SUMMARY

• Over 8 years’ Working and Educational/Research Experience in Network and Firewall Engineering and Security.
• 5 years of hands - on experience on Network and Firewall Engineering and Security Engineer.
• Work experience include offshore development and support in Security 24X5
• Managed Security Services to assess security threats and risks involving client infrastructure.
• Cisco Networking Devices: Installation, configuration, maintenance and troubleshooting of Cisco Switches- Configure and troubleshooting VLAN, VTP, STP, etc. and Routers-Configure and troubleshooting Dynamic routing protocols OSPF, EIGRP, BGP, RIPv1, RIPv2 etc.
• Cisco Firewalls: Installation, configuration and maintenance of Cisco ASA 55XX (5512,5525,5525-X) and Next Generation Firewalls (NGFW)- Firepower and FMC (Firepower Management Center) and troubleshooting.
• Palo-Alto Firewalls: Installation, configuration and maintenance of Palo-Alto Firewalls (NGFW) and troubleshooting.
• Design, deploy, configure, maintain, and troubleshoot Palo Alto security solutions including next-gen firewalls, Traps, Panorama, and Wildfire.
• Worked on the Upgrades, patches and releases for the Firewalls and other security appliances.
• Administer the Palo Alto firewall environment including Advanced Threat Protection, URL filtering, VPNs, and SSL decryption, Use-ID, App-ID.
• Extensive working knowledge in Security tools to maintain the client domain Infrastructure clean from the threats, virus and malware
• Managing the Security through the Security Appliances/Tools such as Akamai (CDN, WAF, Bot Manager), F5 Networks,
• WAF technology, Cisco IPS and Palo Alto IPS (Firewalls), StealthWatch, SIEM tools: Splunk, Cisco IOS, ESA, WSA, Cisco Umbrella, AMP for Endpoints, SEPM (Anti-Virus)
• Worked on DR activity and Upgrades and Annual Access Review for the Security Appliances
• Migration Tool: migrating Cisco ASA to Palo Alto Firewalls and managing the issues.
• Migration Tool: migrating Cisco ASA to Firepower NGFW (FMC)
• Create Policies in Cisco ASAs: As a Layer # 3 Security device: Zones, Source Object Group, Destination Object Group, Service Object Group are added in Cisco ASA FW, then the ACL (Access-list) and NAT ACLs created based on the business requirement and review them
• Create Policies in Palo-Alto Firewalls: As a Layer # 7 Security Device: Source Address Group, Destination Address Group, Services and Applications are added to the device-group, then the policy is created.
• Configuring and troubleshooting VPN Tunnels (Site-Site and AnyConnect, IPSec) in both Cisco ASA and Palo-Alto Firewalls
• Worked on Rule Management in Cisco ASA, Palo Alto Firewalls and troubleshooting: Zone-Subzone Based rules, Ill-standard rules, Un-used Rules, Rule Clean-up and Element Saving.
• Worked on ANY-ANY Rules (Risky Rules) on the FWs, reduced the wide-open rule’s risk by making new rules with the network objects groups and service object groups.
• Cisco Firewall: intrusion prevention, advanced malware protection, URL filtering, and application visibility and control all together in one single consolidated appliance.
• Palo Alto Firewall: URL filtering, file blocking and security profiles, Decryption, Global Protect, USER-ID, APP-ID, Logging Profiles and Wildfire, HA, etc.
• Expert knowledge on the Firewall Hardenings, patching and Firewall remediation and segmentation issue.
• Running Unix, Bash and Python Scripts for information gathering on Firewall’s CLI
• Firewall Discovery and optimization of the Firewall Rules in Cisco ASA and Palo alto Firewalls
• Network Traffic analyzed on the logs and NetFlow using packet Capture.
• Worked on PAN-OS, Panorama: Centralized Device Management.
• Worked on Cisco GUI-ASDM, Cisco-IOS (CLI) and software upgrades
• Worked on device vulnerabilities and solved issues in Cisco routers, switches and firewalls.
• Hands-on experience on FireMon, Algosec and Splunk and SolarWinds for analyzing logs.
• Expertise in End-point Security Antivirus with SEPM (Symantec Endpoint Protection Manager), URL filtering with Websense, Email or content filtering with IronPort
• Intrusion detection and prevention (IDS/IPS) using FireEye, Vulnerability Management in QualysGaurd, Palo Alto Firewalls
• Maintaining Websense and SharePoint Servers
• Circulating patch releases to the concern teams to overcome the vulnerabilities
• SIEM Tools: Splunk, SecureWorks
• Operations in ServiceNow
• Categorized support problems and responded with the appropriate level of priority and severity.
• Worked on Ticketing tools and Incident Management, Change Management creating and resolving incidents and changes meeting the SLA
• Creating, maintaining groups in websense and applying rules to limit the malicious site usage in the domain
• Creating, maintaining groups and updating the clients(hosts) time to time in SEPM
• Monitoring the status of the domain and maintaining green.
• Possess excellent communication, written, analytical, interpersonal and collaborative skills
• Ability to communicate security and risk-related concepts to non-technical and technical audiences
• Possess excellent planning and organizational skills
• Performed research, analysis, and troubleshooting to identify, resolve, and explain complex security issues to members of the team/Client
• Administered and maintained user access controls, processes, and procedures to prevent unauthorized access, modification, or misuse of the resources
• Compiled and generated security reports on system and network accesses
• Ability to handle work under pressure and perform multiple tasks simultaneously
• Possess excellent Incident management and troubleshooting and reverse engineering skills with ticket handling tools
• F5 BIG-IP Load-Balancing -LTM, GTM and WAF: Web application Firewalls-Application Security Manager-ASM
• Knowledge on Cisco Meraki, Cisco Nexus-OS, VRF's, VSS, Cisco Nexus hardware (9K, 7K, 5K, 3K, 2K).
• Knowledge on the Cloud-Infrastructure and Working on Certifications such as AWS, GCP, Azure
• Good understanding and working knowledge on AWS console, SDKs, managing VPC, EC2 and other.
• Pertains good overall knowledge on the security and risky issues: access control, auditing, authentication, encryption, integrity, physical security, and application security
• Knowledge on other Firewalls: Juniper-SRX, Fortinet-FortiGate, Checkpoint
• Knowledge on VMware-NSX, Virtualization concepts and configuration
• Knowledge in IAM lifecycle, Ethical Hacking, Networking Switching and Routing.
• Knowledge on Configuration, Troubleshooting of Cisco Hardware (Routers and Switches)
• Following latest trends in Security and their implementations
• Maintaining awareness of the current threat landscape and recommend mitigations against threats
• Flexibility and ability to adapt to modern technologies and everyday learning.
• Knowledge on ITIL, PSI-DSS, HIPAA, SOX, NIST and other IT security standards

TECHNICAL SKILLS

Proficient with: MS Word, Access, Excel, PowerPoint, Outlook, Office365, Notepad++

Operating Systems: Windows 10,7 enterprise and XP, Unix

Programming/ Scripting Languages: C/C++ and MATLAB, Python, Shell, Bash, SQL, HTML, Visual Studio

Simulation software: Cisco Packet Tracer 7.0, GNS3

Security Tools / Devices/ Software: End-point protection and Anti-virus by SEPM, URL or web filter by Websense, Wireshark, Email or content filter IronPort, Intrusion Detection and Protection (IDS/IPS) by FireEye, Vulnerability management by QualysGaurd, Palo-alto Firewalls, FireMon, Splunk, SolarWinds, Algosec, Cisco Switches and Routers, Cisco ISE & NAC, Cisco ASA 55XX(5512,5525,5525-X) and Firepower and Cisco IOS, NX OS, and Security Appliances/Tools such as Akamai (CDN and WAF) and F5 Networks, WAF technology, Cisco IPS and Palo Alto IPS, StealthWatch, SIEM tools, ESA, WSA, Cisco Umbrella, Cisco AMP for Endpoints and also Bluecoat Proxy, Cloud-Infrastructure (AWS, Azure, GCP).

Scripting: Bash, Unix, Python scripts on firewall configs

Managing Firewalls: Cisco ASA /Firepower and Palo-Alto, Juniper-SRX, Fortinet-FortiGate, Checkpoint Firewalls

Knowledge on: Security Engineering, System and Network Security, Security Protocols, Application Security and Cryptography

Good knowledge on: SDLC, ITIL, SAP Security-GRC, SCADA, Networking, Ethical Hacking, Pen testing also in RDBMS.

Protocols: ARP, OSPF, BGP, IP, TCP, UDP, NAT, DHCP, SNMP, HTTP, SSH, ACL, DNS, VLAN, STP, SIP, HTTP, HTTPS, RIP, EIGRP, LAgP, 802.1Q (VTP), HSRP/VRRP/GLBP, 802.11a/b/g/n/ac, IPsec, MPLS, Authentication Protocols (RADIUS/TACACS+), Route-maps.

PROFESSIONAL EXPERIENCE

Confidential, Columbus-OH

Security Engineer

Responsibilities:

• Work with cross functional Security and Risk teams to be the assist in projects and the engineering and enhancement of Security Tools and Security Controls.
• Building security tools helping to identify and mitigate information security risks.
• Provides technical leadership on assigned projects driving all technical deliverables.
• Maintain current knowledge and the build of security tools to mitigate information security risks.
• Participate in research, analysis, design, testing and implementation of computer network security technologies and applications.
• Adheres to bank policies and procedures and complies with legal and regulatory requirements.
• Lead problem management and root cause analysis discussions with fellow network engineers, security engineers and analysts
• Working on the Enterprise application security tools
• Managing the Security through the Security Appliances/Tools such as Akamai, F5 Networks,
• WAF technology, Cisco Firepower-IPS and ASA Firewalls and Palo Alto IPS (Firewalls), StealthWatch, SIEM tools, Splunk,
• Cisco IOS, ESA, WSA, Cisco Umbrella, AMP for Endpoints, SEPM (Anti-Virus)
• Implemented the WAF- Web Application Firewall Technology through F5 ASM and Akamai Technologies.
• Migrated F5 ASM to Akamai as per the WAF and DDOS protection and CDN (Content Delivery Network) web performance enhancement. Policies are created and tuned for the applications behind the Appliances to security uplift
• Implemented the IPS - Intrusion Prevention System by Cisco Firepower Firewalls and Policies.
• Migration is underway from Cisco Firepower IPS to Palo Alto Firewalls IPS and creating and tuning the policies and User management.
• User Management (add or remove user accounts), Upgrading to the latest versions: Stealthwatch Upgrade from 6.10.4 to 6.10.5 and AMP for Endpoints from 6.1.7 to 6.2.9, Palo alto Upgrade from 8.0 to 8.1.6, periodical FMC signature updates
• On Cisco ASA Firewalls: The Firewall polices (ACLs) are implemented based on the Fireflow request from Algosec and after reviewing the request.
• Traffic analysed based on the NetFlow collectors and packet capture
• DR activity by flipping the primary and secondary for the Stealthwatch, Firepower, Umbrella, AMP for Endpoints
• Annual access review for the security appliances and validations, implementing the policies in the Prod in the security tools.
• Migrating the F5 Silverline (DDOS Protection) to Akamai Content Delivery Networks, also F5 Networks
• Application Security Manger (ASM-WAF) migrate to Akamai WAF.
• Migrating Cisco Firepower Firewall IPS to Palo-Alto Firewalls IPS.
• Whitelisting/Exclusions and Blacklisting in Cisco AMP for Endpoints and Cisco Umbrella (DNS Security)
• Following on an Unknown Security issue/ attack or Vulnerabilities with the Security engineers from the same team and Network Engineers from other teams, Technology Partners -Cisco, Palo alto, F5 Networks also Akamai to discuss and analyses the root cause analysis and the remediation of it.
• Configured SNMP, NNT, NTP and TACACS configurations as part of Network hardening issues.
• Following the Change Control through ServiceNow (SNOW), implement Changes, Incident (Tickets) on various security tools to maximize the security over the domain and maintain the visibility as in CIA triad.
• Based on the requirements scripting in Python, Java, PowerShell.
• Drafting technical requirements, configuration management, and planning documentation.
• Following Agile in the projects: Standups, Weekly Review and periodical status reports and meetings to maintain SLA.
• Strong written and verbal communication skills to help drive Information Security and Risk initiatives.

Confidential, Columbus-OH

Network Security Engineer

Responsibilities:

• Analyzing the existed infrastructure architecture and by using that designing new coarse grain and ingress through Microsoft visio: DMZ’s, Security Zones, Interfaces and different types of firewalls and their special operation
• Discovering rule/Policy information on Source (zone, sub-zone, Object-group, network subnet) and destination (zone, sub-zone, Object-group, network subnet), application and service (port) using GUI (PAN-OS) and CLI- Scripting (Linux-shell/Bash, python scripts) in Cisco ASA Firewalls through Putty (Linux/Unix machine) and WinSCP.
• Using Tableau, Splunk Tools for analyzing the logs and hit count for a rule/policy on a firewall
• Naming the Zones and making the count for the in-scope zones-subzones in the Infrastructure for the designing of the CGA and Ingress access.
• Palo-Alto Networks-Panorama PAN OS: Monitor the Traffic for the existed polices, Configuring the Palo alto firewalls, creating new policies, analyzing the interfaces, DMZs and zone-subzone architecture also troubleshooting the logs.
• Design, deploy, configure, maintain, and troubleshoot Palo Alto security solutions including next-gen firewalls, Traps, Panorama, and Wildfire.
• Administer the Palo Alto firewall environment including Advanced Threat Protection, URL filtering, VPNs, and SSL decryption.
• Cisco-ASA Firewalls: Analyzing the old ACLs and interfaces of the firewalls, creating new ACLs for standardizing the rule management and troubleshooting the logs.
• Designing the Coarse Grain access (Zone -Zone) and Ingress access (at the entry of the destination firewall), Controlling the traffic through the firewalls between the different security zones.
• Based on the In-scope Zone-Subzone, defined new policies are made on the interfaces of the firewalls (Cisco ASA and Palo-Alto). After Implementing new policies, then monitor the rules/polices traffic and hit-counts.
• Validating the older polices to standardize the policy(rule). Removing (Cleanup) the unused and ill-standard policies, with documented proof and without the productionless.
• Firewall Management, policy optimization by Algosec: By using Algosec firewall rules are being verified and validated for the standardize-discovering the rules, which will cover the existed unused (Zero hit count) rules. The removal (Cleanup) of the old-unused, ill-standard policies, with documented proof and without the productionless (reduced risk without impacting business requirements).
• Validated Using FireMon (another firewall monitoring management Tool) to continuously analyze, visualize and improve your existing firewall & network security infrastructure and monitor the traffic and logs. By using Algosec and FireMon, Validating the rules in every (Cisco ASA and Palo Alto) firewall and making rules and implementing zone to zone all over the Network
• Closely working with the IRM (Infrastructure Risk Management) Team: For analyzing the architecture, deciding the In-scope Zone-Subzones, Time Frame- better time to implement without effecting the infrastructure security and I&O (Infrastructure and Operations) Team: For discussing the procedure of the Implementation the new policies, Clean-up support.
• After pushing the New policies in the Firewalls of the Network, validating the pre-existed policies for standardize after monitoring for a certain period, with the information of hit count (should be Zero) to make sure the old-rules are covered by CGA rules/Polices, the Clean-up is done. This procedure is documented step by step.
• Element’s Saving: Before and after the CGA implementation the element’s count and the clean-up rule’s count calculated, to get the total saving of the elements.
• Follows Agile and Reviewing the status Weekly and presenting the reports for the better outcome of the project. Used SharePoint sharing the work over the team.
• Scripting: For the information gathering from firewall configs, used Python, Bash( shell ) scripts and created “fr”, “cr”, “pyfr” and also “bfr” automation scripts.
• ANY-ANY Rules: As a continuation, worked on Source-ANY, Destination-ANY on ANY Port and on ANY Application.
• Re-Add: From the Firewalls configs and logs from the Splunk, Infoblox data the rules separated, and the wide-open rules then standardized by creating the object groups (ASA), Address groups (Palo-Alto FW). Then based on IRM permissions the rules are created and placed at the top of the policies in respective FWs.
• Remove: After placing the policies, monitor the traffic by Hit counts, Splunk Logs, Algosec and Palo commit Remove the old ANY-ANY rules without the production-loss after checking that the Re-added rules replaces the required traffic connectivity.
• With Re-Add and Remove the Risky Rules are reduced in the Network for the Egress-Ingress Rule implementation.

Confidential

Project Engineer

Responsibilities:

• Working in 24x5 support for more than 5000 hosts (Client Infrastructure)
• Cisco Networking Devices: Installation, configuration, maintenance and troubleshooting of Cisco Switches and Routers.
• Cisco Firewalls: Installation, configuration and maintenance of Cisco ASA 55XX and troubleshooting.
• Palo-Alto Firewalls: Installation, configuration and maintenance of Palo-Alto Firewalls (NGFW) and troubleshooting.
• Migration to Palo-Alto Firewalls: Used migration tool to migrate from Cisco ASA to Palo-Alto firewalls and managed the issues
• Create Policies in Cisco ASAs: As a Layer # 3 Security device: Zones, Source Object Group, Destination Object Group, Service Object Group are added in Cisco ASA FW, then the ACL (Access-list) and NAT ACLs created
• Create Policies in Palo-Alto Firewalls: As a Layer # 7 Security Device: Source Address Group, Destination Address Group, Services and Applications are added to the device-group, then the policy is created.
• Configuring and troubleshooting VPN Tunnels (Site-Site and AnyConnect, IPSec) in both Cisco ASA and Palo-Alto Firewalls
• F5 BIG-IP Load-Balancing -LTM
• Monitoring, Maintaining the domain clean from malware, virus, cyber-attacks and malicious threats over the network
• Operations in ServiceNow and SecureWorks as A SIEM Tool.
• Incident management (Create, Resolve and maintain Track with proper documentation)
• Supporting the other teams in resolving Incidents and Change Management
• Create groups, roles in Symantec and Websense and maintaining clean and secure the domain
• Maintaining Websense and SharePoint servers
• Attending On-call rotation and maintain in-status with client
• Monitoring and auditing security aspects of IT and product operations
• Resolving Tickets, Alerts on Symantec, Websense, FireEye, IronPort, FWs
• Assisting the other teams while resolving the Tickets, Incidents and Troubleshooting in Network related issues
• Vulnerability scans in Qualys
• Following NIST, CVE and Releasing weekly Patch report, circulating the latest patches to overcome the vulnerabilities
• Administered and maintained user access to certain sites, mails and designed procedures to prevent unauthorized access, modification, or misuse of the resources with Active Directory
• Monitored client networks for security events and alerts clients to potential threats, intrusions, and compromises ex: Denial of service, Malware, Adware, Worms, Trojans, Virus, phishing, spam, break-in,
• Resolving all hosts problems, troubleshooting system failure, scheduling and updating virus checks on servers and Hosts, suggest mitigation steps and assist the clients to free from virus and malware, adware etc.
• Working on Malware Protection system such as FireEye and other malware analysis system.
• Responding to the alerts from the SEPM, Websense, FireEye, IronPort and resolving, escalating them maintaining SLA
• Analyzing Business process and Identifying the risks and issues in the system by defining scope of the priority of the security policies proposing alternative solution
• Provided Helpdesk support that involved identifying and escalating the tickets to specific groups
• Assisted in updating the Client groups in SEPM
• Creating Security Status reports and Trend reports daily, Weekly, Monthly, Yearly
• Developing, documenting and maintaining security procedures.
• Remote access maintenance, administration and configuration
• Researching and preparing periodic reports of Information Security program execution ex: RCA (root cause analysis).
• Performed additional duties as assigned.
• Maintained Cross Skilled Team