SUMMARY

• Performance - driven,results oriented Information Security Professional, with extensive experience innetwork security, threat detectionandmitigation,server administration, team management.
• Experienced in the designand security of networks, next generation firewall configuration and vulnerability assessments.
• Valued for breadth of knowledge withWindows,Linux,and MAC enterprise network administration.
• Excellent writtenand oral communication skills.
• Ability to communicate effectivelywith all levels of staff and management.
• Risk,vulnerability assessments, advanced threat detection and countermeasures
• Strong understanding of multiple information security frameworks and how the framework should fit in with the organization’s overall information security program
• Knowledge of global and domestic regulations and standards: GLBA, FISMA / NIST, SOX, HIPPA, Safe Harbor, ISO 27001/ 27002/ 2700 x and SSAE-16
• Experienced in the process of obtaining and maintaining an ISO 27001 certification
• Web and proxy countermeasures including strong knowledge of OWASP-10
• Programming languages: SQL, Java, JavaScript, C, C#, C++, Python, PHP
• Scripting: PowerShell, Bash, Python
• Extensive knowledge of LANDesk, Casper and MS SCCM desktop management tools
• L2-L3 Protocols - OSPF, EIGRP, BGP, STP, VLAN, 802.1Q, IPv4, IPv6, ARP, NAT
• L4-L7 Protocols - TCP/IP, UDP, HTTP, HTTPS, SSL, SSH, FTP, DNS, DHCP, NFS, NTP, SMTP, SNMP. Expert knowledge of the OSI model, TCP/IP, UDP
• Troubleshooting IPSEC / VPN tunnels, ingress / egress issues
• IP Address assignments, switch port and VLAN assignments, and VPLS
• Security - IPsec, SSL/TLS, VPN, ISAKMP key management, symmetric and public key cryptography. cryptographic key management, RSA
• WPA2, Kerberos, Radius, NAC, LDAP, MPLS, (RIPV2, OSPF, EIGRP & BGP), IPv4, IPv6, MPLS, HSRP, GLBP, SSL, IPSec,
• Experience working with Cisco Catalyst Series 3750, 4500, 4900, 6500; Nexus 2000, 5000, 6000 and 7000 series switches, Cisco WAAS, Cisco router models: 7200, 3800, 3600, 2800, 2600, 2500, 1800 series
• Strong commitment to outstanding customer service. Able to lead a diverse workforce with ability to quickly understand and explain complex technical concepts.

PROFESSIONAL EXPERIENCE

Confidential, NYC, NY

Network Security Engineer

Responsibilities:

• Management of information systems, network security practices, and other audited regulatory requirements in an ISO 2700x/NIST framework
• Organize and manage annual responses to several external and internal audits, including PCI-DSS, SAS 70 (SSAE16), Gramm-Leach-Bliley, and Sarbanes Oxley
• Development and implementation of information security practices including policies, standards, guidelines and well documented procedures within an established framework
• Development and maintenance ofan information security strategy and network architecture
• Configure, manage, deploy: Palo Alto, Cisco ASA, Checkpoint,next generation firewalls
• Run enterprise security scans: SIEM: IBM-QRadar, Qualys, ArcSight, Tenable - Nessus, Splunk, SolarWinds. Endpoint DLP:Digital Guardian, Symantec, FireEye, Riverbed
• Conduct information security audits and reviews to determine compliance. Analyze data from scans to validate best security practices and submit results to thecompliance team for review
• Creation ofautomated security testing scripts using Python and PowerShell scripting for open port scanning, brute force attacks, botnets, NMAP port scanners and other attack vectors
• Development, testing, maintaining, and managing a forensics & incident response program.
• Perform digital investigations on end user workstations and servers (Microsoft / Linux)
• Act as Analyst for digital investigationsin the frame of security event compliance operations
• Interpret public, commercial, governmental intelligence agencies’ advanced threat warning systems,analyze incidents,risks, vulnerabilities, threats and deploy countermeasures

Confidential, Tempe, AZ

Network Security Engineer

Responsibilities:

• Maintain medical information security systems as per the Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. §1301 et seq.)
• Development and implementation of information security best practices, policies, standards, guidelines and procedures in response to risk, vulnerability, and threat analysis / mitigation
• Vulnerability testing of network infrastructure and web-based applications utilizing manual and automated tools. Advanced vulnerability, risk, and threat analysis
• Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E
• Utilized knowledge of MPLS services, NAT'ing, subnetting, also including DNS, LDAP, DHCP, HTTP, HTML, HTTPS, TCP/IP, UDP, SNMP, RIP, IPSEC, PPTP, VLAN, WISM, STP (Spanning tree Protocol), RTSP & Multicasting protocols
• Configured and implemented proxy related devices including restricting HTTP/ HTML protocol validation from server and client. Utilized Bluecoat and Websense
• Design and implementation of virtual switching system (VSS) for both user segment and server segment using 6509-V-E catalyst switches
• Design, implementation, troubleshooting of Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR
• Installed, configured and managed Cisco routers such as 7200 series, 3800 series, 3700 series, 2800 series and Cisco Catalyst switch series 6500, 4500, 3500, and 2900
• Worked on Layer 2 protocols such as BGP, STP, VTP, STP, RSTP, PVSTP, MST VLAN troubleshooting and configuring switches
• Switching technology and administration including: creating and managing VLANS, port security - 802.1x, Trunking-802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009
• VPN design and operation: IPSec, SSL, L2L & remote access on Cisco/Juniper/F5
• Network authentication services (system and user): RADIUS, LDAP/AD, 802.1x
• Ethernet switch design and configuration: Port management, switch stacking virtual chassis VPC, VLT

Confidential, Houston, TX

Network Security Engineer

Responsibilities:

• Responsible for managing network & security at the Data center.
• Implementation and configuration of Firewalls especially Check Point and Cisco ASA.
• Worked on Policy administration of Cisco and Check Point Firewalls.
• Troubleshot end user connectivity issues through the firewalls and network.
• Made sure the NAT is applied appropriately on the firewall for all the third party and DMZ traffic.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems).
• VLAN’s design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Responsible for ASA 8.x Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Troubleshot Layer 2 and Layer 3 issues.
• EIGRP and RIP version 1 & 2 Routing Protocols. Redistributing from OSPF to EIGRP and vice versa.
• Configured static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Transition.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Configuration of Palo Alto Firewall PA-5k and CMS.
• DNS, DHCP services configuration and support.
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
• Configured Client VPN technologies including Cisco's VPN client via IPSEC.
• Deleted unused Check Point policies, unused gateway objects, and unused VPN communities to clean up the Check Point firewall environment.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switched related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Installed and configured System Center Configuration Manager 2007.
• Worked on Site Recovery Manager 5.0 for Disaster recovery.

Confidential, Dallas, TX

Network Engineer

Responsibilities:

• Administration and support of Checkpoint and ASA firewalls for Client at data center.
• Firewall Policy provisioning and work with firewall requests submitted by users through Remedy system.
• Responsible for ASA Firewall support and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Support FWSM Firewall Blade Module on 6513 Switches
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco PIX and ASA Firewalls
• Build Site to Site IPsec VPN tunnels between data center and various client locations in US with strong focus on data encryption.
• Configure CSM (Cisco Security Manager) for all Firewall, IDS/IPS management in the network.
• Setup Active/Standby High Availability for stateful failover and replication as well as ZERO DOWN TIME maintenance. Backup and Recovery of Firewall IOS as well as Configurations.
• Configure Cluster XL on Checkpoint security gateway. Verify state/connection table sync between gateways. Configure and support Nokia VRRP Cluster based HA of Checkpoint firewalls.
• Backup and restore of checkpoint Firewall policies as well as security gateway configurations.
• Bluecoat proxy administration for url filtering and client policy provisioning.
• LAN/WAN level 3 support (diagnose and troubleshooting)
• Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MST to avoid loops in the network. Trunking and port channels creation.
• Key functions include Configuring and maintaining services, Access control lists, System Access, Authentication, and Authorization, Key Security tools installed, Auditing and reporting by Log reviews.
• Monitor the firewall security logs for the critical alerts or intrusions and fix the security holes in the network.
• BGP configuration and troubleshooting for ISP failover. Configuring and Troubleshooting OSPF as well as Redistributing OSPF and BGP routes.
• Troubleshooting T1 Lines as well as bonded T1 lines for 3rd party Connections to the data center.
• Deployed Syslog servers to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one vlan under server mode and rest falling under client modes.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.