Network Security Engineer
Resume:
Shashank Varma
Sr. Network Security Engineer
ad0ksc@r.postjobfree.com
Summary:
Cisco Certified Network Engineer with 6.4 years of experience in testing, troubleshooting, implementing, and optimizing and maintaining enterprise data network and service provider systems. Network design, Security, Tier support of Networks in various environments.
Having experience in Migration from Cisco ASA's to Fortinet’ s FortiGate firewalls
Implemented VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches.
Sound knowledge on DMVPN, MPLS technology L3 VPN, QoS Services, Bluecoat packet shaper, Cisco Secure Access Control Server (ACS), OpenDNS, IPS/IDS, Cisco Security Appliance.
Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800).
Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
Successfully installed Palo Alto PA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall.
Implemented Contracts, Multi-tenants between Endpoint groups using SDWAN in ACI
Managed Configuration, Logging and Reporting of Palo Alto firewall through the Panorama.
Proficient in using SolarWinds Network Management tools like Network Performance Monitor (NPM), Net flow Traffic Analyzer, Network Configuration Manager (NCM) and Cisco Prime.
Hands-on experience in configuring Viptela devices and creating device and feature templates on manage required for SD-WAN implementation.
Experience in Checkpoint IP Appliances R65, R70, R75, R77 &Cisco ASA Firewalls.
Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1
Performed Installation of Cisco ASA 5585 & 5520 series firewalls as well as Palo Alto 3500 series.
Designed & configured the network and implemented SD - WAN using Velocloud for the league.
Technical Skills:
LAN Technologies
SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
Network Management Tools
Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP open view
Load Balancers
F5 Networks (Big-IP) LTM 6400
Security Protocols
IKE, IPsec, SSL-VPN
AAA Architecture
TACACS+, RADIUS, Cisco ACS.
Firewall & Security
Checkpoint (NGX R65, R77-80), Cisco ASA, Palo Alto, ASA 5505 Firewall, Juniper Net Screen firewall
Languages
Perl, C, C++, SQL, HTML/DHTML, Python scripting
Firewall
Checkpoint (R65/R70/R75/R77) Palo Alto(PA-500, PA-3060, PA-5060, PA-7050, PA-7080)
PROFESSIONAL EXPERIENCE:
Ford, Chicago, IL June 2022 – Till Date
Sr. Network Security Engineer
Responsibilities:
Performed all maintenance tasks on the Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers InfoBlox DNS and Cisco ACI.
Managing Large Palo Alto Firewall network including 50 remote offices, and three Data Centers using 5000, 500 and 200 series firewalls, Palo Alto Management software Panorama. SD-WAN, MPLS experience. Cisco Meraki switches and Access Points
Worked with Palo Alto firewalls using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall
Working on implementing WASS, SD-WAN and DNA center for entire enterprise network in datacenters.
Configured F5 LTM, series 5000 series for corporate applications and high availability. Implemented LTM and GTM in DMZ and Internal network. Worked on software versions up to 12.1.2. Experience with upgrading software and hotfix. Experience with APM and ASM modules
Deploying and managing SD-WAN solutions(Viptela, Citrix) for large-scale enterprises
Expertise in migrating Fortinet firewalls to Palo Alto’s Next-Generation Firewalls using PAN migration tool/ Expedition Tool.
Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
Worked with AWS Cloud Watch including EBS, EC2, 53 and configured notifications for the alarms generated based on events defined.
Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches.
Experience with cloud infrastructure (IaaS, PaaS) design, implementation or maintenance, including experience with well-known AWS platforms.
Worked on with AWS MFA (Multi-Factor Authentication) Servers and Phone factors for two-step Security.
Developing an eBPF based Framework to enhance observability and security in the Telco Infrastructure Project
Configured EBGP load balancing and Ensured stability of BGP peering interface
Worked with Design team and installed Aruba Wifi network to supply wireless connectivity to both employees and guests using segregated VLANs
Configured and troubleshooting Aruba Wireless products like Access Points and Mobility Access Switches
Expert knowledge of Cisco ACI, NxOS and IOS, other SDN products Tiered Domains, QoS, data center network design, cloud infrastructure design and management, OSPF, BGP, VLAN Trunking
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include configuring firewall logging, DMZs, related security policies, monitoring, documentation and change control.
Configuration and troubleshooting F5 LTM, GTM series like 6600, 6800 for different applications and monitoring the availability.
Modified internal infrastructure by adding switches to support server farms and added serve to existing DMZ environments to support new and existing application platforms.
Created and tested Cisco router and switching operations using OSPF routing protocol, ASA firewalls and MPLS switching for stable VPNs.
Experience working with Fortinet/Fortigate firewalls of different ranges from entry level Fortigate 60 series Midrange Fortigate100, 500, 900 and high level Fortigate 9000 series and mostly deal with End-to-end security across the full attack.
Experience working with Juniper devices like EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX650, SRX240 and Juniper J series j230, M 320 and MX960 routers. Worked on Juniper EX4200 & EX4550 switches.
Perform technical problem resolution including analysis, trouble isolation, and repair on SD-WAN devices
Managed and supported Cisco Meraki cloud base solution that provides unified management of mobile devices and the entire network from a centralized dashboard including WIFI, VPN and SD wan through the cloud. Performed migrations from Checkpoint firewall to Palo Alto using the PAN Migration Tool.
Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users.
Experience in Cisco Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay & MPLS), Routing protocol configurations (RIP, EIGRP, OSPF, and BGP).
Worked on Juniper SRX 5800 firewalls to create policies using J-Web User Interface.
Deploying ISE in wired environment to perform Dot1x port based authentication configure the Posture polices perform Change Of Authorization CoA for users connecting to the corporate network
Configuring Cisco Catalyst Switches for Dot1x support testing the IOS compatibility with ISE
Configuring Aruba Controllers integrating with Cisco ACS and RADIUS severs for Dot1x authentication.
Integrating Configuring Cisco ASA Firewalls with ISE to the Posture policy compliance perform CoA for remote VPN IPSec, SSL Any Connect users.
Western Alliance Bank, San Jose, CA Dec 2020 - May 2022
Sr. Network Security Engineer
Responsibilities:
Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
Maintained Palo Alto firewalls Creating zones, adding rules and maintained the policies on PA 220 series,3020,5220
Used Visio diagram to support the verification of switches and servers in the DMZ.
Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions.
Worked on SDN and Network virtualization technologies like Cisco ACI.
Configured EPG, update APIC, implement access and fabric policies in Cisco ACI environment.
Distributed system and infrastructure. Clustered distributed controller for Cisco Application Centric Infrastructure (ACI), SDN. Model-based ACI/SDN controller, Network orchestration.
Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment.
Wrote Python applications to allow users to query into Network and Load balancers devices without engaging the NOC or Network Engineering group and automated firewall upgrades to improve accuracy, speed, and success of upgrades.
Troubleshot and resolved many user issues Performed network testing and base lining
Designed ACLs, VLANs, troubleshooting IP addressing issues and backing up of the configurations on switches and routers.
Provide support for DMZ’s creating and developing DMZ designs IDS signatures to meet new and emerging technologies threat
Experience configuring VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018, FCOE using Cisco nexus 5548.
Configuring ASA Firewall and accept/reject rules for network traffic. Configured ASA 5555 to ensure high-end security on the network with ACLs and Firewall.
Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
Implementation of Site-to-Site VPNs over the internet using 3DES, AES/AES-256 with ASA Firewalls
Configured and monitored Firewall logging, DMZ’s and related security policies.
Maintained and created scripts in Python that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements
Validated Cloud-Scale networking platforms/routers with virtualized IOS XR operating system to prepare and transform customer networks and successful wins in 5G, IoT, video, mobile products.
Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
Worked extensively in Configuring, Monitoring and Troubleshooting Juniper security appliance, Failover DMZ zoning & configuring VLANs/routing/NATTing with the firewalls as per the design.
Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404, 5508 for Wireless Network Access Control integration with Cisco ISE.
Sales force, India May 2017 – Nov 2020
Network Engineer
Responsibilities:
Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
Successfully installed Palo Alto PA-5000, PA-3000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls and also configured and maintained IPSEC and SSL VPN's on Palo Alto firewalls. Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Responsible for upgrading the IOS and configuring the new Router and Catalyst Switches.
Designed and installed small Windows XP based LANs for business clients
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.
Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s
Worked on Blue Coat Proxy SG to safeguard web applications (Black listing and White listing of web URL) in extremely untrusted environments such as guest Wi-Fi zones.
Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer.
Involved in installing F5 VIPRION load balancers for one of our new data center.
Experience configuring Catalyst (2900, 3500, 3700 and 6500 Series), Nexus (7000, 5000 and 2000 Series) Switches, and Routers (2800, 3600, 4400 Series) and Wireless AP's (1260, 3600) using CLI and GUI.
Involved in building Cisco ACI fabric (policy groups, switch profiles, etc.), tenants - VRFs, Endpoint Groups, Contracts
Deployed Cisco ISE 1.2 with 8 nodes in deployment, initially in learning mode increasing methodically
Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
Supported Infoblox appliances grid environment for DNS, DHCP and IP Address Management tools (IPv4)
CERTIFICATIONS:
Cisco Certified Network Associate (CCNA).
Cisco Certified Network Professional (CCNP).
Education:
Bachelor’s in Information and Technology Engineer, India
Contact this candidate