Engineer Security
Resume:
Azfar Shabbir
Email:*****.*******@*****.***, Cell no: 415-***-****, Permanent Resident
OBJECTIVE
To obtain Network Engineer position to utilize my engineering education and experience with strong organizational skills in contribution of organizational goals and objectives. Well versed in Cisco and Juniper routers with hands-on experience on Firewalls/ASA/F5 etc.
Skills
Years of Experience
Cisco ACS, Cisco Nexus 5K & 7K
6+
Cisco IOS, Cat-OS, Nexus-OS
6+
F5 LTM + GTM, LAN/WAN, Checkpoint
6+
OSPF, BGP, HSRP, IP MPLS.
6+
VOIP, Cisco Unity, Cisco Unified Presece
4+
Cisco ASA, Check Point, VPN
6+
PROFESSIONAL SUMMARY:
CCNA and CCNP certified professional with around 7 years of extensive experience in network design, implementation, troubleshooting, engineering, managing and providing security which includes designing, deployment and network support.
Excellent knowledge of checkpoint SPLAT/GAiA platform, Cisco Routers/ASA/7K Nexus devices, Palo Alto Firewalls, Silverpeak & Riverbed WAN optimization.
Experience on PIX firewalls, ASA (5540/5500) firewalls, NX-OS. Implemented security policies using ACL, firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Worked with different WLAN devices e.g. WAP, Wireless Access Controller etc.
Experience working on F5 load balancer (LTM and GTM) in order to reduce the burden on the network.
Hands on experience on Palo Alto firewalls, writing rules, configuring, troubleshooting the polices.
Experience in Routing Protocols OSPF, BGP, & EIGRP
Experience in Juniper product line for configuring and troubleshooting EX-2200, EX-4200, EX-4500, EX8200 switches, SSG 550M, ISG 2000, SRX-210, SRX-240, SRX-650, SRX-1400, SRX-5800 series Firewalls.
Experience on working scripting languages Python and Perl for code upgrades and configurations of devices.
In-depth experience in areas related to L2 technologies which include VLAN’s, VTP, STP, and RSTP.
Experience in layer-3 routing and layer-2 switching. Dealt with Nexus models like 7K, 5K, 1K series, Cisco router models like 7200, 3800, 3600, 2800, 2600 series and Cisco catalyst 6500, 4500 (SUP 6), 3750, 3500, 2900 series switches).
Got Trained on Cisco Application Centric Infrastructure (ACI).
Extensive use of Remedy Ticketing System to deal with escalation problems for routing, switching and WAN connectivity issues.
EDUCATIONAL QUALIFICATION:
B.S Telecommunications and Networks - PAF-KIET
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional(CCNP)
TECHNICAL SKILLS:
NETWORKING PROTOCOLS: HTTP, FTP, DHCP, DNS, TCP, SIP, VTP, STP, SNMP, ICMP
ROUTING PROTOCOLS: RIP, IGRP, IGMP, OTV, MPLS, EIGRP, OSPF, IS-IS, BGP.
NETWORK MONITORING: Wireshark, Openstack, Splunk, GRC, JAM, WLAN analysis tools
LAN TEHCNOLOGIES: Fast -Ethernet, Giga -Ethernet, VLANS
NETWORK SECURITY: NAT/PAT, JunOS, Cisco ASA Firewalls 5580-20, IPS/IDS, checkpoint SPLAT/ GAiA, juniper EX, SRX, MX, QFX,DMZ Setup, CBAC, Cisco NAC, Checkpoint, ACL, L2VPN, L3 VPN, Net screen.
CISCO EQUIPMENTS: Cisco routers (7600, 7200, 3900, 3600, 2900, 2800, series) Cisco Catalyst switches (6500, 4900, 3750, 4500, 2900,2800 series), PIX Firewall (506/515/525/535), Cisco ASA, Firewall (5500/5510).
SCRIPTING TOOLS: Python, Perl, HTML., SQL
PROFESSIONAL EXPERIENCE:
T-Mobile, CA Aug 2014-Mar 2016
Sr. Network Security Engineer
Worked as part of delivery team where my daily tasks included code upgrades, prefix-list addition, and access-list addition using python script and on Linux platform based on tickets generated by customers.
Worked on Automation tool called Autopilot an internal tool used for code upgrades and configuring of new devices at different data centers.
Worked on BGP routing protocol, configuring BGP sessions and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960 router and cisco ASR 1K and 7K. E.g. ASR 1002, ASR 1006.
Working on configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between different data centers.
Implementing IPv6 addressing scheme for routing protocols, VLANs, subnetting and mostly during up gradation of cisco ISR routers 2900/3900 and switches.
Configuration and deployment of cisco ASA 5540 firewall for internet Access requests for servers, Protocol Handling, Object Grouping.
Have been working with SOC team monitoring IDPS (Intrusion detection/prevention sensors) as primary responders.
Have been involved in migrating policies from Checkpoint to Juniper SRX.
Design, WAN link using PPP Multilink and by implementing Cisco WAAS.
Implemented standard configuration template scripts in various network devices for SNMP v2, logging, and NTP.
Have been working on Global ITIL Network Support.
Has a good experience working with the Trouble Tickets on Cisco ACE/F5 Load balancers.
Configured pools, virtual servers, nodes on different BIG-IP F5 load balancers and assisted in modifications of virtual server configuration on existing applications.
Implementation and Configuration (Profiles, iRules) of F5 Big-IP LTM-3600/6400 load balancers.
Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
Configuring the vips, pools, irules and profiles on F5 LTM 10.x and 11.x version.
PIX, Cisco ASA,Cisco FWSM as well as content delivery networks (CSS, Citrix Netscaler and F5 BigIP LTM and GTM 1600 and 3400 load balancers) enterprise environment.
Securing configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
Worked on Riverbed Steel Heads to ensure that WAN traffic was optimized on client networks with the necessary rules setup.
Created standard access lists to allow SNMP, NTP and logging servers.
Replaced 6500 from access layer and Installed 3750s Switches.
Worked along with Microsoft operation center for monitoring traffic on the devices going to up-linksand divert traffic on to different routes after traffic level reaching threshold value.
Generating audit reports by running automated scripts on various devices in order to check the layer 2 issues like errors on the links, port flapping.
Also involved in Cisco ACE configuration and deployment.
Team lead on various projects.
Implemented WLAN Aruba 7210 Wireless Access Points and its Controllers at various corporate sites fort 11n Infrastructure and its legacy technologies.
Implemented network redesign of enterprise security infrastructure, including firewalls, IDS/IPS VPN solutions (trusted site to site, DMVPN, multiple factor authentication remote access systems, log consolidation and monitoring).
Analyzing the Audit report and work along with Data center teams to check the optics and troubleshoot issues.
Strong experience with implementation design, configuration, deployment and management of Network Access control and Authentication systems like Cisco Identity services engine (ISE), Cisco Access control server.
Managed a Citrix XenApp 5 farm consisting of 7 servers. Installed and published server applications, created policies and performed server upgrades.
Coordinating along with Global data center teams located at different locations and work along with them for troubleshooting layer 2 issues.
Assisting off-shore teams located in India in upgrades, VLANs configurations, in troubleshooting layer 3 issues and routing protocol issues mostly BGP.
Documentation of various changes made on devices and submits them for approvals and works along with alerts team and intimates them the changes to be made.
Client: Qualcomm, NC March 2013 - Jul 2014 Network security Engineer
Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration
Installing and configuring new cisco equipment including Cisco 1900, 2900, 3900 series routers, Cisco catalyst switches 6807, Nexus 7010, Nexus 5500 and Nexus 2k as per the requirement of the company
Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls, installing and configuring new juniper EX,MX,SRX (Next-Generation Firewall) series firewalls to meet day to day work
Adding and removing checkpoint firewall policies based on the requirements of various project requirements
Fortinet Firewall management.
Also involved in Configuration of Nexus 7010 including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0, Nexus VPC peer links.
Worked on load balancers like F5 10050s, 10250v, GTM 2000s, 2200s to troubleshoot and monitor DNS issues and traffic related to DNS and avoid DDoS
Experience in configuring and troubleshooting Palo Alto Network Firewalls
Configures firewalls (Cisco 5500 series, Palo Alto firewall, Sonic WALL), intrusion detection systems (OSSEC, Snort) and other network security devices.
Deployment of Palo Alto firewall into the network. Configured and wrote Access-list policies on protocol based services
Cisco Secure Access Control Server (ACS) for Windows to authenticate users that connects to a VPN 3000 Concentrator.
Troubleshooting of protocol based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow
Worked on DNS server involving configuration and resolving DNS related issues
Writing rules for NAC servers as per the authentication and authorization of systems within the company.
Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place
Worked on regular troubleshooting of BGP, EIGRP routing protocols
Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
Tuned BGP internal and external peers with manipulation of attributes such as metric, origin and local Preference.
Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms
Managing and providing support to various project teams with regards to the addition of new equipment such as routers, switches and firewalls to the DMZs.
Also involved in designing and implementing IP MPLS network.
Working closely with Data center management to analyze the data center sites for cabling requirements of various network equipment
Company: Highrise Ltd April 2008 - Nov 2012
Network Engineer
Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include
Configured firewall logging, DMZs, related security policies and monitoring
Creating private VLANs & preventing VLAN hopping attacks and mitigating spoofing with snooping & IP source guard
Installed and configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN on Cisco PIX Firewall
Enabled STP enhancements to speed up the network convergence that include Port-fast, Uplink-fast and backbone-fast
Other responsibilities included documentation and change control
Responsible for Configuring SITE-TO-SITE VPN on Cisco routers between headquarters and branch locations
Implemented the security architecture for highly complex transport and application architectures addressing well known vulnerabilities and using access control lists that would serve as their primary security on their core & failover firewalls
Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall
Involved in troubleshooting of DNS, DHCP and other IP conflict problems
Used various scanning and sniffing tools like Wire-shark, traffic generator.
Hands on experience working with security issue like applying ACL’s, configuring NAT and VPN
Documenting and Log analyzing the Cisco PIX series firewall
Configured BGP for CE to PE route advertisement inside the lab environment
Configured policy based routing for BGP for complex network systems.
Responsible to run different kind of Network test. This includes Firewall, MPLS, BGP, SNMP
Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding.
Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
Implemented traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF)
Responsible for Manual testing, reporting defects and working closely with development in narrowing down issues.
Worked with automation tools and different methods according to requirement. Also worked with IXIA test. Also used different tools like ANUE and JDSU.
Developed the necessary libraries for the different to run different Network test.
Also worked with testing with traffic generator.
Contact this candidate