Network Security Engineer Resume
SUMMARY
- Over 5+ years of professional experience in Deploying and Troubleshooting Network and Security infrastructure at Enterprise level.
- Experience on configuring Palo Alto Next Generation firewall PA - 7050, 5260, 5020, 3020 Series.
- Expertise in configuring and monitoring Palo Alto, Checkpoint and Cisco ASA firewalls.
- Experience on Palo Alto Next Generation Firewall features including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL-VPN, App ID, User ID, Security Profiles and Zone Protection.
- Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN).
- Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
- Hands on experience in Palo Alto Networks centralized management tool Panorama for managing multiple firewalls.
- Acquired skill in mitigation of DDoS attacks on Cisco and Palo Alto Firewalls.
- Expert in migrating of the firewalls from Cisco ASA to Palo Alto firewall using Expedition Tool.
- Hands on experience in deploying and managing Cisco Identity Services Engine (ISE).
- Assisted in setting up new 510 and 810 Blue Coat Proxy SG units, performed one to many proxy migrations.
- Experience in configuring and managing Cisco and F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
- Deployed Cisco and Aruba wireless 802.1X infrastructure across the enterprise network.
- Installed and maintained Aruba switches Aruba Wireless AP’s and Aruba Virtual Controllers.
- Security and patching using Nexpose, password resets, deployments to end users, help desk using troubleshooting on hardware and software.
- Managed third-party penetration testing efforts on key externally facing and mission-critical systems; worked with vendors such as Rapid7.
- Technical proficiency with Cisco wireless (APs, Controllers, ISE, Prime).
- Working experience in managing and troubleshooting the core, distribution and access switches.
- Substantial working experience on Cisco Nexus switches (7k, and 5k series).
- Profound knowledge of layer 2 protocols such as VTP, STP, RSTP, MST and layer 3 routing protocols like BGP, EIGRP, and OSPF.
- Depth knowledge in HSRP and VRRP for Redundancy over layer 2, 3 switches.
- Knowledge of TCP/IP suite to solve complex networking issues including IP routing protocols, ACLs, VLANs, and VPNs.
- Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
- Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, Solar Winds and TCP dump.
- Configured and managed Cisco routers and Switches using Cisco Security Device Manager (SDM).
- Monitored and Troubleshoot physical and virtual network infrastructure using SIEM tools like Splunk, Qradar.
- Managed security policies in firewalls and cloud platforms by TUFIN.
TECHNICAL SKILLS
Firewalls: Palo Alto Networks, Cisco ASA firewalls, Checkpoint, Panorama Palo Alto Networks firewall management.
Load Balancers: F5 Networks (Big-IP)
Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K.
Switches: Nexus 2K/5K/7K, Cisco Catalyst 2960, 3560, 3750, 3850, 4500, 6500.
Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN.
Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing.
Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging.
LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, Cisco Prime.
Wireless Technologies: Airwatch & WLC’s (8510, 5508, 5706), Cisco AironetAP’s (2600, 3600, 3700), Aruba 225, Aruba 3000 controller & Airwave.
Network Security: Cisco ASA 5540, ACL, IPSEC, F5 Load Balancer, ISE, SSL, IPSec VPN, GRE VPN.
Network Management and Packet Analyzers: SolarWinds, Wireshark, SNMP, and Tcpdump.
Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS and Linux.
Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), VMware, Adobe Photoshop, and Illustrator.
PROFESSIONAL EXPERIENCE
Network Security Engineer
Confidential
Responsibilities:
- Deployed and configured Palo Alto Next Generation firewalls PA-7050, 5260, 5050, 3020 Series and Panorama M-100 series.
- Performed firewall migrations from Juniper to Palo Alto Firewalls using expedition tool.
- Implemented Architectural design and guidelines for Palo Alto Firewalls in the Green Field deployments.
- Implemented the Device Group Hierarchy and Template Hierarchy on the Panorama for Standardizations.
- Implemented High Availability (HA), URL Filtering, SSL Decryption, GlobalProtect for VPN Clients, App -ID, Threat Prevention, Zone Protection.
- Expertise in configuring and deploying GlobalProtect VPN with multiple gateways and rolled out to 7k+users.
- Responsible for VPN migration from Cisco AnyConnect to Palo Alto GlobalProtect.
- Configured and monitored GlobalProtect Portals and Gateways to create IPSEC and SSL VPN Tunnels with users and customers on Palo Alto firewall.
- Expertise in conducting rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup.
- Expertise in working with Palo alto firewall's centralized management server- Panorama for management and administration of large-scale deployments.
- Performed Palo alto firewall OS upgrades at regular intervals.
- Experience in Vulnerability assessment and penetration testing using various tools like NMAP, Nessus, Rapid 7.
- Perform review and analyze security vulnerability data to identify applicability and false positives.
- Execute daily vulnerability assessments threat assessments mitigation reporting activities to safeguard information assets and ensure systems are protected.
- Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
Sr. Network Security Engineer
Confidential
Responsibilities:
- Experience on configuring Palo Alto Next Generation firewall PA-5260 5050,5020,3020 Series.
- Well Versed on configuring and implementing Firewall migrations from Cisco ASA to Palo Alto Firewalls.
- Implemented Architectural design and guidelines for Palo Alto Firewalls in the Green Field deployments.
- Implemented the Device Group Hierarchy and Template Hierarchy on the Panorama for Standardizations.
- Configured the syslog, NTP, DNS to use the Templates in a Global Scale along with the Firewall Rules related to this traffic flow.
- Enhanced the Firewalls rules by cleaning any unused rules, zones standardization and combining the shadow rules as necessary with proper rule name terminology.
- Configured Security profiles such as URL Filtering, Threat prevention, Anti-Virus, Anti-Spyware, File Blocking to achieve better security posture.
- Enhanced the security rules by using URL Categories and URL Filtering (Allow list and block list) in Generic rules to access some specific sites.
- Created the shared address objects to reduce the amount of revisions for any IP address Changes.
- Assisted in troubleshooting issues related to PAN firewall configurations (related to USER-ID) and suggested as per the best practices.
- Expertise in utilizing the expedition tool for migration purposes and created pre-post validation runbooks.
- Experience in build and configure of Palo Alto firewalls.
- Configured the master key for Panorama and firewalls.
- Experience in configuring USER-ID for log services being used in QRadar for cyber analysis.
- Performed routine security infrastructure testing and evaluations to identify challenges within the infrastructure and develop a plan for remediation.
- Configured DNS Sinkhole in Anti-Spyware profile of Palo Alto Firewall to identify infected hosts on the protected network and forge a response for DNS query.
- Experience on Firewall Rule change review process and proper risky rule analysis using Tufin.
- Created Visio diagrams for existing state and further state of the deployments.
- Experience on JIRA, Ticketing tool for assigning the tasks and to provide an update on the tasks related to the projects.
- Splunk GUI development for creating Splunk apps, searches, Data models, Dashboards and reports using the Splunk query language.
- Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
- Worked on change management tool service now for creating new changes and resolving Incident tickets assigned to me.
- Customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
- Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN).
- Worked on Cisco switches like 6509, 3850 Stack and the HP procurve 8212, Alcatel switches like 8212, 6972.
- Managed the Core, Distribution, Access layer switches and Routers.
- Configured route redundancy over Firewalls using BGP and OSPF in lab.
- Worked on VISIO for Documentation Purposes.