Network Security Engineer Resume
5.00/5 (Submit Your Rating)
Nyc, NY
SUMMARY
- Performance - driven,results oriented Information Security Professional, with extensive experience innetwork security, threat detectionandmitigation,server administration, team management.
- Experienced in the designand security of networks, next generation firewall configuration and vulnerability assessments.
- Valued for breadth of knowledge withWindows,Linux,and MAC enterprise network administration.
- Excellent writtenand oral communication skills.
- Ability to communicate effectivelywith all levels of staff and management.
- Risk,vulnerability assessments, advanced threat detection and countermeasures
- Strong understanding of multiple information security frameworks and how the framework should fit in with the organization’s overall information security program
- Knowledge of global and domestic regulations and standards: GLBA, FISMA / NIST, SOX, HIPPA, Safe Harbor, ISO 27001/ 27002/ 2700 x and SSAE-16
- Experienced in the process of obtaining and maintaining an ISO 27001 certification
- Web and proxy countermeasures including strong knowledge of OWASP-10
- Programming languages: SQL, Java, JavaScript, C, C#, C++, Python, PHP
- Scripting: PowerShell, Bash, Python
- Extensive knowledge of LANDesk, Casper and MS SCCM desktop management tools
- L2-L3 Protocols - OSPF, EIGRP, BGP, STP, VLAN, 802.1Q, IPv4, IPv6, ARP, NAT
- L4-L7 Protocols - TCP/IP, UDP, HTTP, HTTPS, SSL, SSH, FTP, DNS, DHCP, NFS, NTP, SMTP, SNMP. Expert knowledge of the OSI model, TCP/IP, UDP
- Troubleshooting IPSEC / VPN tunnels, ingress / egress issues
- IP Address assignments, switch port and VLAN assignments, and VPLS
- Security - IPsec, SSL/TLS, VPN, ISAKMP key management, symmetric and public key cryptography. cryptographic key management, RSA
- WPA2, Kerberos, Radius, NAC, LDAP, MPLS, (RIPV2, OSPF, EIGRP & BGP), IPv4, IPv6, MPLS, HSRP, GLBP, SSL, IPSec,
- Experience working with Cisco Catalyst Series 3750, 4500, 4900, 6500; Nexus 2000, 5000, 6000 and 7000 series switches, Cisco WAAS, Cisco router models: 7200, 3800, 3600, 2800, 2600, 2500, 1800 series
- Strong commitment to outstanding customer service. Able to lead a diverse workforce with ability to quickly understand and explain complex technical concepts.
PROFESSIONAL EXPERIENCE
Confidential, NYC, NY
Network Security Engineer
Responsibilities:
- Management of information systems, network security practices, and other audited regulatory requirements in an ISO 2700x/NIST framework
- Organize and manage annual responses to several external and internal audits, including PCI-DSS, SAS 70 (SSAE16), Gramm-Leach-Bliley, and Sarbanes Oxley
- Development and implementation of information security practices including policies, standards, guidelines and well documented procedures within an established framework
- Development and maintenance ofan information security strategy and network architecture
- Configure, manage, deploy: Palo Alto, Cisco ASA, Checkpoint,next generation firewalls
- Run enterprise security scans: SIEM: IBM-QRadar, Qualys, ArcSight, Tenable - Nessus, Splunk, SolarWinds. Endpoint DLP:Digital Guardian, Symantec, FireEye, Riverbed
- Conduct information security audits and reviews to determine compliance. Analyze data from scans to validate best security practices and submit results to thecompliance team for review
- Creation ofautomated security testing scripts using Python and PowerShell scripting for open port scanning, brute force attacks, botnets, NMAP port scanners and other attack vectors
- Development, testing, maintaining, and managing a forensics & incident response program.
- Perform digital investigations on end user workstations and servers (Microsoft / Linux)
- Act as Analyst for digital investigationsin the frame of security event compliance operations
- Interpret public, commercial, governmental intelligence agencies’ advanced threat warning systems,analyze incidents,risks, vulnerabilities, threats and deploy countermeasures
Confidential, Tempe, AZ
Network Security Engineer
Responsibilities:
- Maintain medical information security systems as per the Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. §1301 et seq.)
- Development and implementation of information security best practices, policies, standards, guidelines and procedures in response to risk, vulnerability, and threat analysis / mitigation
- Vulnerability testing of network infrastructure and web-based applications utilizing manual and automated tools. Advanced vulnerability, risk, and threat analysis
- Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E
- Utilized knowledge of MPLS services, NAT'ing, subnetting, also including DNS, LDAP, DHCP, HTTP, HTML, HTTPS, TCP/IP, UDP, SNMP, RIP, IPSEC, PPTP, VLAN, WISM, STP (Spanning tree Protocol), RTSP & Multicasting protocols
- Configured and implemented proxy related devices including restricting HTTP/ HTML protocol validation from server and client. Utilized Bluecoat and Websense
- Design and implementation of virtual switching system (VSS) for both user segment and server segment using 6509-V-E catalyst switches
- Design, implementation, troubleshooting of Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR
- Installed, configured and managed Cisco routers such as 7200 series, 3800 series, 3700 series, 2800 series and Cisco Catalyst switch series 6500, 4500, 3500, and 2900
- Worked on Layer 2 protocols such as BGP, STP, VTP, STP, RSTP, PVSTP, MST VLAN troubleshooting and configuring switches
- Switching technology and administration including: creating and managing VLANS, port security - 802.1x, Trunking-802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009
- VPN design and operation: IPSec, SSL, L2L & remote access on Cisco/Juniper/F5
- Network authentication services (system and user): RADIUS, LDAP/AD, 802.1x
- Ethernet switch design and configuration: Port management, switch stacking virtual chassis VPC, VLT
Confidential, Houston, TX
Network Security Engineer
Responsibilities:
- Responsible for managing network & security at the Data center.
- Implementation and configuration of Firewalls especially Check Point and Cisco ASA.
- Worked on Policy administration of Cisco and Check Point Firewalls.
- Troubleshot end user connectivity issues through the firewalls and network.
- Made sure the NAT is applied appropriately on the firewall for all the third party and DMZ traffic.
- LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems).
- VLAN’s design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
- Responsible for ASA 8.x Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Troubleshot Layer 2 and Layer 3 issues.
- EIGRP and RIP version 1 & 2 Routing Protocols. Redistributing from OSPF to EIGRP and vice versa.
- Configured static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Transition.
- Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
- Implemented Positive Enforcement Model with the help of Palo Alto Networks.
- Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
- Configuration of Palo Alto Firewall PA-5k and CMS.
- DNS, DHCP services configuration and support.
- Deployed a Syslog server to allow proactive network monitoring.
- Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
- Configured Client VPN technologies including Cisco's VPN client via IPSEC.
- Deleted unused Check Point policies, unused gateway objects, and unused VPN communities to clean up the Check Point firewall environment.
- Configured Firewall logging, DMZs and related security policies and monitoring.
- Switched related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
- Installed and configured System Center Configuration Manager 2007.
- Worked on Site Recovery Manager 5.0 for Disaster recovery.
Confidential, Dallas, TX
Network Engineer
Responsibilities:
- Administration and support of Checkpoint and ASA firewalls for Client at data center.
- Firewall Policy provisioning and work with firewall requests submitted by users through Remedy system.
- Responsible for ASA Firewall support and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Support FWSM Firewall Blade Module on 6513 Switches
- Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco PIX and ASA Firewalls
- Build Site to Site IPsec VPN tunnels between data center and various client locations in US with strong focus on data encryption.
- Configure CSM (Cisco Security Manager) for all Firewall, IDS/IPS management in the network.
- Setup Active/Standby High Availability for stateful failover and replication as well as ZERO DOWN TIME maintenance. Backup and Recovery of Firewall IOS as well as Configurations.
- Configure Cluster XL on Checkpoint security gateway. Verify state/connection table sync between gateways. Configure and support Nokia VRRP Cluster based HA of Checkpoint firewalls.
- Backup and restore of checkpoint Firewall policies as well as security gateway configurations.
- Bluecoat proxy administration for url filtering and client policy provisioning.
- LAN/WAN level 3 support (diagnose and troubleshooting)
- Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MST to avoid loops in the network. Trunking and port channels creation.
- Key functions include Configuring and maintaining services, Access control lists, System Access, Authentication, and Authorization, Key Security tools installed, Auditing and reporting by Log reviews.
- Monitor the firewall security logs for the critical alerts or intrusions and fix the security holes in the network.
- BGP configuration and troubleshooting for ISP failover. Configuring and Troubleshooting OSPF as well as Redistributing OSPF and BGP routes.
- Troubleshooting T1 Lines as well as bonded T1 lines for 3rd party Connections to the data center.
- Deployed Syslog servers to allow proactive network monitoring.
- Implemented VLANS between different departments and connected them using trunk by keeping one vlan under server mode and rest falling under client modes.
- Configured Firewall logging, DMZs and related security policies and monitoring.
- Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.