Resume

Sign in

Security Engineer

Location:
United States
Posted:
October 25, 2016

Contact this candidate

Harikrishna Patel

Sr Network engineer

610-***-****)

acw8bq@r.postjobfree.com

Professional Summary

* ***** ** ********** ** IT industry with managing and maintaining various Firewalls configurations, implementation and monitor.

Experienced in handling and installing Palo Alto Firewall with exposure to wild fire feature of Palo Alto Networks.

Build IT security infrastructure including Palo Alto, Checkpoint, and Cisco ASA.

Proficient handling Cisco Routers, Cisco Switches, Firewalls, Packet shapers, VPN Concentrator.

Experience with Fire eye NX 900/4400 and Firepower devices.

Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco IDS/IPS, AAA, and IPSEC/SSL VPN.

Experience in Adding Rules and Monitoring Checkpoint Firewall Traffic through Smart Dashboard and Smart View Tracker Applications.

Administering multiple Firewalls, in a managed distributed environment and knowledge on SIEM tools like QRadar.

Experience in deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.

Performed various configurations using the CISCO SDM like configuring VPN, Security Audits, Firewalls, VLANS.

Hands on experience with Big IP F5 LTM & GTM load balancers.

Experience working with multi-vendor load balancers like F5 and Citrix Netscaler

Expertise in Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Firewalls up to GAIA R77.30, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA.

Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.

Proficient in Palo Alto Next-Generation Bluecoat web proxy, HP ArcSight, Splunk Enterprise, Wireshark, FireEye, and various internet tools to assist in analysis.

Implemented security policies using ACL, Firewall, IPsec, VPN, AAA Security TACACS+, and Radius on different series of routers.

Extensive knowledge in implementing and configuring F5 Big-IP LTM 3900, and 6900 Load balancers.

Responded to security related events, user submissions and detected alerts using SIEM and various native securities tool management consoles.

Experience in troubleshooting network issues including boundary protection devices and Bluecoat Proxy Servers.

In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.

Design and configure of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).

Hands on experience in troubleshooting and deploying of various IP Routing Protocols EIGRP, RIP v1/2, OSPF, IS-IS & BGP.

Extensive knowledge of deploying & troubleshooting TCP/IP, Implementing IPv6, Transition from IPv4 to IPv6, Multilayer Switching, Multicasting protocols, UDP, Fast Ethernet, Gigabit Ethernet, Voice/Data Integration techniques.

Efficient at use of Microsoft VISIO/Office for technical documentation and presentation tools.

Technical Skill

Firewall: Palo Alto, Checkpoint R77, R76, Fortinet, Cisco ASA, PIX

OS products/Services: DNS, DHCP, Windows, Rapid 7 Nexpose, UNIX, and LINUX

Cisco Routers: 1700, 1800, 2500, 2600, 3600, 3800, 7200, and 7600.

Protocols: Routing Protocols (RIP v1 & v2, OSPF, EIGRP, BGP),

HSRP, VRRP, TCP/IP, GLBP

Cisco L2 & L3 Switches: 2900, 3560, 3750, 4500, 4900, 6500 and 6800 Nexus

2K/5K/7K And 9K

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, SMTP, FTP,

VLAN, inter-VLAN Routing, VTP, STP, and WLC

Network Management Tools: SolarWinds, Sourcefire, Wireshark, OPNET Modeller

Web Proxy/ Socks Proxy: Bluecoat, MacAfee.

Security Server Protocols: TACACS+ and RADIUS.

Load Balancers: A10 Networks (AX2500), Cisco CSM, F5 Networks Big-IP

(LTM, GTM, ASM, and Enterprise manager)

PROFESSIONAL EXPERIENCE

Texas Instruments, Dallas, TX Jan 2015 – Present

Network Security Engineer

Responsibilities:

Involved in the gathering, analysis, and communication of threat intelligence through the Intelligence process.

Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.

Utilized the Blue Coat Proxy, SIEM, SOC, IPS/IDS

Worked on FireEye HX/NX/CM/Symantec: Intrusion Detection System

Designed and deployed network security for merger and acquisition networks using Sourcefire, FireEye NX 900/4400, and ArcSight.

Worked as the top technical and relationship resource for Healthcare accounts within Fortinet, leveraging my industry knowledge and relationships to build a continuously successful sales motion.

Ensured availability of the DAM Database Access Monitoring tools.

Prepared technical standard operating procedures for DAM.

Experienced in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.

Worked on SIEM, as well as solar winds, Symantec end to end point security for malware detection and threat analysis

Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.

Worked on ACE load balancers. Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.

Configured Bluecoat as a forward proxy for all Web URL Filtering.

Implementation of TCP/IP and related services - DHCP/DNS

Worked on security tools and software such as CISCO WSA, SIEM, Qualys, Splunk, Solar winds, Source fire

Used FireEye to detect attacks through common attack vectors such as emails and webs

Configuring & managing Network & Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers

Build IT security infrastructure including Checkpoint, Juniper and Palo Alto firewalls

Administer, Maintain, and deploy Juniper IPS & VPN systems, and McAfee network based Data Loss Prevention (DLP) devices.

Service, service groups, VServers, policies and content switching configuration on Citrix Netscaler.

Configuring & managing Network & Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers

Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate the delivery of business applications.

Manage the SIEM infrastructure.

Security Analysis utilizing multiple SIEMs and Security Feeds and Threat communications.

Worked on GTMs like F5 and A10's on DNS issues and also was a part of A10 to F5 GTM migrations

Security infrastructure engineering experience as well as a Microsoft Windows, UNIX, Checkpoint Firewalls, Juniper firewalls, PIX firewalls, Bluecoat Proxies, Juniper Intrusion Prevention devices, and wireless switch Security Management.

Configuration and support of Juniper Netscreen firewalls and Palo Alto firewalls.

Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances a part from various other equipment’s.

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.

Successfully installed Palo Alto PA-3060 firewalls to protect Data Centre and provided L3 support for routers/switches/firewalls.

Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.

Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.

Performed up gradation of checkpoint firewall from old platforms to new platforms R77.10 to R77.30

Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.

Configured VPN, Clustering and ISP redundancy in Checkpoint firewall.

Configured secured access to company facilities, equipment, network, systems, and applications, and implemented established access rules for data from validated management requirements.

Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.

Responsible for maintaining and updating VPN Gateways for ensuring force of latest Security policy to deny all input requests from all non-compliant devices.

Managed the F5 Big IP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.

Experience in daily monitoring of network traffic using sniffers (Wire shark) and access logs to troubleshoot and identify network issues.

24x7 on-call escalation support as part of the security operations team.

Worked extensively in Configuring, Monitoring and Troubleshooting security appliance,

Failover DMZ zoning & configuring VLANs/Routing/NATing with the firewalls as per the design.

Worked on Multi-vendor platform with checkpoint, and Cisco firewalls requesting net flow for security compliance, coding, and pushing firewall rules after approval and troubleshoot incidents as required.

Coordinated precise scheduling for all migration events including all equipment and resources for the data centre migration on an extremely accelerated schedule with for a high profile client.

Performed up gradation of Palo Alto firewall from old platforms to new platforms 6.1.5 to 6.1.10

Configured Palo Alto Next-Generation Firewall mainly VSYS according to client topology.

Configured checkpoint firewall mainly VSX according to client topology and checkpoints features such as Application & URL filtering, IPS, Identity Awareness, IPS, VPN.

Implemented, configured and support of Checkpoint and ASA firewalls for multiple clients.

Maintained, upgraded, configured, and installed Cisco ASA 5510, 5520, & 5505 Firewalls from the CLI and ASDM.

Maintained the security standards across the security devices as per the security policies. IDS/IPS Signature updates and CSM Management

Maintained DNS security via DNS ACLs and other DNS security measures. Implemented IP security measures and cured areas of DNS vulnerability.

Worked with F5 Virtual Clustered Multiprocessing (vCMP) technology, coupled with Clustered.

Used IPsec VPN tunnelling to provide access to user machines and partners in other network.

Configured and tested Multicast for both IPv4 and IPv6 routing in Data Centre Environment

Conducted network/forensic analysis using a variety of tools such as Wireshark, Netwitness Investigator, Splunk, Bro, FireEye NX 900/4400, McAfee ePO, Mandiant MIR, and ArcSight.

Configured SSL VPN through access blade and up-gradation of Firewall.

Actively used smart view tracker and Checkpoint CLI (to security gateways) for troubleshooting.

Performed advanced troubleshooting using Packet tracer and TCPDump on firewalls.

Prepared technical documentation of configurations, processes, procedures, systems and locations.

Improved network and system security through setup and ongoing maintenance of Riverbed IPS, FireEye on edge.

Configured site to site as well as Remote Access VPN on Cisco ASA and Checkpoint Firewall.

Monitored daily network traffic and access log troubleshooting and identified network issues.

Beachbody, Santa Monica, CA, Feb 2013– Dec 2014

Network security Engineer

Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Checkpoint Firewalls.

Managed multiple security devices in order to protect the Enterprise's network - Vulnerability Scanners, Malware Detection, Intrusion Detection; Host based Firewalls, SIEM, Web Application Firewall

Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.

Configuration of checkpoint firewall mainly IPS (Intrusion Prevention System) module according to client topology and checkpoint MDS.

Architected and built various DMZ environments using Blue Coat Proxy, Juniper SRX, FireEye and Palo Alto next-gen firewalls.

Added security rules and pushing the security policy on Checkpoint and consolidated.

Configured & managed Network & Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers.

Upgraded checkpoint Web application firewall and fixing hot fixes and patches.

Implemented and troubleshoot (on-call) IPsec VPNs for various business lines and making sure everything is in place.

Configuring Juniper Netscreen Firewall Policies between secure zones using NSM (Network Security Manager).

Extracted the logs, Performed real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.

Configured & managed Network & Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers

Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating

Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.

Experienced with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM.

Drafted and installed Checkpoint Firewall rules, ACL on Bluecoats with regular upgrades on firewalls and Bluecoats.

Hands On experience in maintain the Fortinet infrastructure and Configuration of IPSEC VPN and troubleshooting in Fortinet firewall.

Monitored firewall and security events in the SIEM's.

Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating

Experience in tuning of custom rules, reports, alerts, and alarms for McAfee SIEM.

Built IT security infrastructure including Checkpoint, Juniper and Palo Alto firewalls

Added and modified the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms.

Backup and restore of checkpoint and Cisco ASA Firewall policies

Responsible for simulating network operations with the usage of packet analyser like Wire shark and use to resolve tickets whenever there is an issue.

Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), sniffers and malware analysis tools.

Worked on configuring and troubleshooting Nodes, Pools, Profiles, Virtual Servers, SSL Certificates, iRules, and SNATs on the F5 Big IPs using the Web GUI and CLI.

Provided VPN and SSH access as per role and considering security breaches. Performing Firewall rule analysis and make decisions on risk to customer network.

Designed, Implemented and configured HSRP on different location of office on the switched Network

Deployed Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM.

Managed the Entire multilayer switched network.

Involved in Network Designing, Routing, DNS, IP Sub netting, and TCP/IP protocol.

Performed route redistribution & manipulated route updates using distribute lists, route-maps & administrative distance, offset-lists.

Provided Tier II Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers

Migrated the routing protocols from EIGRP domain to OSPF in order to maintain and support multi-vender capability.

Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Cisco PIX, NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto IDS, Foundry / F5 Load Balancers, and Blue Coat Packet Shaper systems.

Configured F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.

Involved in the configuration & troubleshooting of routing protocols such as MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and IP access filter policies.

Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues.

Replaced aging Checkpoint firewall architecture with next generation Palo Alto appliances serving as firewalls and URL and application inspection.

True Value, Chicago, IL June 2012 – Jan 2013

Network security Engineer

Configured, Administered and troubleshoot the Checkpoint and ASA firewall.

Configured Cisco ASA and Checkpoint firewall layers to secure the infrastructure for the Data Centre.

Migrated firewalls from ASA to Checkpoint.

Successfully installed Palo Alto PA-3060 firewalls to protect Data Centre and provided L3 support for routers/switches/firewalls.

Implemented Positive Enforcement Model with the help of Palo Alto Networks.

Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.

Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.

Experienced with Palo Alto panorama to centrally manage the process of configuring device, deploying security policies.

Experienced with Juniper environment including SRX/Junos Space.

Configured Juniper Netscreen Firewall Policies between secure zones using NSM (Network Security Manager)

Configured and set up DMVPN, GRE based VPN on Cisco-IOS based router.

Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.

Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).

Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.

Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls

Drafted, installed, and provisioned ASA and Checkpoint firewall rules and policies.

Involved in Data Centre migrations. Handled proper management, maintenance, configuration, and altered management of firewall structure.

Experience of using Qualys Tool for networking discovery and mapping, asset prioritization, vulnerability assessment and tracking.

Configured VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches

Experienced in Qualys policy compliance in detecting internal and external threats and vulnerability.

Tuned BGP internal and external peers with manipulation of attributes such as weight, local preference.

Spinning king, India, Aug 2008–March 2011

Network Engineer

Installed and tested Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.

Installed, Configured and troubleshoot LAN and WAN using Cisco routers, switches, firewalls and other devices.

Maintained the full connectivity across the entire process plant.

Installed and maintained routers and switches in various network configurations supported VLANs, and advanced ACL.

Upgraded Cisco 7200, 3600 Router IOS Software, backup Routers and Catalyst 3560, 4500 switch configurations.

Experienced in settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.

Implemented name resolution using WINS & DNS in TCP/IP environment.

Used IPsec VPN tunnelling to provide access to user machines and partners in other network.

Configured Routing protocols such as OSPF, BGP, static routing and policy based routing.

Managed the IP address space using subnets and variable length subnet masks (VLSM).

Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different applications and blocking others.

Performed Route Filtering and Route Manipulation by applying distribute-lists, route-maps and offset lists.

Monitored configured changes on installed Cisco networking devices such as Routers and Switches to address network related issues/problems.

Experience in troubleshooting latency and throughput issues on MLPS and Dedicated Internet Access circuits.



Contact this candidate