SUMMARY

• Network/Systems Engineer with over 7+ years of experience in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.
• Extensive experience as an IT Security Professional in IT Infrastructure, Information Security, Network Security, Enterprise Security, Project management.
• Advanced proficiency in designing, deploying, and maintaining perimeter security devices such as IPS, IDS, Radware, etc.
• Proficiency includes checking server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, troubleshooting, analyzing and resolving security breaches and vulnerability issues.
• Knowledge in planning, design, implementing and troubleshooting complex networks and advanced technologies.
• Advanced knowledge, design, installation, configuration, maintenance and administration of CheckPoint Firewall R55 up to R70 version, SecurePlatform Installation, VPN.
• Advanced knowledge in design, Installation and configuration of IPS/IDS, FireAMP, Lancope and other security devices.
• Advanced knowledge in design, installation and configuration of CheckPoint Provider Environment, Juniper Netscreen Firewall ISG 1000/2000, SSG series and NSM Administration and Palo Alto firewalls.
• Support Firewall Administrator (Cisco ASA and Checkpoint), on - call support for 30 Cisco and 2 Checkpoint firewalls, Cisco routers and level 3 switches.
• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
• One plus years of extensive experience with SourceFire IPS/IDS.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Advanced knowledge in IPS and IDS tools such as Cisco and ISS Site protector.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Experience in Implementing & managing Symantec Data Loss Prevention.
• Deployment of NAC - Network Access Control System. Knowledge in Proxy.
• Possess in depth expertise in analysis, implementation, troubleshooting and documentation.
• Experience in implementing application security solutions and IPS Signature Analysis.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTMs and GTMs.
• Excellent knowledge in providing traffic management solutions using F5 Viprion Systems.
• Technology and Infrastructure consultant for Cisco and Juniper design and implementation projects.
• Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• Excellent problem solver with strong “hands-on” technical knowledge and the ability to work well with diverse teams and individually.
• Proven lead for complex projects delivered on time and within expectations.

TECHNICAL SKILLS:

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGPLACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA

Cisco Platforms: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series) Huawei AR Series Routers

Juniper Platforms: M, J and MX Series Routers

Networking Concepts: Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPsec, VLAN, VPN and Wireless Technology

Firewall: Cisco, Palo Alto, Juniper NetScreen and Juniper SRX, Check Point

Network Tools: IBM ITNM, Splunk, StealthWatch, Solar Winds, SNMP, CiscoWorks, Wireshark

Load Balancers: F5 Networks (Big-IP)

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPSEC, SSL-VPN, SSH

Operating System: Windows 7/XP, Windows Server 2012/2008, Linux, Unix

PROFESSIONAL EXPERIENCE:

Confidential, Austin, TX

Senior Network Security Engineer

Responsibilities:

• Design and deploy multi-sensor Sourcefire Intrusion Prevention System covering public shared web hosting, corporate web storefront, three remote data centers, and public E-Commerce environments directly leading to a reduction in attack volume to near zero percentage within the first 4 months of implementation.
• Configure, deploy, and manage Radware DefensePro DDoS systems.
• Responsible for all routing, switching, VPN, network security, and server load balancing.
• Provide security oversight and best-practices advice for ongoing operations within other organizations.
• Installing and tuning of perimeter devices such as Radware, Terminal servers, Xstream40’s, and Copper/Fiber TAP’s.
• Have created lot of site to site IPSEC VPN tunnel with Checkpoint, Juniper Netscreen firewalls and Cisco ASA firewalls.
• Work tasks also include operating and analyzing results from enterprise detection systems such as Orion, Radius/TACACS for user authentication, and several others.
• Utilize network analysis tools such as tcpDump, WireShark, QRadar, and ArcSight SIEM
• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Configuration of ACLs in Cisco 5540 series ASA firewall for Internet Access requests for servers in LAN and DMZ and also for special user requests as authorized by management.
• Upgrading Sourcefire IPS sensors and management appliances from V5.2 to V5.4.1.
• Security policy review and configuration in Palo Alto and Juniper SRX Firewall in US offices and Datacenter.
• Analyze and review security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Radware, and other security threat data sources.
• Security monitoring process with the help of Log management tools (i.e. Splunk) and Security Information Event Management (SIEM) tools.
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Provide status reports on security matters to develop security risk analysis scenarios and response procedures.
• Create and maintain detailed network diagrams on the infrastructure of the company using Visio.
• Identifying reported incident, analyze impact to Network Operations, and develop action plan to mitigate incident
• Design, engineer and implement security infrastructure.
• Creating changes adhere to the change management processes, using service-now tool.

Confidential, LA, CA

Network Security Engineer

Responsibilities:

• Security infrastructure engineering experience as well as a Microsoft Windows, UNIX, Checkpoint Firewalls, Juniper firewalls, PIX firewalls, Bluecoat Proxies, Juniper Intrusion Prevention devices, Certificate authority support, and wireless switch Security Management.
• Responsibilities include monitoring, optimizing, problem resolution, root cause analysis, and managing all aspects of access to specified systems.
• Designing rule set and analyzing Netflow with profiling (i.e., Lancope) solution.
• Designs, writes, and maintains common procedures, SLI's and EXEC's for installed operating systems.
• Organize, allocate, and supervise use of disk space for libraries, files, and common work space.
• Review, analyze, develop, install, and modify Security Tools and systems.
• Executing security controls to prevent hackers from infiltrating company information or jeopardizing programs.
• Security policy review and configuration in Palo Alto and Juniper SRX Firewall in US offices and Datacenter. Troubleshooting of CISCO routers with ping, trace route and basic issues.
• Tune Sourcefire on Unclassified and Secret systems for false positives on unclassified systems and secret.
• Maintain the company's firewall and utilizes applicable encryption methods.
• Create information security documentation related to work area and complete requests in accordance with company requirements.
• Identifies opportunities and executes plans to improve workflow and understands and quantifies business impacts of those improvements for communication to management.
• Interface with user community to understand security needs and implements procedures to accommodate them. Ensures that user community understands and adheres to necessary procedures to maintain security.
• Installed controller and light weight access point coordination with JTAC.
• Responsible for IOS upgradation DNS and TCP/IP support, VPN site to site implementation.
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
• Managing F5 Big IP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers.
• Conduct research on network products, services, protocols, and standards to remain abreast of developments in the networking industry.

Confidential, ME

Network Engineer

Responsibilities:

• Responsible for Configuring SITE TO SITE VPN on Cisco ASA 5500 series firewall between Head office and Branch office.
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall.
• Designed and implemented F5 Big IP load balancers that resulted in improving application performance.
• Configured Firewall logging, DMZs& related security policies & monitoring.
• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
• Performed and technically documented various test results on the lab tests conducted.
• Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series.
• Support various Routers like 2600/3600/7200 series.
• Configure and InstallF5New Virtual Servers, Profiles, IRules, Pools, Nodes, Generate CSR Certificate, SSL Certificates Etc.,
• General and complex troubleshooting for Cisco ASA Firewall, Checkpoint Firewall, Cisco Switching, Cisco Routers:, DMVPN on site routers, F5 BIP IP Load Balancers. Responsible for troubleshooting complex networking issues in service provider MPLS & internet Backbone.
• Actively participated Implementation and customization of customer network.
• Designing, Provisioning and Installation of the Customer Sites in Oracle IPSA for MPLS Backbone.
• Implementation and testing of ISDN BRI/PRI circuits.
• Responsible to troubleshoot the connectivity between CPE router and the COLT's edge router (SAR).
• Configuration and troubleshooting of many link types i.e. SONET Controllers for sub E1/T1, E3/T3 and worked closely with RIR (Regional Internet Registry) to procure PI (Provider Independent) and PA (Provider Aggregately) IP addresses and AS numbers for COLT and customers.
• Set up DNS Reverse Delegation according to RIPE rules in RIPE Database.

Confidential

Network Security analyst/ consultant

Responsibilities:

• Provide support for all Checkpoint and Cisco environments. Provider 1 management upgrades from R65-R75.
• Performed upgrades on all Checkpoint firewalls, and support for client services.
• Firewalls are R65 and R70 clusters. Administration of Juniper Netscreen firewalls at corporate and remote locations.
• Reviewing & creating the FW rules and monitoring the logs as per the security standards in Checkpoint and Net screen, Palo Alto, ASA Firewalls.
• Provide support for all firewall related activities and upgrades for the Checkpoint environment from R60 to R70, R71, and R75. Support for Nokia/Checkpoint firewalls in a P-1 environment with 300 firewalls.
• Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments.
• Support for all Juniper firewalls and related environments. PCI DSS and SOX requirement and mitigation support.
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers.
• Network Access Control - Implementing a secure solution to identify network devices and profiling the Network devices to allow or disallow access based on the device type
• Intrusion Prevention System - IDS/IPS (IBM ISS IPS) Implementation and Upgrade for SiteProtector.
• Designing, Planning and Engineering support for the IPS
• Contact with the various projects and team regarding the rules, monitoring the Logs and document, disable or refine the rules as per the clients’ requirement.
• Auditing the rules based on security standards and refining it.
• Experience in Information System Audit Process, compliance assessment, Business Continuity and Disaster Recovery.
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment.
• Patch management analysis reports of Microsoft Baseline Security Analyzer for critical & missing patches. OS hardening. Incidents handling, Root Cause Analysis of security incidents.
• Coordinating all security related issues and with Internal Infrastructure Team, Validating the Expectation request and approving.
• Symantec Antivirus server console Management, Support for Symantec Enterprise product.

Confidential

Security Administrator

Responsibilities:

• Firewall implementation, firewall management, network management and troubleshooting connectivity, routing, and configuration issues with routers, switches, firewalls.
• Perform operating system, network and application vulnerability assessments to identify security exposures in the environment.
• Monitor Service Center queues for customer reported requests or incidents; access tickets for applicability.
• Analyze network and system logs and assist in security data analysis and Implemented Internet proxy/firewall and monitoring solution.
• Analyze, define and implement processes for user administration (request and required approvals) and security administration.
• Provide technical support and assistance to schools and departments in the selection, installation, operation, and maintenance of computer hardware and software. Nortel - switches, routers, TLS, upgrades.
• IPS/AV signature updates; RADIUS/RSA user and group management; remote VPN assistance / VPN Management/Monitoring / creation of user accounts/tokens for remote access VPN.
• Established protocols for backups, server space management, security, virus protection and other procedures essential to eliminating downtime or data loss.
• Perform on-going security maintenance and administration.
• Antivirus Management, hardening (securing) of servers and monitoring for security incidents.
• Configured servers for DHCP and DNS services.
• Installation and configuration of Print Servers.
• Performed troubleshooting of hardware and software related problems.
• Managed, installed and configured Windows 2000/NT Servers.
• Created user and computer accounts on the Active directory server.