Security Engineer Network
Resume:
Rehaan Surti
Senior Network Security Engineer
***********@*****.***
https://www.linkedin.com/in/rehaan-s-b03544298/
SUMMARY:
* ***** ** ********** ** a Network Security Engineer in Administration of LAN, WAN Wireless and Security Technologies and products.
Experience with Next Generation and Web application firewalls of Palo Alto PA-7050, PA-3050 series.
Hands on experience in maintain the Fortinet infrastructure and Configuration of IPSEC VPN and troubleshooting in Fortinet 7081F, 6300F, and 4800F firewalls.
Experience in upgrading and patching Cisco NX-OS software on Nexus 9000 series switches to maintain security compliance and address vulnerabilities.
Designing, Implementing and Troubleshooting Cisco Routers 1101, 1109 ISR using Static, RIPv2, OSPF, EIGRP & experience with checkpoint, Cisco ASA devices.
Implemented AWS Identity and Access Management (IAM) policies to enforce least privilege principles and enhance security posture.
Designed and implemented SD-WAN policies to dynamically route traffic based on application performance and security requirements, improving user experience.
TECHNICAL SKILLS:
LAN Technologies
SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
Firewall
Fortinet (FortiGate) Firewall (1000F, 2600F, 3500F, 7081F) Palo Alto (PA-850, PA-3420, PA-5260, PA-7050, PA-7080), Cisco Firepower, ASAS and Juniper SRX series.
Load Balancers
F5 Networks (Big-IP) LTM 6400
Switches
Nexus 2k, 5k, 7k, Arista switches, Catalyst switches and Juniper switches.
Wireless
Cisco Meraki, Aruba wireless.
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
Network Management Tools
Wire shark, Net flow Analyser Net Scout, SNMP, Cisco Prime, Ethereal.
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
Professional Experience:
1800 Flowers, Jericho, NY
Sr. Network Security Engineer March 2024-Present
Responsibilities:
Configured, troubleshoot and upgraded Checkpoint firewall for manage clients, which included network and/or resource access, software or hardware problems.
Managed multiple Palo Alto Networks firewalls PA-3020 and PA-5250 using Panorama, ensuring uniform security posture across the entire network infrastructure.
Worked with the latest Palo Alto Networks technologies and recommended practices, ensuring the integration of state-of-the-art security measures.
Integrated migrations of various Palo Alto Next-Generation firewall models, including PA-850, PA-3430, PA-5430, PA-7050, and PA-7080, while serving as a pivotal knowledge hub for SD-WAN and routing advancements.
Deployed Port Security on Cisco Nexus 7000 switches to restrict access to network ports and prevent unauthorized devices from connecting to the network.
Proficient in configuring and troubleshooting the TCP/IP suite for reliable and efficient data transmission across networks.
Expertise in designing, assigning, and managing IP addresses, including IPv4 and IPv6.
Experience in configuring and managing DNS for resolving domain names to IP addresses, enhancing network accessibility.
Configured networks using routing protocols such as RIP, OSPF, BGP, TCP, UDP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
Proficient in configuring and maintaining RIP for small networks to ensure efficient data routing with minimal hop counts.
Experience in deploying and troubleshooting OSPF in complex network environments, optimizing routing paths and enhancing network efficiency.
Skilled in configuring BGP for managing inter-autonomous system traffic and maintaining stable, efficient, and scalable routing.
Experience in implementing VLAN tagging to segregate network traffic efficiently, ensuring secure and manageable network segments.
Proficient in configuring and managing network switches to facilitate data transfer between devices on a local area network (LAN).
Experience in setting up and managing Virtual LANs (VLANs) to segment network traffic and improve security and performance.
Conducted SD-WAN performance monitoring, traffic analysis, and troubleshooting to identify and resolve network issues, ensuring optimal service levels and uptime.
Configured and integrated SD-WAN devices into existing network infrastructures, ensuring seamless connectivity.
Automated network infrastructure provisioning using Terraform and GitOps workflows.
Designed and implemented Akamai WAF solutions to protect customer-facing e-commerce platforms from cyber threats.
Implemented policy-based networking in Cisco ACI, defining application-centric policies for automated network provisioning.
Collaborated with stakeholders to optimize DNS, DHCP, and IPAM solutions.
Reduced incident resolution time by 40% through integration of firewalls with real-time monitoring tools.
Integrated F5 VIPRION B2150, B2250 with various technologies and services including firewalls, WAF, and DDoS protection solutions to bolster overall security measures.
Experience in using TACACS+ to provide secure communication with full encryption of user credentials and administrative commands.
Proficient in configuring RADIUS to authenticate and authorize users for network access, including wireless networks.
Streamlined network operations by integrating Python scripts with RESTful APIs for network device automation and management.
Experience with Python libraries such as Pandas, NumPy, and Matplotlib for data analysis and visualization.
Enhanced threat detection and response capabilities by configuring and managing intrusion detection and prevention systems, including Snort and Suricata. while maintaining expertise in networks, firewalls, F5, and Linux environments.
Expert in advanced routing protocols (BGP, OSPF) and Layer 3 protocols (DNS, DHCP, HTTP) to optimize network performance and reliability. Proficient in network security technologies, including firewalls, VPNs, intrusion prevention systems, and Zero Trust architecture.
Fidelity, Dallas, TX Mar 2021 to March 2024
Sr. Network security Engineer
Responsibilities:
Configured and optimized rule sets on FortiGate firewalls to meet specific security requirements and organizational policies effectively.
Implemented Forti Manager 300D alongside FortiGate clusters including 7081F, 6300F, and 4800F to establish IPsec site-to-site VPN connections.
Deployed and managed Juniper's Next-Generation Firewall (NGFW) solutions, such as Juniper SRX Series firewalls, to enforce granular security policies.
Configured and maintained site-to-site and remote access VPNs using Palo Alto’s GlobalProtect and IPsec VPN features.
Integrated Palo Alto firewalls with SIEM systems (e.g., Splunk, ArcSight) for centralized log collection, monitoring, and alerting.
Utilized Palo Alto Panorama for centralized management, monitoring, and configuration of multiple Palo Alto firewalls.
Proficient in Juniper's operating system, Junos, for configuration, monitoring, and troubleshooting of network devices.
Stayed updated on the latest Fortinet technologies and recommended practices, seamlessly integrating them into the network security architecture for continuous improvement.
Designed, implemented, and managed Software-Defined Wide Area Network (SD-WAN) solutions to optimize network performance, reduce costs, and enhance application delivery.
Designed and implemented IPsec VPN tunnels between Juniper devices and third-party VPN gateways to secure communication over untrusted networks.
Proficient in Python programming language for network automation, scripting, and tool development.
Hands-on experience in deploying and configuring Cisco ISE for network access control and identity-based policies enforcement.
Skilled in VLAN configuration, trunking, and spanning-tree protocols for efficient network switching.
Strong understanding of Layer 1 networking concepts, including physical cabling, connectors, and transmission media.
Experienced in Layer 2 technologies such as VLANs, spanning tree protocol (STP), and link aggregation (LACP).
Proficient in deploying VLANs (Virtual Local Area Networks) and ACLs (Access Control Lists) for isolating network traffic.
Knowledge and experience working with Amazon Web Services (AWS), including proficiency in configuring and managing AWS services and resources for cloud-based solutions.
Monitoring and analyzing WAF logs and alerts to identify and mitigate potential security threats and vulnerabilities.
Skilled in integrating Viptela SD-WAN with security services, integrating firewall policies, IPsec VPN, and encryption protocols to bolster network security and compliance.
Utilized Python frameworks like Flask and Django for web application development in network management.
Proficient in integrating Cisco ISE with existing network infrastructure components for seamless authentication and authorization.
Deployed and configured Cisco Catalyst switches (e.g., Catalyst 9000 series) and Nexus switches (e.g., Nexus 9000 series) for campus and data center environments, respectively.
Ability to design, implement, and troubleshoot complex network architectures incorporating BGP, MPLS, Layer 2/3 technologies, VPC, CVP, AVD, and YAML.
Experience in conducting DDoS readiness assessments and developing incident response plans.
Configured and managed tenants within Cisco ACI, providing logical segmentation for different business units or applications.
Deployment and configuration of AWS CloudWatch to monitor and manage the performance and status of various AWS resources, including EC2 instances and Lambda functions.
Implemented VPN technologies such as IPsec, SSL VPN, and L2TP/IPsec to establish secure connections over public networks.
Configured claims-based authentication policies within Active Directory Federation Services to enforce fine-grained access control and attribute-based authorization.
GAP, San Francisco, CA Oct 2018 to Feb 2021
Sr. Network security Engineer
Responsibilities:
Experienced in scalability and deployment efficiency of the Open Stack underlay network by transitioning from standalone Cisco Nexus 5548, 5600 and 7018 switches.
Deployed Routing Policy Language (RPL) on Nexus 7000 series switches, facilitating flexible and dynamic routing management to optimize network performance and control.
Experience with a wide spectrum of Cisco routers, encompassing models such as ISR 1100, 1101, ASR 9k, and ASR 1002.
Configuration issues pertaining to HSRP, BGP, OSPF, EIGRP, MPLS WAN, QoS, and Route maps using proficient configuration techniques and troubleshooting methodologies.
Proficient in deploying and managing AWS Cloud Formation templates using YAML (YAML Ain't Markup Language) for infrastructure as code (IaC) automation.
Implemented the latest features, firmware upgrades, and best practices associated with Cisco Secure Firewall 3105 and 3110, bolstering the network's robustness against emerging threats.
Conducted thorough security audits and penetration testing to validate the integrity and effectiveness of IPsec implementations.
Implemented security protocols, device grouping, and templates via Panorama for standardized and scalable management of Palo Alto firewalls.
Configured Palo Alto Firewall management tools to monitor network traffic, detect security threats, and analyze anomalous patterns.
Implemented traffic steering policies, application-aware routing, and Quality of Service (QoS) policies to prioritize critical applications and improve user experience.
Hands-on experience with Palo Alto firewall systems, including models like PA-3250, PA-4000, PA-5450 series, and PA-7050. Proficient in High Availability (HA) configuration, VPN setup, Layer 2, Layer 3 configurations, mobile security, and virtual environment administration.
Strong debugging and problem-solving skills using Python to address network-related issues efficiently.
Deployed security policies on FortiGate firewalls to manage traffic flow and prevent unauthorized access, thereby enhancing overall network protection.
Implemented security protocols, fine-tuned rules, and managed object utilization across various FortiGate models, including the FortiGate 1000F and FortiGate 2600F.
Experienced in managing FortiGate firewalls using FortiManager for centralized policy management and configuration deployment.
Developed and implemented security policies within SD-WAN configurations to safeguard data and mitigate potential threats.
Proficient in using Python for tasks such as data parsing, file manipulation, and API interaction in network environments.
Implemented SD-WAN solutions utilizing Cisco's Viptela platform, while configuring and fine-tuning components to optimize network operations.
Implemented network policies and traffic routing through SD-WAN Viptela's centralized management platform (vManage), ensuring consistent application performance.
Deployed secure connectivity across distributed networks by leveraging SD-WAN Viptela's centralized policy and control plane architecture.
Implemented and configured F5 VIPRION2400, and 4800 device platforms, fine-tuning resource allocation to optimize load balancing and traffic management.
Experience in designing, implementing, and managing F5 VIPRION platforms to provide high-performance and scalable application delivery solutions.
Managed F5 BIG-IP appliances, which involved tasks such as scripting iRules, managing SSL offloading, and regularly configuring WIPs and VIPs.
Education :
Bachelor in Cybersecurity, Monroe college, NY.
Contact this candidate