Security Cisco Datacenter services projects company clients management
Resume:
Profile Summary
Expertise in managing and implementing large network and security products and services. Preparing HLD, LLD (low level document) meeting deadlines without compromising quality norms and adhering to SLA, responsible for process definition and implementation based on ITIL best practices. Expert in implementation of controls and governance of network usage and data security solutions. Rich onsite experience of travelling to the US, UK and UAE for project work and onsite support. Proficient in guiding and mentoring teams to resolve issues and prepare technical documents.
Technology Proficiency
SERVICE AND SUPPORT
DATACENTER SERVICE AND SUPPORT FOR NETWOK AND NETWORK SECURITY. TICKET RESOLVING, PROLEM SOLUTION FOR MAJOR INCIDENT USING ITSM TOOLS AND SERVICE NOW, INCIDENT MANAGEMENT, SERVICE TICKETS. CHANGE MANAGEMENT. PROBLEM MANAGEMENT. CAPACITY MANAGEMT
PERIMETER SECUIRTY- Firewall, Load Balancer and WAF.
CHECKPOINT, CISCO ASA, FORTINET, PALO ALTO, CISCO MERAKI, BARRACUDA. CISCO SECURE ACCESS (ACS) and Cisco ISE. F5 AND ARRAY.
NETWORKING - WAN, SD WAN, VPN,LINKS, Cloud Connectivity, Switching and Routing
MPLS, LEASE LINE, INTERNET, EXPRESS ROUTE FOR AZURE GATEWAY, SITE TO SITE VPN AND REMOTE ACCESS VPN, VPN CONCENTRATOR, IPSEC, GRE. AZURE (IAAS, PAAS), VNET, UDRS, GATWWAY, EXPRESS ROUTE, REMOTE ACCESS, NSG, Firewall VM Implementation in Cloud. HIGH END SWITCHES AND ROUTERS, VLAN, VTP, ETHERCHANELS, CISCONEXUS, VPC, VRF, HSRP, VRRP, CISCO MERAKI MS, MX, MR. CISCO 6500, NEXUS 9000, 7000, 5000. JUNIPER EX 4200, 2200, 3500, 4300. RIP, EIGRP, OSPF AND BGP. 802.1X.
Network TOOLS. VULNERABILITY MGMT. END POINT SECURITY
VISIO, TCP Dump, Wireshark packet sniffing, Kali Linux, Nessus, Nmap, QUALYS, ISS, OWSAP, SECURITYFOCUS, CVE AND CAN ID..etc. NETFLOW, SOLARWIND, VISTARA, DEBUG, MICROSOFT PROJECT. SYMANTEC, REALSECURE, PROVENSIA, BIT 9, Cisco Any connect with Cisco ISE remote scanning and DACL.
INFO SEC.
CERT-ISO 27001 LEAD AUDITOR/IMPLEMENTER, Conducted external and Internal audits and security policy implementation, IT Risk analysis and management.
SECUIRTY EVENT
SOLARWIND, MANAGEENGINE, McAfee Event Management SIEM and SPLUNK Integration for event analysis. SAWMIL Log analysis.
IPS IDS
Snort, Firepower, Aruba AirWave RAPIDS,
Professional Experience
Month-Year
Designation/ Role
Role Responsibilities
April-2016
Sr. Consultant Network and network security
Managed multiple customer network and firewalls with all new implementations. Migration to cloud network connectivity and firewall security in cloud.
Feb-2015
Network and network Security Architect
Implement, manage and migration of network/security
March-2013
Network Architect
Implement, manage and migration of network/security
Oct-2011
Network Specialist
Implement, manage and migration of network/security
2006 to2011
Lead and specialist
Provided supervision, support and implementation
Project and Engagement Details
Firewall Migration for an Insurance company in USA.
Duration
APR 2019 – SEP 19 (5 months)
Role
Network Security Architect
Project Type
We were involved in the migration of the data center and in the analysis and creation of firewall rules.
Technology
enterprise cybersecurity using Palo Alto, Cisco ISE, F5 Load Balancer
My Responsibilities
Analyzed complex firewall rules from the Panorama management tool to create firewall rules for scheduled migration of the server and device migration instances.
Managed end user devices that involved discovering, installing and updating operating system and application patches, maintaining user accounts and keeping the security up-to-date.
Kept track of all changes and problem lists related to threat and vulnerability, firewall changes and network devices patching.
Prepared reports and dashboards of policy-compliant devices, user identity, location and access history.
Created user roles, groups and associated policies (job role, location, device type, etc.).
Controlled authenticated user’s access to specific segments of the network, or specific applications and services. firewall rules for scheduled migration of the server and device migration instances.
Integrated ISE with Palo Alto as Radius server.
Managed F5 load balancer configuration and support and created the RFC for all changes.
Network and security support
Duration
Nov 2015 – Mar 19
Role
Network and Network Security Architect
Project Type
As part of the Shared Services vertical, we were involved in providing data center network security support to various clients in the US and UK. Support and provide any on demand capacity changes to the network and security
Technology
Firewall, antivirus, intrusion prevention, and virtual private network (VPN), threat defense, authentication, authorization, accounting (AAA), posture, and profiler. SPAM filtering, Internet proxy, switching, security, SD-WAN, intelligent network insights, endpoint management, Intrusion protection. ACS, Cisco ASA, Cisco Any Connect, Sonicwall, Palo Alto, Fire power, Iron Port, Bluecoat, Remote Access VPNs, Meraki Firewall and Switches, Cisco 6500, Cisco 3750, Aruba Wi-Fi and Aruba Clear Pass and AirWave with RAPIDS, Zscaler, Express route, IPSec, NSG, VNETs and UDR for Azure, F5, Array Juniper, Cisco Meraki, Routing, Switching
My Responsibilities
Support for Cisco high end switches, Juniper EX series switches, Aruba WiFi controller, Airwave and clear pass. Palo alto firewalls, Fortigate firewall for perimeter security configuration of security policy, VPN policy, Monitoring etc. Upgrade of IOS for all old Cisco and Juniper network equipment including firewalls. Support secure envoy two factor authentication and AAA services. Change management, Problem management and capacity management. Worked as team lead as escalation gate. Responsible for all CAB meetings or stakeholders reporting, plan, do, check all schedule changes. Own all problem and resolve after researching the issue with vendors and OEMs. Also Implementation of Cisco Meraki for Meraki firewall, Meraki switch from juniper and Cisco. Configured routing, switch movement, switch in stack, up-linking, switch connected devices such as various firewall interfaces movement to new Meraki switch. ACS/ISE Configuration, Support, Upgrades, Device Entry, Privilege Policy Creation for Network Admins, Device Discovery and management, Posture and Profile Management, Report and Dashboard Generation and Troubleshooting; Active Directory and Third Party Integration. Profile Management and Configuration for Real Servers and Redundancy; Signatures Analysis and Configuration for WAF. Support of the current network service includes Cisco ASA firewall with firepower, support for Cisco ASA and related connectivity devices, IRON port and Bluecoat support. Executed WAN implementation project where migrated old network to new ISP network, this activity involved all network service migration. Transformed existing network to Zscaler based cloud proxy. Shutdown Bluecoat and migrate all connectivity to cloud proxy. Configured routing, setup VPN with Asczler cloud GRE tunnels. Management and support for SPLUNK and do internal vulnerability and patch network and network firewalls, Hardening etc. available to all other team in CAB meeting for planning any change management, Problem management and capacity management task. Implement changes and resolve all incident, service request and problem. Prepared solution for security architecture in cloud. Banking Customer (India) – Support of bank location and then Migrated 70 Bank location on Azure cloud successfully for one of the banking client project in India for network security and network. Established express route connectivity, setup Gateway, created and configure. Airlines Company (UK) - Combines authentication, authorization, accounting (AAA), posture, and profiler guest access management for Cisco ISE administrators. Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network, including 802.1X environment. Discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network. Enabled consistent policy in centralized and distributed deployments that allows services to be delivered where they are needed. Upgraded Cisco Secure ACS for its last version for worldwide users uses ACS as RADIUS and TACACS. Support for ACS for creation of user, policy and any trouble shooting on debug level. Support of Aruba WiFi infra, available to all other team in CAB meeting for planning any change management, Problem management and capacity management task. Implement changes and resolve all incident, service request and problem. Managing Cisco ASA firewall and any connect VPN for worldwide users including contractor and users of the company. Managing complete datacenter equipped with Cisco ASA, Cisco Meraki firewall, Cisco Meraki switches, HP switches and Cisco switches. Cargo company (India) – Management and support of Cisco firewall, switches and link router. Implemented WAN link backup and service availability redundancy for internet link and services. Automobile Company UK- Support F5 load balancer, checkpoint firewall, Remote access and cite site vpn, Cisco ASA firewalls, IPS and security services
Omni Channel Security Architecture and DC Migration for Motor company in Dubai
Duration
Jul 2015 – Oct 2015 (4 months)
Role
Network and Network Security Architect
Project Type
DC Security Architecture migration for Ecommerce application
Technology
Cyber Security, Firewall Palo Alto and Cisco ASA, IPS/IDS, Proxy, Splunk, WAF
My Responsibilities
Evaluated the existing old/legacy Datacenter application, network infrastructure security, availability and confidentiality with remote location connectivity. Evaluated old security zones and recommended current with next generation firewalls and IPS and Palo Alto. After analysis recommended new security architecture of the datacenter.
Remote User Migration for recovery center for USA
Duration
Feb 2015 – June 25 (4 months)
Role
Network Security Architect
Project Type
Migration of the network security services
Technology
Juniper MAG 650 to Cisco ASA any connect vpn, Cisco ACE, Cisco switch 6500, routing
My Responsibilities
Migrated more than 3000 remote users from one VPN device to other VPN device. Plan migration for Cisco ASA devices with any connect remote access services. Responsible for customizing and hardening the access control for network usage and implemented controls for data security for end users.
Migrated more than 3000 remote users from one VPN device Juniper MAG 650 to Cisco ASA Any Connect to other VPN device.
Integrated Cisco ISE with Cisco ASA Any Connect for end user devices’ poster validation.
Responsible for planning the migration for Cisco ASA devices with Any Connect remote access services.
Setting up a DRC for Airport and Shipping in India
Duration
Jun-2013 to Feb-2015(9 months)
Role
Network and Network Security Architect
Project Type
We were involved in managing the disaster recovery center for a Government of India Public Sector Enterprise
Technology
Load balancers Citrix Netscaler, firewall Juniper SRX, IPS, switches, VPN appliance, VMware, storage, passive component such as cabling rack
My Responsibilities
Delivery of all the Datacenter equipment, configuration and mounting of firewalls, routers and other integrated devices of high end Juniper equipment. Configuration and audit compliance sign off from authority. Configured web application firewall and enabled signatures for various security profiles.
Defined and enabled policies for event-based alerts as per severity of the threat and vulnerability.
DC, DRC and 1500 remote location Network Setup for police of India
Duration
Dec 2012 to May 2013 (6 months)
Role
Network Specialist
Project Type
New Datacenter Implementation and Maintenance
Technology
Firewall, Routers, Cisco high end switches, IBM Blade center, IBM Storage, Server load balancer, HSM (Hardware Security Module), IDS/IPS, Antivirus, Patch server, Domain Controller, Application integration with application team. 10 G network
My Responsibilities
Implemented and managed state datacenter in state with 10 Gigabit networks, which includes various sites connectivity of police station. More than 1000 police stations connectivity to datacenter and DRC. Site preparedness, coordination between ISP, design of IPScheme, Resource allocation, Interview of technical engineer as per resource mapping per RFP and corrigendum. Update to all stake holders and management of overall infrastructure implantation.
Onsite to Offshore Migration or transition for network and network security services for Media based company in USA
Duration
Oct 2011 to Nov 2012 (13)
Role
Network Specialist
Project Type
Onsite to Offshore Migration/Transition for Network and Network Security Services for a Media Based Company in the US
Technology
Cisco ASA firewalls, Checkpoint, Cisco VXR router and Cisco 6500 switch, CSM and FWSM, Cisco ACS, Net Orion, Net flow Analyzer, Cisco Works and open NMS, Bluecoat proxy and Blue socket wireless controller.
My Responsibilities
The project was related to datacenter upgrades of four core datacenters, network security to protect Internet and intranet traffic with BCP and DR sites and redundancy. The network fulfills the requirement of PCI DSS. Migrated all network operation work to India offshore and build up network tower for support and transformation network activity. Designing and managing a Complex network of 50 sites having four-core datacenter. The entire infrastructure is controlled by three 7206 router for Multipoint GRE VPN tunnel. External connections are on IPSec VPN and with two-factor authentication (firewalls Cisco ASA, Checkpoint and Juniper, Checkpoint and Juniper is in migration phase to Cisco ASA).
Various ODC setup in NIIT tech and internal network and network security
Duration
Apr 2006 to Sep 2011 (65 months)
Role
Network Specialist
Project Type/Work Type
New Datacenter Implementation/Transformation and migration of network services/support of network infrastructure/Segregated ODC formation
Technology
Cisco ASA and PIX firewall, Paketier, River Bed, Watchguard, Nessus, Snort IDS, Extreme switch, Cisco routers, Cisco 3000 VPN concentrator, MPLS, P2P and IPsec Cisco ASA and PIX Firewall, River Bed, Watchguard, Nessus, Snort IDS, Extreme switch, Cisco routers, Cisco 3000 VPN concentrator, MPLS, P2P and IPsec, Packetier
My Responsibilities
Executed various project related to segregate the network offshore development center from India to USA ODC Infra setup comply with PCI DSS security standards working as Network Specialist in Internal IT department. Consulted for various architecture design and setup such as Security forces Datacenter and several ODC network setup. Sizing, Upgrade and troubleshoot the network problems as and when required. Power point presentation PPT, Visio and Microsoft project are the tools use to prepare process flow or architecture diagrams and HLD (high-level document) LLD (low level document) or run books. Ensure cabling and datacenter installation for powers and rack mounting of devices. Design and Implementation of IPSec Site to Site VPN tunnel from internet with high encryption of data and authentication for data in transit. Segregation of internal LAN and WAN from rest of the core and other project’s network. Keep all networked device security and access controlled as per ISO27001 standard. Movement of ODC setup from one to another building, locations..etc.
Security Operation Center Setup for IT software company in India
Duration
May 2004 – April 2006(23 months)
Role
Sr. Security Analyst
Project Type
Security Analysis/ Event analysis and SOC operation
Technology
All types of IDS events from IDs such as SNORT, Cisco Net ranger, Dragan, Cisco Secure Events, Real Secure, host and network based IDS.
My Responsibilities
Security Analysis/ Event analysis and SOC operation, various solution based on security sites search such as Security Focus and different IDS/IPS OEM’s manual and sites
Implemented a new datacenter with PIX firewall and Cisco core switches.
Connected new datacenter and network with several location office with IPSec site to site VPN and MPLS links. We have used concepts of CVE and CAN ID to analysis of the events and various security sites. Research for event analysis for IPS which were OEM provided manuals. Our job was to check the solution from google after looking through anomaly of the signatures. Deep knowledge of security required.
Sr. Customer support engineer CMS Ltd.
Duration
Jan 2003 – May 2004 (16 months)
Role
Sr. Customer Support Engineer
Project Type
System Administrator
Technology
PIX firewall, Voice service on IPLC, Windows and Exchange.
My Responsibilities
Creating rules in Cisco PIX firewall. Create and manage VLANs. Manage MPLS and connectivity to USA to access main frame project data. Mainframe access network support, email and system support from offshore to USA based datacenter client site. Offshore developers day to day network support from offshore.
Other Experiences
S. no.
Name of the Project
Role in Project
Type
Technology
Duration
(in Months)
1
PCI security Implementation in internal networks for ODC setup
Network Specialist
Network Security
ACS, AAA, Firewall, Switching and routing
70
2
Security CIA rating and risk mitigation
Network Specialist
Network Security
Information technology and standards
24
3
Setting up security monitoring centers
Network Specialist
Network Security
SIEM, Syslog, Events and logging
20
4
IPS implementation and vulnerability scanning
Network Specialist
Network Security
Vulnerability analysis tools and IPS signatures
20
5
Internal datacenters and location movements and migration
Network Specialist
Network
Firewalls, LAN, WAN, Switching and routing
30
6
New datacenter and new location LAN, WAN and Firewall implementation
Network Specialist
Network
Firewalls, LAN, WAN, Switching and routing
50
7
Hardening and access management
Network Specialist
Network Security
ACS, AAA, Firewall, Switching and routing
30
Detailed IT Skills
Skill Name
Exp. in Months
Skill Name
Exp. in Months
Skills
Exp. in Months
Firewall /VPN/Extranet, Remote Access/ IPSec site to site
205
Load balancer/WAF/IPS/IDS/ TACACS/AAA/RADIUS
50
Azure, VNET, Site to site VPN, Remote Access VPN, Barracuda Firewall in Azure, UDR routes, NSG
30
Cisco Meraki Dashboard management and migration to Meraki
30
INFO SEC
50
Routing and Switching
100
Contact this candidate