We provide IT Staff Augmentation Services!

Sr F5 Engineer/ Network Security Engineer Resume

South Lake, TX

SUMMARY

  • Network Engineer with around 9 years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
  • Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP and ability to interpret and resolve complex route problems.
  • Maintained/Created Information Security programs for monitoring and updating corporate - owned web domains and web servers
  • Monitored internal control systems to ensure that appropriate access levels are maintained
  • Recommended, implemented and monitored policies and procedures for appropriate network security Incident Response
  • Administration of Data Center networking gear, including Cisco Nexus (9k, 7k, 5k, 2k) and Arista (7050, 7060, 7260, 7150, 7280) switches. Provisioning of vPC/MLAG’s for high availability purposes. Provisioning of VSS on certain Data Center Cisco Catalyst 6500 switches
  • Implementation, Configuration and Support of Checkpoint (R80, R77 Gaia, R75 and R71),VSX,MDM/MDS, Provider - 1, Palo Alto Networks Firewall models (Panorama M-100, PA-2k, PA-3k, and PA-5 k).Proficiency in Cisco ASAs, ISRs, Catalyst/Nexus, HP Switches, Cisco Meraki, Aruba, EIGRP, OSPF, BGP.
  • Implementation of traffic filters on Cisco routes using Standard and extended Access list
  • Expert Level Knowledge about TCP/IP and OSI models
  • In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services
  • In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
  • Experience in migration from Cisco infrastructure to Juniper MX routers and Switches such as EX and QFX-3500, QFX-5100.
  • Configure IP fabric with OTT architecture with Leaf and spine nodes using QFX5100 running BGP (Underlay/Overlay) for peering between the Datacenters.
  • Configuration and troubleshoot HSRP, VRRP, GLBP, RSTP, MST. 10G related issues coming in network environment.
  • Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
  • Knowledge of implementing and troubleshooting complex layer 2 technologies such as MSTP, VLAN Trunks, HDLC, STP, and RSTP.
  • Experience in Supporting and troubleshooting Checkpoint (R80, R77 Gaia, R75, R70, R65, Provider-1, VSX, SPLAT, Cluster XL, Smart Center Server)
  • Have knowledge on various advanced technologies like VOIP, SIP, QOS, IPv6, Wireless - Meru, Aruba, Meraki, Multicasting and MPLS.
  • Hands on experience with BIG-IP environment utilizing two or more of the following: GTM, LTM, APM or ASM.
  • Strong experience with Cisco ASA firewalls, ISE, Aruba ClearPass.
  • Strong scripting experience in Python or GOLANG.
  • Experience in configuring HSRP and redistribution between routing protocols & troubleshoot them.
  • Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
  • Hands on experience with F5 LTM Load balancer and Infoblox IPAM, DNS.
  • Experience with Cisco ACI (Application Centric Integration) technology implementation.
  • Advanced proficiency with Cisco Wireless ( APs, Controllers, ISE, Prime)
  • Excellent communication skills to interact with team members and support personnel and also can act as a mentor to less experienced personnel.
  • Familiarity with SDWAN and Security Firewall products. Work experience on Splunk, IBM Qradar, Tufin, Firemon, Algosec, CyberArk, Infoblox, Service Now, Remedy and HPNA.
  • Expertise in implementation of traffic filters using Standard and Extended access-lists, Distribute-Lists, Prefix-List and Route Maps.

PROFESSIONAL EXPERIENCE

Confidential, South Lake, TX

Sr F5 Engineer/ Network Security Engineer

Responsibilities:

  • Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R77.30 Gaia, R80.10 VSX and Provider-1/MDM.
  • Deployed Cisco ASA Firepower Services Delivers cultivating rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP
  • Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA-3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
  • Creating multiple firewall policies in checkpoint smart dashboard in VSX cluster environment.
  • Performed the code upgrade from Checkpoint R77.10 to R77.30 Gaia on MDM and Log servers.
  • Build and configured the Checkpoint R80.10 firewall and management servers in the lab environment.
  • Upgraded Panorama to version 8.1.9 and upgraded all Palo Alto firewalls to PAN-OS 8.1.9.
  • Performing migration of Checkpoint R77.30 to R80.10 for all management servers (MDM’s & MLM’s) and all the firewall gateways in the production environment.
  • Working and troubleshooting issues on Paloalto firewalls Pa-7050 and PA-5k series firewalls and managing them via Panorama.
  • Developed test scripts using Python and assorted proprietary software tools.
  • Developed REST APIs, Web Services using one or more Python frameworks
  • Working experience in automation of Python based library and test cases
  • Cisco Networking certificates such as CCIE, CCNP, etc. Extensive automation in Python, Any honors or Certifications in python
  • Implemented user based IBAC/Identify based firewall rules using User-ID in Paloalto firewalls for all the campus users.
  • Worked on BIG-IP Access Policy Manager (APM) contextually secures, simplifies, and protects user access to apps and data, while delivering the most scalable access gateway.
  • Migrating applications from cisco ACE/CSM to F5LTM, and GSS configurations to F5 GTM wide-ip's.
  • Configured and troubleshooting the F5 LTM and APM and providing level 2 support for the customers.
  • Working with Paloalto TAC to resolve the technical issues with PAN devices and User-ID issues.
  • Migrated Cisco ASA and Checkpoint firewalls to Paloalto firewalls using Paloalto Expedition tool.
  • Used Algosec for firewall optimization purpose and removed unused rules.
  • Knowledge on Amazon AWS Virtual private cloud services
  • Worked on network security design and installation using Palo Alto Firewall (Application and URL filtering, Threat Prevention, Data Filtering).
  • Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
  • Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
  • Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
  • Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
  • Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
  • Working on Service now tickets to solve troubleshooting issues.
  • Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture Expertise in installing, configuring and troubleshooting Juniper EX Switches EX2200, EX2500, EX3200, EX4200, EX4500 series
  • Proficient with F5 LTM and Cisco CSM load balancer in-between the servers inside the server farm and DMZ.
  • Monitored and responded to network anomalies utilizing Solarwinds/Orion's software and recommended appropriate network solutions for issues.

Confidential, Malvern, PA

Senior Network Engineer

Responsibilities:

  • Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
  • Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
  • Experience in Designing and assisting in deploying enterprise Wide Network Security and High Availability Solutions for ASA.
  • Upgraded the F5 LTM and APM modules from v.11.4.1 to v.11.5.3 in high-availability architecture.
  • Implemented F5 LTM and GTM changes using CLI (TMSH and advance shell) configurations and Experienced in administration of F5 infrastructure.
  • Created the AAA servers for LDAP and AD authentication in F5 APM.
  • Installed FortiGate’s 100E, 6000 & 60E, Fortinet, Forti Manager & Forti Analyzer & utilizing F5 Load Balancing with LDS and BIG, IP.LTM & GTM.
  • Developing automated test plans & tools using PYTHON, TCL, EXPECT, PERL
  • Created and configured management reports and dashboards using Fortinet and FortiGate manager.
  • Member of a 5-person team responsible for systems and policy changes to firewall infrastructure. The Firewall mesh consists of approximately 35 Fortigate firewalls and the infrastructure to maintain them. All firewalls are configured as high availability clusters.
  • Migrating applications from cisco ACE/CSM to F5LTM, and GSS configurations to F5 GTM wide-ip's.
  • Configured and troubleshooting the F5 LTM and APM and providing level 2 support for the customers.
  • Working with F5 APM sessions and manipulating session using iRule and configuring and maintaining Webtops and Portal Access.
  • Configured Checkpoint and Cisco ASA firewalls to secure the infrastructure for the Data Center.
  • Implemented SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks and Cisco ASA firewalls
  • Responsible for major aspects of network specification and design within the organization making recommendations for the improvement of network design operation and economics, wherever and whenever possible
  • Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication
  • Configured ACLs in Cisco 5550 ASA firewall for internet Access requests for servers, protocol handling, object grouping and NAT
  • Migrated Cisco ASA and Check Point firewalls to Palo Alto Network Firewalls using the PAN Migration Tool (Expedition) and integrated wildfire to identify zero-day exploits
  • Implemented Global-Protect VPN for mobile workforce replacing traditional Remote access VPNs
  • Performing administrative tasks with Palo Alto Networks (Panorama) including Security, NAT policy definitions; application filtering; Regional based rules; URL filtering, Data filtering, file blocking, User based policies, maintained and analyzed firewall logs
  • Configured VDC (Virtual Device Context) for Nexus 7010 Switch.
  • Experience with industry recognized SIEM solutions such as ArcSight, Splunk, LogRhythm, AlienVault, etc
  • Citrix Netscaler Architecture and implemented Infrastructure Redundancy of Federal Home Loan Bank in he routers in the network to maintain different routing instances
  • Expertise with Cisco ASA firewall-based devices, configuring VPNs, IPS and IPsec
  • Provided L2 & L3 network support, Building configurations for Juniper EX 3300 and EX 4200 switches with features like port security, VLANS, VTP, and PVST+. Worked on SRX service gateways and MX Platform routers.
  • Worked on Juniper J series j230, M 320 routers and EX 3200 series switch.
  • Maintenance of networks and do any possible upgradation based on the analysis.
  • Was part of LAN/WAN development (IP address planning, designing, installation, configuration, testing, and maintenance and troubleshooting issues) team.
  • Performing daily monitoring and maintenance of Solar winds Orion software
  • Utilized Cisco Firepower policies to manage applications, Snort rules, and URL blocking.
  • Includes installation, testing, upgrading, loading patches, troubleshooting both physical and virtual environments
  • Worked on F5 GTM, configuring Wide IPs and pools to load balance the client traffic between the two data centers
  • Implement Aruba Wireless infrastructure using Aruba controllers & Access Points. Configured Aruba access points troubleshoot connectivity issues with Aruba access points
  • Used Bluecoat ProxySG Appliances to effectively secure Web communications and accelerate delivery of business applications.
  • Adding Websites to blocked list on the bluecoat proxies based upon business requirements.
  • Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network
  • Linux System Administration (RHEL/CentOS/Scientific Linux 6)
  • Designed, installed, configured, and troubleshot Citrix NetScaler devices in the support of NetScaler Gateway, Clientless VPN and SSLVPN implementations
  • Vendor certification in a SIEM technology
  • Knowledge with following Citrix infrastructure components: Web interfaces, PNAServer, NetScaler setup and administration, License Server management, Edgesight. Management and configuration of RSA SecurID Server managed the network engineering team for the modification of the global wide area network to support Office 365 and Skype for Business using SDWAN
  • Troubleshooted VIPs and SSL certificates issues that were encountered at the time of deployment or in production
  • Configured dynamic routing protocols such as EIGRP, OSPF, BGP and switch management on Cisco 6500, 2800, 2900, 3750, 3900 series.
  • Responsible for enabling BGP peering and customer sessions and debugging BGP routing problems.
  • Monitor and responsible for access control to the Data Center to prevent unauthorized access.
  • Configured Nexus 7K, 5k, 2k switches in data center for hosting various servers
  • Install or decommission of Nexus switches and servers in the data center.
  • Used Network analysis tools like Packet Sniffer and Wireshark for troubleshooting the network.

Hire Now