We provide IT Staff Augmentation Services!

Network Security Engineer Resume

SUMMARY

  • Over 5+ years of professional experience in Deploying and Troubleshooting Network and Security infrastructure at Enterprise level.
  • Experience on configuring Palo Alto Next Generation firewall PA - 7050, 5260, 5020, 3020 Series.
  • Expertise in configuring and monitoring Palo Alto, Checkpoint and Cisco ASA firewalls.
  • Experience on Palo Alto Next Generation Firewall features including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL-VPN, App ID, User ID, Security Profiles and Zone Protection.
  • Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN).
  • Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
  • Hands on experience in Palo Alto Networks centralized management tool Panorama for managing multiple firewalls.
  • Acquired skill in mitigation of DDoS attacks on Cisco and Palo Alto Firewalls.
  • Expert in migrating of the firewalls from Cisco ASA to Palo Alto firewall using Expedition Tool.
  • Hands on experience in deploying and managing Cisco Identity Services Engine (ISE).
  • Assisted in setting up new 510 and 810 Blue Coat Proxy SG units, performed one to many proxy migrations.
  • Experience in configuring and managing Cisco and F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
  • Deployed Cisco and Aruba wireless 802.1X infrastructure across the enterprise network.
  • Installed and maintained Aruba switches Aruba Wireless AP’s and Aruba Virtual Controllers.
  • Security and patching using Nexpose, password resets, deployments to end users, help desk using troubleshooting on hardware and software.
  • Managed third-party penetration testing efforts on key externally facing and mission-critical systems; worked with vendors such as Rapid7.
  • Technical proficiency with Cisco wireless (APs, Controllers, ISE, Prime).
  • Working experience in managing and troubleshooting the core, distribution and access switches.
  • Substantial working experience on Cisco Nexus switches (7k, and 5k series).
  • Profound knowledge of layer 2 protocols such as VTP, STP, RSTP, MST and layer 3 routing protocols like BGP, EIGRP, and OSPF.
  • Depth knowledge in HSRP and VRRP for Redundancy over layer 2, 3 switches.
  • Knowledge of TCP/IP suite to solve complex networking issues including IP routing protocols, ACLs, VLANs, and VPNs.
  • Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
  • Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, Solar Winds and TCP dump.
  • Configured and managed Cisco routers and Switches using Cisco Security Device Manager (SDM).
  • Monitored and Troubleshoot physical and virtual network infrastructure using SIEM tools like Splunk, Qradar.
  • Managed security policies in firewalls and cloud platforms by TUFIN.

TECHNICAL SKILLS

Firewalls: Palo Alto Networks, Cisco ASA firewalls, Checkpoint, Panorama Palo Alto Networks firewall management.

Load Balancers: F5 Networks (Big-IP)

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 2960, 3560, 3750, 3850, 4500, 6500.

Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN.

Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing.

Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging.

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, Cisco Prime.

Wireless Technologies: Airwatch & WLC’s (8510, 5508, 5706), Cisco AironetAP’s (2600, 3600, 3700), Aruba 225, Aruba 3000 controller & Airwave.

Network Security: Cisco ASA 5540, ACL, IPSEC, F5 Load Balancer, ISE, SSL, IPSec VPN, GRE VPN.

Network Management and Packet Analyzers: SolarWinds, Wireshark, SNMP, and Tcpdump.

Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS and Linux.

Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), VMware, Adobe Photoshop, and Illustrator.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential

Responsibilities:

  • Deployed and configured Palo Alto Next Generation firewalls PA-7050, 5260, 5050, 3020 Series and Panorama M-100 series.
  • Performed firewall migrations from Juniper to Palo Alto Firewalls using expedition tool.
  • Implemented Architectural design and guidelines for Palo Alto Firewalls in the Green Field deployments.
  • Implemented the Device Group Hierarchy and Template Hierarchy on the Panorama for Standardizations.
  • Implemented High Availability (HA), URL Filtering, SSL Decryption, GlobalProtect for VPN Clients, App -ID, Threat Prevention, Zone Protection.
  • Expertise in configuring and deploying GlobalProtect VPN with multiple gateways and rolled out to 7k+users.
  • Responsible for VPN migration from Cisco AnyConnect to Palo Alto GlobalProtect.
  • Configured and monitored GlobalProtect Portals and Gateways to create IPSEC and SSL VPN Tunnels with users and customers on Palo Alto firewall.
  • Expertise in conducting rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup.
  • Expertise in working with Palo alto firewall's centralized management server- Panorama for management and administration of large-scale deployments.
  • Performed Palo alto firewall OS upgrades at regular intervals.
  • Experience in Vulnerability assessment and penetration testing using various tools like NMAP, Nessus, Rapid 7.
  • Perform review and analyze security vulnerability data to identify applicability and false positives.
  • Execute daily vulnerability assessments threat assessments mitigation reporting activities to safeguard information assets and ensure systems are protected.
  • Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.

Sr. Network Security Engineer

Confidential

Responsibilities:

  • Experience on configuring Palo Alto Next Generation firewall PA-5260 5050,5020,3020 Series.
  • Well Versed on configuring and implementing Firewall migrations from Cisco ASA to Palo Alto Firewalls.
  • Implemented Architectural design and guidelines for Palo Alto Firewalls in the Green Field deployments.
  • Implemented the Device Group Hierarchy and Template Hierarchy on the Panorama for Standardizations.
  • Configured the syslog, NTP, DNS to use the Templates in a Global Scale along with the Firewall Rules related to this traffic flow.
  • Enhanced the Firewalls rules by cleaning any unused rules, zones standardization and combining the shadow rules as necessary with proper rule name terminology.
  • Configured Security profiles such as URL Filtering, Threat prevention, Anti-Virus, Anti-Spyware, File Blocking to achieve better security posture.
  • Enhanced the security rules by using URL Categories and URL Filtering (Allow list and block list) in Generic rules to access some specific sites.
  • Created the shared address objects to reduce the amount of revisions for any IP address Changes.
  • Assisted in troubleshooting issues related to PAN firewall configurations (related to USER-ID) and suggested as per the best practices.
  • Expertise in utilizing the expedition tool for migration purposes and created pre-post validation runbooks.
  • Experience in build and configure of Palo Alto firewalls.
  • Configured the master key for Panorama and firewalls.
  • Experience in configuring USER-ID for log services being used in QRadar for cyber analysis.
  • Performed routine security infrastructure testing and evaluations to identify challenges within the infrastructure and develop a plan for remediation.
  • Configured DNS Sinkhole in Anti-Spyware profile of Palo Alto Firewall to identify infected hosts on the protected network and forge a response for DNS query.
  • Experience on Firewall Rule change review process and proper risky rule analysis using Tufin.
  • Created Visio diagrams for existing state and further state of the deployments.
  • Experience on JIRA, Ticketing tool for assigning the tasks and to provide an update on the tasks related to the projects.
  • Splunk GUI development for creating Splunk apps, searches, Data models, Dashboards and reports using the Splunk query language.
  • Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
  • Worked on change management tool service now for creating new changes and resolving Incident tickets assigned to me.
  • Customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
  • Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN).
  • Worked on Cisco switches like 6509, 3850 Stack and the HP procurve 8212, Alcatel switches like 8212, 6972.
  • Managed the Core, Distribution, Access layer switches and Routers.
  • Configured route redundancy over Firewalls using BGP and OSPF in lab.
  • Worked on VISIO for Documentation Purposes.

Hire Now