWS Private and Public Cloud.
• Migrations of client firewalls to Confidential and post migration support.
• Hands on IPS/IDS deep packet analysis and sensor custom signature configurations.
• Performing network monitoring, providing analysis using various tools like Enterprise Network performance monitoring tool (CAPM), Wireshark, etc
• Configure the profiles as per the client Requirement based on User-ID, APP-ID and Content-ID.
• Implementing, Managing and Troubleshooting Network Protocols and Services.
• Manage the overall physical implementations in the Data center.
• Load balancing the web applications using BIG-IP’s F5 LTM and GTM.
• Installing Cisco LAN, WAN, Wired, Wireless network infrastructure for Microsoft at Access and Distribution layers, throughout MSFT offices, labs, DC's worldwide. Also constantly upgrading outdated networks for MSFT
• Review and optimize Firewall rules using Confidential expedition tool, Tufin SecureTrack tool and Firewall audit reports.
• Configuring Tufin secure track and network devices for monitoring network rules.
• Utilized Wireshark in troubleshooting and resolving issues with application not working.
• Worked on Packet capture tools like Wireshark, Net scout nGenius client troubleshoot the issues.
• Experience in designing MPLS VPN and (QoS) for architecture using Cisco multi-layer switches.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX Security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Replacing BlueCoat proxy with Zscaler and worked on implementing Zscaler in Production.
• Experience in implementing an IPSEC VPN with Cisco routers for third party business connectivity.
• Load Balancing with F5 GTM and LTM across multiple data centers. Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers (LTM, ASM, APM and GTM).
• Configured and maintained IPSEC and SSL VPN's on Confidential Firewalls. Hands-on experience of Cisco WLC (5500, 2500 series) and Avaya ERS 4000, 5000, 8000 series L2 & L3 switches.
• Connections and using Enterprise Cloud Manager for Monitoring.
• Maintaining and Creating DHCP and DNS, IPAM in Infoblox.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Created virtual systems (Firewalls) in the Confidential Environment & migrated vsys from EOL PA devices to newer boxes.
• Gained advanced knowledge on multiple security technologies Anti-virus, malware, Firewalls, VPN, proxies, vulnerability, DLP.
• Checking access point, router, switches, customer premise equipment as well & forward the issue to the respective team.
• Monitoring, optimizing and troubleshooting active directory issues.
• Installed and maintained the security infrastructure having IPS, IDS, security assessment systems and log management and migration to new VPN.

Confidential, AZ

Network Security Engineer

Responsibilities:

• Developed HLD/LLD/SOP for Network security infrastructure as Technical lead for products like Cisco, Check point Juniper and Bluecoat Proxy, BIG IP, Confidential firewall. Citrix VM ESXi, WAF, MacAfee, DLP antivirus solution etc.
• Experience building Firewalls, mainframes, and UNIX based platforms at the data centre and implementing the initial policies, configuring NAT, Routing etc.
• Configured Confidential Firewall models PA-3k, PA-5k, PA-7k and centralized management system (Panorama) to manage large-scale Firewall deployments.
• Managing major projects for the client base to include system installations, migrations from legacy to VoIP, expansions and decommissions.
• Successfully installed Confidential PA 3060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls.
• Experienced with installation of AWS CLI to control various AWS services through SHELL/BASH scripting and experience with AWS Cloud formation Templates.
• Deployed and managed FireEye CM 4400 and FX 5400 threat protection platform for malware analysis systems
• Experienced in monitoring and analyzing the load balancing of network traffic using Solar winds.
• Providing comprehensive networking support leveraging VMware, Active Directory, SolarWinds Orion, with Cisco Catalyst and Nexus switches. Involved in load balancing web-based application traffic using Big IPs F5 LTM and GTM.
• Designed and installation of over 4500 Aruba Wireless Access Points in conjunction with 12 Aruba7200 Series Controllers
• Implement and maintain IPS/IDS systems using Cisco Firepower appliance
• Using Meraki and Ubiquiti Networks maintained switching, routing, and firewall wireless configurations
• Involved in implementing the LLBs and GSLBs to ensure traffic is equally distributed using different Load Balancing techniques.
• Utilizes Wireshark packet capturing tool on network.
• Implemented Fireeye Appliances for Malware File Detonation and Whitelisting False positive Malware events.
• Integrate Cisco VoIP with Aspect ACD system
• Managed DHCP, DNS and IP address thru Infoblox, and Admin for Internet sites access through Zscaler.
• Planning/Design of wireless networks for data, voice, and location utilizing Cisco PI and Airmagnet.
• Wireless troubleshooting utilizing Spectrum Expert, CleanAir, Airmagnet Survey, AirmagnetWiFi Analyzer.
• Troubleshoot connectivity issues on Brocade switches/routers, Sophos and Fortinet firewalls, Splunk, Infoblox.
• Monitored Global Support Service desk for tickets that were opened dealing with VOIP troubles or changes.
• Implement, Configure, Maintain, Fine Tune & Troubleshoot Data Leak Prevention (DLP) Solution.
• Deploying, installing and troubleshooting Confidential firewall and Panorama with integration of Cisco routers, switches, WLAN components.
• Delivered Solutions to improve Cloud architecture, deployment for AWS Private and Public Cloud.
• Migrations of client firewalls into Confidential and post migration support.
• Meraki Network creation and configuration - Location, Tags, DHCP, Wired/Wireless setup, Firewall, etc.
• Scripted Infoblox DNS migrations in support of a larger IT restructuring effort.
• Provisioned Infoblox Grid in new Data Center. installation of IBM QRadar 3128 manager and 1628 event collector on test environment creating X-Force alerts metrics forwarding
• Configured Connectors along with Zscaler TAM And DAS team
• Hands on IPS/IDS deep packet analyzes and sensor custom signature configurations.
• Performing network monitoring, providing analysis using various tools like Wireshark, Solarwinds etc
• Deployment of Firewall in TAP Mode, finding customer sizing generating SLR and custom Reports.
• Configure the profiles as per the client Requirement on the basis of User-ID, APP-ID and Content-ID.
• Implementing, Managing and Troubleshooting Network Protocols and Services.
• Configure the Decryption policy for Encrypted traffic which is passing through the Firewall to protect client network from malicious attack.
• Manages the overall physical implementations in the Data Center.
• Evaluate, Plan, Test, and Deploy migration of DNS and DHCP to Infoblox Appliances.
• Load balancing the web applications using BIG-IP’s F5 LTM and Cisco ACE load balancer.
• Installing Cisco LAN, WAN, Wired, Wireless network infrastructure for Microsoft at Access and Distribution layers, throughout MSFT offices, labs, DC's worldwide. Also constantly upgrading outdated networks for MSFT
• Worked on Cisco 5520, 5508 & Aruba 7220,7210,7030,7010, wireless controllers with AP 135 & 225 series.
• Successfully installed Confidential PA 3060 firewalls to protects Data Center and provided L3 support for routers/ switches/firewalls
• Review and optimize Firewall rules using Secure Track Tufin tool and Firewall audit reports
• Configuring Tufin secure track and network devices for monitoring network rules.
• Hands on experience in installing, configuring and administration of UTM Firewalls including Fortinet, Cisco ASA and Load Balancers like Riverbed
• Utilized Wireshark in troubleshooting and resolving issues with application not working
• Worked on Packet capture tools like Wireshark, Net scout nGenius client troubleshoot the issues.
• Experience in Forcepoint DLP deployment in hybrid setup
• Experience in designing MPLS VPN and (QoS) for architecture using Cisco multi-layer switches.
• Migrated and implemented new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX Security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Extensively managed Network ACL's, EC2 and Security Groups in migrating traditional on-premises infrastructure to AWS cloud services which now hosts 20+ AWS services.
• Created monitors, alarms and notifications for EC2 hosts using Cloud Watch.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Replacing Checkpoint VPN and BlueCoat proxy with Zscaler and worked on implementing Zscaler in Production.
• Worked on advanced knowledge of Checkpoint, Fortinet, Cisco ASA 5500 series, JUNOS and Confidential PA-200.
• Experience in setting of IPSEC VPN between Cisco ASA Firewall and Cisco routers.
• Designed and implemented Aruba ClearPass solution for Guest Internet Registration, internal Tacacs/Radius Authentication and Certificate proxy distribution.
• Good amount of Experience on implementation of ASA (5540/5550) Firewalls, Security Policies using Access control list, Secure Sockets Layer, VPN, TACACS+ & RADIUS.
• Load Balancing with F5 GTM and LTM across multiple data centers. Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers (LTM, ASM, APM and GTM)
• Resolved Customers request to create firewall policies for Cisco ASA, juniper SRX, Fortigate and NX-OS.
• Experience in ASA Firewall 5000 series such as 5505, 5510, 5540, 5500.
• Migration from Cisco Firewalls to Confidential Firewalls platforms PA 4000 and PA 500 and PA- 200 Firewalls.
• Configured and maintained IPSEC and SSL VPN's on Confidential Firewalls. Hands-on experience of Cisco WLC (5500, 2500 series) and Avaya ERS 4000, 5000, 8000 series L2 & L3 switches.
• Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.
• Connections and using Enterprise Cloud Manager for Monitoring.
• Hands on experience on Solarwinds, BMC Remedy, SMEC, Putty, Magpie, CONEN.
• Maintaining and Creating DHCP and DNS, IPAM in Infoblox.
• Designed and implemented VOIP in the small and medium business including IP phone, SIP trunk that provided telecommunication services
• Deployment and Management of Bluecoat proxies in the forward proxy scenario as well as for security in reverse proxy scenario.
• Worked with Aruba Instant, Airwave, Clearpass, Airglass and Aruba Anchor Controllers and other Aruba Hardware and participated in configuring and installing equipment in the Data Center
• Deploying wireless switches and Access Points in different offices locations in MS and developed AP layout.
• Configured Wireless Access Points in order to control them with RADIUS server.
• Responsible for Solar winds Implementation of NPM, NCM.
• Extensively managed Network ACL's, EC2 and Security Groups in migrating traditional on-premises infrastructure to AWS cloud services which now hosts 20+ AWS services.
• Created monitors, alarms and notifications for EC2 hosts using Cloud Watch.
• Troubleshoot and Worked with Security issues related to Cisco ASA, and IDS/IPS firewalls. Large scale Deployment and installation of Juniper SSG5, Cisco ASA, and Fortinet firewalls.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Supported multi-site production Cisco Call Enterprise Manager 4.X, UCCX (IPCCX) Express 4.X, Cisco Emergency.
• Worked on software Defined Network solutions using Cisco ACI.
• Have developed scripts for automation within the Cisco Meraki environment to speed up the onboarding process
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Cisco ASA, Firewalls, VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall. Successfully installed Confidential Next-Generation PA 3060, PA 5060 firewalls to protect Data Center with the use of IPS feature.
• Configured SSL decryption on Confidential Firewalls.
• Creation and modification of CheckPoint Firewalls up to GAIA R77.30, Confidential Next-Generation firewalls, Bluecoat proxies and Cisco ASA.
• Created virtual systems (Firewalls) in the Confidential Environment.
• Fortinet Firewall administration configuration of FortiGate 3000, 3815 series as per network diagram.
• Gained advanced knowledge on multiple security technologies Anti-virus, malware, Firewalls, VPN, proxies, vulnerability, DLP. Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experience with the conversion of Checkpoint VPN rules over to the Cisco ASA technology Migration experience with both Checkpoint and Cisco ASA VPN.
• Checking access point, router, switches customer premise equipment & forward the issue to the respective team.
• Monitoring, optimizing and troubleshooting active directory
• Experience in Adaptability on Open-source SIEM tool Alinvalut.
• Installed and maintained the security infrastructure having IPS, IDS, security assessment systems and log management and migration to new VPN.
• Hands on experience working with OTV and FCOE on the nexus between the datacenters.

Confidential, Irvine, CA

Firewall Engineer

Responsibilities:

• Experience with Firewall migrations from PIX Firewall to CISCO ASA and Confidential Firewall appliances.
• Implemented Site-to-Site VPNs between CISCO ASA Firewall and Router
• Extensive experience with Juniper portfolio including JUNOS, EX switching and SRX firewall and Confidential network firewall.
• Managing Juniper Junos devices in production environments
• Collaborated setup Nexus 9K Pine and Leaf topology, FEX, UCS, ASIC, ACI and wireless controllers.
• Set up and troubleshoot secured wireless access points (WAP) and wireless LAN controller (WLC) across the Corporate Network.
• Troubleshooting VOIP related issues related to call manager, IP Phones and voice mail.
• Planning, Designing, Implementation of small, medium organizations including LAN, VLAN, WLAN and WAN on wired and wireless networks.
• Proficiency in Cisco ASAs, ISRs, Catalyst/Nexus, HP Switches, Cisco Meraki, Aruba, EIGRP, OSPF, BGP.
• Worked on the Aruba 7200 WLC and the 335 Access Points for the expansion sites based on the site capacity.
• Experience in monitoring and analysing the load balancing of network traffic using KIWI SolarWinds.
• Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
• Designed and Deployed QOS on entire LAN and WAN edge devices (Cisco & Juniper) in place of existing non-consistent QOS policy.
• Configured VLAN's on Switches for Wireless Access Points
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls
• Implemented routing and switching using the following protocols: IS-IS (IGP), OSPF, BGP on Juniper M series routers.
• Alliance Leadership (Cybersecurity Product Partnerships): Develop, enhance and manage engagement model between alliance partners and internal business units to ensure alignment between business needs, alliance performance criteria and action plans.
• Troubleshooting firewall rules in Cisco ASA, Checkpoint NGFW and Zscaler.
• Developed an AWS Security Group strategy. Determined naming conventions, owners, and approval process for Security Group change requests in a promote-to-production environment.
• Performed investigations on devices most successfully using the FireEye Incident Response Tool set, manual evidence gathering and alerts.
• Recommend and design equipment configurations for LAN/WAN/VOIP deployment on Cisco, Adtran, Fortinet, F5.
• Design, build, implement, and support VoIP services utilizing Cisco Networks.
• Configured Meraki MX68 and MX84 for hub and spoke connectivity.
• Migrated and implemented in a supporting role of Nortel Meridian 1 CS1000 PBX switch to Cisco Networks VoIP system.
• Financial Planning & Analysis: Review business cases for all key product partner deals to validate key assumptions are well thought out, relevant and stakeholders understand the associated business commitments.
• Implementation and support of Juniper EX2200, 4200 and 4300
• Manage DLP rules based on Customer policies and best practices.
• Perform active and passive WLAN surveys using Airmagnet and Cognio spectrum analyser tools.
• Data loss prevention (DLP) (Symantec, McAfee, Websense, etc.)
• Implemented FireEye Appliances for Malware File Detonation and Whitelisting False positive Malware events.
• Hands on Implementation and configuration of Cisco, Juniper, Brocade and Arista LAN/ WAN solutions
• Implemented and managed various protocols such as OSPF, EIGRP, CBAC, LACP, PAPG, HSRP, VLANs, Policy Based Routing, Access Lists, NAT, PAT, and Static Route Redistribution NOC.
• Enabled and configured CloudTrail logs for 26 AWS accounts. Created and managed an encrypted S3 Bucket for all CloudTrail logs and adjusted bucket policy for each accounts CloudTrail to access.
• Installed and configured Amazon's Inspector. Created Targets and Templates and scheduled Assessment runs on all EC2 instances in the AWS account.
• Configured (Application Centric Infrastructure) ACI, API and VLAN on Nexus 9k switches.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 series routers and Cisco ASR 9K /1K.
• Working on Traffic Migration from Cisco ASA firewalls to Juniper SRX
• Regularly update Cisco IOS, Catalyst OS and NX-OS on different Cisco Switches and Routers for optimal performance and to avoid existing vulnerabilities or bugs in code releases.
• Planning, designing and configuration of various Cisco ISE strategies (Standalone, Distributed Setups).
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Responsible for preparing documents and network diagram (HLD & LLD) on Microsoft Visio for presentation to the team members on every new installation and design updates.
• Used Support and Recovery tool to troubleshoot Office 365 issues.
• Developed an AWS Security Group strategy. Determined naming conventions, owners, and approval process for Security Group change requests in a promote-to-production environment.
• Creating Regex for logs which are not parsed by SIEM solution.
• Support for Zscaler Web Security Service.
• Enabled and configured CloudTrail logs for 26 AWS accounts. Created and managed an encrypted S3 Bucket for all CloudTrail logs and adjusted bucket policy for each accounts CloudTrail to access.
• Installed and configured Amazon's Inspector. Created Targets and Templates and scheduled Assessment runs on all EC2 instances in the AWS account.
• Designed and implemented F5 Big IP load balancers that resulted in improving application performance.
• Monitor the network infrastructure with help of various tools such as Solarwind Network Monitor, Entuity (NMS), Avaya & Enterprise Device Manager.
• Backup and Recovering the IOS, Running and Startup configuration.
• Configured Meraki MX68 and MX84 for hub and spoke connectivity.
• Modify pilot ISE environment for production scaling and performance.
• Upgrading IOS of various CISCO devices by downloading files to FTP server in Virtela domain and then upgrading codes.
• Adding and removing checkpoint Firewall policies based on the requirements of various project requirements.
• Worked on Cisco ASDM for configuring VPN on CISCO ASA Firewall
• Troubleshot security related issues on CISCO ASA/PIX, Confidential Firewalls
• Implemented the Policy Rules, DMZ and Multiple VDOM’s for Multiple Clients of the State on the Fortigate Firewall
• Planned, installed, monitored and was the single point of contact for all intrusion detection for client systems. Monitored and maintained client Firewall, intrusion detection systems and VPN systems.
• Experience with CISCO ASA VPN Platform covering high end devices including ASA Firewalls including ASA 5585, ASA 5580, 5540, 5520, 5510.
• Involved in scripting the I Rules using TCL (Tool command language) and Perl for HTTP redirection.
• Provided Level-3 Network support for Cisco Switches and CISCO ASA 5500 Series Security Appliances