Network Engineer
Resume:
Nevan Elangovan
*****.*********@*****.***
SUMMARY:
Eight years of Network/Information Security Engineer with experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems, Cyber Threat/Network Security Information and Event Management (SIEM) tools, Enterprise Security Engineer.
In-depth Cisco technology experience/knowledge in design, implementation, administration and support.
Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
Participate in the analysis and design conducted by TD teams to ensure IAM requirements are addressed properly Participate in development, testing and implementation phase of projects
Significant experience in various domains of Information Security including Security Operations, Identity and Access Management, Security/System Administration & Security Incident Management
Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco IDS/IPS and IPSEC/SSL VPN, F5 Load Balancer..
Coordinated with vendors, the customer (users), managers to build systems and standards.
Utilized Symantec DLP (Symantec data loss prevention) tool in order to capture data at Rest Events, Scanning of NAS drives and SharePoint sites, monitored activity, and generated reports for high impact Data Protection issues.
Expertise in Installation, Migration, Configuration, Trouble-Shooting and Maintenance of Splunk, Passionate about Machine data, Operational Intelligence and Apache Web server on different UNIX flavors like LINUX.
Visual Monitoring of IVR, MTC (VXML), WEB and SPEECH servers using HP Open View.
Checkpoint VPN-1,3D Analysis, Gaia, Standalone & Distributed setup, Security management, Log server, Secure platform (SPLAT), License management.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Palo Alto rules.
Experience in risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40, Cisco ASA,
Problem determination using local error logs and by running user traces and service traces.
Documenting design procedures and test plans.
Strong hands on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600,2800, 3600, 3800, 7200) series Routers, ASA Firewall, Load Balancers using Cisco ACE, F5 LTM/GTM,
Security Device Manager (SDM), Cisco Works, HP Open View, Tufin Solar Winds, Sniffer, Check Point,
Palo Alto Networks Firewall models.
Resident Engineer Fabric Consoles.
Utilized Custom Threat Feeds to Determine Network Vulnerabilities and IOCs
Conducted Criminal Investigations using Open-Source and Social Media Tools
Wrote Python Scripts for Performing Investigations, Cyber Threat Analyses, and Big Data Inquiries
Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K and 2Kseries.
Integrated Service Now with Splunk to generate the Incidents from Splunk.
Design & Integration experience on Security information and Event management solutions (SIEM). That enable organizations to detect, respond, and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
Utilized Custom Threat Feeds to Determine Network Vulnerabilities and IOCs
Conducted Criminal Investigations using Open-Source and Social Media Tools
Wrote Python Scripts for Performing Investigations, Cyber Threat Analyses, and Big Data Inquiries
Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server.
Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1 and Cisco ASA.
Working on network design for new next-generation VPN solution, migration from Checkpoint VPN to Pulse Secure VPN from network prospect.
Hands on Experience in configuring F5 objects, components and provisioning various modules like LTM. GTM, ASM, APM
Have experience in Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site-to-Site VPN tunnels, MPLS.
TECHNICAL SKILLS:
Switching
LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging, IS CISCO Fabric and ARISTA.
Network security
Cisco (ASA, PIX) 5510, ACL, IPSEC, Palo Alto firewalls, Wireshark, MBSA, MS Visio, Apache, VMWare ESXi 3.5, VMware Server, Encase
Scripting
JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
Load Balancer
Cisco ACE load balancer, F5 Networks (Big-IP)
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet
WAN
Leased lines 64k - 155Mb (PPP / HDLC), Channelized links (E1/T1/E3/T3), Fiber Optic Circuits, Frame Relay, ISDN, Load Balancing.
Routers
Cisco 95XX, 75XX, 17XX, 18XX, 26XX, 28XX, 37XX, 38XX, 39XX &72XX series
Switches
Cisco 3550, 3750, 45XX, 65XX series
Routing
OSPF, EIGRP, BGP, RIP-2, PBR, IS-IS, Route Filtering, Redistribution, Summarization, Static Routing
Infrastructure Hardware
IBM, HP, Compaq, Dell desktops\laptops\servers, Cabling, Network printers, IP KVM Switches, Cisco Routers & Switches, 802.11x Wireless gateways, Access Points, Network UPS, Storage Area Network, NAS, iSCSI SAN
Various Features & Services
IOS and Features, HSRP, GLBP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP Management.
OS products
Windows (2000/2003, XP, vista, 7, LINUX).
AAA Architecture
TACACS+, RADIUS, Cisco ACS
Network Management
SNMP, Cisco works LMS, HP open view, Ethereal
CERTIFICATIONS:
CISCO CERTIFIED NETWORK ASSOCIATE (CCNA)
CERTIFIED ETHICAL HACKER (CEH)
PROFESSIONAL EXPERIENCE
Sr.Security Consultant at DELL EMC
United Airlines – Chicago, IL Oct 2019 – Present
Responsibilities:
Configured, troubleshoot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, software, or hardware problems.
Resolved Tier II Support tickets for Manage Firewall clients.
Provided Manage Firewall Clients' with regular status reports of their trouble tickets.
Translated Firewalls Rules from Checkpoint RR 77.30 in NDC to TULSA region Data center.
Extracted rules from Checkpoint (Non-API) RR 77.30 version and created new rules for different Security Zones. Provided Support with Migration to Checkpoint RR 80.
Maintain High Availability and Clustered firewall environments for customers using Check Point High Availability. Provide on-going support.
Team of 8 members successfully Establishing and implementing/executing information security protocols for Migration and translation (Reduced 8 months of work due to database automation).
Significant experience in Incident Management, Service tuning with procedures and standards.
Experience in Risk management and compliances.
Managed and resolved technical support requests to 3rd party vendors.
As one of three lead contacts in our group for firewall troubleshooting and maintenance issues, responsible for resolving the issues from company and/or vendor documented resolutions.
Supports senior associates to proactively identify areas for improvement within assigned business areas’ role design or enterprise security access processes. Assists with driving process to make changes. Introduces innovative recommendations, factoring in customer needs, external approaches, and security best practices
Supported Check Point, Net Ranger IDS, Cisco Pix, HP Open View
Configured and supported site to site virtual private networks
Implemented the Policy Rules, DMZ and Multiple zones for Multiple Clients of the State on the Checkpoint Firewall.
Diverse experience in various domains of Information Security including Security Operations, Identity and Access Management, Security/System Administration & Security Incident Management
Implemented the Inter zone Routing through the Checkpoint Firewalls and also the Router.
Expert in User Access Certification & validation process and Thorough knowledge of Identity and Access Management (RBAC) reports
Implemented Zone Based Firewalling and Security Rules on the Checkpoint Firewall.
Supplied data on irresolvable firewall issues to the vendor Technical Assistance Centers (TAC) and, with assistance from the vendor technicians, advanced towards full resolution of the issues and documentation of the process.
Network/Security Engineer at DELL EMC
Progressive Insurance, Cleveland OH Jan 2019 – Aug 2019
Responsibilities:
Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations. Configured BGP on the Core Cisco 9508 switches and provided connectivity with existing datacenter.
Configured OSPF on datacenter nexus 9508 switches to provide connectivity for intra network and core switches. Also provide L2 connectivity to 9348 Switches.
Successfully installed different fiber (X97160YC-EX) and Copper (X9788TC-FX) line cards for 95087 switches. Planned and executed port assignments (Data/console/management) for all 9508 switches.
Designed VLAN’s, access lists (ACL), troubleshooting IP addressing issues and Updating IOS images and other hardware installations.
Problem solved network issues related to IP video multicasting, layer 2 and layer 3 services (VPLS and IES), DHCP issues, remote access, hardware failure, and link redundancy.
Performed configuration changes to network switches as requested by the customer (PGR) Site Operations personnel.
network
IS Network Resident list pro-networking tools implemented also dependent on Arista switches.
Dealt with creating VIP pools, nodes and created Rules for Virtual servers. Designed, deployed and configured BIG IP F5i10800, i5800 and i4600 appliances
Configured and troubleshoot F5 LTM & GTM and provide Level 2 and 3 Support for customers. Licensing and provisioning F5 modules such as LTM and GTM.
Worked on code upgrade from V13.1.0.1 to 13.1.1.4.
Assisted cisco Call manager.
Support and Implementation of VMware and Hyper-V Boxes configuration
Site to Site, IPsec based VPN Tunnels for all B2B and third-party communications. Support Data Center Migration Project involving physical re-locations.
Created the topology for all the devices in the data center on how its designed to be connected (Visios)
Dealt with NAT configuration and its troubleshooting issues related access lists and DNS/DHCP issues within the LAN network.
Spearheaded deployment and configuration of several virtual private networks (VPN). Adeptly inspected and audited security and disaster recovery systems daily, resulting in robust systems and zero security intrusions.
Responsible for Incident and issue tracking, monitoring of the devices, SNMP configurations and making sure the network devices meet our security baseline configurations
Experience working in LAN and WAN design and implementations
Sr. Network Security Engineer
ExxonMobil, Woodlands TX July 2017 – Oct 2018
Responsibilities:
Responsible for Incident and issue tracking, monitoring of the devices, SNMP configurations and making sure the network devices meet our security baseline configurations
Experience working in LAN and WAN design and implementations
Has worked at customers such as AIG Insurance, Synchrony, GE, Genpac.
Configuration and Implementation of I&AM products and risk mitigation.
Design and develop automated provisioning and reconciliation of IT resources
Significant Experience in AV has helped in mitigating threats with signature vectors.
Experience with DDI solutions (DNS, DHCP and IPAM)
Migration of applications from Cisco ACE load balancer to F5 LTM BIG-IP
Created Virtual Servers, Pools and nodes as per application team requirements
Worked on DDI solutions creating A and CName records on Infoblox
Implemented zone-based firewalling and security rules on the Palo Alto firewall
Worked on configuration, maintenance and administration of Palo Alto PA 3000 firewalls and migrating customers from Cisco ASA to Palo Alto in HA network using various tools
Successfully installed Palo Alto PA-3060 firewall then configured and troubleshot using CLI and worked with Panorama management tool to manage all Palo Alto firewalls and network from central location
Configured Palo Alto Next-Generation firewall mainly creating security profiles and VSYS according to client topology; Configured and installed Palo Alto Networks 5050 application firewalls (NGFW)
Administered Palo Alto firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS
Configured rules, maintained Palo Alto firewalls and analysis of firewall logs
Worked on activation of licenses and software upgrades on Palo Alto firewalls
Worked on Palo Alto firewall PAN OS version 6 and 7
Worked on generating new and renewal of Certs on Palo Alto firewalls
Worked on 4500 and 6500 Cisco catalyst switches that includes VLANs, SVI's, inter-VLAN routing and port aggregation
Worked on Cisco Identity Services Engine (ISE) project
Configured 6500, 3750 and 4500 for Network Access Solution integration with Cisco Identity Service Engine on ESX 4.0 VMware and physically with Cisco ISE appliances
Configured Cisco ISE for Domain Integration and Active Directory Integration
Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers (WLC) and Catalyst Switches
Installed and maintained layer 2/3 switching including on Cisco Nexus platforms and Cisco Catalyst switches
Code upgrades from 11.4.0 to 11.5.1 HF8 and also 11.6.1 to 12.1.1 on F5 LTM's and GTM's
Worked on Infoblox for DNS solutions
Decrypted traffic in Wireshark using the private key from F5 to find out the root cause
Thorough knowledge of Packet Analysis using network protocol analyzers like Wireshark and working on tcp dump.
Implemented Checkpoint firewall cluster and MDS with multiple virtual firewall instances to support customers for an MSSP (Checkpoint 21800 - R77.30 GAIA) Investigated and identified multiple attack vectors, like malware, brute force, SQL injection, ransomware attack.
Key architect in separating GE Appliances from the GE Global network for the Electrolux acquisition. (Palo Alto Firewalls)
Handle RFI’s from Incident Response around events/incidents
Deployed firewall management platform and DMZ infrastructure (Checkpoint Provider-1)
Maintained, monitored and tuned IDS/IPS (McAfee)
Network Security Engineer
American Airlines, Ft. Worth TX March 2016 –July 2017
Responsibilities:
Deployment and maintenance of several network/security devices in the new build Datacenter
Working on resolving troubleshooting issue s and Incident management tickets that resulted from the Data Center migration
Worked on Network support & implementation related internal projects
Application migrations from Citrix NetScalers to F5
Ensure network, system and data availability and integrity through preventative maintenance and upgrade
Day to day work on F5 LTM and GTM's creating virtual servers, monitors, SSL certificates etc
Worked on SSL certificates, SSL profiles and CSRs on F5
Troubleshot SSL profiles, Virtual servers and pools on F5 LTM.
Implementation of Irules on the vips based on requirements from app teams
Configuring Service, service groups, Vservers, policies and content switching configuration on Citrix NetScaler
Performed network administration, installations and maintenance support for Cisco, Checkpoint, Palo Alto and F5 network equipment
Conduct periodic network, system, application, and physical security audits
Maintain a set of policy documents, security standards, and process and procedure documents for the Technologies Division
Assess each Cyber Threat based on information provided and potential impact to Pratt/UTC
Build and support Site to Site IPsec based VPN Tunnels.
Site to Site, IPsec based VPN Tunnels for all B2B and third party communications.
Support Data Center Migration Project involving physical re-locations.
Cisco ASA configuration and troubleshooting.
Managed and maintained various network security systems including firewalls, IDS systems, central authentication systems, application proxies, and general support systems
Engineering, configuring and deploying Enterprise SIEM/SEM solutions.
Developed IVR solutions, Predictive Dialers, Voice Recorders, Inbound Outbound call queue manager.
Worked on F5 BIG-IP 11050, 8950 to perform load balancing.
Managed Smart Center Check Point management server (Smart View Tracker).
Managed Check Point Firewalls from the command line using PuTTy sessions. (cpconfig and Sysconfig).
Installed Solarwinds Network Performance Monitor with traffic analysis, application & virtualization management.
Involved in Designing network plan of routing policies with route map, distribution list, and access-list.
Leveraged Cisco ThreatGrid sandbox to analyze and collect behavior indicators for suspicious URL and files.
Maintained Standard Operating Procedures (SOPs) and training documentation
Served as the primary technical support for tier3 analyst(Security patching, TAC cases)
Tested new security tools/products and make recommendations of tools to be implemented in the SOC environment.
Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
Work on task assigned by leadership that involves coordination with other departments. Create procedures and Knowledge Base documents.
Network Security Engineer
Interactive Data Corporation, India Aug 2013 – Dec 2015
Responsibilities:
Experience with Firewall administration, Rule analysis, Rule modification.
Experience on F5 load balancer to maintain balance in the network system with application specific usage.
Troubleshoot traffic passing managed firewalls via logs and packet captures.
Assist the Resident Engineer in administering Work Authorization, Design-Bid-Build, Design-Build (DB), Construction Management at Risk contracts.
Locating, executing and interpreting all soils and materials testing according to the provisions in the Contract Documents and Specifications
Collaboration in the development of mobility solutions; building test beds; conducting verification & validation testing; developing performance benchmarks.
Installing and configuring juniper Mx series router along with juniper switches QFX series.
Configured and resolved various OSPF issues in an OSPF multi area environment on IPv4.
Worked with Cisco Contact Center (UCCE) technologies, including centralized ingress, CVP, VXML, ICM and UCCE/UC integration.
Managed fast L3 switched/routed LAN/WAN infrastructure as a part of Network team.
Hands-on experience with WAN (MPLS/Frame Relay), routers, switches, TCP/IP, routing Protocols (BGP/OSPF), and IP addressing.
Involved in the configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, RIPv2 and Configured IP access filter policies.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Deployed 7613 as PE and CE routers and also Configured & troubleshoot the edge routers.
Excellent troubleshooting knowledge on T1, T3, OC-3 and OC-12.
Configured egress and ingress queues for ISP facing routers using CBWFQ.
Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
Experience with implementing and maintaining network monitoring and experience with developing complex network design documentation and presentations using VISIO.
Worked on SONET and deployment of DWDM.
Estimated project costs and created documentation for project funding approvals.
Worked on Checkpoint Firewall R77, Palo Alto and Cisco ASA 5520 firewalls.
Worked on Check Point Firewalls NG, NGX R65, R70, R75, R77, NSX (VMware Network).
Configured BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
Understanding & Implementation of IPSEC & GRE tunnels in VPN technology.
Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
Configuration, operation and troubleshooting of BGP, OSPF, EIGRP, RIP, VPN routing protocol in Cisco Routers & L3 Switches, System testing.
Tikona, India July 2012 to Aug 2013
Network Support Analyst
Responsibilities:
Worked on day-to-day operations of computer network support that includes hardware/software and LAN systems
Providing support for corporate computer users and applications
Providing support for remote users and laptops using remote access applications
Creating and maintaining documentation and operations run books
Escalating the issues to the level 2&3 technical support engineers if the resolution exceeds the time limit.
Worked on researching, analyzing the previous cases and resolved server or network problems based on the case studies
Worked on troubleshooting vlan related issues
Assisted testing of network devices to ensure the stability of the network
Assisted in configuring the network routers and switches based on the standard template provided to us by level 3 engineer
Assisted in system upgrades and helped in other networking projects
Installed and tested desk phone devices
Contact this candidate