Engineer Security
Resume:
PROFESSIONAL SUMMARY
*+ years of professional experience with specialization in Datacenter management. Experience in network designing, implementation and troubleshooting of complex infrastructure which includes firewalls, routing and switching on enterprise networks.
Skills Overview:
•Expert level Knowledge in configuring and troubleshooting of Palo Alto PA 3020, 5250 Juniper SRX-550, SRX-220, ASA 55xx, Checkpoint R77 firewalls.
•Experienced in Migration from Checkpoint to Juniper and Cisco ASA Firewalls to Palo Alto.
•Worked with CISCO ASA content security and control Security Services Module(CSC-SSM) and Advanced Inspection and Prevention security Service Module(AIP-SSM).
•Expert level knowledge in Palo Alto Network Security Device Configuration of Security Rules, QoS Rules, User ID agents, Packet Capturing and analyzing logs using various tools like NMAP, Solar Winds, Wireshark,Qradar and Splunk.
•Experience in maintaining of Check Point Firewall in a Distributed Deployment and High Availability Redundancy Scenario.
•Proficient in implementation of filters using standard and Extended access-lists,Time-based access-lists, Route Maps.
•Good knowledge on Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), Security Information and Event Management (SIEM).
•In-depth understanding in implementing and configuring F5 Big-IP LTM and GTM of Load Balancers.
•Configuring of Virtual Servers, Pools, Nodes and balancing methods SSL offloading, Cert management and Troubleshooting experience on F5.
• Working Experience on web content filter and gateways like Bluecoat proxy manager and Reporter.
•Strong knowledge of TACACS+, RADIUS and AAA Authentication servers.
•Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
•Experience in configuring routing protocols and deployment of OSPF, EIGRP, BGP and policy based routing over routers from different vendors.
•Extensive knowledge in network designing, including Wide Area Networking (WAN), Local Area Networking (LAN), Multiple Protocol Labeling Switching (MPLS)..
•Actively worked on Switching tasks that includes VTP, ISL/ 802.1q, Ether Channel, Port Security, STP and RSTP.
•Strong hands on experience in installing, configuring and troubleshooting of Cisco 7600, 7200, 3900, 3600 series routers, Cisco Catalyst and Nexus series switches.
•Hands on Experience in Linux administration and AWS basics.
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
TECHNICAL SKILLS
Networking Concepts
OSI Model, TCP/IP, UDP, IPV4, IPv6, Subnetting, VLSM
Routing Protocols
RIP, IGRP, EIGRP, OSPF, BGP, Static Routing, Route Filtering, Redistribution, Summarization
Gateway Load Balancing
HSRP, VRRP, GLBP
Infrastructure services
DNS, ICMP, SNMP, ARP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP
Switch Technologies
VLANs, VTP, STP, RSTP,PVST+, DTP, MLPPP, IEEE 802.1q, MPLS, ISL and dot1q, SMTP, VLAN, Inter-VLAN Routing, Light weight access point
WAN Technologies
Frame Relay, PPP, HDLC, (E1/T1/E3T3)
Security
VPN, NAT/ PAT, access-lists, IPSEC, Juniper SRX, TACACS+, RADIUS
Firewall
Cisco PIX, ASA, Juniper Secure Access VPN Appliance, Checkpoint and Palo Alto
Network Management Tools
Wireshark, Net flow Analyzer, Cisco Works, Ethereal, SNMP, and HP open view, OPNET, Tufin, Websense, Blue coat proxy,Qradar
Load Balancers
Cisco CSM, F5 Networks (Big-IP) LTM 8900
Operating Systems
Microsoft Windows Server 2003/2008/2012, Windows XP/Vista/7/8, Linux
Other Technologies
VISIO, VMware, Mat Lab, GNS3, Microsoft Word, Excel, SQL
Scripting Languages
C,C++,unix, Linux, JAVA, JAVA servlets,JAVA script, VB scripting
PROJECT EXPERIENCE
Client: Katalyst Technologies January 2017 to Present
Location: Santa Ana, CA
position: Network Security Engineer
Responsibilities:
Palo Alto installation, configuration, administration, monitoring and implementing the policies in Palo Alto 3020 and 5250.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Deployed Palo Alto for web filtering and application control.
Manage Palo Alto Firewalls using Panorama configuring Device Groups and Templates.
Configured and monitored Firewall logging, DMZ's and related security policies.
Implementing QoS on PE and CE as per BTs templates and upgrading bandwidth and QoS as per client requirement. .
Active participation in the migration of cisco ASA 5040 to Palo alto.
Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls.
Experience in Network Management Tools and sniffers like HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
Experience in configuring, deploying and deployment of Cisco Security Manager (CSM) for management of ASA [ ] Firewall series
Implemented the policy rules and DMZ for multiple clients of the state on the Checkpoint firewall.
Experience in analyzing security logs generated by IDS/IPS, firewalls, network flow system, anti-virus and other security log sources.
Syn Mitigation, DDoS attacks prevention, Adaptive system testing, ACL's, floods and layer 7 refection attacks .
Excellently used Qradar to research and monitor incident management and incident resolution issues.
Established the monitor routes on Checkpoint Firewall that allows the F5 LTM to monitor the backend nodes or server.
Automation of Tufin using python scripting.
Configuring VLANs/routing/NATing with the firewalls as per the network design.
DesigningF5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
Used solarwinds for monitoring and troubleshooting network devices in different time zones .
Switching tasks include VTP, ISL/ 802.1q, IPSec and GRE Tunneling, Ether Channel, Trunking, Port Security, STP and RSTP.
Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed.
Worked on remedy ticketing tool for handling different priority level tickets.
Client: Rapid 7 April 2015 to December 2016
Location: Austin, TX
position: Network Security Engineer
Responsibilities:
Worked with Juniper Net Screen 500/5200 and Juniper SRX 650/3600.
Migrating from Checkpoint R77 Firewalls to Juniper Firewalls.
Designed and configured OSPF, BGP on Juniper Routers and SRX Firewalls.
Creating rules on the checkpoint firewall for a NAT to the VLAN IP and to allow the IPsec traffic.
Configuration and integration of Cisco Wireless LAN Controllers WLC with ISE for performing Dot1x authentication to Wireless users.
Installation and configuration of Checkpoint NG R55 & NGX R60.
Used Jflow for working with feeds and flow feeds. Used Snort and sniffer trace for Monitoring and maintenance LAN/WAN.
Worked on Big IP F5 Load Balance: setting up, surveillance and configuration of F5 load balancer (using LTM & GTM).
Setup and maintained checkpoint security policies including NAT/VPN and secure remote access.
Utilizing Tufin and Splunk firewall analyzing tool to remediate idle firewall policies that leave the network open to unnecessary vulnerabilities.
Experience with network security protocols such as IPSEC tunnels, GRE tunnels, NAT (PAT), ACLs and VPN.
Managing URL Content Filtering on Websense Proxy.
Adding exemption, editing policy groups on Websense Management Server.
Adding/removing ARM bypass rules on Websense appliances.
Participated in the installation, configuration, post installation, daily operational tasks and configuration and deployment of Cisco Nexus equipment 7010, 5596 and 2248.
Researched, resolved and documented Syslog generated errors as escalated.
Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
Upgrading of network connectivity occasionally between the branch office and the regional office through multiple link paths and routers running HSRP, EIGRP with unequal cost load balancing to build flexible network.
Implementation of ACLs and authentication (EIGRP, BGP) to ensure high reliability on the network.
Client: MindTech August 2013 to December 2014
Location: Hyderabad, India
position: Network Engineer
Responsibilities:
Experience on a mesh 6500 and 5500 series routers and switches to support the core trading system.
Involved in Upgrades and backups of Cisco router configuration files to a TFTP server.
Implementing and maintaining backup schedules as per the company policy.
Experience working with High performance data center switch like nexus 7000 series.
Manage Cisco Routers and troubleshoot layer2 and layer3 technologies for customer escalations.
Created engineering configuration, Security Standards, documenting processes and Network documentation using Microsoft Visio .
Implemented the concept of Route Redistribution between different routing protocols
Switching related tasks included implementing VLANS, VTP, STP and configuring on Fast Ethernet .
Planning and implementation of Subnetting, VLSM in order to conserve IP address
Monitored all Cisco equipment's using Cisco Works.
Monitoring alerts & events in Cisco IPS.
Monitoring network devices using HP Network Node Manager.
Performed on-call support for installation and troubleshooting of the configuration issues.
Researched, resolved and documented Syslog generated errors as escalated.
Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, Frame relay, NAT, DHCP, TCP/IP). Configured Access Lists (Standard, Extended, and Named) to allow users all over the company to access different applications while blocking others.
Client: Aricent Technologies March 2011 to July 2013
Location: Hyderabad, India
position: Network Engineer
Responsibilities:
Involved in the configuration & troubleshooting of routing protocols such as MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and IP access filter policies
Creating a priority list of what type of attacks to focus on vs. what can be accomplished and identifying timeline on how to accomplish all the functionality ASM can provide.
Conducted testing (R&S) validations, reviewed network configuration, and made recommendations for core infrastructure design of the Nexus enterprise infrastructure.
Configured HSRP to provide high availability.
Agile Project management was implemented using JIRA and Clarity tool used for the Lifecycle Project Management
Involved in the configuration & troubleshooting of routing protocols such as MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and IP access filter policies.
Configured and connected to the MPLS the new L2 switches for the network expansion.
Implemented monitoring system for multicast traffic in the IPTV backbone and the MPLS Network.
Carried out Cisco/Juniper Metro-access and Pre-Aggregation Routers Testing, validation, selection & successful integration in IP/MPLS Mobile Backhaul greenfield network
Work with the data center planning groups, assisting with network capacity and high availability requirements.
Configured network access servers and routers for AAA Security (TACACS+).
Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows Server, and also configured a FTP server.
Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
EDUCATION
MASTERS OF SCIENCE (Computer science):UNIVERSITY OF ILLINOIS AT SPRINGFIELD
BACHELORS OF TECHNOLOGY(Computer science): JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY
Contact this candidate