We provide IT Staff Augmentation Services!

Network Security Engineer Resume

5.00/5 (Submit Your Rating)

Nyc, NY

SUMMARY

  • Performance - driven,results oriented Information Security Professional, with extensive experience innetwork security, threat detectionandmitigation,server administration, team management.
  • Experienced in the designand security of networks, next generation firewall configuration and vulnerability assessments.
  • Valued for breadth of knowledge withWindows,Linux,and MAC enterprise network administration.
  • Excellent writtenand oral communication skills.
  • Ability to communicate effectivelywith all levels of staff and management.
  • Risk,vulnerability assessments, advanced threat detection and countermeasures
  • Strong understanding of multiple information security frameworks and how the framework should fit in with the organization’s overall information security program
  • Knowledge of global and domestic regulations and standards: GLBA, FISMA / NIST, SOX, HIPPA, Safe Harbor, ISO 27001/ 27002/ 2700 x and SSAE-16
  • Experienced in the process of obtaining and maintaining an ISO 27001 certification
  • Web and proxy countermeasures including strong knowledge of OWASP-10
  • Programming languages: SQL, Java, JavaScript, C, C#, C++, Python, PHP
  • Scripting: PowerShell, Bash, Python
  • Extensive knowledge of LANDesk, Casper and MS SCCM desktop management tools
  • L2-L3 Protocols - OSPF, EIGRP, BGP, STP, VLAN, 802.1Q, IPv4, IPv6, ARP, NAT
  • L4-L7 Protocols - TCP/IP, UDP, HTTP, HTTPS, SSL, SSH, FTP, DNS, DHCP, NFS, NTP, SMTP, SNMP. Expert knowledge of the OSI model, TCP/IP, UDP
  • Troubleshooting IPSEC / VPN tunnels, ingress / egress issues
  • IP Address assignments, switch port and VLAN assignments, and VPLS
  • Security - IPsec, SSL/TLS, VPN, ISAKMP key management, symmetric and public key cryptography. cryptographic key management, RSA
  • WPA2, Kerberos, Radius, NAC, LDAP, MPLS, (RIPV2, OSPF, EIGRP & BGP), IPv4, IPv6, MPLS, HSRP, GLBP, SSL, IPSec,
  • Experience working with Cisco Catalyst Series 3750, 4500, 4900, 6500; Nexus 2000, 5000, 6000 and 7000 series switches, Cisco WAAS, Cisco router models: 7200, 3800, 3600, 2800, 2600, 2500, 1800 series
  • Strong commitment to outstanding customer service. Able to lead a diverse workforce with ability to quickly understand and explain complex technical concepts.

PROFESSIONAL EXPERIENCE

Confidential, NYC, NY

Network Security Engineer

Responsibilities:

  • Management of information systems, network security practices, and other audited regulatory requirements in an ISO 2700x/NIST framework
  • Organize and manage annual responses to several external and internal audits, including PCI-DSS, SAS 70 (SSAE16), Gramm-Leach-Bliley, and Sarbanes Oxley
  • Development and implementation of information security practices including policies, standards, guidelines and well documented procedures within an established framework
  • Development and maintenance ofan information security strategy and network architecture
  • Configure, manage, deploy: Palo Alto, Cisco ASA, Checkpoint,next generation firewalls
  • Run enterprise security scans: SIEM: IBM-QRadar, Qualys, ArcSight, Tenable - Nessus, Splunk, SolarWinds. Endpoint DLP:Digital Guardian, Symantec, FireEye, Riverbed
  • Conduct information security audits and reviews to determine compliance. Analyze data from scans to validate best security practices and submit results to thecompliance team for review
  • Creation ofautomated security testing scripts using Python and PowerShell scripting for open port scanning, brute force attacks, botnets, NMAP port scanners and other attack vectors
  • Development, testing, maintaining, and managing a forensics & incident response program.
  • Perform digital investigations on end user workstations and servers (Microsoft / Linux)
  • Act as Analyst for digital investigationsin the frame of security event compliance operations
  • Interpret public, commercial, governmental intelligence agencies’ advanced threat warning systems,analyze incidents,risks, vulnerabilities, threats and deploy countermeasures

Confidential, Tempe, AZ

Network Security Engineer

Responsibilities:

  • Maintain medical information security systems as per the Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. §1301 et seq.)
  • Development and implementation of information security best practices, policies, standards, guidelines and procedures in response to risk, vulnerability, and threat analysis / mitigation
  • Vulnerability testing of network infrastructure and web-based applications utilizing manual and automated tools. Advanced vulnerability, risk, and threat analysis
  • Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E
  • Utilized knowledge of MPLS services, NAT'ing, subnetting, also including DNS, LDAP, DHCP, HTTP, HTML, HTTPS, TCP/IP, UDP, SNMP, RIP, IPSEC, PPTP, VLAN, WISM, STP (Spanning tree Protocol), RTSP & Multicasting protocols
  • Configured and implemented proxy related devices including restricting HTTP/ HTML protocol validation from server and client. Utilized Bluecoat and Websense
  • Design and implementation of virtual switching system (VSS) for both user segment and server segment using 6509-V-E catalyst switches
  • Design, implementation, troubleshooting of Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR
  • Installed, configured and managed Cisco routers such as 7200 series, 3800 series, 3700 series, 2800 series and Cisco Catalyst switch series 6500, 4500, 3500, and 2900
  • Worked on Layer 2 protocols such as BGP, STP, VTP, STP, RSTP, PVSTP, MST VLAN troubleshooting and configuring switches
  • Switching technology and administration including: creating and managing VLANS, port security - 802.1x, Trunking-802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009
  • VPN design and operation: IPSec, SSL, L2L & remote access on Cisco/Juniper/F5
  • Network authentication services (system and user): RADIUS, LDAP/AD, 802.1x
  • Ethernet switch design and configuration: Port management, switch stacking virtual chassis VPC, VLT

Confidential, Houston, TX

Network Security Engineer

Responsibilities:

  • Responsible for managing network & security at the Data center.
  • Implementation and configuration of Firewalls especially Check Point and Cisco ASA.
  • Worked on Policy administration of Cisco and Check Point Firewalls.
  • Troubleshot end user connectivity issues through the firewalls and network.
  • Made sure the NAT is applied appropriately on the firewall for all the third party and DMZ traffic.
  • LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems).
  • VLAN’s design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
  • Responsible for ASA 8.x Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
  • Troubleshot Layer 2 and Layer 3 issues.
  • EIGRP and RIP version 1 & 2 Routing Protocols. Redistributing from OSPF to EIGRP and vice versa.
  • Configured static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Transition.
  • Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
  • Implemented Positive Enforcement Model with the help of Palo Alto Networks.
  • Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
  • Configuration of Palo Alto Firewall PA-5k and CMS.
  • DNS, DHCP services configuration and support.
  • Deployed a Syslog server to allow proactive network monitoring.
  • Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
  • Configured Client VPN technologies including Cisco's VPN client via IPSEC.
  • Deleted unused Check Point policies, unused gateway objects, and unused VPN communities to clean up the Check Point firewall environment.
  • Configured Firewall logging, DMZs and related security policies and monitoring.
  • Switched related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
  • Installed and configured System Center Configuration Manager 2007.
  • Worked on Site Recovery Manager 5.0 for Disaster recovery.

Confidential, Dallas, TX

Network Engineer

Responsibilities:

  • Administration and support of Checkpoint and ASA firewalls for Client at data center.
  • Firewall Policy provisioning and work with firewall requests submitted by users through Remedy system.
  • Responsible for ASA Firewall support and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
  • Support FWSM Firewall Blade Module on 6513 Switches
  • Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco PIX and ASA Firewalls
  • Build Site to Site IPsec VPN tunnels between data center and various client locations in US with strong focus on data encryption.
  • Configure CSM (Cisco Security Manager) for all Firewall, IDS/IPS management in the network.
  • Setup Active/Standby High Availability for stateful failover and replication as well as ZERO DOWN TIME maintenance. Backup and Recovery of Firewall IOS as well as Configurations.
  • Configure Cluster XL on Checkpoint security gateway. Verify state/connection table sync between gateways. Configure and support Nokia VRRP Cluster based HA of Checkpoint firewalls.
  • Backup and restore of checkpoint Firewall policies as well as security gateway configurations.
  • Bluecoat proxy administration for url filtering and client policy provisioning.
  • LAN/WAN level 3 support (diagnose and troubleshooting)
  • Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MST to avoid loops in the network. Trunking and port channels creation.
  • Key functions include Configuring and maintaining services, Access control lists, System Access, Authentication, and Authorization, Key Security tools installed, Auditing and reporting by Log reviews.
  • Monitor the firewall security logs for the critical alerts or intrusions and fix the security holes in the network.
  • BGP configuration and troubleshooting for ISP failover. Configuring and Troubleshooting OSPF as well as Redistributing OSPF and BGP routes.
  • Troubleshooting T1 Lines as well as bonded T1 lines for 3rd party Connections to the data center.
  • Deployed Syslog servers to allow proactive network monitoring.
  • Implemented VLANS between different departments and connected them using trunk by keeping one vlan under server mode and rest falling under client modes.
  • Configured Firewall logging, DMZs and related security policies and monitoring.
  • Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

We'd love your feedback!