- Over 12+ years’ experience in designing and deploying end to end Cloud/Network Security solutions for large scale enterprises in Finance and ISP domains. Expertise in performing advanced troubleshooting during productions rollouts.
Cloud: Amazon AWS and Microsoft Azure
Network: LAN/WAN Technology and Cloud. Protocols - BGP, EIGRP, OSPF, VLANs, Ether Channel, 802.1Q, RSTP, MST, QoS, PIM-SM, PIM-DM, MSDP, VPNv4, GRE, IPSec.
Cloud AWS: EC2, S3, ELB/ALB, Glacier, Route53, CloudWatch, CloudTrail, security groups and NACL, CloudHSM and IAM, Splunk, Checkpoint Cloudguard, WAF, Amazon Guard Duty, Amazon Inspector, AWS Shield.
Firewalls: Checkpoint Security Appliances, Juniper SRX Firewalls, Juniper NetScreen Firewalls, Palo Alto Firewalls, Cisco ASA Firewalls
IDS/IPS: Checkpoint, Palo Alto and Sourcefire
Vulnerability and Threat Management: Skybox and Damballa
Application Security: Siteminder, SAML, MFA
Endpoint Threat Detection: Forescout Counter ACT
SIEM: Arcsight, Splunk, Skybox, Sourcefire, Algosec, Scrutinizer and HP Openview
Networking Hardware: Cisco ASRs, Nexus routers, Catalyst Switches, Juniper MX Series and Arista switches
Wireless Hardware: Cisco Wireless and Aruba Controller.
Load Balancers: Citrix NetScaler and F5
Tools: Microsoft Project, Visio, Servicenow and Remedy
CLOUD/NETWORK Soltuion architect
- Hands on Network Security Architect supporting the design and Implementation of security initiatives in 160 countries.
- Designed and implemented scalable solution for migration of various on-premise applications and infrastructure to cloud using AWS services like EC2, S3, Glacier, ELB, SQS, SES, SNS.
- Built and configured data center in AWS cloud by implementing Virtual Private Cloud, subnets, security groups, Network ACLs (NACL), Elastic load balancer, auto scaling.
- Configured and Maintained IAM user accounts for development, QA, Production servers and created roles for EC2, RDS, S3, Cloudwatch resources for communication with each other.
- Enhanced AWS security with CloudHSM, central policies using AWS Firewall Manager for WAF, implemented Amazon Guard Duty for continuously monitoring and analyzing threats, Amazon Inspector for security assessments and AWS Shield for additional DDOS protection.
- Analyzed applications and developed best practices for security controls using DevOps methodology for application access that included encryption, isolation and logging for migration into AWS cloud.
- Implemented Splunk in the cloud and set up custom alerts and lamda workflows to fortify security.
- Built hybrid cloud by connecting onsite Data centers to AWS using Checkpoint CloudGuard to ensure seamless asset protection in the cloud and also integrated Splunk capabilities in the cloud.
- Evaluated various automation/configuration management tools such as Chef, Puppet, Ansible.
- Reviewed, optimized and implemented Citi Service Provider Network Architecture for connecting Citi Data Centers to Cloud providers like Amazon AWS, Microsoft Azure, IBM Soft Layer and Google Cloud Platform.
- Worked as an SME to Design and Implement Network Solutions Checkpoint, Palo Alto, Juniper, Forescout, Damballa, Arista and Cisco (IOS, IOS-XR, IOS-XE, NX-OS) implementations using various routing and switching protocols such as BGP, OSPF, EIGRP, 802.1Q, MST, RSTP, PVST+, LACP, PIM-SM.
- Built 50+ Checkpoint M2/M8firewalls running R60/65 to R77.30 Gaia spanning 160 countries including advanced troubleshooting support ensuring business checkouts with ZERO severity 1/2 outages.
- Deployed 30+ Palo Alto firewalls in various environments for IDS, anti-virus/anti-malware, SSL decryption including application whitelisting.
- Managed a CIO council project for deploying 70+ Forescout CounterACT devices with Enterprise Managers covering 500k endpoints providing threat detection and response capabilities for all wired/wireless and VPN end points.
- Provided hands on Level 3 troubleshooting support during Change calls for Checkpoint, Palo Alto, Juniper, Forescout, Damballa, Arista and Cisco implementations.
- Analyzed application firewall rules using Algosec and Skybox to provide secure implementations of Siteminder for Federated Identity.
- Conducted research focused on identifying emerging technology solutions that reduce costs, increase efficiencies, reduce risks, and increase security in vulnerability and threat management, DLP including information classification and application security best practices.
NETWORK security architect
- Configured and Managed Cisco switches 6500 series, 3750 series, Juniper IDPs, Check point firewalls, Ironport proxies.
- Designed and implemented network solutions using HSRP, VLANs, PVLANs, 802.1Q, EtherChannel, MST, OSPF, BGP, DNS, DHCP.
- Provided level 3 SME support for Operations tickets. Responded, isolated, and resolved network/security issues
- Participated in Daimler processes, trouble ticket system, reviewed and prepared knowledge base documents and reports
Senior network engineer
- Provided technical support for Juniper products and networking technologies to Juniper's customers and partners’ world-wide.
- Assisted Juniper customers in configuration, troubleshooting and managing security devices.
- Analyzed problems and identified solutions using debugging tools and lab simulations. Provided solutions to customers within the pre-defined time limit as per the severity and priority.
- Coordinated with Advance TAC for product enhancement.
- Contributed technical documents and enlarged the knowledge database.
SENIOR network engineer
- Reviewed client's requirements and provided solutions based upon project requirements.
- Participated in design reviews to ensure integrity of the solution.
- Designed and Implemented IP MPLS backbone Network, OSS/BSS Flow including OMS, PMS (Metasolv), SLA (Micro mouse), Billing (Elite core), Storage and Backup Solution for MTNL Mumbai
- Designed, configured MPLS network for IPTV, VOIP, High speed Internet services, L3VPN, L2VPN.
- Owned the Acceptance Testing of MTNL MPLS network and completed successfully.
- Administered and Managed MTNL MPLS project maintenance to ensure that the faults are closed within defined time lines.