- Good experience in researching, implementing and administering network security solutions. Skilled in supporting and troubleshooting operational issues related to network security Infrastructure Worked on layer 2 protocol such as STP, VTP, RSTP, PVSTP, MST and configuring switches from scratch.
- Expertise in implementation, administration, analysis and support of LAN and WAN.
- Experience in Cisco Routing, Switching, Cisco ASA firewall with Firepower, F5 Load Balancer with strong Cisco hardware/software experiences.
- Hands on experience in configuringCheckpointR77.10 R77.30, Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Load Balancers & CiscoFirewalls
- Configuring rules and maintainingPaloAltofirewalls & analysis of firewall logs using various tools.
- Experience working with Cisco ASA 5585 - X with firepower firewalls with Firewall rules, IPSEC VPN, NAT, Active-Standby Failover, OSPF and Any Connect VPN technologies.
- Worked on Cisco IOS for configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, IGRP and RIP.
- Expert Level Knowledge about TCP/IP and OSI models.
- Experience in being Domain Admin - Active Directory: DNS, DHCP, WINS, all groups and accounts, GPO creation, editing and deploying.
- Worked on Juniper devices like M, MX,T routers on advanced technologies like, MPLS VPNs, TE and other service provider technologies.
- Seasoned professional in Checkpoint firewall policy administration and support between various zones.
- Expert level noledge in IP Routing and WAN protocols (BGP, EIGRP, OSPF, ISIS).
- Good noledge of Networking Protocol such as IGRP, IS-IS, RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, IPv4 and IPv6, LAN, WAN, MAN, VRF, VTP, NTP, HTTP, HTTPS.
- Profound Knowledge of LAN Technology like Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q.
- Solid Knowledge of Linux, RHEL, CentOS, Windows, Unix Operating systems
- UsedPaloAltoDashboard to monitor servers and status of firewalls.
- Avid learner with proven capability to implement new technologies to its detail level.
- Knowledge about Infrastructure Service such as DNS, DHCP, SMTP, POP3, FTP, TFTP, MLPP.
- Has very good noledge of operating system such as Windows 7/8/10, Windows Server 2008/2003, Linux, UNIX.
- Good noledge about Networking Protocol such as PAGP, LACP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4, IPv6.
- Good noledge on AWS Implementations.
- Working noledge with monitoring tools such as Solar Winds & network packet capture tools such as Wireshark and Cisco packet tracer.
Firewall: Cisco ASA firewall, Sophos firewall, Checkpoint firewall, Palo alto firewall
Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLAN, VTP, NTP, PAGP, LACP, HSRP, MPLS, VRRP, GLBP, TACACS+, Radius, AAA, IPv4, IPv6
LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, Poet-channel, VLAN, VTP, STP, RSTP, 802.1Q
WAN technologies: Frame Relay, ISDN, ATM, MPLS, DS1, DS3, T1/T3, SONET, Leased lines
Security protocols: IKE, IPSEC, SSL-VPN
Tools: GNS3, Packet Tracer, Riverbed (OPNET), MATLAB, Wireshark, LabVIEW
Operating System: Windows XP/7/8/10, MAC OS X, Linux, Unix, Windows Server 2008/2003
Confidential, Los Angeles, CA
Sr. Network security Engineer
- Planned, coordinated, implemented and supported the 802.11x, VPN over wireless, security, LAN/WAN hardware, software and Internet/Intranet/Extranet integrationnetworkconnectivity, diagnosednetworkfailures and resolved any problems.
- Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2Kseries, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
- Hands on experience for Implemented Zone Based Firewall and Security Rules on thePaloAltoFirewall.
- Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR.
- Primary Role includes maintaining and monitoring the security of the IMF through various security tools such asCheckpointand Cisco ASAFirewallsand IPS/IDS instruments.
- Configure and deploy network security me.e. ASA 5508x and support IDS/IPS Source fire, Cisco Fire SIGHT management.
- Experienced in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments
- Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
- Good understanding and experience in migration from CISCO ASA to Next GenPaloAltoFirewall.
- Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between core switches and server distribution switches.
- Cisco ASA/CheckpointFirewalltroubleshooting and policy change requests for new IP segments that either come on line or that may has been altered during various planned network changes on the network.
- Established IPsec VPN tunnels between branch offices and headquarter using Cisco ASA firewall.
- Performing troubleshooting on slow network connectivity issues, routing issues that involves OSPF, and identifying the root cause of the issues.
- Monitor and investigate SOC incidents and alerts with Splunk, Sourcefire and McAfee ePO.
- Conducting Security assessment of various security events through Splunk, Secureworks platform
- Experience convertingPaloAltoVPN rules over to the CISCO ASA solution. Migration with both Checkpoint and CISCO ASA VPN experience.
- Assisted with configuration and deployment of network switches, routers, and wireless.
- Configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
- Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
- Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
- Responsible for Cisco ASA firewall administration across our global networks.
- Configured Cisco ASA 5510 Firewall to establish logical separation between Legacy network & lab environment.
- Experience on administrating and maintaining Red Hat Enterprise Linux system
- Threat Hunting with Splunk, Qradar, Tanium and RSA Security Analytics.
- Application administration for Qradar, Splunk and Tanium.
- Understanding of a broad range of data, systems, Applications and networks; and onboard the data to Splunk aligned to best practices and good understanding with SQL and/or Oracle.
- Leveraging Splunk to identify answers to business questions - developing queries, data models, analytic approaches and machine learning to location pertinent data. experience in setting up the enterprise infrastructure on Amazon Web Services (AWS) like
- Checkpoint /Palo Alto Firewalls troubleshooting and policy change requests for new IP segments that either come on line or that may has been altered during various planned network changes on the network
- Experience in LAN switching protocols, Spanning tree, rapid spanning tree and Either-channel.
- Advanced noledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R70 version, Secure Platform Installation.
- Advanced noledge in Design, Installation and configuration of CheckPoint Provider Environment
- Good noledge on AWS Implementations.
- Experience in security for the following platforms: Windows physical and virtual desktops and laptops, UNIX / Linux Servers, Windows servers, Database as well as RSA (EMC), McAfee (Intel), FireEye, Symantec endpoint security tools
- Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
- Monitor the performance of Splunk via the Splunk Monitoring Console deployments of Splunk while working side by side with the customers to solve their unique problems across a variety of use cases
- Developed evidence collection process to ensure management can make attestation for SSAE16 report.
- Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gatheird from customer input
- Having experience from Cisco ASA to Palo Alto Migration As well checkpoint to cisco ASA
- Decommission serial T3 circuits and replace with MPLS circuits. MPLS clouds were provided by carriers ATT, Verizon or Level 3.
- Applied working noledge of COSO and SOX 302/404; IT general controls; NIST CSF, NIST RMF, HIPPA to daily GRC.
- Responsible for ensuring full compliance with SSAE16 controls.
- Responsible for bringing the infrastructure to a SSAE16 and PCI-DSS Compliance.
- Monitored the implementation of an organization-wide enterprise risk management (ERM) program via RSA Archer eGRC toolset, and provided best practice feedback to management in regards to policy, risk identification, threat analysis, compliance efforts, as well as incident and vendor management. Communicated and presented progress reports to the Audit Committee.
Confidential, Phoneix, AZ
Network security Engineer
- Router, switches and Hub (Based on CCNA), configuration and maintenance of network devices such as computer, Printer, Scanner, Monitoring LAN/WAN.
- Working with Network Design and implementation teams on various projects across related to Brach, Campus.
- Implemented and maintained various WAN equipment such as Cisco 2800, 3800 and 7200 routers, ASR 1006.
- Experience working with Cisco 3750, 4948, 2811, 2600, 7200, 6500, series switches.
- Designing and deployment of Partner IPSEC VPN tunnels.
- Successfully installed CISCO ASA 5505 Firewalls to protect Data Center and provided L3 support for routers/switches/Firewalls.
- Configure and administer security rules and policies to either permit or deny user traffic based on company's security policies oncheckpointand Palo Altofirewall.
- Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
- Having good exposure to wild fire feature ofPaloAlto.
- Implemented various EX, SRX and J Series Juniper Devices.
- Configured and maintained IPSEC and SSL VPN's on Cisco ASA Firewalls.
- Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewall.
- Use Solar Winds Report Writer along with NCM to query for Utilization and Packet loss, inventory, configuration changes, then email reports to designated recipients daily, weekly, or when requested.
- Deploying and decommissioning Cisco switches and their respective software upgrades.
- Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
- Configure Palo Alto andcheckpointfire. wallto authenticate users based on user identity, user group, session and client PC Authentication.
- Deployed and maintained IS-IS on Cisco and Juniper routers.
- Design MPLS VPN and QoS for the architecture using Cisco multi-layer switches.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
- Exposure of large complex Cisco ASA & Palo Alto Firewalls Environment.
- Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR redundant pair.
- Worked on Juniper devices like M, MX, T routers on advanced technologies like, MPLS VPNs, TE and other service provider technologies.
- Designed and developed "Cluster Management Protocol" to coordinate and synchronize multiple nodes in Brocade Ethernet Fabrics.
- Redistribution of OSPF and EIGRP into BGP with the correct tagging parameters from the old legacy network to route and to utilize the correct MPLS VRF VPN’s provided from the bearers. installing and Configuring Juniper switches EX, QFX5100 and QFX10000 series.
- Provided Cisco Unified Communications operational and project services for a single 8.6 cluster comprised of two Data Center.
- Responsible for organizing and creating quarterly compliance reports for Confidential using an external control scan service. Coordinated vendor meetings in evaluating security products to assist with PCI-SOX compliance. Conducted research for creating the organization's security awareness program.
Jr. Network Engineer
- Configured basic protocol on devices like Static Routing, RIP, EIGRP, OSPF, and BGP.
- Racking, stacking, and cabling network-based, IT systems.
- Configuring and deployment of Juniper ERX310 router.
- Configuring of IP Allocation and sub netting for all applications and servers and other needs throughout company using FLSM, VLSM addressing.
- Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
- Hands on experience in Cisco Routers and Switches.
- Configuration of Cisco firewalls, VPN Configuration and support.
- Design and create dedicated VLANs for Voice and Data with QOS for prioritizing VOICE over the DATA on Catalyst switches and basic VOIP configurations.
- Troubleshoot the issues related to routing protocols.
- Perform routine network maintenance checks as well as configure and manage printers, copiers, and another miscellaneous network equipment.
- Configuring VRRP, Static route, BGP, Routing policies, ACL
- Preparing reports of the daily activities within the datacenter. Managing various activities in setting up Data Centers & Disaster recovery centers
- Knowledge in OSPF, EIGRP and RIP. Knowledge in Dynamic routing protocols
- Preparation of all Branches Link up time/down time report to maintain SLA with Customer
- Build and maintain Visio documentations for Clients. Troubleshoot Windows 2000 Servers and streamlining the user policy.
- Built IPSec based Site-to-Site (B2B) VPN tunnels between various client locations using cisco ASA firewall.
- Installing operating systems, software and hardware on computers.
- Responsible for Data Backup, System Update, Recovery and Restore, and Spyware removal.
- Assisting Junior and Senior Engineers, on-site management of cable-wiring technicians.
- Troubleshoot problems on a day to day basis and documented every issue to share it with design teams.