Security Engineer Palo Alto
Resume:
Sushma
Network Security Engineer
****************@*****.***
SUMMARY
* ***** ** ********** ** a Network engineering with Cisco Certified Network Professional and Palo Alto certified network Security Engineer performing Network analysis, design, Implementing, capacity planning with a focus on performance tuning and support of large Enterprise Networks.
Strong knowledge in Cisco Routing, Switching and Security with Cisco hardware/software (heavy Cisco shop) experience.
Experience working on Cisco Catalyst Series 3750, 4500, 6800, 6500, 9300, 9400, 9500; Nexus 2000, 5000, 6000 and 7000 series switches.
Extensive work experience with Cisco Routers, Cisco Switches, Load Balancers and Firewalls.
Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 2800, 2600, 2500, 1800, 4300, 4400, 4500, ASR 1000 series.
Responsible for Palo Alto and Cisco ASA firewall administration across global networks.
Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550)
Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
Proficient and high-level expertise using the F5 based profiles, monitors, VIP’s, pools, SNAT, SSL offload, I Rules, virtual Servers, and I APPs. Migration experience from ACE to F5/ old F5 to New F5. Expert in TMSH.
Certifications:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
AWS Solution Architect
Technical Skills:-
Routing
Cisco Routers ASR1002X. 3945, 3845, 2800, 3800, 7200, 9800, 3925E, 2951E and Juniper Routers MX10016, MX-8200, MX-7100
Switching
Cisco Switches 3560, 3850, 3750, 3500, 3850, 4510, 8500, 7600 and Juniper Switches EX-9250, EX-8400, EX-6320
Data Center
Nexus-9K, 7K, 5K, 3k, 2K with ACI fabric
Firewall
Palo Alto 7k, 5k, 3k, 500 and ASA 5555, 5500, 5500X, 5525X
AWS
VPC, EC2 Instance, S3 Buckets, Auto scaling, AWS IAM, ELB
F5 Load Balancers
LTM, GTM, SSL offloading, VIP, Pool, TCPDUMP, Troubleshooting, BIG-IP 10585, 9850, 7543 and 3600
SD WAN Technology
Meraki SD-WAN Technology, Cisco Viptela (vManage, vSmart & vBond)
PROFESSIONAL EXPERIENCE
UFT, Manhattan, NY May 2023 - Present
Sr Network Security Engineer
Responsibilities:
Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
Deployment of Panorama and upgrade PAN-OS.
Deployment of Zscaler cloud firewall for Headquarter and remote offices all over US.
Registered all the RHEL servers in Red Hat Satellite 5.x, 6.x and performed necessary patches.
Implemented Zone Based Firewalls and Security Rules on the Palo Alto Firewall. Exposure to wildfire feature of Palo Alto.
Supported Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPsec and SSL VPN on Palo Alto Firewalls.
Configuration of Zones, Vsys, Virtual routers, Security and NAT policies, APP ID, USER ID with AD integration, URL filtering, SSL Decryption, Forward Proxy on Palo Alto Firewalls.
Built/Installed new Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise servers.
Experience with Bluecoat (Proxy/Reverse Proxy), Zscaler, Experience with Zscaler for Url Filtering.
Worked in Cloud Security Infrastructure and design for client’s in-house Azure Applications.
Moved Palo Alto Firewalls from on premise to Azure cloud.
Managed and maintained FortiGate Firewalls through IPv4 policies, traffic shaping, IPS, web filtering, interfaces, and routing.
Designed & Deployed Cisco ISE and Provided comprehensive guest access management for Cisco ISE administrators. Migrating Policies form Local Bluecoat / Checkpoint Devices to Zscaler Cloud. Implement URL filtering
Migrating Policies form Local Bluecoat / Checkpoint Devices to Zscaler Cloud. Implement URL filtering
Experienced in setup, configuration, upgrade, maintenance, performance monitoring and troubleshooting of servers running on different Linux OS platforms (RHEL and CentOS), desktop, switches, routers, Wireless Access Points.
Configured Cisco ISE for Domain Integration and Active Directory Integration.
Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex Connect.
Upgrading Cisco ISE Appliances Company wide. Recently rolled out OpenDNS including onsite VM appliances.
Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.
Installation of new firewalls as well as perform in place upgrades Hardening the FortiGate and Check Point firewalls before moving them to Production
Experience in data center architect for future fabric protocol including Cisco ACI/APIC pilot
Implemented Contracts, Multi-tenants between Endpoint groups using SDWAN in ACI.
Worked in firewall deployment and management in Azure such as Palo Alto Firewall.
Implementation of F5 includes configuration/creation of Network Element, Pool, pool members and virtual servers.
Experience with Zscaler for Url Filtering. Connected to Hotspot with Zscaler Cloud
Implemented Oracle RAC high availability application cluster on RHEL 4.5.
Creating process documents for various security tools like Source Fire, Fortinet Firewall, Pulse VPN appliance, Blue Coat proxy etc.
Having experience in Migration from Cisco ASA's to Fortinet’ s FortiGate firewalls
Experience Working in Large Multi-Vendor Environment such as Cisco, Juniper, BIG-IP, Palo Alto Checkpoint, Fort iGATE, Solar winds, Splunk etc.
Expertise in setting up Docker Host, Docker Registry, RHEL/ Centos Atomic Host, Docker images (Centos, RHEL and Ubuntu instances).
Design, Engineer, Deploy, Remote Access VPN Solution for 15,000+ users with redundancy at multiple sites. On Cisco Firepower 4120 and 4150 appliances.
Maintain and expand the Cisco ACI Network Centric infrastructure including ASRs, ISR, ASAs, Source file, 9k and 7k switches.
Administered Cylance Antivirus and Cylance Endpoint Protection across the entire network to include removal of viruses, update of definitions, pushing upgrades, managing accounts and configuring policy settings.
Zscaler,
Hands on experience in Red Hat Linux Performance Monitoring tools using vmstat, iostat, prstat, mpstat, sar & top.
Deployment, Migrate form Cisco ASA/Pix to Cisco Firepower 2100/4100 with ASA logical system and FTD.
Deployed, configured and implemented Imperva WAF as an Azure front end for web traffic in Test, QA, and Production environment.
Experience in build Linux servers from VMware templates and update according with Clint configuration.
Experience in installing, updating packages in Red Hat Linux servers using RPM’s and YUM repositories.
Used WAF logs for better understanding of vulnerabilities and security thresholds.
Migration and implementation of Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080.
Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
Support Panorama Centralized Management for Palo alto firewall PA-500, PA-200 and PA3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration.
Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
Deployment of Cisco Firepower 4150 Firewalls as edge Firewalls. Devices with FTD code for next generation features. Setup Cisco Firepower Management Center to manage Firepower Next generation Features such as IPS, Application Control, Advance malware protection (AMP)
Migrated to Juniper EX series switches from Cisco 3500 series and 6500 series switches
Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall.
Configured F5 LTM, series 5000 series for corporate applications and high availability.
Implemented LTM and GTM in DMZ and Internal network. Worked on software versions up to 12.1.2
Support Quality Inspections and Operational Test (OT) events related to the 2GWLAN Aruba Networks Controllers, and3800, 1562, Access Points. (Aruba 6000 controller, Aruba AP65, 70, 124, 85,125) system.
Worked on Cisco ACI, provisioning Leaf’s and Spine switches using Nexus 9K, Configuration through APIC. Expert with Tenants, VRF, Bridge Domains, subnets, APP Profiles, EPG, Contracts and Access group policies on cisco ACI for various segmentation purposes.
Experience with configuring FEX using Cisco Nexus 5K and 2K in access layer. Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
TD Bank, Cherry Hill, NJ Feb 2021-Apr 2023
Network Security Engineer
Responsibilities:
Performing the software upgrade from version 9.0 to 9.1 on panorama and VM-300 series Palo Alto firewalls.
Push firewall rule, operate and deploy PA 5060 and panorama. Defined zone-based firewall to segment sensitive application traffic.
Worked on VPN configuration, routing, NAT, access-list, security contexts and failover in ASA firewalls.
Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall
Performing the software upgrade from version 9.0 to 9.1 on panorama and PA-7000 series Palo Alto firewalls.
Python scripted deployments for application deployments in Next Gen Data center. Migrate applications from traditional Brownfield to next Gen Green field environment
Migrate all the rules and policies from juniper SRX to Palo Alto firewalls.
Used configuration management tools Puppet and Ansible for automating router configuration
Responsible Implementing NAT solution's on WAN applications with Cisco ASA based solution.
Maintaining and implementation on complex data center network design and providing step by step implementation process.
Designing, implementing, configuring with best practices on NextGen IDS/IPS Firewalls such as Palo Alto, Cisco Firepower (Sourcefire).
Worked with Cisco ISE to identify threats in the network for rapid containment and remediation.
Experience on dealing with Cisco ISE Secure Network Server 3515 and other network security products.
Worked on upgrading Cisco ISE 3300 Appliances and 1.0.4 Cisco ISE software on VMware.
Experience working with Fortinet Firewall series FortiGate 3800, 3700, 3200, 3100, 2500 & 2000.
Migration of physical data center into AWS cloud platform. Making VPC configuration, Gateway and VPN Connectivity with physical Data center.
Configure and administrating Fort iGATE Firewalls (FortiGate 240D,FortiWiFi 60D), IPv4 policy, interfaces DHCP Servers, IPsec VPN between two Fortinet routers, on premise and VPC in AWS,SSL VPN for client app
Created the AWS EC2 Instances thru Command Line.
Monitored the VPN session thru Cloud watch.
Experience with Cisco ACI fabric networks, including python automation.
Improve scalability and ease of deployments of the Open Stack underlay network by migrating from Standalone Nexus to Cisco ACI platform.
Experience in data center architect for future fabric protocol including Cisco ACI/APIC pilot
Placed in charge of control and maintenance of the SD-WAN laboratory environments, performing version updating before user client official updating.
Design and implement Cisco ACI fabric networks with Nexus 9000 switches and APIC controller in a VMware envy using Cisco network and data center routers/switches Nexus 9000, 7000, 5000, 2000, and 1000v switches in VMware
Experienced in installation, configuration, tuning, security, backup, recovery and upgrades of IBM AIX, SUSE Linux, Red Hat Linux and UNIX.
Serve as the customer’s go-to resource for all matters related to the Palo Alto next-generation firewall.
Migrated Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080
Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900.
Experience with NAT/PAT, static and dynamic NAT, access lists, security zones, policies on SRX firewalls
Key contributions include troubleshooting of complex LAN/WAN infrastructure that include configuring firewall logging, DMZs, related security policies, monitoring, documentation and change control.
Create private VLANs, prevent VLAN hopping attacks, and mitigate spoofing with snooping & IP source guard.
Designed and Deployed Cisco/ Meraki Enterprise Cloud for Corporate HQ, Co-Locations and 500+ branches with distinct SSIDs
Expertise on Firewall having worked on firewall vendors such as Palo Alto, Checkpoint, Fortinet Fort iGATE, Juniper SRX, Cisco Firepower/FTD Deployment
Deployed Nexus switches 2248, 5548, 7010 and implemented features like FEX Links, VPC, VRF, VDC, and OTV, Fabric Path
Bank of America. Charlotte, NC Oct 2018-Dec 2020
Network Security Engineer
Responsibilities:
Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
Implemented and Tested desktop virtualization and introduced VMware View to the client.
Basic configuration of Nexus 9K, 7K, 5K switches.
F5 GTM: Configuring and Managing F5 GTM for Data Centers, DNS Management and Integrated with DNS Vendors for DNS Security Management.
Upgraded load balancers from Radware to F5 BigIP v9 which improved functionality and scalability in the enterprise. Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
Configuring IPSEC VPN on SRX series firewalls
Hands on Experience working on NextGen Firewalls & IPS such as Cisco Firepower and Palo Alto.
Provided (ODL) Open daylight, Dockers Swarm container support using LINUX and Heat Orchestration and controlling network flows for Automation update using Dockers, Ansible Playbooks Yang model and NETCONF devOps tools.
Perform firewall administration adding, updating and troubleshooting as per requirement rules/policies on Juniper SRX, Palo Alto & Cisco ASA / Firepower Firewalls.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
Managed firewall using Fortigate to allow or block IPs, created policies added different interfaces and VLANs. installations, design, and implementation of Cisco solutions, VPN, Fort iGATE,
Perform troubleshooting and resolved protocol issues involving TCP/IP, PPP, OSPF, BGP, and MPLS.
Deploying and decommissioning the VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices.
Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection
Provide support for security solutions related to Bluecoat Proxy, configuring solutions in the development, test and production environment.
Worked on configuring and deploying Next Generation Firewalls including Palo Alto and Fortinet Firewalls
Implement and maintain Fortinet firewall and CSR1000 cisco routers in Azure environment also work closely with system team to implement successful deployment of servers and network devices.
Involved in L1/L2 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, InterVlan routing, LAN security.
Worked on the security levels with RADIUS, TACACS+.
Configuration, trouble shooting and installation of all 48 Fortinet firewalls ranging from Fortigate 60c models to FortiGate's Virtual Firewall.
Worked on blue coat proxy server as part of recent integration into the project.
Ensure Network, system and data availability and integrity through preventive maintenance and upgrade. Configuring and troubleshooting perimeter security devices such as Checkpoint NGX R77 Gaia, Provider-1/MDM, Secure Platform, Palo Alto and ASA Firewalls.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
Successfully installed Palo Alto PA 3060 firewalls to protects Data Center and provided L3 support for routers/switches/firewalls
Integrating Configuring RSA Secure with ISE for Token based authentications using RSA Native method RSA RADIUS method for user's remote VPN users.
Day to day operations and management of network devices such as Cisco ISE, Infoblox, Palo Alto firewalls, Panorama, Alta Vista, Check Point, Cisco firewalls and IDS, Cisco ACI and F5 Load Balancers..
Resolved Customers request to create firewall policies for Cisco ASA, juniper SRX, Fort iGATE and NX-OS.
Design and Build Software-Defined Data Center environment, including VMWare, VCenter, NSX and Cisco ACI.
Regularly performed firewall audits around Checkpoint Firewall-1 solutions for customers.
Provided tier 3 support for Checkpoint Firewall-1 software to support customers.
Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
Deployment of Cisco 6500 switches in standalone and VSS modes with SSO and NSF
Supporting EIGRP, OSPF and BGP based network by resolving level 1 &2 problems of internal Sites.
Accenture Feb 2014-Sep 2018
Network Engineer
Responsibilities:
Involved in implementation of trunking using Dot1Q, and ISL on Cisco Catalyst Switches.
Worked on Nexus 5548, Nexus 2248, Nexus 2232, Cisco 12418, 12416 Cisco 7200VXR, Cisco 6513, and Cisco OSR, Cisco 4507 Routers, Cisco 6500, 4500, 3750 & 3560 switches.
Responsible for performing Active wireless designs/site surveys with Air Magnet Planner (Cisco 3700/ 600 access points) and conducting physical wireless site surveys with Air Magnet Survey.
Responsible for conducting physical wireless site surveys with Air Magnet Survey Pro and predictive site surveys with Cisco WCS and Air Magnet Planner.
Site surveys with Cisco WCS and Air Magnet planner, system design, deployment, implementation, migration, support, troubleshooting of Cisco/802.11/b/g/n/ac wireless local area networks (WLAN).
Configured DMZ Wireless controller for the guest users. Documentation of all data such as technical reports and bill of materials.
Configuring Management port Interface and Service port Interface on Virtual Wireless controllers 5508 and 5520 for lab and staging of AP’s.
Experience configuring and maintaining VMware vSphere virtual server infrastructure Troubleshoot the Network Issues onsite and remotely depending on the severity of the issues.
Used network analyzers like Wire shark, ethereal and sniffer for packet analysis.
Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, routers.
Involved in Local Area Network (LAN) design, troubleshooting, and maintenance as per company’s requirements.
Worked with sniffing tools like Ethereal to analyze the network problems.
Worked on LTE signal testing, benchmark testing using tools like NEMO, XCAL, and TEMS etc.
Education Qualification:-
Bachelors in Computer Science, India.
Contact this candidate