Senior Network Security Engineer
Resume:
Sayed Mohammed Yashab
**********@*****.***
Senior Network Security Engineer
SUMMARY:
7+ years of intensive practical expertise in networking security, together with a track record of professional competence in the design, setup, and upkeep of sizable business firewalls.
Assisted with managing the privacy rule transfer process with Symantec Endpoint Protection and Palo Alto PAN-PA-7000-100G-NPC-A, PA-5450, and PA-3250 Migration Tool 3.0. Designed and implemented security policies and rules on Fortinet 6500F, 4400F, 3000F and 1800F firewalls to control and monitor network traffic effectively. Implemented posture assessment and compliance checks via Cisco ISE, ensuring that endpoints meet security standards before network access is granted. Configured and managed ACI fabric components, including APIC controllers, leaf, and spine switches, ensuring optimal network performance and security. Designed and implemented secure SD-WAN architectures using Viptela, ensuring optimal routing, traffic management, and application performance. Developed and maintained detailed documentation for Infoblox configurations, policies, and procedures to facilitate knowledge transfer and ensure operational consistency.
I have experience in configuring firewall settings, secured links, and intrusion prevention systems (IPS) for FortiGate devices 6500F, 3700F, and 1800F series to enhance internet protocol security. I have improved the installation and setup of application distribution equipment by utilizing the F5 BIG-IP iControl REST API and Ansible automation for managing upgrade processes and releases. Additionally, I have enhanced threat identification and mitigation capabilities by working with NGFW equipment and ACI to examine and restrict data flow between shared resources and client interfaces. Recently, I installed a Viptela-based SD-WAN system for a global retail company with multiple branch locations, ensuring efficient and secure network connectivity across all sites.
TECHNICAL SKILLS:
Network
Management Tools
Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP
open view.
Cloud Services
AWS Cloud (EC2, VPC, Route53) Direct connect.
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
Wireless
Cisco Meraki, Aruba wireless.
LAN Technologies
SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
Switches
Nexus Switches, Arista switches, Catalyst switches and Juniper switches.
Load Balancers
F5 Networks (Big-IP) and Cisco CSM
Firewall
Fortinet (FortiGate) Firewall, Palo Alto, Cisco Firepower, Checkpoint, ASA and Juniper SRX series.
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.
Certifications:
CCNA: Cisco Certified Network Associate
CCNP: Cisco Certified Network Professional
PCNSE: Palo Alto Certified Network Security Engineer
Professional Experience:
Toyota, Plano, TX Jan 2023- Present
Sr. Network security Engineer
Responsibilities:
Using virtual views to configure IPv4 and IPv6 security policies on Fortinet firewalls can lower risks and effectively prevent unwanted access by allowing or rejecting certain IPv4 and IPv6 connection variations.
Managing firewall logs, applying the required changes to FortiGate firewall settings, and working with network designers and IT staff to find and resolve connection issues.
Skilled in using FortiManager to simplify arrangement, research, and monitoring activities while providing central management over Fortinet devices.
Setting up firewalls 6500F, 4800F, 3200F and 3500F, installing VPN, Fortinet, and Voice over IP, creating rules, configuring multiple links and VLANs, and carrying out designs are all done with FortiGate.
Assisted switching layer was created for the Firewall and Load Balancing Services, specifically for the WEB and APP user groups, using the Nexus Platform's 6500 design.
Involved in conducting real-time vulnerability assessments and threat analysis using FortiGate’s built-in security features to proactively identify and address security risks.
Working with companies that use Linux, data centers, and VMware, we were able to provide better support for port-channel setup, IP management, and VLANs on Cisco Nexus systems.
Knowledge of Nexus switches, including those in the 9800, 9500, 9400 and 7010 series, enabled me to contribute to the creation of switching and routing protocols.
Added to the creation of security protocols and system monitoring on the Palo Alto Panorama framework, which is centrally administered.
Experience in developing gateways and methods for IPsec virtual private networks. Acquaintance with reliable and safe procedures on Palo Alto firewalls, such as PA-7050, PA-5430, and PA-5220 devices.
Integrating Palo Alto Wildfire to provide comprehensive threat evaluation and analytical skills strengthened the organization's protection against sophisticated attacks.
Configuring Palo Alto networks' virtual and hardware firewalls on machines and in both public and private cloud environments.
Extensive experience in VMware ESX/ESXi hosts 3.5, 4.1 5.x hypervisor and Microsoft virtual server as well Hyper V.
Designed, put into service, and managed the Cisco Secure Firewall 4245, 3120, and 3130 devices to improve network defenses against ever-changing threats.
Assisted that the systems adhered to the most recent safety guidelines by regularly installing and patching the software on Cisco Firepower 4125, 1150, and 4100 devices.
Developed and included into endpoint routers, like Cisco Routers, to enable MPLS connectivity with distant client locations.
In depth knowledge of certification scenarios and real-world implementation for Cisco routers 8100, 8200 and 8600 series and Cisco Catalyst switches 8500, 9300, 9400 series.
Applied evaluations in compliance with ISEC criteria to examine the security of protocols used by networks and find weaknesses.
Implemented advanced features in panorama/paloalto like URL filtering, user-ID, APP-ID, content-ID.
Hands on experience in Integrating VMware NSX Palo Alto Firewalls.
Set up Infoblox DNS safety to mitigate attacks based on DNS and keep unauthenticated individuals from using network bandwidth.
Configured and managed Infoblox DNS, DHCP, and IPAM (DDI) solutions to automate and centralize network services management, ensuring high availability and scalability.
Worked with Cisco ACI fabric networks, including python automation. Worked on Great exposure to SDN(Software Defined Networks) and Network virtualization technologies like Cisco ACI.
Integrated Infoblox Threat Intelligence Data Exchange (TIDE) feeds to enhance DNS security posture and block malicious domains and IP addresses.
Hands on Experience in configuring, implementing and troubleshooting SDWAN devices like Velocloud and Versa Networks.
Experience working on NSX deployments using Firewall Micro-segmentation with vRealize Network Insight, vRealize Operations, Log Insight. Disaster Recovery, Fibre Channel San design, implementation, and migration.
Hands on experience on Checkpoint Firewalls, ASA (5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS) network.
Improved security layout with the addition of the Cisco ISE Monitor and ongoing assessment and classification of network devices based on merit.
Monitor and analyze network traffic with QRADAR, SolarWinds Orion, tcpdump, Firemon, Wireshark for Packet capturing(PCAP).
Deployed and configured virtual Machines in Windows and Linux platforms using Python Scripting, JSON templates and Azure Resource Manager portal.
Developed using vAnalytics to collect, analyze, and offer information in real-time on security incidents, metrics for efficiency, and contacts with the SD-WAN network.
Added efficiency and dependability through the use of variable route selection, integrated vSmart controllers and vBond management, and integrated backup.
Worked with teams from various departments to create and implement SD-WAN services, connecting Viptela products with network standards and safety requirements with ease.
Improved script efficiency and maintained design safety by implementing dynamic supply maintenance through the use of Netmiko scripts to locate and link storage modules.
Integrated more encryption methods to Cisco ACI to safeguard private information while it's being sent and stop unauthorized access.
Inspected configuration, checked configuration compliance, test IT Controls functionality and inspected logs. Reviewed signatures within IDS/IPS tools (Snort) to ensure signatures are up to date to minimize false positive and false negative in the System.
Provide support for 2Tier and 3Tier firewall architecture, which includes various Checkpoint R80 Gaia, Cisco ASA firewalls and Palo Alto firewalls.
Assisted in transitioning the client's network infrastructure from VXLAN to the new eNSE platform, leveraging virtualization and software-defined networking (SDN) to enhance service delivery.
Developed the ACI fabric's maintenance processes to reduce disruptions and precisely address operational requirements.
Deployed Cisco Firepower Threat Defence FTD (2100,4100&9300) along with Intrusion prevention system (IPS), logging features in Firepower management center (4500).
Implemented Agile methodology in network operations, enhancing efficiency and collaboration.
Using automation techniques in conjunction with ACI to automate VLAN assigning and administration procedures and boost operational efficiency.
Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
Added to ongoing operational efficiency improvements and kept up with Ansible's most recent features and components pertaining to internet security automation.
Improved bandwidth utilization for replication and more reliable interaction were achieved by using Active Directory Sites and software settings.
Configure an Aruba VIA VPN to safeguard confidential data and comply with legal mandates, allowing employees stationed overseas to securely access company data and apps from any location.
Experience with Zscaler cloud proxies ZIA and ZPA. Worked on setting up tunnels to Zscaler Zen’s, zero trust network access.
Configured and maintained IP Layer 1-3 for Edge Networks, including troubleshooting copper and fiber cabling (Cat5/6, SC, LC, FC, MPO) and implementing MOPs for various data center deployments.
Configured, implemented and troubleshooted different business policies in Velocloud SDWAN.
Developing secure network designs in collaboration with network architects, utilizing Arista switches 7500R, 7280R3, and 7170 as essential foundation elements.
Developed in consistent with user-specified requirements and program choices, layer 7 load balancing and connectivity redirection rules were generated using F5 iRules.
In depth understanding of AWS Elastic load balancing, which distributes traffic fairly among several servers to increase application performance and dependability.
Assist with efficiently analyze the functioning and health of different AWS services, set up measures and activate AWS Cloud Watch alerts.
Added to the task being done by the safety group to regulate data flow between and inside AWS systems that are based on virtual personal clouds.
Wrote Python Code using Ansible Python API to Automate Cloud Deployment Process for networking and CI/CD.
Developed specialized Python apps and scripts to streamline time-consuming operations, accelerate incident handling, and enhance network security in general.
Endeavor Health, Naperville, IL Jun 2020 – Dec 2022
Sr. Network security Engineer
Responsibilities:
Configuring Fortinet firewalls to secure routing and safeguard networks and enable interaction among IPv6 and IPv4 devices by setting up IPv6 translation of identity (NAT66).
Assisting Using virtual LANs to split and fortify communication across connectivity on FortiGate systems increased networking safety and efficacy.
Experience in FortiGate firewall administration in real-time, which guarantees reliable and steady network performance.
Installing FortiGate firewalls, such the 3700F, 4200F, and 4700F, which were designed as security measures in conjunction with system developers and safety specialists.
Monitored the Cisco Nexus device patch management and upgrade processes, making sure that all safety issues were fully resolved and that standards were followed.
Using Cisco Nexus Switches, VXLAN tunneling—an efficient use of packet techniques—was developed for Layer 2 base applications over Layer 3 platforms.
Install several Nexus series devices, such as the 7010, 7018, 5600 and 5548 models, giving special consideration to Tier 3, Tier 4, and Top of Rack configurations.
Configure Cisco routers with IPsec VPN links that enable secure communication between distant sites while protecting the security and privacy of data.
Maintaining and overseeing adherence of service level agreements (SLAs), promptly addressed issues relating to Cisco routers.
Integrated data collecting, tracking, and handling was given by using management tools like Cisco Prime Design and Solar Winds in conjunction with Cisco routers from the ISR 4461, 4331, 1100 and 1160 series.
Assistance networking engineers find and address problems with the firewall setups for the Juniper SRX 1600 and SRX 2300 series.
Deployed, configured and troubleshoot the Juniper PulseSecure SSL VPN gateways (MAG series) with remote access.
Improving scalability, entry, and authority over the performance and supervision of Ansible jobs by leveraging Ansible Tower (AWX) to expedite network-related operations.
Developed and enhanced Palo Alto's innovative safety monitoring technology, Wildfire, to effectively detect and evaluate unwanted and dangerous data.
Improved Palo Alto IT security methods according to customer-specific and enforced policies as needed to guarantee accurate oversight of network activities.
Installation of Palo Alto Panorama, the company's central management tool, customers can now quickly setup and operate Palo Alto firewalls in the PA-7080, PA-5450, and PA-5000 series using a single interface.
Worked with SolarWinds monitoring tools and Service Now Ticketing system.
Worked with system inspections, bug fixes, approval, and Palo Alto firewall defense against denial-of-service (DDoS) assaults.
Applying the ISEC competencies, thorough risk assessments were combined, possible risks were located, and preventative actions were put in place to successfully lower dangers.
Support Cisco ISE and Aruba Clearpass NAC Product.
Maintained a check on the DNS, DHCP, and IPv4 administration for the Infoblox device grid architecture, which was included into the state's farm operations system.
Deployed Infoblox DHCP fingerprinting to identify and categorize endpoint devices based on DHCP traffic patterns, improving network visibility and security.
Regularly performed software updates and patching on VIPRION 2400 devices to address security vulnerabilities and access the latest features.
Developed and maintained detailed documentation for Infoblox configurations, policies, and procedures to facilitate knowledge transfer and ensure operational consistency.
Using identities, device type, and endpoint status will be the determining factors for designing Cisco ISE to be connected with the network structure. Adaptive verification could be utilized.
Improved accessibility and dependability of automated processes Corrections of errors and analysis are included into Netmiko programs.
Utilized automation tools such as Cisco VTS, Nokia Nuage, Itential IAP, HPNA, and DCNM to streamline network operations and deployment processes.
Install and maintain F5 Viprion load balancing networks that split up incoming data between multiple servers to decrease downtime and improve application efficiency.
Working on F5 Viprion 4300, 4340N, and 4450 networks employ merging iRules; the Application Delivery Controller (ADC) was created and its skills were modified in response to particular demands.
Developed scripts in Python for automating network configurations and utilized cloud-based platforms (Linux, OpenStack) to support network virtualization initiatives.
Implemented and maintained security policies on Junpier IDP devices, ensuring effective threat detection and prevention.
Improved program effectiveness, decreased latency, and raised overall user happiness with the integration of F5 Viprion load balancing and network optimizing techniques.
Using Meraki Systems Manager to safely erase information on lost or stolen devices and adhere to encryption regulations, privacy and security have been enhanced.
Developed Python scripts using Tensor Flow to build automated learning models to identify abnormalities in contacts and alert users to potential safety issues before they get worse.
Implemented Taboo Contracts in Cisco ACI, preventing access to sensitive and unprotected EPGs that handle payment execution.
Integrating Cisco ACI technologies, the network architecture designed for application-centric configurations was made manageable and adaptable.
Added Cisco ACI PEE to continuously monitor security procedures in compliance with present regulations, minimizing human mistake in setup and ensuring ongoing legal compliance.
Using AWS route 53's routing requirements and health checks, backups were put up to assure the continuous functioning of crucial applications and services.
Integrated TippingPoint and Juniper IDP systems with existing firewall and security infrastructure.
Assisted with distribute resources throughout AWS VPCs, build up IP address regions, and efficiently distribute and manage CIDR blocks.
Improved resilience to attacks and decreased latency for crucial procedures by setting up several routes with distinct routing on AWS Direct Connect connections.
Deploying Cisco Secure Firewall 3140, ISA 3000 devices, terms of service, access lists, and safeguards, internet connection was enhanced and risk issues were significantly reduced.
Utilize Cisco Firepower 4112, 4115 in a particular manner to carry out comprehensive threat assessments and carefully analyze and correlate security events.
Developed and oversaw solutions for Active Directory Safety, making sure that digital signatures were granted and kept up to date to improve security procedures.
Setting up and refining vManage to provide centralized management of SD-WAN creates, regulations, and rules for several global networks.
Working closely with AWS, Viptela designed and built SD-WAN solutions, which create a network design that is particularly appropriate for centralized cloud setups.
Develop a hybrid wide-area network (WAN) utilizing LTE connections, MPLS, and the internet. Viptela SD-WAN solutions provide reliable security over a range of connectivity paths.
Verizon, NYC, NY Oct 2019- May 2020
Network security Engineer
Responsibilities:
Working on ASA 5515, 5585, 5555, and 5540 firewall connections was worked on; this produced great results and load balancing in addition to eliminating hardware problems and guaranteeing an uninterrupted web connection.
Worked on Nexus 5K Layer 2 VPC, Port-Channel, VLAN configuration. Support to Cisco 3850 Stack to ASA 5585 connection.
Maintenance of Cisco ASA 5500 firewall for DCA site, adding new rules or changing existing access lists if necessary.
Experienced in optimizing and scaling ASA 5585-X SSP devices and handled high traffic volumes.
Adding the visa-specific network design tool VANTAGE, DEX diagrams for MPLS lines across tunneling routers Cisco 1900, 2900, and 3900 were created.
Configure outgoing internet traffic monitoring and filtering using the F5 BIG-IP 5000i, 7000i, 10000i iSeries SWG, which avoided visiting unauthorized or hazardous websites and provided insightful data on how clients used the internet.
Improved the number of active cities on Palo Alto firewalls, such as the PA-820, PA-460, PA-3250, and PA-1000 series; added more connections; resolved insecure issues; and managed advanced preferences for various service objects.
Working together with Tetration's behavior-based computer skills to provide a full understanding of contact runs, application relationships, and traffic trends.
Designing and carrying out effective cabling protocol improvements in close collaboration with system designers and network technicians.
Integrated firewall policies and configurations remotely and used Check Point R75.10, R77.30, R76, and Smart Console to be informed about traffic flows and safety concerns.
Set up Blue Coat Network Privacy to classify websites according to company guidelines. Access can be allowed or prohibited depending on pre-established categories, such malware, gaming, and social networks.
Utilized deep knowledge of CLI commands for network devices, including Nokia (7750/7706/7250) and Cisco platforms (55A1, 5504, 5508, 9508, CRS-16, Nexus 3k/5k/7k/9k) to execute device configurations, firmware upgrades, and network troubleshooting.
Implemented and managed Layer 2 and Layer 3 VPNs, including MPLS (LDP & TDP) and inter-AS MPLS, to support secure and scalable network architectures.
Involved in troubleshooting network traffic and its diagnosis using tools like ping, trace route, Wire shark, TCP dump and Linux operating system servers.
Monitored and maintained the optical network including ADVA & Ciena MUX equipment.
Assisted teams in identifying and resolving difficult network problems by facilitating the transfer of Wireshark data captures and analyzing the outcomes.
Configured and troubleshoot VLAN, trunking, ether-channel, port-channel, inter-vlan routing, HSRP, LACP, PAGP on various distribution layer 3 switches like Nexus 7000 series.
Worked with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a flexible Access Solution for datacenter access architecture.
Worked on different networking concepts and routing protocols like BGP, EIGRP, OSPF, Tunnels, L2TP and VPLS and other LAN/WAN technologies.
Cisco routing and switching technologies and devices LAN / WAN, VPN, Routing protocols, VLANs, Trunking, Cabling, Cisco IOS administration
Designed advanced networking solutions including Quality of Service (QoS), Virtual Routing and Forwarding (VRF) and route redistribution.
Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment.
Support 24x7 data network center, monitor network performance, manage and maintain Cisco IOS, IOS-XR and JunOS hardware.
Participated in data center upgrade from Cisco IOS platforms to NX-OS platforms.
Configuring and troubleshooting Juniper MX series high performance Ethernet service routers for advanced QoS and low latency.
Experienced in creating, setting up, and overseeing Cisco TrustSec solutions, which provide flexible and extensive network access control across the organization.
Set up Silver Peak's program control and accessibility features to understand the efficiency of applications, analyze traffic trends, and make informed decisions.
Worked on keep the antivirus section of the network up to date with current versions of antivirus, latest signatures and relevant documentation.
Applied efficient tracking, data reporting, and evaluation for activity utilization and deployment in Citrix Software Application Delivery Management (ADM) or NetScaler Data Location solutions.
Install SIEM software for threat analysis and antivirus software, such as Microsoft Workplace Safety and Solar Winds.
Accenture, India Mar 2017 – Sep 2019
Network Support Engineer
Responsibilities:
Involved in and executed testing of significant network problems for the BGP, OSPF, RIP, and EIGRP protocols for the whole VISA network.
Hands on experience on NAT (Network Address Translation) configurations and its analysis on troubleshooting issues related access lists (ACL).
Managed various teams involved in site surveys, cabling specifications, portscans, physical port mapping, cabling management, Network equipment installation and configuration.
Experienced for Identifies, Diagnoses and Resolves Network and Windows Problems. Troubleshooting Computer Hardware Problem & Network Problem.
Implement changes on switches, routers, load balancers (F5 and Brocade), wireless devices as per engineer’s instructions and troubleshooting any related issues.
Integration of Open Contrail Controller with OpenStack Controller and Open Contrail router with Compute Node.
Education:
Bachelor’s of Engineering-Geetham University- India.
Master’s in Information Technology-Northwest Missouri State University, Missouri.
Contact this candidate