We provide IT Staff Augmentation Services!

Network Security Engineer Resume

Phoenix, AZ

PROFESSIONAL SUMMARY:

  • Around 6 years of experience in deployment, implementation, troubleshooting and maintenance of complex Networks, Security devices and Network Security infrastructure.
  • Strong experience in deploying, maintaining various network security devices like Cisco ASA, Firepower, Confidential (3020, 5060) and Check Point firewalls (R75, R76 )
  • Experience working with device groups and template stacks on Panorama . Administered multiple firewalls using panorama, configured dedicated log collectors.
  • Experience with Confidential firewall features like Wildfire, URL filtering, Zone creation, DNS sinkhole, Advanced Endpoint protection and SaaS Security
  • Expertise in enabling and administering threat prevention (antivirus, antispyware, vulnerability protection) also configured devices with file blocking and dlp.
  • Implemented Zone based Firewall and security rules on the Confidential, Juniper Firewall.
  • Configured and Maintained policies on Firewalls using TUFIN Orchestration Site.
  • Configuring security policies using Application ID, User ID and Data Filtering on Confidential Firewall.
  • Implemented complete Global Protect infrastructure by configuring portal and gateways to manage mobile workforce by enabling secure remote access regardless of location
  • Migration of the firewall rules from Cisco ASA 5540, 5550 to Confidential firewalls using PAN OS migration tool and expedition.
  • Configured High Availability links (Active/Passive) between Firewalls to prevent a single point of failure on the network.
  • Configured context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on Cisco Confidential 55XX firewalls
  • Experience with F5 load balancer as well as emphasis on BIG - IP LTM (F5 VIPRION LTM 2150, F5 BIG-IP LTM 5050s), Big-IP DNS.
  • Worked on configuration and implementation of VIP's, High availability (A/S), virtual server and irules on F5 Load balancer.
  • Designed and implemented DMZ for Web Servers, Mail servers & FTP servers using Next-Gen Firewalls.
  • Experience working in Enterprise scale Security implementations with hundreds of security gateways segmented through multiple DMZ, Perimeter and External zones with Heterogeneous network/security appliances.
  • Controlled and monitored employee's internet traffic using Bluecoat proxy (SG 900, 810 and SG9000 series) devices located in both data centers in conjunction with BlueCoat CAS Device for antivirus protection.
  • Configured and managed Cisco routers and Switches using Cisco Security Device Manager (SDM).
  • Expertise in troubleshooting, implementing of static and dynamic routing protocols such as EIGRP, OSPF, iBGP, EBGP and ability to interpret and resolve complex route table problems
  • Work experience in managing and troubleshooting the core, distribution and access switches.
  • Substantial working experience on Cisco Nexus switches (2000, 5000 and 7000 series) and ISR Routers (2811,3640), ISR Switches (2950,3550)
  • Competency in resolving issues in L2 Switching related Technologies & protocols like VLAN Trunks, VTP, VTP Pruning, Port Security, Ether Channel, RSTP, STP, PVSTP, Port Channel Protocols like LACP, PAGP.
  • Configuring and maintaining Site-to-Site VPN's(IPSec), DMZ's, Remote access VPN's (SSL), ACL's, Security Zones and TLS/SSL s.
  • Implemented Network Access Control (NAC) using tools like Aruba Clearpass for BYOD and IT issued devices.
  • Installed Cisco Wireless Lan Controllers (WLC) with active/standby state controlling more than 100 access points.
  • Expertise knowledge on SIEM tools like Splunk, QRadar to get real-time analysis of security alerts generated by network hardware and applications.
  • Experienced in configuring and deploying RADIUS, TACACS+ as part of AAA Architecture under multiple scenarios.
  • Experience in SolarWinds Network Performance Monitor, Network Configuration Manager, Network Traffic Analyzer (Netflow) and IP Address Manager.
  • Expertise in managing network using SNMP and other tools such as Wireshark, Tcpdump, Service Now and Cyber Ark
  • Knowledge of DDOS attack, Killchain process and implementing mitigation techniques to DDOS like Akamai.
  • Documentation and Project Management along with drawing network diagrams using MSVISIO.

TECHNICAL SKILLS:

Firewall: Cisco Confidential 55XX series, Checkpoint R75, R76, Confidential 7000, 5000, 3000 series

Load Balancer: F5 Network (Big-IP) LTM 8900 and 6400

VPN: IP Sec, DMVPN

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Routers: Cisco ISR 1841, 2800, 3800, 2951, 3900, 4000, Juniper Routers (MX-480, MX960)

Routing: OSPFv3, OSPFv2, EIGRP, BGP, Static

Switches: Cisco Catalyst switches and 1800, 2600, 3600 series, Nexus 2k, 5k, 7k, Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200)

Switching: STP, PVST+, RPVST+, Inter-vlan Routing, Multi-Layer Switch, Ether Channels (PAGP, LACP)

Network Protocols: TCP, UDP, DNS, DHCP, FTP, TFTP, HTTPS, PPP, SNMP, ICMP

Tools: Wireshark, Tcpdump, QRadar, Splunk, TUFIN, SolarWinds

PROFESSIONAL EXPERIENCE:

Confidential, Phoenix, AZ

Network Security Engineer

Responsibilities:

  • Experience working with Confidential 's Panorama appliance (device groups, template stacks) for logging sessions, creating reports and managing multiple firewalls simultaneously
  • Experience with Virtualization using Multi-VSYS on Confidential, Multiple Context on Confidential and configured static routes on virtual routers.
  • Segmentation of existing Data center with multiple zones for East-West Traffic visibility by deploying Confidential -5260 series firewalls.
  • Migrating Cisco Confidential 5500 firewalls to Confidential 5060 firewalls using PAN migration tool and expedition
  • Replacing Confidential 5060 firewalls with 5250 firewalls on the production environment
  • Creating Application specific rules set for the traffic by customizing objects, security profiles(antimalware), service groups, dynamic block lists.
  • Create new zones for segmenting the DMZ from internal network and enforcing stringent security profiles to reduce the threat landscape
  • Configure APP-ID feature in Confidential firewalls to reduce attack surface, regain visibility and control over traffic and create custom URL-filtering profiles and use them in writing Security policy rules that allow web access to users
  • Expertise in configuring User ID both Agent based and Agentless for multiple users by using LDAP servers for authentication
  • Create Portal, configure Gateways and install the Global Protect Agent on client devices and configure two-factor authentication on those to provide VPN connections for Global Protect.
  • Configured High Availability links (Active/Passive) between Firewalls to prevent a single point of failure on the network.
  • Configure Log Forwarding to forward logs from the firewall to Panorama M-500 and then configured Panorama to send logs to the servers.
  • Integrating the Confidential firewalls with Wildfire cloud inspection engine to protect against zero-day, APT and Malware threats.
  • Providing constant Network & Threat activity reports for Internet Gateway Confidential firewalls.
  • Configuring DNS Sinkhole on Perimeter firewalls to sink hole malicious DNS traffic
  • Experience building site-to-site VPN tunnels between business partners and remote locations
  • Troubleshoot security policy, HA, VPN, Global Protect issues on PAN devices such as PA 5060 and 7080 series.
  • Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding
  • Substantial working experience on Virtual Port Channels (VPC), bonding server NICs and Virtual Device Contexts (VDC) in Nexus 7000 series switches.
  • Migration of Cisco ISR 1841, 2800, 3800 First generation to Cisco ISR 2951, 3900, 4000 second gen series for branch offices.
  • Experienced in configuring the Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
  • Expertise knowledge on Aruba wireless controllers and access point configurations including RF tuning to reduce interference.
  • Operational support and assistance of the Cisco ASA, Cisco Firepower FTD and FMC appliance and upgraded an ASA firepower module managed by Adaptive Security Device Manager (ASDM).
  • Firewall policy optimization using Tufin to ensure policy auditing across many dependent firewalls.
  • Work with F5 (LTM) load balancers to improve delivery, performance, availabilty for local site traffic.
  • Configured nodes, pools, virtual servers, vip and monitored health checks on F5 BIG-IP LTM by using round-robin, least connections technique to balance load.
  • Configured firewall logging, DMZs and related security policies and monitoring.
  • Integrated Splunk with Confidential firewalls for monitoring Firewall logs and activities.
  • Perform Method of Procedures (MOP) for firewall deployment and failover tests.
  • Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework.
  • Maintain Configuration, Documentation (VISIO's) and Records Management.

Confidential, San Mateo, CA

Network and Security Engineer

Responsibilities:

  • Deployed Inline inspection architecture using Confidential Firewall PA-7050, 5060, 3060 series to protect datacentre.
  • Responsible for security profile groups, security policies implementation on Confidential VM 300 & 500 series firewalls that secure the cloud environment.
  • Centralized management of all Confidential Devices and appliances using Confidential Panorama M-100 server.
  • Implemented stateful inspection on network traffic by creating zone and policy-based rules to mitigate the malicious attacks and threats on network.
  • Assisted in the migration of firewall rules set from Legacy Cisco Confidential to Confidential Firewalls using Confidential Migration tool.
  • Configuring and maintaining Site-to-Site VPN's, DMZ's, Remote access VPN's (SSL), ACL's, Security Zones and TLS/SSL .
  • Worked on Load Balancer F5 LTM, GTM series like 8800, 6800, 6400, for the corporate applications purpose using iRules.
  • Expertise knowledge on SIEM tools like QRadar to get real-time analysis of security alerts generated by network hardware and applications.
  • Provided threat protection with Confidential IPS solutions of Firewalls & open source tools like Snort.
  • Assisted in providing security for web application using Akamai Kona Web Application Firewall.
  • Creation and maintaining users in the Firewall via certified base authentication (Tacacs) for Remote users and for local users as well and auditing of Firewalls using Algosec tool.
  • Implementation and operational support of routing/switching protocols in complex environments including OSPF, EIGRP, Spanning Tree, 802.1Q, etc.
  • Management of Cisco catalyst 6500, 3500, Nexus 7009 switches at the Data center.
  • Experience in implementation and troubleshooting of Datacenter devices like Nexus 7000, Nexus 5000 and Nexus 2000 Series devices with VDC's /VRF's configurations.
  • Configuring Security policies including NAT, PAT, VPN (DMVPN, GRE), Route-maps, prefix lists and Access Control Lists.
  • Provided Secure Web Gateway using Bluecoat Proxy servers for both Forward and Reverse Proxy.
  • Worked on Cisco ISE, Aruba ClearPass (CPPM) for BYOD policies using ClearPass Onboard feature for endpoint protection.
  • Deployed Cisco Aironet 3800e Access Points and wireless appliances for new branch office.
  • Configured the Cisco 5508 wireless LAN controller and 3700 series access points to provide a reliable connection to users.
  • Implemented Authentication Authorization and Accounting (AAA) protocol TACACS+.
  • Providing Server and Proxy authentication using TLS s.
  • Implemented L3 MPLS VPN services, Ethernet Private Line (EPL) and WAN technologies.
  • Vigilance of the network using monitoring tools like Solar Winds and Extensive packet analysis using TCPDUMP and Wireshark packet tracer tools.
  • Day to day monitoring/health check on Firewalls and keep an eye on any vulnerabilities/threats­­­

Confidential

Network Engineer

Responsibilities:

  • Involved in configuring High Availability links between Checkpoint firewalls (Active/Passive) R76, R77 to prevent a single point of failure on the network.
  • Work on Checkpoint Platform including Provider Smart Domain Manager.
  • Worked on configuring, managing and supporting Checkpoint Gateways.
  • Configured and maintained security infrastructure of local area network (LAN) and Wide area network (WAN).
  • Configured and Troubleshooted issues with Cisco routers 2851, switches 2960, NAT, and DHCP, as well as assisting with customer LAN /WAN.
  • Hands on experience in blocking unauthorized users and allowing authorized users to access specific resources by configuring Access Control Lists (ACL).
  • Substantial working experience in configuring & troubleshooting routing protocols: EIGRP & OSPF.
  • Created Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
  • Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, route maps, prefix-lists.
  • Involved in troubleshooting of DNS, DHCP, and other IP conflict problems and applied QoS for the bandwidth delay
  • Enabled RPVST Enhancements to speed up the network convergence that includes Port-fast, Uplink-fast, and Backbone-fast.
  • Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
  • Perform IOS upgrades/Password recover on 2900, 3500 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP.
  • Actively involved in Switching Technology and Administration including creating and managing VLANs, Port security- 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches.
  • Worked with the engineering team in resolving the tickets and troubleshooting layer2 and layer 3 problems.
  • Monitoring Network Management and responding to events, alarms, and tickets.
  • Worked with Senior Security Engineer on Firewall configurations and maintenance.

Confidential

Jr. Network Engineer

Responsibilities:

  • Understand the JUNOS platform and worked with JUNOS upgrade of Juniper devices
  • Expertise in installing, configuring and troubleshooting Juniper Routers (MX-480, MX960) and Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200) series.
  • Configured Access List (Standard, Extended and Named) to allow users all over the company to access different applications and blocking others.
  • Planning and Assisting the network operations team for new network infrastructure deployments.
  • Created Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
  • Enabled RPVST Enhancements to speed up the network convergence that includes Port-fast, Uplink-fast, and Backbone-fast.
  • Responsible for cabling, labelling and Racking & Stacking of various network equipment and ensured there are no connectivity issues using ping and tracert.
  • Troubleshooted installation issues due to hot aisle and cold aisle.
  • Troubleshooted the layer 1 and layer 2 ticketing issues like damaged cabling or terminations, insufficient network bandwidth, incorrectly assigned Vlan .
  • Documented and updated the network physical and logical layout using Lucidchart.
  • Hands on experience with Network diagnostics, monitoring tools like solarwinds, wireshark.

Hire Now