Network Security Engineer Resume
Berlin, CT
SUMMARY
- 7+ years of experience as a Network/Systems Administrator specializing in Cisco/Juniper Networking, SSL Security which includes designing, Deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols. LAN/WAN connectivity, TCP/IP Windows XP, Windows Vista, NT/ System administration, communications.
- Hands On experience Cisco IOS/IOS - XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
- Experience with network security design implementation Assessment, evaluation, design, and implementation of solutions related to following security areas: Large corporate firewall extranets, mail, Internet, internal enclave, PCI and Industrial control systems.
- In-depth noledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
- Migration of Checkpoint R54 to SPLAT
- Proficient in setting up IT infrastructure including wide area networks (WAN) / local area networks (LAN), security management systems & networking devices administration.
- Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
- Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for teh Nexus 5000
- Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 7010,5000 series to provide a Flexible Access Solution for a datacenter access architecture.
- Experience in tools like SNMP, AAA, RADIUS and designed VPN with IPSEC security layer.
- Understanding of IPSEC & GRE tunnels in VPN technology.
- Configuring Virtual Chassis for Juniper switches EX-4200,Firewalls SRX-210
- Experience in testing routers and switches in laboratory and deploy them on site production.
- Proficient in configuration of routing protocols like RIP, IGRP, EIGRP, OSPF multiple areas and BGP.
- Worked on MPLS-VPN designs and MPLS-QoS for teh migration of Frame relay to MPLS system.
- Involved in designing L2VPN services and encryption system and other VPN with IPSEC based services.
- Expertise in IP sub netting and worked on various designing and allocation various classes of IP address to teh domain.
- Involved in troubleshooting of IP conflict problems and worked on Gigabit Ethernet and Fast Ethernet connection and applied QoS for teh bandwidth delay.
- Configuring Virtual Chassis for Juniper switches EX-4200,Firewalls SRX-210
- Responsible for Check Point and Cisco ASA firewall administration across global networks.
- Experience in working with Nexus Switches and Virtual Port Channel configuration.
- Extensive troubleshooting experience in ISDN and telephony circuits CSU/DSU connections.
- Hands on experience on NAT (Network address translation) configurations and it’s analysis on troubleshooting issues related access lists (ACL).
- Involved in monitoring network traffic and its diagnosis using performance tools like Snort, Snortsnarf, ping tools, and packet player.
- Good noledge on VOIP protocols like H.323, SIP, MGCP and SS7 and interfacing of TDM to VOIP system.
- Planned and implemented WAN at 18 remote locations.
- Installation of Windows 2003 enterprise and standard editions, R2, Windows 2000 standard and advanced server editions.
TECHNICAL SKILLS
Protocols: OSI,TCP/IP,DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, TACACS+, RADIUS, OSPF, BGP, SSH, TFTP, FTP, SMTP, NTP, LDAP, Active Directory, Kerberos, L2F, L2TP, PPP, Frame Relay, ATM, Sonnet, Fast/Gig Ethernet, HSRP, Token Ring, ISDN, AAA, DES, 3DES, AES, and MD5, VPN (IPsec and SSL),VRRP, HSRP, DNS (BIND, DJBDNS, Infoblox), CARP, SNMP.
Network Monitoring Tools: HP openview, Netscout, Ethereal, tcpdump, netcat, Sniffer, Snort& Snortsnarf, MRTG.
Operating Systems: Microsoft XP/Vista/7, UNIX, Linux(RedHat, Fedora)
Ssl Security Technologies: Cisco FWSM/PIX/ASDM, Nokia Checkpoint NG, Juniper SRX
Routers: Cisco GSR 12416, 12418, 7200vxr,3640,3600
Switches: Catalyst 6500, MSFC, MSFC2, 7600, 3700, 3500
Voip: SIP H.323, MGCP, TDM, SS7, Avaya Voice gateways.
Lan/Wan Technologies: T1, DS3, OC3, SONNET, MPLS, DSU/CSU
Network Equipment: Advanced switch/router configuration (Cisco IOS access list, Route redistribution/propagation)
Hardware Platform: Cisco Routers, Ethernet Switches, F5 LTM, GTM
PROFESSIONAL EXPERIENCE
Confidential, Berlin, CT
Network Security Engineer
Responsibilities:
- Configuration and Maintenance of VPN tunnels.
- Tearing down of teh VPN tunnels and moving teh existing ones to teh new location.
- Upgrading GAIA R7 .10
- Installation and administration of Checkpoint R 75.40 Firewall.
- VLAN and Port channel configurations for cutovers
- Firewall Log monitoring using Netscout
- Site to site VPN implementation on ASA Firewalls
- Tufin appliance reimaging, installation and troubleshooting.
- Involved in teh configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
- Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
- Configuration of ACLs in Cisco 5540 series ASA firewall for Internet Access requests for servers in LAN and DMZ and also for special user requests as authorized by management.
- Deploying and decommissioning Cisco switches and their respective software upgrades.
- Creating lab setup of checkpoint R77.10 firewall.
- Migration of Checkpoint R54 to SPLAT
Environment: Checkpoint Security Firewalls, SPLAT R70, GAIA R75, R77.10, Tufin
Confidential, Wayne, PA
Sr. Network Security Engineer
Responsibilities:
- Configuration and Maintenance of ASA, ASA 5540, ASA 5520, ASA 5510, PIX 535, FWSM Firewalls.
- Migration of Two Major data Centers
- Installation of Cisco ASA 5500 series firewalls, 3500, 4500, 6500 series switches.
- Installation and administration of Checkpoint R 75.40 Firewall.
- VLAN and Port channel configurations on 4500 and 6500 series switches
- OSPF configuration
- Firewall Log monitoring using RSA Envision and Q RADAR
- Site to site VPN implementation on ASA Firewalls
- SSL VPN configuration on F5 Firepass 4300
- ASA software upgrade on Failover setup.
- PIX to ASA Migration.
- Installation and administration of 2800,3800,7200 series Routers
- Best practice implemented on Cisco Routers and Switches.
- Fine tuning of Firewall policies based on Information security policy.
- Network documentation using Microsoft Visio 2007.
- Network sniffing using Wiresharc.
- Building, configuring, maintaining, troubleshooting teh firewalls. Develop and implement teh company’s security policies, and rules implementation. Coordinate lab testing of new software to ensure stable implementation.
- Planned, installed, monitored and was teh single point of contact for all intrusion detection for client systems. Monitored and maintained client firewall, intrusion detection systems and VPN systems including (Checkpoint FW-1/VPN-1/PIX/SecureVPN /SecureIDS).
- Perform Checkpoint and PIX firewall/IDS design, integration and implementation for Cyber Trap client networks.
- Provide Information Security Risk Assessment and consulting for internal projects.
- Coordinate with network operations center (NOC) for change notifications, alerts and escalation of security incidents.
- Provide support to help desk for complex/major network problems. Build teh rules for teh application access across teh IPSEC VPN tunnel.
- Configure IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices using IKE preshared keys, 3DES and MD5.
- Perform packet trace, packet analysis, (using Iris, Ethereal and Ether peek) on IDS systems to determine validity of attack alarms.
- Perform daily network operations, on-call, and other duties and tasks as required.
- Monitor teh ticket queue for incoming tickets, update tickets in accordance to Service Level Agreement (SLAs) requirements and, escalate based on severity levels using AxiosAssyst.
- Perform network security, administration, analysis, and problem resolution for networks, including NT 4.0, Windows 2000, UNIX (Solaris & BSD), TCP/IP, and Checkpoint firewalls.
- Implemented enterprise wide network infrastructure and ecommerce support solutions including, network intrusion detection, encryption and monitoring.
- Performed business migration planning including location change, platform introduction and integration.
Environment: Juniper JUNOS platform including SRX Firewalls, Network & Security Manager (NSM), Juniper Space and, STRM, Juniper UAC, Juniper Pulse
Confidential, Long Island City, NY
Network Security Engineer
Responsibilities:
- Working with Network Design and implementation teams on various projects across related to Brach, Campus and Data Center.
- Designing and deployment of Partner IPSEC VPN tunnels.
- Create and test router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
- Configuration and maintenance of Checkpoint NGX R61.
- Configuration and maintenance of Juniper Net Screen SSG -550.
- Implementing and Troubleshooting of VLAN.
- Implementing & Administration of Zoning Architecture project (Imp of various zone like Server, Intra & Internet Zone).
- Network security monitoring: analysis and identification of incident activities and system log files.
- Review Firewall release for any possible non-compliance or vulnerability.
- Assist with development of security policies, standards and procedures.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX SSL Security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with teh firewalls as per teh design.
- Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4.
- Troubleshoot traffic passing managed firewalls via logs and packet captures
- Deployed 7613 as PE and CE router and Configured and troubleshoot teh Edge Routers.
- Excellent troubleshooting noledge on T1, T3, OC-3 and OC-12.
- Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
Environment: Cisco 6509/ 3750/3550/3500/2950 switches, Checkpoint firewalls, Net Flow,TACACS,EIGRP,RIP,OSPF,BGP,VPN,MPLS,CSM,SUP720, Ether Channels.
Confidential, California, PA
Network/ Security Engineer
Responsibilities:
- Firewall Policy Implementation on Checkpoint R62 and R65 using Provider 1.
- Migrated Nokia IP 300 to Checkpoint NGX R65 SPLAT
- Site to site VPN implementation on Checkpoint Firewall R62 with 3DES encryption over IPsec.
- Monitor and analysis of Firewall logs for HQ and Branch office.
- Configuration and Maintenance of ASA 5550, ASA 5510, PIX 535, PIX 515E, FWSM Firewalls and IPS 4240 using Cisco Security Manager (CSM).
- Programmed all teh switches and firewalls for all teh 30 Remote Locations, Configured QOS for VOICE and Data for Branch office with teh Edge Routers.
- Expertise in VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
- Upgraded company Checkpoint firewall to ASA 5520.
- Configured day to day rules on teh company main firewall for public access of teh different apps configuring different access lists as per company needs. Trained helpdesk staff for day to day jobs such as backup, desktop installations, desktop and server imaging.
- Worked on VMware VCenter for creating virtual servers and virtual desktops.
- Configuring Primary and Backup Servers
- Upgraded, supported, troubleshooted, Windows NT, Windows 2000/2003/2008 R2/2012 operating systems
- Configured Windows Group Policy for teh Desktop security.
- Designed implemented MacAfee EGPO for virus protection
Environment: Cisco 3750/3550/3500/2960 switches and 3640/ 0/3845/3600/2800/ ASA5510 routers, Checkpoint, Aruba Controllers 6000, 3600, 3400,650.
Confidential
Sr. Network Engineer
Responsibilities:
- Experience in working with Nexus 5000 series switches for data center.
- Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
- Convert Branch WAN links from point to point circuits to MPLS and to convert encryption from IPSec/GRE to GetVPN.
- Plan Design and assist in deploying enterprise wide Network SSL Security and High Availability Solutions for ASA.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX SSL Security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with teh firewalls as per teh design.
- Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4.
- Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst
- Experience working JuniperT-Series, M-Series, MX-Series, J-Series Routers.
- Implemented WLAN Aruba Wireless Access Points and its Controllers at various corporate sites fort 11n Infrastructure and its legacy technologies.
- Worked on Extensively on Firewalls, PIX (506E/515E/525/) &ASA 5500(5510/5540) Series.
- Worked On UNIX, Linux, and Windows Platforms and also involved in capacity planning of Network Maintenance.
- Experience with design and implementation of Data center migration at NBC Universal
- Data center migration was involved in Access, Distribution and Core layers.
- Wrote IOS and CAT OS upgrade procedures and Pre/Post checks for customer production upgrades.
- Created MOPS and get approval from peers to perform configuration add/ remove changes.
- Excellent Troubleshooting Skills and Customer Centric approach.
- Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
- Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure.
- Converting CatOS to Cisco IOS Config Conversion on distribution layer switches
- Configuring Vlan’s, VTP’s, enabling trunks between switches.
- Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
- Configured various Router interfaces like ATM interface, T3 & Channelized T1 interfaces
- Configuring and troubleshooting catalyst 6509, 7609, 7613 with Supervisor cards.
- Performed Configuration on ASR 9K Pairs includes HSRP, Bundle EthernetConfig, Assigning dhcp profiles.
Environment: Cisco 3750/3550/3500/2960 switches and 3640/ 0/3845/3600/2800/ ASA5510 routers, Checkpoint, Aruba Controllers 6000, 3600, 3400,650, Nexus7K/5K, 2248/3560/5020/6509.
Confidential
Network Engineer
Responsibilities:
- Configuration and maintenance of Checkpoint NGX R61.
- Troubleshoot traffic passing managed firewalls via logs and packet captures
- Configured and resolved various OSPF issues in an OSPF multi area environment.
- Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. Teh LAN consisted of campus model of Cisco 3550 at access layer, 6513 at distribution/core layer.
- Worked with telecom vendors in regards to network fault isolation.
- Hands-on experience with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP addressing.
- Configured CIDR IP RIP, PPP, BGP and OSPF routing.
- Involved in teh configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
- Identify, design and implement flexible, responsive, and secure technology services
- Experience with Firewall Administration, Rule Analysis, Rule Modification
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- Deployed 7613 as PE and CE router and Configured and troubleshoot teh Edge Routers.
- Excellent troubleshooting noledge on T1, T3, OC-3 and OC-12.
- Configured egress and ingress queues for ISP facing routers using CBWFQ.
- Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
- Experience with implementing and maintaining network monitoring systems and developing complex network design documentation and presentations using VISIO
Environment: Net Flow,TACACS,EIGRP,RIP,OSPF,BGP,VPN,MPLS,CSM,SUP720, Ether Channels, Cisco 7200/3845/3600/2800 routers, Fluke and Sniffer, 6509/ 3750/3550/3500/2950 switches, Checkpoint firewalls(SPLAT).