Engineer Security
Resume:
PROFESSIONAL SUMMARY
Over * years’ experience in LAN/WAN, Layer 2, Layer 3, routing, switching technologies, systems design, administration and troubleshooting.
Creation of Firewall policies as per the requirements on Checkpoint, ASA, FWSM, Firewalls.
Very Strong expertise in VPN technologies, and dedicated security configurations (Firewalls, IDS, Routers) and best practices in information security policies/procedures.
Design, Build, and Implement various solutions on Checkpoint Firewalls, Blue Coat Proxies, F5 Load balancers and F5 Global Traffic Managers.
Architecture, planning and design of IPsec VPN implementations for multiple sites on various VPN appliances/UTM vendors, routers and maintaining cross functionality between them.
Efficient and Expert in EIGRP, OSPF, with knowledge on MPLS, BGP (including configuration and troubleshooting)
Knowledge in Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505
Experience with converting PIX and Checkpoint Firewalls over to the Check solution.
Planning, Designing & implementing various solutions in distributed environment using Checkpoint, Palo Alto, Cisco PIX & ASA, and Cisco Routers.
Experience in Supporting and troubleshooting Checkpoint (R77 Gaia, R75, R70, R65, Provider-1, SPLAT, IPSO, Smart Center Server and VSX), Palo Alto (PA-5000 series, Panorama) and Cisco Firewall (ASA 5540, 5520, PIX 535, CSM and ASDM) technologies.
Administration of Cisco Routers (12410, ASR 9K, 7200, 7600) and other vendors.
Experience on Cisco IOS (11.0, 12.0, 15.0) and JunOS and IOS-XR 3.2
Experienced in handling and installing Checkpoint and Juniper Firewalls.
Expert knowledge in various applications, services and network management tools including FTP, Telnet, Ping, DNS, DHCP, ARP etc.
Nortel/Avaya and Bluecoat proxy Servers
Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls.
Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
Knowledge in Documenting and preparing the Process related Operational Manuals.
Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500,2600, 2800, 3600, 3800, 7200, 7600 series routers, Load Balancers & Cisco Firewalls.
Good knowledge in LAN/WAN Technologies like TFTP, HSRP, VRRP, ACL, NAT/PAT, IPsec and VPNs.
Experience with routed networks that include MPLS using BGP, VRF, OSPF and EIGRP, QoS Protocols. Implemented and configured the following Cisco devices 4510, 3850, IRS 4400, 6800, NEXUS 2K, 5K and 7K.
Tufin, Breaking Point, Tipping Point IDS/IPS, RedSeal Risk Assessment Tool, Juniper SRX 210, Blue Coat Proxy, PureWire (proxy in the cloud), Breach WebDefend (WAF), Imperva (WAF), SIEM (Qradar), Qualys scan, Vontu DLP, AirTight, Checkpoint VSX, Checkpoint Provider-1 management server, Checkpoint Firewall, VPN setup and debug, Nokia Security Platform/IPSO operating system; Nokia VRRP and Cluster Load sharing; Unix and Windows security hardening.
Assist in the deployment and configuration of new tools and capabilities such as Nessus, Splunk, Symantec and McAfee DLP.
Experienced in using Bug Tracking tools like JIRA, ServiceNow.
Experience with equipment from vendors including, IBM, EMC, NetApp, HP, Sun, Bluecoat, Infoblox, F5, Cisco, Nokia, Gigamon, Juniper, SourceFire, etc.
Apply project management skills to complete assigned projects within the project timeline.
Interacting with the Enterprise Architects, customers and Business Relationship Team to gather the requirements and pre-requisites; coordinating with the multiple teams like Project Management Team, Application, Database team to design the solution design /architect documents.
TECHNICAL SKILLS
Firewalls
Checkpoint R65/R70/R75/R77 Firewall, PaloAlto – Panorama GUI, PA3060, PA220, PA5020, PA7050, PA850, Juniper, Cisco ASA, Netscreen, NSX
Switches
Cisco Catalyst 3550, 3750, 45XX, 65XX series, Nexus 7000, 5000, 2000, 9500 & NX-OS, CatOS, IOS.
Routers
Cisco 26XX, 28XX, 37XX, 38XX, 39XX &72XX series with IOS, IOS-XE & IOS XR
Programming Languages
C, C++
Load Balancer
F5 (LTM, GTM)
Protocols
RIP, EIGRP, OSPF & BGP, TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, Route Filtering
Workstation Tools/OS
Visio, MS suite, Wireshark, nmap, Nessus, Windows, Linux
EDUCATION
M.S Electrical Engineering-Florida Institute of Technology, Melbourne, Florida GPA:3.2/4.0
Bachelor of Engineering (B.E.) Electronics and Communications Visvesvaraya Technological University, Belgaum, India GPA: 7.0/10.0
PROFESSIONAL EXPERIENCE
Client: Toyota Motor North America, Dallas, TX December 2016 - Present
Title: Sr. Network Security Engineer
Responsibilities:
Currently working on a Data Center Migration and Decommissioning Project for Toyota USA.
•Monitoring, configuring and maintenance of Checkpoint - R65, R70, R75, R77, PaloAlto - PA3060, PA5020, PA7050, PA850 and Juniper firewalls of different data centers of Toyota.
•Configure, implement and maintain all security platforms and their associated software, such as routers, switches, firewalls and intrusion detection/intrusion prevention.
•Create Policies and implement procedures, compile Reports and Metrics, perform GAP Analysis for Firewalls and provide network and host-based security, incident response, firewall management and administration.
•The data center migration project also demands the creation of new firewalls for the company's new location. This is done by analyzing the existing firewalls, reorganizing the rules of the firewalls in the most efficient way and provide secure access to different parts of the network through the new firewall alongside creating new rules for current ongoing projects in the same firewall.
•Installed policies on new firewalls to provide accesses that existed on old firewalls by efficiently rearranging them in minimum redundancy and simultaneously worked on implementing accesses for the new data center while monitoring and detecting malicious public IPs and troubleshooting issues for a secure functioning of firewall rules as part of data center migration project.
•Worked on Juniper Firewalls which involved configuring, managing and troubleshooting firewall issues which includes both GUI and CLI as part of TEMA (Toyota Motor Engineering and Manufacturing North America) projects.
•Worked on Splunk to analyze different accesses in the Toyota network and detect errors to troubleshoot network access issues.
•Manually decommissioned Palo Alto (PA 5020 and PA 500), TUFIN, F5 Load Balancer, Checkpoint 5000 routers and reconfigured all appliances to perform defined functions at Toyota HQ as part of Toyota Data Center Migration Project.
•Working as a dedicated resource for a Scrum Project to provide timely firewall support and configuration for ongoing high priority Scrum Projects.
•Deployment of Palo Alto firewall into the network. Configured and wrote Access-list policies on protocol based services.
•Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
•Advanced knowledge, design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77.
•Implemented various level of functional test plans for Traffic Signal controller with land line and wireless, signaling of steps and time scheduling and Integration test plans under the environment of Oracle, Windows 2012 R2 Server, and Cisco 6500/47xx/3xxx/26xx routers over IP/BGP/MPLS/OSPF, F5, HSRP, GPRS, Cisco WCS/WLSE, and Juniper on M/T/MX series, and Cisco PIX 515 firewall, Symantec IDS and IPS.
•Responsible for troubleshooting and resolving Firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint, Juniper, Cisco ASA firewalls.
•Experience with troubleshooting WiFi connection issues with Wireshark packet analyzer
•Skilled knowledge of RIP, EIGRP, BGP and OSPF.
•Executing software life cycle that includes requirement analysis, study, design, development, implementation, change management and client interactions.
•Provisioned, administered and troubleshoot the foundational services of Cloud Platforms for networking, compute and storage, in addition to provisioning and managing Cloud Managed Services such as Managed Databases, Caching Engines, Load Balancers
•Work with customer/clients to ensure that the policy and security requirements are met and provide periodic vulnerability testing, and manage remediation projects and formulate systems and methodologies as well as respond to security related events and assist in remediation efforts.
Client: Hess Corporation, New York City, NY August 2015 – November 2016
Title: Sr. Network Security Engineer
Responsibilities:
Established policies and procedures related to Systems security and integrity.
Responsible for the deployment, configuration, and implementation of the Bluecoat ASG S200 and S500 appliances for the application delivery platform with F5 BIG-IP VI prion https, ASM, and LTM environment.
Experienced on Juniper (JunOS & NetscreenOS) to Cisco Firewalls migrations/Rule conversion.
Migration from R75.40 to R77.20 to support a large multitude of HP Enterprise Services Corporate Customers.
Implementing and configuring F5 LTM's for VIP's and Virtual servers as per business needs.
Implementing security Solutions using Palo Alto Pa 5000/3000, Cisco ASA, Checkpoint firewalls R75, R76, R77.30 Gaia and Provider-1/MDM.
Responsible for troubleshooting and resolving Firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint, Juniper, Cisco ASA firewalls.
Experience with troubleshooting WiFi connection issues with Wireshark packet analyzer
Skilled knowledge of RIP, EIGRP, BGP and OSPF.
Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Palo Alto, Checkpoint, IDS/IPS and Juniper Net screen firewalls.
Configured/ administered/ deployed several Cisco 12000, 10000 and 6500 series.
Performed Checkpoint Firewall upgrade of 50 Firewalls from R55 to R65. Administered Juniper 50, 200, 500, and SSG 520 firewalls.
ManagingF5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers
Configured F5 BigIP to provide Load Balancing for server farm.
Implemented and managed SSL VPN using Radius server (Cisco any connect) on ASA 5550.
Experience working with Cisco 3750, 4948, 2811, 2600, 7200, 6500, 12000, 10000 series switches and routers.
F5 BIG-IP GTM/LTM, Bluecoat (ProxySG and CAS), Riverbed Steelhead CX/EX/CMC
Responsible for Checkpoint and Checkpoint Firewall administration across global networks.
Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
Experience with architecture of Symantec DLP Platforms
Managed Cisco 5500 Series controller. Deployed APs as necessary. Configured Cisco 1242 wireless bridges with line-of-site antennas.
Configured/ administered/ deployed several Cisco 6500 series switches.
Installing and configuring Citrix NetScaler, F5 LTM and GTM load balancer in Active-Standby mode and Creating Virtual Servers, VIP's and server pools based upon application requirements.
Expert in developing and maintaining business process flows, business scenarios, business requirements documentation and simplifying the definition of technical systems requirements as per need for product owner and marketing campaigns for Testing Purpose.
Client: Cargill Inc., Wayzata, MN August 2014 – July 2015
Title: Network Security Engineer
Responsibilities:
Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
Implemented with Cisco Layer 3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, HSRP, ISL trunk, ether channel.
Checkpoint Security gateway new deployment, upgrade and migration on SPLAT, Nokia (IP appliance) and Checkpoint appliances.
Configured of ACL's in Cisco 5520 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT.
Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint, Juniper, Cisco ASA, and Palo Alto firewalls.
Administration of Cisco Routers (12410, ASR 9K, 7200, 7600), Juniper and other vendors.
Configuration, Troubleshooting and Maintenance of Palo Alto PA-5060, PA-5020 series.
Provided daily remote administration, implementing, configuring, and troubleshooting Checkpoint R77, Juniper SRX, Blue Coat Web Proxy SG 200/SWG VA 100 appliances, Cisco VoIP deployment, and F5 GTM/LTM Big-IP load balancing solutions.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution and worked on RSA secure IDs to providing VPN Token to Company USERS.
Worked on F5 Local Traffic managers (LTM), Global traffic manager (GTM) of series 8900, 6400, 6800, 3400, 5100, 3600.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500
Implementation, support and administration of multiple security products running CheckPoint Provider-1.
Regularly performed firewall audits around CheckPoint Firewall-1 solutions.
Provided Blue Coat SG 200/SG500 administration supporting Director, Profile Creations, Content Policy, Content Collections, Creating and Distributing URL Lists, and Appliance Certificate compliance.
Experience in implementation, support and troubleshooting of VLAN's including operational knowledge of spanning tree protocol (STP), VLAN Trunking, inter VLAN routing and ISL/802.1q.
Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
Configured Cisco 7200 routers which were also connected to Cisco PIX 535 security appliances providing perimeter-based Firewall security.
Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Configured VLAN's, configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
Configuring & managing around 500+ Network & Security Devices that includes F5 BigIP Load balancers and 3DNS, Blue Coat Proxies and Plug Proxies.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution and worked on RSA secure IDs to providing VPN Token to Company USERS.
Worked on Juniper NetScreen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000 and ISG 200.
Knowledge of F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
Client: WEC Energy Group, Milwaukee, WI February 2013 – July 2014
Title: Network Security Consultant
Responsibilities:
Perform administration, optimization, and support of internal LAN/WAN infrastructure.
Configuration and Maintenance of MPLS between satellite locations and Data center. Rule Management for MPLS routers.
Management of BGP peering with Service Providers to ensure availability and maintain SLA with MD5 authentications and TTL security.
Develop and support network lifecycle management, capacity planning and availability management programs and update technical documents.
Maintenance of Check and Barracuda Web Filter including IPSec VPN and troubleshooting L2VPN.
Configure and maintain access points through Cisco 4400 WLAN controller.
Design VPN tunnels between locations. Implement these tunnels using IPsec and GRE protocols and maintain the tunnels.
Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, Symantec IPS/IDS, AAA (TACACS+ & RADIUS).
Firewall filtering and NAT, Adding and modifying the policies in juniper SRX.
In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM, Summarization and ARP, reverse & proxy ARP and Ping ConceptConfigure of VLAN, BFD, LAG Port Channel, HSRP and VRRP on Cisco devices.
Implemented firewall rules in Palo Alto firewalls using Panorama for one of the environment.
Monitor Data and Voice network utilization to ensure proper circuit sizing. Plan for expansion based on reports of monitoring.
Deploy F5 Edge Gateways for SSL, remote access load balancing. Create templates, SSL profiles and network ACLs.
Setup and configuration of test benches includes configuring Cisco UCM, 29xx/3800 series routers, Cisco 7975/9971 IP Phones, RSVP gateways, POE switches and Media servers, implemented all VMware configurations for CUCM installs using vSphere.
Assist in design and implementation of load balancing solutions.
Assist in PoC design & evaluation for purchasing IP Networking hardware and software for expansion of the circuits.
Configure and implement routing protocols on the routers and switches like OSPF, EIGRP and STP for LAN.
Assist network operations and level two network engineers in the diagnosis of difficult or complex network related problems.
Managed and configured NAT's on the Juniper Netscreen SSG firewalls.
Troubleshooting and documenting the L2 connectivity issues.
Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment on Checkpoint R70, R75 and ASA 5520, 5540 firewalls.
Installed redundant BigIP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
Experience in Installing and configure the VMware NSX appliances for a setup including VMware vSphere, VMware NSX and openstack.
Advise on projects needed to enhance performance of the network as well as the research, analysis, design, planning, and implementation of these enhancement projects.
Plan and document the network inventory and maintenance procedure along with lifecycle management of these devices.
Client: Hexa-Technologies, India February 2012 – December 2012
Title: Network Support Engineer
Responsibilities:
Maintaining the Network Infrastructure, Installation, migration and configuration of routers and switches for clients.
Provide alternative means from dial-up connection to bring down the damage or loss that occurs for the client.
Installed and managed Cisco Catalyst 3500XL, & 2960 series Switches and Cisco 1800, 3900 series routers
Routing Protocols (RIP, RIP V2, IGRP, EIGRP, OSPF), Virtual LANs, LAN, WAN and Ethernet.
Coordinated with senior engineers with BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks
Frame Relay, ISDN, PPP, HDLC, Network Troubleshooting using CLI Show commands, PING, Trace route, telnet.
Involved in group & individual presentations to corporate clients about the company's internet based products like leased lines and modular routers.
Involved in designing and applying QOS to 2600 series routers for all the branches
Worked on Riverbed devices for WAN bandwidth Optimization in the data centers for the sensitive marked data applications
Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.
Defined and tracked project progression via MS Project 2003
Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management and operations support as required
Configuration of rule base for traffic management and overlapping encryption.
Apply project management skills to complete assigned projects within the project timeline.
Plan and document the network inventory and maintenance procedure along with lifecycle management of these devices.
Contact this candidate