SUMMARY

• Proven background and experience in reviewing design documents and implementing/deploying technologies including provisioning, deploying, configuration, validation and documentation in a timely and proficient manner based on following internal policies and procedures and mandated compliances.
• Strong proficiency with administration and support including handling change requests, Tier 2 and 3 escalated tickets based on service level agreements (SLA) and documentation administration.
• Work well independently and in a team environment including verbal and written communications with technical and non - technical professionals, third party vendors/service providers and clients.
• Proven skills as subject matter expert (SME) to both technical and non-technical professionals including acting as advisor/mentor for various technical, professional and operational activities.

TECHNICAL SKILLS

• Cisco Routers ASRs/ISRs, Cisco Catalyst/Nexus, Juniper, Citrix, and H3C Routers & Switches, WAN, LAN, TCP/IP, Cisco IOS, Spanning Tree Protocol, BPDU, CDP, ACL, NAT, PAT, RIP, OSPF, EIGRP, BGP, MPLS, VTP, SNMP, SMTP, Static & Stub Routing, VLAN Trunking, Multicast, HSRP, SVI, CEF, VSS, VPCs.
• Cisco ASA firewalls, Cisco Security Manager Suite, Cisco IPS/IDS, Cisco ISE, Checkpoint Firewall, Juniper SRX series, Palo Alto, AAA - TACACS+/RADIUS, SSH, VPN, SSL/IPSec, Port Security
• Wireshark, Cacti, Nagios, Solarwinds, Sniffer, Orion, Remedy - VMWare, F5, Citrix Netscaler, Cisco AnyConnect, Cisco Prime, Meraki, SNMP, DNS, DHCP, FTP, Telnet, HTTP(S), SMTP, SFTP
• VoIP/SIP, CUCM, UCCM, UCCX, RSTP, STP, Quality of Service (QoS), PoE, MMDS, LMDS, CVP, IVR, PBX/PBS. GSM, Cisco, Siemens, Alcatel, PBX, Huewai, PSTN
• Cisco WLC, IEEE 802.1x & 802.11, WLAN, WAP, AP, LWAPP, Aironet
• VMware, Active Directory, Exchange 2003/2007/2010 , SQL Server, Windows NT, 2000, 2008, 2012, MAC OS, MS Office, 2003/2007/2010

PROFESSIONAL EXPERIENCE

Confidential

Sr. Network Security Engineer

Responsibilities:

• Supports Cisco Firepower services and implementing and tuning IPS signatures.
• Configure and Install Cisco NGFW Firepower and FTD firewalls at multiple customers.
• Provide DMZ/DDoS/VPN Infrastructure Engineering and secured services to various LOB and B2B customers across various DMZ Zones. includes global DDoS detection and mitigation service, DMZ, B2B/extranets, encryption, Internet portal, and VPN while providing network level HLD and LLD designs. and solution delivery.
• Deployed and managed security infrastructure including IDS, WAF, SIEM, HIDS, DNS Analytics, Two-Factor Authentication, Vulnerability Scanning with Rapid 7 Nexpose, Compliance Configuration Auditing, and Telephony Fraud Detection
• Provide support for DMZ’s creating and developing DMZ designs IDS signatures to meet new and emerging technologies threats.
• Monitoring and troubleshooting traffic on PaloAlto-5020 /2020 firewall .
• Creating and modifying rules and objects on PaloAlto-5020/2020 firewall
• Analyze logs and make necessary network report using smart reporter console application.
• Configure IPSEC and SSL VPN with Palo-alto, Cisco ASA, Fortinet, Checkpoint and Router.
• Manage and configure the Cisco ASA 5585 and ASA 5525 Firewalls to maintain network security and provide IPSEC LAN to LAN VPN to vendors and business partners. Utilize AnyConnect remote access VPN and certificate base VPN for all employees and vendors.
• Configure and install the Cisco IPS modules integrated in the ASA5585 Firewall to monitor and block unwanted traffic as a security measure.
• Monitoring and alert management of all components related to the Cisco ISE solution
• Troubleshoot firewall issues using CLI and GUI.
• Manage Palo alto, Checkpoint, Cisco ASA and Fortinet policy and network.
• Creates, and maintains Bluecoat proxy policies.

Confidential

Sr. Network Security Engineer

Responsibilities:

• Utilized ForeScout to create lists of devices imported from a third-party source to determine which authorized devices are disconnected from the network at any given time.
• Configured the monitoring solution in ForeScout, and executed a systematic gamut of checks, to ensure network monitoring accuracy.
• Provide DMZ/DDoS/VPN Infrastructure Engineering and secured services to various LOB and B2B customers across various DMZ Zones. includes global DDoS detection and mitigation service, DMZ, B2B/extranets, encryption, Internet portal, and VPN while providing network level HLD and LLD designs. and solution delivery.
• Provide support for DMZ’s creating and developing DMZ designs IDS signatures to meet new and emerging technologies threats.
• Back up, Restore and upgrade of CheckPoint and Fortigate firewall appliances.
• Fortigate S2S & SSL VPN Implementation
• Analyze logs and make necessary network report using smart reporter console application.
• Configure checkpoint and fortigate firewall to authenticate users based on user identity, user group, session and PC-User Authentication.
• Creates, and maintains Bluecoat proxy policies.
• Implementation of Bluecoat proxy, implementing authentication using client certificate and SSL interception using Client Sub CA certificates
• Troubleshooting issues of internet traffics via Bluecoat Proxy.
• Worked or Bluecoat proxy SG500-20, and CAS appliance implementation for client\’s Internet traffic
• Routing and Switching experience with EIGRP, OSPF and BGP configuration, troubleshooting, configuration of DHCP and DNS on routers and switches at various remote site Designs
• Design and setup of Aruba Controllers 7200 and 7400 series and stacking switches 3800 series
• PCI Compliance auditing with Cisco/Aruba Wireless Security Assessments and Wireless Site Surveys
• VPN implement and troubleshoot IP-SEC tunnels, GRE Tunnels, SSL-VPN on Aruba Controllers
• Aruba Switch s3500 & 3810 Complex Stacking topologies and profile configurations
• Aruba ClearPass server Authentication: 802.1X, AAA, Policy Management, Guest Access, B.Y.O.D.
• Perform standard configuration, management, and maintenance tasks for Linux servers, requests, escalation support/ticket resolution and analysis in an enterprise LAN/WAN environment for datacenters, corporate, WAN links, and branch offices.
• Technologies include but not limited to routing, switching, security, wireless and voice throughout an enterprise network of corporations from data center, corporate, WAN links to regional and branch offices.
• Other activities included as needed and schedule reports to senior management on the status of technical implementation activities, professional/technical review on LAN/WAN Professionals and its overall success, monitored and worked to streamline/improve the company’s standards and processes.

Confidential

Snr. Network Security Engineer

Responsibilities:

• Member of a team of professionals responsible for analysis, maintenance, support, and troubleshooting in an enterprise LAN/WAN environment for Internet services access with direct client and third party.
• Team lead on Onshore/ Off Shore environment
• Technologies in network environment include but not limited to routers (BGP, Cisco ISR/ASR, Juniper, Alcatel), switches (Vlans, VTP, Cisco catalyst)
• Support Network Engineer for CenturyLinks for Starbucks activation that includes the design and implementation of Juniper SRX 300, EX 2200, Cradlepoints, Broadband Cables and circuits, IPSec and BGP
• Perform standard configuration, management, and maintenance tasks for Linux servers, requests, escalation support/ticket resolution and analysis in an enterprise LAN/WAN environment for datacenters, corporate, WAN links, and branch offices.
• Configuring and Implementing load balancing features to an in-production web server cluster
• Helping to bring the new F5 architecture online, test, and troubleshoot all configuration setting
• Implementing iRules from the vendor provided to maintain persistence based on session and for testing production environment
• Assisting in decommissioning the existing F5 appliances after migration
• Reviewed logs for all networking devices for unresolved abnormalities and problems and documented all server and network problems and other unusual events in details