Sr. Network Security Engineer Resume
Fremont, CA
SUMMARY
- 7+ years of experience in Network design, Security, Tier support of Networks in various environments.
- Experience working with security devices such as Firewalls, VPN switches and Intrusion Detection Systems.
- Experience working on Cloud Computing Virtualization using VMWare ESXi 4.0 and Windows Hyper - V.
- Strong hands on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers, PIX Firewall (506, 515, 525, 535), ASA (5505/5510), Load Balancers using Cisco ACE, F5 LTM/GTM, Security Device Manager (SDM), Cisco Works, HP Open View, Solar Winds, Sniffer, Palo Alto Networks Firewall models (PA-2k, PA-3K and PA-5K).
- Responsible for installing, configuring, and maintaining package management on CentOS 5.x/6.x/7, Ubuntu 12.x/14.x, RHEL 5.x/6.x/7, Windows Server 2008 - R2/2012-R2 and Amazon Machine Images.
- Strong experience in virtualization technologies, such as VMware, Docker, LXC and ECS.
- Experience in long running applications, load balancing, EBS volumes and IAM role using Amazon EC2 container service (ECS).
- Implementation of SSG Series, Netscreen Series ISG 1000, SRX Series.
- Worked on Cisco PIX 535, 520, 515, ASA -5500 and 5505
- Expert Level Knowledge about TCP/IP and OSI models.
- Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
- 5+ years of experience in Install and configure Bluecoat Proxy in the network for web traffic management and policy configuration.
- Implementation, working analysis, troubleshooting and documentation of LAN, WAN& WLAN architecture with excellent work experience on IP series.
- Working knowledge with Load Balancers F5 LTM like 3900, 6900 for various applications.
- In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS and Frame Relay
- Monitored Network Activity using Cisco Prime 2.2, Splunk, Ops Manager, IPAM, Wire Shark, TufinSecure Track, ePo, HIPS.
- Having knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
- Hands on Experience in Bluecoat -Proxy set up, troubleshooting production issues and analysis.
- Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS, switching (VLANS, VTP Domains, STP and trucking).
- Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
- Installed and configured Network Automation System (NA) to validated compliance checks on Cisco routers, switches.
- Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a Spine and Leaf architecture.
- Used Cisco ACI (Application Centric Infrastructure) for fabric implementation, operations, and integration with external bridged networks and Cisco Unified Communication Systems.
- Worked on configuring the Nexus 5K Aggregation Switch and Nexus 2K Fabric Extenders.
- Implemented VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches.
- Substantial knowledge, including the configuration, of Spanning Tree Protocol (STP), Per VLAN Spanning Tree (PVST), Rapid STP (RSTP) and Rapid per VLAN Spanning Tree (PVST+), TCP and UDP protocols, Next generation data center oriented technologies such as virtual port channels (VPC), Fabric path, Fiber channel over Ethernet (FcoE), virtual switches, network virtualization.
- Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800).
- In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
- Experience in installing and configuring DNS, DHCP server.
- Experience in Checkpoint IP Appliances R65, R70, R75, R77 &Cisco ASA Firewalls.
- Worked on Multiple AWS instances set the security groups, Elastic Load Balancer (ELB) and AMIs, Auto-scaling to design cost effective, fault tolerant and highly available systems.
- Used AWS cloud services to launch Linux and windows machines, created security groups and written basic PowerShell scripts to take backups and mount network shared drives.
- Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1
- Upgraded the platforms using the Checkpoint upgrade tools.
- Provide L3 support for checkpoint and Palo Alto firewalls.
- Involved in the integration of F5 Big-IP load balancers with Checkpoint firewalls for firewall load balancing and was responsible was trouble shooting and maintenance.
- Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users.
- Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
- Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
- Successfully installed Palo Alto PA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall.
- Managed Configuration, Logging and Reporting of Palo Alto firewall through the Panorama.
- Managed URL filtering, File blocking, Data filtering by Palo Alto firewall, Barracuda NG Firewalls.
- Implementation and maintained intrusion detection/ prevention (IDS/IPS) system to protect enterprise network and sensitive corporate data. For Fine-tuning of TCP and UDP enabled IDS/IPS signatures in Firewall.
- Performed Installation of Cisco ASA 5585 & 5520 series firewalls as well as Palo Alto 3500 series.
- Review daily log data gathered from various resources such as sensors, alert logs, firewall logs, content filtering logs.
- Developing Powercli Scripts to automate Operations, configuration of 2500+ Esxi hosts and more than 20000 VM’s hosted on Cisco UCS Blade chassis and VMware vSphere infrastructure suite 6.7
- Monitoring the health of the Virtual environment and performing day to day administration and troubleshooting on CISCO UCS and VMware vSphere 6.7 environments.
- Deploy Cisco Nexus 1000V to VMware Infrastructure
- Proficient in using SolarWinds Network Management tools like Network Performance Monitor (NPM), Net flow Traffic Analyzer, Network Configuration Manager (NCM) and Cisco Prime.
- Provide 24/7 support.
- Worked on security products such as Cisco ISE
- Advanced proficiency with Cisco Wireless ( APs, Controllers, ISE, Prime)
TECHNICAL SKILLS
Protocols: EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP, DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WEP, POP3 LADP, TNS
LAN Technologies: HSRP, VRRP, GLBP, DHCP, VLAN, STP, VTP, Ether Channel, Trunks, Fabricpath, Workgroup, Domain, VPC, VDC.
WAN Technologies: MPLS, Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, SONET, Metro Ethernet, iWAN.
Network Products: CISCO Routers 1700, 1800, 2500, 2600, 2800, 3600, 3800, 7200 ASR 1001X, 1002, 1004 and 1009. CISCO Switches 1900, 2950, 2960. CISCO Campus Switches 3550XL, 4984 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507. Nexus 9K 7K, 5K, 2K and 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series) Juniper MX-80, MX-480 series routers, SRX-100, SRX-110, SRX-550 series Firewalls and EX-4200 Switches.
Security & VPN: PIX 500 Firewall, ASA 5505, 5510, 5540, Fortigate, Fortinet, CISCO CSM, Palo Alto, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Bluecoat Proxy, Check point, Netgear, sonic wall, SRX, SSG series firewalls.
Authentication: ISE, RADIUS, TACACS+, Digital certificates
Monitoring Tools: Solar winds, NetBrain, NetMRI, Infoblox, Wireshark, Nessus, OpManager, PRTG Packet Sniffer
Servers: Domain servers, DNS servers, WINS servers, Mail servers, Proxy Servers, Print Servers, Application servers, FTP servers, Open Gear Console server .
Operating Systems: Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 server, Windows XP/7, LINUX, Solaris, Red Hat, Active Directory, UNIX, Junos.
Scripting Language: HTML, Python, Java Script, CSS, TCL, Perl.
PROFESSIONAL EXPERIENCE
Confidential - Fremont, CA
Sr. Network Security Engineer
Responsibilities:
- Worked as part of a team to manage Enterprise Network Infrastructure as a Senior Network Engineer responsible for troubleshooting operational issues and perform new implementations across multiple projects.
- Used Cisco ACI Fabric which is based on Cisco Nexus 9000 series switches and Cisco Application Virtual Switch (AVS).
- Worked on in corporate Cisco Nexus 9000 NXOS to ACI fabric to work in concert with the existing Nexus 7000s and ASRs for MPLS implementation.
- Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
- Experience with configuring FCOE using Cisco nexus 5548.
- Configured Nexus 5020, 5548 7010 with multiple distribution VDC's running EIGRP for route propagation between the devices.
- Defined AWS Security Groups which acted as virtual firewalls that controlled the traffic allowed to reach one or more AWS EC2 instances.
- Performed deployment of Amazon EC2 instances in AWS environment. Performed EC2 instances provisioning on AWS Security environment and implemented security groups, administered VPCs.
- Set up preconfigured RHEL5.x and 6.x on local and in the cloud on AWS EC2 and defined AWS Security Groups which acted as virtual firewalls that controlled the traffic allowed to reach one or more AWS EC2 instances.
- Involved in installation of high capacity Linecard to remove bandwidth bottleneck 24-Port 10 Gigabit Ethernet Line Cards on ASR 9000series, 16-Port 10-Gigabit Ethernet MPC on MX Series Routers and also installed Arista 7500E Series Modular Switch 12 x SR10 Embedded (MPO) wire-speed linecard on 3 Major vendor network device platform
- Migrated the policies from Cisco ASA firewall to Palo Alto Firewall.
- Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
- Load Balancing solutions by employing Citrix NetScalar Load Balancers.
- Experienced on configuring Server nodes, Server-pools, VIP’s, SSL termination, Persistence, SNAT across Citrix NetScalar Load Balancers
- Implement IS-IS(Intermediate System- Intermediate System) and BGP routing protocols between the Layer3 switch and Uplink Cisco ASR 9010 /MX-960 routers/7500E series modular universal spine switches connecting to the backbone routers.
- Experience with configuring Cisco 6500 VSS in Distribution layer of the Data center network
- Involved in moving data center from one location to another location, from 6500 based data center to Nexus based data center.
- Experience with Resolving Incident tickets and Day to Day Activities like Certificates, New VIP’s, Etc across NetScalar. Testing, upgrade BIOS OS of Fortinet Firewall system. data Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
- Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment.
- Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
- Experience with Network Automation using Python
- Performing administrative tasks with Palo Alto Networks (Panorama) including Security, NAT policy definitions; application filtering; Regional based rules; URL filtering, Data filtering, file blocking, User based policies.
- Help customers build scalable, resilient, and high-performance applications and services on AWS
- Monitoring and running ISE reports
- Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
- Working on Cisco ISE to authorize users based on protocols PEAP and EAP-TLS, also manage and monitor user's access privileges.
- Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators.
- Configured Cisco ISE for Domain Integration and Active Directory Integration.
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
- Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
- Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex Connect.
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404, 5508 for Wireless Network Access Control integration with Cisco ISE.
- Upgrading Cisco ISE Appliances Company wide. Recently rolled out OpenDNS including onsite VM appliances.
- Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.
- Actively involved in Switching technology Administration including creating and managing VLANS, Port security- 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Nexus Switches 2232, 5596, 7009.
- Involved in the configuration of MX-80 routers at hospital sites with OSPF and peer with BGP to service providers for redundancy.
- Responsible for implementation of security policies on SRX 240, SRX 550 series of firewalls at branches and datacenter.
- Responsible for configure, test and implement network, firewall and security solution with appliances such as Cisco, Juniper NetScreen and Palo Alto Networks application firewalls
- Configured SRX HA cluster for vendor DMZ migration project for high availability and to support multiple vendors connecting to the organization.
- Experience with F5 GTM/LTM installation and assist in configuration of F5 APM LTM modules for BIG IP networking equipment.
- Configured custom monitors, virtual servers, pool members and load balancing algorithms on F5 Load balancers.
- Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.
- Deployed and configured Cisco AIR-CAP 3502 wireless access points across various health systems as a part of the refresh from the 1841 WAP’s.
- Configured SSID’s on WLC 5502 wireless LAN controllers and experience troubleshooting using WCS.
- Providing Daily network support for all branches and sits in the organization’s WAN consisting of MPLS, VPN and point-to-point (P2P) circuits.
- Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
- Configuration of ACL’s in Cisco 5520 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT.
Confidential - Mansfield, MA
Network Security Engineer
Responsibilities:
- Implement ATM/Frame Relay between data centers utilizing Cisco routers & switches.
- Experience with converting 6500 to Cisco Nexus in the data center environment.
- Responsible for Cisco ASA firewall administration across our global networks
- Support customer with the configuration and maintenance of PIX and ASA firewall systems
- Assist with various duties that will arise including: implementation, configuration, management
- Experience working with High performance data center switch like nexus 9000, 7000 series.
- Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
- Responsible for configuration and troubleshooting issues related to F5 GTM/LTM devices such as 4200v, 5200v, Viprion 2200 and F5 APM.
- Involved in writing the configuration for migration of ASR1002 to MX104.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
- Experience with moving data center from one location to another location, from 6500 based data center to Nexus based data center
- Experience with convert PIX rules over to the Cisco ASA solution.
- Experience working with Cisco IOS-XR on the ASR 9000 devices for MPLS deployments in data center.
- Experience working with ARISTA switches like 7100, 7500 for cloud computing, datacenter and low latency networks
- Working knowledge of security products such as Cisco ISE
- Deployed Cisco ISE 1.2 with 8 nodes in deployment, initially in learning mode increasing methodically to 802.1x on wireless and wired.
- Certifying products, Substantial lab testing & validation prior to implementation of Nexus 7K, 5K & 2K connecting to blade servers Rules definition, problem solving, design advice, troubleshooting, updating, maintenance.
- Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5585 Security appliance.
- Implementing security migrations from Cisco ASA firewalls to Pa-5000/3000 series firewalls.
- Vendors Network connectivity investigation, Creating Firewall Rule Change Requests mostly in
- Cisco ASA to Palo Alto firewalls
- Assist customers with correcting configurations of firewalls for various issues to include basic configuration, Global Protect VPNs, IPSEC VPNs, security policies, NAT policies.
- Improve perimeter security by configuring Palo Alto firewall devices application level security
- Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
- Experience with Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering. PANDB migration and code upgrades for Palo Alto Firewall.
- Configured inside ACL, outside ACL, inside, outside interfaces, NAT and PAT policies.
- Configure, manage, and maintain security tools for DHHS including Palo Alto firewalls 3K, 5K, 7K, Fire POWER (Sourcefire), Bluecoat, FireEye.
- Design OSPF Areas for reliable Access Distribution and for Core IP Routing.
- Responsible for Configuring SITE TO SITE VPN on Cisco ASA 5500 series firewall between Head office and Branch office
- Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 7010 5000 series to provide a Flexible Access Solution for a datacenter access architecture
- Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event a core router became unreachable.
- Designed, validated and implemented LAN, WLAN & WAN solution to suite client’s needs.
- Provided technical support to cloud computing customers.
- Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
- Implemented TCP/IP and related services like DHCP/DNS/WINS.
- Load balanced the HTTP traffic by installing the Cisco CSS 11000
- Configured and troubleshooting of HSRP on Cisco routers.
- Installation and configuration of Active Directory in Windows server2003/2008
Confidential
Sr. Network Engineer
Responsibilities:
- Hands on experience installing, configuring & administering VMware platforms.
- Experience developing and maintaining comprehensive system test plans
- Experience in network performance testing
- Write test cases from a variety of documentation types; business requirements, system requirements & design documentation.
- Experience working with Nexus 7010, 5020, 2148, 2248 devices
- Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000
- Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall
- Converting PIX rules over to the Cisco ASA solution.
- Perform network engineering, design, planning (WAN & LAN), & implementation.
- Managing Access list for PIX and Routers (Priority based, time based)
- Worked on F5 load Balancer, configured Virtual servers, pool, pool members, worked on load balancing methods for LTM.
- Configured virtual servers, nodes and load balancing pools on the F5 LTM 6400, 6800 devices for various medical/biomed applications and their availability
- Configured firewall filters, routing instances, policy options, on Juniper m320 an d T640
- Installed & configured OSPF on Frame-Relay with multi-area design in core routers (7200, 7204, and 7206).
- Design OSPF Areas for reliable Access Distribution and for Core IP Routing.
- Design and deployment of Enterprise Wireless services in facilities using Cisco product line.
- Identifying, troubleshooting and resolving incidents related to Wireless connectivity, as well as conducting wireless site-surveys and deploying Lightweight APs
- Configuration and Troubleshooting of Outlook Express and MS Outlook.
- Study single point failures & design WAN structure in such a way that there are no failures in network in case of any device or link failure.
- To Configure and maintain the hosts in SAN environment.
- Work with application developers and systems engineer to migrate applications and systems to a new Border Gateway network.
- Network Migration from RIP to OSPF
- Work with developers to document data flows and troubleshoot connectivity issues.
- Add, delete, and modify rules on Checkpoint firewalls.
- Setting up VLANS and configuring ISL trunk on Fast-Ethernet channel between switches
- Implemented SNMP on Cisco routes to allow for network management
- Installed and configured Routers, Bridges, Terminal Servers and CSU/DSU’s to support WAN links
- Redistribution of routing protocols and Frame-Relay configurations
- Configured QoS on LAN/WAN. Strong knowledge of various routing protocols including RIPV2, EIGRP, OSPF and BGP4
- Designed Network redundancy by implementing HSRP (Hot Standby Routing Protocol) on Cisco routers.
- Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event a core router became unreachable
- Documented all the work done by using MOPS, Visio, Excel and MS word.
Confidential
Network Engineer
Responsibilities:
- Involved in redesign of traffic anomaly system to increase the detection method and algorithm efficiency.
- Capturing data in the kernel stack and analyze the packets in various locations on the network stack
- Experienced in WAN environments, installing and troubleshooting data circuits (OC, T1, E1, T3, MUXES)
- Worked on ASA firewalls and F5 load balancers
- Understanding current vulnerabilities attacks and counter measures, assessing the impact of traffic on customer networks, conducting research on emerging security threats.
- Mentoring and training security analysts, creating and maintaining documentation for Traffic anomaly Sys.
- Experience testing of a prototype Traffic Anomaly system that monitors TCP/IP network traffic. Each network packet is characterized by the (source host, Source port, destination host, Destination port, Flag). The system monitors the network for the occurrence of mismatch, which represent unusual traffic patterns within the network.
- Assist internal project teams by determining rules that need to be added to the firewalls and identifying the proper routing and addressing for new devices in managed DMZ*s.
- Experience in troubleshooting of complex BGP and OSPF routing problems
- Experienced in SYSLOG analysis & Proxy servers
- Design, installation and troubleshooting networks with hand-on experience with OSPF, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering.
- Maintenance and troubleshooting of network connectivity problems using PING, Trace Route.
- Performed replacements of failed hardware and upgraded software
- Performed scheduled Virus Checks & Updates on all Servers & Desktops.
- Involved in Local Area Network (LAN) implementation, troubleshooting, and maintenance as per company’s requirements.
Confidential
Jr. Network Engineer
Responsibilities:
- Configuration and administration of Cisco Switches and Routers.
- Responsible for installing, maintaining and supporting computer communication networks within the organization.
- Involved in configuring trunk port between two switches and adding Vlans to the trunks.
- Support to plan and execute LAN (VLAN Management) and WAN management activity.
- Directly worked with customers to offer Level 2, Expertise in handling routers, servers, and switches.
- Responsible for support and upgrades of a 250-user network.
- Performed onsite data center support that includes monitoring of systems alarms, electrical power, server administration and network alerts.
- Provided customer support including daily backup procedures, testing network connections, equipment installation and turn-up, and remote hands assistance.
- Experience in configuring and troubleshooting EIGRP, OSPF & BGP Routing protocols.
- Experienced with physical layer interfaces and cabling standards.
- Planned and implemented IP address schemes and subnet masks.
- Troubleshooting and supporting multiple OS and hardware environments.
- Responsible for documenting network related issues.