Network Security Engineer Resume
4.00/5 (Submit Your Rating)
Urbana, MD
SUMMARY
- Around 8 years of experience in IT as Network Engineer with focus of design, implementation, troubleshooting and documentation of LAN/WAN systems in global and Data Center Environment.
- Expert level knowledge of troubleshooting, implementing, optimizing, and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP, MPLS and ability to interpret and resolve complex route table problems.
- Excellent knowledge and experience on different vendor’s like Cisco ASA (Firepower), Palo Alto, Checkpoint (Smart Console/MDS), BIG - IP F5 Load Balancer
- Implementation of traffic filters on Cisco routes using Standard and extended Access list.
- Hands on experience working with Cisco Nexus 9K, 7K, 5K & 2K Switches.
- Worked on NXOS, IOS, and IOS-XR to N7K-NXOS (MPLS) system test.
- Experience with installation, configuration, and management of various flavors of firewalls. Eg: Juniper, Cisco ASA 5500 & 5500-x with different options. Checkpoint(21K/23K/44K/64K) Palo Alto (3K/5K).
- In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
- Expert in Data Center Technologies such as VPC, VDC, VSS, STP, FCoE, OTV & Fabric Path
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, RSTP and MST.
- Good knowledge about Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management.
- Hands on experience in Security policies including NAT, PAT, VPN, Route-maps, VPN Concentrator and Access Control Lists.
- Experience in configuration of Network architecture on AWS with VPC, Subnets, Internet gateway, NAT, Route table.
- Good knowledge and expertise on Risk and Vulnerability assessment, cyber security tools, Malware protection, Data Leak Prevention (DLP), URL filtering, Threat Prevention and Penetration Testing.
- Experience on Virtual Private Network (VPN) for operating Network and Data Center.
- Network analysis and troubleshooting tools - Sniffer Pro, Wire shark.
- Efficient at use of Microsoft VISIO, GNS3 as technical documentation and presentation tools.
- Exceptional experience working in fast-paced, deadline-oriented environments.
TECHNICAL SKILLS
- Firewalls
- Load Balancer's
- LAN/WAN
- Cisco Routers & Switches
- F5 BIGIP
- Checkpoint
- Wireshark
- BGP, OSPF, EIGRP, MPLS
- DNS/DHCP
- AWS
- Troubleshooting
- Virtual Private Network (VPN)
- Citrix NetScaler
- SolarWinds
- Zscaler Cloud Proxy
- Cisco ISE
PROFESSIONAL EXPERIENCE
Confidential, Urbana, MD
Network Security Engineer
Responsibilities:
- Lead data center migration project with senior level design engineers for various managed customers. Provide specifications and detailed schematics for network architecture as well as expertise in hardware/software interconnection and interfacing such as routers, switches, firewalls, and voice deployments. Assisted with pre and post break out teams to come up with unique fork lift strategies for new and existing application landscapes.
- Primarily responsible for managing the Routing/Switching, F5 Load balancer and Palo Alto firewall infrastructure of the client environment with DNS Infoblox.
- Increased concurrent connections on Palo Alto firewalls and enabled aggressive aging on different service objects to improve connections and resolve intermittent issues. (Vcenter servers are having communicating to VM hosts).
- Performed Deep packet inspection by packet capturing commands/tools such as TCPDump, Wireshark, Pcap files, WinSCP to analyze the packet and understand the nature of the issue.
- Modified crontab settings on Palo Alto firewalls to point to different NTP server to retrieve time (time synchronization).
- Managed Cisco IDS/IPS devices for signature tuning and updates, monitoring and IP logging.
- Designed, developed, and implemented multi-tiered Splunk log collection solutions.
- Responsible for the new design and implementation using the Amazon Web Services AWS, Virtual Private Clouds VPCs. Created a MS Visio representation of the requirements from ITA. Studied the complexities of the Palo Alto firewall, Cisco CSR 1000v and AWS VPCs for IPSEC tunnels from four VPCs to communicate seamlessly.
- Presented a design with the CSR1000v to use a 250Mbps standard license to handle the VRF Lite routing and NATing needed for the four AWS VPCs. Then to send all traffic to the Palo Alto firewall for VPN termination on one interface/subnet.
- Migrated connections from UCS domain connected to distribution Switches to new ACI network.
- Experience working with the Cisco IPS module which allows IDS or IPS inspection of all traffic passing through the firewall.
- Rolled out ZappZPA across the company on users workstation and onboarded internal applications to ZPA.
- Troubleshot and rapidly resolved user access issues to Internet resources by optimizing the Zscaler settings or creating PAC file exceptions to bypass the proxy service. Configured and supported providing access to WebEx and Zscaler nodes from the MPLS network without traversing external Internal Firewalls.
- Defined and managed the implementation of PCI DSS Security compliance.
- Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance.
- Created a AAA configuration template for over 50 Cisco ASA Firepower.
- Redesigned the Cisco ASA Firepower r firewall application inspection policies to ensure use of Layer 7 deep protocol inspection and validation in addition to Layer 2 - Layer 4 firewall rules.
- Implement the Global Protect VPN, IPSec VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity.
- Accountable for the maintenance and functioning of 1200 LWAPP/CAPWAP access points.
- Implemented secure wireless access enterprise wide using the highest possible wireless security encryption coupled with RADIUS and TACACS.
- Configured Palo Alto Firewall for outbound SSL decryption with URL filtering.
- Virtualized and migrated legacy F5 v10 appliances with over 5000 VIPs and 12000 pools to F5 TMOS v11, vCMP across 3 global data centers, including substantial iRules updates to support the new architecture.
- Create and facilitate policy and procedure to lead the company through HIPAA and SOX controls.
- Designing, Configuration, Monitoring and Troubleshooting for Data Center Backbone Routers Which Includes Cisco CRS-1, 7606, ASR1K, ASR9k, ASR920, and Cisco Optical network devices.
- Trained and experienced in products like Extrahop and Gigamon.
Environment: Palo Alto PAN 4050, PAN 5050/5060 Firewalls, NAT/PAT, Cisco ASA Firepower, Cisco ISE, Routing & Switching, F5 LTM/GTM/ASM, Zscaler Cloud Proxy, ZPA, AWS, Access Points, PCI, HIPAA, Direct Connect, R53 Site-Site VPN, VPN concentrators.
Confidential
Network Engineer
Responsibilities:
- Involved in complete LAN, WAN, Extranet redesign (including IP address planning, designing, installation, Pre-configuration of network equipment, testing, and maintenance) in both Campus and Branch networks.
- Working with local IT personnel on troubleshooting, problem determination, diagnosis of performance issues, bandwidth issues, throughput traffic prioritization to improve overall application response time across WAN.
- Managing the entire OC data center, configure, troubleshoot, and support Cisco routers (2900 and 3900 series, 1002/1004 ASR), Switches (3800, 6500, 4500 series, Nexus 7K, 5K and 2K).
- Provide network engineering and technical support for complex network related incidents, changes and projects.
- Monitor and maintain wireless Access Point Network for Confidential sites via Cisco Prime. This includes AP Alarms, Up/Down alerts, Configuration issues, Break / Fix requests and Facilitate Replacement reinstallation with third party hands and feet vendors at remote sites Wireless Trouble tickets and Database Maintenance. AP’s include 1100 series, 3500 series and 3700 series
- Coordinate, install and maintain appropriate network systems and hardware as part of ongoing transformation/migration project in the county.
- Installed jumbo hotfix take on Checkpoint provider servers to fix SNMP discovery issue using version 3 protocol.
- Troubleshooting complex Checkpoint issues, Site-to-Site VPN related
- Replaced firewall clusters with new hardware.
- Installed and configured the latest CDT versions on our production MDS Performed layer 2/layer 3 switching configurations like 802.1q trunking, Inter-VLAN routing, port-security, STP and Etherchannel configurations.
- Troubleshooting the FortiGate 60d firewall and FortiGate 124d switches in live environment.
- Responsible for Cisco ASA Firepower firewall Administration; troubleshoot ACLs, NATs, and VPNs.
- Accountable for the design and deployment of new wireless technologies that span throughout 260 buildings across Orange County.
- Experience with configuring OTV between the data centers as a layer 2 extension.
- Handled SRST and implemented and configured the Gateways, Voice Gateways.
- Troubleshoot/Maintained/Implemented Routing in an MP-BGP enterprise environment.
- Hands on experience on FortiGate 200E,400E,800D,2500E and 3300 E.
- Troubleshooting the FortiGate 60d firewall and FortiGate 124d switches in live environment.
- Migrated a Cisco ASA firewall to FortiGate using Forti Converter.
- Configured VDOM on FortiGate Firewall.
- Implemented Zone based firewalling and authentication profiles and Fortinet Firewall.
- Firewall deployment, rules migrations, firewall administration and migrating existing rule based onto Fortinet Firewalls.
Environment: LAN/WAN, DNS, DHCP, DDNS, TFTP, IP4, VPN concentrators, Fortinet Firewalls, Cisco Catalyst 6500/4507/3850/3560 Switches Nexus 7K/ 5K /2K, Cisco ASR 1002/1004, ISR 2911/2921/2951 , VG 202/204/310, Cisco ASA Firepower, NAT / PAT, IPsec.