Security Engineer
Resume:
**********@*****.*** Spandu 972-***-****
PROFESSIONAL SUMMARY
Network Security Engineer with 3 + years of Experience.
Implementation, Configuration and support of Checkpoint (NGX R65, R70 and R71) and Cisco based Firewalls (PIX, ASA5585X, 5525X, 5540, PIX 535, 3000 Series).
Implemented and Configured Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
Design and implement firewall rules in Palo Alto firewalls.
Experience with Bluecoat Proxy and VPN Technologies including B2B and Remote.
Experience in IP Routing and troubleshooting with RIP, BGP, OSPF, EIGRP and MPLS.
Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
Experience working in Enterprise scale Security implementations with hundreds of security gateways segmented through multiple DMZ, Perimeter and External zones with Heterogeneous network/security appliances.
Experience in Network Security like creating Access Lists (ACL), NAT.
IDS and IPS event management using CSM including signature updates for SSM Modules, IDSM.
Experience with Firewall migrations from Cisco ASA to Palo Alto firewalls.
Involved in Data center migration including subnet migration, VPNs migration, and network and security device configurations.
Strong at Command line troubleshooting of Security Appliances.
Experience with handling DNS and DHCP servers.
Experience with secure file transfer server applications.
Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic basis.
Implementing Microsoft windows infrastructure components such as Active directory, Domain Controller, and DHCP.
Experience in virtualization technology Infrastructure using VMware 5.x.
Expertise in configuration/administration of Cisco Nexus 5K/7K series.
Configuring and managing Blue Coat Proxy Servers.
Assist in the development and delivery of automation, monitoring and event correlation.
Black listing and White listing of web URL on Blue Coat Proxy Servers.
24 x 7 on call support.
Technical Skills
Hardware
Palo Alto PA-5060/2050 Cisco ASA Firewalls including ASA 5585, 5550, 5540 and Cisco Core, distribution and access layer network devices including 7200, 3800, 3600, 2800, series routers, Cisco Catalyst switches including 6513, 6509, 4948, 3750G, 3560G, 3548, 2960G. Tuffin Secure Track for Policy Optimization.
Network Topologies
TCP/IP and OSI Communication Layer, DS3, MPLS, Frame Relay, ATM, LAN and WAN routing protocols, including RIP, EIGRP, OSPF, BGP network service protocols and standards Active Directory LDAP, Radius, Tacacs, DNS, DHCP, NTP, SNMP etc. as well as network redundancy protocols including VRRP, HSRP (Hot Standby Routing Protocol)
Operating System
Checkpoint R65, R70, R71, R75. Juniper Screen OS 6.X, NSM 2007, 2010,2011,2012 CentOS, JunOS 11+VS, ASA 7.X, 8.X, Nokia Voyager IPSO 4.x, 6.x, CSM 4.X, ASDMMS Windows 7, Vista, XP, Server 2000, 2003, 2008 Mac OS-X, Linux-Red Hat.
Security Topologies
Configure and support secured Firewalls for corporate network at layer 2 (transparent mode) layer 3 (Routed mode), using various platform specific hardening procedures e.g.: DMZ configurations, Access lists, Application inspection, NAT, reverse path verification etc. Cisco IDS (Intrusion detection system) and IPS alert management, Vulnerability Scan using Nessus, Bluecoat proxy server, building secure IPSec Remote/Site to Site VPN connections using strong encryption.
Methodologies
Waterfall, Agile (XP, Scrum)
Network Tools
Wireshark, Ethereal, Cisco Works, Net flow Analyzer, Solar winds.
Additional Skills
MacAfee, Malwarebytes, Using Packet Tracing and Packet captures on firewalls. Troubleshooting of Point-to-Point WAN Circuits, Frame Relay, ATM, and MPLS. VLAN configurations, 802.1q trunking, and spanning tree, VTP, IP Subnetting, NAT, IPsec based VPN, IPsec VPN Tunnels, VOIP, DNS, DHCP, ADS, Exchange 2000, IIS, SNMP V2, load balancing and high availability. Packet level troubleshooting using sniffer tools like Ethereal, Packet capture tools using ASA Firewall CLI, ASDM and CSM etc.
DESIGNATION: Network Security Engineer (April 2016 – Till Date)
CLIENT: AT & T, Dallas, Texas
Responsibilities:
Data center migration including Subnet migration, VPNs migration, Network and Security device configurations.
Migration activities involving old infrastructure to be revamped with new infrastructure having minimum effect to the production.
Management and administration of Juniper SRX/SSG and ASA 5585/5550 Firewalls at various zones including DMZ, Extranet (Various Business Partners) and internal.
Successfully installed Palo Alto PA-5060 firewall to protect data center and provides L3 support for routers/switches/firewall.
Configuration and Administration of Palo Alto PA-5060/2050 Firewall.
Palo Alto design and installation, which includes Application and URL filtering Threat Prevention and Data Filtering.
Hands on experience in configuration of Cisco ASA 5000 series firewalls and experience with checkpoints and Fort iGATE.
Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static and Hide NAT's.
Configuration and administration of F5 LTM load balancer.
Deploying Cisco ASA and Bluecoat ProxySG S-500 (Web Security Appliance) S170 for URL Filtering Policies.
Experience with creating firewalls policies and rules as requested and analysis of traffic flow.
Isolating security for various customers by creating VRF’s.
Perform Advanced NAT Operation including Static NAT, Identity NAT; Policy based NAT etc. for third party connections.
Implemented configuration back-ups using winscp, cyber fusion to automate the back-up systems with the help of public and private keys.
Network based IDS/IPS event management and Signature Updates and making sure the false positives are filtered and investigate the critical alerts based on Source, Destination and Service.
Decommissioning of firewall and implementing it on another firewall vendor.
Build Site to Site IPsec based VPN Tunnels between various client and business partner sites and Clustering.
Design and Implement New Firewalls in the network as per client requirements. Perform Firewall upgrades and support.
Experience in configuration of Bluecoat Proxy servers, authentication solutions, IDS/IPS servers.
Firewall policy cleanup using firemon and Optimize firewall rule base and database. Reorder rules for optimal firewall performance.
Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
Troubleshoot connectivity issues and Monitor health of the firewall resources as well as work on individual firewall for advanced troubleshooting.
Configure Syslog server in the network for capturing the log from firewalls.
Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco PIX and ASA Firewalls.
DESIGNATION: Network Security Firewall Engineer (July 2013 to March 2015)
CLIENT: Hewlett Packard, India
Responsibilities:
Day-to-day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
Configure and administer Cisco ASA Firewalls (5585, 5550, and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for Stateful replication of traffic between active and standby member.
Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
Experience on ASA firewall upgrades to 9.x.
Configured Panorama web-based management for multiple firewalls.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
Use Tools such as Tufin for Firewall Policy optimization and rule base Clean up.
Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
Understand different types of NAT on Cisco ASA firewalls and apply them.
Firewall policy provisioning on Fortinet Fort iGATE appliances using FortiManager.
Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
FWSM configurations in single/multiple context with routed and transparent modes.
Support Data Center Migration Project involving physical re-locations.
24 x7 on call support.
EDUCATION:
Master’s Degree in Electrical Engineering(April 2015 to August 2016)
Courses: Computer Networks, Algorithms, Software Engineering, Database Design, Distributed Operating Systems, Intelligent Database systems.
Project: Worked on Bad Data Injection and defense in electricity market using game theory. Simulated a smart power grid system which initiates recovery mechanism after an intruder enters into system and disturbs the running of entire power flow. Implemented, designed simulations and operation console. Load estimations using Nash game theory.
Bachelors in Computer Science
Jawaharlal Nehru Technological University
Contact this candidate