Network Security Engineer Resume
Palo Alto, CA
PROFESSIONAL SUMMARY:
- Overall 8+ years of Experience in Networking and Security, which Governs all the Configuration, Optimization, Upgrading, Troubleshooting and Maintain Complex Network Topologies with Profound experience on Security, Routing and Switching protocols.
- Experienced in designing network infrastructure which includes Firewalls, Routers, Switches.
- Worked on Confidential PA 3060, 5060 Firewall, ASA 55xx Firewall.
- Confidential Network Security Device Configuration of Firewall Rules, QoS Rules, User ID agents, Policies , Packet Capturing.
- Hands on designing security topologies using Confidential and various Endpoint Protection.
- Configuring Rules in Confidential Firewalls & Analysis of logs using various tools like SIEM .
- Expertise on centralized management system (Panorama) to manage large scale firewall deployments.
- Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
- Experienced in Migration from Checkpoint and Cisco ASA Firewalls to Confidential .
- Proficient knowledge on firewall Rule audit and optimization using Algosec.
- Information protection solutions including profile to detect the pattern matching against Sensitive data and triggered DLP alerts and Security Auditing solutions from Symantec.
- Hands on experience in implementing Authentications like RADIUS and TACACS+.
- Maintained Blue coat proxy manager.
- Strong in installing, configuring, and troubleshooting of Cisco 7600 series routers , Juniper routers M320 and SRX series routers.
- Experienced in working with Cisco Switches, Nexus 7009, 7018, 5548P, 5596T, 2148T, 2224T, 6000 switches and Juniper EX Series.
- Administering multiple Firewalls, in a managed distributed environment and knowledge on SIEM tools like QRadar.
- Knowledge on mitigating various attacks like DOS, DDOS, KILLCHAIN, and ZERO DAY ATTACK.
- Experience in adding Irules for customizing F5 load Balancers.
- Maintained Load Balancer BIG - IP F5(LTM and GTM).
- Worked on VPN tunnels ISAKMP, IPSEC .
- Configured customized Redistribution among IGP & EGP routing policies,
- worked on designing MPLS VPN networks.
- DMZ zoning & configuring VLANs/Routing/NAT with the firewalls.
- Worked on integration of feeds and features like different Flow Feeds (Net flow, Jflow etc.).
- Worked on configuration & troubleshooting of routing protocols: OSPF, EIGRP, BGP.
- In-depth knowledge on IP Addressing, VLSM, FLSM, Reverse & Forward proxy ARP, Ping Concepts.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, HDLC, STP, and RSTP, MSTP.
- Extensive knowledge in devices using PANOS, Cisco IOS, JUNOS and NX-OS .
- Network design and documentation using Microsoft Visio .
- Knowledge on Incapsula to make DDoS Protection, Web Security and as load balancer.
TECHNICAL SKILLS:
F irewalls: Cisco ASA Appliances (5540, 5550), Confidential 3060,5060, check point R7X, R8X, Juniper SRX-550, SRX-220 .
Network Security: ACL, IPsec, VPN, Port-security, RSA, AAA and IPS/IDS
Router Platforms: Cisco 76XX,72XX series, Juniper M320, T640, SRX series.
Switches Platforms: Cisco 65XX, Nexus 6K,5K.
Load Balancer: BIG-IP F5, ACE 4710, Brocade.
Routing Protocols: EIGRP, OSPF, BGP, PBR, IS-IS.
L2 Protocols: VTP, STP, RSTP+, MSTP, PVST+, ISL, 802.1q, Inter VLAN routing Multi-Layer Switch, Multicast operations, Layer 3 Switches, VLANs, Ether-Channel, Transparent Bridging.
Redundancy Protocols: HSRP, VRRP, GLBP, VOIP, QOS, VSS, VMPS, PBR.
ACS management: RADIUS, TACACS+, and Digital Signatures.
Network Management: Network Troubleshooting, SSH, SNMP, ICMP.
WAN: Frame Relay, ISDN, PPP, ATM, MPLS, SSL.
LAN: Faster Ethernet, Gigabit Ethernet.
Servers: FTP, DHCP, DNS, HTTP, Syslog, TFTP, NTP.
Virtualization: Wire shark, Solar Winds and NMAP, PANOS, IOS, NX-OS
WORK EXPERIENCE:
Network Security Engineer
Confidential, Confidential, CA
Responsibilities:
- Confidential design and installation, which includes Application, User ID, URL filtering, Threat Prevention and Data Filtering.
- Good knowledge on Confidential Certificate Signing Request, Certificate Authority.
- Participated on Confidential INLINE PACKET inspection, GLOBAL PROTECTION using VPN, Always ON, On-Demand.
- Successfully installed Palo Alto PA-3060, 5060 firewalls to protect Data Center and multiple remote locations.
- Monitoring using Confidential ACC tool for activity within network.
- Worked with Confidential Panorama management tool to manage Confidential firewall and store the data of all global networks from central location.
- Troubleshoot traffic passing managed firewalls via logs and packet captures.
- Involved in MIGRATION of Checkpoint to Confidential .
- Worked on configuring and troubleshooting Nodes, Pools, Profiles, Virtual Servers, SSL Certificates.
- Worked I Rules and Big-IP F5 on LTM and GTM load balancers to provide uninterrupted service to customers.
- Maintained Brocard load balancer defining various algorithms.
- Well knowledge on attacks like DOS, DDOS, KILLCHAIN, and ZERO DAY ATTACK.
- Good knowledge on DOS mitigation, Multifactor Authentication, Zone Protection, intrusion detection and prevention.
- Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec, etc.
- Worked with audit servers using Algosec and Network Racking/Stacking/Auditing HW.
- Managed distributed environment on SIEM using QRADAR
- Worked and Upgraded IOS on various Cisco ASA firewalls, Routers like 75xx, 72xx, Series, Juniper SRX-550, SRX-220 as well as switches like 3750, 45xx, 65xx, 45xx, 29xx, 35xx, 19xx Series .
- Implementing Monitoring, Troubleshooting, traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
- Well knowledge in setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer.
- Implemented various OSPF scenarios on networks consisting of 7600 routers.
- Worked on OSPF link -state advertisement like LSA type 5, 6, 7 .
- Actively working with Cisco IOS-XR on the ASR9000 devices for MPLS deployments in data center.
- Configure, verify & troubleshoot single area & multi-area OSPFv2 for IPv4 & IPv6 ( excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs )
- Hands-on WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP, OSPF, EIGRP), and IP addressing.
- Configured the devices with redundancy protocols like STP, VTP, PVST, MVST, RSTP and implemented on Nexus and Cisco Switches.
- Used solar winds for various application monitoring NPM, NCM, SAM, Net flow traffic analyzer.
- Knowledge in Incapsula and used for Web application security platform, Load balancing.
Network Security Engineer
Confidential, Milpitas, CA
Responsibilities:
- Good knowledge on Confidential Certificate Signing Request, Certificate Authority.
- Successfully installed Palo Alto PA-3060, 5060 firewalls to protect Data Center and provided L3 support for routers/ switches.
- Worked with Confidential Panorama management tool to manage Confidential firewall.
- Lunched FireEye to detect attacks on layers, through common attack vectors such as emails, webs, and all executable files.
- Worked IRules and SNAT’s Big-IP F5 on LTM and GTM load balancers to provide uninterrupted service to customers.
- Well knowledge on attacks like DOS, DDOS, KILLCHAIN, and ZERO DAY ATTACK.
- Good knowledge on DOS mitigation, Multifactor Authentication, Zone Protection, intrusion detection and prevention.
- Worked with audit servers using Algosec and Network Racking/Stacking/Auditing HW.
- Managed distributed environment on SIEM using QRADAR
- Implementing Monitoring, Troubleshooting, traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
- Implemented various OSPF scenarios on networks consisting of 7600 routers.
- Actively working with Cisco IOS-XR on the ASR9000 devices for MPLS deployments in data center.
- Configure, verify & troubleshoot single area & multi-area OSPFv2 for IPv4 & IPv6 ( excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs )
- Configured the devices with redundancy protocols like STP, VTP, PVST, MVST, RSTP and implemented on Nexus and Cisco Switches.
Network Security Engineer
Confidential, Atlanta, GA
Responsibilities:
- Day-to-day work involves changes in the Checkpoint Firewall using the Smart Dashboard software and connecting via Smart Center management.
- Creating object, groups, updating access-lists on Check Point Firewall, apply static and hide NAT using smart dashboard.
- Configuration of policies, objects and Web Filtering on firewalls like Checkpoint, Confidential 3060, 5060 .
- Performed Network Security Assessment and implemented security improvements such as network filtering using Confidential URL filtering, Zone filtering etc.
- Firewall policy administration and support on Checkpoint as well as Cisco ASA
- Monitoring the connections using the management tools SNMP over Solar winds, Confidential Panorama and packet capture using wire shark.
- Configuring and implementing F5 BIG-IP load balancers to maintain global and local traffic.
- Support routing protocols including BGP and OSPF, EIGRP, RIP routing, HSRP, VRRP, load balancing GLBP /failover configurations.
- Worked on Cisco Routers like 3945 and 2911,75xx, 28xx series, and Nexus, cisco Switches like 45xx, 29xx, 35xx, 19xx, 38xx series.
- Responsible for using cutting edge solutions for Data Loss Prevention DLP.
- Information protection solutions including DLP and Auditing.
- Providing network security with ACL’s, CRYPTO and VPN tunneling with phase1 ISAKMP, phase2 IPSEC ,
- Design and implementation of MPLS VPN, QOS for the architecture.
- Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using OSPF and BGP.
- Hands-on WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP, OSPF, EIGRP), and IP addressing.
- Configured site to site VPN technologies using IPSEC by providing IKEv1 and IKEv2 keys for secure connection.
Sr Network Engineer
Confidential, Canonsburg, Pennsylvania
Responsibilities:
- Setup the IPsec VPNs with the third-party clients to allow the access to data feeds in the Corporate network
- Implement Checkpoint firewall using VPN, VSX technology.
- Configuring the WAN network with using individual zones and monitoring with zones.
- Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations,
- GRE Tunnel Configurations, VRF configuration and support on the routers.
- Setup the IPsec VPNs with the third-party clients to allow the access to data feeds in the Corporate network
- Implemented on Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500)
- Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smart view monitor etc.
- WAN Technologies (PPP, Frame Relay, ATM, ISDN, Site to Site VPN).
- Configured ASA 5540 to ensure high-end security on the network with ACLs and Firewall.
- Responsible for Checkpoint and Cisco ASA firewall administration across global networks and Migration of Juniper.
- Router redundancy configuration (HSRP, VRRP and GLBP).
- Proficient in setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer.
Jr Network Engineer
Confidential
Responsibilities:
- Hands-on WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP, OSPF, EIGRP), and IP addressing.
- Configured and resolved various OSPF issues in an OSPF multi area environment.
- Involved in the configuration & troubleshooting of routing protocols: BGP, MP-BGP, OSPF, EIGRP.
- Troubleshoot traffic passing managed firewalls via logs and packet captures.
- Configuring FTP server for inside/outside users & vendors and Used various scanning and sniffing tools like wire shark.
- Install and managing devices including Cisco Nexus and Catalyst Layer 2 switch 29XX, 3750X series and Routers.
- Layer 2 switching technology architecture, implementation and operations including L3 switching and related functionality. this includes the use of VLANS, STP, VTP and their functions as they relate to networking.
- Redistributing from EIGRP to OSPF and vice versa by implementing hub and spoke topology with a Frame Relay Switch in between.
- Deployed 7613 as provider edge PE and costumer edge CE router and Configured and troubleshoot the Edge Routers.
- Configuring the (SA) Stub Areas, (ABR) Area Border Router, (ASBR)Autonomous System Border Router and virtual links
- Configuring authentication of both the modes like PLAIN TEXT and MD5 (message digest) and resolving the auto summarization on layer 3 devices
- Implement Cisco Secure Access Control Server (ACS) for TACACS+, RADIUS
Jr Network Engineer
Confidential
Responsibilities:
- Designing private network and maintaining the hardware, software installation & configuration.
- Designing and implementation of routing policy for customer internet route with link utilization.
- Configuring the routes like default, static routing and dynamic routing in the devices.
- Involved in Local Area Network design, troubleshooting and maintenance as per requirement.
- Creating and Maintaining the network stability on VLAN, LAN and WAN.
- Troubleshooting issues related to VLAN, VLAN- Trunking, and STP.
- Involved in implementation of Trunking Encapsulation IEEE 802.1Q and ISL on Cisco catalyst switches L2, L3 .
- Designing the VLAN along with INTER- VLAN routing.
- Configuring Cisco routers 26xx series using OSPF and EIGRP.
- Configuration to different applications with RSTP, VTP, VTP Pruning.
- Redistributing from OSPF to RIP and vice versa by implementing hub and spoke topology with a Frame Relay Switch in between.
- Troubleshooting TCP/IP problems troubleshoot connectivity issues in multiprotocol Ethernet.
- Configuring static Nat, dynamic Nat and Nat pooling.
- Designed the network with sustainable IP using SUBNETTING like FLSM, VLSM.