Network Security Engineer
Resume:
SEKHAR
Email: ***********@*****.***
SUMMARY
A dedicated professional with 8+ years of experience in technology domain with specialization in Datacenter management and customer connectivity. Experience in configuring, optimizing and troubleshooting of complex network infrastructure which includes expertise at enterprise wide Routing, Switching, Network Security and Wireless domains.
Skills Overview:
Experience in Designing, configuring and troubleshooting, security policies, Modular Policy Framework, Routing instances, Zone Based firewalls and implementing different failover mechanisms on Palo Alto (PA 5020), Juniper, ASA 55XX&Checkpoint R77 firewalls.
Exposure to Wild Fire feature of Palo Alto.
Expertise configuring and monitoring Checkpoint firewalls through Smart Dashboard and Smart View Tracker Applications.
Migration of the firewall rules from Cisco ASA 55XX to Palo Alto firewalls using migration tool from PAN.
Implementing security policies using AAA, ACL’s, NAT, Policy NAT, PBF/PBR, Route-maps, Distribution lists and IPSec VPN’S on different series of routers and firewalls.
Strong knowledge on mitigation of DDoS attacks & SSL implementation on Cisco and Palo Alto firewalls.
Extensive knowledge on Fire Eye inspection.
Maintained and operated Bluecoat Proxy Manager and Reporter.
Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN).
Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600series routers and Juniper routers M320 and SRX series routers.
Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, IBGP,EBGP and ability to interpret and resolve complex route table problems.
Solid knowledge on Cisco ACE, Brocade and F5 Big-IP Load balancing (LTM & GTM) method implementation and troubleshooting.
Expertise in installing, configuring and troubleshooting Cisco 6500, Nexus 7K,5K and 2K series switches and Juniper EX Switches.
Migration of Cisco 6500 to Nexus switches in complex data center environment.
Configuring and Troubleshooting HSRP, VRRP, GLBP, HA protocols.
Expert level knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, Port Channel, VPC, STP, RSTP and Fabric Path.
Worked on network monitoring tools such as NMAP, Solar Winds, Wire shark (Ethereal) and Splunk.
Familiar in using wireless technology like Wi-Fi which uses radio waves to provide wireless high speed internet and network connections. Wi-Fi can apply to products that use any 802.11 standard (802.1, 802.2, 802.3, 802.5, 802.11(a, b, g, n, ac)).
Experience in installing and configuring DNS, DHCP and Forward proxy servers.
Extensive knowledge in manipulating network devices using PANOS, Cisco IOS, JUNOS and NX-OS.
Enterprise in network design and documentation using Microsoft Visio.
Decent knowledge on cloud concepts, web services, and APIs (Amazon Web Services (AWS), Open Stack).
TECHNICAL SKILLS:
Firewalls
Palo Alto (3020, 5020), Checkpoint (R77), ASA (5500 series), Juniper (Net Screen 204).
Network Security
ACL’s, MPF, IPSEC, VPN, Port Security, AAA and IDS/IPS.
Routing
OSPF, EIGRP, BGP, PBR, IS-IS, Redistribution, Summarization.
Routers
Cisco 76XX,72XX series, Juniper M320, T640, SRX series
Load Balancer
Cisco ACE 4710, F5 Networks (Big-IP) & Brocade Load Balancers
Switching
VLAN, VTP, STP, PVST+, RPVST+, MSTP, ISL, 802.1q, Inter VLAN routing; Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging
Switches
Cisco 65XX, Nexus 6K, 5K and 2K series and Juniper EX
CISCO ACS Server
RADIUS, TACACS+, and Digital Signatures.
LAN
Fast Ethernet, Gigabit Ethernet.
WAN
Frame Relay, AVPN, MPLS, SSL.
Various Features & Server
PANOS, IOS, JUNOS, NX-OS, HSRP, GLBP, VRRP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, LLDP and FTP Management.
Tools
Wire Shark (Ethereal) & NMAP.
Reports
Microsoft (Visio pro.), Checkpoint (Smart View)
Operating Systems
Windows, Linux (RHEL 7) and Unix
EDUCATION:
Bachelors in Electronics and Communication in PVP Siddhartha institute of technology, Vijayawada, ANDHRA PRADESH
WORK EXPERIENCE:
Charter Communications, Centennial, CO April 2016 - Present
Role: Network Security Engineer
Responsible for firewall rule set migration from Cisco ASA to newly implemented Palo Alto.
Worked with Palo Alto firewalls PA3020, PA5020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
Configuring rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools.
Centrally managed all Palo Alto Firewalls using Palo Alto Panorama M-100 management server.
Upgrade of Juniper firewalls and management servers from SRX 110 to SRX 5400.
Experience with Firewall migrations from PIX firewall to Cisco ASA, Juniper SRX firewall appliances and McAfee proxy servers.
Worked on F5 VIPRION4800 series BIG IP devices, configured VIP’s with HTTP/SSL profiles, pools, configured I Rules and ensured high availability.
Worked on Fire Eye for inspection of common attacks that enter our network.
Configure policies on the Bluecoat VPM, local database and PAC files to filter the traffic flow by creating custom rules, URL filters (PAN-DB) and routing policies.
Worked on ASA 5585 firewalls configuration and Implementation for the network security.
Build and configure Active/Standby Failover on Cisco ASA with state full replication.
Troubleshoot, conduct scans and assess Network issues, then patch vulnerabilities and mitigate DDoS attacks and other.
Responsible for design and administration of complex network consists of Cisco7600series routers, Nexus7K, 5K Series switches.
Used NX-OS to manage Nexus switches.
Implementing Open Shortest Path First (OSPF) manipulated routing updates using route-map, distribute list and administrative distance.
Extensive knowledge in configuring and troubleshooting Layer 3 Routing protocols such as IGRP, EIGRP,OSPF, ISIS and BGP (IBGP, EBGP) and layer 2 protocols such as VTP, STP and RSTP.
Provided redundancy configuring BGP multi-homing using dual ISP links.
Worked on Most modern high level NAC offer the ability to link in with many of these other systems and work in unison with them.
Monitoring links and configuration management using Solar Winds and NMAP.
Created Network connectivity diagram using Microsoft Visio.
Experience in enabling secure remote access to virtual desktops and applications Citrix Access Gateway.
Installation of Centos and/or RHEL (Red hat Enterprise Linux) 5.X.
Used Palo Alto Dashboard to monitor servers and status of firewalls.
Client: Tucson Electric Power, Tucson, AZ Jan 2015- Feb 2016
Role: Network Security Engineer
Responsibilities:
Expert level knowledge in OSI model, in depth knowledge and hands on experience on IPV4Addressing, VLSM, ARP, reverse ARP, proxy ARP and ICMP Concepts.
Administer and diagnose LAN and WAN with in-depth knowledge of TCP/IP protocol stack.
Responsible for Cisco ASA 5500 firewall administration, Rule Analysis, Rule Modification.
Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments. Involved in the redistribution into OSPF on the core ASA firewall.
Installation and administration of Checkpoint R 77 Firewall.
Served as customer-facing voice for Cisco clients, addressing complex technical issues. Provided technical support with focus on finding solutions for customers with Cisco VoIP products.
Experience with convert checkpoint VPN rules over the cisco ASA solution & Migration with the checkpoint and cisco ASA VPN experience.
Datacenter experience creates new cable run list (L1), document runbook and Solution planning and upgrading, ACI and ASA cluster firewall with NAC, ISE.
Strong knowledge in F5 load balancer configurations and migrating from Cisco ACE to F5.
Used Solar Winds tool for Network Management, Network Monitoring, Server Monitoring, Band width Analysis.
Palo Alto installation (Application and URL filtering, Threat bar, information Filtering).
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.
Migrated user data (non-PST/media) to datacenter for consolidated storage and management. Develop and maintain Regional storage and virtual storage architecture.
Provide engineering support in troubleshooting and solve complex Infrastructure as a Service (laaS) cloud platform datacenter infrastructure.
Installed and configured VMware ESXi 4.1u1 on 120 Cisco UCS 210 M2 hosts in 4 datacenters during a 5 week timeframe.
Experienced in troubleshooting Juniper MX and QFX which can be deployed as spine, core or aggregation devices and JunOS Fusion architectures.
Novartis Pharmaceuticals, Parsippany, NJ April 2013 – Dec 2014 Network Security Engineer
Responsibilities:
Worked on the migration to new Checkpoint R77 Firewalls from Juniper Firewalls.
Creating a rule on the checkpoint firewall for a NAT (used ACLs to block unauthorized users) to the VLAN IP and allowing the IPSec traffic.
Configured Juniper M320 routers and T640 routers.
Plan and implement Juniper Net screen 204 firewalls.
Configured and maintained Juniper SRX 210,220,240,650 routers.
Installing and configuring Checkpoint NG R55&NGX R60.
Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
Monitoring and maintaining LAN/WAN networks using Snort and sniffer trace.
Design and Implement Remote access VPN server using Checkpoint NGX R55 & Cisco ASA 55xx.
Completed FDA 21 CFR Part 11 compliance assessments of laboratory and manufacturing systems. Performing gap analyses and risk assessments (GMP, GLP, GCP, FDA 21 CFR Part 11).
Developed and tested FDA compliance requirements pertaining to CFR 21 part 11 and 508 compliance. Shadowed and evaluated by former FDA Investigator during GMP audits as part of the qualification process.
Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Big IP F5 Load Balancer experience: setting up, monitoring and configuring F5 load balancer (using LTM & GTM).
Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
Time to time upgrade network connectivity between branch office and regional office with multiple link paths and routers running HSRP, EIGRP in unequal cost load balancing to build resilient network.
Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec to get VPN.
Used DHCP to automatically assign reusable IP addresses to DHCP clients.
Implement ACLs and authenticate (EIGRP, BGP) to ensure high security on the network.
Used JUNOS to configure, manipulate and monitoring all Juniper network devices.
Used Checkpoint Smart View to monitor checkpoint firewall status and maintenance.
Office Depot, Naperville, IL Jan 2012 – Feb 2013
Network Infrastructure Engineer
Responsibilities:
Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
Worked with snipping tools like Ethereal (Wire shark) to analyze the network problems.
Hands on Experience working with security issue like applying ACL's, configuring NAT and VPN.
Configuring and analyzing ASA firewall logs.
Testing various BGP attributes like AS Path, local preference, MED, Weight and replicated customer issues in the test environment.
Spearheaded meetings & discussions with team members regarding network optimization and BGP issues.
Perform advanced troubleshooting, diagnostics and provide tier/level-1 solutions to network failures.
Network Migration from RIP to OSPF.
Conversions to BGP WAN routing which converts WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new WAN links.
Support customers with the configuration and maintenance of ASA firewall systems.
Installed and configured CISCO PIX 525 and 535. Routing changes to upgrade from ASA to Palo Alto in HA.
Troubleshoot and resolved dynamic routing, Ethernet switching and host connectivity issues in a window and network environment.
Develop, plan and maintain documentation necessary for operation in support of LAN to WAN connectivity.
In-depth knowledge and experience in WAN technologies including T3, T1, MPLS and Frame Relay.
Implemented VTP and Trunking protocols (like 802.1q and ISL) on 4500 switches.
Installation, Maintenance, Troubleshooting Local and Wide Areas Networks
Configured STP for loop prevention and VTP for Inter-VLAN Routing.
Used Solar winds to monitor networks and troubleshooting.
Troubleshoot TCP/IP problems; troubleshoot connectivity issues in multi-protocol Ethernet, Environment.
Troubleshoot connectivity issues in multi-protocol Ethernet, Environment.
Growic Technologies, India Oct 2010 – Sep 2011
Network Support Engineer
Responsibilities:
Configuration of VLAN setup on Cisco switches 4500, Cisco routers 3900 and 3800
Worked on LAN technologies like Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, 802.1Q and troubleshooting Wi-Fi Networks.
Troubleshooting critical network links by coordinating with the vendor and various LAN/WAN technologies issues for internal and external clients.
In-depth knowledge of TCP/IP, PPP, ISDN and performing multiple debugs on the routers to analyze the problems with the VOIP configurations.
Experience with wireless technology 802.11x and knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN’S, VTP, Ether channel, and STP.
Configuring Static routing, Dynamic Routing, Port Trunking, Port Lagging on Cisco Routers.
Knowledge of IPV4 sub-netting and troubleshooting of DNS and DHCP IP conflict problems.
Maintaining and updating inventory of all network hardware of devices with SNMP and expertise in L3 Routing Protocols like OSPF, EIGRP and BGP.
Serco Global Services, India Oct 2008 – Aug 2010
Jr. Network Engineer
Responsibilities:
Day to Day Network operations and handling escalations.
Worked with the basic communication protocols like TCP/IP.
Designing Network layouts, subnets and IP addressing schemes and models.
Installed and Configured Cisco Router, Switches and Voice Gateways as per design Build
Configured BGP Multi- Homing for Resilient Internet architecture with dual ISP’s.
Provide specialist skills in supporting and troubleshooting network problems and
Emergencies
Secure Network Systems by establishing and Enforcing Policies, defining and Monitoring Access.
Configured & managed services on Windows platform (DNS, DHCP, and Proxy).
Responsible for implementing, engineering & level 2 support of existing network technologies / services & integration of new network technologies/services.
Contact this candidate