SUMMARY

• Around 8 Years of IT Experience as Network & Information Security Engineer.
• A well - rounded Network, Cloud & Security Engineer with hands on AWS cloud Infrastructure Security, Security Audit, Vulnerability management, Network Security - Palo Alto, Cisco Firepower Threat Defense (FTD) and ASA with CSM firewall, Network Automation, Security Compliance, Routing, Switching, Wireless and datacenter technologies.
• Hands on experience with AWS infrastructure, implementing security controls.
• Hands-on experience managing and configuring Infoblox DNS services.
• Experience on designing and managing infrastructure that supports VDS system.
• Experience on identity services such as Radiant logic, SSO, LDAP technologies.
• Experience as a Security Auditor. Developing Hardening Compliance guides. Auditing systems for compliance and Vulnerability management using Nessus and Qualys. Generating reports using Firemon. Configuring expressions in Firemon, performing threat detection and analysis using Splunk.
• Experience using Rumble, Python, ETL tools.
• Experience in designing and implementation of new Network technologies like Cisco ACI, SD-WAN, AWS, F5 load balancers, Cisco ISE, Prime, Cisco Umbrella etc.
• Cisco Wireless 5520,5508,3504,2504 WLCs and 2802, 3802, 1562, Catalyst 9115AX, 9117Ax series Aps, Meraki MR46 and MR 36 cloud based wireless APs. Motorola NX65xx and 55xx series wireless controllers and 7532, 7522 series Aps.
• HPE- Aruba 7200 series mobility Wireless controllers and 224, 225 & 205 series Aps
• Hands on: Cisco Routers such as 1900, 2900, 3900, Cisco ASR-1k/9k, Cisco ISR 2900, 3900, 4000 series, Cisco Multilayer Switches 4500, 6500, Cisco CRS 4/8 CRSx, Cisco Catalyst 9k, 2960X, 3650, 3850 switches. Cisco Nexus 2k/5k/7k/9k. Brocade CER 2000 series, SLX 9850 routers, Brocade VDX 6710, ICX 6610 ICX 6430, CES 2000 series switches HP 2920, 3500, A5000 Series.
• Performed threat analysis and risk assessment to identify and mitigate any cyber threats.
• Configured secure connections with SSL certificate on F5 and AWS data collectors.
• Expertise in wireless- Cisco, Aruba, Motorola wireless technologies.
• Had in-depth knowledge on Antlr4, TCP/IP principles and experience on network Wi-Fi analyser and configuring routing protocols like BGP, OSPF, and EIGRP.
• Hands-on various ticketing tools like Remedy, ServiceNow etc.
• Hands-on network management tools like SolarWinds, Entuity, Cisco Prime etc.

TECHNICAL SKILLS

Network Security: CISCO ISE, Aruba Clearpass NAT/PAT, VPN, L2/L3VPN, Filtering, IDS/IPS, IPSec

Routing Protocols: RIP, EIGRP, OSPF, BGP, IS-IS.

Virtual Software: VMware (Workstation, vSphere, vCenter, vMotion, ESXi), Virtual Desktop Infra (VDI), Geni

Infrastructure Service: DHCP, DNS, SMTP, FTP, TFTP

Firewalls: ASA, Juniper SRX, Palo alto PA 500 and 7000, Fortinet, Checkpoint

Transport Protocols: TCP/IP, UDP.Operating Systems Windows 10/7, UNIX, Linux, MAC OS

Packages: Visio

Tools: Python, SYSLOG, Netflow, Infoblox IPAM, DNS, DHCP, Nessus, Qualys, Solarwinds, Firemon, Splunk, Netbrain Live Action,Wieshark

Cloud: AWS (VPC, Transit Gateway, Route 53, Security etc)

Network Automation: Python and Ansible

LAN Technologies: VLAN, VTP, VPC, VDS, Inter-Vlan routing, STP, RSTP, PVST, 802.1x

WAN Technologies: MPLS - MPBGP MPLS VPN, SD-WAN, Point to Point IPSec VPN

PROFESSIONAL EXPERIENCE

Security Engineer

Confidential, Dallas TX

Responsibilities:

• Perform security audits on a weekly basis. Develop and document security hardening guides for a variety of systems.
• Perform threat detection and threat analysis using Splunk.
• Analyze threat reports from the Firepower FTDs and Palo Alto Firewalls.
• Used Antlr4 for reading, processing, executing, and translating text files.
• Monitored and managed resource records in domains including A records, CNAMES, and DNS alias names.
• Migrated from legacy DNS servers to the new Infoblox DNS infrastructure.
• Detected DNS vulnerabilities and mitigated them.
• Develop CIS benchmarks for Vulnerability management in Qualys. Co-ordinate with system owners to discuss and develop plans to fix the vulnerabilities.
• Whitelist and Blacklist URLs based on the risk assessment reports, security levels and approvals. Audit ACLs and third-party connections.
• Perform analysis and diagnosis of complex networking problems. Perform Network traffic analysis daily and report any high bandwidth utilization causing source using tools like Live Action & Splunk. Investigate about the identified source and take necessary actions.
• Ensure that network administration activities are coordinated through defined change management processes.
• Hands-on experience working with SolarWinds network configuration manager. Created configuration change templates, automated IOS upgrades, bulk changes. Generated reports for compliance audits and monitored device policies, NetFlow traffic analyzing. Integrated SolarWinds with Splunk for logging SolarWinds alerts. Integrated SolarWinds with ServiceNow CMDB.
• Used ServiceNow CMDB to collect the data from various sources and generate reports related to networking and security.
• Used ServiceNow for change management and incident resolution.
• Integrated L3-L7 services to ACI fabric. Integrated one arm F5 load balancer, Cisco ISE, and Cisco ASA firewall - Configured and managed through APIC controller.
• Integration and configuration in AWS environment.
• Automated Network configurations using Python.

Network Security Engineer

Confidential, Austin TX

Responsibilities:

• Data center design experience - Cisco ACI infrastructure - Procured, designed, and implemented Leaf and spine architecture with Nexus 9k switches. Implemented ACI on Nexus 9k series. Deployed APIC controller and designed ACI fabric. Creating EPGs, BDs, Application Policies, multi- tenant design, VRFs and monitoring the network in APIC controller GUI.
• Part of Data Center migration team focusing on firewall configurations and troubleshooting. Designed multi -context firewall environment providing security services for many clients. Configured contexts for newly added clients.
• Configured various advanced features (Profiles, monitors, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs.
• Configured VPN tunnels using IPsec encryption. Worked with different vendors and implement Site-to-Site VPNs over the Internet.
• Develop and document network provisioning requirements and policies.
• Project lead for the new wireless architecture design project. Analyzed the existing architecture, coordinated with Cisco to discuss the new design and newer wireless models and Meraki Solutions. Developed POC (Proof of Concept) for the new design in the lab. Came up with a budgetary & implementation plan suitable for the client requirements.
• Co-ordinated with the RF survey vendors to run a wireless survey at all the sites globally. Analyzed RF survey documents and proposed BOM (Bill of Materials) for the customer.
• Designed and implemented new WLAN solutions with Cisco WLCs and Cisco ISE. Implemented 2-factor authentication - 802.1x, certificate authentication, EAP-TLS with Cisco ISE for trusted users. MAC address filtering with PSK for IoT (Scanners, robots etc.) and Anchor - Foreign controller model for Guest wireless.

Network Engineer

Confidential

Responsibilities:

• Proposed designs for Cisco Wireless, LAN/WAN, and Security solutions.
• Replaced 2800 and 2900 series routers with Cisco 4300, 4400 series routers all over the enterprise. Implemented iWAN across the enterprise on the newly implemented 4300,4400 series routers.
• Analyze bandwidth utilization on Live Action and created reports using Splunk on daily basis to report top talkers.
• Replaced Cisco Catalyst 4507, 6500 switches with Nexus 7018, 7010 and 9k series switches. (Configuration, Deployment and maintenance). Monitoring using Wireshark, NetFlow - SPAN and RSPAN sessions
• Configured Routing protocols such as OSPF, BGP, static routing and policy-based routing.
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls for stable VPNs.
• Configured and troubleshot Cisco WLC 2504, 4404, 8510, 5500 series and Access points 2700,1562, 1552, 3700.
• Cisco ACI infrastructure - Designed and implemented Leaf and spine architecture with Nexus 9k switches. Deployed APIC controller and designed ACI fabric. Creating EPGs, BDs, Application Policies, multi- tenant design, VRFs and monitoring the network in APIC controller GUI. Integrated L3-L7 services to ACI fabric.
• Integrated F5 load balancer, Cisco ISE and Cisco ASA firewall - Configured and managed through APIC controller.
• Designed and implemented F5 BIGIP load balancer- LTM. Configured Profiles, monitors,, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates etc.
• Designed and implemented Cisco ISE to monitor/ manage wireless users, BYOD network security, user privileges, profiling etc. Migrated from Cisco secure ACS
• Part of Data Center migration team focusing on firewall configurations and troubleshooting.
• AWS migration- Migrated most of the Data Center services to AWS. Created VPCs, security groups, Integrated F5 load balancers, Palo Alto Firewalls. Designed the traffic flow in AWS cloud.
• Perform analysis and diagnosis of complex networking problems for the clients. Monitor and health check the network using tools like Entuity, Solarwinds, iGlass etc and report the issues on ticketing tools like ServiceNow.
• Perform Network traffic analysis daily and report any high bandwidth utilization causing source using tools like Live Action & Splunk.
• Ensure that network administration activities are coordinated through defined change management processes.
• Develop and document network monitoring and problem management procedures, including escalation thresholds, that meet requirements and adhere to defined policies.
• Implement measures for proactive monitoring and self-healing capabilities to limit network outages.
• Identify network problems and resolve in accordance with incident and problem management services, policies, procedures.
• Upgraded Out of Band service devices to new Uplogix LM80 series OOB devices.
• Schedule and perform IOS upgrades on routers, switches, wireless devices and firewalls.
• Configure Wireless AP groups, Flex-Connect for remote APs etc.
• Configured access lists, NAT, IP Sec tunneling, Failover on ASA firewalls in the new primary datacenter.
• Adding firewall rules, opening ports as requested by System administration teams and troubleshooting.
• Maintain and document IP addressing schemes, router configurations, routing tables, VPN configurations, etc.
• Monitoring using Wireshark, Netflow - SPAN and RSPAN sessions.
• Configured and troubleshoot Routing protocols such as OSPF, BGP, static routing and policy-based routing.
• Managing troubleshooting tickets, opening TAC cases with Cisco, documenting challenges and changes.
• Switching related tasks included implementing and separating VLANs, VTP and configuring and maintaining multi VLAN environment, inter-VLAN routing, VPC and VSS. Installed and configured new WAAS device (WAN accelerator).