We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

3.00 Rating

WI

SUMMARY

  • 7 years of professional experience in Network Planning, Implementing, Configuring, Troubleshooting and testingof networking system on both Cisco and Juniper Networks.
  • Experience with the escalation problems for Routing, Switching and WAN connectivityissues using ticketing system remedy.
  • Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such asEIGRP, OSPF.
  • Worked on Cisco 7200, 3800, 3600, 2800, 2600, 1800 series Routers and Cisco 2900, 3500, 4500, 5500, series switches.
  • Implementation traffic filters on Cisco routes usingStandard, extended Access list.
  • In - depth expertise in the analysis, implementation, troubleshooting & documentation ofLAN/WAN architectureand good experience on IP services.
  • Proficiency in configuration ofVLANsetup on various Cisco Routers and Switches.
  • Hands-on experience in using network monitoring toolSolar windsOrion.
  • Good knowledge on Cisco RSA.
  • Strong knowledge inHSRP, VRRP redundancy Protocols.
  • Experience in Network Management Tools and sniffers likeSNMP, HP-Open view, Wireshark and Cisco worksto support 24 x 7 Network Operation Center.
  • Experience inphysical cabling, IP addressing andsubnettingwithVLSM, configuring and supporting TCP/IP, DNS, installing and configuring proxies.
  • Access control server configuration forRADIUS & TACAS+.
  • Hands-on experienceusingCiscoVirtual Switching System (VSS).
  • Good knowledge ofCISCO NEXUSdata center infrastructure with5000 and 7000 series switchesincludes (5548, 7010) includingCISCO NEXUS Fabric Extender (223, 2248)
  • Hands-on Experience withCISCO Nexus 7000, Nexus 5000, and Nexus 2000 platforms.

TECHNICAL SKILLS

Protocols: RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP,DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, POP3, LDAP.

LAN Technologies: Workgroup, Domain, HSRP, DHCP, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN Technologies: Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, SONET, Metro Ethernet.

Network Products: CISCO Routers 1700, 1800, 2500, 2600, 2800. CISCO High End Router 3600, 3800, 7200, 12010. CISCO Switches 1900, 2950, 2960. CISCO Campus Switches 3550XL, 4984 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507.

Security & VPN: PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM,FWSM, Fortigate, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, sonicwall, RSA SecureID, SRX,SSG series firewalls.

Authentication: RADIUS, TACACS+, Digital certificates

Monitoring: Wireshark, Nmap, Nessus OpManager, PRTG Packet Sniffer

Servers: Domain servers, DNS servers, WINS servers, Mail servers, Proxy Servers, Print Servers, Application servers, FTP servers, Avocent Console server.

Operating Systems: Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 server, Windows XP/7, LINUX, Solaris, Red Hat, Active Directory, UNIX, junos.

PROFESSIONAL EXPERIENCE

Confidential, WI

Sr. Network Security Engineer

Responsibilities:

  • Experience with configuring Cisco 6500 VSS in Distribution layer of the Data center network
  • Configuration and Administration of Cisco and Juniper Routers and Switches
  • Experience working with Nexus 7010, 5548, 5596, 2148, 2248 devices.
  • Experience configuringVPC(Virtual Port Channel),VDC(Virtual Device Context) in Nexus 7010/7018
  • Experience with configuringFCOE using Cisco nexus 5548
  • Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
  • Experience with setting upMPLS Layer 3VPN cloud in data center and also working with BGP WAN.
  • Configure and troubleshoot Juniper EX series switches and routers
  • Migrated to Juniper EX series switches from Cisco 3500 series and 6500 series switches
  • Experience with moving data center from one location to another location, from 6500 based data center to Nexus based data center
  • Network security including NAT/PAT, ACL, and ASA/SRX Firewalls.
  • Good knowledge with the technologies VPN,WLANand Multicast.
  • Well Experienced in configuring protocols HSRP,GLBP, ICMP,IGMP, PPP,PAP, CHAP, and SNMP.
  • Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document andfollowed the change process as per IT policy It also includes the configuration of port channel between core switches and server distribution switches.
  • Switching tasks include VTP, ISL/ 802.1q, IPSec andGRE Tunneling,VLANs, Ether Channel,Trunking, Port Security, STP and RSTP.
  • Experience in installing and configuring DNS, DHCP servers.
  • Replace branch hardware with new 3900 routers and 2960 switches.
  • Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
  • Convert Branch WAN links from TDM circuits toMPLS and to convert encryption fromIPSec/GRE toGetVPN.
  • Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trunking, deployed port security when possible for user ports
  • Involved in configuring Juniper SSG-140 and Cisco ASA firewall
  • Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed.

Environment: Cisco router 3825, 7209, Switches: 4948, 3750, NX-OS 5958, Security: ASA 5550, 5545-NX Checkpoint R70, R75 Splat & GAiA, Load Balancer: F5 Big-IP (LTM) 4000v, Kemp LoadMaster 6.0, NMS: HP OV, Voyance, Zenoss, Solarwind, OpManager.

Confidential, IL

Sr. Network Engineer

Responsibilities:

  • Involved in configuring and implementing of composite Network models consists of Cisco7600, 7200, 3800 series routers and Cisco 2950, 3500, 5000, 6500 Series switches
  • Configured networks using routing protocols such as EIGRP, OSPF, BGP and manipulated routing updates using route-map,distribute list and administrative distance
  • Experience deployingF5 Load Balancersfor load balancing and traffic management of business application
  • Experience working withCisco Nexus 2148 Fabric Extender and Nexus 5000series to provide a Flexible Access Solution for datacenter access architecture.
  • Worked with Configuration,upgradationand troubleshooting of ASA firewalls like 5520/5550/5580.
  • Implementing traffic engineering on top of an existingMultiprotocol Label Switching(MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
  • Implemented Hot Standby Router Protocol(HSRP) by tuning parameters like preemption
  • Implemented various OSPF scenarios on networks consisting of 7600 routers
  • Configured policy based routing for BGP for complex network systems
  • Configured Multi protocol Label Switching(MPLS) VPN with EIGRP on the customer’s site.
  • Worked with Load balancer 5for configuring and maintainlocal traffic manager(LTM) and Global Traffic Manager(GTM)
  • NegotiateVPN tunnels using IPsec encryptionstandards and also configured and implemented site-to-site VPN, Remote VPN.
  • Worked withNetQoSfor performance management.
  • Tuned BGP internal and external peers with manipulation of attributes such as metric, origin and local preference
  • Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.

Environment: Cisco router 3600, 7209, Switches: 2950, 4948, 6509 Security: ASA 5520, 5540 Checkpoint R75 Splat, Juniper Netscreen SG 220, Load Balancer: F5 Big-IP (LTM) 6900, NMS: WhatsUP Gold, Zenoss, Solarwind, OpManager

Confidential, WI

Network Engineer

Responsibilities:

  • Hand on experience the configuration and implementation of various Cisco Routers and L2 Switches.
  • Checkpoint Level3 operations support with hardware operations - fixed all problems & RMA's, taking any escalations that dealt with the equipment and its connection: interfaces, VLAN's, routes, etc.
  • Maintain and configure Cisco ACS devices to support AAA security for both external remote access and internal wireless connectivity.
  • Maintained and provided support for LAN/WAN infrastructure as needed. This included working on specific hardware such as switches, routers, PIX, wireless APs, VPN Concentrators, frame relay, IPsec VPN and other entities.
  • User admin on the firewalls, adding and deleting users as they come and go.
  • Installed and configured workstations for IP based LAN's
  • Installed and configured DHCP Client/Server
  • Configured and managed networks using L3 protocols like RIPv2.
  • Provided proactive threat defense with ASA that stops attacks before they spread through the network.
  • Cisco ASA 5540 firewall experience creating access rules for various DMZ containers for both inbound and outbound traffic.
  • Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity
  • Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
  • AAA Radius/Tacacs setup on Cisco ACS for routers
  • Troubleshoot network connectivity issues such as DNS, WINS and DHCP
  • Mentored new security engineers for the Managed Security Services group.
  • Installed, configured, performed troubleshooting and deployed SP1 for Windows 2003 Servers.
  • Managed a team of ten security analysts who provide a security event analysis roll, level-one network security engineering support, and a switchboard function for the SOC
  • Administered and supported local/LAN printers, LAN IDs in Novell

Environment: Routers: Cisco router 2600, 3600, 7204, Switches: 4948, 6509 Security: ASA 5520, 5540, 5585-NX, Checkpoint Splat, Juniper SRX 650, Netscreen SG 220, Load Balancer: F5 Big-IP (LTM) 4000, NMS: WhatsUP Gold, Zenoss, Solarwind, OpManager.

Confidential, NC 

Network Engineer

Responsibilities:

  • Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration
  • Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls, installing and configuring new juniper EX,MX,SRX (Next - Generation Firewall) series firewalls to meet day to day work
  • Adding and removing checkpoint firewall policies based on the requirements of various project requirements
  • Also involved in Configuration of Nexus 7010 including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0, Nexus VPC peer links.
  • Worked on load balancers like F5 10050s, 10250v, GTM 2000s, 2200s to troubleshoot and monitor DNS issues and traffic related to DNS and avoid DDoS
  • Deployment of Palo Alto firewall into the network. Configured and wrote Access-list policies on protocol based services
  • Configured network access servers and routers for AAA security (RADIUS/ TACACS+)
  • Troubleshooting of protocol based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow
  • Worked on DNS server involving configuration and resolving DNS related issues
  • Writing rules for NAC servers as per the authentication and authorization of systems within the company.
  • Monitoring the network access points with the help of IBMQRadar and Cisco prime infrastructure.
  • Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place
  • Installing and configuring new cisco equipment including Cisco 1900, 2900, 3900 series routers,Cisco catalyst switches 6807, Nexus 7010, Nexus 5500 and Nexus 2k as per the requirement of the company
  • Worked on regular troubleshooting of BGP, EIGRP routing protocols
  • Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms
  • Managing and providing support to various project teams with regards to the addition of new equipment such as routers, switches and firewalls to the DMZs
  • Working closely with Data center management to analyze the data center sites for cabling requirements of various network equipment

Environment: Cisco router 3825, 7209, Switches: 4948, 3750, NX-OS 5958,Security:ASA 5550, 5545-NX Checkpoint R70, R75 Splat&GAiA,Load Balancer: F5 Big-IP (LTM) 4000v, Kemp LoadMaster 6.0,NMS:HP OV, Voyance, Zenoss, Solarwind, OpManager.

We'd love your feedback!