We provide IT Staff Augmentation Services!

Network Security Engineer Resume

Canonsburg, PA

SUMMARY:

  • Over 8years of strong hands on experience in designing, planning, implementing, troubleshooting and optimization of WAN/LAN technologies.
  • Direct experience with Projects in Process Control, System Integration, Hardware, Software, Networking, Facility Management, IT security, end - user and information Security.
  • Support in Formation, Development and deployment of Policies, Process, Guidelines and Procedures internally within teh division and at customer sites.
  • Planning, Designing & Implementing of Firewall and VPNs (Intranet and Internet) - Checkpoint, Cisco ASA, Juniper SRX.
  • Experience in refreshing/upgrading operating systems on Firewalls - Checkpoint (SPLAT & IPSO), Cisco Firepower, ASA, Paloalto firewalls, Juniper Net screen, and Juniper SRX.
  • Expertise in Configuring, managing and deploying Palo Alto Firewalls.
  • Experience in managing large scale firewall deployments using centralized management system Panorama.
  • Configuring High Availability for Active/Passive and Active/Active on Palo Alto firewalls.
  • Experience in delivering VPN solutions - remote access and site-to-site (B2B) VPN’s for various clients.
  • Proficient in managing load balancers - Cisco CSS, F5 (LTM & GTM), Citrix NetScaler’s.
  • Implementing & maintaining tools like HPOV, HPNAS, Cacti, Finjan, NetFlow Analyzer, WhatsUP Gold, Smokeping, Netview, NetQOS, vital net and Cisco works.
  • Managing Bluecoat proxies for URL and content filtering.
  • Packet Analysis using tools like Etheiral, Net Flow, Solar winds and Wireshark.
  • Performing Incident management using IBM Qradar, ArcSight and McAfee tools.
  • Proficiency in setting up Cisco (1700/1800/2500/2600/3600/3700/3800/7200/7600 series) routers.
  • Proficiency in installing and configuring Multi-layer Switches and Layer 2 switches (2950/3550/ 3560/3750/4000/5500/6500 Series) running Cisco CatOS or Cisco IOS.
  • Proficiency in installing and configuring Nexus 2248, 5000 and 7000 series switches.
  • Experience in different protocols - TCP/IP, RIP, IGRP, EIGRP, OSPF, BGP, MPLS, HSRP, STP, MLT, SMLT, 802.1x, 802.11a/b/g/n.
  • Successfully performed migrations from Cisco 6509’s to Nexus 7000 VDX, VPC environment.
  • Experience in installing and managing ASR routers.
  • Good experience in managing and troubleshooting BGP & MPLS protocols.
  • Experience on different Checkpoint products like NGX R71, R75, R77.30, R80.10, SPLAT, Nokia IPSO Smart Center and Cluster XL.
  • Expertise and Hands-on experience with Ansible or Python scripting for Network automation and Test Automation
  • Strong CISCO VIPTELA SD-WAN Architecture/Design Validation Experience
  • Experience in operating in a modern cloud environment such as AWS or Azure and in large scale data canters.
  • Strong Datacom/Network Testing Experience
  • Configuring, managing and deploying Palo Alto Firewall models such as PA-3060 and PA-5060 series and Cisco ASA 5500 series.
  • Strong knowledge in using App ID, URL filtering, Security profiles, Data Filtering, Log forwarding profiles, composing Security Policies and reviewing them by monitoring logs on Paloalto firewalls.
  • Planning, Designing & Implementing VPN connections using Checkpoint, ASA, Juniper Netscreen, and Cisco Routers using site-to-site VPN’s.
  • Experience in implementing load-balancing solutions using CSS & F5 load balancers.

PROFESSIONAL EXPERIENCE:

Confidential, Canonsburg, PA

Network Security Engineer

Responsibilities:

  • Perform configuration changes on Checkpoint R77.30 Gaia, Cisco ASA and Palo Alto on a large-scale environment.
  • Configuring Site-Site VPN on Checkpoint Firewall with R77 Gaia and Cisco ASA firewalls.
  • Worked on Checkpoint Versions R77.30 and R80.10Gaia implementing new and additional rules on teh existing firewalls for a server refresh project.
  • Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Firewall Smart Domain Manager command line & GUI, Cisco ASA
  • Worked with Panorama management tool to manage Palo Alto firewall and store teh data of global networks from central location on Palo Alto3k and 5k series and deployed Panorama server on teh M-500.
  • Implemented Zone Based firewall and security rule on teh Palo Alto Firewall
  • Configured and maintained IPsec and SSL VPN's on Palo Alto Firewalls.
  • Knowledge of using Python, Shell scripting, XML to automate some of teh menial tasks.
  • Implementation and configuration of F5 Big-IP LTM/GTM
  • Have hands on experience in Versa Software defined wide area network (SD-WAN) solution
  • Responsible to execute design related activities (API integration), software /patch management, configuration management, prototyping, automation, issue analysis & fix validation, security testing and documentation (test planning, test cases), specifically with leading SDWAN Versa solution
  • Responsible for troubleshooting hardware & software issues, replicate production issues & network to provide resolution
  • Involved in configuring Cisco routers and switch administration, familiar with enterprise level Cisco Routers such as 7200 series, 3800 series, 3700 series, 2800 series, and Cisco catalyst series switches like 6500, 3750, and 4500.
  • Hands on experience in Network engineering, L2, L3, OSPF, BGP, VLAN, Multicasting, MPLS, IP Network, Switching, Routing, VPN, Firewall, Load Balancing, Data Center technologies, ACI, SD-ACCESS, SD-WAN, Nexus Platforms and Network Automation. In-depth Packet Analysis and high-level routing expertise in a multi-VRF environment
  • Installed and Configured Firepower Management Center within new core network.
  • Installed and configured firepower IDS/IPS and came up with teh baseline configuration for teh organization
  • Well Experienced in configuring protocols HSRP, GLBP, PPP, PAP, CHAP, and SNMP.
  • Work with Load Balancing team to build connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers.
  • Installed, configured Cisco Meraki equipment and web-based monitoring platform for MR32 wireless access points.
  • Working with Cisco Meraki Wireless Switches (MX 33) and SDWAN (MX100).
  • Manage various Security platforms; Juniper, Cisco ASA, Next-Gen, Check Point, Microsoft Azure, AWS Cloud and Fortinet Firewalls.
  • Deploy and configure Cisco Meraki SDWAN at 30 sites globally.
  • Configuring and troubleshooting of routing protocols such as OSPF and BGP for effective communication.
  • Experience in troubleshooting VLAN, STP (Spanning tree protocol), & Switch Trunk and IP subnet issues.
  • Dealt with F5’s load balancing products in managing teh key role issues.
  • Dealt with NAT configuration and troubleshooting issues related access lists and DNS/DHCP issues within teh LAN network.
  • Coordinated with senior engineers with BGP/OSPF routing policies and designs, worked on implementation strategies for teh expansion of teh MPLS VPN networks.
  • Installing and configuring teh VPN’s for teh clients (site to site) using IPsec and GRE.
  • Monitoring Network infrastructure using SNMP tools like HP Openview.
  • Involved in Configuration of Access lists (ACL) for teh proper network routing for teh B2B network connectivity.
  • Possess excellent verbal and written communication skills and experience developing and maintaining technical procedure and documentation.
  • Good Understanding of teh Networking/Datacom protocols - Like, L2 VLAN, LACP, STP,VPNs, BGP, OSPF, Policy based Routing, DPI, ACL, 802.1x port, User Autantication, IPSEC etc.
  • Knowledge on teh concepts of SDWAN, Firewall, WAN Optimizer, FastPath, DPDK, Service Chaining, etc.
  • Knowledge of scripting and automation technologies (Python, REST APIs, Ansible, Terraform, etc) as applied to Cisco environments.
  • Knowledge of network technologies utilized in hybrid cloud infrastructures, experience in AWS
  • Working knowledge of DNS and DNS security (InfoBlox)
  • Expertise with proxy services, load-balancing, and application delivery (F5 and NetScaler)
  • Experience administering and troubleshooting web-proxy technology (BlueCoat/ZScaler)
  • Knowledge or experience with Nexus 7K/5K/2K as other Software Defined Networking (SDN) solutions, such as VMWare NSX, and Arista.

Confidential, Bellevue, WA

Network Security Engineer

Responsibilities:

  • Maintain and implement all Checkpoint firewall, Cisco ASA firewall and Paloalto change requests from clients. This includes assisting in teh correct determination of application flows necessary.
  • Provide necessary problem determination in teh Checkpoint firewall environment which has Gaia R77.30 Gaia, VSX, Provider-1 and VSX.
  • Migration of teh firewall rules from Cisco ASA, Checkpoint to Palo Alto firewalls using migration tool from PAN.
  • Managed global policy, global groups and global objects in checkpoint Provider-1/ Multi Domain Manager.
  • Responsible for firewall rule set migration from Cisco ASA, Checkpoint to newly implemented Palo Alto.
  • Configuring HA on checkpoint security gateways using cluster XL and PaloAlto firewalls.
  • Managing and configuring Aruba Wireless devices and Cisco Access Points
  • Configuring and managing F5 ASM (Application security manager). Developed security policies.
  • Configure and troubleshoot Juniper EX series switches.
  • Continually improves teh networks by monitoring and evaluating network performance issues including availability, utilization, throughput and latency; planning and executing teh selection, installation, configuration, and testing of equipment, defining network policies and procedures, stablishing connections and firewalls.
  • Manage & configure network monitoring tools such as SolarWinds
  • Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x
  • Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators.
  • Configured Cisco ISE for Domain Integration and Active Directory Integration.
  • Extensive experience with Cisco Identity Services Engine (ISE), Terminal Access Controller Access Control System (TACACS+), Remote Access Dial In User Service (RADIUS) and Autantication, Authorization, Auditing (AAA)
  • Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
  • Installed, configured Cisco Meraki equipment and web-based monitoring platform for MR32 wireless access points.
  • Working with Cisco Meraki Wireless Switches (MX 33) and SDWAN (MX100).
  • Integrating Panorama with PaloAlto firewalls, managing multiple PaloAlto firewalls using Panorama
  • PaloAlto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
  • Configured and maintained IPSEC and SSL VPN's on PaloAlto Firewalls using Global Protect.
  • Upgrading checkpoint and Cisco ASA firewalls in cluster with minimal downtime.
  • Extensive usage of firewall traffic analyzing tools such as tcpdump, snoop, fw monitor, packet captures, and debugs for troubleshooting complex communication problems.
  • Used firewall optimization tool Firemon for generating usage reports and disable teh unused rules accordingly.
  • Analyzed teh Policy rules, monitor logs and documented teh Network/Traffic flow Diagram of teh Palo Alto placed in teh Data Center with MS Visio
  • Active/Active FEXs implementations to Nexus 5548UP with Fabric Path, vPC+, Port Channel, Trunking, and connections of Nexus 5548UP to UCS-6248-FI
  • Helped migrate customer from NX-OS to new versions by reviewing MOPs and providing recommendations toavoid downtime and smooth ISSU or ND-ISSU upgrades.
  • Used Splunk SIEM tool to check teh logs, create reports and dashboards.
  • Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
  • Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation PaloAlto appliances serving as firewalls and URL and application inspection.
  • Configure Virtual Servers, Nodes, and load balancing Pools in F5 BigIP LTM.
  • Working on teh project of F5 LTM and GTM code upgrade project, doing couple of them every week.
  • Configured Session based persistence and configuring me-Rules for specific redirection purpose and also me-rules for persistence
  • Configure SSL VPN to facilitate various employees access internal servers and resources with access restrictions
  • Used Bluecoat proxy servers for URL and content filtering.
  • Using Infoblox IP Address Manager (IPAM) provides a centralized management of teh IP address space, including IPv4 and IPv6 Address Management.
  • Experience with convert Checkpoint VPN rules over to teh Cisco ASA solution. Migration with Cisco ASA VPN experience.
  • Have experience on ITIL methodology and SOX/PCI compliance process.

Confidential, Charlotte, NC

Network Security Engineer

Responsibilities:

  • Researched, designed, and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
  • Configured, implemented and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540 and Palo Alto firewalls for teh client environment.
  • Experience with logical design models (L2/L3, Virtual Port Channel (VPC), Virtual Device Context (VDC), Datacenter Zones, Spanning tree, Virtual Route Forwarding (VRF), VLAN Trunking Protocol (VTP), Virtual Local Area Network (VLAN), physical cabling)
  • Implementation and Design worked on upgrading teh PAN-OS and Port open Requests on teh Palo Alto devices.
  • Software Upgrade for Palo Alto Devices and Integrating of Active Directory/LDAP with Palo Alto Next Generation Firewalls.
  • Firewall Clustering and High Availability Services using Cluster XL on Check Point.
  • Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
  • Responsible for installation, troubleshooting of Checkpoint firewall and LAN/WAN protocols
  • Firewall Policy administration and work with user requests submitted by users
  • Worked on different software blades of Checkpoint firewall
  • Worked on Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
  • Cisco ISE 2.0 Deployment and Profiling Policies
  • Prepared technical documentation of configurations, processes, procedures, systems and locations
  • Working with different teams to gather info for teh new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
  • ManagingF5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers
  • Worked on F5 GTM Load balancer, IDS/IPS, Bluecoat proxy servers and Administrating.
  • Experience building firewalls, mainframes, and UNIX based platforms at teh data center and implementing teh initial policies, configuring NAT, Routing etc

Confidential

Network Engineer

Responsibilities:

  • Trouble shooting using various command tools on CISCO routers and network segments at various OSI layers. Maintenance of Cisco 2500, 4000, 6500 series routers.
  • Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
  • Support teh project manager in defining teh work and teh associated effort, duration, and resource needs to deliver teh solution
  • Maintained relationship with vendor and client for smooth project operation.
  • Co-ordinate with planning and managing team for new client connectivity.
  • Project completion by Installing, firmware update & commissioning of WAN/LAN equipment.
  • Configuration & troubleshooting of routing protocols and deployment of OSPF, EIGRP overCisco Routers.
  • Gained hands on experience on Cisco Catalyst 2900, 2960, 3560, 3750 switches.
  • Service provisioning of Juniper ACX & MX series and Tejas MUX (TJ 1100, TJ 1270).
  • Ensuring QOS for all active network by troubleshooting and rectification.

Confidential

Network Engineer

Responsibilities:

  • Trouble shooting using various command tools on CISCO routers and network segments at various OSI layers. Maintenance of Cisco 2500, 4000, 6500 series routers.
  • Worked on HSRP for hop redundancy and load balancing.
  • Configured teh Cisco router as IP Firewall and for NATing Configured RSTP, MST and used VTP with 802.1q trunk encapsulation.
  • Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of teh configurations on switches and routers.
  • Secured configurations of load balancing in F5, SSL/VPN connections, Troubleshot CISCO ASA firewalls.
  • Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
  • Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
  • Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security
  • Settings of teh networking devices (Cisco Router, switches) co-coordinating with teh system/Network administrator during any major changes and implementation
  • CMS and Security Reporter are couple of Security applications supported.
  • Creation and implementation of Filters on teh Routers for Security purpose.
  • Remotely Configuring teh Network.
  • Support and maintain networking devices, cabling and standalone systems as part of job duties. Maintain systems up to date with teh latest OS patches. Install different software on teh systems. Install and managing network devices including Hubs, Switches

Hire Now