- Network Security Engineer wif 5 years of experience wif capability of planning, designing, implementation and troubleshooting wif deep understanding of routing, switching and firewall technologies in complex network systems.
- As a passionate individual in innovative and challenging environment has an ability to learn and grow at professional level theirby directing my future endeavors.
- Expertise in Configuring and Troubleshooting Palo Alto (PA - 3060/5060), Cisco ASA (5500 series) and Checkpoint (R77.30 and R77.10), Firewalls and Implementing policy change requests for new IP segments on the network.
- Profound noledge in implementing application-based policies, URL filtering, Threat prevention, and Data filtering.
- Strong noledge of Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), FireEye Inspection, DDoS attacks and Kill Chain mitigation techniques.
- Expertise in performing migration from Cisco ASA and checkpoint to Palo Alto Firewalls.
- Strong noledge in configuring and troubleshooting IPsec-VPN and SSL-VPN tunnels for the site to site connectivity.
- Hands on experience on centralized management system (Panorama) to manage large scale firewall deployments.
- Experience in configuring and managing AAA architecture including RADIUS and TACACS+ servers through Active Directory.
- Experience deploying F5 BIG-IP LTM-6400 Load Balancers to increase capacity (concurrent users) and reliability of applications using LTM, GTM.
- Strong experience in implementation of Virtual Servers, nodes, pools and iRules on F5 Load Balancers (BIG-IP) in LTM module.
- Worked wif SIEM tools such as IBM QRadar to get real-time analysis of security alerts generated by network hardware and applications.
- Using Ansible as an automation tool for creating subnets, security groups, route tables and ACL's for VPC creation.
- Worked on configuring WILDFIRE forward settings on Palo Alto firewall to prevent Zero-Day and Malware attacks.
- Strong noledge on conducting Vulnerability Assessments using Qualys and Nessus and monitored remediation of documented vulnerabilities.
- Short and Long-term security event trend analysis performed on a regular basis using Splunk and FireEye.
- Experienced wif working on network monitoring tools such as SOLARWINDS, Splunk and Sniffing tools like Wireshark and TCP dump.
- Detailed understanding of data network concepts and operational functionality of OSI Model and TCP/IP networking.
- Strong working noledge in configuring and troubleshooting various routers and switches.
- Worked on configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP and Static on Cisco (7200, 3800), Juniper (MX10, MX40, and MX80) series routers.
- Configured and Implemented Router redundancy protocols likeHSRP, VRRP and GLBP.
- Proficiency in configuration of Layer2 and Layer3 Virtual Local Area Networks using Cisco multi-layer Switches supporting STP, RSTP, PVST, MVST along wif inter VLAN routing and VLAN Trunking 802.1q.
- Experienced in DNS, DHCP, SMTP, FTP, HTTPS, and web securityarchitecture.
- Excellent client/customer management, problem-solving and troubleshooting skills wif good communication skills.
Firewall: Check Point (R77.30 and R77.10), Palo Alto (PA-3060/ 5060), Cisco ASA (5500 series) and Juniper (SRX550/ SRX650).
Network Security: ACL’s, MPF, IPSEC VPN, Port Security, AAA and IDS/IPS.
Protocols: EIGRP, OSPF, BGP, VPC, VTP, STP, RSTP, MST, PVST, IPV4, HSRP, DHCP, TCP/IP, UDP, 802.1q, Inter VLAN routing; Multi-Layer Switch, ICMP&ARP Ethernet Topologies.
Load Balancers: A10 Networks (AX2500), Cisco CSM & ACE 4710, F5 Networks (Big-IP), Brocade Load Balancers.
Virtual private networks: IPSec, SSL, GRE and DMVPN
Languages: Unix, Turbo C/C++, basics in Perl and shell scripting.
Router platforms: Cisco 2900, 3600, 3700, 3800, 7200, 7600 series, Juniper MX104, MX240, MX480, M320, T640, SRX series.
Switch platforms: Cisco 3500, 4500, 6500 Catalyst series, Nexus 7000, 5000, 2000 series and Juniper EX2200, EX2300, EX3300, EX3400, EX4200 series.
Operating Systems: Windows, Linux, Mac OS, UNIX, Cisco IOS, JUNOS, PANOS and NX-OS.
Tools: Wireshark, Simulink, GNS3, Cisco Packet tracer, Cisco Security Manager (CSM), Solar Winds, Riverbed, VMware, Boson Netsim, tcpDump, Checkpoint Smartview, WatsUp Glod, ngrep.
Network Security Engineer
Confidential | Akron, Ohio
- Configured and managed Palo Alto (PA-3060/5060) and Cisco ASA(5500 series) firewalls.
- Configured templates, device groups and created policies using APP-id, user-id on Panorama and pushed them into Palo Alto firewalls.
- Deploy, configure, and implement QRadar expansion to include: QRadar Vulnerability Manager, Incident Forensics, PCAP, Event Processor, and Flow appliances.
- Implemented Zone-Based Policies and autantication profiles on the Palo Alto Network Firewalls.
- Integrated the firewall wif active directory for user-identification and installed the user-id agent on the active directory server.
- Enforced security policies to safely enable user-id wifin trusted zones and prevent user-id traffic from egressing the network.
- Responsible for implementing the Palo Alto to mitigate DOS, DDOS, attacks using Dos Protection, Threat Prevention and Data Filtering.
- Enabled evasion signatures to detect crafted HTTP or TLS requests and alert the instance when a client connects to a domain other than domain specified in DNS query.
- Implemented Global Protect wif single and multiple gateway solutions for clientless VPN.
- Configured SSL VPNs on Palo Alto firewalls for secure site-to-site VPN connectivity.
- Deployed Active/Passive modes of High Availability (HA) wif Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on the application of Active/Active HA mode.
- Managed Palo Alto firewalls utilizing panorama and constantly ensured software upgrades and content updates are up to date on the devices.
- Performed legacy Migration from Cisco ASA 5500 to PA-5260 using PAN migration tool.
- Configuring, Monitoring and Troubleshooting Cisco ASA 5500 security appliance for IPsec VPN (Site-to-Site Tunnels), Failover DMZ zoning and configuring VLANs / routing / NATing wif the firewalls as per the design.
- Performed security policy analysis and rule modifications on Cisco ASA firewalls.
- Configured and deployed F5 Big-IP LTM for distributing inbound traffic to the servers.
- Implemented SSL termination on LTM and renewed SSL certificates and customized me rule for cookies persistency.
- Configuring App-ID and User-ID on firewalls to determine the application signatures along wif Wildfire cloud-based threat analysis for Zero-Day attacks.
- Configured AAA Server (RADIUS) for autantication and authorization of all remote VPN users.
- Perform firewall rule audit and optimization using AlgoSec.
- Configured and implemented Enhanced VPC, OTV, and Fabric path between Nexus 7k and 5k series switches for the datacentre operations.
- Experienced in configuring the Nexus2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus5000.
- Configured Authorization rules in Cisco ISE forwirelessby enforcing 802.1x Autantication to allow user access to proper Data.
- Hands-on experience wif Aruba Clear pass in providing network access security and NAC, based on user roles and device types (BYOD).
- Provided security to the wireless network infrastructure from unauthorized access and threats by implementing security features like SSID, WPA, and WPA2/802.11i.
- In-depth noledge on BGP peering and BGP attributes like AS-PATH, LOCAL PREFERENCE.
- Strong hands-on experience on sniffing tools like Wireshark, TCPDUMP and network monitoring tool SOLAR WINDS.
- Monitored and analyzed the log entries using SPLUNK to identify malicious activities on the network.
- Documented the network infrastructure using Visio diagrams and word document for peer training and review.
Environment: Cisco switches 4800, 6500 Catalyst series, Nexus 7000 series; Cisco routers 3700, 3800, 7200, 7600 series Cisco ASR 9000 Series Aggregation Services Routers and Cisco ASA 5500, Palo Alto (PA-3060/5060), F5 BIGIP LTM, Panorama M’100.
Sr. Network Engineer
Confidential | Bloomington, Minnesota
- Configured and managed Check Point firewalls versions R77.30 and R77.10.
- Configured Check Point security gateways from scratch and setup in high availability.
- Enforced application, service-based policies and cleaned up unused policies.
- Managed and monitored Check Point firewall configurations through Smart Dashboard and Smart View Tracker.
- Implemented anti-bot, anti-spam, and sand box blades to prevent malicious threats and data breach.
- Configured Active-Passive High Availability for state full failover and Zero down time maintenance on Checkpoint firewalls.
- Implemented site-to-site VPN tunnels using IPsec encryption standards on Checkpoint firewalls.
- Migrated existing IPSec VPN tunnels from Pre-Shared key to Certificate Authority (PKI).
- Assisted in configuring Security profiles such as Threat prevention, Anti-Virus, Anti-Spyware, File Blocking, etc.
- Implemented AAA Architecture and 802.1x Wireless User Autantication using Active Directory Server wif Kerberos.
- Deployed F5 Big-IP LTMs and implemented weighted round robin policy to balance the load.
- Configured & troubleshoot Virtual Servers, me Nodes, Pools, and customized me Rules on BIG-IP F5 LTM Load balancers for traffic management.
- Performed cleanup of fully shadowed, expired and unused security rules and objects using tufin secure track
- Responsible for WAF operation implementation as well as any required troubleshooting and root-cause.
- Configured VPC, VDC and ISSU Software upgrades on Cisco Nexus switch implementing Fabric Path to avoid blocking ports.
- Configured HSRP between VLANs, Configuring Ether-Channels, and Port Channel on 6500 catalyst switches.
- Implemented BGP to optimize WAN routing on core and edge routers.
- Conducted mutual redistribution of OSPF and BGP routes using route maps.
- Involved in the removal ofEIGRPfrom all devices and making OSPF the primary routing protocol.
- Addressed issues related to OSPF, EIGRP, HSRP and GLBP fail-overs, Optimized routing using route maps, route redistribution.
- Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
- Experience in working wif ARISTA switches for cloud computing, data center networks.
- Configured multiple domain name services (DNS), email services (Exchange Server), web, and file transfer protocol services (FTP) for various platforms including line leasing through DHCP servers.
- Used Network monitoring tool SolarWinds NPM to ensure connectivity and Protocol analysis tool (Wireshark and TCP dump) to inspect the packet for networking issues.
Environment: Arista switches 7308R, 7328X, Cisco 3550/4500/6500 switches, Juniper Routers MX 240, 480, M320, F5 Big-IP LTM-6400 load balancer, Checkpoint R77.
Confidential | Minneapolis, Minnesota
- Configure & troubleshoot routing protocols EIGRP, OSPF on Cisco ISR 3800, 2900.
- Redistributing from EIGRP to OSPF and vice versa. Implement a hub and spoke topology wif a Frame Relay Switch.
- Configured and resolved complex OSPF issues in a multi-area network.
- Involved in troubleshooting of DNS, DHCP, and other IP conflict problems.
- Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500series Cisco Catalyst switches.
- Provided on-call support for installation and troubleshooting of the Networking L2/L3 issues.
- Implemented & operated L3 switching and related functionality. This includes the use of VLANs, STP, VTP and their functions as they relate to networking.
- Worked on Security issues, VPN, IPSec, NAT, Standard & Extended Access Control Lists (ACLs).
- Manage Cisco Routers and troubleshoot layer1, layer2 and layer3 technologies for customer escalations.
- Installation, Configuration and troubleshooting Cisco switches & Routers.
- Enabled STP, RPVST+, BPDU Guard, Root Guard, disabling all unused ports and putting them in unused VLAN.
- Implemented WAN network technologies like MPLS and Frame Relay.
- Coordinated installations and followed up wif project managers and end users to ensure acceptable system/network performance once changes were completed.
- Created documentation and network diagrams of the network infrastructure using MS VISIO.
- Worked on service request tickets generated by the halpdesk such as troubleshooting, maintenance, upgrades, patches and solutions wif all-around technical support.
Environment: Cisco 2800/2900/3900/4000 Series ISR's, Cisco Catalyst switches 3560, 3750 and 4500series and Cisco 3640/3845/3600/2800 routers, cisco WAP 3700, Windows Server 2003/2008.
Jr Network engineer
- Configured and troubleshoot EIGRP routing protocol on Cisco routers.
- Implemented and upgraded Cisco switches and routers.
- Configuring Vlan's, VTP's, enabling trunks wif 802.1q tagging between switches in the access layer.
- Enabled STP Enhancements to speed up the network convergence dat includes Port-fast, Uplink-fast.
- Involved in the upgrading of legacy Cat 4500X-32 switches to 4500X-40 series switches.
- Involved in troubleshooting of DNS, DHCP, and other IP conflict problems and applied QoS for the bandwidth delay.
- Involved in implementation and configuration of HSRP for load balancing on L3 switches.
- Performed IOS upgrades on various catalyst series switches and maintained latest IOS versions according to company's policy.
- Configured Access List (Standard, Extended and Named) to allow users all over the company to access different applications and blocking others.
- Installed and maintained windows XP, 2007 and vista on client’s operating systems, hardware/software upgrades and network administration.
- Responsible for cabling and labeling and Racking & Stacking of various network equipment and ensured their are no connectivity issues using ping and tracert.
- Troubleshooted the layer 1 and layer 2 ticketing issues.
- Knowledge of HSRP, GLBP, ICMP, PPP, SNMP, VLSM, ARP and Autantication Protocols (PAP and CHAP).
- Good noledge of routing protocols like OSPF, is-is, and threats to OSI.
Environment: Cisco routers 2900, 3800, 3900, cisco switches 3500, 4500, Nexus 2000 series, windows XP, 2007 and vista.