Engineer Security
Resume:
Yogeswar Rao Aripineni
Email Id: ****.****@*****.***
SUMMARY:
Overall 8 years of experience in implementing, configuring, and troubleshooting Switches, Routers, and Firewalls.
Strong working knowledge on layers of OSI Model.
Implemented TCP/IP and related services such as DHCP and DNS.
Configured IPv6 on host platforms and IPv6 in IPv4 tunneling.
Configured Cisco Cato’s and Cisco IOSon Cisco catalyst switches.
Expertise in configuring switching protocols such as ARP, RARP, VTP, PPP, VLAN, Ether channel, STP, RSTP, PVST+, HSRP, GLBP, VRRP and Routing Protocols such as RIP, OSPF, BGP, EIGRP, IS-IS, and MPLS.
Implemented, Troubleshot, and Optimized dynamic routing protocols such as EIGRP, OSPF, BGP and also resolved complex route table problems.
Performed route redistribution and manipulated route updates using distribute lists.
Implemented VPLS and worked on Route Reflectors, Route Targets, LDP, L3VPN's, VRF's .
Implemented traffic filters on Cisco routes using Standard and Extended Access list.
Worked on Perimeter security devices such as Firewalls, IDS/IPS.
Configured and managed Intrusion Prevention system (IPS): Cisco IPS/ Fortinet and Checkpoint UTM.
Responsible for Cisco ASA 5500 firewall administration, Rule Analysis, Rule Modification and implemented different failover mechanisms on ASA firewalls.
Installed, configured and set security policies on Cisco and Checkpoint firewalls.
Configured Checkpoint Firewall in IPSO secure platform and GAIA platforms.
Added Rules and Monitored Checkpoint Firewall traffic through Smart Dashboard and smart View Tracker applications.
Installed and configured Bluecoat ProxySG in the network for web traffic management.
Configured Remote Access solutions such as IPsec, Any connect VPN, SSL VPN.
Configured IPSEC-site-site VPN to ensure partner connectivity and remote access VPN.
Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Hands on experience in Active/Active Failover, Standby Failover, Policy Maps.
Redesigned Internet connectivity infrastructure for meeting bandwidth requirements.
Worked on F5 BIGIP (Profiles, monitors, I Rules, Redundancy, SSL Termination, Persistence, SNATs, and HA) and executed various upgrade projects across F5.
Access Control Server configuration for RADIUS and TACACS+.
Worked on Disaster Recovery (DR) test plan and built an IPSEC tunnel site to site.
Designed, implemented and managed LAN, WAN solutions for different client setups.
Responsible for network evaluation, troubleshot different network problems, and implemented various software and hardware upgrades for efficient performance.
Worked on Network monitoring tools such as NMAP, Solar Winds, Cisco Works, Wireshark, and Splunk.
Expertise in network design and documentation using Microsoft Visio.
Performed manual and automated penetration testing in diverse environments.
Experience working in PCI regulated environment.
Implemented ITIL best practices and provided end-to-end support for ITIM implementations.
Can work on different shifts and provide 24*7*365 support.
Natural team player, Good interpersonal and writing skill, Can effectively co-ordinate with teams across multiple platforms.
TECHNICAL SKILLS:
Network Devices
Nexus (7k,5k,2k,1k), Cisco Routers(7600,7200,3900,3600,2800,2600,2500,1800 series), Cisco Catalyst switches(6500,4900,4500,3750,3550,2900 series), Juniper(EX4550, EX4220, EX 2200)Switches, Juniper(MX 480,MX 240Series) Routers
Protocols
Ethernet, FDDI, HDLC, L2TP, PPP, STP, VLAN Trucking, OSPF, BGP,EIGRP,IPv6,IS-IS, TCP, UDP, DNS, DHCP, SMTP, SNMP, IPsec, PPPoE, MPLS, PAP, CHAP, HSRP,
Load Balancers
F5, ACE, CSS, CSM
AAA
TACACS+, RADIUS, Cisco ACS
Firewalls
Cisco PIX(535,525,515,506), Cisco ASA (5540, 5520), Checkpoint, Palo Alto, Blue coat Proxy server
Tools
IXIA, Bugzilla, Wireshark, Ethereal, PRTG Packet Sniffer, TCP Dump, Cisco Works, Nagios, Solar winds, Cacti, Info block
CERTIFICATIONS:
Cisco Certified Network Associate.
WORK EXPERIENCE:
Sonata Software Limited, Atlanta, GA Feb 2015-Till Date
Role: Network Security Engineer
Sonata Software Limited serves software product companies and enterprises in the travel, manufacturing, retail and distribution verticals. Its service lines include business intelligence, mobility, cloud, social media, enterprise services and infrastructure management services.
Responsibilities:
Designed, validated and implemented LAN, WAN solutions as per the client’s requirements.
Implemented Layer2/3/4 functionalities in Cisco Catalyst 6500 switches (by configuring Cisco Cato’s and IOS on two different CLI’s).
Involved in migration of 6500 based data center to Nexus based data center.
Upgraded from SUP1 to SUP2 on Cisco Nexus 7000 Series and have hands on experience on Nexus 7010, 5020, 2248, 2148 devices.
Experience in configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
Worked with Cisco Nexus 2148 Fabric Extender and Nexus 7010, 5000 series to provide a Flexible Access Solution for a data centre access architecture.
Installed and Configured VLAN, Spanning tree, VSTP, SNMP in Cisco Catalyst switches 6500, 3750 & 3550 series.
Configured routing protocols such as OSPF, EIGRP, and BGP on Cisco 7600, 7200 series Routers.
Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event of core router becoming unreachable.
Worked on setting up MPLS Layer 3 VPN cloud in data center.
Worked with Cisco IOS-XR on the ASR9000 devices for MPLS deployments in data center.
Configured SITE_TO_SITE VPN on Cisco ASA 5500 series firewall between Headquarters and Branch office.
Implemented ACL as per Network Design Document and followed the change process as per IT policy.
Converted PIX rules over to the Cisco ASA solution.
Provided customer support service in the configuration and maintenance of ASA firewall systems.
Implemented Zone-based firewall and security rules on Palo Alto.
Configured and maintained IPSEC and SSL VPN’s on Palo Alto 3060.
Configured Palo Alto Networks Firewall models as well as a centralized management system (Panorama) to manage large scale Firewall (PA-5k, PA-3k, PA-2k) deployments.
Configured rules and maintained Palo Alto Firewalls and analyzed firewall logs using Splunk, Firewall log analyzer.
Provided Load Balancing towards access layer from core layer usingF5 Net workload Balancers.
Installed high availability BIG-IP LTM and GTM Load Balancers to provide uninterrupted service to customers.
Configured and deployed BIG-IP LTM 8900 for providing application redundancy and load balancing.
Managed cabled LAN and wireless access, with switching technologies and wireless technologies.
Installed and configured Active Directory in Windows server2003/2008.
User’s Active Directory management and planning for Authoritative and non-authoritative restore.
Served as primary customer contact for technical and support issues on Sonata’s Security Information and Event Management (SIEM) platform.
Resolved multiple support tickets for issues involving Sonata’s custom SIEM deployments.
Environment: Cisco catalyst 4948, 4510, 4507 switches, Nexus series 7010, 5020, 2248, 2148, Juniper(EX4550, EX4220, EX 2200)Switches, Juniper(MX 480 Series) Routers, Palo Alto(PA-5k, PA-3k, PA-2k), Big IP
Freddie Mac, MC Lean, VA March 2013 to Feb 2015
Role: Security Engineer
Freddie Mac is a public government-sponsored enterprise. It has three core business lines: Single-Family Credit Guarantee Business, Multifamily business, and Investment Business, providing mortgage funding for Housing markets across the nation.
Responsibilities:
Involved in setting up the TFTP server for backing up the IOS images.
Optimized performance of the WAN Network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
Worked with Nexus 7010, 5020, 2248, 2148 switches.
Configured and managed VLAN’s, 802.1Q Trunk, RPVST+, Inter-VLAN routing, HSRP and LAN security for Layer-2 and Layer-3 switching domains as per the organization's requirement plan.
Configured and maintained OSPF Protocol (this included deploying of new branch locations in the existing infrastructure). Created Stub areas and configured summarization for effective Routing.
Configured and troubleshot OSPF in single area and multiple areas.
Checked the operability of Cisco router and switch using OSPF routing protocol, ASA 5500 Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists etc.
Configured and Maintained BGP features such as load balancing, Route Reflectors, BGP metrics by maintaining the Enterprise IP Addressing scheme with allocation of new IP Pools for user subnets, and updating the port on the switches MED, AS Path, Local Preference, Communities.
Worked on Troubleshooting Network Routing protocols such as BGP and EIGRP during migrations and new client connections.
Worked on Checkpoint Smart Console suite (R75.40, R76, and Gaia R77.20 & VSX) to manage policies and rule base of security control points, device mapping using network address translation, objects management, routes and other administrative tasks.
Supported and troubleshot Checkpoint (R77 Gaia, R75.40, R70, R60, and Provider-1), Juniper (SRX, JUNOS, ScreenOS, Net Screen SSG, SPACE and NSM) and Cisco firewall (ASA 5550, 5540, 5520, PIX 525, 535, CSM and ASDM) technologies.
Installed and administered Checkpoint R75.40 Firewall.
Implemented firewall policy change on the Checkpoint clusters. Verified and Validated the Firewall policy on Checkpoint R75 clusters for unused rule and helped in consolidating rule.
Implemented site to site VPN on Checkpoint Firewall R62 with 3DES encryption over IPsec.
Deleted unused Checkpoint policies, unused gateway objects, and unused VPN communities to clean up the Checkpoint firewall environment.
Added and removed checkpoint firewall policies in SPLAT/IPSO R75, VSX firewall based on the requirements of various projects.
Implemented network security for remote access by configuring site to site and client’s to site VPN tunnels through multiple Cisco VPN concentrators and Checkpoint firewalls and maintained access policies for remote users.
Worked on checkpoint UTM1, VPN1 and activating blade licenses to be used as Intrusion prevention and antivirus appliance.
Bluecoat WAN Optimization and acceleration implementation.
Configured Reverse Proxy, URL filtering and content filtering using Bluecoat proxy SG devices.
Implemented URL filtering requests in Bluecoat Proxy SG for website block list and whitelist
Purpose.
Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
Added Websites to blocked list on the bluecoat proxies based upon business requirements and application
Implemented and configured F5 Big-IP LTM-6400 load balancers.
Configured pool and pool members and associated it to the virtual server (and Virtual IP’S) and configured load balancing methods.
Environment: Nexus 7K/5K/7K, Cisco 3550/4500/6500 switches, F5 Big-IP LTM-6400 load balancer, Checkpoint R75, Cisco ASA 5500, Blue Coat Proxy server.
Amgen, Thousand Oaks, CA August 2012 to Feb 2013
Role: Network Engineer
Amgen is one of world’s leading independent biotechnology companies, has reached millions of patients around the world. It is actively involved in developing, manufacturing and delivering innovative human therapeutics.
Responsibilities:
Configured routing protocols such as EIGRP, RIP v2, OSPF & BGP and Cisco ACS protocols such as RADIUS and TACACS.
Supported internal project teams by adding firewalls, switches and routers to managed DMZ’s.
Configured IP Quality of service (QoS).
Participated in the migration project of PIX to ASA firewall.
Implemented and configured ASA 5520 in failover along with the CSC module as per the customer requirement.
Cisco ASA firewall troubleshooting and policy change requests for new IP segments that come on line.
Built site-site VPN connections for third party connectivity using ASA firewall.
Configured Juniper Netscreen firewall Policies between secure zones using NSM (Network Security Manager) and deployed Security Solutions in Juniper SRX and Netscreen SSG firewall by using NSM.
Refined IPS Policy and Created Rules according to the Security Standard.
Managed successful delivery of massive security response portfolio including Splunk, Cisco ISE.
Monitored network traffic with the help of Qradar and Cisco IPS event viewer.
Implemented & Troubleshot T1, MUXES, CSU/DSU and data circuits.
Involved in design and implementation of Data Center Migration, and have worked on implementation strategies for the expansion of the MPLS VPN networks.
Well acquainted with Load balancing technology including algorithms and health check options.
Configured and troubleshot F5 LTM, GTM series like 6600, 6800 for different applications such as BigIP GTM Wide IP configuration, BigIPLTM VIP configuration with health check, BigIP I Rule programming and troubleshooting.
Environment: Cisco Router 7600,7200,3800,2800 and Cisco Catalyst Switch 6509, 6500, 3550, Cisco ASA 5520, Juniper(EX4550, EX4220, EX 2200)Switches, Juniper(SRX, E series, ACX Series, PTX Series) Routers.
Citi Group, India July 2009 to May 2012
Role: Network Engineer
Citi is the largest foreign direct investor in the financial services industry in India and offers consumers a broad range of financial products and services, such as consumer banking and credit, corporate and investment banking, securities brokerage and wealth management.
Responsibilities:
Troubleshot TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
Configured VLAN, Spanning tree, VSTP, SNMP on Cisco Catalyst Switch 6500, Juniper EX series switches and RIP, OSPF and Static routing on Cisco 7600 and JuniperMX 240 series Routers.
Implemented & Troubleshot T1, MUXES, CSU/DSU and data circuits.
Configured redundant interfaces, DHCP server, DHCP relay, ntp settings, and sub interfaces on firewalls.
Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
Configured and maintained ASA firewall systems (Firewall Administration, Rule Analysis, Rule Modification).
Configured IPSLA monitor to track different IP route when disaster occurs.
Provided Network Security Architecture and Operations support services for Windows 2008 based web, application and database servers.
Configured and maintained ASA firewall systems (Firewall Administration, Rule Analysis, Rule Modification).
Configured ACLs in Cisco 5585 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT Control using Object NAT.
Implemented network security for remote access by configuring site to site and client’sto site VPN tunnels through multiple Cisco VPN concentrators and Checkpoint firewalls and maintained access policies for remote users.
Worked on checkpoint UTM1, VPN1 and activating blade licenses to be used as Intrusion prevention and antivirus appliance.
Worked with Cisco IOS-XR on the ASR9000 devices for MPLS deployments in data center.
Experience with converting Cisco ACE load balancer to F5 LTM load Balancer in data center environment.
Configured and deployed BIG-IPLTM 8900 for providing application redundancy and load balancing.
Configured IPSLA monitor to track different IP route when disaster occurs.
Provided Network Security Architecture and Operations support services for Windows 2008 based web, application and database servers.
Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
Monitored network performance to improve the backup strategy using Solar winds.
Provided on call supporting 24/7NOC (Network Operations Center).
Communicated with different with different customers, IT teams in gathering the details for the project.
Environment: Cisco Routers 7600, 7200, 3800, 3850, Cisco Catalyst Switches 6500, 5000, 3500, 2950, T1 Controllers, DS3 Lines (T3 Lines), F5 Load Balancer, Wireless LAN controller, Wireless Cisco 3702.
Apollo Hospitals, India June 2008 to June 2009
Role: Network Engineer
Apollo hospitals chain is the largest integrated healthcare organization till date and has its dominance in whole of Asia. They have over ten thousand beds in fifty one hospitals, 115 telemedicine units across nine global nations.
Responsibilities:
Configured and administered Cisco Switches 6500/3750/3550, and Cisco Routers 7200/3900/2900.
Connected switches using trunk links and Ether channel.
Implemented and configured routing protocols such as EIGRP, OSPF and BGP.
Responsible for maintenance of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
Worked with Cisco ASA and ASR firewall.
Implemented firewall rules on Juniper 5600, Juniper SRX 3600, SRX 100 on a daily basis, using NSM and CLI.
Performed maintenance and troubleshooting of connectivity problems using PING, and trace route and packet capture tools such as Wireshark.
Provided customer support including daily backup procedures, testing network connections, equipment installation and turn-up, and remote hands assistance.
Experienced with physical layer interfaces and cabling standards.
Maintained detailed time based incident logs and technical checklists.
Environment: Cisco 3600, 2600, 2500 series routers and Cisco Catalyst 6500, 3500, 2900, 1900
Series Switches, Juniper (M320, T640).
Contact this candidate