We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

SUMMARY

  • Over 8 years' involvement in executing field data communication, designing and networking, background in security, switching, firewall and support of long - range communication systems and Nexus 9K,7K, 5K and 2K.
  • Extensive knowledge in configuring and deploying Next Generation Firewalls including Palo Alto, Cisco ASA and Checkpoint Firewalls.
  • Expertise installing, arranging, and keeping up Cisco Switches (2900, 3500,3700, 6500,9300).
  • Expertise installing, arranging, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600,1800, 1700, 800).
  • Experience in configuring profiles, monitoring VIP’s, Pools in F5 load balancer(LTM/GTM)
  • Strong comprehension in system related administrations including IP multicast, policy-based routing, ether-channel, QoS, stack adjusting and VoIP telephony.
  • Proficient in installing, configuring and troubleshooting LAN, WAN, VLAN, VXLAN, VTP, DTP, STP, RSTP, MST and PVST.
  • In-depth learning on involvement in Tier II ISP Routing Policies, Network Architecture, IP Sub netting and Firewalls.
  • Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, IGRP, BGP, MP-BGP, MPLS, DMVPN etc.
  • Experience in configuring network security over Access-Lists, NAT (Network Address Translation).
  • Experience working with Nexus 7010/Nexus 7018, 5020, 2148, 2248 devices and configuring VPC, VDC and ISSU Software upgrades on Cisco Nexus 7010.
  • Proficient in wired/remote system setup, Linux and Windows organization and system testing, Cisco IOS, Linux/Windows operating systems and VMware virtualization.
  • Skilled in investigating and main driver examination. Noteworthy experience working in quick paced, due date situated conditions. Excellent relational, communication and organizational skills with the capacity to collaborate viably at all levels of the association.
  • Expert in configuration of Virtual Local Area Networks (VLAN’S) using Cisco routers and multi-layer Switches along with trouble shooting of inter VLAN routing and VLAN trunking using 802.1q.
  • Experience working with Nexus 7010/Nexus 7018, 5020, 2148, 2248 devices and configuring VPC, VDC and ISSU Software upgrades on Cisco Nexus 7010.
  • Operating Microsoft windows server 2016, 2012, 2008, 2003, 2000, NT, private company server administration windows 10, 8, 7, Vista, XP, 2000, NT, 95/98, Exchange 2010, 2003, 2000, 5.5, Terminal Services, Citrix, Novell Netware 5.x,6.x, MS Active Directory, TCP/IP, DNS, DHCP, Cisco VOIP Management. VMware vSphere 4, 5, Mitel VOIP.
  • Monitoring the IRI infrastructure using the SolarWinds monitoring tool which includes Windows, Linux, storage, database and network, citrix. Adding and removing the servers into SolarWinds as per the request.
  • Responsible for designing, documenting, and implementing network infrastructure for both on-prem and hybrid cloud infrastructure

TECHNICAL SKILLS

Router: 800, 1800, 2500, 2600, 2800, 2900, 3600,3750,3800, 7200

Wireless Devices: Aruba AP- 105, 205, 275 Cisco AP-1200, 1800, 3500, 3600, 3800

Academic skills: Linear Optimization, DOE, Programming for Analytics, Random Forest, Regression models, Decision Trees, Support Vector Machines, Citrix Netscaler(ADC)

Lan protocol: VLAN, PVLAN, VTP, Inter-vLAN routing, ISL, dot1q, STP, IS-IS, RSTP, MSTP, ISL PVST, LACP, HSRP, GLBP, VPC, VDC, Ethernet, Port security.

Wan technology: VLAN, PVLAN, VTP, Inter-vLAN routing,VXLAN, ISL, dot1q, STP, IS-IS, RSTP, MSTP, ISL PVST, LACP,SD-WAN,HSRP, GLBP, VPC, VDC, Ethernet, Port security.

Networking security: Knowledge of Firewall, ASA, Cisco FWSM/PIX/ASDM, Cisco ISE, Sourcefire IPS/IDS, Cisco NAC, IPsec, Nokia Checkpoint NG, IPS/IDS(Snor), VPN

Documentation: MS Visio, MS Office Suite, MS onedrive

Platforms: Cisco IOS, Cisco NX-OS, Cisco IOS XE, LINUX, Windows 2000/2003/2008 Server

Load Balancer: Cisco ACE load balancer, F5 Networks (Big-IP)

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Firewalls: Cisco ASA 5525, 5545, Juniper SRX 1400, 4100, Palo Alto PA 7000, Fortinet 100E,200E, Fire power 9300

PROFESSIONAL EXPERIENCE

Confidential

Sr. Network Security Engineer

Responsibilities:

  • Over 15 Firepower 2600 devices Series security appliances in standalone and high availability configurations.
  • Completed project to evaluate Cisco Next-Generation Firepower 2600 Series security appliances for both the virtual Firepower Threat Detection and the Virtual ASA modules to increase security in a production environment.
  • Perform testing of all SourceFire IPS/NGFW appliances and open source snort. Create packet captures and snort rules to test SourceFire sensor operation and verification of traffic.
  • Troubleshot problems with site-to-site VPN's and internet connectivity issues. Provided Tier 3 support on SourceFire IPS/NGFW sensor placement and deployments.
  • Design and Implement Cisco FirePower services for Threat Centric.
  • Configure and Install Cisco NGFW FMC and FTD firewalls at multiple customers support over Cisco Firewalls Cisco ASA 5500, Series 5500 - X, and Cisco Next-Generation Firepower 4100 Series security appliances in standalone and high availability configurations
  • Hands-on experience in deploying GRE tunnels, Remote Access VPN and Site-to-Site VPN .
  • Creating IP-prefix-list, route-map, distribution list for performing route manipulations.
  • Implementation of Site-to-Site VPNs and DMVPN over the internet using IKE Phase 1 and IKE Phase 2 based on traffic with ASA 5500 series Firewalls.
  • Implemented Site-to-Site VPNs between ASA Firewall and Router
  • Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling
  • Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with PIX Firewalls.

Confidential

Network Security Engineer

Responsibilities:

  • In-depth knowledge in designing, implementing, configuring with best practices on NexGen IDS/IPS Firewalls such as Palo Alto.
  • Upgrading the code from Pan OS 7.1.X to 8.0.X. Experience working on Panorama M100. Migration from Cisco ASA to PA firewalls.
  • Configured Log Forwarding to forward logs from the firewall to Panorama and then configured Panorama to send logs to the servers.
  • Collaborating with Application owners, Network Team, DNS Team, and Firewall Team, to migrate applications from Legacy Cisco Load Balancer to New F5 BIG-IP Local Traffic Manager.
  • Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
  • F5 BigIP pools, monitors, profiles and VIP's configuration and troubleshooting.
  • Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
  • Provided design, administration and maintenance of Nexus 9k, 7k, 5k, ASR 1004, 2911, ASR 1002, ASR 1001, Catalyst 9300, Catalyst 3650, Palo Alto firewalls with panorama, CUCM and Meraki devices.
  • Worked on Meraki GUI to control, configure, deploy and maintain MX65, MS120, MX100 and access points.
  • Configuring Aruba 7005 and 7010 with IAP 315 and 325 for Deployment into Ships using eleven wireless and NMD, Clear pass and a radius server
  • Cisco Wireless Controllers configuration with Guess Anchor Controller for guest wireless .Setup wireless in outdoor for security to use cisco Phone on campus
  • Assisted in Installing Panorama centralized management system and added Palo Alto firewalls to monitor and configure ACL changes.
  • Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA3060, to central manage the console.
  • Managing around 300 DNS and DHCP Server using Vital QIP environment and Infoblox Grid Manager.
  • Providing end to end/on-call supprt for DNS/DHCP/IP related issues.
  • Performing Change controls which involves addition/deletion/swaps/moving of RRs based on DNS request for both internal and external (public) DNS environment.
  • Extensive experience in layer-3 Routing and layer-2 Switching. Dealt with Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series, Cisco catalyst 6500, 4500, 3750, 3500 and 2900 series switches.
  • Experience in installing and configuring DNS, DHCP server and Windows 8 and Windows 12 servers.
  • Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
  • Knowledge of PAN-OS 7.0.0 to 8.0.2

Confidential - Lowell, AR

Sr. Network Engineer

Responsibilities:

  • Documenting system design utilizing instruments, for example, MS Visio, MS Excel and MS Word to portray physical and sensible affiliations and incorporations.
  • Updating documentation and database of client's condition according to security gauges with month to month Excel reports. Great comprehension of outlining system graph answers for customers utilizing VISIO and PowerPoint.
  • Monitored the MPLS organize and composed new circuit establishments.
  • Configuration and establishment CISCO routers 800, 1800, 1900, 2800, 4300, arrangements.
  • Provided LAN support to 2500 employees. Managed over 800 sites working with local and long distance carriers to isolate and restore service to exiting USDA facilities
  • Configuration and establishment CISCO switches 2500, 2600, 2900, 3500, 4000 and 9000 arrangements.
  • Worked with a successful Cisco Partner to migrate ASA firewalls to Cisco FirePower 9300 firewalls with throughput up to 1.2Tbps crushing the current slow ASA. Responsible for the end to end design of the solution and then the migration of the policies, NAT settings, routing, logging, and VPN configuration.
  • Review the client's ASA configuration and map it to Cisco FirePower 9300 features.
  • Use configuration text files and screen shots with eventual access into the ASA firewall to map objects, firewall rules, and NAT configuration to the Cisco world.
  • Understand MPLS configuration and authentication settings to migrate routing over to the FirePower platform
  • VPN Configuration between Site-to-Site and Site-to-Remote.
  • Operational bolster and investigating creation issues over nature.
  • Setting up VLANS and arranging trunk on Fast-Ethernet channel between switches.
  • Worked on Wan Modernization project, Upgrading switches and router in the client sites with new network ip scheme.
  • Site survey ran Heat-map, AirMagnet Survey tool. Supervised wireless site installation using Aruba / Cisco controller base unit, 104 &105, Cisco Aironet, AP's and configuration of 802.11 a/b/g/n Wireless Network equipment. Aruba AOS Controller & IAP.
  • Sites more than 100 been upgraded from Aruba to Cisco AP 1832i, VLAN’s and arranging trunk on POE channels between the switches.
  • Configured Azure Network Watcher for IT Security and IT Operations to monitor communication between a virtual machine and an endpoint, view resources in a virtual network and their relationships, diagnose network traffic filtering, network routing, and enable packet captures to and from a VM.
  • Installing APC UPS 450, 850, 1500, 3000 in client sites, configuring the network card and replacing the batteries.
  • Monitor Wireless LAN Controllers and remediate missing wireless access points.
  • Configure network devices, including Cisco routers, switches, firewall, wireless LAN controllers and access points in a highly available clinical environment.
  • Rack and stack network equipment and conduct testing and tracing of network cables.
  • Document all network changes and implementations.
  • Monitor network with SolarWinds and Cisco Prime. Upgraded Cisco Prime VM from V2.0 to v3.0.2.
  • Experience with utilizing F5 Load balancer in giving overall information and record sharing, constant web network, advanced web execution.
  • Knowledge in implementing and configuring F5 Big-IP LTM-6400 load balancers.

Confidential - Omaha, NE

Sr. Network and Security Engineer

Responsibilities:

  • Configuration of VPNs to make IPsec/GRE tunnels in the middle of branch workplaces and central command.
  • Troubleshooting and settling Remote Access IPsec VPN issues.
  • Responsible for turning up BGP peering and client sessions, controlling BGP characteristics and investigating BGP steering issues.
  • Configuration, testing and execution system, firewall and security arrangement with apparatuses, for example, Cisco Checkpoint firewalls and Palo Alto.
  • Deployed Active/Standby modes of High Availability (HA) with Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on the application of Active/Active HA mode.
  • Was part of a team tasked with developing a Managed Security Solution. Acquired and tested many firewalls. Suggested, and eventually used Fortinet solution for client deployment.
  • Worked as L2 & L3 support engineer, Configuration/Implementation engineer in previous organisations and working as SD - WAN engineer in present orgainsation.
  • Add, erase, and adjust governs on ASA and Palo Alto for organizing activity according to arrange security strategies.
  • Administration and investigating of Linux Red Hat Windows 2003,2008 Servers, DNS/DHCP
  • Configuring firewall lead base, door articles, and VPN people group in Checkpoint firewalls.
  • Design and usage of an MS Active Directory/Standby answer for the association to give repetition and adaptation to internal failure utilizing Hot Standby Router Protocol (HSRP).
  • Monitoring and investigating system's execution on OSI layers 1, 2, and 3 for LAN and SD-WAN utilizing SNMP, syslog, tcpdump and Wireshark.
  • Configuring OSPF as the essential IGP with multi-zone OSPF which incorporates stub territories and not all that thickset zones (NSSA). Redistribution of RIP and EIGRP into OSPF.
  • Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
  • Created and oversaw VLANs on the changes to give QoS arrangements.
  • Implementing and Filtering Traffic utilizing Access control list (P) and designing NAT/PAT.
  • Review and test switches and before conveying them underway system according to customer necessities.
  • Updating documentation and database of client's condition according to security gauges with month to month Excel reports. Great comprehension of outlining system graph answers for customers utilizing VISIO and PowerPoint
  • Preventing VLAN bouncing assaults and moderating parodying with snooping and IP source monitor.
  • Responsible for the implementation, migration and customization of customer DNS. Implemented F5 LTM and GTM changes using CLI (TMSH and advance shell) configurations and Experienced in administration of F5 infrastructure.
  • Provided Load Balancing towards get to layer from center layer utilizing F5 Network Load Balancers.
  • Troubleshooting the issues with the application owners hosted on the F5 environment in the 3- tier environments. Maintaining the SSL certificates for various applications hosted on the F5s and servers on the hardware.
  • Installing the F5 TMOS upgrades/downgrades, Hot-fix installations depending on Business need. Involved in outlining L2VPN administrations and IPSEC VPN validation and encryption framework.
  • Configuring, Monitoring and Troubleshooting Check point security apparatus, Failover DMZ zoning, VLANs/directing/NAT with the firewalls according to outline
  • Configured BPDU Guard, port-quick, uplink quick and other crossing tree highlights.

Confidential - Framers Branch, TX

Network and Security Engineer

Responsibilities:

  • Implementation, managing and designed authorized Palo Alto, Cisco Network.
  • Security Device - Palo Alto/ASA Firewalls, Source fire IPS/IDS, VPN.
  • Prepared introductions and Visio graphs.
  • Used load balancers ACE and load balancing technique with multiple components for efficient performance and to increase reliability through redundancy.
  • Checkpoint Firewall design and Maintenance Support of state organize firewalls and end-client Virtual Private Network (VPN).
  • Day-to-day work includes changes on the Checkpoint Firewall utilizing the Smart Dashboard NGX R70 programming and interfacing through Smart Center administration. Verification is finished utilizing a RSA SecurID.
  • Monitored the MPLS organize and composed new circuit establishments
  • Exposed to best practice plan and Implementation system
  • Identified, detached and settled system security issues
  • Work on various systems administration ideas and directing conventions like BGP, EIGRP, OSPF, VRFS, Tunnels, L2TP, and VPLS and other LAN/WAN innovations.
  • Managed remote access Palo Alto, Cisco VPN, webvpn and AnyConnect
  • Performed interruption location and interruption avoidance utilizing Cisco Sourcefire IDS/IPS
  • Experience with Problem and Change Management procedures and applications
  • Extranet changes to Cisco 6513, 6509 and 7204 arrangement gadgets including FWSM firewall changes, steering exchanging changes and Juniper Net screen based SSL VPN and ISG.
  • Creating object, gatherings, refreshing access-records on Check Point Firewall, apply static, shroud NAT utilizing savvy dashboard.
  • Configuring and deploying Aruba Networks Wireless systems for local small business.
  • Troubleshooting network issues on the firewall utilizing savvy see tracker, screen strength of the machine utilizing brilliant view screen and so on.
  • Support steering conventions including BGP and OSPF directing, HSRP, stack adjusting/failover designs, GRE Tunnel Configurations, VRF setup and support on the switches.
  • Documenting and Log investigating the Cisco PIX arrangement firewall
  • Configured BGP for CE to PE course promotion inside the lab condition
  • Spearheaded gatherings and discourses with colleagues in regard to organize streamlining and in regard to BGP issues.

Confidential, Sanjose, CA

Networking Engineer

Responsibilities:

  • Bandwidth investigation, activity administration and observing of Cisco Routers and Links
  • Understanding and Implementation of IPSEC and GRE burrows in VPN innovation.
  • Design and execute OSPF organize for dependable access conveyance and to work as the centre steering convention.
  • Designing and sending L2 benefit including VLANs, STP, Trunking and Ether channel.
  • Designing of SD-WAN structure to avoid single purpose of disappointment in the event of connection disappointment.
  • Implementation of stately and serial failover for PIX/ASA firewalls and load adjusting highlights.
  • Use of investigating instruments, for example, session follows and parcel catches to aid underlying driver.
  • Configuration of access records, prefix-records and course maps for holding fast to security strategies of the association.
  • Monitoring system execution, arrange disappointments and blockage issues utilizing Solar winds and Wireshark.
  • Planning and Implementation of Sub netting, VLSM to ration IP addresses ACI micro segmentation
  • Assisting staff with the establishment, design, and progressing ease of use of desktop PCs, fringe gear and programming inside built up norms and rules.
  • Configured STP for circle counteractive action and VTP for Inter-VLAN Routing.
  • Administration and investigating of Windows 2003 Servers, DNS/DHCP.
  • Implementation and support of standard access-records and stretched out access rundown to new clients.
  • Configuration and establishment CISCO switches 2500, 2600, 3200 and 4000 arrangements.
  • Continuously evaluating hazard and prescribing answers for guarantee the uprightness and strength of the undertaking system.
  • Monitoring, investigating and settling issues in EIGRP and OSPF directing.
  • Create and look after quality, arrangement and upkeep documentation including composed reports, exact part naming and specialized charts.
  • Monitor activity and access sign keeping in mind the end goal to investigate organize get to issues.
  • Installation and operational help for Windows 2000/2003 Servers and Windows workstations.
  • Technical help for LAN/WAN administration and complex client issues.

Hire Now