Sr. Network Security Engineer
Overall 9+ years of experience in technology domain with specialization in Networking and Security, which includes expertise in the areas of Routing, Switching, Troubleshooting, areas of Wireless and Security.
Proficiency in installing and configuring firewalls like Palo Alto PA-3060, PA-5060, Cisco ASA, Checkpoint R77, Juniper, Panorama.
Experience in F5, Cisco ACE 4710 Load balancers, Aruba wireless access points and controllers.
Extensive understanding of the Application Security Module (ASM) technology.
Experience in working with load balancer for converting CSS to ACE.
Experience working with MX, EX, SRX Juniper Networks
Experience with server vitalization including MS Hyper-V and VMware.
Experience with VMWare vCenter 5.x or VMWare vCenter 6.x AND SQL server.
Performed system-level configurations of VMware ESXi and Windows OS.
Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200) series.
In Data center operations, best practices from simple incident monitoring to complex tasks
Extensive knowledge of WAN technologies such as T1, T3, DS3, OCx, SDH, SONET, LTE, Fiber and Frame relay.
Experience in configuring Nexus 5K Aggregation Switch and Nexus 2K Fabric Extenders.
Effectuated VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches.
Exposure in configuring high end routers like GSR 12000 series, 7500 series and Catalyst Switches like 7600, 6500, 4500 series.
Expertise in installing configuring and troubleshooting Juniper Routers (E J M and T-series)
Worked on network topologies and configurations, TCP/IP, UDP, Frame Relay, Token ring, bridges, routers, hubs and Switches.
Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMPftP, IGMP, PPP, PAP, CHAP, and SNMP.
Experience in installing and configuring DNS, DHCP server and involved in designing and commissioning WAN infrastructure for redundancy in case of link failure.
Thorough understanding of DOS attack, Kill chain process and counter measure techniques like DOS mitigation.
Maintenance of Multi-site network operations and software applications, operating systems and maintenance of Public and Private endpoints.
Supervising the administration of systems and servers related network to ensure availability of services to authorized users via ACL.
Worked on FTP, SFTP, HTTPS, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
Detailed and extensive knowledge in NAT, PAT and configuration.
Worked on network authentication services like AAA, TACACS+, RADIUS.
Moderate knowledge in configuring and troubleshooting cisco wireless networks: LWAPP, WLC, WCS, Wireless security basics.
Experience in documenting and preparing the process related operational manuals.
Have exposure in LAN/WAN setup, installation, configuration and commissioning of network devices.
Proficiency in Algosec tool to audit firewall rule.
Experience in Next gen firewall like Palo Alto series especially in PA-3060 & PA-5060 models.
Detailed knowledge of Palo Alto PAN-OS and experience in feature like Panorama, Hashing, Definition, Wildfire, URL filtering, Zone creation, Intrusion Detection System (IDS), DNS sinkhole, Zero-day attack protection, Advanced Endpoint protection and SaaS Security.
Designed and configured MPLS services in Cisco NX-OS device like Nexus 3000, 5000, 7000 series.
Implemented security policies using ACL, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
Experience in Solarwinds Network Performance Monitor, Network Configuration Manager, Network Traffic Analyzer (Netflow) and IP Address Manager.
Design nextgen data centers with nexus 9500/9300 ACI, openstack, DCI, EPGs/bridge domains, OTV, and VXLAN.
Hands on experience with packet sniffer, TCP DUMP and Wireshark for packet monitoring.
Work experience on Bluecoat Proxy SG for Content filtering and URL filtering.
Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Data Center Migration, F5 Load Balancers, LTM, GTM, ASM, APM Bluecoat URL filtering.
Experienced in Deploying Wireless Network Infrastructure and Wireless Survey Best Practices
Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, EIGRP, and BGP.
Knowledge of Python and Linux shell scripting language.
In depth knowledge with network monitoring and performance tools such as Solar Winds and Wireshark.
Switches: Cisco switches (3560, 3750, 4500, 4900 & 6500), Nexus (2248, 5548, 7010)
Cisco Switch platforms: 2900XL, 2950, 2960, 3560, 3750, 4500, and 6500.
Switching Protocols: VTP, STP, RSTP, MSTP, VLANs, PAgP, and LACP.
Layer 3 Switching: CEF, Multi-Layer Switching, Ether Channel.
Routers: Cisco routers (1900, 2600, 2800, 2900, 3600, 3800, 3900, 7200,
7600), Cisco L2 & L3, Juniper routers (M7i, M10i, M320)
Cisco router platforms: 2500, 2600, 2800, 3600, 3700, 3800, 7200, 7609.
Routing Protocols: RIP, OSPF, EIGRP, and BGP.
Routing: RIP, EIGRP, OSPF & BGP, Route Filtering, Redistribution, Summarization, Static routing
Redundancy protocols: HSRP, VRRP, GLBP.
Security Protocols: IKE, IPsec, SSL, SSH, AAA, Access-lists, prefix-lists.
LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, NAT/PAT, FDDI, Cisco
WAN Technologies: FRAME RELAY, ISDN T1/E1, PPP, ATM, MPLS, leased lines, DSL modems.
Firewalls & Load Balancers: Cisco ASA 5585, 5550, 5540, Juniper SRX5400, 5600, 5800,
Juniper NetScreen 6500, 6000, 5400. Juniper SSG Firewalls, Palo Alto […]
F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810.
Network management: SNMP, Cisco Works LMS, HP Open View, Solar winds, Ethereal.
Ticketing Software: Connect Wise, Remedy system
Software: Microsoft Office Suite, MS SQL Server 2008, HTML.
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Bachelors in Technology
Transurban, Alexandria, VA Sep 2016 - Present
Sr. Network Security Engineer
Build and support Site to Site IPsec based VPN Tunnels.
Site to Site IPsec based VPN Tunnels for all B2B and 3rd party communications.
Support Data Center Migration Project involving physical re-locations.
Cisco ASA configuration and troubleshooting.
Worked heavily on Check Point GAIA R77. Environment consisted of 30+ Check Point and performed configuration, troubleshooting, and maintenance.
Administration and management of all firewall environments.
Hands on experience with F5 LTM, ASM.
Define and implement security policies to secure applications with ASM.
Maintain, upgrade, and implement improvements to the VMWare vCenter infrastructure.
Maintain, upgrade, and implement improvements to the VMWare ESXi infrastructure.
Maintain VM templates for building servers in the virtual environment.
Perform regular systems maintenance, including host, VM, and application updates;
Perform data backup operations, and maintain the backup systems;
Extensive experience in Big-IP LTM and ASM modules in a large shared environment.
Experience in analyzing security impacts and risks to websites, explain crafting ASM policies with examples.
Work on Routing and Switching on the third-party segment using Cisco based Routers and switches.
Developed IVR solutions, Predictive Dialers, Voice Recorders, Inbound Outbound call queue manager.
Worked on F5 BIG-IP 11050, 8950 to perform load balancing.
Managed Smart Center Check Point management server (Smart View Tracker).
Managed Check Point Firewalls from the command line using Putty sessions. (cpconfig and Sysconfig).
Installed Solarwinds Network Performance Monitor with traffic analysis, application & virtualization management.
Management of the of Solarwinds Orion Suite - Network Performance Monitor, Network Configuration Manager.
Providing input on day-to-day security architecture policies and procedures.
Maintain and administer firewalls: Fortinet, Cisco, and Check Point.
Spearhead the complete spectrum of PCI audits to evaluate network and information security from the perimeter of the network to the infrastructure's internal core.
Installing and setting up Firewall Analyzer product to facilitate consulting on an IDS deployment project, using my Cisco Nexus 7K experience to place IDS devices globally.
Configuration, operation and troubleshooting of BGP, OSPF, EIGRP, RIP, VPN routing protocol in Cisco Routers & L3 Switches, System testing.
Good understanding of Quality of Service and Hands on experience of QOS on Cisco and Juniper gear
Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices.
Design and programming of new DMZS portal that includes web site, email and customer provisioning along with online tools for network and local vulnerability assessment.
Migrated hosting to DMZS managed facilities.
Implement Infoblox DNS appliance and run scripts as needed.
Worked with vendors (Juniper, Cisco, etc.) when issues arise and see it through all the way until issue is resolved or a bug has been identified and turned over to development.
Design a secure DMZ to permit high-speed web access, VPN/DUN access,
Design, develop and execute network test solutions for large-scale infrastructure products.
Testing & Implementing Group policies.
Barclays, Wilmington, DE May 2015 – Aug 2016
Sr. Network Engineer
Worked on Cisco Layer 2 switches (spanning tree, VLAN).
WAN Infrastructure running OSPF & BGP as core routing protocol.
Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
Tested authentication in OSPF and BGP.
Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
Configured and troubleshoot OSPF and EIGRP.
In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
Deep understanding of layers 4 – 7 of the OSI Model.
Performed LTM SSL offloading and ciphers configuration to secure F5 configurations.
Install, configure, and maintain F5 hardware, software, devices and appliances in support of customer infrastructure.
Prepare network or infrastructure Visio topology diagrams, write Standard Operating Procedures and maintenance plans, and provide status reports as required.
Troubleshoot F5 network problems, device configurations and coordinate with various department administrators to facilitate F5 resolution.
Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
Perform network analysis using various tools like Wireshark and Solarwinds.
Performed and technically documented various test results on the lab tests conducted.
Planning and configuring the entire IP addressing plan for the clients' network.
Assist the certification team and perform configuration of LAN\WAN technologies such as Ethernet, Fast Ethernet, and Gigabit Ethernet.
Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems
Working knowledge of firewall technologies Palo Alto.
Experience in Configuring VPC, VDC and ISSU software upgrade in Nexus 7010 Including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0, Nexus VPC peer link.
Demonstrated experience with Check Point, Cisco, and Palo Alto Networks solutions
In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
Experience in working for Nexus switches 2000, 5000 and 7000 series.
WAN Infrastructure running OSPF as a core routing protocol.
Network Monitoring using tools like Cisco Works 2000.
Created Lab demonstrations for new technology deployments with loaner equipment from various vendors and presented the findings to upper management.
Troubleshoot network problems using Packet Analysis tools like Ethereal.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500
Configured RIP, PPP, BGP and OSPF routing.
Experience working with High performance data center switch like nexus 7000 series.
Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 3900.
Synopsys, Sunnyvale, CA Feb 2014 – Apr 2015
Sr. Network Engineer
Implementation of TCP/IP & related Services-DHCP/DNS/WINS.
Developed Network Monitoring Systems (NMS) such as SNMP, Nagios and Syslog-NG server.
Developed scripts for automation, monitoring and security purposes.
System administration, optimization and security hardening of Network Monitoring System (NMS) servers (e.g. MRTG, IP Radio NMS).
Implementing code on Palo Alto PA5060/3060 to meet the company security policies.
Configuring Palo Alto network firewall models PA-3k, PA-5k as well as centralized management systems.
Managed network and systems back-up and restoration, Disaster Recovery Plan (DRP).
RH Linux 9.0 and Windows Server setup, implementation, daily maintenance and performance tuning.
Provide technical support for enterprise customers using Splunk
User Access Management (UAM) of all network elements and NMS.
Corporate Data Network (CDN)/LAN management.
Experience in POS machines, printers and scanners.
Configured and installed the Wireless access points.
Migration of RIP V2 to OSPF, BGP routing protocols.
Involved in implementing various Juniper products include EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210 and SRX240.
Design multi-router/peer Cisco/Brocade BGP network, in process of Cisco MPLS L2/L3VPN transport network design.
Extensive experience of design, implementation and use of load balancers F5, BIG-IP, 3-DNS, optimize and control network traffic.
Good working knowledge of virtual networking concepts a plus. (Nexus 1000v, AVS, DVS, etc.).
Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500 series Cisco Catalyst switches.
Performed IOS upgrades on 2900, 3500 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP. Provided network connections for new workstations.
Configured STP for loop prevention and VTP for Inter-VLAN Routing.
Automating System Task, Managing Back-Up / Restore and Securities.
Informing and updating clients about new products and services of the organization.
Providing networking services, coordinate tasks and ensure their execution and documentation in accordance with established corporate standards.
Troubleshoot Windows 2012 Servers and streamlining the user policy.
Managing User accounts using Active Directory.
Techbion Software Systems Pvt Ltd, Hyderabad, India Sep 2011 – Dec 2013
Experience in working with designing, installing and troubleshooting of Palo Alto and Juniper SRX.
Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series
Replaced old 6500 and WAN routers from DR testing site and Installed Nexus 7K.
Configuration and troubleshooting of ASA 5520, ASA 5510, Nokia Check Point VPN¬1 NGX R55/R65/R70
Performed upgradation from old platforms to new platforms R65 to R75.45
Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls.
Involved with a team for the configuration and maintenance phase of new wireless hardware and software.
Worked on Migrating from ASA 5540 to ASA 5585.
Configuring failover and working on ssl-vpn when in active/standby failover on ASA
Negotiated VPN tunnels using IPSEC encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
Worked Wired and Wireless packet tracing to verify proper packet type, size, and information.
Implemented Solarwinds groups as required for monitoring.
Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs
Configuring rules and Maintaining Palo Alto with IPS module & Analysis of firewall logs.
Experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters.
Web Interface and Secure Gateway to NetScaler migration.
Push the firewall rules on various versions of Nokia boxes and cross beam from Provider -1 NGX CMAs.
Collaborated with senior data center management and maintained open lines of communication
Write and maintain Solarwinds documentation such as procedures and knowledge articles.
Configuration of IPSEC L2L and SSL VPN connectivity for the projects.
Worked on F5 LTM/GTM of 5100, 6400, 6800, 8900 for a Server and site load balancing environment.
Callippus Solutions Pvt Ltd, Hyderabad, India Nov 2008 – Aug 2011
L1 Network Engineer
Responsible for Internal and external accounts and, managing LAN/WAN and checking for SSL Security Settings of the networking devices (Cisco Router, Cisco Nexus switches) co-coordinating with the system/Network administrator during any major changes and implementation.
Maintained core switches, creating VLAN's and configuring VTP.
Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPsec and SSL encryption.
Manage service provider’s/vendors relationships from a project and technology perspective.
Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data center environment
Hands on experience installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in core network.
Planned and worked on design with Network team to re-architect F5 load-balancers to load-balance traffic anywhere in the company network.
Established and maintained data center standards and procedures.
Performed Data Center Asset Management.
Involved in load balancing task using F5 Local Traffic Manager(LTM) and ASM.
Upheld standards in building automation, electrical, UPS, HVAC, and life safety systems for data center.
Worked on team that designed and implemented F5 BigIP Load Balancers for use with in-house web and database applications.
Configuring policies on Juniper SRX, Net screen and Cisco ASA.
Managing Cisco Layer 2, Layer 3 switches & Routers on the network.
Implementation of Cisco 3750, 3850 switches and Cisco 3900 and ASR 1000s routers to new sites.
Involved in planning and implementation of hardware refresh of F5 device.
Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting, also including DNS, WINS, LDAP, DHCP, HTTP, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.