We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

Milwaukee, WI

SUMMARY

  • 9 years of IT experience in design, development, implementation, troubleshooting and maintenance of complex Network & Security devices, Network Security, Linux Kernel Programming.
  • Expertise in network protocols, Firewalls and Communication Network design.
  • Experience with Troubleshooting tools for example protocol analyzers, load generators & network traces
  • Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub - netting, also including DNS, WINS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols
  • Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches.
  • Cisco VPN Concentrators, F5 Fire pass SSL VPN, 6509 Core Datacenter designs.
  • Strong knowledge of Cisco and Juniper software (IOS/XR and JunOS) and hardware.
  • Well Experienced in configuring protocol HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
  • In-depth Cisco technology experience/knowledge in design, implementation, administration, and support.
  • Strong hands-on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
  • Exhibit superior talents in supervising wireless migration of more than 40 sites with multiple WLAN controllers and Aps.
  • Expertise in using python to edit the devices running configuration over ansible tower.
  • Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 Experience.
  • Designing, Implementing and Troubleshooting Cisco Routers (2800,2900,3900,3800,7600) using Static, RIP, IGRP, OSPF, EIGRP & experience with Cisco ASA, Cisco PIX & ASA devices
  • Well experienced in configuring gateway redundancy protocols like HSRP, GLBP, PPP and SNMP.
  • Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240
  • Strong Hands-on experience in installing, configuring, and troubleshooting of Cisco 12404,12406,7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
  • Worked on Load Balancer F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.

TECHNICAL SKILLS

Routers: Cisco 17XX, 18XX, 26XX, 28XX, 37XX, 38XX, 39XX &72XX series.

Switches: Cisco 3550, 3750, 45XX, 65XX series, Nexus 9K, 7K, 5K, 2K (Nexus 5507, 5500, 6050, 7068, 9000)

Load Balancer: F5 Networks, Cisco ACS

WAN Optimization: Cisco WAAS, PPP Multilink

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, switch Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multilayer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

LAN: Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring, ATM LAN Emulation

WAN: Leased lines 64k - 155Mb (PPP / HDLC), Channelized links (E1/T1/E3/T3), Fiber Optic Circuits, Frame Relay, ISDN, and Load Balancing.

Security/ Firewalls: Cisco ASA Firewalls 55XX, IPSEC & SSL VPNs, IPS/IDS, DMZ Setup, CBAC, Cisco NAC, Cisco ASA, ACL, Palo Alto,IOS Firewall features, IOS Setup & Security Features

PROFESSIONAL EXPERIENCE

Confidential, Milwaukee WI

Sr. Network Security Engineer

Responsibilities:

  • Heavily worked on Riverbed Net planner to Test network changes by implementing the changes in the Net planner tool before the implementation in production.
  • Validated most important and crucial changes before implementing the changes.
  • Compared pre change routing tables with post change routing tables for the validation of the changes.
  • Worked on commercial & enterprise environment with direct reporting to Senior Directors.
  • As a part of test & certification engineering-built test environment for the huge commercial production design which includes CISCO ASR1001, ASR 1002, ASR 1004 with RP1 & RP2.
  • Also test bed included CISCO ISR G2 4331, 4431 dual power CISCO integrated router to replicate ISP connectivity to endpoint devices.
  • Implemented & Validated routing protocols such as OSPF, EIGRP & BGP on various testbed environments.
  • Worked on implementing NAT for ISR G2 devices which are faced internet for the routing purpose.
  • Worked on protocols like TCP, UDP, Ethernet, VLAN in the production as well as test environment.
  • Implemented BGP heavily tested BGP features like communities & route policies.
  • Knowledge of CISCO IOS XR RPL implementation.
  • Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis. Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
  • Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls. Configuration deployment and Administration of Checkpoint, Palo Alto Firewalls to manage large scale firewall deployments.
  • Configuring rules and Maintaining Checkpoint, Palo Alto & Analysis of firewall logs using various tools. Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls.
  • Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls. Maintained and Configured Check Point VSX with firewall virtualization. Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
  • Worked on python to edit the devices running configuration over ansible tower.
  • Used python scripting to modify/shutdown the orphan ports in nexus devices. used python scripting to pull and update the ILM modules for life cycle management in network devices used Netmiko, Parmaiko libraries to generate python scripts for custom network requirements
  • Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall. Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls.
  • Worked on Spine leaf Architecture for Datacenter with Arista Fabric in Test & production as well.
  • Developed peak-season capacity planning for 150 clients for Direct exchange processing
  • Worked on troubleshooting of site-to-Site VPN’s with clients like CUP and First Data
  • Implemented VPN solutions with new ASR 1002-HX as VPN concentrators with IKE1 & IKE2 parameters with peering partner vendors like Checkpoint, ASA & Palo Alto
  • Worked closely with US based client to upgrade bandwidth on WAN circuits as part of Capacity upgrade project.
  • Auditing and review of the rules in security policies in multi-vendor firewall environment like Checkpoint, Fortinet and Palo Alto.
  • Involved in designing rules for intranet applications access on Palo Alto firewall.
  • Designed firewall rules from inbound vpn clients to be able to form Site-to-site VPN’s on Palo Alto Firewalls.
  • Involved in troubleshooting VPN connectivity issues over internet to external clients which use protocols like IKeV1 & Ikev2 & Ipsec on Palo Alto firewalls.
  • Working on implementing WAN connectivity with new clients to bring them on board by conducting scoping calls and suggesting Network gear like ISR 4331& ISR 4431 also providing bandwidth analysis based on the transaction volume & deployed more than 10 pair of sites with ISR 4k’s.
  • Migrated ASR 1006 Back-Bone facing CE routers to ASR 1002-HX’s as a part of Hardware migration project.
  • Added Arista DCS 7K Fabric l3 Switches to AIP project to enables score for transactions for less than 7 ms

Environment: CISOC ASR 1001, CISCO ASR 1002, CISCO ASR 2901, CISCO 2911, CISCO 3900, CISCO 1900, CISCO 4331, CISCO 4431, CISCO ASR 9000, NetPlanner, Opnet, ServieNow, Solarwinds, Vantage, Riverbed, Cisco Nexus 9504, Cisco Nexus 9k,7k,5k, Cisco ASA, Arista, Cumulus, Ansible, Ixia, Ixload.

Confidential, Ashburn, VA

Sr. Network Test /Certification Engineer

Responsibilities:

  • Plan design implement, and support network systems of moderate complexity in the commercial network environment.
  • Heavily worked on visa MPLS to deployed endpoint routers such as CISCO 2901 for MPLS connectivity between visa network and client remote location.
  • Involved migration of CISCO 2901 devices to CISCO ISR 4331 WAN routers. Completely provided MOP for migration by analyzing the traffic flow.
  • Implemented HSRP between client devices and Visa Routers to for processing transition in Tier-0 network area.
  • Implemented BGP to achieve connectivity between ISP & visa network such as AT&T, CenturyLink, Verizon, TWT.
  • Involved & performed troubleshooting critical network problems in BGP, OSPF & EIGRP entire VISA Network.
  • Worked in CISCO ASR 1000 to build IPSEC tunnels between CyberSource and Visa Network.
  • Worked on third party data center like EQUINIX to deploy ISR 4331 for client connectivity with the help of NCR.
  • Implemented routing protocols like OSPF, BGP & EIGRP on cisco network devices to achieve connectivity.
  • Worked on WAN network of VISA to troubleshoot P1 issues like carrier/ISP connectivity issues or issues like BGP flapping.
  • Provided network engineering support & deployment for Global Commercial Networks in Visa. Inc.
  • Migrated carrier facing backbone routers from ES Line card with ES+20 Line cards on cisco 7601 routers.
  • Developed standard migrating script for migration of Catalyst 6500 Series Virtual Switching Supervisor Engine 720 with 10GE uplinks to cisco Nexus 93180 switches.
  • Worked with visa partners to build encrypted tunnel with IKE Phase 1 & 2 also implemented crypto maps with SHA 256 on CISCO ASR 1000 tunnel routers.
  • Implemented NAT’s on encrypted tunnels to decrypt transactions on visa demon servers.
  • Supported WAN connections and determined circuit capacity requirements for the Visa Global Commercial client networks.
  • Implemented routes using OSPF & BGP to provide inter datacenter connectivity between via GRE/IPSEC tunnel.
  • Worked closely with change approval board to implement network changes in vis networks via SERVICENOW tool.
  • Experience in working with Cisco Nexus 9k, 7k, 5k, 2k Switches and Virtual Port Channel configuration
  • Worked on visa specific network diagram tool VANTAGE to create DEX diagrams for MPLS connectivity between tunnel routers CISCO ASR 1000 & ISR 4331 routers.
  • Used Infoblox to update DNS entries for newly added WAN routers in for management IP & SSH connectivity.
  • Experience in decommissioning unused or upgraded WAN circuits based on client requirement in VISA network.
  • Used Netmiko, Parmaiko libraries to generate python scripts for custom network requirements.
  • Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls.
  • Configured IPsec tunnels with Palo Alto to enable secure transport and cloud based/site-site VPN to both Azure and AWS. Configured High availability, User ID on Palo Alto firewall.
  • Configured, Deployed & performed Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools. Editing and Changing Palo Alto Polices and Monitoring threats on firewalls. Analyzed traffic pattern and implemented URL filtering, using the Palo Alto Firewall. Troubleshooting and configuring Palo Alto FW's 3060 & 5060.
  • Designed security policies on Palo Alto network firewall for controlling what traffic needs to be allowed or blocked based on customer requirements. Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
  • Extensive Packet level debugging and troubleshooting on Palo Alto Firewalls to resolve numerous network issues. Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
  • Configure and maintain security policies on Fortinet firewall and managing Fortinet Analyzer. Hands-on experience in configuration of firewalls - Palo Alto, Cisco, Fortinet, and Firefly.
  • Expertise in configuring and troubleshooting of Palo Alto, Fortinet, Juniper Netscreen & SRX Firewalls and their implementation. Configure and maintain security policies on Fortinet firewall and manage Forti Manager/ Forti-Analyzer.
  • Provisioned various Cisco Meraki & Fortinet firewalls. Cisco Secure Access Control Server (ACS) for Windows to authenticate users that connects to a VPN 3000 Concentrator. Offered authentication accounting authorization to all network devices using Cisco Secure Access Control Server (ACS). involved in client meeting to analyses the requires & support for the implementation of VISA connectivity for transactions visa visa VIP's across the globe.
  • Heavily worked on deployment if new MPLS endpoint for the connectivity with the client
  • Worked closely with project and account managers to support all client network requirements.
  • Provided network design documentation to project teams, peers, and network support organizations.
  • Experience in configuring IPSec VPN Tunnels, GRE Tunnels.
  • Provided engineering recommendations to Visa regional and product representatives as requested.
  • Worked on implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST

Environment: Cisco ASR 1002, ASR 1001, Cisco ISP 4331, Nexus 9500, Cisco Nexus 9500, Cisco ASA 5500, Pala Alto Panoroma, Vantage, Service-now, Intellidin, vmsn, SharePoint, Cisco 2900, Cisco Nexus 9k,7k,2k. F5 load balancer. Checkpoint. Ipsec vpn’s, EBGP, IBGP, OSPF V3, HSRP, EIGRP, NAT, SNAT, multicast routing, vx-lan, cisco modeling tool (cml), Infoblox, Solarwinds.

Hire Now