Security Engineer Resume
New York, NY
SUMMARY:
- Over 10+ years of experience as a Network Security Engineer in Administration of LAN, WAN and Security Technologies.
- Experienced in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls
- Configuration of Palo Alto Firewall PA - 5k and CMS.
- Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R77, Secure Platform Installation, VPN.
- Experience in configuring firewalls Fortinet, firefly.
- Advanced proficiency in designing, deploying, and maintaining perimeter security devices such as IPS, IDS, Radware, etc.
- Experienced Checkpoint Firewall, Security and Network Administrator.
- Good Knowledge on bluecoat Proxy (white listing, blocking URLs, PAC file changes etc.).
- Analyzed network traffic with Splunk and ArcSight tools on network traffic, firewall (Source Fire defense center) and AV (McAfee) logs.
- Configuring and managing Aruba Instant Access Points 215, 225 and troubleshoot network connectivity issues.
- Real-time experience in designing and assisting in deploying enterprise wide Network SSL Security and High Availability Solutions for ASA.
- Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP.
- Advanced knowledge in design, installation and configuration of Juniper NetScreen Firewall ISG 1000/2000, SSG series and NSM Administration.
- Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, F5 Load Balancers, Cyber Security and Bluecoat URL filtering & Packet Shaper systems.
- Proficient level in Voice Gateway & Gatekeepers (H.323, MGCP & SIP)
- Configured CUCM, Unity, CER, UCCX, VG's, CUCDM, TelePresence (servers and gateways) and 3945 voice gateways and 3750 switches
- Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance.
- Upgrading the Imperva WAF and DAM module to the latest released version.
- Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration
- Technical knowledge & proficiency in system administration, network maintenance, hardware maintenance, OS.
- Fulfilling routine change requests of Firewall and resolving trouble tickets, maintain and monitoring firewalls using scanning software Nesses
- Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
- Juniper, Check Point Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration.
- Experience in handling Infoblox tool for DHCP and DNS.
- Experienced in DHCP DNS, AD, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management and system troubleshooting skills
- Experience in managing and migration of large scale enterprise networks, extensive knowledge in developing test plans, procedures and testing various LAN/WAN products and protocols
- Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP
- Manage network capacity in cooperation with the Network Operations Center (NOC)
- Worked on implementation strategies for the expansion of the MPLS VPN networks
TECHNICAL SKILLS:
Protocols: NAT, VTP, VLAN, TCP/IP, UDP, ARP, NTP, EIGRP, OSPF, RIP, SSL, VPN, HTTP, HTTPS, FTP, POP3, SMTP, DNS, ICMP
Switches: Cisco Catalyst VSS 1440/2960/4900/6513
Routers: Cisco Routers ASR 1002/2600/3945/7606
Firewalls: Palo Alto PA 500/2k/3k/5k, Checkpoint R65/R70/R77/Firewall-1, Cisco ASA
Languages: C/C++, Java
Operating Systems: Windows XP/7, RHEL
VLAN, VTP,vPC, Inter: VLAN routing, STP, RSTP, PVST,Active Directory
WAN Technologies: Frame Relay, ISDN, PPP, ATM, MPLS, exposure to DS1, DS3, OC3, OC12, OC48, NAT, PAT, T1 /T3 & E1/E3
Network Security: NAT/, Ingress & Egress Firewalls, VPN Configuration(L2 and L3), Internet, Content, Tenable Network Security, Filtering, Load Balancing, IDS/IPS, URL Filtering, MSS
PROFESSIONAL EXPERIENCE:
Confidential - New York, NY
Security Engineer
Responsibilities:
- Design & Deploy Centralized AAA (RADIUS/TACACS+) solution with Cisco Identity Service Engine v2.3 patched with endpoint Profiling & Posturing, BYOD and AD integration with 802.1x. Configured NAD (Access Switches, AP, wLC and Cisco ASA) to work with Cisco ISE for Wired/Wireless/VPN users. CWA for Guest Access. TACACS+ for Device admin. Centralized Policy Enforcement with Policy Set and Conditions studio.
- Lead the team of engineers for a global Migration project of WatchGuard XT Firewall into Cisco 55XX Adaptive Security Appliances at 35 worldwide locations including North America/Europe/Africa and Asia.
- Responsible for creation, review, and update of current security policies, process, and procedures and migrate them to Cisco ASA policies with centralized Policy automation & control through Cisco ASA Policy Manager.
- Design and Implement Cisco FirePower services for Threat Centric.
- Design and Implement Data Center setup with Cisco Nexus 9k at NJ/London/Singapore location and connect them with Cisco VPN in Full - mesh and Site-to-Site with all 35 worldwide locations along with Fault Tolerance.
- Complete Design and Implement worldwide wireless solution with Cisco Meraki products and centralized Meraki Cloud based Dashboard management.
- Configured & Document entire security solution and draw worldwide schematic with Visio along with complete details of LAN (VLAN/OSPF) & WAN (BGP).
Confidential, New York City, NY
Network Security Administrator
Responsibilities:
- Manage firewall policy lifecycle process from review, approval, implementation, publishing, verification and maintenance.
- Configure, manage, and upgrade FW, IDS, IVS, IPS, TAP’s, Xstream load balancers (XLB), Encryption and a wide variety of other security products/appliances.
- Configuring and Troubleshooting Cisco Firewall/ASA, Checkpoint FW, Bluecoat Proxy SG.
- Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering, WIldfire).
- Successfully installed Palo Alto PA-5060 Firewalls to protect Data Center.
- Deployed and configured VPN appliances including ASA 5500 for site-to-site VPN, DMVPN and Any Connect with LDAP based authentication and Cisco ISR 4451 for AWS, VPNs.
- Worked on Firemon with Security manager in providing reports or policy status for audits
- Firewall technologies including general configuration, optimization, security policy, rules creation and modification of Palo Alto and Juniper Firewall.
- Strong experience in checkpoint firewall and migration from Palo Alto, Juniper and Cisco to checkpoint.
- Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
- Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN.
- Experience on working with migration with both Juniper and Palo Alto Next-Generation.
- Experience on working with migration with checkpoint and palo alto next generation firewall as well as virtualization of both VSX and VSYS. Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
- Maintains wireless infrastructure consisting of Cisco and Aruba solutions covering over 12 million square feet of tenant space in a multi-state environment.
- Performed Checkpoint firewall upgrade of 20 firewalls from R55 to R65.Administered Juniper 50, 200, 500, and SSG 520 firewalls.
- Managing Unified Call Manager (ver, 8.x) clusters, Cisco TelePresence Manager, Cisco TelePresence Multipoint Switch, IP Phones.
- Proficient in Palo Alto Next-Generation Bluecoat web proxy, Splunk Enterprise, Wireshark and various internet tools to assist in analysis.
- Experience on Cyber Security & Penetration Testing tools such as SQL Map, Appscan, Nmap, Vulnerability Scanner and familiar with shell scripting
- Implementing and Managing VPN Networks of the Customer through Checkpoint R75 firewalls.
- Analyze and review security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Radware, and other security threat data sources.
- Expertise in standardizing SIEM Splunk Forwarder deployment, configuration and maintenance across UNIX and windows platforms.
- Configured firewalls Fortinet, Palo alto, firefly etc.
- Worked on Citrix Netscalers for accelerating performance and ensuring that applications are always available and protected.
- Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system
- Performed system and network audits against FISMA and FIPS200 regulatory requirements
- Worked on Cisco 871 DSL, IAD, 1800, 1900, 3900, 7200 series routers
- Third Party VPN migration from old data center to new data center.
- Designed and implemented Windows networks and Active Directory (AD) and security group hierarchy based on delegation requirements
- Implement Cisco Secure Intrusion Detection Sensors, IDSM and CSPM to monitor network activities
- Cisco IP Telephony: Unified CME, Cisco Call Manager (6, 7, 8), IP Telephony Feature and Cisco Unity/Unity Connection.
- Call routing, feature, break-fix issues
- Configure and maintain Windows NT/2000 environment services, including Active Directory, DFS, WINS, DNS, DHCP, file replications and logon scripts.
- Configuration and maintenance of Juniper Net Screen SSG -550.
- Experience with working on cisco switches like 2960, 3750, 4500, 6500
- Designing, Implementing and Troubleshooting Cisco Routers and Switches using different routing protocols like RIP, OSPF, EIGRP, BGP, ISIS & MPLS L3 VPN, VRF.
- Implement LAN protocols like STP, RSTP, VTP, VLAN and WAN protocols like Frame relay, PPP, port channels protocols like LACP, PAGP.
- Implemented VLAN, VTP domain, trunking and Ether Channel on Cisco 5500 switches.
Confidential, San Francisco, CA
Firewall Specialist
Responsibilities:
- Troubleshooting complex CheckPoint issues, Site-to-Site VPN related
- Performed upgrades for all IP series firewalls from R65-R75.
- Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments
- Support for all firewalls and related environments
- Checkpoint firewall upgrade from R55 to R65 for remote sites.
- Supported Bluecoat proxies for URL filtering and content filtering.
- Good knowledge of SNMPv3, Syslog, Net flow management protocols
- Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using Wireshark protocol analyzer and recommended solution for better performance.
- Troubleshooting of AQM (Recording Server) issues.
- Implement SecuRemote VPN for high speed remote access.
- Monitoring Arcsight tool(SIEM) and managing logs. Troubleshooting and escalating security alerts like malware, Mcafee, Mssql, wintel, Unix, Oracle alerts.
- Risk assessments where done using Nessus, and Internet scanner, on a monthly basis to help ensure that risks to the network are mitigated in a timely manner.
- Worked on bluecoat Proxy servers from initial set-up till configuration.
- Propagate local changes from Infoblox members to master and vice versa using Infoblox grid.
- Experience on device-based policy for application access, automatically confirm compromised hosts with Palo Alto.
- Managed Smart Center Checkpoint management server (SmartView Tracker).
- Managed Checkpoint Firewalls from the command line (cpconfig and Sysconfig)
- Installing and setting up Firewall Analyzer product to facilitate consulting on an IDS deployment project, using my Cisco Nexus 7k/5k experience to place IDS devices globally.
- Working and commenting on global firewall polices.
- Used Palo Alto for Reporting and Logging and to Reduce Risk by Enabling Applications.
- Migration with both Checkpoint and Cisco ASA VPN experience.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500
- Implemented and troubleshooting the Virtual firewalls solutions in ASA.
- Providing input on day-to-day security architecture policies and procedures.
- Firewalls are R65 and R70 clusters. Administration of Juniper firewalls at corporate and remote locations.
- Developing systems and process to protect, various user groups while accessing public Internet content from malicious hack attacks
- Maintained, upgraded, configured, and installed Cisco routers, Cisco Catalyst Switches
- Network migration from OSPF to EIGRP
Confidential, Fremont, CA
Network Security Engineer
Responsibilities:
- Configuring multiple Cisco 6509 with MSFC2, 3500, 2948G-L3 switches, 2600 and 3600 routers, Frame relay, dedicated T1s and ISDN lines Implement network security for remote access
- Configure and maintain Windows NT/2000 environment services, including Active Directory, DFS, WINS, DNS, DHCP, file replications and logon scripts.
- Worked on Cyber Security & penetration tools such as AppScan, SQL Map.
- Configured Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Responsible for setting up Web Application Firewalls (WAF).
- Configuration and maintenance of ACL lists on Cisco routers
- Worked on Cyber Security & penetration testing tool such as Nmap.
- Responsibility includes regular maintenance, security patch update and troubleshooting
- Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms
- Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
- Knowledge of Juniper environment including SRX, Junos Space and ScreenOS.
- Administration and management of all firewall environments.
- Supported F5 ASM and McAfee IPS in an eCommerce environment providing WAF security and IPS for over 90 public financial web applications.
- Management of each firewall is done remotely and onsite at client sites.
- Upgrading WAF (Web application firewall) and fixing hot fixes and patches.
- Managed network IP access via Dynamic Host Configuration Protocol (DHCP).
- Redistribution of routing protocols and Frame-Relay configuration
Confidential, NY
Network Security Engineer
Responsibilities:
- Worked as a security engineer for migrating the Cisco and FortiGate firewalls to next generation Palo Alto firewalls.
- Worked with Palo Alto firewalls using Panorama servers and performed changes to monitor/block/allow the traffic on the firewall.
- Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks.
- Performed security audits on Cisco ASA, FortiGate and Palo Alto firewalls in Network and secured the network by bringing it to the present security standards.
- Troubleshooting and implementing changes on Cisco, Checkpoint, FortiGate firewalls, F5 load balancers, Blue Coat proxies, and Juniper SSL/VPN devices.
- Migration of the firewall from Cisco ASA to Palo Alto firewalls using migration tool from PAN.
- Managed firewall design with network access control, Large Scale VPN deployment, automated firewall Policy deployment utilizing Panorama to build and edit templates for remote sites.
- Provided administration and support on Bluecoat Proxy for content filtering and internet access to head quarter, remote site offices and VPN client users.
- Successfully installed Palo Alto PA-3020, PA-3060, PA-5060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls and implemented Zone Based security rules on the Palo Alto Firewall.
- Scheduling of Weekly scans and monitoring, generating Vulnerability reports and sharing to appropriate groups or owners for Remediation along with recommendations.
- Load Balancing using F5 Networks Big IP and configured the Automatic policy builder using the deployment wizard tool in Application Security Manager.
- Created Route maps on F5 BIG-IP GTM to link various VIPs from different F5 BIG-IP LTM to GTM.
- Performed complete setup of new F5 BIG-IP LTM, GTM and APM device, including license activation, VLANs configurations, Device certificates etc.
- Performed numerous SSL certificate renewals for customer VIPs, maintaining and renewing of all Load Balancers Device certificates.
- Performed hardware refresh on existing F5 BIG-IP Load Balancers to replace with new F5 BIG-IP devices and bought the F5 devices into the network in an uninterrupted manner.
- On a daily basis, worked on clearing existing tickets regarding firewall policies, proxies, weekly policy updates and documenting these events and changes.
- Expanded Data Loss Prevention (DLP) program to include all the high-risk applications, protocols, platforms, and devices.
- Responsible for the daily monitoring and investigation of violated Data Loss Prevention (DLP) policies using the Forcepoint Triton Security Gateway.
Confidential
Network Technician
Responsibilities:
- Configuring and troubleshooting multi-customer ISP network environment.
- Setting up Checkpoint devices, configuring, maintaining and troubleshooting.
- Perform network security, administration, analysis, and problem resolution for networks, including NT 4.0, Windows 2000, UNIX (Solaris & BSD), CISCO, TCP/IP, and Checkpoint firewalls.
- Setting up Windows server 2000/2003 as domain controller & adding client machines to domain.
- Managing Agilent software and configuring it on LAN.
- Installation and configuration of Thin Client Pc's.
- Providing technical support to LAN & WAN systems.
- Provides technical expertise in configuration and troubleshooting of various IP routing protocols including OSPF, EIGRP, and BGP.