Network Security Engineer- Tier 2 Resume
Moorestown, NJ
SUMMARY
- CCNP certified +6 years of professional experience in Network Designing, Deployment, Configuring, Troubleshooting and Testing of networking system
- Experience in Internetworking with devices such as routers, firewalls and switches
- Skilled & technically proficient with multiple firewall solutions,networksecurity, and information securitypractice
- Expertise in Routing - Layer 3, Switching - Layer 2 and dealing withSip,VoIP
- Working with Cisco for opening TAC Case and resolving issues to meet project deadlines.
- Experience with designing, deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP
- Trained on Oracle FusionMDM, Tibco CIM (MDM)Extensive experience in Implementing and administering Cisco and HP Technologies
- Configuring the setup withF5virtualload balancerfor customer application.
- Experience in Cisco ISE’s, SNMP tools (HP - Intelligent management center, Solar winds, Wireshark)
- TroubleshootFortinetFirewall, issues, edit policies and create rules.
- Configured and maintained a variety of hardware from multiple vendors including Brocade ICX series switches,MLXseries Routers, as well as IBM G series switches
- Excellent working knowledge of TCP/IP protocol suite and OSI layers
- Good knowledge and experience in Installation, Configuration and Administration of Windows Servers 2000/2003, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under various LAN and WAN environments
- Worked on Load Balancer F5LTM,GTMseries like 6400, 6800, 8800 for the corporate applications and their availability
- Experienced in DELL, HP servers hardware,EMCSAN, NAS, software, UPS and backup
- Design and Install UCP Select for VMWare withCiscoUCSandCiscoUnified Fabric Switching.
- Experience in layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports
- Used Global scale software to help provideManagedFileTransferplatform between the various clients and users.
- Implemented security policies using ACL, Firewall,IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
- Alternate lab configurations include: multi-area OSPF, RIPv2, PPP and HDLC WAN configurations, and various ACL configurations all using bothIPv4andIPv6address schemes.
TECHNICAL SKILLS
Cisco & other vendor equipment’s: Nexus 7K, 5K, 2K & 1K, Cisco routers (7200, 3800, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series). PIX Firewall (506/515/525/535 ), ASA Firewall (5505/5510), Cisco ACE Load Balancers
Routing Protocols: RIP, IGRP, EIGRP, OSPF, IS-IS, BGP, HSRP, VRRP & GLBP
Infrastructure services: DHCP, DNS, SMTP, FTP, TFTP
LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet and 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q
WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPPDS1, DS3, OC3, T1 /T3 & SONET
Network Security: NAT/PAT, Ingress & Egress Firewall Design, VPN ConfigurationDynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)
Network Management: SNMP, Cisco Works, Wire shark
Platform: Cisco IOS-XR, Cisco Cat OS, Cisco IOS (11.x, 12.x), PIX IOS (6.x, 7.x), CAT-OS UNIX, LINUX
Windows: XP, NT, 2000, 2003
Programming: C, C++, HTML
Documentation: MS Office, MS Visio
PROFESSIONAL EXPERIENCE
Confidential - Moorestown, NJ
Network Security Engineer- Tier 2
Responsibilities:
- Hands on experience with JIRA and Service Catalog ticketing tool to implement the tasks, changes and incidents.
- Experience in installing, configuring and troubleshooting of Check Point firewall, Cisco routers, Juniper routers.
- Configured NAT rules on checkpoint firewall.
- Worked on various security tools like Aruba Activate, Aruba Activate, Bluecoat, Websense, Source fire, EM7, CADA authentication etc.
- Worked on a tool named EM7 which monitors all the security devices and generates an alert in case of any issue. Have worked on those alerts which requires immediate action to be taken.
- Worked on Aruba Activate and Aruba Airwave for whitelisting and blacklisting the Aruba devices for the users.
- Worked on Bluecoat, for any URL that needs to be sent for further categorization in order to allow or block the URL.
- Proven record of implementing test labs that comprises firewall appliances such asFortinet
- Worked on Triton Websense for blocking the malicious URL.
- Worked on Checkpoint firewall for creating various firewall rules and NAT rules.
- Worked on JSSL for creation of new SSL VPN connection for a vendor/employee. Also saving the logs on regular interval and clearing those logs on JSSL. Configuring role mapping, configuring ACL, configuring VPN tunnel to allow the connectivity.
- Troubleshoot the JIRA incident issues related to some firewall rule or ACL issue.
- Implemented ACL on Cisco, Arista and Juniper routers according to the change request.
- Worked on Fortinet firewall for implementing rules according to requirements.
- Prepared weekly report for Websense, Fire eye and Source fire. Report shows comparison of increase and decrease of malwares or various malicious files for current week and past week to analyze it further.
Confidential, Naperville, IL
Network Engineer/Administrator
Responsibilities:
- Experience working with ASR 9000 series switches with IOS-XR
- Experience working with design and deployment of MPLS Layer 3 VPN cloud, involving VRF, Route Distinguisher(RD), Route Target(RT), Label Distribution Protocol (LDP) & MP-BGP, SIP
- Experience with design and configure Fiber Channel over Ethernet(FCoE) on Cisco Nexus 5548 devices and Bluecoat Proxy.
- Experience working with migration from 6500 series devices to 4500 Series switches in Campus deployments at Core, Distribution and Access Layers.
- Migration with both Checkpoint and Cisco ASA VPN (Checkpoint R75.30 to Gaia R77.30 GA version
- TCP Packet Analysis Using Wireshark and JPerf: Used the Wireshark packet-analyzer to capture and analyze the packets generated and transmitted using JPerf between two terminals that act as client and server
- Obtained experience working in an enterprise DNS/DHCPenvironment.
- Reserve IP addresses inDHCP
- Troubleshoot issues related to theManagedFileTransferinfrastructure.
- Migration of Data Encrypted and Secure TunnelFileTransmissions interfaces from old Data Center servers to the new Data CenterManagedFileTransferSecure Transport Enterprise servers.
- Experience withF5(BIG IP)loadbalancers- APM, LTM, GTM series like 6400, 6800, 5000 and 2000 for the corporate applications and their availability.
- Worked with uploading SSL certificates onF5loadbalancer.
- Testingthe devices, bugverification, writing defects
- Installation and troubleshooting of company's WIFI network with added security and Cisco VOIP
- TroubleshotSIPand TDM connections including, but not limited to one-way audio, DTMF issues, IVR issues
- Rolled out newFortinetfirewall to upgrade or migrate obsolete firewall.
- ConfiguredFortinetfirewall for site-to-site IPSec VPN and SSL VPN.
- Configured Cisco and Grand streamVoIPphones for use with Free PBX using SIPtrunks
- Worked on building VMs forSolarwindsApplication to monitor all the systems connected on the network.
- Implemented network monitoring software (SolarwindsOrion) for SNMP monitoring of network devices and servers.
- Upgrade of Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20
- Configuration and Maintenance of Check Point R65, R75.40 Gaia Firewalls.
- Worked with Remote Assistance through Windows Remote desktop and NetMeeting Remote Assistance using Wi-Fi Security, Windows XP, MS Office 2007, Windows 2003 Active Directory, WindowsSharePointServices, Exchange 2003, Congo's BI-8 and LAN/WAN
- Support regulatory matters forMSSand meet with regulators when needed
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 with ACL, NAT, Object Groups, Failover, Multi-Contexts
- Wrotepythonscripts to parse XML documents and load the data in database
- Hands on experience in data processing automation usingpython.
- Experience with migrating from Cisco ASA 8.2 version to Cisco ASA 8.4 Version
- Responsible for Cisco ASA firewall administration across our global networks
- Migration of existing IPSEC VPN tunnels from one Data Center to another Data Center, due to decom of existing Data Center, which involved working with Partner Companies.
- Experience with converting WAN routing from EIGRP/OSPF to BGP (OSPF is used for local routing only) which also involved converting from Point to point circuits to MPLS circuits.
- Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN
- Configured Nexus 7010 including NX-OS virtual port channels, Nexus port profile, Nexus Version 4.2 and 5.0
- Designed and Implemented Cisco UCS pods inNexus7000and Cisco 6500 Platform.
- Developed design, configuration and managed data center integration solutions based on Cisco Nexus7K and 5K
- Provide front end on-call network support 24x7x365 for all network infrastructures in the co-operation
Environment: Checkpoint R75.30, Nexus 7K and 5K, Cisco ASA 5505, Cisco routers, Cisco ASA 8.2, MS Word, Excel, My SQL.
Confidential, Minnetonka, MN
Network Engineer/Administrator
Responsibilities:
- Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
- Experience converting Cat OS to Cisco IOS on the Cisco 6500 switches
- Designed MPLS VPN and QoS for the architecture using Cisco multi-layer switches.
- Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data center environment.
- Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
- Datacenter upgrade project utilizing CiscoNexusdatacenter switches (Nexus7000, 5000
- Configured SQL 2012 Server forSolarwindsDatabase Server and created the required database instances variousSolarwindsModules
- UsedPythonscripts to update content in the database and manipulate files.
- Experience in deploying EIGRP/BGP redistribution and the changing the metrics for the primary and backup Paths for the packet prioritization and EIGRP tuning.
- Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
- Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
- Experience configuring Virtual Device Context inNexus7000 series switch.
- Experience with connectivity of Cisco Networking Equipment withF5LoadBalancer
- Switching related tasks included implementing VLANS, VTP, STP and configuring on Fast Ethernet
- Monitored all Cisco equipment’s using Cisco Works
- Installed and configured the Cisco routers 2800 in two different customer locations. It includes coordinating with Verizon and AT&T in order to bring the serial interface up for T3 link. Also, configuration includes frame relay, BGP and VPN tunnel on GRE
- VLAN Configurations, troubleshooting and Firewall ACLs and Object-Groups configuration
- Configured IPsec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800
Environment: Cisco 6500 switches, Nexus 7K and 5K Routing Protocols, Cisco ASA Firewalls, Cisco routers, MS Word, Excel, My SQL.
Confidential, Wilmington, DE
Network Analyst
Responsibilities:
- Involved in Managing IBM Network in US and Canada, and also providing Network Support.
- Handling the Incident/Change management related issues and work towards a resolution.
- Responsible for providing real time network resolution to the customers in case of critical network failure.
- Responsible for implementation of network analysis and monitoring tools.
- Responsible for running production on a Nexus5000 horizontal milling machine.
- Implemented CiscoUCSwhich includes Lync server and rack server management
- Involved in Monitoring, managing & troubleshooting the IBM Network devices.
- Involved in Maintaining Entire IBM US/Canada network.
- Responsible for Coordinating with WAN team.
- Cisco Secure Access Control Server (ACS) for Windows to authenticate users that connects to a VPN 3000 Concentrator.
- Scripting experience with Pearl.
- Configuring, Installing and troubleshooting on Check Point Devices.
- Good knowledge on Intrusion Detection and Intrusion Prevention System.
- Knowledge on multiplex techniques such as DWDM.
- Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Netscreen firewalls.
- Configured networks using routing protocols such as RIP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
- Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
- Worked on FTP, HTTP, DNS, DHCP servers in windows server 2008-client environment with resource allocation to desired Virtual LANs of network.
Environment: Juniper Netscreen firewalls, ASA/PIX, Checkpoint, VPN 3000 Concentrator
Confidential
Network Support Engineer
Responsibilities:
- Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series
- Involved in troubleshooting of DNS, DHCP and other IP conflict problems
- Implementation of name resolution using WINS & DNS in TCP/IP environment
- Used various scanning and sniffing tools like Wire-shark
- Configured network access servers and routers for AAA Security (RADIUS/ TACACS+)
- Other responsibilities included documentation and change control
- Worked on Cisco routers 7200, 3800, 2800 and Cisco switches 4900, 2900
- Key contributions include troubleshooting of complex LAN/WAN infrastructure that include
- Configured Firewall logging, DMZs & related security policies & monitoring
- Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
Environment: Cisco routers and Switches, Cisco ASA 8.2, MS Word, Excel, My SQL