We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

5.00/5 (Submit Your Rating)

Jersey City, NJ

SUMMARY

  • CCNA, CCNP & Palo Alto Certified Professional with 7.7 years of experience in routing, switching, firewall technologies, implementation, troubleshooting of complex network systems, enterprise network security, data network, capacity management and network growth.
  • Superior Knowledge of TCP/IP, firewalls, routers, IDS and IPS s systems.
  • Strong Knowledge of Network protocols and technologies.
  • IPv4 and IPv6 addressing, subnetting, super netting, Static routing, ARP, HSRP, VRRP, Route Filtering, Multicast, Policy Based Routing, Redistribution, P ort forwarding.
  • Layer 2 and Layer 3 switch platforms including Catalyst series 2960, 3560,3750,3760,3850, 4500.
  • Ethernet technologies, LAN n networks, VLAN and VTP, STP, PVST+, Multicast, RSTP, 802.1Q, Ether Channel, LACP, HDLC. FTP, TFTP, HTTP.
  • Experience in implementing Cisco routers including 4000, 3 800, 2800, 2900, ASR 9000.
  • Routing protocols RIP, EIGRP, OSPF, BGP, and Redistribution.
  • Scanning the network and provide the scan reports to operational teams.
  • Well experienced in configuring First Hop redundancy protocols like HSRP, GLBP, and VRRP.
  • Excellent communication skills, enthusiastic, motivated and a team player.
  • Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP - BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS, switching (VLANS, VTP Domains, S TP, and trucking).
  • Worked on FortiGate, Cisco ASA/Meraki, SonicWALL and Check Point firewalls.
  • Experience in Checkpoint IP Appliances R65, R70, R75, R77 & Cisco ASA Firewalls.
  • Experience with Spine Leaf Architecture VXLAN and EVPN Configuration and operational experience with Cisco ACI.
  • Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.
  • Provide L3 support for checkpoint and Palo Alto firewalls.
  • Involved in the integration of F5 Big-IP load balancers with Checkpoint firewalls for firewall load balancing and was responsible was troubleshooting and maintenance.
  • Proficient in Cisco/Meraki wireless technologies.
  • Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users.
  • Excellent working knowledge, skills and expertise with Fortinet and Palo Alto Firewalls.
  • Deployment and Management of Bluecoat proxies in the forward proxy scenario as well as for security inreverse proxy scenario.
  • Proficient in using SolarWinds Network Management tools like Network Performance Monitor (NPM), Netflow Traffic Analyzer, Network Configuration Manager (NCM) and Cisco Prime.
  • Demonstrated Knowledge of SANS 20 controls framework and other security frameworks
  • Strong grasp of TCP/IP and common Internet fundamentals such as DNS, DHCP, NTP, SMTP, HTTP, etc.
  • Firmware upgrade for Meraki MS, Meraki MR, Meraki MV, Meraki MX for the better performance.
  • Highly experienced in a domain environment including the server OS 2008-R2, 2012-R2, DHCP, DNS, and Active Directory.
  • Efficient at installing, configuring and maintaining the Local Area Network and Wide Area
  • Strong analytical skills that help in interpreting complexities and finding solutions.
  • Installation, Administration, configuration and troubleshooting of Fortinet and checkpoint Firewalls
  • Sound Understanding of WAN Protocols, including High-level data link control, Point-to-Point, FRAME RELAY.

TECHNICAL SKILLS

Cisco Routers: 3900, 3800, 3700, 7206VXR, 7500, ASR 1K & 9K

Cisco Switches: 6500, 4510, 3750X, 3550, 3650, 3750G, 2960

Routing Protocols: EIGRP, OSPF, BGP, RIPv2

Switching Concepts: VLAN, STP, RSTP, VTP, Ether Channel, Port Fast, IP access Control lists, Uplink Fast and Backbone Fast, HSRP, VRRP

Network Security: NAT/PAT, VPN, Filtering, Cisco ASA Firewalls, Palo Alto Networks Firewalls, Check

Firewalls: IP SEC and SSL VPNs, IPS/IDS, DMZ Setup, Cisco NAC, ACL, IOS Setup and Security Features

Network Topologies: Frame Relay, ISDN, Gigabit Ethernet, OSI and TCP/IP layered architecture

LAN: 10/100/1000 & 10 GBPS Ethernet

WAN: MPLS, Frame Relay, Dialup, VoIP, Cisco Routers and Switches, CSU/DSU

WLAN: IEEE 802.11, PHY and MAC layer functionality, WLAN controller/Aruba/Meru

Operating Systems: Windows and Linux Operating Systems

Sniffers: Solar winds, Wire shark, Nmap

Cloud: AWS

Scripting: Python and Shell scripting

Tools: Tufin, Rank, Firemon, Fluke, MS Visio, Akips, Infoblox

PROFESSIONAL EXPERIENCE

Confidential - Jersey City, NJ

Sr. Network Security Engineer

Responsibilities:

  • Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
  • Implemented SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks and Cisco ASA firewalls.
  • Configured ACLs in Cisco 5550 ASA firewall for internet Access requests for servers, protocol handling, object grouping and NAT.
  • Developed virtual firewall ACL rules and policies in Counteract NAC Appliances for Network Access Controls.
  • Updated Fortinet firewall configurations, programmed switch ports and cameras, and maintained asset information.
  • Responsible for configuring, upgrading and verifying the NX-OS and IOS XR.
  • Designing and implementing Fabric Path on Nexus core switches to avoid blocking ports.
  • Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path and Worked with Cisco IOS, NX-IOS, IOSXR.
  • Configuration and troubleshooting of LAN technologies like VLAN, VTP, inter VLAN Routing, VLAN Trunking, Spanning- Tree Protocols
  • Involved in SD- WAN project for successful evaluation of POC to proceed with production implementation. We primarily focused on implementing SD- WAN technology using Viptela vEdge and Cisco ENCS devices.
  • Worked on Next Gen Firewall features like Application and URL filtering, SSL Forward Proxy, SSL Decryption, Web-filter, SD- WAN in Fortigate firewalls.
  • Worked on Multi-vendor platform with Check Point, Fortinet and Cisco firewalls requesting net flow for security compliance, coding, and pushing firewall rules after approval and troubleshoot incidents.
  • Migrated Cisco ASA and Check Point firewalls to Palo Alto Network Firewalls using the PAN Migration Tool (Expedition) and integrated wildfire to identify zero-day exploits.
  • Performing network monitoring, providing analysis using various tools like WireShark, Solarwinds, Gigamon etc.
  • Using Air Magnet Survey to conduct wireless surveys and fluke tools to troubleshoot wireless issues.
  • Designed and replaced aging Checkpoint Firewall architecture with new next generation Palo Alto appliances serving as Firewalls, URL and application inspection.
  • Implemented Global-Protect VPN for mobile workforce replacing traditional Remote access VPNs.
  • Performing administrative tasks with Palo Alto Networks (Panorama) including Security, NAT policy definitions; application filtering; Regional based rules; URL filtering, Data filtering, file blocking, User based policies, maintained and analyzed firewall logs.
  • Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, VxLAN, Port security, Trunking, STP, Inter-Vlan routing, LAN security
  • Managed successful delivery of massive security response portfolio including Splunk, Cisco WSA, Cisco IPS, Sourcefire FirePower and AMP.
  • Worked on Cisco WSA (Web Security appliance), SMA (Security Management Appliance) and Cisco Cloud Web Security Module for deployment, management and high-end troubleshooting.
  • Responsible for installation and maintaining Cisco ASA firewalls, Riverbed WAN accelerators, Blue Coat proxies, and Linux/Bind DNS servers.
  • Migrated, created, and managed pools and clusters in F5 BigIP GTM 3DNS load balancers across multiple Datacenters.
  • Install and upgrade Blue Coat proxy SG and Proxy AV Datacenter environment with hands on experience on inspection, data loss prevention, content caching and bandwidth management
  • Worked on AWS to Corporate connectivity and AWS EC2, Auto scaling, NAT Gateways
  • Monitor AWS infrastructure for Clients and when needed upgrade and administer resources to virtual machines when needed
  • Provided daily network support for all branches and sits in the organization’s WAN consisting of MPLS, VPN and point-to-point circuits.
  • Managed SOX and PCI compliance for SolarWinds and all new acquisitions.
  • Worked on PCI Compliance, Smart Optimize and removed all the unwanted rules and unused objects.
  • Worked on Service Now request tickets such as troubleshooting, maintenance upgrades, patches and solutions with all round technical support.
  • Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT
  • Worked on physical and virtual networks to provide functionality on additional layers on VMware NSX.
  • Worked on Design implementation of new data center with products ranging from cisco, ASA with Firepower, Dell Switches, Cisco Meraki, and VMware NSX.
  • Build out and manage the Windows/VMware Virtual and Cloud Infrastructures and integrate them with Cisco ACI.
  • Worked on the Global-Site Load balancing (GTM/GSS) and Server Load balancing (LTM/SLB) technologies using F5 BIG IP and Netscaler.
  • Worked with F5 APM sessions and manipulating session using iRule and configuring and maintaining Web tops and Portal Access.
  • Configured and managed F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools and nodes.
  • Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control (NAC) integration with Cisco ISE.
  • Involved in deployment of Cisco ISE and Firepower as well as, created/modified necessary profiles that allowed authorized devices on the network.
  • Used solarwinds to monitor Network devices, upgrade device configurations and also Wireshark to capture packets and analyze the packets.
  • Installation, configuration and troubleshooting of Cisco Meraki wireless Access points.
  • Designed and implemented a secure instant messaging system in Python providing interface state changes on the devices
  • Implementing and configuring Checkpoint VSX for security gateways.
  • Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
  • Worked with Host Master for shared web hosting and managed Web Application firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark.

Confidential, New York, NY

Network Security Engineer/ Firewall Engineer

Responsibilities:

  • Deployed and maintained security/network devices and data centers for Service provider network.
  • Experience with Installing and troubleshooting Data center migration with 24/7 support.
  • Deploying and decommissioning the VLAN core ASR9K, Nexus 9K, 7K, 5K and its downstream devices.
  • Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 9K, 7K, 5K, 2Kseries, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco Catalyst 6500, 4500, 3750, 3500, 2900series switches
  • Configuration and management of Fortinet and Ruckus high density wireless deployments for convention space, expos, and sports arenas.
  • Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of ForeScout CounterAct NAC Appliances in all WAN Consolidation Points, and Data Centers.
  • Experienced with Meraki, Cisco Nexus, and Cisco Catalyst hardware and management.
  • Worked on Cisco ACI, Configured Spine and Leaf Switches, VXLAN, VNI, VTEPS, and Bridge Domains etc. in ACI.
  • Participated in support (down to individual tickets assigned to users) for all ISE related applications (Any Connect, AMP) and services.
  • Used and maintained various network monitoring tools like Solarwinds, Wireshark.
  • Worked with IP Address management (IPAM), DNS, and DHCP by using Infoblox.
  • Created new VLANs under FabricPath mode and extend the VLANs from Core to Access Layer switches.
  • Installed, Configuration and managed Cisco Meraki Switch Series MS LP, MS LP, MS FP and Meraki AP.
  • Demonstrated expert experience with the operation of Aruba network devices and configuration commands.
  • Participated in planning and implementation of Cisco systems and SD- WAN solutions in direct support of targeted objectives.
  • Configured and used the Cisco WSA Web Security Appliance for malware protection and threat detection reporting.
  • Supports the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
  • Implementing the Spanning Tree Concepts High Availability (HSRP VRRP GLBP) in Routers and Switches.
  • Implementation, maintenance and monitoring of IDS/IPS, WAF, antivirus and Syslog Servers.
  • Designed and deployed enterprise PKI server with regional subordinates and deployed same into production network in conjunction with Cisco ISE project.
  • Gained excellent experience with Cisco ISE configuration and troubleshooting, using CIMC and VMware.
  • Check Point and Fortinet firewall Policy Optimization using third party tool Tufin.
  • Primary technology is Identity Service Engine (ISE) and Access Control System (ACS).
  • Troubleshooting DMVPN and Meraki auto-VPN, addressing Wireless issues on Flex Controller 7500.
  • Expert on various AWS Services including Computing, Networking, Databases, Storage and Security.
  • Maintaining the security on multiple AWS Accounts, including setting up the IAM Users, Active Directory Integration, IAM Policies and Cross-Account roles with the various levels of access for different resources.
  • Experience Automating the Infrastructure on AWS using AWS Cloud formation and Lambda.
  • Conducted Air Magnet surveys to validate successful placement and operation of Access Points.
  • Deployed VXLAN on the Nexus 9000 to map the physical VLANs to the Virtual Overlay VLANs.
  • Configuring, upgrading and verifying the NX-OS.
  • Automating Network Provisioning and Configuration Task Using Python Script on Network Devices for Multiple Vendors
  • Creating Network Design in MS-Visio for new servers, application to be placed into multiple Datacenter.
  • Configured firewalls as per requirement. Worked on Fortinet, CISCO ASA, Fortigate and Palo Alto firewalls.
  • Configuration of BGP on both Nexus and Palo Alto, moved SVI (server VLAN) interfaces from ASA core to Palo Alto.
  • Designed security policies on Palo Alto network firewall for controlling what traffic needs to be allowed or blocked based on customer requirements.
  • Experience supporting or testing LANs, VLANs, W LANs, VPNs, NAT devices, &/or DHCP servers.
  • Worked on FortiGate, Cisco ASA/Meraki, SonicWALL and Check Point firewalls.
  • Implementation of various protocols like RIP, OSPF, BGP and STP.
  • Experience in troubleshooting complex datacenter environments. Performing analysis and diagnosis of highly complex networking problems in the Datacenter environment.
  • Worked with team and audit team to maintain PCI compliance for the network.
  • Maintained Cisco FirePower and adjusted filtering rules as need by individual business units.
  • Maintained and update Cisco Firepower Management Center and supported Firepower modules (SFR sensors).
  • Worked on virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.
  • Used SolarWind for monitoring entire customer Networks and gain Visibility into other network appliances.
  • Expert in configuring Cisco Routers and Catalyst Switches, Nexus Switches.
  • Worked extensively with ASR9K ( ), Nexus 7000, 5000, 2000, Cisco 6500 series multilayer switches, Cisco 2960s series switches and Cisco 3 560/3750 switches.
  • Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard
  • Responsible for Checkpoint firewall management and operations across our global networks.
  • Installed, Configuration and managed Cisco Meraki Switch Series MS LP, MS LP, MS FP and Meraki AP.
  • Expertise in networking technologies like LAN, MAN, WAN and peripheral devices.
  • Installed high availability Big IP F5, configured LTM and GTM Services to provide uninterrupted service to customers. Configuring objects such as Load Balancer Server pools for local traffic management on F5 Load Balancers.
  • Developed Engineering Documentations to record F5 environment and change processes LTM/GTM/rules.

Confidential - Plano, TX

Network Engineer

Responsibilities:

  • Configuring Static, I GRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300series Routers and different Firewall Vendors
  • Experience in installing, configuring and troubleshooting of Checkpoint Firewall.
  • Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
  • Dealt with Infoblox traffic control products to simplify DNS load balancing operations
  • Configured VPC, Fabric path and OTV on Data center Nexus 2k, 5k and 7k devices.
  • Upgraded and updated Cisco IOS and SD- WAN device OS.
  • Configured Site to Site IPsec VPN tunnels to peer with different clients and each client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5 500 series firewalls.
  • Performed Wireless Network surveys using Air Magnet software and reviewed existing network infrastructure.
  • Configuration and deploying WSA including proxies, custom URL filtering.
  • Worked on multi-vendor load balancers including F5 Big IP LTM, Cisco ACE and VMware NSX between multiple centers.
  • Configured Site-Site VPN on Palo Alto Firewall on one side and Fortinet on the other side.
  • Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
  • Involved in Cisco IOS XR, NX OS and Junos OS code up gradation on Cisco routers and devices.
  • Optimize and virtualize SD-Wan service providers using via Silver peak, Riverbed, Viptela, Citrix.
  • Configured Layer 2 & Layer 3 interfaces and port channels on Nexus 9508
  • Configured Aruba access points troubleshoot connectivity issues with Aruba access points. Prepared wireless survey reports, reports documenting completed projects and AP placement maps.
  • Automating Day to Day Troubleshooting of Network Related Issues by Using Python Script and Modules Telnet, Netmiko, NAPALM and All Network Related Models.
  • Configuring IPS policies on the checkpoint, cisco firepower management center.
  • Configured and managed cloud-based wireless network.
  • Installed, Configuration and managed Cisco Meraki Switch Series MS LP, MS LP, MS FP and Meraki AP.
  • Design Cisco, Meraki, and Aruba WLAN/Wi-Fi infrastructures.
  • Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
  • Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers and Cisco ASR9K routers
  • Hands on experience in implementation and deploying BIG-IP F5 LTM load balancers for load balancing and network traffic management for business applications.
  • Configuring and troubleshooting on Bluecoat Proxy, Pulse VPN Devices, Firewalls, McAfee Email Gateways, Bluecoat Reporter and Director.
  • Proficient with F5 LTM and Cisco CSM load balancer in-between the servers inside the server farm and DMZ.
  • Implemented site to site VPN in Juniper SRX as per customer Worked on Route-Reflectors to t troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
  • Deployed BIG-IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Net screen devices for easier management and common configurations.
  • Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
  • Extensive use of NSM (Network and Security Manager) and CSM (Cisco Security Manager) for adding or modifying firewall policies for the firewalls in use.
  • Implemented F5 hardware refresh of older 3600 hardware to VI prion.
  • Worked extensively on Cisco ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
  • Preformed IOS upgrades on cisco routers and switches
  • Involve in creating a Fortinet firewall policy, Secure Email Gateway and web application firewall.
  • Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
  • Configured Cisco 2800, 3800 routers and 3750, 4 500, 6500 switches as part of the implementation plan.

Confidential 

Network Engineer

Responsibilities:

  • Worked in configuring F5 Load balancers.
  • Network Monitoring and creating Ticket for Router and switches.
  • Perform duties included but not limited to, routing table configuration, authorization of active directory services, etc.
  • Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
  • Deploying EIGRP/BGP redistribution and the changing the metrics for the primary and backup.
  • Installations, configuration and troubleshooting Cisco Router, Switches, Firewalls, Bluecoat and Wireless Controller.
  • Working with Fortinet Firewall to create policy, HA and monitor malicious traffic.
  • Configured Site-Site VPN on Palo Alto, Checkpoint, Cisco ASA, Juniper SRX and Fortigate.
  • Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
  • Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router
  • Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding.
  • Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
  • Handled Corporate and Review Audits from the perspective of IT Security for Network Devices and Servers under our control.
  • Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).

We'd love your feedback!