Network Security Engineer
Resume:
Nazish Shaikh
Network Security Engineer
ad2nfi@r.postjobfree.com
PROFESSIONAL SUMMARY:
Network Engineer with 8 years of experience working as a Network Administration, Data Communication, Wireless Network Maintaining and Troubleshooting Cisco, Juniper, Routers, Switches, Firewalls, Load Balancers and VPN configurations.
Designed, implemented, and oversaw Web Application Firewall (WAF) "Virtual Patching" solutions to proactively enhance the security of web applications.
Demonstrated proficiency in configuring and managing FortiGate Next-Generation Firewalls to enforce robust network security, intrusion prevention, and threat detection capabilities.
Integrated with the CISCO Umbrella intelligent proxy to enforce security policies and protect against threats hidden in encrypted traffic.
Planned, designed, and executed comprehensive testing of SD-WAN deployments, with a focus on the Demilitarized Zone (DNZ) to ensure secure communication between SD-WAN infrastructure and external networks.
Implemented link aggregation (LACP) on Juniper EX switches to aggregate multiple physical links, enhancing bandwidth and redundancy.
Extensively experienced in designing, implementing, and managing Viptela SD-WAN solutions to optimize network performance, enhance security, and improve application delivery across geographically dispersed locations.
Created and implemented QoS policies on Juniper EX switches to prioritize critical network traffic, ensuring optimal application performance.
Possess advanced expertise in the installation, configuration, maintenance, and administration of Palo Alto Network firewalls, Panorama, Checkpoint, and Fortinet Firewalls.
Familiar with security products such as Cisco ISE, Cisco ASA firewalls, Firepower, and FTDs.
Experienced in Cisco Routing and Switching, handling various router series such as 3600, 3700, 3800, 5300, 6500, 7200, 7600, Nexus 7K, 5K, 2K, ASR 9K, and 1K.
Conducted maintenance tasks on Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers, Infoblox DNS, and Cisco ACI.
Handled F5 load balancers, including BIG-IP LTM modules and Cisco ACE 4710 Load balancers. Coordinated external penetration tests, from scoping to vulnerability remediation.
TECHNICAL SKILLS:
Routing: MPLS,, RIP-2, PBR, IS-IS, Route Filtering, Redistribution, OSPF, EIGRP, BGP Summarization, Static Routing
Switching: LAN, VTP, STP, Layer 3 Switches, Ether channels, Inter VLAN routing & Multi-Layer Switch, Multicast operations Transparent Bridging.
Network security: Cisco (ASA, PIX) 5510, Palo Alto, Juniper,
Load Balancer: Cisco ACE 30 load balancer,F5 Networks (Big-IP) LTM Module,
AAA Architecture: TACACS+, RADIUS, Cisco ACS
PROFESSIONAL EXPERIENCE:
UNITE HERE HEALTH, Chicago-IL Sep 2022 - Present
SENIOR NETWORK SECURITY ENGINEER
ROLES & RESPONSIBILITIES:
Worked on utilizing FortiAnalyzer and FortiManager for centralized logging, reporting, and configuration management, enhancing network visibility, analysis, and operational efficiency.
Demonstrated expertise in optimizing FortiGate firewalls for high availability (HA) configurations, load balancing, and failover mechanisms, ensuring continuous network
Worked with team to deploy advanced security components on FortiGate Firewalls, incorporating Intrusion Prevention Systems (IPS), Virtual Private Networks (VPN), and Web Application Firewalls (WAF) to bolster network asset protection.
Collaborated with compliance teams to ensure Fortinet solutions aligned with regulatory requirements and industry standards, such as GDPR, HIPAA, and PCI DSS.
Managing Large Palo Alto Firewall network including 50 remote offices, and three Data Centers using 5000, 500 and 200 series firewalls, Palo Alto Management Software Panorama.
Upgrading the code from Pan OS 7.1.X to 8.0.X. Experience working on Panorama M100. Migration from Cisco checkpoint to PA firewalls.
Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
Install, upgrade and configure Next-Gen Palo Alto Firewall series PA-500, 3000, 5000, 7000 and Installed Palo Alto PA-3060 Firewalls to protect Data Center.
Implemented CDN security features, such as DDoS protection and Web Application Firewall (WAF), to safeguard websites and applications.
Integrated Cisco Umbrella with the Secure Web Gateway to extend content and application filtering capabilities.
Used Palo Alto-specific tools and features to identify and mitigate network threats and vulnerabilities and actively monitored firewall and implemented necessary changes in configurations to optimize security and performance.
Worked with Cisco ACI fabric networks, including python automation. Worked on Great exposure to SDN and Network virtualization technologies like Cisco ACI
Managed Cisco ACI Tenants to provide isolated network within the ACI fabric, ensuring secure and efficient application deployment.
Configured GSLB through Akamai to distribute user traffic across multiple data centers, ensuring optimal resource utilization and high availability for failover mechanisms and enhancing network resilience.
Worked with the Application Virtual Switch (AVS) and Cisco Nexus 9000 series switches in the ACI fabric to provide network connectivity for virtualized workloads.
Proficiently designed, deployed and managed Cisco DNA solutions to modernize and optimize network infrastructure for increased performance and efficiency.
Implement switching protocols like VLAN, STP on Cisco 2900, Meraki and Nexus switches.
Worked with integration of Cisco ACI with SD-WAN and automate the WAN path based on the SLA configured.
Deployed and managed Juniper SRX series devices, including SRX300, SRX500 and SRX1500 for different environments.
Worked with team to develop the automation scripts using Juniper Junos PyEZ library to streamline configuration and monitoring tasks.
Configuring network segmentation and micro-segmentation using Cisco ISE, enhancing network security by isolating traffic based on user roles and device attributes.
Working on implementing WASS, SD-WAN and DNA center for entire enterprise network in datacenters.
Deployed and configured AWS Firewall to protect virtual networks and control access to applications and resources.
Implemented and managed routing protocols such as OSPF (Open Shortest Path First) and BGP (Border Gateway Protocol) to establish and maintain SD-WAN Viptela connectivity.
Utilized VIPTELA’s ZTP capabilities to automate the provisioning and configuration of SD-WAN devices at remote locations, reducing deployment time and errors.
Conducted failover testing within the DNZ to verify the resilience of the SD-WAN viptela infrastructure in case of link or device failure.
Experience in designing SD-WAN (Viptela) solution for Customer Networks.
Implemented AWS Elastic Load Balancing (ELB) to distribute incoming traffic across EC2 instances, improving application availability and fault tolerance.
Managed IAM policies and roles, ensuring secure access control and permissions for AWS resources and services.
Involved in managing vulnerability scanning and assessment programs on ISEC to identify and remediate security weaknesses in the network infrastructure and applications.
Worked with other teams on configuring and managing DHCP services using INFOBLOX, ensuring efficient IP address allocation, tracking, and compliance with network policies.
Hands-on experience in implementing routing protocols like OSPF and BGP on Juniper T Series routers for efficient Traffic distribution.
Using SNOW ticketing system to get track/update of the requests that are raised and in process.
Worked on Datacenter Fleet Migration project to migrate the existing 6509, 4509 devices to a Nexus 7010, 5010, and Nexus 2248 FEX based solution.
Configure and maintain various F5 load balancer modules like BIG IP 3900 GTM, BIG IP PB200, Viprion 4300, BIG IP 8900, BIG-IP 4200.
Deutsche Bank, NYC, NY Sep 2020 – Aug 2022
NETWORK SECURITY ENGINEER
ROLES & RESPONSIBILITIES:
Conducted Palo Alto advanced endpoint detection and response (EDR) activities using TRAPS to investigate security incidents and anomalies.
Worked on scripting and automation on Palo Alto to streamline routing TRAPS tasks, updates security policies, and improve operational efficiency.
Gathering information and co-ordinate with business before we migrate checkpoint to Palo Alto firewalls. Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices.
Integrated PA-7000, PA-5000, PA-3000 series dashboard with Panorama for centralized security policy management, enabling consistency across multiple devices and locations.
Implemented with WildFire, Palo Alto’s cloud-based threat analysis service enables the identification and prevention of unknown and zero-day threats through sandboxing.
Implemented Cisco Firepower NGIPS, Imperva WAF, OOB solutions, perimeter protection, DMZs
Implementing firewall rules using Palo Alto panorama, Fortinet smart dashboard, Provider- 1, Cisco CSM and Juniper NSM.
Explored CDN edge computing capabilities for executing code closer to end-users, reducing latency and enhancing the performance of dynamic web applications, CDN settings to optimize media delivery based on the viewer's device and network conditions.
Responded to Fortinet tickets, including incidents related to network security breaches, device issues, and configuration errors, with a focus on minimizing impact and restoring services.
Assisted with Fortinet product configurations, such as FortiGate firewalls, FortiManager and FortiAnalyzer, to align with security and compliance requirements.
Implemented Zero Trust Network Access (ZTNA) principles with FortiGate3810D and FortiGate3815 firewalls to ensure secure access control based on identity and device trust.
Worked on role-based access control (RBAC) and multi-factor authentication (MFA) for VPN users, enhancing Fortinet security while providing granular access control.
Worked on Service Now request tickets such as troubleshooting, maintenance upgrades, patches and solutions with all round technical support.
Created configuration on the SD-WAN to build IPSec Tunnels to the On-Premises Device and test Zero Touch Provisioning for Network Scaling.
Implemented advanced encryption techniques such as IPsec and TLS to secure data in transit across the SD-WAN viptela network.
Leveraged vAnalystics to gain real-time insights into network performance and security allowing for proactive issue resolution and optimization.
Configured Nexus 5020, 5548 7010 with multiple distribution VDC's running EIGRP for route propagation between the devices.
Worked on SDN and Network virtualization technologies like Cisco ACI.
Monitored Cisco ACI tools (Cisco Nexus Dashboard) to provide visibility into network health and performance and also implemented incident response and resolution.
Responsible for the secure development lifecycle for Cisco's Nexus line of products, including application Centric Infrastructure (ACI), Application Policy Infrastructure Controller (APIC).
Maintained and performed to upgrade Enterasys switch and Cisco switches (Nexus 9k, 7k, 5k, access layer switches.
Implemented Akamai's CDN to efficiently deliver web content, reducing latency, improving page load times, real-time analytics tools to monitor network performance, track user behavior, and identify potential bottlenecks.
Implemented ExpressRoute for high-throughput, private connectivity to AWS services.
Performed IOS Software upgrades on switches 6500, 3750 and 4500s and Cisco ASR for compatibility with Cisco ISE 1.0.3/1.0.4 setup.
Coordinated with security team to implement INFOBLOX with security information and event management (SIEM) systems for centralized monitoring and correlation of DNS-related security events.
Worked on reporting and documenting security incidents, facilitating effective incident response and post-incident analysis on ISEC environment.
Experienced in AWS services like VPC, EC2, S3, ELB, Auto Scaling Groups(ASG), EBS, RDS, IAM, Cloud Formation, Route 53, Cloud Watch, Cloud Front, Cloud Trail.
Collaborated with Application owner, Network Team, to migrate applications from Legacy NetScaler Load Balancer to New F5 BIG-IP Local Traffic Manager.
Diagnosed and resolved application performance issues by analyzing traffic flows, pool utilization and content delivery on F5 BIG-IP devices (BIG-IP 2000, BIG-IP 4000, BIG-IP 5000 series).
SWA, Dallas, TX Jan 2019 – Aug 2020
NETWORK ENGINEER
ROLES & RESPONSIBILITIES:
Worked on Cisco ASA/Palo Alto Firewall troubleshooting and policy change request for new IP segments that are either present in the network. Performed upgrade of Cisco ASA firewall.
Responsible for working on the vendor DMZ migration project to migrate various vendors on SRX/SSG firewalls to unified Cisco ASA device in our primary/redundant datacenters.
Experienced in reviewing and evaluating current and future design issues as required maintaining network integrity, efficient data flow. With Cisco ASA 5500 series firewalls.
Managing and maintaining Checkpoint firewalls, IPS/IDS, and Endpoint servers, PKI and network security network.
Actively monitored and managed Zscaler dashboards and reports to detect and respond to security events, anomalies, and potential threats.
Configure and troubleshoot Routing protocols such as OSPF and EIGRP for routing internally and BGP for external routing.
Worked on Global network WAN utilization reporting using Solar Winds, Capacity management and L4 WAN/LAN/WIFI Support escalations.
Worked on Riverbed devices for WAN bandwidth Optimization in the data centers for the sensitive.
Performing regular security assessments and audits of WAF configurations, ensuring they align with industry best practices and compliance requirements.
Involved in generating reports on network performance metrics to facilitate data-driven decision-making.
Performed scheduled Virus checks and updates on all servers and desktops.
Providing the operational support to Cisco Viptela SD-WAN technology and WAN technology.
Worked on upgrading Cisco ISE 3300 Appliances and 1.0.4 Cisco ISE software on VMware’s.
Used security groups, network ACL's, internet gateways and route tables to ensure a secure zone for organization in AWS public cloud.
Performed IOS upgrades on 2900, 3500 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP.
Worked on network-based IT such as Racking, Stacking and Cabling and Basic Experience working with APIs.
Experience in designing SD-WAN (Viptela) solution for Customer Networks.
Collaborated with IT teams to streamline user onboarding and offboarding processes within Zscaler Private Access, enhancing operational efficiency and security.
Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500series Cisco Catalyst switches.
HP, India April 2015 – Dec 2018
NETWORK ENGINEER
ROLES & RESPONSIBILITIES:
Maintained network performance by network monitoring analysis performance tuning and escalating support to the vendors.
Established the network specifications by conferring with users through analysing work flow, access Information, designing router administration, interface configuration and routing protocols.
Created network diagrams and documentation for design using documentation tools like MS VISIO.
Configured IPsec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800.
Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings As-Path.
EDUCATION:
Commerce and Science, Bachelors in Management, Pillai’s College of Arts, India.
Contact this candidate