SUMMARY

• A Cisco Certified Network Security Professional with 9 years of experience in network design, implementation, and troubleshooting enterprise networks.
• Expert in configuration and deployment of routing protocols EIGRP, RIP, OSPF & BGP for enterprise level IT infrastructure.
• Expert in configuring and troubleshooting various Switching Techniques like VTP, STP, RSTP, HSRP, VRRP, GLBP and Inter VLAN Routing and VLAN Trunking.
• Excellent hands on experience in configuring Cisco Nexus 2K, 5K, 7K switches. Also implemented VDC and VPC on the Nexus 5505, 7010, 7710 switches.
• Involved in creating multiple policies and pushing them into checkpoint firewalls.
• Experience working with multi - vendor firewalls
• Experience in network security including Cisco ASA 5500 series, palo-alto
• Firewalls (NAT policies, VPN Configurations, policies) in both standalone and HA mode.
• Experience with Web Proxy, endpoint protection and vulnerability scanners
• Deployed F5 LTM load balancer and experience in virtual server configuration, high availability, load balancing, iRules, iApps, and SSL profiles
• Hands on experience in network management tools like Solarwinds, Wireshark, Qradar, Splunk.
• Excellent problem solving, debugging skills and documentation skills using Confidential Office and Confidential Visio.
• Highly motivated with the ability to work independently or as an integral part of a team with excellent verbal/written communication skills.

TECHNICAL SKILLS

Cisco Routers: Cisco 26XX, 28XX, 37XX, 38XX, 39XX & 72XX series with IOS, IOS-XE & IOS XR.

Cisco Switches: Cisco Catalyst 3550, 3750, 45XX, 65XX series, Nexus 7000, 5000, 2000. NX-OS, Cat-OS, IOS.

Load Balancer: Cisco ACE, A10 AX series, F5 networks (Big -IP) GSS

Routing Protocols: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing.

Switching protocols: VTP, VLans, STP, RSTP, PVST, MSTP

Firewall: Checkpoint (NGX, NG AI), Cisco ASA, PIX, FWSM, Palo Alto Networks (PA2000 series).

URL Filtration: Websense.

Services: IOS and Features, Jun OS and Features, HSRP, GLBP, VRRP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management.

Redundancy Protocols: HSRP, VRRP, GLBP

Cisco Secure Access Control Server (CSACS): Tacacs+/Radius

Network Tools: Wireshark, TCP dump, Qradar, Loglogic, Netbrain, Firemon, Solar Winds, and Cisco Works.

Documentation Skills: Confidential Visio/Office

Network Operating System: IOS, IO-XR, CAT OS, NX-OS

PROFESSIONAL EXPERIENCE

Confidential

Information Security Engineer

Responsibilities:

• Implementing and updating firewall policies on enterprise firewalls using Panorama interface
• Implemented the policy rules and DMZ for multiple locations.
• Created and modified rules, diagnose and resolve LAN/WAN problems.
• Change implementation on firewalls, log analysis and troubleshooting of network access issues.
• Provided network Installation and firewall support to various internal groups for upgrades and migrations.
• IP Addressing, NAT, Basic and Advanced Filtering and Routing
• Performed filtering based on user identity, URL and device.
• Experience with firewall management tools like Firemon’s security manager.
• Making old rules app aware and creating custom applications for Confidential by capturing logs on Splunk and packet captures using Wireshark and analyzing the communication.
• Troubleshooting policy issues that arise and working with LOB’s and engineering teams to resolve issues.
• Develop and maintain quality dashboards, custom views, saved searches and alerts for internal technical operations team as well as business application owners
• Cleanup and removal of old firewall policies.

Confidential, Lauren, NJ

SOC Lead

Responsibilities:

• Managed Cisco ASAs and Palo Alto VMs to create firewall policies, VPN creations, IOS upgrades, and troubleshooting network issues.
• Configuring Prisma access for remote networks, creating security profiles such as Antivirus, anti-spyware, SSL decryption, URL filtering. Configuring User-ID for user-based firewall policies.
• Managed Mcafee IPS/IDS solutions by deploying sensors in fail-open mode, configuring policies and assigning them to interfaces.
• Setting and responding to alerts, updating signatures and tuning them.
• Worked on Imperva (Web Application firewall) to configure secure sites behind WAF for applications hosted in the DMZ network. Investigate attacks using Attack analytics to block malicious IPs.
• Experience in industry standard security best practices and vulnerability management processes and worked on vulnerability scanning tools such as Rapid7. Gather quarterly reports on hundreds of assets and analyze the security risks. Give recommendations to application owners on how to secure the infrastructure based on the reports.
• Implementation and configuration of different modules of Triton Web Proxy such as Web, Data, Email.
• Creating and editing policies to reach RL standards. Configuring exceptions for URLs. Worked on directory services for the hybrid infrastructure at RL.
• Creating and testing DLP agents before they are deployed by SCCM.
• Worked on Symantec endpoint protection, creating and editing policies based on user requirements.
• Acknowledging alerts sent from the manager. Updating signatures and licenses during off-business hours.
• Using loggers to troubleshoot user connectivity issues. Creating custom events for individual tools and responding to the events. Troubleshooting network issues between connectors, ArcMC and ESM.
• Connecting On-Premise with AWS cloud using VPN gateway during installation of new cloud environment.
• Worked on application gateway in the existing Azure environment to connect external users to web application, also modified WAF policies to suit the application. Responded to connectivity issues by analyzing logs.
• Assist in developing and maintaining security related process and procedures for the Security Operations Center (SOC).
• Managing the offshore resources and aiding to meet agreed service levels.

Confidential, KS

SOC Engineer

Responsibilities:

• Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new platforms.
• Responsible for Checkpoint firewall management and operations across our global networks. Implementing security Solutions for Checkpoint Firewalls R75, R77.
• Provide support for both Tier1 and Tier2 firewall architecture which includes various Checkpoint, Cisco ASA firewalls.
• Identify additional email security policies and controls and work within Proofpoint to manage email routing for security purposes
• Implement, install and managing Symantec endpoint and DLP solutions for more than 700 Servers.
• Perform monthly and ad-hoc vulnerability scans and analysis of scans using Nessus, Conduct vulnerability and/or compliance assessments ensuring computing assets are patched against active exploits.
• Support in the compliance aspect of information systems and applications being accredited through IT security process.
• Worked closely with Network Security Engineers to architect Global Protect security policies to enforce company security policies and PCI compliance.
• Configure rules and policies according to the security policy and needs of the users in Zscaler.
• Real Time Log analysis from different network security devices such as Firewalls (Checkpoint, Cisco ASA), Big-IP LTM/GTM.

Celgene, NJ

Senior Network Engineer

Responsibilities:

• Hands-on configuration and operational experience working on Cisco ASA, Checkpoint Firewalls (NAT policies, VPN Configurations, policies) in both standalone and HA mode.
• Security experience in deploying VPN Solutions like IPSec (site-site and client-site) & SSL VPN implemented across multiple vendors.
• Analyzing firewall change requests and integrating changes into existing firewall policies while maintaining security standards.
• Load Balancing Engineer with hands-on experience with F5 BigIP GTM and LTM. Interact with application teams to create a load balancing solution unique to their application requirements.
• Experience with hosting SSL s on F5 platforms, F5 BigIP GTM Wide IP configuration.
• Working on wireless LAN controllers Cisco 5520 and Access points such as Cisco 2800,35003600,3700,3800.
• Troubleshooting the wireless network using Cisco Prime.
• Configuring and creating mobility groups, AP groups and RF Profiles on controllers
• Implemented layer-3 Routing and layer-2 Switching with Nexus models like 5K, 7K, and 9K series.
• Developed scripts to automate network administration tasks using python.
• Installing, configuring and troubleshooting of Cisco 3800, 3600, 2800, 2600, 3900, 2500, 1800. Cabling experience (Ethernet, Fiber) and documenting each device and their RU space per rack.
• Configuring Enterprise based authentication 802.1X EAP-TLS authentication via Cisco ISE.

Confidential

Network Security Engineer

Responsibilities:

• Worked with Palo Alto firewalls PA3020, PA5020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Configuring rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Worked on ASA 5585-X firewalls configuration and Implementation for the network security.
• Configured Routing Protocols OSPF and Static routing
• Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF (route redistribution, distribute lists, route-maps, BGP attributes) on Cisco ASR 1002, 1004 .
• Migration of Juniper SSL to Cisco Any connect for remote users.
• Configure, upgrade and maintain devices to latest code releases and performance improvements
• Optimize Network Firewall rule sets to require minimum access necessary, in addition to optimal device processing.
• Knowledge of Tenants, Contexts, Bridge Domains (BDs) and Bridge Domain Pervasive SVI Gateways, Application Profile and End Point Groups (EPGs), Contracts, Subjects, and Filters to control communication between EPGs, Map statically end points to an EPG
• Troubleshoot enterprise environment for network access issues, infrastructure failures and performance degradations
• Participate 24x7 on-call rotation management for production issue resolution
• Collaborate with various IT and Non-IT functional groups to ensure effective service delivery of secure network access for internal clients for all environments
• Participate in infrastructure and security incident management processes to derive root cause and after action reports.
• Participate in on-site network and security audits related to PCI, SOX, HIPAA, etc. to demonstrate effective network security enterprise controls.
• Manage security compliance in vendor solutions.
• Provide internal and external customers and vendors with appropriate support and advice.
• Perform infrastructure changes during non-business hours, including nights and weekend

Confidential, CA

Network Security Engineer

Responsibilities:

• Experience with setting up MPLS Layer 3 VPN cloud in data center and working with Cisco IOS-XR on the ASR 9K routers for MPLS deployments
• Configured networks using routing protocols such as BGP, EIGRP and manipulated routing updates using route-map, Prefix-list and AS-Path list for on-demand Infrastructure.
• Design and implement data center environments utilizing technology's such as VPC, FEXes, Port Channel, STP, SVIs, VLANs including private VLAN on Nexus hardware 5K, 2K and 6500 series VSS, routing and switching.
• Installation of Cisco 4500 Switches, Cisco 3750 Switches, Cisco 3850 Switches, Cisco 2900, series routers, Cisco 68xx Switches, Cisco 2960 Switches, Cisco 6509 Switches, Nexus 2Ks.
• Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance, troubleshooting etc.)
• Migration from ASA to Palo Alto 3K firewalls.
• Installation of Cisco ASA firewalls across the network for various projects.
• Worked on ASA 5585-X firewalls configuration and Implementation for the network security.
• Implementation of IPSEC Site to Site VPN with direct vendors and customers. Troubleshooting phase 1 and phase 2 with the requestors.
• Monitor IDS logs filtering potentially threatening activity from normal network traffic.
• Configure and troubleshoot Intrusion Detection Systems.
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification by implementing Access control lists, NAT translations, policy map and traffic analysis.
• Good exposure in network security and networking performing system administration analysis that includes installing/configuring, DNS (InfoBlox), IP addressing scheme & IP subnetting with vlsm and using different kind of network monitoring, packet sniffing, protocol analyzing and troubleshooting tools, tcpdump, Network Monitor
• Configure and troubleshooting Firewall rules in Palo Alto Pa-3000 series using Panorama as per Business Requirements.
• Experience in A10, F5 LTM Load balancers. Creating VIPs and adding servers to VIP URLs.
• Resolved and escalated trouble tickets and conducted scheduled changes within the environment.
• Analyzed network problems and coordinated resolutions, Monitored network infrastructure traffic and access Logs.
• Responsible for Documenting workflow process, Visio drawings and implementing changes following the change management guidelines.

Confidential, CA

Sr. Network engineer

Responsibilities:

• Installed F5 Load Balancers (LTM) in data center.
• Implementing F5 BIG-IP application delivery controllers for load balancing using Virtual servers, iRules, iApps, SSL Offloading, persistence profiles and troubleshooting using TCPdump.
• Configured SNAT pools, SSL profiles and SSL termination pools on F5 BIG-IP hardware
• Worked on configuring Virtual Servers in non-production (RND, TEST, QA) and in production environment as per the business requirements on the LTM boxes.
• Implemented layer 2/layer 3 switching and managed VLAN’s and switches security. Configured redundancy protocols like HSRP and GLBP.
• Performed switching technology administration including VLANs, inter-VLAN routing and Private-VLAN. Enabled STP Enhancements to speed up the network convergence. Handled STP, VTP, VLAN related issues and tasks.
• Configured Nexus switches 2000, 5000, 7000 series.
• Configured routing protocol OSPF, BGP.
• Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
• Designed network plan of routing policies with route maps, distribution lists, access-list, and named access-list.
• Deployed and configured Layer 2 security in Server Farms by configuring switch for 802.1x port based authentication.
• Prevented STP attacks by implementing BPDU Guard, Root Guard and using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN.
• Configured Dynamic ARP Inspection to ensure that only valid ARP requests and responses are forwarded.
• Configured the traffic storm control and DHCP snooping feature on the Catalyst 6500 series switches.
• Implemented Switched Port Analyzer (SPAN) for port monitoring to analyze network traffic.
• Implemented TACACS+/RADIUS, DHCP, DNS, FTP, TFTP and active directory in branch office LAN environment.

Confidential, CA

Network Engineer

Environment: Datacenter with Cisco Switches 6509, 4500, 3700 Cisco Routers 3825, 3845, 7200, EIGRP, BGP, HSRP, GLBP,VTP, FWSM, ACE, and Blade servers.

Responsibilities:

• Involved in planning, Implementing and documenting the requirements.
• Upgrading the Cisco IOS images on Cisco Switches and routers.
• Configuring switches with VLAN, VTP, PVST, Inter VLAN routing, trunking and port security using the 802.1x authentication for all switches and following Cisco’s best practices.
• Implemented dynamic routing protocols EIGRP in datacenter routers for providing connectivity and BGP for internet redundancy using more than one ISP.
• Deploying Layer 2 security in Server Farms by configuring switch for 802.1x port based authentication.
• Configuring and maintaining TACACS+ servers for AAA authentication and user authorization.
• Responsible for troubleshooting Routing issues in BGP, EIGRP and the Connectivity issues with other datacenters and branch offices.
• Configure firewall security policies for server farm using Access Control List in Firewall switching modules.
• Managed route redundancy for core routers using HSRP, GLBP and configured ether channel between service layer switches to enhance bandwidth usage.
• Worked on Content switching module (CSM) and Application Control engine (ACE) for load balancing in server farms.