Palo Alto Network Security
Resume:
Saqib Sheikh
Senior Network Security Engineer
************@*****.***
Summary
Cisco Certified Network Engineer with 9 years of experience in testing, troubleshooting, implementing, and optimizing and maintaining enterprise data network and service provider systems. Network design, Security, Tier support of Networks in various environments.
Implemented DNS management and routing using Amazon Route 53 to ensure efficient and reliable traffic routing
Experienced in Infrastructure Development and Operations involving AWS Cloud platform like EC2, EBS, S3, VPC, direct connect, Cloud Front, Cloud Watch, Cloud Trail
Proficient in administering and managing Active Directory, including user accounts, groups, and organizational units
Experi Experienced in configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco Palo Alto and Check Point firewalls.ence in Palo Alto PA-7080, PA-7050, PA-3060, PA-5060, PA-500 design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Hands on experience in Fortinet Firewall Features Logging, reporting and traffic analysis tools, and ability to identify and mitigate network security threats and anomalies.
Experienced in working with Cisco Nexus Platform including 5K, 7K and 9k switches as well as Cisco Meraki MS250, MS350 Series Switches.
Proficient in monitoring and analysing network performance using SD-WAN devices, offering actionable insights for network optimization.
Assisted in migration from traditional network infrastructure to Cisco ACI, leveraging software-defined networking (SDN) principles for enhanced security and agility.
Experienced in optimizing network connectivity by leveraging SDWAN (Viptela) technologies.
Worked on Infoblox IPAM capabilities for centralized management of IP address, Subnetting, and IP address tracking.
Experience in load balancing for both application and network layers, optimizing application availability, performance, and fault tolerance.
Worked on OSI Network Protocol/Layer; Ethernet, OSPF, EIGRP, BGP, DNS, DHCP, GTP, HTTP, SSH SNMP and Frame Relay.
Hands on experience in F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Technical Skills: -
Firewalls
Palo Alto PA-7080, PA-7050,PA-5060, PA-3060 series, FortiGate 5000, 3000, 800, 500 series, Cisco Firepower and ASA 5500 series firewalls
Routers & Switches
Juniper Routers (MX960, MX480, MX2020) and SRX Firewalls (SRX240, SRX550) & Cisco routers 800, 1700, 2500, 2600, 3601 and 4000 series 2900, 2950, 3500 Switches
Data Center Switches
Nexus 9k, 7k, 5k, 3k, 2k series switches
Wireless Devices
Meraki Wireless process
SD-WAN
Viptela
Cloud Platform
AWS cloud platform
F5 Load Balancer
LTM, Big IP BIG-IP i15000 / 2RU and F5 BIG-IP i7000 / 1RU
Professional Experience
Compass Group, Albany, NY Mar 2022 – Present
Senior Network Security Engineer
Responsibilities:-
Implemented preventive measures and security controls to enhance the overall security posture of the network.
Worked on migration of Palo Alto Next-Generation Firewall series PA-7080,PA-7050,PA-5060, PA-3060, PA-500.
Implemented Firewall as a Service (FWaaS) solutions to fortify network security and protect against cyber threats, leveraging technologies such as Palo Alto Networks PA-7080, PA-7050, PA-5060, PA-3060, and PA-500 series firewalls.
Deployed FWaaS (Firewall as a service) offerings on cloud platforms like AWS, ensuring compliance with industry regulations such as HIPAA, GDPR, and PCI DSS, and integrated AWS WAF with Palo Alto firewalls to safeguard web applications from attacks.
Implemented secure connectivity between on-premises networks and AWS VPCs using Virtual Private Network (VPN) and AWS Direct Connect.
Experienced in various AWS Services (Elastic Load Balancing, Amazon Route 53, S3, EC2, and traffic routing).
Used Cisco ACI (Application Centric Infrastructure) for fabric implementation, operations and integration with external bridged networks & Cisco Unified Communication Systems.
Worked on enabling organizations to centralize control over their network infrastructure and dynamically optimize data traffic.
Created new servers in AWS using EC2 instances, configured security groups and Elastic IPs for the instances.
Working with maintaining security device checkpoint firewall GAIA R80 Manage Security Policy on PCIDSS DAKC and UAT Checkpoint Firewalls.
Implemented Infoblox solutions for DNS, DHCP, and IP Address Management (DDI) to streamline network management processes and ensure efficient allocation of IP addresses.
Worked on Palo Alto Networks WildFire for advanced malware analysis and threat intelligence with device series (PA-7080, PA-7050, and PA-5440) device series.
Worked on monitoring and analyzing load balancer performance, using metrics and logs to troubleshoot issues and fine-tune configurations for optimal resource utilization.
Used SDwan devices for connecting branch offices to data centers, supporting remote and mobile users, and ensuring high availability for critical applications.
Worked on enabling organizations to centralize control over their network infrastructure and dynamically optimize data traffic.
Experienced in configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco Palo Alto and Check Point firewalls.
Worked on Active Directory uses the Lightweight Directory Access Protocol (LDAP) for communication and directory queries.
Implement role-based access control (RBAC) within Zscaler policies to ensure users are assigned appropriate access levels based on UAL specifications.
Worked on YAML syntax for creating clear and structured Ansible playbooks, making automation tasks more understandable and maintainable.
Provided training and guidance to network operations teams on Infoblox best practices and functionality, enabling them to effectively utilize Infoblox solutions for network security and management.
Conducted regular audits and assessments of FWaaS configurations and rulesets to ensure compliance with industry standards (e.g., PCI DSS, HIPAA) and organizational security policies.
Involved with Ansible modules to perform various automation operations, such as package management, file handling, user management, and system configuration.
Implemented multi-factor authentication (MFA) for enhanced security on user accounts and ensuring strong password policies.
Utilize Border Gateway Protocol (BGP) configurations to announce Zscaler's IP ranges and ensure optimal routing for all outbound traffic through Zscaler nodes.
Worked on and configuring, maintaining and troubleshooting of Checkpoint R76/R77, 75+, 15000, 21400, 23000 series Firewall.
Configured, managed and maintained Fortinet FortiGate firewalls, including FortiGate 7121F, 7081F, 6500f and 6300F.
Worked on Implementation and enforcement of network policies through CloudVision to ensure compliance with security standards and regulatory requirements.
Implemented FortiGate firewalls with other security solutions such as SIEM (Security Information and Event Management) Systems and threat intelligence platforms for enhanced threat detection and response capabilities.
Deployed Fortinet (FortiGate 4800F and 4400F) intrusion prevention systems (IPS), a vital component in identifying and preventing network based threats.
Worked on network traffic using Palo Alto Networks Panorama and other security tools to detect and respond to security incidents and potential threats.
Worked on Palo Alto designing and installation of features like Application and URL filtering, Threat Prevention, Data Filtering.
Configured and managed IPsec and SSL VPN tunnels on FortiGate firewalls, including models like FortiGate 1500D, 2000E, and 2500E.
Involved in integrating Cisco ISE with other security tools and technologies for a comprehensive security solution
Experienced in designing and implementing identity and access management solutions using Cisco ISE
Supported the client in designing and deploying NSX-T data center with Cisco ACI fabric as transport network.
Experience with Cisco ISE policy creation, profiling, and endpoint on-boarding
Configured and fine-tuned firewall policies and security profiles in Cisco Firepower appliances to enforce granular access controls and threat prevention.
Worked on Cisco Nexus 9000, 7000, 5000, 2000, Catalyst switches (2960, 3750, 4500, and 6500), Cisco ASR & ISR routers (1900, 2900, 3945, 4500, 7200, and 7600).
Worked on Cisco Nexus 7k in core with VDC and VPC and Cisco 5596 switch in Server Farm with Nexus 2248 EOR Switches.
Supported end user network Cisco ACI infrastructure and trouble shot several implementations of LTM and APM configuration.
Configured Infoblox Grid Manager to centralize control over DNS and DHCP services, simplifying administration and improving network reliability.
Used Cisco ACI SDN architecture to reduce operating costs, automate IT tasks for greater scalability and visibility in a data Center environment.
Implemented and managed SD-WAN solutions using Viptela architecture, including Viptela vEdge series devices such as vEdge 100, vEdge 1000 and vEdge 2000.
Worked on troubleshooting and resolving network issues related to SD-WAN connectivity, performance, and application delivery.
Worked on Netmiko to establish SSH connections with network devices and perform configuration tasks, such as pushing configuration templates, managing VLANs, or updating access control lists (ACLs).
Collaborated with cross-functional teams to ensure ISEC considerations are integrated into the design and implementation of new systems and applications.
Leveraged Infoblox Threat Insight to identify and block DNS tunnelling, DNS data exfiltration, and other advanced persistent threats (APTs).
Experienced in integrating Python with Netmiko with other network automation tools and APIs, such as Ansible, NAPALM, or REST APIs to create comprehensive network automation solutions.
Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP.
Experienced in deploying and optimizing load balancing capabilities on F5 Viprion for improved application availability and performance.
Installed, configured and troubleshooted Load balancer F5 LTM 3600, Viprion 2400 (includes code upgrade, HA pair, iRules, VIP).
Experienced in implementing Security Incident and Event Management System (SIEM) using HP ArcSight and Splunk.
Unite Here Health, Chicago, IL Aug 2021 – Feb 2022
Senior Network Security Engineer
Responsibilities
Deployed Azure Express Rute and established private and dedicated connections to Microsoft Azure, ensuring enhanced security for sensitive data.
Implemented Azure DDoS Protection to safeguard against Distributed Denial of Service (DDoS) attacks.
Experience in Azure network, VPN and Express route, Azure DNS, Traffic Manager, and Load Balancers
creating and enforcing security policies and access control rules within Cisco ISE
Implemented and managed DNS integration with Active Directory for efficient name resolution, contributing to a stable and well-functioning network environment.
Proficient in managing and troubleshooting Active Directory replication, ensuring data consistency across distributed domain controllers for fault tolerance.
Monitored and managed network security infrastructure, including firewalls, IDS/IPS, VPNs, and web application firewalls (WAFs).
Worked on administration and management of Palo Alto firewalls using centralized Panorama M-34200 and 3430 Devices.
Implemented and managed Infoblox Grid technology to ensure high availability and fault tolerance, enhancing network reliability and resilience.
Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Experience on dealing with Cisco Application Centric Infrastructure (ACI) by integration hardware and software products as per network layout
Implemented and managed SD-WAN infrastructure for optimizing network performance, reducing costs, and enhancing security.
Configured and maintained SD-WAN devices to ensure efficient dynamic path selection and application prioritization.
Worked on Implementing & Troubleshooting checkpoint Firewalls, Creating Policies and rules in Checkpoint.
Collaborated with cross-functional teams to define FWaaS (Firewall as a service) architecture, requirements, and integration points, aligning security controls with business objectives and regulatory requirements.
Experience with Infoblox Grid technology for high availability and fault tolerance
Involved in Infoblox reporting and analytics tools for network visibility and troubleshooting
Experienced in conducting root cause analysis to identify the underlying cause of network security incidents and prevent future occurrences.
Managed multiple Palo Alto firewalls centrally through the Palo Alto Panorama PA-1410 centralized Management appliances.
Experience working on network libraries and frameworks in Python, such as Paramiko, Netmiko, NAPALM, and Scapy, for SSH connectivity, network device interaction, and packet manipulation.
Proficient in SDN security, including microsegmentation and implementing security policies and access controls to protect network resources and data.
Experience with SD-WAN (Software-Defined Wide Area Network) solutions, leveraging SDN principles for improved management and optimization of WAN connections.
Implemented and managed SD-WAN infrastructure for optimizing network performance, reducing costs, and enhancing security.
Configured and maintained SD-WAN devices to ensure efficient dynamic path selection and application prioritization.
Designed and implemented scalable and secure IP address management solutions using Infoblox, optimizing IP address allocation and management processes.
Improve scalability and ease of deployments of the Openstack underlay network by migrating from standalone nexus to Cisco ACI platform.
Used Azure Active Directory (Azure AD) with Cloud team for identity and access management, implementing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) to enhance security.
Design and implement Cisco ACI fabric networks with Nexus 9000 switches and APIC controller in a VMware envy using Cisco network and data center routers/switches Nexus 9000, 7000, 5000, 2000, and 1000v switches in VMware
Supported Implemented Azure DDoS Protection Standard to defend against Distributed Denial of Service (DDoS) attacks, ensuring the availability and resilience of Azure-based applications.
Worked on reviewing and optimizing firewall policies on FortiGate firewalls to improve performance, streamline rule sets, and enhance security posture.
Worked on Fortinet firewall administration, configuration of FortiGate 3700, FortiGate 3500 series as per network diagram.
Involved in designing and implementing scalable and secure IP address management solutions using Infoblox
Involved in creating and managing DNS zones, records, and DHCP scopes within Infoblox
Conducted regular security audits and vulnerability assessments using Cisco Firepower appliances to identify and remediate security risks.
Leveraged Infoblox Threat Insight to identify and block DNS tunneling, DNS data exfiltration, and other advanced persistent threats (APTs), bolstering network security posture.
Configured intrusion prevention and detection systems (IPS/IDS) on Cisco Meraki MX security appliances to protect the network from external threats and attacks.
Worked on Juniper routers, including the Juniper MX series (Juniper MX240, Juniper MX480, Juniper MX960) and Juniper SRX series (Juniper SRX300, Juniper SRX550).
Worked on Python with security information and event management (SIEM) systems for real-time analysis and alerting of security incidents.
Participated in incident response and security incident management processes, leveraging FWaaS (Firewall as a service) logs and telemetry data to investigate and mitigate security incidents, breaches, and anomalies.
Experience in migrating the conventional remote sites with ISR routers with Viptela SD WAN and achieved elastic network connection through internet.
Worked on Viptela controller, a centralized management platform that provides control and orchestration of SD-WAN policies and network traffic.
Worked on DHCP management, utilizing Infoblox for efficient IP address allocation and management.
Developed and delivered comprehensive ISEC awareness and training programs to educate employee on security threats, best practices and compliance requirements.
Worked on F5 Load Balancers – LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Configured, managed and maintained F5 BIG-IP Load Balancers, including device series such as BIG-IP 5000, 7000 and 10000.
Troubleshoot LAN/WAN infrastructure including routing protocols like EIGRP, OSPF, HSRP and VRRP.
Verizon, NYC, NY Aug 2018 – July 2021
Network Security Engineer
Responsibilities:
Managed and supported Cisco ASA firewalls, including VPN configurations, access control lists (ACLs), and high availability (HA) configurations.
Worked on Palo Alto PA-5050 design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Experience with network segmentation using illumino and Palo Alto PA 20250 firewall series for traffic filtering and applying policies on illumino central manager
Implemented secure connectivity solutions, including site-to-site VPNs and remote access VPNs within the ACI Fabric.
Build out a software defined data center based on Cisco ACI, VMware NSX and F5 load balancers.
Involved with PA-VM based firewalls like VM-300 and VM-500, where all the firewalls are deployed in the AWS C5xM size instance.
Configuring the Network Load balancer in the AWS for the load balancing the traffic coming from the different third-party vendors or business partners around the globe.
Implemented and managed virtualization technologies such as Virtual Device Contexts (VDCs) and Virtual PortChannels (VPCs) to support multi-tenancy and improve network efficiency.
Implemented high availability configurations, such as failover and clustering to ensure continuous firewall availability.
Extensive implementation of firewall rules on juniper SRX 3600, SRX 650 and SRX 220 on a daily basis, using NSM as well as CLI when needed.
Configured and managed load balancer persistence and session affinity to maintain client sessions and improve application performance.
Configured SSL/TLS offloading and termination and F5 devices, including BIG-IP 5200 and 7200 and enhanced performance and security.
Collaborated with security teams to implement access control policies and ensured network security on Cisco Nexus and Catalyst switches.
Installed and configured various routers like 800, 1600, 2500 and configuration of various cisco switches like 2960, 3560.
Verizon, India Apr 2015 – July 2018
Network Engineer
Responsibilities:
Configured, managed and designed IP routing using a combination of static routing and dynamic routing protocols like BGP, OSPF, EIGRP, etc.
Configured STP for switching loop prevention and VLANs for data and voice along with Configuration port security for users connecting to the switches.
Worked on issues related to IP protocols like static, RIP, EIGRP (Variance and unequal cost load balancing) and OSPF.
Configured VLAN with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
Education
Bachelor degree from NTR University, India
Contact this candidate