Network Security Engineer Resume
Houston, TX
SUMMARY
- Network Engineer/ Security Engineer with over 7 years of experience in installing, upgrading, troubleshooting, configuring, and supporting variety of Network & Security devices using Cisco Switches/Routers/firewalls.
- Strong experience in creating firewall policies as per the requirements on Checkpoint, Palo Alto, Cisco ASA, Juniper firewalls.
- Hands on experience in Implementation, Troubleshooting &configuring for Checkpoint R77. 40 with GAIA and SPLAT.
- Migration experience from Cisco ASA to Palo Alto.
- Advanced knowledge in Cisco ASA 5500 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS, security risk analysis, attack mitigation & penetration tests based on LPT methodology.
- Experience deploying BIG - IP F5 LTM and GTM Load Balancers for load balancing and traffic management of business application.
- Strong hands on experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
- Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, & EIGRP, IPsec VPN design connection & protocols, IPsec tunnel configuration, encryption and integrity protocols.
- Demonstrate deep expertise in technical and security process design.
- Experience in Configuration and deployment of network security devices, including firewalls, Intrusion Detection Systems, VPN, and Identity Gateways.
- Excellent troubleshooting skills; tenaciously committed to the thorough resolution of technical issues.
- Proficient at establishing User Tunnels in Nortel VPN Routers, implementing network security protocols, installing and supporting backup strategies, and planning/executing disaster recovery solutions.
- Security: Tufin, Breaking Point, Tipping Point IDS/IPS, RedSeal Risk Assessment Tool, Palo Alto Networks Next Generation Firewall, Juniper SRX 210, McAfee Next Generation firewall, Blue Coat Proxy, PureWire (proxy in the cloud), Breach WebDefend (WAF), Imperva (WAF), SIEM (Qradar), Qualys scan, Vontu DLP, AirTight, Check Point VSX, Check Point Provider-1
- Solarwinds: Network Management Solution, Storage Manager, Dame Ware, Web Performance Monitor.
- Experience in troubleshooting network traffic and its diagnosis using tools like ping, trace route, Wireshark, TCPdump, and Linux operating system servers.
- Cisco Certified Network Associate (CCNA).
- Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyses results and implement and delivering solutions as an individual and as part of a team.
- Exceptional ability to grasp and master new technologies quickly and easily.
- Strong communicator; able to interact effectively and positively with individuals of all technical abilities. An Out-of-the-Box Thinker, believe in Team Work & Team Spirit, Decision Maker, Proactive, Customer Focused & Good Documentation / Presentation Skills.
TECHNICAL SKILLS
SECURITY: Checkpoint R65/R70/R75/R76/R77, ASA 5500 Series Cisco PIX, ASA, FWSM, Check Point NGX R77.20, Checkpoint 12000 series, Fortigate 3950B, Palo Alto PA 3050 Bluecoat, Juniper NetScreen
VPN SOLUTION: Cisco & Nortel VPN Clients, ASA SSL VPNs, Nortel Connectivity 600 & Nortel 5000 VPN Routers
NETWORK: Switches Cisco Catalyst 3550, 3750, 45XX, 65XX series, Nexus 7000, 5000, 2000, 9500 & NX-OS, Cat-OS, IOS.
Load Balancer: F5 BIG-IP LTM, F5 BIG-IP GTM, CISCO A10
Routers: Cisco 26XX, 28XX, 37XX, 38XX, 39XX &72XX series with IOS, IOS-XE & IOS XR.
OPERATING SYSTEM: Windows Servers & Linux (Ubuntu & Debian)
PROFESSIONAL EXPERIENCE
Confidential, Houston, Tx
Network Security Engineer
Responsibilities:
- Worked extensively on checkpoint R77.20 on GAiA and SPLAT, Palo Alto firewalls environment.
- Configuring Site-Site VPN on Checkpoint Firewall with R77 GAIA.
- Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA SmartDashboard.
- Extensive implementation of firewall rules on R77 GAIA on daily basis using SmartDashboard
- Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone based integration, and analyzing syslogs, and utilizing wild fire feature in Panorama 6.7
- Worked with Palo Alto firewalls PA250, PA3020, PA5020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
- Configuring rules and MaintainingPaloAltoFirewalls& Analysis offirewalllogs
- Successfully installedPaloAltoPA-3060firewallsto protect Data Center and provided L3 support for routers/switches/firewalls.
- Worked on F5 BIG-IP Local Traffic Manager (LTM) to automate, and customize applications in a reliable, secure, and optimized way
- Configuration, troubleshooting Checkpoint Firewall using R77 SmartView Tracker and Monitor
- Handled more than 500+ security devices and upgrades
- Worked extensively on addressing the audit issues and mitigating the failed controls.
- Worked on Algosec for firewall rule analysis and firewall rules cleanup.
- Collapsing the existing firewall rules and fine-tuning the firewall policies for better performance
- Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
- Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
- Configuring and troubleshooting site-to-site IPSEC VPN tunnels on cisco routers for third party connectivity.
- Utilized Blue Coat’s CPL for creating rule based policies for the SWG VA100 appliances
- Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint and Palo Alto firewalls.
- Configured Solarwinds and NetMRI to meet company requirements on reporting network status, latency, uptime along with configuration management and archive.
Confidential, San Ramon, CA
Network Security Administrator
Responsibilities:
- Responsible for Check Point and Cisco ASA firewall administration across global networks.
- Created and resolved Checkpoint Firewall Rules, Routing, pushed Policy.
- Checkpoint Firewall Log review and analysis and troubleshoot connectivity issues.
- Configuring HA on Checkpoint security gateways using cluster XL and VRRP.
- Upgrading Checkpoint security gateways in cluster with minimal downtime.
- Implemented and troubleshoot the Virtual firewalls (Contexts) solutions in ASA
- Troubleshooting the VPN tunnels by analyzing the debug logs and packet captures
- Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
- Provided Blue Coat SG 200/SG500 administration supporting Director, Profile Creations, Content Policy, Content Collections, Creating and Distributing URL Lists, and Appliance Certificate compliance.
- Responsible for implementing Data Center Security best practice, audit and compliance (PCI/SOX/DOD) requirements.
- Automation of security operations and optimizing the usage of infrastructure.
- Responsible for managing Network & Security Engineering implementation that architect, design, builds, manages and supports Network and Security Infrastructure and Data Centers.
- Maintain the periodical software update on security devices depends upon the bugs fixed with the new software releases.
- Responsible by controlling the Network and security device login by using the Cisco ACS server with RADIUS and TACACS+ protocol
- Maintained, upgraded, configured, and installed Cisco routers, Cisco Catalyst Switches and Load Balancer F5.
- Designing, Implementing and Troubleshooting Cisco Routers and Switches using different routing protocols like RIP, OSPF, EIGRP, BGP, ISIS & MPLS L3 VPN and VRF.
- Implement LAN protocols like STP, RSTP, VTP, VLAN and WAN protocols like Frame relay, PPP, port channels protocols like LACP, PAGP
Confidential, Las Vegas, NV
Network Engineer
Responsibilities:
- Installation and management of overall administration of LAN, WAN, systems involving design of network layouts, configuration and maintenance, Commissioning Routers & Switches, firewalls, IPS and ensuring maximum uptime during site deployment.
- Identify, design and implement flexible, responsive, and secure technology services.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing.
- Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
- Building network routes, establishing and assigning IP network, configuring access control list/VLAN access control lists, configuring firewall rules, implement DNS configurations using BIND, setting up virtual servers and certificates for complete F5 Big-IP load balancer build, testing newly implemented project, and troubleshooting any issues.
- Configured ASA 5500-X Series firewalls to provide highly secure and high performance connectivity between the site locations.
- Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, iRules) for managing the traffic and tuning the load on the network servers.
- Configured and managed Riverbed Steelhead to accelerate active directoryperformance, optimize file sharing, web, emails and voice video to an oversea office.
- Configured EIGRP and OSPF as interior gateway protocols with route filtering and route redistribution.
- Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
- Used DHCP to automatically assign reusable IP addresses to DHCP clients.
- Performed the ACL request changes for various clients by collecting source and destination information from them.
- Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
- Monitor the ticket queue for incoming tickets, Update tickets in accordance to Service Level Agreement requirements and, escalate based on severity levels using Remedy.
Confidential
Network Support Engineer
Responsibilities:
- Quick resolution of Highly Critical or Priority Incidents P0/P1
- Initially did onsite analysis, diagnosis and resolution of desktop problems for end users.
- Installed and managed Cisco Catalyst 3500XL, & 2960 series Switches and Cisco 1800, 3900 series routers
- Routing Protocols (RIP, RIP V2, IGRP, EIGRP, OSPF), Virtual LANs, LAN, WAN and Ethernet.
- Coordinated with senior engineers with BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks
- Frame Relay, ISDN, PPP, HDLC, Network Troubleshooting using CLI Show commands, PING, Trace route, telnet.
- Switching tasks include VTP, ISL/802.1q, IPSec and GRE Tunnelling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP
- Analysing the IPS logs and adjusting the protect mode
- New firewall design, installation, routing configuration & implementation. Manage and support Remote Access VPN setup for users and field locations with Nortel VPN Captivity Switch, RSA Secure IDS two-factor authentication and Juniper SSL VPN
- Monitor the ticket queue for incoming tickets, update tickets in accordance to Service Level Agreement (SLAs) requirements and, escalate based on severity levels using AxiosAssyst
- Configuring, supporting, and maintaining routers, switches, network appliances, firewalls, concentrators, and other communication devices
- Involved in the maintenance and monitoring of our LANs/WANs using Cisco, Enterasys and Extreme networks equipment, RiverbedWAN accelerators.
- Responsible for SharePoint Server 2013 for entire Managed Network Security Services
- Providing VPN and SSH access as per role and considering security breaches. Performing Firewall rule analysis and make decisions on risk to customer network.
- SolarwindsAdministrator: Reported the daily utilization of critical sites to managers, and analyses the network issues from the netflow.
- Audit firewall logs on a regular basis and investigate any suspicious activities. Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
- Experience with designing, deploying and troubleshooting LAN, WAN, Frame-Relay, and Ether-channel.
- Experience in Configuring and implementing VLAN, VTP, LAN switching, STP and 802.x authentication in access layer switches
- Troubleshoot; coordinate with Application Systems and Network Operations Engineers, and Help Desk, to resolve problems
- Performed various projects while successfully migrating data to new systems and remote locations.