Sr. Network Security Engineer Resume
Mountainview, CA
SUMMARY
- Over 6+ years of Experience in Designing, Security, Deployment and Operations of complex enterprise and service provider networks. Adept in managing service functions & streamlining the working standards operating system for project rollout, design and development of Telecom solutions.
- Designed and configured the commands for QoS and Access lists for Nexus 7K and 5K.
- Expert working knowledge (including the ability to setup, configure, upgrade, manage and troubleshoot Cisco routers, switches, VPN concentrators, firewalls, 802.11 wireless access points and load balancers).
- Migrated firewall rules from Cisco ASA to Palo alto and Check point Firewalls. Designing and Configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
- Configuring Multiprotocol Label Switch - Traffic Engineering (MPLS-TE) on a Cisco ASR 9K Series route.
- Well versed with AAA configuration using TACACS+ & RADIUS server.
- Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+& RADIUS)
- Worked on Load balancer F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Working knowledge in BGP, OSPF, EIGRP, RIP, IS-IS, HSRP, L2/3 VPNs in IOS, IOSXE, and IOS XR platforms.
- Strong experience on Juniper SSG series Firewalls and checkpoint R75,76 Firewalls
- Experience in configuration of Juniper security appliances SRX 220, SRX 240, SRX 550, NS 50, SSG 550M, SSG 520M.
- Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70, R75, R77 and Cisco ASA.
- Experience working with OTV & FCOE on the nexus between the datacenters. Experience working with OTV & FCOE on the nexus between the datacenters
- Expert in design, configuration and deployment of F5 Solutions with extensive experience working with APM and ASM technologies.
- In the process of replacing the Cisco NAC with the new Cisco Identity Service Engine (ISE).
- Experience Palo Alto, Network Security, Juniper Firewalls, SSL VPN, Checkpoint, RSA, Cisco Nexus, Cisco ACE, Cisco Wireless.
- Experience configuring and troubleshooting on Citrix Net Scalar Load Balancer.
- Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
- WAN circuit systems design, configuration, implementation, troubleshooting and support.
- Had worked on cisco ASA firewall where we upgraded ASA5550,5520 etc. and changed from version 8.2 to 8.4 or 9.
- Worked on Load Balancer F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
- Deployed Cisco 2500 and 5800 Series Wireless Controllers and 1xxx and 2xxx series Access Point.
- Had configured the F5 LTM 8950, 6900, 3900etc. And also, did configuring nodes, virtual servers, load balancing pools etc.
TECHNICAL SKILLS
LAN Technologies: VLAN, VTP, Inter-VLAN routing, STP, RSTP, PVST, 802.1x
WAN Technologies: Frame Relay, ISDN, PPP, ATM, MPLS, Leased lines
Network Security: NAT/PAT, VPN, Filtering, IDS/IPS, IPsec, ACL
Routing Protocols: RIP, IGRP, EIGRP, OSPF, BGP, IS-IS, HSRP
Routed Protocols: TCP/IP, IPX/SPX
Infrastructure Services: DHCP, DNS, SMTP,MIBs,Syslog, POP3, FTP, TFTP
Network Management: SNMP, SSH, Telnet, ICMP
IP Telephony: VOIP,FXO/FXS/E&M/T1/ISDN/PRI,Call manager Express
Operating Systems: Windows Vista/XP/NT/2003, MS DOS, UNIX, Linux
Comm. Protocols: Wi-Fi, WiMAX, CDMA, 3G
Protocol Analyzers: OPNET, Wireshark.
Languages/ Tools: C, C++
PROFESSIONAL EXPERIENCE
Confidential, Mountainview, CA
Sr. Network security Engineer
Responsibilities:
- Set up maintained a source fire IDS/IPS system to control network security.
- Troubleshooting firewall rules in Cisco ASA, Checkpoint, Zscaler.
- Perform installs, configure and troubleshooting on stateful inspection firewalls and inline/passive IPS/IDS sensors.
- Subject Matter Expert in network security, Cloud computing security and SDN security applications.
- Specialized in Network Security technologies (Firewall, IPS/IDS, Content Filtering, Proxy and Cisco network products).
- Mutual redistribution of OSPF and BGP routes using route maps.
- Involved in upgrades to the WAN network from existing 1001x with ASR1004 and ISR 2800/4331 routers.
- Strong experience Working with the following routing/switching protocols: BGP, OSPF, EIGRP, LDP, HSRP, VRRP, GLBP, VTP, 802.1d, and 802.1q, ISL, VLAN’s and Port-Channels.
- Worked on F5 BIG-IP LTM, configured profiles provided and ensured high availability.
- Hands on Experience testing iRules using Browser (IE), HTTP watch on f5 load balancers.
- Administer and Troubleshoot Cisco ISE and Cisco TACACS
- Configuring IPSEC VPN on SRX series & Palo alto firewalls.
- Integrate Splunk with AWS deployment using puppet to collect data from all EC2 systems into Splunk.
- Convert Campus WAN links from point to point to MPLS and to convert encryption from IPsec/GRE to DMVPN.
- Configuring IPAM on DNS Infoblox like adding the already existing networks and
- Performed security audit of perimeter routers, identifying missing ACL’s, writing, and applying ACL’s
- Configured and Established Express route and VPN connectivity to Microsoft Azure Cloud.
- Worked with Microsoft support and Deployed HUB and Spoke topology in Azure Cloud.
- Responsible for Cisco ASA firewall administration across our global networks
- VMware vSphere security firewall, leveraging AD, configure network security policy
- Planning and installing VMware ESX and ESXi.
- Installed, configured, and set security policies on Cisco and checkpoint firewalls, VPN.
- Monitored and tested network protocols TCP/IP using Wire shark tool.
- Worked with Aruba/Cisco wireless AP 205 series supporting 802.11 ac.
- Assisted developers with creating and securing Azure API connections.
- Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
- Implemented Zone Based Firewalling and security rules on the Palo Alto Firewall.
- Experience working with Nexus 9508, 9504, 7018/7010, 5020, 5548, 2148, 2248 devices
- Implementation of BGP to optimize WAN routing on the core and edge routers.
- Troubleshooting and installing of ISR, GSR, ASR9000 and Nexus devices. Managed rules on Checkpoint NGX firewall.
- Managed VPN, IPsec, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam and Smart Provisioning.
- Support over two hundred Cisco Firewalls Cisco ASA 5500, Series 5500 - X, and Cisco Next-Generation Firepower 4100 Series security appliances in standalone and high availability configurations
- Level 3 support Firewall Engineer (Cisco ASA and Palo alto)
- Configured site-to-site and client VPNs and identify and resolve firewall and VPN connectivity issues.
- Configured and troubleshoot VPN's on infrastructure VPN devices. Provided support for infrastructure FW/IPS platforms.
- Worked on checkpoint &Palo Alto design and installation of Application and URL filtering, thereat prevention, Data Filtering.
- Good experience in Checkpoint Firewall Operations and implementations across a diverse network with many levels of required security configurations.
- Created Azure Virtual Firewalls, VPNs, VLANs, Load Balancers and Route Tables. Implemented Checkpoint firewall rules according to business requirements and verifications.
- Migrated firewalls from ASA to Checkpoint.
- Designing and directing system configuration and installation to accommodate network needs of client.
- Involved in migration of switches from catalyst 6500 E to catalyst 4500-X, 9500 and Nexus 9k, 7k & 9k
- Good hands on experience in data center migration from legacy to new Cisco ACI fabric infrastructure.
- Configuring and managing VMware vSphere access controls.
- Network security administrator for all user and B2B VPN configuration standards and implementations on production Cisco ASA 5520 and Cisco 5540 appliances Advise management of options, risk vs. cost, benefits, and other impacts of infrastructure solutions
- Assisted field technician over the phone to install and connect the LAN & WAN connections.
- Raise & Implement Break Fix Changes that come from incidents.
- Participating in troubleshooting the F5 LTM and APM and provided level 2 and 3 support.
- Configuring networks using routing protocols such as RIP, OSPF, EIGRP and BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
- Configuration of IP-Sec VPN tunnels to remote sites using IKEv2.Using tools like cisco works, we can monitor the remote sites connectivity
- Experience on Zscaler cloud security.
- Conduct network modeling and analysis to construct a reliable, high-performance integrated network and recommend new solutions to improve the resilience of network operation.
Environment: CISCO Catalyst 4500/6500/9500 switches, Cisco 2800/4331 ISR routers, CiscoASA 5500/5520/5540 , Nexus 9508, 9504, 7018/7010, 5020, 5548, 2148, 2248, routing protocols RIP,OSPF,BGP,EIGRP, Zscaler,Azure, VMware,AWS,F5 Load Balancer, Ansible, Palo Alto, checkpoint firewall.
Confidential, Sacramento, CA
Sr. Cloud Network Engineer
Responsibilities:
- Experience of routing protocols like EIGRP, OSPF, RIP, and BGP, MPLS/VPN.
- Worked on Cisco 6500, 7200VXR, 12000 series Router and Cisco 4500, 6509, 7613 series switches.
- Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
- Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks.
- Enhanced level of experience with QoS, OSPF, BGP, ATM, T1-T3 Frame-Relay.
- Network analysis and capacity planning experience using tools like Sniffer, Ethereal, and Top dump.
- Experience configuring Virtual Device Context in Nexus 7k,5k and 2k
- Extensive hands-on experience with complex routed LAN and WAN networks.
- Hands-on configuration and experience in setting up Cisco routers to perform functions at the Access, Distribution, and Core layers.
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution.
- Worked on F5 Load Balancers Configuring iRules, Profiles, NAT’s/SNAT’s, And Load Balancing.
- Excellent Verbal, written communication skills and Interpersonal skills with ability to work with large teams as well as independently with minimum supervision Team Player.
- Experience with Project documentation tools implementing and maintaining network monitoring systems and experience with developing network design documentation and presentations using VISIO.
- Installed, configured and maintained Cisco Routers 2800,3800, 3900, Cisco ASR 1000 Series
- Built LAN/WAN TCP/IP network comprised of Cisco Switches 6500, 6509, 7613, 3550, 4900, 2960, 2950, 2900XL, Nexus 2k/5k/7k.
- Responsible to coordinate with Vendors and ISP.
- Troubleshooting the wireless data core networks, architecture, protocols, interfaces and wireless operator's end-end network.
- Working on deployment/configuration of LWAPs, WLC, WDS and 802.11 wireless devices.
- Managed the load balancers F5 V9 BIG-IP 1500, 3400, F5 networks GTM Platform.
- Utilize WireShark and Ethereal as protocol analyzers.
- Configured and installed Cisco ASA Firewalls 5505, 5510, 5520, 5550, 5585 series.