We provide IT Staff Augmentation Services!

Network Security Engineer Resume

Mather, CA

SUMMARY:

  • 8 years of experience in implementing, supporting and maintaining data center network and security infrastructures.
  • Design, implementation, maintenance and supporting Cisco R&S, Cisco ASA, CheckPoint, PaloAlto, BlueCoat
  • OSPF, BGP, EIGRP, RIP, Multicast, Broadcast operations.
  • Virtualization technologies VMware, Hyper - v, Citrix XenServer.
  • ISP style converged network - BGP + OSPF and BGP+EIGRP on MPLS/VPLS backbone.
  • Design and optimization of Network technologies using various modules of Riverbed SteelCentral NetPlanner like CarrierPlanner, NetMapper, OpticalPlanner.
  • Network monitoring tools like SOLAR WINDS, CISCO works, Wireshark and Splunk.
  • Microsoft Active Directory, Windows 2003, 2008, 2013 Servers, Linux and Solaris.
  • VLAN, VTP, ISL, 802.1Q, STP, RSTP, PVST, MST, Port-channel, Port Security, and L2PT.
  • Security Information & Event Management (SIEM).
  • Aggregation Switch (Nexus 3K, Cisco 4900M)- Aggregation for Wi-Fi Controllers and ASR routers.
  • Performance Testing tools like Spirent, iperf, Fluke LRAT-2000.
  • Software-Defined Networking (SDN): Hands-on experience and expert knowledge of Cisco Intelligent WAN (IWAN)
  • VPN technologies including IPSEC, AnyConnect (SME), DMVPN, FlexVPN, and GETVPN.
  • Advanced threat detection and fault isolation.
  • ATM & Frame Relay and MPLS, 2547bis VPN, RFC 4364, mVPN, VPLS.
  • Cisco ASA, Checkpoint Provider-1, Palo Alto, firewalls.
  • Firewall administration, rule analysis, rule modification, packet filters,and stateful inspection.
  • Incident management on Firewalls, Site to Site VPN, Remote Access VPN, Proxy Servers, IDS/ IPS
  • SME on Vendor communications to implementation on new projects.
  • Serving on demand proxy blacklist and IP Block requests from SOC.
  • Coordinate with IT Risk on all audit information requirements (ALL Internal + External Audits)
  • Gateway redundancy protocols like HSRP, GLBP, VRRP, PPP.
  • TCP/IP (SMTP, FTP, TFTP, DNS, ARP, RARP), FCoE, SFP, SFP+, QSFP, XFP, QoS.
  • Cisco APIC EM Dynamic Quality of Service.
  • URL filtering, IDS/IPS, and NAC-802.1X.
  • HP ArcSight, Checkpoint Smart Event detection, monitoring,and analysis.
  • Comprehensive understanding of all levels of the OSI model.
  • Automating tasks using VB script and Python, developed Ping sweep Python Script.
  • Blue Coat Proxy SG, F5 Big IP LTM, Netscaler, Cisco ACE 4710 Load Balancers.
  • PowerShell scripting to automate the process.
  • Infrastructure auditing, hardening,and compliance.
  • Install, Configure & Update Cisco & Checkpoint Firewalls, McAfee, TippingPoint IPS & Blue Coat Proxy appliances, and other security devices as requested.
  • LAN2LAN VPN & troubleshooting problems related to IPsec VPNs
  • Administration of monitoring tools like Tufin, Solarwinds.
  • Develop network schematics for Firewalls, IPS, Proxy, Fire Eye implementations.
  • Maintain documentation on actual infrastructure (Diagrams, Configuration scripts, etc.)
  • Programming & scheduling of Web Activity reports for IT Risk & IT Security.
  • Develop procedures for normal operational tasks on Firewall VPN, IPS, Proxy.
  • Prepares a presentation on new Infrastructure implementations (Ex. IPS Infrastructure, IPS Security Event Workflow, etc.)
  • Vendor management and processing appliance RMA and stocking.
  • Deep knowledge of all ITIL/ITSM processes, and their interaction with other processes.

PROFESSIONAL EXPERIENCE:

Confidential, Mather, CA

Network Security Engineer

  • Projects involve bringing new sites to Confidential WAN with the siteto site VPN solution, deploying different vendor firewalls like Check Point, Cisco ASA, PaloAlto Firewalls & Bluecoat proxy based on Confidential standards.
  • Incident management with a user base of over 6000 users and vendor management with over 40+ vendors, while performing root cause analysis of problems and incidents requested by the users and vendors.
  • Work on strict SLAs while handling incidents related to communications involving Routing and Switching, Firewalls, Vulnerabilities, Site to Site VPN, Remote Access VPN, Proxy Servers, IDS and IPS.
  • High Availability deployment of TippingPoint IPS products 8200TX and 8400TX while replacing McAfee appliances.
  • Implementation and TippingPoint IPS Signatures with adding/ removing inspection and bypass rules as per SOC requirements.
  • Migration of the infrastructure to the new data center in a remote location, maintaining zero-downtime.
  • Support Tenable Security Center/ Nessus Scanner as an auditing tool for known hosts on a network or for a "catch-all" for when we are doing black box testing.
  • Network sweeps, Network/host auditing (NIST, DoD, etc), Vulnerability Scans.
  • Review, update, validate and author Cybersecurity procedures (SOPs) as required
  • Respond and action incidents in accordance with policy using remedy system to track incident status
  • Audit and validate configurations deployed on user workstations, firewalls, management and proxy servers.
  • Audit and validate configurations of network devices based on DISA STIGs.
  • Monitor, review and report on data restoration capabilities.
  • Identify Security Controls and construct a compliance Matrix for tracking.
  • Perform on-demand retrieval for a wide range of events including session, process, module load point modifications, file and folder operations, registry changes and network connection activity.
  • Governance, monitoring, compliance,and vendor risk assessment.
  • Work with audit teams to scope assessments and update system security plans of applicable responsibilities under SOC.
  • Develop Information Security Policy and Standards and assist with various aspects of cybersecurity covering
  • Support the Endpoint Management Program by maintaining endpoint compliance within the corporate environment for off-site and on-site compliance.
  • Administer Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers.
  • Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), sniffers and malware analysis tools.
  • Attend regular CAB calls, as part of the ITIL process to represent the emergency changes to be performed each day and standard changes for the following week.
  • Perform regular hardening and maintain audit readiness and infrastructure compliant with security standards.
  • Firewall cleanup analysis and implementation using Tufin Policy Orchestration and Secure Track tool.
  • Detailed log analysis of user activity logs and infrastructure health logs using Splunk, Hewlett Packard Enterprise (HPE) - ArcSight Data Platform and ArcSight Enterprise Security Management

Confidential, Seattle, WA

Network Security Consultant

  • Responsible for performing CiscoASA and Palo Alto firewall rule audit using different firewall optimization tools like Tufin, Firemon, and Algosec and make decisions on risk to the enterprise network.
  • Design, deploy and manage multiple client networks with Cisco Meraki network devices including Security Appliances (MX), Switches (MS), and Wireless Access Points (MR) - Managed from cloud-based Meraki Dashboard.
  • Configuration & Maintenance of Cisco ISE for Certificate-based authentication for BYOD and Corporate Mobile Device Authentication using Air watch MDM.
  • Day to day DLP maintenance activities and analyze DLP incident and report on findings.
  • Support, maintenance, upgrades, new installations and troubleshooting on the core networks running OSPF, BGP, and MPLS.
  • Perform changes to monitor/block/allow the traffic on the Palo Alto firewalls PA250, PA3020, PA5020,and ASA firewalls.
  • Troubleshoot firewall-related packet drops and reachability issues using Net scout &Checkpoint Smart Tracker.
  • Work with checkpoint appliances like 600, 1100, 12400, 13500, 15400, 23500 creating IPSec VPN tunnels for remote sites.
  • Performdata analysis ofAlaska's Network Inventory using Python Scripts.
  • Security Information and Event Management (SIEM),TippingPoint Intrusion Detection & Prevention (IDS / IPS), sniffers and malware analysis tools.
  • Perform day to day WI-FI functionality checks of Merakiand Cisco Access Points (AP's) along with the switches that support these networks, rotating on call for 24X7 support.
  • Create ACL to secure Company WI-FI network and manage Cisco Meraki Wi-Fi controller to monitor suspicious activity.
  • Configure, maintain and troubleshoot WAN links - ATM, Frame-relay, MPLS, ISDN and PPP multilink, ADSL, T1.
  • IP addresses allocation for all the networking devices including switches, routers, firewalls,andF5load balancers through DNS entry using Infoblox.
  • ConfigureF5 Big IPs with VIPs, Pool, iRules and SSL certificates to ensure traffic is load balanced.
  • Perform maintenance tasks on the Cisco and Juniperswitches, ASR Routers, Multiple vendor Firewalls, F5 Load balancers, Infoblox DNS.

Confidential, St Louis, MO

Network Engineer

  • Mainly deal with technologies like Cisco routers and switches, Cisco Prime and APIC, Cisco and Meraki enterprise and industrial wireless.
  • Responsible for installation, configuration, monitoring and backup of redundant VMware servers hosting Database and Development Applications.
  • Complex routing, multicast routing, QoS, Internet breakout at the hub and spoke sites, and interoperability between IWAN sites and legacy non-IWAN sites during migration to IWAN.
  • Responsible for the secure development lifecycle for Cisco's Nexus line of products, including Application Centric Infrastructure (ACI),Application Policy Infrastructure Controller (APIC), SDN solution.
  • Coordinate, execute and evaluate logical and physical level issues to resolution including troubleshooting Cisco, Aruba and Citrix equipment.
  • Responsible for network provisioning, creating implementation plans for the provisioning of T1/E1 circuits for internal and external customer requirements for data and voice networks.
  • Perform SOVT testing of all equipment and WLAN site surveys when a WLAN gear is installed.
  • Responsible for analyzing DLP incident results and following up with remediation procedures ensuring sensitive client, employee, and corporate data is protected.
  • Perform installation, configuring of VMware ESX/ESXi, NSX and manage VMs (virtual server).
  • Administer server consolidation program through theuse of VMware ESX server, NSX& VMware Virtual Center.
  • Deploy, scale and automate network across multiple global datacenters supporting Amazon Web Services (AWS).
  • Manage the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and the everyday task of creating WIP and VIPs.
  • Perform configuration and maintenance of Brocade ICX 6450 and 7450 switches in the network.
  • Implementation and operation of WAN accelerator appliances such as Cisco WAAS and Steelhead Riverbed.
  • Installation and troubleshooting of Cisco 5508 and 2504 WLAN controllers and Aruba Mobility Controllers.
  • Deployed F5 load balancer LTM/GTM/APM/ASM, Cisco Prime Wireless Controllers and Wireless Access Points, HPNA, VMware NSX, Cisco Catalyst 6509, Cisco NAC.

Confidential

Network Executive

  • Responsible for the installation, configuration, and management of a broad range of network equipment like Cisco routers and Catalyst switches.
  • Plansinstall and support hardware and software upgrades; resolve technical issues associated with network and routing protocols at all levels of the OSI model.
  • Duties also included monitoring network performance using various network tools to ensure the availability, integrity, and confidentiality of devices and their applications.
  • The configuration of protocols like EIGRP, OSPF, and BGP in routers.
  • Monitor network health and bandwidth using Nagios core and MRTG on UNIX servers.
  • Analyze the data packets regularly using scanning and sniffing tools like Wireshark, Solarwinds&Splunk.
  • Responsible for configuring GLBP between multilayered switch networks.
  • Design, implementation, and support of the core network (Spanning tree re-design, Trunking, VLAN setup).
  • Physical and logical capacity planning of SONET and Ethernet network (CEN/CAREN).
  • Manage Active Directory Domain Controllers, DNS, DHCP,and WINS Servers.
  • Writing scripts to automate many of the manual task being performed by the Active Directory/Identity Services.
  • Monitoring IP address blocks, Address inventory, DHCP scopes for the inside network infrastructure through IPAM Infoblox.
  • Conduct isolation and analysis for the problem raised/escalated by clients and remote stations.
  • Responsible for monitoring of circuit performance and generation of statistical reports.
  • Configure and implementation of various WANequipment.

Hire Now