- I have 6 - 8 years’ technical experience in architecture, network design, software defined networking with exposure to various Palo Alto Firewall environments.
- Responsible for the planning, design, implementation, organization and operation of Palo Alto Firewalls based perimeter security network and network security devices including but not limited to 7000, 5000, 3000 2000, 500 series FW’s.
- Responsible for troubleshooting network and firewall problems, specifically Palo Alto, Checkpoint and Cisco ASA’s.
- Adequately monitor the firewall and network system to identify and solve data communication problems and user performance issues.
- Linux Foundation Certified System Administrator (LFCS) desired
- 5+ years of Unix, Storage & IT infrastructure work experience
- Experience with Enterprise Infrastructure systems including Enterprise Redhat Linux, CentOS and Solaris
- Experience in Unix/Linux scripting for process automation
- Experience in administering medium to large scale virtualized environment utilizing VMware
- Experience with SAN and NAS storage in Unix/Linux/Windows Server environment
- Incident response and remediation experience
- Sound working knowledge of network infrastructure and operations, including switching, routing, Ethernet, TCP/IP
- Solid understanding of industry-standards & best practices
- Ability to produce architecture diagrams and requisite documentation
- Strong teamwork and communication skills.
- Technically proficient at installing, configuring, and maintaining UNIX (both in a physical and virtual environment).
- More than 10 years’ experience as a system administrator for the Red Hat Linux operating system.
Cisco Routers: Cisco Routers 1600, 1700, 2600, 2800, 3600, 7200, and ASR 1000 series routers
Big IP F5 Load Balancers: Big-IP 8800 series; Big-IP 8400 series; Big-IP 6400 series; Big-IP 3400 series; Big-IP 1500 series,Viprion.
Cisco Catalyst Switches: Cisco Catalyst Switch 1900, 2900, 3500, 4000 and 6000 series Cisco Nexus 5000, 7000,9336PQ,9508, FEX and Cisco ACI Fortgate 60E,900,800,600, 7000, 3000, 2000
Cisco ASA Firewall: Cisco ASA firewall 5000 series (5510 5550 5585 ) Checkpoint R75.20, R 76 and R 77
Senior Network Engineer
- Design and plan new firewall and network security systems to protect the network from internal and external threats.
- Technical lead involve in the design of a brand new datacenter comprising of Cisco Nexus 7010, 5596s,FEXs 2248 with the overlying technologies like fabricpath,OTV VPC.
- Migrated the Exelon WAN from EIGRP to BGP, implemented BGP traffic engineering using route-map, prefix-list, distribute-list and BGP regular expression.
- Technical lead on a tech refresh project to replace end of life Cisco network switches and routers
- Experience in application delivery controller F5 Big-IP LTM, GTM, ASM, and Enterprise Manager environments.
- Evaluate potential network security products, technical solutions, and capacity requirements to meet business needs.
- Provide specifications and detail schematics for network security architecture of the enterprise.
- Analyze current security device configurations and determine implementation requirements.
- Develop implementation strategies, plans and processes for a nationwide rollout/upgrade of the Palo-Alto, Cisco ASA and Check Point Firewalls.
- Configure interfaces, zones and security policies.
- Configure granular App control concepts.
- Configure URL filtering, anti-virus and vulnerability and spy ware protection.
- Create VPN zones, configure global protect gateway and portal.
- Configure Site-to-Site VPN.
- Configure M-100 to function as a log Collector and Panorama.
- Develop Standard Operating Procedures (SOPs) for administering the firewalls and Endpoint Profiler system
- Configure and maintain Domain Name Server (DNS), Network Time Protocol (NTP), Simple Mail Transfer Protocol (SMTP) servers
- Provide third-level technical support and troubleshooting for critical network security problems
- Develop documentation, including diagrams, standards, specifications and operating procedures.
- Monitor for opportunities to enhance the customer network security performance or reliability.
- Monitor for opportunities to improve the customer service delivery practices.
- Provide third-level support and troubleshooting of network problems. Periodically provide after-hours and weekend support.
- Provide technical design, build and support solutions using F5 products including LTM, APM. The emphasis would be on skills like
- Proactive Metrics and Improvement
- Irule/TCL design and troubleshoot
- Excellent Technical Solution Engineering
- Customer sensitivity and Rapid Response
- Proactive and Clear Communication
- Quality & Process Compliance
- F5 LTM/APM/ASM iRule/TCL Knowledge
- VPN SSL & IPSEC
- Application Delivery Controllers
- Configure and implement WAF on F5-BIG-IP Application Security Manager (ASM), CheckPoint and Cisco WAF environment.
- Configure, implement and troubleshoot WAF to protect the organization against OWASP threats, such as application vulnerabilities, and zero-day attacks.
- Configure CheckPoint WAF (Web application firewall) to protect Web servers from malicious traffic and blocks attempts to compromise the system.
- Use Layer 7 DDoS defenses, advanced detection and mitigation techniques, dynamic learning, virtual patching, and granular attack visibility thwart even the most complex threats before they reach your servers.
- Use F5-BIG-IP Application Security Manager (ASM) to prevent targeted attacks that include cross-site scripting, SQL injection, forceful browsing, cookie poisoning and invalid input.
- Configure F5 BIG-IP Application Security Manager Web application firewall to use both positive and negative security models to identify, isolate and block sophisticated attacks without impacting legitimate application transactions.
- Supporting installed applications and network services (NIS, DNS, LDAP, etc.).
- Experience with implementing, configuring and supporting various Fortigate next-generation Firewall models such as 900,800,600, 7000,5000, 3000 and 2000 series.
- Design, configure and troubleshoot Fortianalyzer, Fortimail, Fortiweb, Forticlient, FortiDDOS, Fortisandbox, Fortisiem, Fortiauthenticator and FortiADC
- Excellent troubleshooting skills and ability to identify root causes of issues and provide solutions in Fortinet environment.
- Experience working in 24 x 7 centers with complex, high transaction, high availability environments.
- Strong interpersonal and presentation skills, both oral and written, with the ability to articulate and educate others about complex technology with business acumen.
- In depth knowledge of external services environments including SSL certificate exchange, remote access solutions, and business to business interconnects.
Senior Network Engineer.
- Designed and deployed Checkpoint firewalls on GAiA and SPLAT platform appliances in an enterprise distributed environment.
- Experienced F5 systems engineer of large enterprise F5 Big-IP LTM, GTM, ASM, and Enterprise Manager environments.
- Installed and configured Checkpoint SmartCenter server on Linux and Windows platforms.
- Created checkpoint policies and rules using smart dashboard, troubleshoot connectivity issues through the smart view tracker application.
- Installed, configured and created policies on Juniper SRX firewalls.
- Configured Juniper SRX firewall in a redundant cluster solution.
- Installed and configured Enterasys 800 D and K-series switches on the network
- Perform code upgrade on the Enterasys switches to the latest version.
- Created trunk and port channel using PAGP and 802.1Q on the Enterasys 800.D and K series switches to connect to the Cisco 6513 Core switches.
- Upgraded Checkpoint software to version R75, analyze rule base on the checkpoint using Solarwinds firewall security manager in order to delete obsolete rules.
- Identified traffic classes within the network and performed QOS techniques for delay sensitive applications such as voice and video.
- Provide real-time (or near real-time) detection and reaction services for information security incidents and analyze malware incidents to determine direct threat to organization.
- Review data source events from NSM (Network Security Manager) to determine key events for input to content development.
- Experience with network load balancing technologies - Cisco ACE, F5 BigIP, or NetScaler preferred, including deployment, troubleshooting, management, upgrades, round robin, persistence, one armed (SNAT) and two armed configurations. Acquisition and maintenance of public and private certificates to terminate SSL sessions, and knowledge of SSL security and vulnerabilities.
- Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
- Responsible for supporting the current F5 BIG-IP load balancing platform; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, IPv6, SSL administration.
- Primary engineer for writing, testing, and implementing custom iRules and health checks for enterprise applications.
- Supported datacenter migration of F5 BIG-IP 1500 v9 LTMs to 1600 v11 LTM, rewriting TCL iRules to support new features and syntax.
- Implementation of F5 LTM load balancing for highly available web clusters, and centralized certificate and redirect management using iRules
- Provide source monitoring activities, cyber threat analysis and mitigation courses of action, provide the actionable intelligence used in organizational IT Asset protection, strategic cyber threat trending and situational awareness of customer leadership.
- Support the security activities associated with the evaluation and introduction of new security technologies into the customer's enterprise.
- Implement optimal (enterprise coverage, minimal device footprint, minimal network impact) deployments and respective configuration of hardware and software for enterprise security solutions.
- Designing and implementing network security solutions in cloud and on-premise data centers.
- Modification of firewall rules on and Fortigate firewalls.
- Installation of new firewalls, high availability configuration, and monitoring
- Administration of a large internal and external DNS server infrastructure
- Administer and monitor a multi-site security fabric including firewall, IDS/IPS management
- IDS/IPS Engineering: Tune IDS/IPS signatures, change default actions, create and amend policies, configure and monitor high availability
- SIEM: Create SIEM alarms, develop correlation rules, create and modify policies, and monitor events and trends on Fortisiem.
- Provide support for internal and external customers in a large enterprise environment
- Troubleshoot a range of IT security and connectivity issues Manage and troubleshoot virtualized loadbalancers on FortiADC.
- Support other team members in troubleshooting and project efforts
- Manage hardware and software inventories.
- Work with remote teams to install, maintain and troubleshoot security hardware.
- Ensure customers receive top of the line support in a polite and courteous manner
- Keep detailed records of customer interaction and problem resolution in a ticketing system
- Develop standard operating procedure and network topology documentation
- Assisted in providing network design, implementation and documentation.
- Installed, maintained and administered all network and data communication equipment including terminal server, Cisco routers and switches.
- Upgraded multiple switches and routers with cat OS and IOS software to conform to U.S Department of Commerce standards.
- Assisted in testing and implementing new network services to remote stations
- Opened and tracked trouble ticket through Remedy and serve as a member of the 24/7 team responsible for member connectivity and any network impacting event to the U.S Department of Commerce.
- Reviewed and redesigned of current network for internal development and testing teams
- IOS upgrade and router hardening for 2600, 3600, 7200 routers and 6500,2900 3500 series of switches.
- Provided wireless network design and support for clients
- Assisted with establishing global network operations center (GNOC) to proactively monitor the network resulting in better SLA and network performance.