Sr. Network Security Engineer Resume
San Francisco, CA
SUMMARY
- Experienced Network/Security Engineerexperience in working in medical, educational, and financial institution, with progressive expertise inendpoint security.
- Skilled in Switching & Routing Protocols, Bash, Firewall, Python, WLAN, Network Security, and vulnerability management.
- Experience in managing and maintaining of large - scale enterprise networks, extensive knowledge in developing policies, test plans, procedures with different products.
- Customer focused and able to represent technology to clients and users with varying skill levels.
- Experience in Vulnerabilities scans, enforcements and remediation.
- Expert Understanding of NAC products Cisco ISE, ForeSocut CounterAct and Aruba Clearpass.
- Additional expertise in Cisco wireless, Aruba Wireless, Meraki, Splunk, Tenable, Palo Alto, SIEM and network monitoring tools.
- Experience with Cisco ASA, FTD, FXOS, Paloalto, panaorama, Checkpoint, IPS, IDS etc.
- Experience creating Firewall rules, URL filters, zone and policies, using of tags with appID and UserID.
- Configuration of VLAN using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trunking using 802.1Q.
- Implemented redundancy network with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP).
- Proficiently implemented traffic filters using Standard and Extended access-lists, Distribute-Lists,Netflow, Route Maps and route manipulation using Offset-list.
- Experience in implementing Zero-Trust Network for campus network.
- Performed configuration, deployment and support of cloud services including Amazon Web Services (AWS) / Azure and deploy monitoring, metrics, and logging systems on AWS.
- Experience inWireless Standards and it’s configuration, i.e., Ethernet, WAN, LAN, IEEE 802.11a, b, g, n (Wi-Fi). Cisco Wireless Management system, Cisco Meraki Products, PCI standards. Very good knowledge on IEEE 802.15.1 (Bluetooth), Mesh networks, etc
- Hands on experience configuringInfoblox Troubleshooting DNS/DHCP issues within the LANnetwork.
- Familiarity with Vulnerability Management tools such as Qualys Guard, Tenable IO.
- Working with vendor for support and troubleshooting issues by opening the TAC case and manage them.
- Experience on frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NAT, sub-netting, also including DNS, WINS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols
- Experience on Wireless Standards and Technologies, i.e. Ethernet, WAN, LAN, IEEE 802.11a, b, g, n (Wi-Fi). Cisco Wireless Management system, Cisco Meraki Products, PCI standards. Very good knowledge on IEEE 802.15.1 (Bluetooth), Mesh networks, etc.
- Experience on configuring and troubleshooting Cisco Wireless networks; LWAPP, WLC, WCS, stand-alone apps, roaming, wireless security basis, IEEE 802.11a/b/g, RF spectrum characteristics.
- Good working experience of Service Now, KB Articles,Service Desk, Change Management, Asset Management, Change Tasking,Service Level Agreement processes, exception/exemption process.
- Worked on facility with an 802.11 abgn wireless infrastructure for heatmap.
- Experience in Intrusion Detection, DMZ, encryption, IPsec, proxy, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
- Experience with F5 load balancers and Cisco load balancers (ACE and GSS).
- In-depth understanding in implementing and configuringF5 Big-IP LTM 3600, 4200, 6950 and 8950Load Balancers.
- Managed, deployed and Upgraded Endpoint Security (SEP, FireEye, CyberArk, McAfee), deployed and upgraded client to improve the security of all workstations.
- Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70 & R77, Palo Alto and Cisco ASA.
- Experience in upgrading Router, Switches and Firewall operating system.
- Comprehensive expertise in the implementation of optimization, design, analysis, troubleshooting and documentation of LAN/WAN networking systems.
- Unix/Linux systems administrator with experience configuring, monitoring, upgrading, and maintaining systems hardware, software, and related infrastructure.
- Proficient in using Network Management tools like Network Performance Monitor (NPM), Net flow Traffic Analyzer, Network Configuration Manager (NCM) and Cisco Prime.
TECHNICAL SKILLS
Routers: Routers (1700, 1800, 2500, 2600, 3200, 3600, 3700, 3800, and 7200)Switches: Cisco L2 & L3 Switches (2900, 3560, 4500, 5000 & 6500,9400, PIX, FWSM, Juniper, Net screen
LAN Technologies: VLAN, Inter-VLAN Routing, VTP, STP, RSTP, NAC, dot1X.
Endpoint Security: Cisco ISE, FireEye HX, ClearPass, ForeScout CounterAct, BigFix.
Firewalls: Cisco, ASA, NGFW, FTD, PaloAltoproducts/Services: DNS, DHCP, Windows (2000/2003, XP), UNIX, LINUX, Microsoft SQL Server 2000 and 2005, VMware.
Protocols/Services: Routing Protocols (RIP v1 & v2, IGRP, OSPF, EIGRP, BGP), QoS, HSRP, VRRP, TCP/IP, load balancer, Proxy servers, IPsec, MPLS.
Network Management Tools: Wireshark, NetFlow Analyzer, HP OpenView, Cisco Works, Ethereal, OPNET, SolarWinds, Cisco Prime.
Vulnerabilities Tools: Nessus, Tenable .io, Qulays.
Security Server Protocols: TACACS+, RADIUS, 802.1x, web proxy NAC.
Languages: bash, Python.
PROFESSIONAL EXPERIENCE
Confidential, San Francisco, CA
Sr. Network Security Engineer
Responsibilities:
- Designing and implementing Network Access Control functionality with Cisco ISE and ForeScout CounterACT.
- Responsible for Security enforcement on endpoint based on University Security Standards.
- Designing and implementing of Zero-Trust network based on different VRF rules.
- Integration between CounterAct, Aruba, ServiceNow, QRadar (SIEM), FireEye, Tenable .io and BigFix.
- Creating micro segmentation policy for endpoints based on device classification and OS fingerprintson wired or wireless.
- Experience with Cisco ISE, Radius, Device profiling, device posture check, user identity, Network segmentation and Device compliance.
- Cisco Firewall with active threat detection.
- Experienced in Designing, implementing, maintaining Cisco Firepower FXOS firewall rules on a campus environment.
- Configuring bluecout web proxy,
- Creating Wireless and wired ACL based on medical device segmentation.
- Maintain and managing a LAN/WAN network, ensure connectivity between all datacenters including Monitor, troubleshoot and document any network issues.
- Lead design efforts on design/deployment of large enterprise-wide projects and IT infrastructure initiatives.
- Experience of various security methodologies and processes, and technical security solutions (SIEM, IDS/IPS, firewalls, anti-viral/malware and offensive security tools)
- Establishing and maintaining of setup to Build and deploy the application to the Cloud AWS.
- Strong foundation in network, security, administration, project management and team leadership.
- Experience with certificates/Identity Management tool i.e., SSL certificate, Cisco Radius, ClearPass, AAA.
- Familiar with requirements for securing EPHI and PCI data.
- Customer focused and able to represent technology to clients and users with varying skill levels.
- Experience interacting with vendors, obtaining/reviewing quotes and selecting network equipment.
- Managed, deployed and Upgraded Symantec Endpoint Protection, FireEye, Bigfix deployed and upgraded client to improve the security of all workstations.
- Creating firewall and web filtering rules for data loss protection.
- Setup HTTP notification for non-compliant device, make sure the Endpoint is compliant as per Organization standards.
- Working with Medigate for medical device profile and criticality of the device based on network and device type.
- Implement, administer, and/or maintain Cisco Unified Communications systems including but not limited to CUCM, CUC, Unity, UCCE, CUPS, VG, CUBE, CVP, CTIOS, and call recording systems
- Additional skills in Cisco, Aruba Wireless, Cisco Meraki, network access control, logging and monitoring, SIEM and security incident remediation.
- Endpoint Security with host based IPS, Firewall, Threat identification and remediation.
- Responsible for validating patching level for Linux, Windows, and OS X operating systems.
- Responsible for Third level support for general network issue determination and resolution. Troubleshoots complex issues in network systems software and distribution.
- Propose strategies for improving existing network access control and network infrastructure through integration of new products, technologies and services Build project proposals with associated bill of materials and estimated.
- Provision DNS services using Infoblox for DNS, DHCP and IP address management IPAM, A Record, MX Record, Dmarc, Text Record and Domain creation.
- Troubleshoot enforcement action on endpoints to be compliant as per the organization policies.
- Perform Bash and PowerShell scripting to resolve the network access issue on endpoints.
- Responsible for phase rollout and analyze and calculate the impact and risk during the phases.
- Document the step to resolve/implementation of policy the issue for windows, MAC and Linux endpoint under enforcement.
- Analyzed system logs and event logs to detect nefarious activity.
- Worked with various tools like NMAP, Wireshark, OpenVAS and Nessus to scan for open ports and identify potential vulnerabilities
- Perform product and solution testing in the lab and provide written analysis of results.
- Developing and documenting the communication plan for End User.
- Works directly with vendor / manufacturer technical support to isolate and resolve complex hardware and software issues.
Environment: Aruba wireless, ForeScout CounterAct, Cisco ISE, Tenable, VM, Medigate, Segmentation, PA Firewall, NetFlow, Infoblox
Confidential, San Francisco, CA
Network SecurityEngineer
Responsibilities:
- Planning, design, procurement, implementation, and documentation of Network Access Control.
- Performing build tasks like Creating Adding Leaf Switches, Upgrading from NXOS to ACI OS, EPGs, Bridge Domains, Interface Policies, Switch Policies, SNMP, VPCs and Port Channels on ACI as required.
- Deployed, implemented, configured, and managed Cisco FWSM and ASA Firewalls, Cisco IDS/IPS, Cisco ISE, Wireless Controllers/APs and Cisco Meraki Cloud Wireless Security on high volume critical production environment.
- Experience configuring cisco ASA, Palo alto and checkpoint.
- Creating rules for URL filtering, application identityas per enterprise standards.
- Experience in migrating services from traditional networking devices to ACI on multiple versions in Datacenter networks.
- Major responsibilities include designing, staging, configuration, testing, installation, troubleshooting and maintenance of various equipment.
- Creating firewall filters as per User identity via LDAP, active Directory integration.
- Configured and Troubleshot CISCO 12000, 7500, Juniper MX 480, MX960 series routers and EX4200 & EX3200, 3560 series switch for LAN/WAN connectivity.
- Experience working on administering various AWS Services using AWS Console
- Building new servers withRed HAT Linux and configuring them.
- Experience in upgrading ACI fabric with Spine/Leaf Architecture.
- Developed an AWS security roadmap which included the AWS Services and 3rd party tools to be utilized in the AWS Cloud for Security monitoring.
- Migrating the VCS, Oracle RAC andRed hat Clusterswith file systems across the Data-Centre, which includes configuration of new IP, VIP and Private IP.
- Redesigned and built a DMZ for PCI Compliance and configured Cisco Nexus 9Ks and 7Ks, F5 LTMs, ASA firewalls, IXIA Bypass and a pair of ASR 1004 Routers from scratch as a part of the project.
- Performing build tasks on Nexus 7Ks like creating VPC peer-link, VDCs, VPCs, Vlans, upgrades as required and similar tasks on Nexus 9Ks except for VDCs.
- Deployed/Rebuilt network devices close to 50 sites large and small sites for a vendor company that has recently merged with the client.
- Experience in upgrading, configuring and troubleshooting Cisco WAN Optimizers.
- Experience in configuring Site to site VPN and DMVPNs.
- Configuring VSS on Core Cisco Catalyst 6509 switches.
- Experience in configuring F5 Load Balancers from Scratch, Upgrading, troubleshooting and performing build tasks like creating VIPs, Pools, adding nodes, SNATs, creating and updating SSL Certs.
- Experience in configuring various switching techniques like configuring VLANs, VTP, Spanning tree and Redundancy protocols like HSRP, VRRP and GLBP.
- Experience in using routing protocols like BGP, OSPF and EIGRP.
- Expertise in configuring and troubleshooting of Palo Alto, SRX Firewalls and their implementation Experience in site-to-site and remote access.
- Replacing Checkpoint, Pulse VPN and BlueCoat proxy with Zscaler and worked on implementing Zscaler in Production.
- Function as part of a Firewall and Security team in support of Checkpoint Firewalls, Zscaler Proxy, Juniper Portals, SecAuth, Open LDAP, and Active Directory.
- Extensive troubleshooting on a case-by-case basis with deep understanding of networking/firewall concepts which include connectivity issue pertaining in WAN, LAN, VPN tunneling and Security devices.
- Experience with Checkpoint and Forti-Gate Firewall policy provisioning experience with Firewall Administration, Rule Analysis, Rule Modification
- Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
- Hands on Experience to configure and implement hide NAT, Static NAT no NAT, ACL etc.
- Provision VPN connections on Cisco ASAs and implement MACs Move Add Change per business requirements.
- Implemented load balancing solutions on F5 local Traffic Managers.
Environment: Cisco ASA, Checkpoint, Palo Alto, TCP/IP, VPN, VPLS, VPWS, Ticketing & Remedy, Symantec/ Blue Coat Proxy, Symantec Management Center, Infoblox, ServiceNow and Splunk
Confidential, Foster City, CA
Network Engineer
Responsibilities:
- Installed and configured new Cisco equipment including Cisco catalyst switches, Nexusand network optimizer as per the requirement of the Organization.
- Performing office refresh with new network gear and perform security updates on network gear.
- Experience implementing Cisco WLC and Cisco AP with producing wireless heatmap for better coverage.
- Experience in working with Cisco ISE and radius for 802.1x authentication.
- Expert in installing, configuring, maintaining, and troubleshooting switching and routing technologies like EIGRP, BGP, OSPF, RIPv2, Ether Channel, RSTP, 802.1q, Port Security, HSRP, VRRP on Cisco ASR Routers and Cisco Catalyst Switches.
- Worked on Cisco Secure Access Control Server (ACS) for Windows to authenticate users that connects to a VPN 3000 Concentrator. Router/ Microsoft VPN Server to access certain limitednetworkresources from customer locations.
- Implemented and maintained logical design models (L2/L3, spanning tree, VTP, VLANs, physical cabling), remote VPN software, network control protocols (QOS, PoE, NTP, DHCP), network management protocols (CDP, FTP, TFTP, SNMP), and security protocols (SSH, HTTPS, AAA).
- Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall
- Responsible for configuring IPSec VPN tunnels, IP communication, and routing (OSPF, EIGRP, BGP).
- Deployed and maintained security systems, including integration, testing, troubleshooting, and updating/upgrading of various security tools and appliances such as antivirus, IPS, malware detection tools, DLP, Identity and Access Management and encryption tools.
- Integrated Cisco Security Manager with Cisco ACS Server 4.1, Bluecoat Cisco SSL VPN, Clean Access and ACS
- Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0, configured BIG IP (F5) Load balancers and monitored the Packet Flow in the load balancers.
- Worked with Blue coat and handled the Trouble Tickets on F5 Load Balancers.
- Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network
- Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided L3 support for routers/switches/firewalls.
- Maintained virtual servers With VMware ESXi.
- Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with ASA and JUNIPER SRX Firewalls.
- Worked on configuring and supporting Cisco ASA, Checkpoint, palo alto firewalls.
- Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.
Environment: Palo Alto firewalls, Cisco ASA, Cisco Router & Switches, Cisco WLC, Cisco Prime, ServiceNow, SolarWinds, Cisco ISE, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, Ether Channels.