We provide IT Staff Augmentation Services!

Security Engineer Resume

New York, NY

SUMMARY:

  • Over 10+ years of experience as a Network Security Engineer in Administration of LAN, WAN and Security Technologies.
  • Experienced in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls
  • Configuration of Palo Alto Firewall PA - 5k and CMS.
  • Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R77, Secure Platform Installation, VPN.
  • Experience in configuring firewalls Fortinet, firefly.
  • Advanced proficiency in designing, deploying, and maintaining perimeter security devices such as IPS, IDS, Radware, etc.
  • Experienced Checkpoint Firewall, Security and Network Administrator.
  • Good Knowledge on bluecoat Proxy (white listing, blocking URLs, PAC file changes etc.).
  • Analyzed network traffic with Splunk and ArcSight tools on network traffic, firewall (Source Fire defense center) and AV (McAfee) logs.
  • Configuring and managing Aruba Instant Access Points 215, 225 and troubleshoot network connectivity issues.
  • Real-time experience in designing and assisting in deploying enterprise wide Network SSL Security and High Availability Solutions for ASA.
  • Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP.
  • Advanced knowledge in design, installation and configuration of Juniper NetScreen Firewall ISG 1000/2000, SSG series and NSM Administration.
  • Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, F5 Load Balancers, Cyber Security and Bluecoat URL filtering & Packet Shaper systems.
  • Proficient level in Voice Gateway & Gatekeepers (H.323, MGCP & SIP)
  • Configured CUCM, Unity, CER, UCCX, VG's, CUCDM, TelePresence (servers and gateways) and 3945 voice gateways and 3750 switches
  • Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance.
  • Upgrading the Imperva WAF and DAM module to the latest released version.
  • Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration
  • Technical knowledge & proficiency in system administration, network maintenance, hardware maintenance, OS.
  • Fulfilling routine change requests of Firewall and resolving trouble tickets, maintain and monitoring firewalls using scanning software Nesses
  • Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
  • Juniper, Check Point Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration.
  • Experience in handling Infoblox tool for DHCP and DNS.
  • Experienced in DHCP DNS, AD, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management and system troubleshooting skills
  • Experience in managing and migration of large scale enterprise networks, extensive knowledge in developing test plans, procedures and testing various LAN/WAN products and protocols
  • Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP
  • Manage network capacity in cooperation with the Network Operations Center (NOC)
  • Worked on implementation strategies for the expansion of the MPLS VPN networks

TECHNICAL SKILLS:

Protocols: NAT, VTP, VLAN, TCP/IP, UDP, ARP, NTP, EIGRP, OSPF, RIP, SSL, VPN, HTTP, HTTPS, FTP, POP3, SMTP, DNS, ICMP

Switches: Cisco Catalyst VSS 1440/2960/4900/6513

Routers: Cisco Routers ASR 1002/2600/3945/7606

Firewalls: Palo Alto PA 500/2k/3k/5k, Checkpoint R65/R70/R77/Firewall-1, Cisco ASA

Languages: C/C++, Java

Operating Systems: Windows XP/7, RHEL

VLAN, VTP,vPC, Inter: VLAN routing, STP, RSTP, PVST,Active Directory

WAN Technologies: Frame Relay, ISDN, PPP, ATM, MPLS, exposure to DS1, DS3, OC3, OC12, OC48, NAT, PAT, T1 /T3 & E1/E3

Network Security: NAT/, Ingress & Egress Firewalls, VPN Configuration(L2 and L3), Internet, Content, Tenable Network Security, Filtering, Load Balancing, IDS/IPS, URL Filtering, MSS

PROFESSIONAL EXPERIENCE:

Confidential - New York, NY

Security Engineer

Responsibilities:

  • Design & Deploy Centralized AAA (RADIUS/TACACS+) solution with Cisco Identity Service Engine v2.3 patched with endpoint Profiling & Posturing, BYOD and AD integration with 802.1x. Configured NAD (Access Switches, AP, wLC and Cisco ASA) to work with Cisco ISE for Wired/Wireless/VPN users. CWA for Guest Access. TACACS+ for Device admin. Centralized Policy Enforcement with Policy Set and Conditions studio.
  • Lead the team of engineers for a global Migration project of WatchGuard XT Firewall into Cisco 55XX Adaptive Security Appliances at 35 worldwide locations including North America/Europe/Africa and Asia.
  • Responsible for creation, review, and update of current security policies, process, and procedures and migrate them to Cisco ASA policies with centralized Policy automation & control through Cisco ASA Policy Manager.
  • Design and Implement Cisco FirePower services for Threat Centric.
  • Design and Implement Data Center setup with Cisco Nexus 9k at NJ/London/Singapore location and connect them with Cisco VPN in Full - mesh and Site-to-Site with all 35 worldwide locations along with Fault Tolerance.
  • Complete Design and Implement worldwide wireless solution with Cisco Meraki products and centralized Meraki Cloud based Dashboard management.
  • Configured & Document entire security solution and draw worldwide schematic with Visio along with complete details of LAN (VLAN/OSPF) & WAN (BGP).

Confidential, New York City, NY

Network Security Administrator

Responsibilities:

  • Manage firewall policy lifecycle process from review, approval, implementation, publishing, verification and maintenance.
  • Configure, manage, and upgrade FW, IDS, IVS, IPS, TAP’s, Xstream load balancers (XLB), Encryption and a wide variety of other security products/appliances.
  • Configuring and Troubleshooting Cisco Firewall/ASA, Checkpoint FW, Bluecoat Proxy SG.
  • Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering, WIldfire).
  • Successfully installed Palo Alto PA-5060 Firewalls to protect Data Center.
  • Deployed and configured VPN appliances including ASA 5500 for site-to-site VPN, DMVPN and Any Connect with LDAP based authentication and Cisco ISR 4451 for AWS, VPNs.
  • Worked on Firemon with Security manager in providing reports or policy status for audits
  • Firewall technologies including general configuration, optimization, security policy, rules creation and modification of Palo Alto and Juniper Firewall.
  • Strong experience in checkpoint firewall and migration from Palo Alto, Juniper and Cisco to checkpoint.
  • Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)
  • Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
  • Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN.
  • Experience on working with migration with both Juniper and Palo Alto Next-Generation.
  • Experience on working with migration with checkpoint and palo alto next generation firewall as well as virtualization of both VSX and VSYS. Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
  • Maintains wireless infrastructure consisting of Cisco and Aruba solutions covering over 12 million square feet of tenant space in a multi-state environment.
  • Performed Checkpoint firewall upgrade of 20 firewalls from R55 to R65.Administered Juniper 50, 200, 500, and SSG 520 firewalls.
  • Managing Unified Call Manager (ver, 8.x) clusters, Cisco TelePresence Manager, Cisco TelePresence Multipoint Switch, IP Phones.
  • Proficient in Palo Alto Next-Generation Bluecoat web proxy, Splunk Enterprise, Wireshark and various internet tools to assist in analysis.
  • Experience on Cyber Security & Penetration Testing tools such as SQL Map, Appscan, Nmap, Vulnerability Scanner and familiar with shell scripting
  • Implementing and Managing VPN Networks of the Customer through Checkpoint R75 firewalls.
  • Analyze and review security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Radware, and other security threat data sources.
  • Expertise in standardizing SIEM Splunk Forwarder deployment, configuration and maintenance across UNIX and windows platforms.
  • Configured firewalls Fortinet, Palo alto, firefly etc.
  • Worked on Citrix Netscalers for accelerating performance and ensuring that applications are always available and protected.
  • Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system
  • Performed system and network audits against FISMA and FIPS200 regulatory requirements
  • Worked on Cisco 871 DSL, IAD, 1800, 1900, 3900, 7200 series routers
  • Third Party VPN migration from old data center to new data center.
  • Designed and implemented Windows networks and Active Directory (AD) and security group hierarchy based on delegation requirements
  • Implement Cisco Secure Intrusion Detection Sensors, IDSM and CSPM to monitor network activities
  • Cisco IP Telephony: Unified CME, Cisco Call Manager (6, 7, 8), IP Telephony Feature and Cisco Unity/Unity Connection.
  • Call routing, feature, break-fix issues
  • Configure and maintain Windows NT/2000 environment services, including Active Directory, DFS, WINS, DNS, DHCP, file replications and logon scripts.
  • Configuration and maintenance of Juniper Net Screen SSG -550.
  • Experience with working on cisco switches like 2960, 3750, 4500, 6500
  • Designing, Implementing and Troubleshooting Cisco Routers and Switches using different routing protocols like RIP, OSPF, EIGRP, BGP, ISIS & MPLS L3 VPN, VRF.
  • Implement LAN protocols like STP, RSTP, VTP, VLAN and WAN protocols like Frame relay, PPP, port channels protocols like LACP, PAGP.
  • Implemented VLAN, VTP domain, trunking and Ether Channel on Cisco 5500 switches.

Confidential, San Francisco, CA

Firewall Specialist

Responsibilities:

  • Troubleshooting complex CheckPoint issues, Site-to-Site VPN related
  • Performed upgrades for all IP series firewalls from R65-R75.
  • Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments
  • Support for all firewalls and related environments
  • Checkpoint firewall upgrade from R55 to R65 for remote sites.
  • Supported Bluecoat proxies for URL filtering and content filtering.
  • Good knowledge of SNMPv3, Syslog, Net flow management protocols
  • Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using Wireshark protocol analyzer and recommended solution for better performance.
  • Troubleshooting of AQM (Recording Server) issues.
  • Implement SecuRemote VPN for high speed remote access.
  • Monitoring Arcsight tool(SIEM) and managing logs. Troubleshooting and escalating security alerts like malware, Mcafee, Mssql, wintel, Unix, Oracle alerts.
  • Risk assessments where done using Nessus, and Internet scanner, on a monthly basis to help ensure that risks to the network are mitigated in a timely manner.
  • Worked on bluecoat Proxy servers from initial set-up till configuration.
  • Propagate local changes from Infoblox members to master and vice versa using Infoblox grid.
  • Experience on device-based policy for application access, automatically confirm compromised hosts with Palo Alto.
  • Managed Smart Center Checkpoint management server (SmartView Tracker).
  • Managed Checkpoint Firewalls from the command line (cpconfig and Sysconfig)
  • Installing and setting up Firewall Analyzer product to facilitate consulting on an IDS deployment project, using my Cisco Nexus 7k/5k experience to place IDS devices globally.
  • Working and commenting on global firewall polices.
  • Used Palo Alto for Reporting and Logging and to Reduce Risk by Enabling Applications.
  • Migration with both Checkpoint and Cisco ASA VPN experience.
  • Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500
  • Implemented and troubleshooting the Virtual firewalls solutions in ASA.
  • Providing input on day-to-day security architecture policies and procedures.
  • Firewalls are R65 and R70 clusters. Administration of Juniper firewalls at corporate and remote locations.
  • Developing systems and process to protect, various user groups while accessing public Internet content from malicious hack attacks
  • Maintained, upgraded, configured, and installed Cisco routers, Cisco Catalyst Switches
  • Network migration from OSPF to EIGRP

Confidential, Fremont, CA

Network Security Engineer

Responsibilities:

  • Configuring multiple Cisco 6509 with MSFC2, 3500, 2948G-L3 switches, 2600 and 3600 routers, Frame relay, dedicated T1s and ISDN lines Implement network security for remote access
  • Configure and maintain Windows NT/2000 environment services, including Active Directory, DFS, WINS, DNS, DHCP, file replications and logon scripts.
  • Worked on Cyber Security & penetration tools such as AppScan, SQL Map.
  • Configured Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
  • Responsible for setting up Web Application Firewalls (WAF).
  • Configuration and maintenance of ACL lists on Cisco routers
  • Worked on Cyber Security & penetration testing tool such as Nmap.
  • Responsibility includes regular maintenance, security patch update and troubleshooting
  • Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms
  • Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
  • Knowledge of Juniper environment including SRX, Junos Space and ScreenOS.
  • Administration and management of all firewall environments.
  • Supported F5 ASM and McAfee IPS in an eCommerce environment providing WAF security and IPS for over 90 public financial web applications.
  • Management of each firewall is done remotely and onsite at client sites.
  • Upgrading WAF (Web application firewall) and fixing hot fixes and patches.
  • Managed network IP access via Dynamic Host Configuration Protocol (DHCP).
  • Redistribution of routing protocols and Frame-Relay configuration

Confidential, NY

Network Security Engineer

Responsibilities:

  • Worked as a security engineer for migrating the Cisco and FortiGate firewalls to next generation Palo Alto firewalls.
  • Worked with Palo Alto firewalls using Panorama servers and performed changes to monitor/block/allow the traffic on the firewall.
  • Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks.
  • Performed security audits on Cisco ASA, FortiGate and Palo Alto firewalls in Network and secured the network by bringing it to the present security standards.
  • Troubleshooting and implementing changes on Cisco, Checkpoint, FortiGate firewalls, F5 load balancers, Blue Coat proxies, and Juniper SSL/VPN devices.
  • Migration of the firewall from Cisco ASA to Palo Alto firewalls using migration tool from PAN.
  • Managed firewall design with network access control, Large Scale VPN deployment, automated firewall Policy deployment utilizing Panorama to build and edit templates for remote sites.
  • Provided administration and support on Bluecoat Proxy for content filtering and internet access to head quarter, remote site offices and VPN client users.
  • Successfully installed Palo Alto PA-3020, PA-3060, PA-5060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls and implemented Zone Based security rules on the Palo Alto Firewall.
  • Scheduling of Weekly scans and monitoring, generating Vulnerability reports and sharing to appropriate groups or owners for Remediation along with recommendations.
  • Load Balancing using F5 Networks Big IP and configured the Automatic policy builder using the deployment wizard tool in Application Security Manager.
  • Created Route maps on F5 BIG-IP GTM to link various VIPs from different F5 BIG-IP LTM to GTM.
  • Performed complete setup of new F5 BIG-IP LTM, GTM and APM device, including license activation, VLANs configurations, Device certificates etc.
  • Performed numerous SSL certificate renewals for customer VIPs, maintaining and renewing of all Load Balancers Device certificates.
  • Performed hardware refresh on existing F5 BIG-IP Load Balancers to replace with new F5 BIG-IP devices and bought the F5 devices into the network in an uninterrupted manner.
  • On a daily basis, worked on clearing existing tickets regarding firewall policies, proxies, weekly policy updates and documenting these events and changes.
  • Expanded Data Loss Prevention (DLP) program to include all the high-risk applications, protocols, platforms, and devices.
  • Responsible for the daily monitoring and investigation of violated Data Loss Prevention (DLP) policies using the Forcepoint Triton Security Gateway.

Confidential

Network Technician

Responsibilities:

  • Configuring and troubleshooting multi-customer ISP network environment.
  • Setting up Checkpoint devices, configuring, maintaining and troubleshooting.
  • Perform network security, administration, analysis, and problem resolution for networks, including NT 4.0, Windows 2000, UNIX (Solaris & BSD), CISCO, TCP/IP, and Checkpoint firewalls.
  • Setting up Windows server 2000/2003 as domain controller & adding client machines to domain.
  • Managing Agilent software and configuring it on LAN.
  • Installation and configuration of Thin Client Pc's.
  • Providing technical support to LAN & WAN systems.
  • Provides technical expertise in configuration and troubleshooting of various IP routing protocols including OSPF, EIGRP, and BGP.

Hire Now