Engineer Security
Resume:
mailto:adknzr@r.postjobfree.com
Swaroop
Certified Network Engineer
adknzr@r.postjobfree.com
Professional Summary
8.5 years of experience in Networking, including hands-on experience in providing network support, installation and analysis for a broad range of LAN /WAN/MAN communication systems.
Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP, BGP v4,
Moderate knowledge in configuring and troubleshooting Cisco Wireless networks; LWAPP, WLC, WCS, stand-alone apps, roaming, wireless security basis, IEEE 802.11a/b/g, RF spectrum characteristics.
Experience working on Cisco ASR 9001&ASR 1006.
F5 BIG-IP application load balancing subject matter expert with particular concentration on layer 7 load balancing using I-Rule scripting in TCL.
Hands on experience on windows server 2007, 2008, 2012.
Experience with implementing, managing, and developing policies/profiles on Netskope Cloud Security Access Broker.
Experience in troubleshooting network issues including boundary protection devices and Bluecoat Proxy Servers.
Expertise in updating all policies to increase functionality of DLP.
Hands on experience in plan, architect, Install, upgrade and configure Symantec DLP 14.0,14.5,14.6 to 15.1,15.5 and Forcepoint DLP 8.5 – 8.7.
Experience in Office 365 DLP/Security and Compliance Center.
Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
Installation of IP Voice System PBX and Voice gateway Cisco SPA 8000
Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
Hands on experience on dealing with Microsoft Azure cloud computing including implementing access lists in the Network Security Group.
In depth experience on Symantec Cloud Email Detection service, CASB Integration, network discover, network monitor, network prevent for email, network prevent for web.
Responsible for Check Point and Cisco ASA firewall administration across global networks.
Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Experience in deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
Experience working with Nexus 7K, 5K, 2K devices.
Experience in testing Cisco routers and switches in laboratory and deploy them on site production.
Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 appliance,
Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
Experience in designing MPLS VPN and QoS for architecture using Cisco multi-layer switches.
Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Load Balancers& Cisco Firewalls.
Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
Excellent in documentation and updating client’s network documentation using VISIO.
Performed switching technology administration includingVlans, inter-Vlan routing, trucking, port aggregation and link negotiation.
Certifications:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Certified AWS Solutions Architect Associate
Core Competencies
Network Configuration: Advanced switch/router configuration (Cisco IOS access list, Route redistribution/propagation).
Routing Protocols: IGRP, EIGRP, OSPF, BGPv4, MP-BGP, IS-IS, RIP
WAN Protocols: HDLC, PPP, MLPPP
Circuit switched WAN: T1/E1 – T3/E3/OCX (Channelized, Fractional & full).
Packet Switched WAN: ATM, FRAME RELAY, MPLS VPNs
Security Technologies: Cisco FWSM/PIX/ASDM, Juniper SRX, Palo Alto,
Checkpoint, F5 Load Balancer, ASA firewall
Cisco Routers: Cisco GSR 12416, 12418, Cisco 7200vxr, Cisco 3640, Cisco 3600
Security Firewalls ASA, Checkpoint, Palo Alto,,
Redundancy and management: HSRP, VRRP, GLBP, RPR, NSF/NSR, Wireshark, Solarwinds, SNMP
Physical interfaces: Fast Ethernet, Gigabit Ethernet, Serial, HSSI, Sonet (POS)
Layer 2 technology: VLAN, HSRP, VRRP, GLBP, STP, RSTP, PVST+, MST, PVLAN, Optimizing STP (Port Fast, Uplink Fast, Backbone Fast, Root Guard, BPDU Guard)
Layer 3 Switching: CEF, MLS, Ether channel (PAGP & LACP, Load Balancing)
Switches: Cisco Catalyst 6500, MSFC, MSFC2, 7600, 3700, 3500, Arista 7500, 7050, 7300 series, Cisco2948/3560/4500/3560/3750/3550/3500/2960
Operating Systems: Microsoft XP/Vista/7, UNIX, Linux (Red hat, Opens use, Fedora), Windows Servers 2003/2008Windows MS-Office, VMware ESX 5.1, VMware Vsphere client, Microsoft Azure, office 365, Python
Professional Experience
Company: SYNGENTA, NC April 2019 – Present
NETWORK AND NETWORK SECURITY ENGINEER (AWS)
Role Description:
Currently working as cloud migration and Network Security Engineer. As a primary for migrating on premises application into the AWS environment. Working on various AWS services like (S3 buckets, RDS, Lambda Function, Application and Network load balancer, VPC, Security Groups, NACL’s, Route tables and Route 53). Troubleshooting the connectivity issues in the Palo Alto and implementing the policies and creating the Decryption policies when needed. Investigating on the Malware incidents provided by SOC team and making necessary steps to prevent threats and making the new policy or creating new profiles for the data and URL filtering.
Detail description of role:
Working on the Palo Alto firewalls of the series VM-300 and VM-500.
Creating the policies in the Firewall when needed according to the company standards.
Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
Install and configure Symantec Endpoint protection.
Implemented Zone Based Firewall and Security Rules in the Firewall.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.
Working on the Migrations of the applications like Citrix, RHEL open shift and various applications from the Data center to the cloud.
Define policy/rules for the DLP solution and refine them as DLP strategy matures.
Studying and apply required firmware updates and Identify and resolve infrastructure vulnerabilities and issues.
Work on Symantec Cloud Email Detection service, CASB Integration, network discover, network monitor, network prevent for email, network prevent for web.
Making the decryption policies to inspect the HTTPS traffic which enters ingress of the firewall.
Generating the Certificates in the firewall to provide for vendors, as they need to install on the application for TLS/SSL inspection, unless traffic won't be allowed into the firewall.
Making the scheduled policies in the firewall where policies will terminate automatically according to the business requirements.
Working on the PA-VM based firewalls like VM-300 and VM-500, where all the firewalls are deployed in the AWS C5xM size instance.
Configuring the Network Load balancer in the AWS for the load balancing the traffic coming from the different third-party vendors or business partners around the globe.
Analyze reports from DLP tool and provide metrics to management.
Document solutions and help documents as needed for future DLP Analysis team.
Creating the targets groups as Nodes where the services are hosted on the servers.
Allowing the services which is requested by the vendors like web-browsing and SSL.
Monitoring the daily health check by using monitoring tools like Splunk, Wire Shark, Monitors, Cloud watch and Kibana.
Experienced in Infrastructure Development and Operations involving AWS Cloud platform like EC2, EBS, S3, VPC, RDS, SES, ELB, Auto scaling, Cloud Front, Cloud Formation, Elastic Cache, Cloud Watch, SNS, AWS Import / Export.
Setup and configure Cloud Watch agents to monitor necessary health parameters of an application and AWS services.
Blocking the Malicious or the vulnerable URL's in the web application firewall when the cyber security teams provides us.
Job duties include not only Migrations but also working on the daily operations tickets and new implementations.
Troubleshooting on the issues of the AWS services like connectivity issues and making new implements.
Design, implement and maintain all AWS infrastructure and services within a managed service environment.
Design, Deploy and maintain enterprise class security, network and systems management applications within an AWS environment.
Develop incident response workflow for DLP incidents as raised through DLP tool.
Install, upgrade and test DLP agent.
Perform data migration from on premises environments into AWS.
Created new servers in AWS using EC2 instances, configured security groups and Elastic IPs for the instances.
Set up an Elastic Load Balancer to balance and distribute incoming traffic to multiple servers running on EC2 instances.
Monitored instances running on EC2 using AWS CloudWatch involving creating alarms and notifying users via SNS.
Set up Route 53 to ensure traffic distribution among different regions of AWS.
Provided support throughout the software life cycle i.e. Design, Code, Test, Debug and Production.
Environment: Palo Alto VM-300, VM-500. AWS console, RDS, S3 buckets, AWS endpoints, AWS API’s, Gitlab, Cloud Watch, Cloud Trails, Direct Connect, Splunk, Kibana.
State Of Alabama, AL Dec 2017 – Mar 2019
Network Operations Engineer
Responsibilities:
Knowledgeable in routing/concepts and networking protocols, including BGP, CDP, CLNS, VRRP(-E), HSRP/VRRP, IGRP,EIGRP, IS-IS, MPLS, NAT, OSPF, QoS, RIP, DNS, VLAN/PVLAN, TCP/UDP, IP, OTV and others.
In depth knowledge and understanding of the Internet and its design (DNS, Security, IP Routing, HTTP/HTTPS, IPSEC, VPN, Email Routing, Virus Protection etc.
Configured Bluecoat as a forward proxy for all Web URL Filtering.
Install, configure, manage and support Symantec DLP for multiple clients.
Knowledgeable in building a strong secure network with expertise in implementing the organizations IDS/IPS, ISE, VPN's, ACE and Firewall solutions. Including the auditing and event management
Establishing a baseline ISE security rules/policy working with other service lane members
Support network security infrastructure and controls, including, but not limited to Security Incident and Event Management (SIEM), firewalls, VPN, intrusion detection/prevention, Network Behavior Anomaly Detection, Network Level Advanced Malware Protection, TACACS, NetFlow based tools, URL filtering, NAC etc.
Created response rules and respond to DLP incidents.
Worked on Bluecoat Proxy SG500-20, SG400 and CAS appliance implementation for client’s internet traffic.
Assist with the maintenance of Firewalls, Routers, Switches, Virtual Switches, Call Manager, Unity, Voice Gateways, VPN configuration, Wireless Controllers, Servers, and Security appliances for access to vital business applications in our private cloud and hosted.
Hands-On experience in the configuration, management, maintenance and support of wireless device like Clear Pass and Aruba Wireless.
Update all policies to increase functionality of DLP 14.6 services and upgrading of client to DLP 15.0
Worked efficiently by doing setup of Access Point Groups on the Master Controller for Aruba.
Extensively working on the Aruba Wireles solutions (Controller/AP's).
Maintain a thorough understanding of the basics behind the Internet and its interworking's (DNS, Firewall zones, ACL's, IP Routing, SSL, VPN, Content Filtering, etc.)
Experience configuring, installing, and troubleshooting centralized network infrastructure such as routers, switches, ASA Firewalls, Juniper NSG, Firepower(FMC-4000, FMC-2000) etc.
Strong knowledge on migration of DDoS attacks, IPsec & SSL implementation on Cisco and Palo Alto firewalls.
End to end testing and implementation of Bluecoat proxy, implementing authentication using client certificates and SSL interception using client sub CA certificates.
Worked with Palo Alto firewalls PA3020, PA5020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
Configuring rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools.
Solid experience with designing and deploying security solutions for Network Access Control as well as experience with Firewalls, IDS/IPS, WAF, Proxies, DLP, DDoS, and Malware inspections solutions
Having working on
1. Cisco ASA
2. Cisco Security Manger
3. Cisco routers/switches/firewalls
4. IPS/IDS modules
5. Cisco ISE
6. Solarwinds
7. Stealth watch
Knowledge and hands-on experience at SME level experience with network Security Technologies Cisco ASA, Checkpoint R77.30, worked extensively on Checkpoint platforms (IPSO, SPLAT and GAIA), Cisco Any Connect, IPSec VPN, Cisco CSM and ACS, BlueCoat proxies, director and Reporter, SSL/TLS, DNS, Tacacs/RADIUS, RSA, SecureID and SNMP monitoring and reporting.
Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations
Worked extensively on Cisco ASA 5500(5510/5540) Series,Nexus 7000 Series
Involved in Configuration of Access lists (ACL) on ASA firewall for the proper network routing for the B2Bnetwork connectivity
Documenting all the projects in word documents and plotting network Design in the Visio.
Ellucian, Dobbs Ferry, NY Aug 2016 – Nov 2017
Network Engineer
Responsibilities:
Working with Network Design and implementation teams on various projects across North America and South America.
Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
Experience with design and implementation of Data center migration.
Involved in migration of network from cisco catalyst switches/ASA firewalls to Palo Alto.
Install, upgrade and configure Next-Gen Palo Alto Firewall series PA-200,PA-500
Migrated the policies from Cisco ASA to Palo Alto Firewalls
Experience on dealing with Cisco Application Centric Infrastructure (ACI) by integration hardware and software products as per network layout
Experience on dealing with office 365 including hosting Lync web Conferencing and assisting in installing office applications.
Worked on Source Fire and Palo Alto IPS/IDS Systems
Selecting appropriate AWS service to design and deploy an application based on given requirements.
Automated network implementations and tasks and designed monitoring tools using python scripting.
Migrated complex, multi-tier applications on AWS. Defined and deployed monitoring, metrics and logging systems on AWS. Migrated existing on-premises applications to AWS
Experience on coordinating and monitoring entire organizations Authentication, Authorization and Accounting (AAA) systems
Installed Riverbed WAN optimizer software to run applications via WAN’s to multiple branches across east coast.
Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
Implementation of Juniper Firewall, SSG Series, NetScreen Series ISG 1000, SRX Series.
Worked on Juniper NetScreen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, and ISG 200.
Experience on cisco wireless management systems which includes cisco 8540 Wireless controller, cisco 5520 Wireless LAN controller, and virtual wireless controllers.
Hands on experience on Cisco ISE and various network security concepts like SSH, IPsec, firewall polices and 802.1x
Worked on Network Automation using python scripting
Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
Work on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
Secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
Configuring and Troubleshooting the Juniper SRX100 and 110 series, Juniper Net Screen routers.
Deploying and decommissioning Cisco switches, Cisco Meraki Products and their respective software upgrades.
Experienced with Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240.
To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
Provided proactive threat defense with ASA that stops attacks before they spread through the network.
Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
Created Visio Dean / Visio Documentation to give complete picture of network design for each building.
Experience in Configuring, upgrading and verifying the NX-OS operation system.
CareFirst BCBS, Owing Mills, MD Dec 2015 – July 2016
Sr. Network Engineer
Responsibilities:
Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies.
F5 Big-IP load balancer configuration, layer 7 load balancing using I-Rules (TCL)
Windows Server Administration (Windows 2000, 2003 & 2008).
Performed installation and upgrades of office 365 Business as per the changes recommended by the network architect.
Performed Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
Conducted F5 Big-IP load balancer configuration, layer 7 load balancing using I-Rules (TCL)
Extensive experience with F5 load balancers- LTM, GTM series like 6400, 6800, 5000 and 2000 for the corporate applications and their availability
Worked on Palo Alto firewall migration tool.
Troubleshooting the Juniper SRX100 and a hundred and ten series, Juniper NetScreen routers with Site-Site VPN, and firewalls for Supervalu Retail sites.
Identify, design and implement flexible, responsive, and secure technology services
Experience with Firewall Administration, Rule Analysis, Rule Modification.
Implemented Positive Enforcement Model with the help of Palo Alto Networks.
Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
Creating and provisioning Juniper SRX firewall policies.
Created standard access lists to allow SNMP, NTP and logging servers.
Documented new VPN enrollments in a database and create standard procedures for further improvement.
Configure VRRP & GLBP and VLAN Trunking 802.1Q & ISL, STP, Port Security on Catalyst 6500 switches.
Negotiate VPN tunnels using IPSec encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
Provided proactive threat defense with ASA that stops attacks before they spread through the network.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Co-ordinated with the Data Network and Security team and came up with possible solutions.
Experience on dealing with Infoblox traffic control products to simplify DNS load balancing operations
Configuration and troubleshooting of Cisco catalyst 6509, 7613 with supervisor cards.
Monitoring and troubleshooting network issues between client site and 85 remote sites with legacyswitches and routers.
Performed and presented network analysis as a part of network migration. Involved in knowledge transfer to vendors and provided them network support as required
Configuration and maintenance of EIGRP and BGP network on router 7200 and 6500 MLS.
Configuration and maintenance of 3750 stack and 6500 VSS for improved efficiency of the data plane.
Configuration and management of NEXUS network in the existing network infrastructure.
Created LAB setup with 7k and 5K NEXUS switches and Arista 7K for application testing.
YELLOW PAGES, San Francisco, CA Dec 2014 – Jul 2015
Network Engineer
Responsibilities:
Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problem
Managing enterprise BGP setup by configuring and troubleshooting BGP related issues. My responsibility
Worked as part of a team to manage Enterprise Network Infrastructure as a Tier 3 Support Engineer.
Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
Configuring and Upgrading Junos Space Virtual Appliance.
Designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel.
Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
Experience in converting PIX rules over to the Cisco ASA solution.
Administration of ASA firewalls in the DMZ and FWSM in the Server Farm to provide security and controlled/restricted access.
Configured networks using routing protocols such as RIP, OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
Responsible for maintaining the entire Routing and switching domain across the campus / Branch to
Head Office and also the Layer-2 campus network across the remote branches, which included configuring VLANs and Trunks, Spanning Tree protocol, Port-Security, VLAN-MAPs and DOT1X for switches and Wireless.
Medco/ Express Scripts Inc., NJ May 2012 – Nov 2014
Role: Network Specialist
Responsibilities:
Assisted in troubleshooting LAN connectivity and hardware issues in the network of 100 hosts.
Involved in analysis of client requirements to provide solutions for network design, configuration, administration, and security.
Basic and advanced F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers
Troubleshooting complex Checkpoint issues, Site-to-Site VPN related. Performed upgrades for all IP series firewalls from R75-R77
Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP.
Created a backup and recovery policy for software application and verified peripherals are working properly.
Monitor performance of network and servers to identify potential problems and bottleneck.
Performed RIP & OSPF routing protocol administration.
Worked extensively on Checkpoint firewalls for analyzing firewall change requests and implementing changes into existing firewall policies, maintaining security standards
Involved in interaction with support services to reduce the downtime on leased lines.
Primarily involved in Troubleshooting issues on a day to day basis & provide solutions that would fix the problems within their Network.
Monitor the operability and reliability of the network.
Maintenance and Troubleshooting of connectivity problems using Ping, Trace route.
Managed the IP address space using subnets and variable length subnet masks (VLSM).
LAN cabling in compliance with CAT5 standards.
Worked along with the team in ticketing issues
Contact this candidate