We provide IT Staff Augmentation Services!

Principal Network Security Engineer Resume

Plano, TX

SUMMARY

  • Certified Principal Security Engineer with ITILV4, CEH, Cisco, Palo Alto, and Check Point firewalls certifications with around 12+ year’s professional experience in Network Designing, Deployment, Configuring, Troubleshooting and Testing of Networking System.
  • Confidential has diversified IT experience as an Information Security leader and architect and an InfoSec specialist experienced in Identity, Credential and Access Management (ICAM), Single Sign On (SSO), Federation Services (FS), Role Based Access Control (RBAC), Multifactor Authentication (MFA), Privileged Account Management (PAM) and various Data security controls, operations and procedures.
  • Expertise in configuration of Cisco Catalyst Switches of 1900/2900/3550/3750/6500 , Cisco Routers of 2600/2800/3600/3800/7200/7600 , Load Balancers ACE, A10 and F5 NAC wired and wireless.
  • Experience in Checkpoint firewall administration and troubleshooting.
  • Advanced knowledge in design, installation and configuration of Juniper Net Screen Firewall ISG 1000/2000, SSG series and NSM Administration.
  • Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration Policy development and planning/programming on Data Security, Network Support and Administration.
  • Juniper, Checkpoint Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration.
  • Worked with Cisco for opening TAC Case and resolving issues to meet project deadlines.
  • Strong hands - on experience on PIX, Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ &RADIUS).
  • Maintain, deploy, upgrade, design, and troubleshoot UCLA's EnterpriseData Security (Cisco ISE v2.2), LAN, NAC, WAN and AWSCloudnetworkdeployments.
  • Maintain, deploy, upgrade, design, and troubleshoot AWS Cloud.
  • SupportingAWSServices (EC2,network, ELB, S3/EBS, Lambda, API Gateway, IAM, SMAL, Cloud Formation, SNS, SQS, Dynamo DB, and other coreAWS technologies.)
  • Experiencewith Automation and Orchestration tools inAWSenvironment by using Ansible automation tools for Data Security.
  • Migrated ASA CLI code to Firepower using Cisco's 1st and 2nd generation migration tools.
  • Installed FPS on ASA Firepower Module for hybrid deployment (ASA with CLI and FPS).
  • Installed FPS on ASA devices and FPR devices.
  • Familiar with Cisco FMC SMART and classic licensing to manage FTD or hybrid installs.
  • Installed AnyConnect with some advanced features such as machine authentication, ISE integration, and always-on VPN and NAC.
  • Educating and nurturing others in the team environment.
  • Experienced in deploying, managing and monitoring systems that run on Linux.
  • Excellent written and oral communications. Ability to create diagrams and charts using Visio
  • Understanding of Cisco VPN, wireless, Force Point DLP and Shibboleth, Duo
  • Expert level knowledge ofData Securitysystems such as SEIM, IDS/IPS, Firewalls, Evident and related networkSecuritytools.

TECHNICAL SKILLS

Network Hardware: Cisco Routers of (1900, 2800, 2900,3600,3800,7200 and 7600). Cisco L2&L3 switches (3560, 3750, 4500, 4900 & 6500, NX 5000 & NX7000). Juniper M/E/ACX Series, SRX, IDP and STRM/JSA

Firewalls: PIX Firewall (506/515/525/535 ), ASA (5540) Sonicwall Firewalls, Palo Alto Firewalls, Fortinet Fortigate, Checkpoint Fw1/NGX/Provider-1.

Load balancers: Cisco CSM, F5 Networks (Big-IP) LTM, GTM, ASM, and APM, A10 Load balancers. Cisco ISE (NAC), Log Rhythm, SIEM, DLP, CASB, PKI (Private Key Infrastructure).

Routing: Static Routes, RIP, EIGRP, OSPF & BGP, IBGP/EBGP, BGP Attributes/Communities.

Switching: VLAN’s, Dot IQ, VTP, STP, RSTP, VLAN Maps, HSRP, VRRP, GLBP, CEF, DCEF and Port Security.

Protocols: IPv4, IPv6, TCP, UDP, ICMP, DNS, DHCP, SNMP, SYSLOG.

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet & 10 Gigabit Ethernet, Port-channel.

Wireless: Cisco WLAN 5500 series, Aruba WAP, Sonicpoints.

WAN Technologies: Frame Relay, PPP, HDLC, T1/T3.

Network Security: NAT/PAT, Ingress & Egress, Firewall Design, VPN Configuration, Dynamic, Reflexive ACL and authentication AAA (TACACS+ & RADIUS), NAC Wired&Wireless.

Voice over IP: H.323, MGCP, SIP, SCCP.

Network Management and Virtualization: Solar Winds, Wire shark, GNS3, EVE-NG, CML, vMX, Cisco Packet Tracer.

Automation: Python, Shell, Pearl, Ansible.

PROFESSIONAL EXPERIENCE

Confidential, Plano, TX

Principal Network Security Engineer

Responsibilities:

  • Configure, Manage and Monitor Palo Alto firewall models (Specifically the PA-5050 and the PA-5260).
  • Performed migrations from Check Point firewalls to Palo Alto using the PAN Migration Tool MT3.3.
  • Implement advanced Palo Alto Firewall features like URL filtering, User-ID, App-ID, Content-ID on both inbound and outbound traffic.
  • Deployed Palo Alto firewalls using Confidential NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV.
  • Enable file forwarding to Wildfire cloud through Content-ID implementation to identify new threats.
  • Leveraged Palo Alto Networks’ Wildfire inspection engine to prevent Zero-Day attacks.
  • Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance.
  • Implement the Global Protect VPN, IPSec VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity.
  • Deployed Active/Standby modes of High Availability (HA) with Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on the application of Active/Active HA mode.
  • Enforce policy checks on north-south and east-west data center traffic through Panorama M-500. Provided escalated technical support in troubleshooting firewall and network issues.
  • Hands-on experience with Bluecoat Proxy Secure Web Gateways for content filtering, Data loss prevention and prevent Zero-Day exploits.
  • Implement security measures to resolve data loss vulnerabilities, mitigate risk and recommend security changes or system components as needed.
  • Demonstrated competency using security controls to disrupt the attack kill chain.
  • Configured AAA Server (RADIUS and TACACS+) for authentication and authorization of all remote VPN users.
  • Configured Firewall-security context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on Cisco Firewalls.
  • Migrated from Cisco ASA to Palo Alto firewalls.
  • Enabled the User-ID feature while creating policies based on users and groups rather than individual IP addresses.
  • Configured windows USER-ID agent to collect host information using Palo Alto Global Protect.
  • Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility and control over traffic.
  • Created custom URL-filtering profiles and attached them to Security policy rules that allow web access.
  • Configured Global Protect gateway to provide VPN connections for Global Protect agents.
  • Configured Log Forwarding to forward logs from the firewall to Panorama and then configured Panorama to send logs to the servers.
  • Migrate Physical Servers to Virtual Server using VMware Converter (P2V Converter).
  • Creation of Virtual Switches, Ports and Port groups and setting up Layer 2 Data Security Policies for Virtual Networks.
  • Created virtual systems (firewalls) in the Palo Alto Environment.
  • Implementation configuration and troubleshooting of Checkpoint firewall R77.
  • Configuring VPN, clustering and ISP redundancy in Checkpoint firewall.
  • Built and support VRRP / Cluster based HA of Checkpoint firewalls.
  • Migration from Cisco firewalls to Palo Alto firewalls platforms PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls.
  • Python or Ansible network automation scripting experience.
  • Lead IAM Operations and Engineering team and initiatives from analysis phase to actual implementation phase during different release cycles
  • Mentor and lead professional development of multiple team members across US and India to improve their ability to support the “Keep the Light On” functionality. Helped strategize, define and build the complete Command Center processes for escalated issues and concerns in the organization related to various different work streams and not just limited to IAM and Security.
  • Splunk, Arcsight, Symantec SIM, Forescout, DB networks, Nessus, Qualys, Arbor Peak and HPE UBA.
  • Troubleshoot firewall issues through command-line using CLI commands and GUI interface using smart console.
  • Configure checkpoint firewall to authenticate users based on user identity, user group, User session etc.
  • Expert level knowledge of security systems such as SEIM, IDS/IPS, Firewalls, Evident and related network security tools.

Environment: CISCO routers and switches, Checkpoint, Palo alto, F5 Load Balancers, LTM, GTM, ASM, APM, Cisco, VPN, STP, VLANS, VTP, Ether channel, Port channel, Access Points, Switch Stacking, Wire Shark, SolarWinds, VPC, VDC, VRF, VISIO.

Confidential, Detroit, MI

Senior Network Security Engineer

Responsibilities:

  • Provided leadership and oversight of Operations Security via daily management of Data security monitoring, vulnerability assessment, datacenter security solutions and information assurance.
  • Worked with a variety of internal and external vendors to ensure the effective detection, response, mitigation, and reporting of cyber threats affecting networks, systems, mobile devices, and critical data.
  • The scope of services includes system auditing, event monitoring, end point security, boundary controls, authorization, and compliance reporting solutions.
  • In this position my responsibilities include but were not limited to providing oversight of services to include 24x7 monitoring, incident response, enterprise defense technologies, and vulnerability assessments and ensure the quality of delivery.
  • Maintained operational efficiency of client DLP programs.
  • Reviewed business requirements and conducted task analysis.
  • Implemented business procedures and DLP security programs.
  • Suggested expansions for DLP programs as per business requirements.
  • Formulated system policies by conversion of business information.
  • Documented requirements specifications and user manuals.
  • Assisted in interfacing with business units and teams.
  • Generated customized reports and installed customer equipment’s.
  • Remediation of firewall rules from checkpoint firewalls to Fortinet firewalls and their implementation.
  • Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering.
  • Log forwarding agent installation and configuration - nxlog agent, Splunk universal forwarder, snarewin etc.
  • Install and Configure alert manager, Splunk add-on s and Splunk apps.
  • Amazon Web Services engineer with excellent experience in Cloud computing, Infrastructure Solutions and services, Data center virtualization and Database Services. Deep technical experience with architecture, design and hands-on diverse technology platforms including different Cloud Platforms (AWS/Azure), Virtualization, Database Technology.
  • Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
  • Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
  • Configuring rules and Maintaining Checkpoint, Palo Alto, Fortinet Firewalls& Analysis of firewall logs using various tools.
  • Configuring rules and Maintaining Fortinet Firewalls & Analysis of firewall logs using Forti-analyser.
  • Creating and Managing Virtual Machines and Templates.
  • Migrate Physical Servers to Virtual Server using VMware Converter (P2V Converter).
  • Creation of Virtual Switches, Ports and Port groups and setting up Layer 2 Data Security Policies for Virtual Networks.
  • Created virtual systems (firewalls) in the Palo Alto Environment.
  • Implementation configuration and troubleshooting of Checkpoint firewall R77.
  • Configuring VPN, clustering and ISP redundancy in Checkpoint firewall.
  • Built and support VRRP / Cluster based HA of Checkpoint firewalls.
  • Migration from Cisco firewalls to Palo Alto firewalls platforms PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls.
  • Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls.
  • Developed test scripts using Python and assorted proprietary software tools.
  • Creating automated scripts using Python language and manual testing to enhance hardware performance.
  • Extensive experience with Ansible and/or Python automating networking devices.
  • Work daily in an IDE of your choice to be implementing solutions using a variety of tools and technology such as Ansible, Python, and Terraform.
  • Strong knowledge and understanding with IPsec, Remote Access VPN, and Source Fire intrusion prevention systems.
  • Fully versed in the syntax of security platforms, and day to day rule verification.
  • Experience in evaluating existing policies and optimizing the rules based on current corporate requirements.
  • Knowledge on usage of Queries in Smart View Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.
  • Responsible to evaluate the need for upgrades, new installations, and license modifications using Smart Update.
  • Have good understanding on configuring NAT for Web and Gateway servers.
  • Handled deployment and management of Checkpoint GAIA, R75, R71, and R65.

Environment: CISCO routers and switches, Checkpoint, Palo alto, Cisco, VPN, STP, VLANS, VTP, Ether channel, Port channel, Access Points, Switch Stacking, Wire Shark, SolarWinds, VPC, VDC, VRF, VISIO.

Confidential, Austin, TX

Perimeter Network Security Specialist

Responsibilities:

  • Installation, configuration and maintenance of Palo Alto Firewalls, Cisco ASA firewalls.
  • Deployed and managed Varonis specifically Data Governance, Data Advantage and Data Alert modules in complex environments.
  • Demonstrate the features and benefits of Varonis software to the staff and documented the operations.
  • Act as a subject matter expert for all Confidential products throughout the sales lifecycle
  • Lead and execute product demonstrations, proof of concepts, and other pre-sales activities with a focus on improving the sales pipeline
  • Enable partners to properly demonstrate and sell Confidential products
  • Provide company and product presentations for customers and groups of all sizes
  • Interface and build relationships with Marketing, Product Management and Engineering teams
  • Passionate about providing a high-quality customer experience
  • Serving as a Cloud Access Security Broker (CASB) Security Specialist with a primary focus on Confidential CASB/Skyfence.
  • Identifying current and future customer needs by establishing a personal rapport with potential and current customers to better understand and fulfill their cyber security/CASB needs.
  • Interacting with Chief Information Security Officers (CISOs), security engineers, operation managers and other key decision makers.
  • Providing technical information regarding cyber security solutions via sales calls as well as in-depth technical demonstrations. Configuring Proof of Concepts (POCs) to demonstrate product value, demonstrate use cases and achieve technical wins. Assist in both pre-sale and initial post-sale deployments.
  • Collaborating with product marketing teams, channel sales representatives and regional sales managers with product roadmaps, business development opportunities and interactive live product demonstrations at security conferences and via live webinars hosted remotely.
  • Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
  • Work with customers on Networking including DNS, Proxy, ACL, Policy and troubleshooting
  • Support the data security management program across Adobe through realization of Adobe’s Data Management Policies and Standards
  • Work with creating technical instructions for support of Enterprise (IDAM, CASB, Networking and Authorization)

Confidential, Dallas, Texas

Senior Network Security Specialist

Responsibilities:

  • Responsible for Installation, configuration and maintenance of Cisco 7200, 3900, 2800, 2600, 2500 and 1800 series Router / Cisco Catalyst Cisco 6500 (sup 720), 4500 (SUP 6), 3750, 2950 series Switches.
  • Designed and implemented Cisco Nexus data center platform and worked closely with Cisco advance services and built Communication access zone for contact center services, management access zone for network management and monitoring tools, private wan access zone for remote site and elastic computing access zone.
  • Exposure to Nexus, Hardware Architecture of the Sups, chassis, I/O Modules, Fabrics, Licensing, VDC, VPC, ISSU, Using NXOS CLI
  • Configuration and maintenance of OSPF protocol which was the enterprise IGP. Configuration included deploying of new branch locations or new network devices in the existing infrastructure. Creating Stub Areas & configuring Summarization for effective Routing.
  • Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists etc.
  • Configured and Maintained BGP features such as load balancing, Route Reflectors, BGP metrics such as maintaining the Enterprise IP Addressing scheme with allocation of new Pools for user subnets, and updating the port on the switches MED, AS Path, Local Preference, Communities.
  • Performed administration on Palo Alto NGFW, creating policies, rules, users, VPN connections etc.
  • Managed VPN migration from Nortel i100 to Palo Alto NGFW VPN devices.
  • Traffic monitoring and managing using Palo Alto Panorama.
  • Updated Palo Alto NGFW PAN-OS, Threat databases, AV databases and filters as required.

Hire Now