Nissar Ahmad Sheik

ac0kso@r.postjobfree.com

267-***-****

SUMMARY:

Network Security Engineer with 7+ years of professional experience in field of Network engineering, performing Network analysis, design, Implementing, capacity planning with focus on security, performance tuning and support of large Networks.

Extensive Knowledge on the implementation of Cisco ASA 5500-X with Firepower Service, Checkpoint R75 firewalls, Juniper SRX series Firewalls and Palo Alto Network firewall (5060, 3050).

Experienced on working with Palo Alto Next Generation firewall (5060, 5040, 3060, 3020) for URL filtering (PAN-DB), Anti-virus, IPsec, VPN, SSL-VPN, IPS, Log Management, Zone Security, Threat prevention.

Knowledge on Panorama, Wildfire and its implementation in Palo Alto.

Experienced in creating Virtual Servers, Pools Members, Nodes, Profiles and Policies in firewalls.

Expertise on executing Network assessments, Network scans and Vulnerability assessments.

Good understanding on Vulnerability assessment tools like Qualys, Nessus and Web Inspect.

Expert in deploying BIG-IP F5 (LTM, GTM & ASM solutions) & Cisco ACE 4710 for load balancing and traffic management of business application.

Worked on Tufin - SecureTrack to optimize firewalls for better performance.

Extensively worked on Algosec for firewall rule analysis and firewall rules cleanup.

Proactively monitored network health for customers and corp. network via SIEM (Security Information and event Management) tools such as Solarwinds, Infoblox, NetFlow, ThousandEyes, Wireshark and Nagios.

In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture.

Experience on Risk and Vulnerability assessment, Symantec Endpoint Protection, VPN, Content filtering and security tools.

Worked on Deploying, Upgrading and Configuring Citrix NetScaler VPX.

Provided support for anti-DDOS mitigation systems, threat sandboxing and other anti-threat technologies.

Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX3200, EX4200, EX4500, EX8200) series.

Experience with configurations and concepts of Access Control lists, network/port address translation, VRFs, and VPN’s (Virtual Private Networks).

Extensive understanding of the Application Security Manager (ASM) technology.

Strong hands on experience in installing, troubleshooting, configuring of Cisco 7200, 3800, 3600, 3400, 2800, 2600, 2500, 1900, 1941, 1921 and 1800 series Routers, Cisco Catalyst 6800, 6807, 6500, 4500, 3750, 2950, 2960 and 3500XL series switches & Cisco Nexus 7K, 5K & 2K Switches.

Configuring and maintaining VPC’s and VDC’s in 6509 and 4900 Switches and Fabric Path.

Implementation of HSRP, VRRP and GLBP for Gateway Redundancy and its troubleshooting.

Working knowledge of VMware deployment and implementation.

Expert level knowledge of troubleshooting, implementing, optimizing, maintaining and testing on routing protocols such as EIGRP, OSPF, IS-IS, BGP and ability to interpret and resolve complex route table problems.

Solid knowledge on implementing NAT/PAT, ACL & VPN Concentrator.

Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, PVST, STP, RSTP, RPVSTP and MVST.

In-depth knowledge and hands-on experience on IP Addressing, Subnetting, VLSM, DNS, DHCP, ARP, reverse & proxy ARP, ping Concepts.

Performing network administrative tasks such as creation and management of VLANs, port security, trucking, RPVST, Inter-VLAN routing and LAN Security.

Application migration requiring network layer2 and layer3 updates to the transport switching and routing infrastructure in Spine-leaf fabric configurations.

Experience with IPS, vulnerability assessment and mitigation, event collection and correlation, auditing, cryptography, cloud service provider integration, data loss prevention and identity and access management.

Efficient at use of VISIO, Office for technical documentation and presentation.

TECHNICAL SKILLS:

Networking Concepts

OSI Model, TCP/IP, UDP, IPV4, IPV6, VLSM, DHCP

Routing Protocols

BGP, Static Routing, Dynamic Routing: RIP, IGRP, EIGRP, OSPF

Firewall

Palo Alto, Cisco ASA Firewall, Checkpoint

Load balancers

F5 (Big-IP)

LAN Technologies

Ethernet, Fast Ethernet, Gigabit Ethernet, Port-channel, VLANs, VTP, STP, RSTP, PVST, MVST, 802.1Q, Port security.

WAN

Frame Relay, MPLS, leased lines, GRE, MGRE, VPN, DMVPN

Redundancy Protocols

HSRP, VRRP, GLBP,

Authentication servers

TACACS+, Radius, AAA

Security

IKE (ISAKMP), IPSec, SHA-2, PSK, SSL-VPN

Languages

PANOS, IOS, NX-0S, JUNOS, C, MATLAB, HTML, Python

Operating System

Windows7/8/10, Linux

Tools

Wireshark, TCP dump, Solarwinds.

Network Security Engineer

Washington Mutual Bank – Seattle, WA Aug 15 to Present

Responsibilities:

Experience in configuration of network and security devices (Palo Alto Network Firewall 5060, 3050) and features such as log forwarding, Authentication profiles (LDAP, Radius, Tacacs+ and Kerberos), Security profiles (URL Filtering, Vulnerability, Antispyware, Antivirus, Data filtering, File blocking, Vulnerability protection, Zone Protection and DoS Protection).

Extensive knowledge on IPS, IDS, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS, and SSL certifications.

Experience with working on Palo Alto using centralized management GUI PANORAMA for logging sessions, creating reports and managing different firewall devices.

Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks and to have Threat Prevention, Data Filtering.

Implemented Zone Based Firewalling and Security policies on the PaloAlto Network Firewalls.

Performing Centralized configuration, Centralized logging and reporting & Centralized deployment management using Panorama.

Worked on VPN configuration, Certificate generation, High availability and creating SSL Decryption policy rule.

Performing regular security audits, Clean ups, Policy changes, detecting and preventing zero day attacks using Wildfire.

Configured Palo Alto to connect with Wildfire cloud to prevent Zero day attacks.

Performing risk assessment and network and security configuration optimization (using Nessus, NMAP, TCP dump, Wireshark/Ethereal).

Captured miscellaneous packets by configuring span port and analyzed the using WIRESHARK.

Extensively implemented and maintained intrusion detection/ prevention (IDS/IPS) firewall system to protect enterprise network and sensitive corporate data. IDS/IPS signatures are configured in Firewall for TCP and UDP fine tuning.

Hands-on experience with all phases of firewall and network operations, firewall change requests, firewall configuration, network services, and network security.

In-depth knowledge of TCP/IP and communication protocols. Knowledge of IPSec, GRE tunnels, multicasting and traffic balancing techniques essential.

Configure and administer Cisco ISE (Identity Services Engine), includes deployment, centralized control, accessing vulnerabilities and apply threat intelligence.

Configuration of ACLs in Cisco 5540 series ASA firewall for Internet Access requests for servers in LAN and particular DMZ and also for special user requests as authorized by management.

Performed variety of core network enhancements, remote/on-site troubleshooting, migrations and upgrades, operation and maintenance IP/MPLS backbone network.

Design, implement and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, STP, 802.1q, etc.

Experience in Network monitoring tool Solarwinds to detect and block security threats, manage device configurations and track changes, automate software updates to server and workstations and perform endpoint device tracking and switch port usage.

Configured and did the troubleshooting in Security policies, NATs, QoS, Policy based forwarding, Application-Override, DoS Protection, Static routes, OSPF and BGP.

Extensive experience of design, implementation and use of load balancers BIG-IP F5, 3-DNS, optimize and control network traffic.

Implemented Site-to-Site VPNs over the internet utilizing 3-DES, AES/AES-256 with ASA Firewalls.

Perform routine security infrastructure testing and evaluations to identify challenges within our infrastructure and develop a plan to remediate them.

Ensuring level 3 support responsibilities with the server administrator for servers, desktop systems, enterprise systems, communications hardware, software, and office systems.

Supported layer 2 securities implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking and deployed port security when possible for user ports.

Monitor LAN equipment for performance issues, abnormal usage, errors or resource issues Full Command in Inter-VLAN Routing.

Experience of implementing SNMP on various devices, allowing for network management.

Prepared equipment orders based on templates. Developed detail template-based plans including implementation, testing and back out procedures for all network implementations, upgrades and modifications.

Assisted in creating network design standards for hardware and software for a network with 720+ switches.

Network Engineer Jan 14 to July 15

Jet Support Service, Inc- Chicago, IL

Responsibilities

Expertise in Configuring, Monitoring and Troubleshooting Palo Alto 5040 and 3020 firewalls to ensure threat prevention, URL filtering and data filtering

Designed and implemented security systems including various Interfaces, Routes, Policies, Context-Based Access Control, Network Intrusion Detection Systems, AAA Secure Access Control Server (Radius/TACACS+) and Linux syslog servers and operated IPsec VPNs.

Secured network from attacks by monitoring of network traffic, managing and DDoS Mitigation System, Cisco MDM & risk and Vulnerability Assessment (VA).

Monitored and analyzed Intrusion Detection Systems (IDS) & Intrusion Prevention System (IPS) to identify security issues for remediation.

Configured and installed the Palo Alto Firewall pair in High Availability mode as Active/standby and managed through the management port.

Configuring ASA firewall for NAT (PAT) to enable remote access for sites by implementing port redirection and enabled redistribution of OSPF.

Provide architectural and technical leadership for network security design, implementation and maintenance of security infrastructure.

Managed internal regional IP pools, registrations of public IP and communicate with Internet transport providers.

Involved in design and implementation of Data Center Migration, building new datacenter from ground up, expanding, decommissioning Data Centers.

Building nexus switches from ground up, installing VCDs and VPCs in Catalyst switches (6509, 4900).

Performed variety of core network enhancements, remote/on-site troubleshooting, migrations and upgrades, operation and maintenance IP/MPLS backbone network.

Hands on experience with Sumo Logic a cloud based log management and analytics service.

Provided network consultancy in methodologies and design considerations for optimized security of IP Backbone Network setup and configuration, maintenance, operations and support.

Monitored and maintained networking equipment, ensuring availability and performance of the backbone network infrastructure and all related internetworking devices like routers and switches.

Hands-on experience in handling and supporting complex BGP routed network infrastructure (perimeter) that include Route-maps, community string, AS-Path, local preference, Inter VRF communication across multiple ISP's and OSPF (IGP) with multiple area types.

Worked on FireEye for inspection of common attacks that enter our network, administration of firewall and security aspects.

Managed core network back-up and restoration, Disaster Recovery Plan (DRP).

Experience in troubleshooting various WAN technologies like Frame-Relay, MPLS, T1, DS3.

Network Engineer

Innovative Network Solutions - Waltham, MA Feb 13 to Dec 13

Responsibilities

Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA 5585, Cisco PIX firewall, and Check Point 5k series firewalls.

Configured authentication Protocols (Radius and TACACS+) for cisco ASA firewalls.

Good understanding on Kerberos (authentication protocol).

Worked on migrating from Cisco ASA 5540 to Cisco ASA 5585.

Configuring failover of CISCO ASA 5585 in Active/stand-by mode.

Provided Layer 3 network support for cisco switches and Cisco ASA 55XX series security appliances.

Configured site-to-site IPSec VPNs over Frame-relay and MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures.

Configured GRE tunneling, MGRE, IPSec between the edge routers as needed by the infrastructure design requirements.

Performed VPNv4 configuration and troubleshooting using various IPSec and SSL-VPN technologies.

Instigated GRE (IPSEC VPN) for encrypting and authenticating the data in design of secured channels.

Troubleshooting IP, TCP, UDP, IPV4 packets in WIRESHARK.

Hands on in implementing NAT (Static and Dynamic) and PAT (dynamic NAT overloading).

Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.

Configuring Routing Protocols such as Static, Default, Dynamic: RIPV2, EIGRP, OSPF, ISIS.

Experience on designing, configuring, authenticating and troubleshooting in complex BGP (IBGP and EBGP) and OSPF (multi area), EIGRP (varying the metric) routing problems.

Implemented redistribution between BGP, EIGRP, and OSPF.

Expertise in implemented Security Policies using ACL (packet filtering firewall) by creating objects and object groups.

Configured VLANs with 802.1q encapsulation for various network groups.

Expertise in configuring port security by assigning protect, restrict and shutdown modes.

Jr. Network Engineer

Capgemini - Hyderabad, India Nov 11 to Dec 12

Responsibilities:

Delivered high-quality IT solutions by designing and deploying cost-effective, high performance LAN, WAN connectivity. Configured Cisco Routers (2600, 3600) using RIP, IGRP, OSPF, EIGRP protocols.

Ex-Cisco - 2950, 2960G, 3550, 3524, 3548, 3750, Nortel-Bay stack - 420,425, Nortel 2526T-PWR, Nortel 5510-24T.

Installed and configured DHCP Client/Server.

Cisco IOS Installation & Up gradation on L2 Switches with Latest IOS.

Configure two locations through wireless access point.

Monitoring Public connectivity, Traffic & Bandwidth.

Inventory & Stock Maintain for Spares (Switches, cables, Fiber optic cable).

Quarterly & Half yearly perform Network health check-up.

Extensive experience of design, implementation and use of F5 load balancers, BIG-IP, 3-DNS, optimize and control network traffic. Also for cisco ACE load balancers too.

Provided support/troubleshooting for Intel, UNIX, and Network environments.

Supported Intel server technologies, including Windows NT & 2000, 2003, 2008, 2012 & OS/2

Had a good hands-on experience with cisco 6509 Series Cisco Switch with VLAN's for different departments.

Implemented VTP and trunking protocols (like 802.1q and ISL) on cat 3560, 3750 and 4500 switches.

Hands on experience working with Cisco Nexus 7K Switches.

Supporting wide range of products from Cisco Systems, Troubleshooting of Routers, Switches, Leased line.

Plan layout & installation of Local Area Network and configuration of DNS and DHCP.

Configured and Implemented Frame Relay for WAN connectivity. Troubleshooting issues related to Frame relay networks.

Provided users and network operations personnel with LAN and WAN technical support.

Systems Engineer

Sutherland Global Services - Hyderabad, India June 09 to Sep 11

Responsibilities:

Experience in Cisco switches and routers configurations: Physical cabling, IP addressing with subnetting concepts, supported WAN configurations.

Designed the IP addressing scheme using VLSM (CIDR) and configured IP addressing. Performed activities such as initial user account creation, established LAN connectivity, internet connectivity, file and resource sharing management, FAX and email service setup.

Supported in plan, design, installation and configuration of LAN (IEEE 802.3) as per organizational / client requirements, governed by communication protocols.

Expanded LAN to accommodate 200 plus users. Coordinated installation and repair work.

Diagnosed and corrected clients network related issues.

Created and designed VLANS for different network access levels using VTP with 802.1q trunk encapsulation on Fast-Ethernet and Gigabit Ethernet channels between switches.

Configured Inter-VLAN routing, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.

Implemented dedicated VLAN ID for all trunk ports, set the user ports and deployed port security when possible for user ports for layer 2 security.

Worked on Cisco 2500, 2600, 2800 series routers and 1900, 2900 series switches.

Replaced outdated Cisco switches and routers in existing Data center and installed new Cisco switches and routers including migration of 2500 to 2600 series router.

Configured the remote switches in a network using Telnet and SSH sessions.

Provided testing for network connectivity before and after install/upgrade.

Involved setting up the TFTP server for backing up the IOS images and configuration files of Cisco Routers and Switches and troubleshooting the file servers.

Troubleshooting Cisco hardware: Inspected devices, Read device LEDs, loose connections, cards, interior IOS upgrade, switch configuration usage of Visual Switch Manager, switch port configuration, port monitoring. Monitoring Flooding Control at specific ports.

Installed Hard disks, Floppy drives, CD Drives, Sound Blaster cards, CPU, Memory, Power supply unit, Network card, Video graphics card, Hard disk controller card on PC systems.

Monitored wireless network for efficiency and maintenance issues.

Setting up the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.

Contact this candidate