We provide IT Staff Augmentation Services!

Sr. Network Security Engineer Resume

0/5 (Submit Your Rating)

Ellicottville, NY

SUMMARY

  • Palo Alto Firewall specialist wif good experience wif specialization in network administration and network security.
  • Strong understanding and experience of Firewalls on various platforms including Palo Alto, Cisco ASA and Checkpoint.
  • Extensive noledge and experience of TCP/IP protocol suit wif practical implementation of switching protocols, routing protocols and LAN/WAN services.
  • In - depth noledge of configuring and troubleshooting routing protocols namely, RIP, EIGRP, OSPF and BGP on Cisco routers.
  • Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, STP and RSTP.
  • Experience in configuring Windows Servers (2008 & 2012) and configuring networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
  • Experience in configuring latest VDC and vPC features on Cisco Nexus 7000 NX-OS.
  • Installing configuring and troubleshooting Palo Alto Firewalls.
  • Experience in configuring security policies and next gen features like Application and URL filtering, Threat Prevention, Data Filtering on Palo Alto Firewall.
  • Good experience wif web/content filtering
  • Advanced Knowledge in IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
  • Experience in migration from Cisco ASA to Palo Alto using PAN migration tool.
  • Experience wif risk-management tools like Gemalto and Verafin.

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series

Firewalls: Palo AltoPA-3050, PA-5050, Cisco ASA 5500, Checkpoint

Routing Protocols: BGP, OSPF, EIGRP, VRRP, HSRP, GLBP, and RIP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS

VPN Technologies: Remote access and site-to-site IPSec VPN, IPv6 transition techniques viz. Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Packet Tracer, WireShark, Solar Winds, What’s Up IP, Nagios and Fluke Networks

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

PROFESSIONAL EXPERIENCE

Confidential, Ellicottville, NY

Sr. Network Security Engineer

Responsibilities:

  • Responsible for implementing firewall technologies including general configuration, optimization, security policy, rules creation and modification of mainly Palo Alto Firewalls.
  • Researched, designed, and replaced aging Cisco ASA firewallarchitecture utilizing the PAN Migration tool wif new next generation Palo Alto devices serving as firewalls and URL and application inspection devices.
  • Successfully installed Palo AltoPA-3050, PA-5050 firewalls to secure zones of network.
  • Converted Cisco ASAVPN rules over to the Palo Alto solution.
  • Backup and restore of Palo Alto and Cisco ASA Firewalls policies.
  • Implemented many security policy rules and NAT policy rules on Palo Alto, created Zones, implemented Palo Alto Firewall interface, Palo Alto IDS and VLAN.
  • Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
  • Configured next-gen Palo Alto Firewall features viz. Application and URL filtering, Threat Prevention, Data Filtering
  • Integrated Panorama wif Palo Alto Firewalls, managing multiple devices simultaneously.
  • VPN User access management on Palo Alto Firewalls. Used LDAP for identifying user groups
  • Responsible for configuration and troubleshooting of Site to Site as well as Remote Access VPN on Palo Alto Firewall.
  • Exposure to wild fire advance malware detection using IPS feature of Palo Alto Firewalls.
  • Implemented IPS, DLP and UTM features on the firewall for added security purposes.
  • Configured syslog on Palo Alto Firewalls and moved the logs to Splunk and reviewed it.
  • Designed, Implemented and configured Web authentication, SSL Decryption and URL categorization rules using Blue Coat Proxies and SSLV appliance.
  • Configured content Analysis using Bluecoat CAS appliance and Malware analysis using Blue Coat Malware analysis appliance.
  • Experience in implementing and configuring F5 Big-IP LTM load balancers.
  • Configured HA Active/Standby failover on F5 BIG-IP LTM.
  • Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.

Confidential, Bridgewater, NJ

Network Security Engineer

Responsibilities:

  • Performed System Security checking against emerging OS and subsystem technology automated tools.
  • Extensive implementation of dynamic routing and switching protocols on Cisco routers and switches.
  • Configured Virtual Device Context (VDC) on Cisco Nexus 7000 series switch to logically segment into 4 different virtual switches for easy administration and management.
  • Deployed AWS and Azure public cloud infrastructure.
  • Create redundancy and increase bisectional bandwidth by enabling Layer 2 multipathing using vPC feature on Nexus 7000 series device.
  • Responsible for configuring, administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
  • Configured blocking of IP’s on Checkpoint which are suspicious to network.
  • Created multiple policies and pushed them in to Checkpoint Firewall (Gateways) and the Checkpoint Management Server wif SPLAT operating system.
  • Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices.
  • Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
  • Configured NAT policies viz. Static NAT, Dynamic NAT and Dynamic PAT in Cisco ASA Firewall.
  • Configuration and troubleshooting of Cisco Security Manager (CSM), integrated wif ASAdevices.
  • Implementation of Site-to-Site VPNs and DMVPN over the internet using IKE Phase 1 and IKE Phase 2 based on traffic wif ASA 5500 series Firewalls.
  • Designing and implementing DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewalls.
  • Configured rules and maintained Palo Alto Firewalls & analyzed of firewall logs using various tools.
  • Implemented & administered of Zoning Architecture project (Implementation of various zones like Server, Intra & Internet Zone)
  • Configured SSL Decryption and URL blocking on Palo Alto Firewall.
  • Coordinated wif network operations center for change notifications, alerts & escalation of security incidents.
  • Experience in Cisco Routing, Switching and Security wif strong Cisco hardware/software.
  • Proficient wifnetworkhardware and technologies including routers, switches, firewalls, Ethernet, Fast Ethernet, Gigabit Ethernet.
  • Configured Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
  • Configured Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches.
  • Supervised installation and configuration of Cisco 3550 Layer3 Switch.
  • Upgraded IOS on existing Cisco router from 11.x to 12.1.
  • Implemented, configured BGP WAN routing, converting local OSPF routes to BGP.
  • Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
  • Configure Multicasting Protocols like IGMP and CGMP.
  • Configured VLANs by segregating different departments in the organization and setup inter-VLAN routing.
  • Worked on FTP, HTTP, DNS, servers in window windows server-client environment wif resource allocation to desired virtual LANs of network.

Confidential

Network Engineer

Responsibilities:

  • Configured user authentication rules/policies to permit or deny user traffics on role-based access.
  • Monitored network using network management and support tools like Solar Winds, Netscout, Cisco Works, SNMP Management and Wireshark.
  • Monitored bandwidth and network activity by analyzing information provided by MRTG to ensure both efficient and effective network operation.
  • Performed advanced troubleshooting using Packet Tracer and TCP dump on firewalls.
  • Reviewed firewall rule conflicts, unused rules and misconfigurations and clean up.
  • Assisted in firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
  • Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route Maps.
  • Working noledge of leveraging F5 devices for web acceleration and caching,
  • Document network problems and changes working in diverse management environments.
  • Assisted in setting up of LAN and Wi-Fi Access points around the organization
  • Installed Windows Server (2008 & 2012) and configured networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
  • Acquired skills to configure maintain and troubleshoot network services.
  • Hands-on experience in configuring routing protocols viz. RIP, EIGRP and OSPF on Cisco 2700 series routers.
  • Configuration & Management of VLANs, 802.1q trunks, VTP, Security policies on Cisco 3200 series switches.
  • Full Command on Cisco IOS Commands and Administration of Cisco IOS 11.x and 12.1 versions
  • Designed VLAN's and set up both L2 and L3 logical to have it communicate to the Enterprisenetwork.
  • Utilized packet sniffing tools like Wireshark, TCP Dump and Capsa to monitor and troubleshoot access issues.
  • Implemented and configured SecuRemote VPN Server for high speed remote access.
  • Setting up of company’s broadband services for implementing high speed connectivity.
  • Utilized Firewall log from Palo Alto Firewall to manage and troubleshoot network security issues.
  • Assisted in upgradation of older 100mbps hubs to HP managed switches in the company
  • Daily assessment of and preparation of report based on network functionality and handled issues.
  • Encouraged network redundancy for backup of network devices in case of disaster recovery.
  • Active participation in handling client issues and maintaining quality of service provided.
  • Spearheaded meetings & discussions wif team members regardingnetworkoptimization and performance issues.

We'd love your feedback!