Sr. Network Engineer Resume
San, JosE
SUMMARY
- Experience in the Networking Domain with extensive emphasis on Network Configuration, Deployment, and Troubleshooting & Network Security.
- Worked extensively on firewalls and VPN gateways Checkpoint, Blue Coat Web Gateway, CISCO, Juniper, Fortigate GUI and Shell.
- Facilitate implementations of information security policies, account security policies and standards for logical and physical security.
- Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
- Deliver niche technology projects such as DLP and forensics to catch and prevent fraud, manage overall operational aspect of DLP.
- Oversee Vulnerability assessment /penetration testing of scoped systems and applications to identify system vulnerabilities.
- Responsible for conceptualizing and driving BCP as a culture, within the organization.
- Ensure IS policies are updated & reviewed.
- Specialist in consulting of different security solutions for all phases of solution cycle: Planning, Architecture, Design, Implementation, Deployment, Troubleshooting & Support, Handover and Documentation.
- Manage relationships in all areas of IT and the lines of business.
- Subject matter expert (SME) for DLP, Firewall, VPN, Archer, Vulnerability Management solutions, IDS/IPS/WIPS, SIEM and Endpoint Security.
- Better understanding of theoretical and applied practices, SDLC process.
- SOC Operations, IT Compliance and Internal Audit with the help of ISO 27001 and PCI.
- Risk assessment, IS Audits and security control gap analysis from information & network security perspective.
- Strong analytical ability and Client relationship management.
TECHNICAL SKILLS
CISCO router platforms: 2500, 2600, 2800, 3600, 3700, 3800, 7200, 7609, ASR1k.
CISCO Switch platforms: 2900XL, 2950, 2960, 3560, 3750X, 4500, 6500
Firewalls: CISCOPIX 501, 510, 515E,CISCO ASA5520, 5540,Palo Alto, Check Point
NetworkConfiguration: Advanced switch/router configuration (CISCOIOS access list, Route redistribution/propagation)
Routing Protocols: IGRP, EIGRP, OSPF, BGPv4, MP - BGP
WAN Protocols: HDLC, PPP, MLPPP
Packet Switched WAN: ATM, FRAME RELAY, MPLS, VPNs
Layer 2 technology: VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVST
Layer 3 Switching: CEF, MLS, Ether Channel
QOS: CBWFQ, LLQ, WRED, Policing/Shaping.
LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q.
WAN Technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, HDLC, CSU/DSU.
Operating Systems: Microsoft XP/Vista/7, UNIX, Linux (Redhat, Fedora) Windows Servers Windows MS-Office.
Juniper Devices: Juniper EX Series 2200, 2300, 3300, 2400, 4200, 4300, 4550, 4600,QFX Series 5100, 5200. Juniper PTX Series 1000, 3000, 5000, ACX Series ACX 500, 1000, 1100, 2100, 2200
Antivirus: McAfee VirusScan Enterprise, Symantec, Endpoint Protection Suite
DLP: Websense, Symantec & McAfee
End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safeboot
IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS
SIEM: RSA Envision, Netforensic SIEM Strom, Arcsight
Content Filtering Solution:
MSS: Vulnerability Assessment, Content Filter, Antispam
Email Security: McAfee Email and Web Security
PROFESSIONAL EXPERIENCE
Sr. Network Engineer
Confidential, San Jose
Responsibilities:
- Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel onCISCOCatalyst Switches 3500, 6500, 7600.
- Performed Troubleshooting and monitored routing protocols such RIP, OSPF, EIGRP & BGP.
- Designed OSPF Areas for reliable Access Distribution and for Core IP Routing.
- Trouble shooting and Incident resolving on Juniper Mx-960 and 10,000 Switches.
- Configured and worked on Juniper MX240 and MX40 router, and optimized network for application delivery in virtualized network environment.
- Implemented various routing protocols such as RIP, EIGRP, and OSPF on Juniper MX routers; also taking care of issues such as discontinuous networks.
- Configuring and troubleshooting Layer 2 Ethernet switch and router interfaces for Arista, Cisco, andJuniper
- Facilitate implementations of information security policies, account security policies and standards for logical and physical security.
- Perform Risk Assessment and drive the closures of identified risks.
- Perform ISO 27001, PCI, SOX Audits and drive them to the closure of findings.
- Knowledge in Implementing & Managing LAN, WLAN & WAN solutions for different client setup. In-depth knowledge and experience in WAN technologies including HDLC, Point-to-Point, ATM, Frame Relay& MPLS
- Managing a Team for performing Release Management functions. Assessing the new releases, performing VA & Secure Code Review prior pushing them to Production Environment.
- Reviewing HLD & LLD from Security perspective.
- Configure JuniperQFX5100 switches for managed colocation customers.
- Configuring and troubleshooting Layer 3 VPN on Cisco,Juniper, and Arista.
- Established IPSec VPN tunnels between branch offices and headquarter using Juniper SRX Firewall
- Responsible for all Juniper SRX firewalls consisting of SRX 3560, 1400, 550. Using CLI and/or Junos Space Security Director for management. Install, upgrade, troubleshoot, design, etc.
- Configured Client VPN technologies including CISCO's VPN client via IPSEC.
- Worked on Checkpoint Firewalls Clusters of both High-Availability and Load-Sharing.
- Implemented inter-VLAN routing (on Juniper EX 3300 and EX 3400 switches) among the VLANs to allow communication on larger internetworks.
- Implemented extended ACLs on Juniper SRX and 3750 to allow communication between the required networks, and to restrict other communications.
- Configuring and Troubleshooting Cisco Firewall/ASA, Checkpoint FW, Bluecoat ProxySG.
- Performed VPN configuration and troubleshooting using various IPSec and SSL-VPN technologies
- Configured and maintained Palo Alto Network firewalls
Network Engineer
Confidential
Responsibilities:
- Maintaining framework to ensure that information security policies, technologies and processes are aligned with the business regulations of the clients.
- Installed high availability Big IPF5LTM and GTMloadbalancersto provide uninterrupted service to customers.
- ConfiguredCISCORouters for BGP, OSPF, RIP, RIPv2, EIGRP, Static and default route in a VPN environment using MPLS.
- Led efforts to globally reposition Blue Coat from Network Security brand to leader in Network Optimization.
- Involved in designing VPN architecture with IPSEC, VPN-Services, RADIUS-Servers, IP-addressing and IAS log viewer of the end use.
- Knowledge in Implementing & Managing LAN, WLAN & WAN solutions for different client setup. In-depth knowledge and experience in WAN technologies including HDLC, Point-to-Point, ATM, Frame Relay& MPLS Identifying and implementing practices in security to enhance the operations of the clients.
- Performing risk analysis and security control gap analysis from information & network security perspective.
- Performing Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
- Analysis and documentation of network & information security requirements and define security policy for enterprise client and business critical servers.
- Managing security incidents in the organization, key member of Incident Response Team.
- Part of team for the accomplishment of short & long term planning of company’s goals.
- Managing & Upgrading McAfee End Point Security (McAfee ePO, VirusScan Enterprise, Antispyware, Host Intrusion Prevention System) across multiple locations for approx. 45000 end nodes (Including workstations, VDI’s and laptop) and 1200 servers (Windows, Linux, Unix, Citrix and VM’s)..
- Log analysis and advisories to different customers through RSA envision SIEM.
- Maintaining SOC operations for wireless security across globe for CSC.
- Conducting security workshops and presentations for the clients.
Network Analyst
Confidential
Responsibilities:
- Design and implement the firewall configuration from scratch which includes failover configure, natting, interface config, SNMP and syslog config, maintain backup to Syslog server,
- Manage DLP for Multiple clients
- Perform firewall config audits and remediate the holes. Design DR Plans.
- Configure IPSec Site to Site and Remote Access, SSL VPN tunnels, review debug messages to troubleshoot the VPN issues.
- Install new IDS/IPS, configure rule sets and policies, upgrade IOS of NSM and IDS/IPS, block signature to prevent non-legitimate traffic
- Worked extensively in Configuring, Monitoring and Troubleshooting CISCO'sASA5500/PIX security appliance.
- Deployed Palo Alto/Cisco ASA firewalls and IDS thereby securing up to the application layer on the network
- Building configurations for Juniper MX 2010 and MX 2020 routers with features like port security, VLANS, VTP, PVST+.
- Configuration of Juniper SRX series firewalls for outbound traffic via blue coat proxy server.
- Implemented inter-VLAN routing (on Juniper EX 3300 and EX 3400 switches) among the VLANs to allow communication on larger internetworks.
- Implemented extended ACLs on Juniper SRX and 3750 to allow communication between the required networks, and to restrict other communications.
- Established IPSec VPN tunnels between branch offices and headquarter using Juniper SRX Firewall
- Responsible for all Juniper SRX firewalls consisting of SRX 3560, 1400, 550. Using CLI and/or Junos Space Security Director for management. Install, upgrade, troubleshoot, design, etc.
- Configure the network objects, domain name sets, computer sets, proxy rules to allow / deny the Internet traffic (port 80 & 443) through the forward proxy.
- Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
- Provided firewall policy configuration and services with Juniper SRX 240 & 650 service gateways.
- Design the Web listeners and firewall policy rules on reverse proxy to allow the Internet users to access the Internal servers/ resources through Internet.
- Design the policies and client tasks, configure Sorting criteria, Integrating multiple ePO servers, VSE, VSES, HIPS & MA Installation, Configure Exclusions to exempt scanning
Network Engineer
Confidential
Responsibilities:
- Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. ConfiguredCISCORouters for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
- Worked on installation, maintenance, and troubleshooting of LAN/WAN(ISDN, Frame relay, NAT, DHCP, TCP/IP).
- Designed IP Addressing schemes, VLAN tables and Switchport assignments, Trunking and Ether-channel implementation.
- Implemented various routing protocols such as RIP, EIGRP, and OSPF on Juniper MX routers; also taking care of issues such as discontinuous networks.
- Configure, upgrade and fine tune the DLP, IPS policies to meet the changing needs & improve Security Metrics
- Understanding the JUNOS platform and worked with JUNOS upgrade of Juniper devices.
- Worked on Juniper J series j230, M 320 routers and EX 3200 series switch.
- Building configurations for Juniper EX 3300 and EX 4200 switches with features like port security, VLANS, VTP, PVST+.
- Design and Configure Checkpoint and Cisco ASA Firewall policies.
- Conducting security workshops and presentations for the clients.
- Managing SIEM - Net forensics
- Installed operating systems, applications, service packs etc.