We provide IT Staff Augmentation Services!

Network Security Engineer Resume

Akron, OhiO

SUMMARY

  • Network Security Engineer wif 5 years of experience wif capability of planning, designing, implementation and troubleshooting wif deep understanding of routing, switching and firewall technologies in complex network systems.
  • As a passionate individual in innovative and challenging environment has an ability to learn and grow at professional level theirby directing my future endeavors.
  • Expertise in Configuring and Troubleshooting Palo Alto (PA - 3060/5060), Cisco ASA (5500 series) and Checkpoint (R77.30 and R77.10), Firewalls and Implementing policy change requests for new IP segments on the network.
  • Profound noledge in implementing application-based policies, URL filtering, Threat prevention, and Data filtering.
  • Strong noledge of Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), FireEye Inspection, DDoS attacks and Kill Chain mitigation techniques.
  • Expertise in performing migration from Cisco ASA and checkpoint to Palo Alto Firewalls.
  • Strong noledge in configuring and troubleshooting IPsec-VPN and SSL-VPN tunnels for the site to site connectivity.
  • Hands on experience on centralized management system (Panorama) to manage large scale firewall deployments.
  • Experience in configuring and managing AAA architecture including RADIUS and TACACS+ servers through Active Directory.
  • Experience deploying F5 BIG-IP LTM-6400 Load Balancers to increase capacity (concurrent users) and reliability of applications using LTM, GTM.
  • Strong experience in implementation of Virtual Servers, nodes, pools and iRules on F5 Load Balancers (BIG-IP) in LTM module.
  • Worked wif SIEM tools such as IBM QRadar to get real-time analysis of security alerts generated by network hardware and applications.
  • Using Ansible as an automation tool for creating subnets, security groups, route tables and ACL's for VPC creation.
  • Worked on configuring WILDFIRE forward settings on Palo Alto firewall to prevent Zero-Day and Malware attacks.
  • Strong noledge on conducting Vulnerability Assessments using Qualys and Nessus and monitored remediation of documented vulnerabilities.
  • Short and Long-term security event trend analysis performed on a regular basis using Splunk and FireEye.
  • Experienced wif working on network monitoring tools such as SOLARWINDS, Splunk and Sniffing tools like Wireshark and TCP dump.
  • Detailed understanding of data network concepts and operational functionality of OSI Model and TCP/IP networking.
  • Strong working noledge in configuring and troubleshooting various routers and switches.
  • Worked on configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP and Static on Cisco (7200, 3800), Juniper (MX10, MX40, and MX80) series routers.
  • Configured and Implemented Router redundancy protocols likeHSRP, VRRP and GLBP.
  • Proficiency in configuration of Layer2 and Layer3 Virtual Local Area Networks using Cisco multi-layer Switches supporting STP, RSTP, PVST, MVST along wif inter VLAN routing and VLAN Trunking 802.1q.
  • Experienced in DNS, DHCP, SMTP, FTP, HTTPS, and web securityarchitecture.
  • Excellent client/customer management, problem-solving and troubleshooting skills wif good communication skills.

TECHNICAL SKILLS

Firewall: Check Point (R77.30 and R77.10), Palo Alto (PA-3060/ 5060), Cisco ASA (5500 series) and Juniper (SRX550/ SRX650).

Network Security: ACL’s, MPF, IPSEC VPN, Port Security, AAA and IDS/IPS.

Protocols: EIGRP, OSPF, BGP, VPC, VTP, STP, RSTP, MST, PVST, IPV4, HSRP, DHCP, TCP/IP, UDP, 802.1q, Inter VLAN routing; Multi-Layer Switch, ICMP&ARP Ethernet Topologies.

Load Balancers: A10 Networks (AX2500), Cisco CSM & ACE 4710, F5 Networks (Big-IP), Brocade Load Balancers.

Virtual private networks: IPSec, SSL, GRE and DMVPN

Languages: Unix, Turbo C/C++, basics in Perl and shell scripting.

Router platforms: Cisco 2900, 3600, 3700, 3800, 7200, 7600 series, Juniper MX104, MX240, MX480, M320, T640, SRX series.

Switch platforms: Cisco 3500, 4500, 6500 Catalyst series, Nexus 7000, 5000, 2000 series and Juniper EX2200, EX2300, EX3300, EX3400, EX4200 series.

Programming Languages: Advance Python, JavaScript, Unix, Turbo C/C++, basics in Perl and shell scripting.

Operating Systems: Windows, Linux, Mac OS, UNIX, Cisco IOS, JUNOS, PANOS and NX-OS.

Tools: Wireshark, Simulink, GNS3, Cisco Packet tracer, Cisco Security Manager (CSM), Solar Winds, Riverbed, VMware, Boson Netsim, tcpDump, Checkpoint Smartview, WatsUp Glod, ngrep.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential | Akron, Ohio

Responsibilities:

  • Configured and managed Palo Alto (PA-3060/5060) and Cisco ASA(5500 series) firewalls.
  • Configured templates, device groups and created policies using APP-id, user-id on Panorama and pushed them into Palo Alto firewalls.
  • Deploy, configure, and implement QRadar expansion to include: QRadar Vulnerability Manager, Incident Forensics, PCAP, Event Processor, and Flow appliances.
  • Implemented Zone-Based Policies and autantication profiles on the Palo Alto Network Firewalls.
  • Integrated the firewall wif active directory for user-identification and installed the user-id agent on the active directory server.
  • Enforced security policies to safely enable user-id wifin trusted zones and prevent user-id traffic from egressing the network.
  • Responsible for implementing the Palo Alto to mitigate DOS, DDOS, attacks using Dos Protection, Threat Prevention and Data Filtering.
  • Enabled evasion signatures to detect crafted HTTP or TLS requests and alert the instance when a client connects to a domain other than domain specified in DNS query.
  • Implemented Global Protect wif single and multiple gateway solutions for clientless VPN.
  • Configured SSL VPNs on Palo Alto firewalls for secure site-to-site VPN connectivity.
  • Deployed Active/Passive modes of High Availability (HA) wif Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on the application of Active/Active HA mode.
  • Managed Palo Alto firewalls utilizing panorama and constantly ensured software upgrades and content updates are up to date on the devices.
  • Performed legacy Migration from Cisco ASA 5500 to PA-5260 using PAN migration tool.
  • Configuring, Monitoring and Troubleshooting Cisco ASA 5500 security appliance for IPsec VPN (Site-to-Site Tunnels), Failover DMZ zoning and configuring VLANs / routing / NATing wif the firewalls as per the design.
  • Performed security policy analysis and rule modifications on Cisco ASA firewalls.
  • Configured and deployed F5 Big-IP LTM for distributing inbound traffic to the servers.
  • Implemented SSL termination on LTM and renewed SSL certificates and customized me rule for cookies persistency.
  • Configuring App-ID and User-ID on firewalls to determine the application signatures along wif Wildfire cloud-based threat analysis for Zero-Day attacks.
  • Configured AAA Server (RADIUS) for autantication and authorization of all remote VPN users.
  • Perform firewall rule audit and optimization using AlgoSec.
  • Configured and implemented Enhanced VPC, OTV, and Fabric path between Nexus 7k and 5k series switches for the datacentre operations.
  • Experienced in configuring the Nexus2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus5000.
  • Configured Authorization rules in Cisco ISE forwirelessby enforcing 802.1x Autantication to allow user access to proper Data.
  • Hands-on experience wif Aruba Clear pass in providing network access security and NAC, based on user roles and device types (BYOD).
  • Provided security to the wireless network infrastructure from unauthorized access and threats by implementing security features like SSID, WPA, and WPA2/802.11i.
  • In-depth noledge on BGP peering and BGP attributes like AS-PATH, LOCAL PREFERENCE.
  • Strong hands-on experience on sniffing tools like Wireshark, TCPDUMP and network monitoring tool SOLAR WINDS.
  • Monitored and analyzed the log entries using SPLUNK to identify malicious activities on the network.
  • Documented the network infrastructure using Visio diagrams and word document for peer training and review.

Environment: Cisco switches 4800, 6500 Catalyst series, Nexus 7000 series; Cisco routers 3700, 3800, 7200, 7600 series Cisco ASR 9000 Series Aggregation Services Routers and Cisco ASA 5500, Palo Alto (PA-3060/5060), F5 BIGIP LTM, Panorama M’100.

Sr. Network Engineer

Confidential | Bloomington, Minnesota

Responsibilities:

  • Configured and managed Check Point firewalls versions R77.30 and R77.10.
  • Configured Check Point security gateways from scratch and setup in high availability.
  • Enforced application, service-based policies and cleaned up unused policies.
  • Managed and monitored Check Point firewall configurations through Smart Dashboard and Smart View Tracker.
  • Implemented anti-bot, anti-spam, and sand box blades to prevent malicious threats and data breach.
  • Configured Active-Passive High Availability for state full failover and Zero down time maintenance on Checkpoint firewalls.
  • Implemented site-to-site VPN tunnels using IPsec encryption standards on Checkpoint firewalls.
  • Migrated existing IPSec VPN tunnels from Pre-Shared key to Certificate Authority (PKI).
  • Assisted in configuring Security profiles such as Threat prevention, Anti-Virus, Anti-Spyware, File Blocking, etc.
  • Implemented AAA Architecture and 802.1x Wireless User Autantication using Active Directory Server wif Kerberos.
  • Deployed F5 Big-IP LTMs and implemented weighted round robin policy to balance the load.
  • Configured & troubleshoot Virtual Servers, me Nodes, Pools, and customized me Rules on BIG-IP F5 LTM Load balancers for traffic management.
  • Performed cleanup of fully shadowed, expired and unused security rules and objects using tufin secure track
  • Responsible for WAF operation implementation as well as any required troubleshooting and root-cause.
  • Configured VPC, VDC and ISSU Software upgrades on Cisco Nexus switch implementing Fabric Path to avoid blocking ports.
  • Configured HSRP between VLANs, Configuring Ether-Channels, and Port Channel on 6500 catalyst switches.
  • Implemented BGP to optimize WAN routing on core and edge routers.
  • Conducted mutual redistribution of OSPF and BGP routes using route maps.
  • Involved in the removal ofEIGRPfrom all devices and making OSPF the primary routing protocol.
  • Addressed issues related to OSPF, EIGRP, HSRP and GLBP fail-overs, Optimized routing using route maps, route redistribution.
  • Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
  • Experience in working wif ARISTA switches for cloud computing, data center networks.
  • Configured multiple domain name services (DNS), email services (Exchange Server), web, and file transfer protocol services (FTP) for various platforms including line leasing through DHCP servers.
  • Used Network monitoring tool SolarWinds NPM to ensure connectivity and Protocol analysis tool (Wireshark and TCP dump) to inspect the packet for networking issues.

Environment: Arista switches 7308R, 7328X, Cisco 3550/4500/6500 switches, Juniper Routers MX 240, 480, M320, F5 Big-IP LTM-6400 load balancer, Checkpoint R77.

Network Engineer

Confidential | Minneapolis, Minnesota

Responsibilities:

  • Configure & troubleshoot routing protocols EIGRP, OSPF on Cisco ISR 3800, 2900.
  • Redistributing from EIGRP to OSPF and vice versa. Implement a hub and spoke topology wif a Frame Relay Switch.
  • Configured and resolved complex OSPF issues in a multi-area network.
  • Involved in troubleshooting of DNS, DHCP, and other IP conflict problems.
  • Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500series Cisco Catalyst switches.
  • Provided on-call support for installation and troubleshooting of the Networking L2/L3 issues.
  • Implemented & operated L3 switching and related functionality. This includes the use of VLANs, STP, VTP and their functions as they relate to networking.
  • Worked on Security issues, VPN, IPSec, NAT, Standard & Extended Access Control Lists (ACLs).
  • Manage Cisco Routers and troubleshoot layer1, layer2 and layer3 technologies for customer escalations.
  • Installation, Configuration and troubleshooting Cisco switches & Routers.
  • Enabled STP, RPVST+, BPDU Guard, Root Guard, disabling all unused ports and putting them in unused VLAN.
  • Implemented WAN network technologies like MPLS and Frame Relay.
  • Coordinated installations and followed up wif project managers and end users to ensure acceptable system/network performance once changes were completed.
  • Created documentation and network diagrams of the network infrastructure using MS VISIO.
  • Worked on service request tickets generated by the halpdesk such as troubleshooting, maintenance, upgrades, patches and solutions wif all-around technical support.

Environment: Cisco 2800/2900/3900/4000 Series ISR's, Cisco Catalyst switches 3560, 3750 and 4500series and Cisco 3640/3845/3600/2800 routers, cisco WAP 3700, Windows Server 2003/2008.

Jr Network engineer

Confidential

Responsibilities:

  • Configured and troubleshoot EIGRP routing protocol on Cisco routers.
  • Implemented and upgraded Cisco switches and routers.
  • Configuring Vlan's, VTP's, enabling trunks wif 802.1q tagging between switches in the access layer.
  • Enabled STP Enhancements to speed up the network convergence dat includes Port-fast, Uplink-fast.
  • Involved in the upgrading of legacy Cat 4500X-32 switches to 4500X-40 series switches.
  • Involved in troubleshooting of DNS, DHCP, and other IP conflict problems and applied QoS for the bandwidth delay.
  • Involved in implementation and configuration of HSRP for load balancing on L3 switches.
  • Performed IOS upgrades on various catalyst series switches and maintained latest IOS versions according to company's policy.
  • Configured Access List (Standard, Extended and Named) to allow users all over the company to access different applications and blocking others.
  • Installed and maintained windows XP, 2007 and vista on client’s operating systems, hardware/software upgrades and network administration.
  • Responsible for cabling and labeling and Racking & Stacking of various network equipment and ensured their are no connectivity issues using ping and tracert.
  • Troubleshooted the layer 1 and layer 2 ticketing issues.
  • Knowledge of HSRP, GLBP, ICMP, PPP, SNMP, VLSM, ARP and Autantication Protocols (PAP and CHAP).
  • Good noledge of routing protocols like OSPF, is-is, and threats to OSI.

Environment: Cisco routers 2900, 3800, 3900, cisco switches 3500, 4500, Nexus 2000 series, windows XP, 2007 and vista.

Hire Now