Security Engineer Network
Resume:
M Farid Ahmed Hashmi
Certified Network Security Engineer
***********@*****.***
Summary:
13+ years of professional experience in Planning, Implementing, Configuring, and Troubleshooting of networking systems on Cisco devices.
Experience with the escalation problems for Routing, Switching and WAN connectivity issues using ticketing systems like Remedy, Cherwell, and Hp Service Manager.
Experience with routing protocols like EIGRP, OSPF, and BGP.
Excellent knowledge of TCP/IP protocols IPV-4 and IPV-6.
Knowledge of HSRP, and VRRP redundancy Protocols.
Worked on Cisco 9k, 7200, 6500, 3800, 3600, 2800, 2600, 1800 series Routers and Cisco 2900, 3500, 4500, 5500, 6500 series switches.
Advanced knowledge in design, installation, and configuration of ASA 5520, 5555, 5585-X Administration.
Knowledge of VMware vSphere administration within Cisco Unified Computing System environment.
Knowledge of Checkpoint R 80.10, R 80.20, R 80.30, R 80.40, R81.10 and VSX.
Experience with DNS/DHCP/WINS Standardizations and Implementation
Hands-on experience with complex routed LAN and WAN networks, routers, and switches.
Hands-on configuration and experience in setting up Cisco routers to perform functions at the Access, Distribution, and Core layers.
Experience in the setup of access lists, RIP, EIGRP, and tunnel installations and migration.
Experienced in troubleshooting both connectivity issues and hardware problems on Cisco-based networks.
Hands-on experience in using network simulator tools like Splunk, and SolarWinds Orion.
Hands-on experience on Firewall Management Analyzer such as Skybox
Experience in Network Management Tools and sniffers like SNMP, Wireshark, nGenius ONE, and Cisco Works.
Experience in physical cabling, IP addressing, and subnetting with VLSM, configuring and supporting TCP/IP, DNS.
Knowledge of advanced technologies like Multicasting, MPLS and MPLS-VPN.
Ability to Install, Manage & Troubleshoot Large Networks & Systems Administration on Windows & Linux platforms in Development, Lab & Production Environments.
Good knowledge of VLAN Trunk Protocol (VTP).
Design, configure, troubleshoot, and implement wireless and data networking (LAN/WAN) solutions for mid-sized to enterprise-level clients
Develop comprehensive project-based System Designs, Network Diagrams, Migration Plans, and Test Plans
Effectively communicate with internal Account Executives and potential clients to assess and make solution recommendations
Extensive knowledge of computer hardware and software applications.
Excellent leadership with good written and oral communication. Great team player and able to work under pressure 24x7 duty rotation.
Configuration of IPSEC, DMVPN and GRE tunneling technologies.
Certifications
CCNA - Cisco Certified Network Associate(Certified)
Palo Alto - ACE – Accredited Configuration Engineer (certified)
CCSA- R81.10 Checkpoint Certified Security Administrator (Certified)
CCSE -R81.20 Checkpoint Certified Security Expert (Certified)
Checkpoint Sales Specialist (certified)
Education
Master of Science in Computer Information Systems from California University of Management and Science (2013)
Bachelor of Engineering (B.E) in Electronics from NED University of Engineering and Technology (2000)
Technical Skills:
Routers (2800, 2900, 3600, 3900, 3800, 7200).
Cisco Switches (2800, 2911, 3750, 4500, 6500, Nexus 93128, 9504).
Firewall:Checkpoint,5000,15000,23000 (R77/R80.10/R80.20/R80.30/R80.40/R81.10/R81.20)
Palo Alto (PA-500, PA-3060,PA-7000,VM-300,)
Access Point: Cisco (Air Cap 35021, Universal AP Air Cap 2700)
Routing Protocol (BGP, OSPF, EIGRP, IGRP, RIP), Routed Protocol TCP/IP, Multicasting.
Management tools: Cricket, Syslog, IPAM, Splunk, Cisco Prime 3.1, nGenius ONE and Skybox.
LAN Protocol: VLAN, VTP, Inter-vlan routing, ISL, dot1q, STP, RSTP, PVST, HSRP, Ethernet, Port security.
Cloud: Azure, AWS
Network Management: SNMP v2, SolarWinds
Network Security: Knowledge of Firewall, Checkpoint, PA-500, ASA, Cisco ASDM IPSec, IPS/IDS, NAT/PAT, Ingress & Egress Firewall Design and VPN Configuration.
Application Protocols: DHCP, DNS, FTP, TFTP, HTTP, FTP SMTP, SSL.
Documentation: Microsoft Office, Visio, Cisco TAC Cases, Checkpoint SR cases.
Languages: Linux
Work Experience:
Blue Cross Blue Shield of Michigan, MI Oct 2019-May 2024
Network Security Engineer
Responsibilities:
Work as part of the Network Data Services team as a Network Security Engineer responsible for troubleshooting and implementing various tasks across the Network Infrastructure.
Proactively manage customer Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and other security threat data sources on Checkpoint and Palo Alto FW’s.
Review monitoring and security risks for our network infrastructure, and update security policies using Palo Alto, and firewalls.
Maintain and upgrade the Checkpoint Multi-domain Server, Management Server, Log Servers, Firewall Clusters, and VMSS into new OS R80.30, R80.40,81.10, R81.20.
Worked on Azure VNET to maintain and upgrade the Checkpoint Cloud Guard firewall for BCBSM Advantasure and Emergent Holdings.
Experience in managing Checkpoint virtual firewall (cloud guard) in Microsoft Azure for BCBSM Advantasure and Emergent Holdings.
Successfully increased the disk size of an already deployed checkpoint cloud guard firewall in Azure instances without downtime or outage.
Encouraging change windows with comprehensive strategies. Followed the timeframes and procedures for change control.
Migrating VPN tunnels from Cisco ASA to Next Generation Checkpoint Firewalls.
Provide proactive threat defense with Checkpoint Firewalls that stop attacks before they spread through the network.
Perform network management and monitoring functions (maintain and support network management tools such as syslog, and SNMP management system.)
Participate in proactive service management and incident response to eliminate and mitigate operational impact on customers.
Utilize tools and demonstrate a high level of proficiency to assess and troubleshoot network-related issues.
Design configuration and installation of security policies including the deployment of Checkpoint FW.
Checkpoint Level 2 and 3 operations support with hardware operations – fix all problems taking any escalations that deal with the equipment and its connection: interfaces, VLAN’s, routes, etc.
Resolve escalations on an array of end-user VPN-related issues.
Ensure network equipment efficiency, security, reliability, usability, and scalability through proactive monitoring.
Define network policies and procedures.
Responsible for overseeing the administrative tasks of Palo Alto Networks (Panorama) in the AWS environment.
Research and make recommendations to improve FW management analysis, networking standards, and processes.
Extensively worked on regular information security procedures and system attestations to ensure accuracy and compliance for internal and external audits.
Work on High Trust documents for audit.
Responsible for timely incident response and investigation requests.
Responsible for managing VPN, Checkpoint FW, and security vulnerabilities.
Work with the Skybox tool to manage policy changes, optimize FW performances, and maintain compliance standards within BCBSM.
Maintain and troubleshoot network infrastructure (troubleshoot outages, perform periodic redundancy testing, implement network improvements as needed)
Gain Capital, Bedminster, NJ Feb 2018- Sep 2019
Network Security Engineer
Responsibilities:
Worked as part of a team to manage Enterprise Network Infrastructure as a Network Security Engineer responsible for troubleshooting operational issues and performing new implementations across multiple projects.
Migrated the policies from the Cisco ASA firewall to the Palo Alto Firewall
Managed Configuration, Logging, and Reporting of Palo Alto.
Performing administrative tasks with Palo Alto Networks (Panorama) including Security, NAT policy definitions; application filtering; Regional rules; URL filtering, Data filtering, file blocking, User based policies.
Worked with Palo Alto firewalls using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall in the AWS environment.
Dealt with the implementation of Cisco ASA 5585 devices and Palo Alto devices to apply security policies on it.
Actively involved in Switching technology Administration including creating and managing VLANS, Port security- 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E.
Responsible for configuring, test, and implementing network, firewall, and security solutions with appliances such as Cisco and Palo Alto Networks application firewalls
Knowledge of custom monitors, virtual servers, pool members and load-balancing algorithms on F5 Load balancers.
Assisted in MPLS migrations, and implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.
Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, EIGRP MD5 authentication, and HSRP authentication.
Configuration of ACLs in Cisco 5520 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT.
Responsible for Documenting workflow process, Visio drawings and implementing changes following the change management guidelines.
American Express Bank, Tampa Florida Dec 2016 – Jan 2018
Network Security Engineer
Responsibilities
Responsible for design, Implementation and Maintenance of datacenter on CISCO ISR 4300, CISCO 3560.
Responsible for configuring, maintenance, and troubleshooting of cisco 3650, 4948.
Installed new software releases, and system upgrades. Evaluated and installed patches to resolve software-related problems. Performed system backups and recovery.
Configured Cisco routers and provided technical support for the configuration and installation for the customers.
Migration and implementation of Palo Alto Next-Generation Firewall series PA-500, PA-3060
Duties included monitoring network performance using various network tools to ensure the availability, integrity and confidentiality of applications and equipment.
Configuring rules and maintaining Checkpoint analysis of firewall logs using various tools.
Administer Checkpoint FW to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
Configured and implemented various protocols on 2800/2900/3600/3900/7200/7600 series routers for efficient performance of the network.
Expertise in Checkpoint design and installation for Applications, URL filtering, Threat Prevention, and Data Filtering.
Gained experience in working with migration to Check Point and Palo Alto next-generation firewalls.
Providing Layer-3 redundancy by implementing HSRP in the network.
Expert-level knowledge of TCP/IP and OSI models.
Configure layer 2 and layer 3 on Cisco Nexus 7K, 5K, 6500, 3850, 3950, ASR and 2960.
Design and implement networks including physical connections, layer 2 topologies, and layer 3 topologies.
Created Visio diagrams documentation to give a complete picture of network design for each site.
Worked with the engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
World Bank Group, Washington DC March 2016- Nov 2016
Network Security Engineer
Responsibilities:
Worked with Cisco Layer 3 switches 6500, 4948; Cisco Nexus 9396 and 7010 with the use of inter-VLAN routing, 802.1Q trunk, and ether channel.
Installation of core Cisco Catalyst 4948 to Nexus 9396.
Experience in L2/L3 protocols like VLAN, STP, VTP, ISL, MPLS, 802.1q and Trunking protocols
Worked as part of a team that migrated the whole data center environment from Cisco Catalyst 6500 to Nexus 9K’s and 2K’s.
Installing and configuring Cisco ASA 5520 to ASA 5585-X with Firepower Module.
Migration of Checkpoint to ASA 55XX-X.
Worked extensively in Configuring, Monitoring, and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/Routing/NATing with the firewalls as per design.
Worked on migration of Inter Datacenter routers from ASR 1001 to 1002-X.
Extensive experience with Cisco IOS, IOS-XR, Windows client/server operating systems, Linux, Networking technologies, and Firewalls.
Worked on troubleshooting port issues regarding QSFP, CRC errors, and Cable replacements in a Production environment.
Providing technical support on Nexus 2000/9000 switches and operating systems (NX-OS) creating vpc domain, designing single-sided vPC, designing double-sided vPC, designing vPC peer-keepalive, vPC peer-link, vPC member ports.
Tier 3 Troubleshooting of Layer 3 issues related to EIGRP, BGP.
Migrated servers connected from Legacy Switch environment to 7K’s
Involved in planning and design of various environment
University Of Pittsburgh, Pittsburg, PA October 2015– Dec2015
Network Security Engineer
Responsibilities:
Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201 and 3945E.
Hands-on knowledge in configuring cisco 3500, 4500 series switches to implement information sharing and resource allocation for increased productivity.
Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, WISM, STP (Spanning tree Protocol), RTSP & Multicasting protocols
Working on to set up OSPF dynamic routing on Cisco ASA Firewalls by using and following their current network structure.
Monitor, operate and support network security devices such as cisco ASA.
Working on as security devices Cisco ASA series.
Configuring rules and Maintaining Cisco ASA Firewalls & Analysis of firewall logs using various tools
Configuring IPSEC VPN (Site-Site to Remote Access) on series firewalls.
Migrated firewall rules from Juniper FW to Cisco ASA FW. Remote access VPN configuration and administration on Cisco ASA 5540 firewalls.
Designed & implemented VPN connectivity for customer premise equipment to Cisco VPN 3000 series concentrator.
AT&T, Dallas TX Aug 2014- Aug 2015
Network Engineer
Responsibilities:
Experience with migrating from Cisco ASA 8.2 version to Cisco ASA 8.4 Version
Configuring Cisco Switches Such as 4500, 6500, stack switches 3750.
Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256
Created documents for various platforms including Nexus 7k, ASR1k enabling successful deployment of new devices on the network
Experience configuring Virtual Device Context in Nexus 7k series switch.
Expertise in VPN configuration, routing, NAT, access-list, security contexts in ASA firewalls.
All-encompassing execution & configuration proficiency of Firewalls, Cisco ASA Appliance ASA 5510.
Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, and deploying GRE Tunnel.
Worked on Virtual Switching System (VSS) in combination of catalyst 6500 series switches
Network security including NAT/PAT, ACL, and ASA Firewalls.
Replaced aging Checkpoint firewall architecture with Cisco ASA appliances serving as Firewalls and URL and application inspection
Experienced in configuring protocols HSRP, GLBP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
Experience in migration with both Checkpoint and Cisco ASA VPN.
Hands-on experience with converting Checkpoint VPN rules over to the Cisco ASA solution.
Configured, Monitored and Troubleshot Cisco's ASA Security appliances
Responsible for leading and implementing IP network build-outs and provide Tier2/3 operational production support in a mixed Cisco Router/Switch/Wireless.
Verizon, MI July 2013 to July 2014
Network Engineer
Responsibilities:
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5585 Security appliance
Configured cisco ASA 5510 firewall to establish logical separation between Legacy network & lab environment.
Performed network monitoring, troubleshooting, implementation and maintenance of ASA and checkpoint firewalls
Migrating the policy from cisco ASA firewalls into Checkpoint & vice versa.
Implemented Zone Based firewall and Security Rules on the ASA Firewalls.
Regularly performed firewall audits around CheckPoint firewall solutions for customers.
Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
Modified internal infrastructure by adding switches to support server farms and added servers to existing
Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP, MPLS
Worked on external customer wireless network infrastructure
Leverage understanding of LAN/WAN technologies to support, design, and integrate complex wireless LANs
Worked with a team on planning, designing, configurations, deployments and support of LAN/WAN/WLAN infrastructure
Worked with VMware hypervisor and virtualization monitoring tools.
Participated in the evaluation of vendor hardware, software, and wireless communications products
Operational support and troubleshooting of production wireless network issues
Provided technical support case escalation for customer wireless infrastructure
Documentation of advanced enterprise wireless solutions and designs
Wireless design and validation, including RF site surveys of complex indoor and outdoor deployments
Supported internal wireless network infrastructure operational requirements
Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access
American Honda Motor Co., Inc. Torrance, CA May 2010 – Jun 2013
Network Support Engineer
Responsibilities:
Experience in working with cisco ASA firewalls.
Implement Cisco IOS Firewall IDS using 2600 series router.
Configuring VLAN, Spanning tree, VSTP, SNMP on Cisco switches.
Configured and debugged policy-based routing for special traffic, route filtering with route maps, and route redistribution.
Configured VLAN Trucking 802.1Q, STP, and Port Security on Catalyst 6500 switches.
Performed OSPF, and BGP routing protocol administration.
Router memory & IOS upgrade with TFTP.
Network Assessment and Documentation (including technical, operational, and economic assessment).
Responsible for designing and implementation of customer’s network infrastructure.
Help negotiate hardware, software, and circuit contracts for customers.
Redesign customer’s office copper and fiber cable plant for scalability.
Build and maintain Visio documentation for Clients.
Was Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches, fixes, and all-around technical support.
Ensured network, system, and data availability and integrity through preventative maintenance and upgrade.
Support for new store rollout, circuit, and wan installations.
Configured and supported multiple remote site installations.
IP Address management using IPAM.
Maintain and troubleshoot Hub and spoke frame relay with EIGRP.
Installation & configuration of ISDN BRI/PRI circuits.
Implement port security on Cisco switches.
Responsible for monitoring & operations of all data network-related products and services.
LG New Allied Electronics Industry (Pvt) Ltd Pakistan. Dec 2009 to Jan 2010
Network Support Engineer
Responsibilities:
Configure and install applications according to the specifications and requirements of the organization and business process.
Testing of computers and ensuring that computer systems are functioning properly.
Physical setting up of computers and software system installation for various computer applications and programs. Provide specifications of the systems and equipment as required.
Identifying and solving any problem that affects computer/operating systems performance.
Install and upgrade computer peripheral devices such as photocopiers, printers, scanners, and modems.
Networking and connecting computers within the same organization to enhance communication. Training and orienting employees with computer system hardware and software.
Troubleshooting routine problems and maintenance of servers.
Responsible for computer systems requisition and procurement, working in close liaison with the purchasing and supplies department.
References:
Available on request
Contact this candidate