Security Analyst Engineer
Resume:
HASSAN KHAN
USC
LinkedIn; https://www.linkedin.com/in/hassan-khan-5404b1367/
Email; ****************@*****.***
Summary
* ***** ** ********** ** Network/System Administration and Network Security Engineer/Information Security Analyst.
Cisco Certified Network Engineer with expertise in Network engineering, designing, architecting, deploying, and troubleshooting Network & Security infrastructure on routers switches (L2/L3) and firewalls.
Using Algosec for the audit of the rules on the firewall and enhance existing change management system with intelligent network and security automation.
Experience in Checkpoint firewalls, Palo Alto Firewalls, Juniper Firewalls, Cisco WSA/CWS, Cisco ASA, SSL VPN, Cisco Nexus, Cisco ACS, Cisco ISE, IPS, and Microsoft TMG.
SolarWinds Network Performance Monitor (NPM) to minitower and analyze network performance metrics in real-time.
Analyze, monitor, troubleshoot, and investigate security - related anomalies with various tools such as AlienVault SIEM, Imperva Secure sphere Web Application Firewall, Barracuda WAF, SCCM, etc.
Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration.
Configuration of VTP, VLANs, UDLD, BGP, OSPF, EIGRP, IGRP, RIP, MPLS, DHLs, GRE Routing, Troubleshooting, Monitoring and Maintenance.
System Administration with technical expertise in specializing in Cisco Environment in Data Center, LAN / WAN Security, managing the complete system admin and technical support functions.
Demonstrated abilities in large enterprise-wide network design, implementation as well as administration support and network integration.
Advanced knowledge, design, installation, configuration, maintenance and administration of Palo Alto Firewalls, Checkpoint Firewall R75 up to R77 version, VPN.
Checkpoint IP Appliances and SPLAT & Cisco ASA Firewalls
Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R75 up to R77 version, Secure Platform Installation including, VPN.
Advanced knowledge in design, installation and configuration of Firewall ISG 1000/2000, SSG series and NSM Administration.
Configure and implement Network Infrastructure monitoring, alerting, backups, and system management solutions built on Linux Firewall and ACL security implementations.
Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
Experience in Implementing & managing Symantec Data Loss Prevention.
Network security including NAT/PAT, ACL, VPN Concentrator, IDS/IPS, and ASA/PIX Firewalls.
Monitor the server/network infrastructure which includes VMWare, SCOM, OpenVMS, FireEye and the Checkpoint firewall logs to provide maximum efficiency.
Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
configuring SolarWinds Orion for centralized network monitoring and management across multi-vendor environments.
Advanced Cisco Router, Switch, Firewall, VPN Concentrator, Clean Access, Wireless AP experience.
Advanced configuration of Cisco 2500/2600/4000/7000/12008/2900/3750/6509.
Advanced troubleshooting of data circuits such ATM, SMDS, T1, Frame Relay, ISDN circuits.
Experience in managing a team and the resources during Server Infrastructure migrations and platform upgrades.
Professional Experience: -
IBM, San Francisco, CA Nov 2023 – Current
Network Security Engineer
Designed and implemented security strategies with Cisco and Palo Alto firewalls.
Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks.
Firewall migration support for Palo Alto Networks.
Experienced in setting up and customizing SolarWinds dashboards and reports to provide visibility into network health and performance.
Worked as a Lead consultant for a Consultation project to help clean up legacy FW policies and create a migration path from current ASA and SRX FWs to next gen Palo Alto firewall.
Staged, planned and deployed Palo Alto NGF 5020s within Confidential 's Data Centers.
Networks using routing protocols such as RIP, OSPF, BGP, EIGRP and manipulated routing updates using route-map, distribute list and administrative distance.
Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tuning AS-path.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of Firewall logs using various tools
Hands-on experience of ACL's, BGP, EIGRP Protocols. Implementing security policies using ACL, AAA (TACACS+ & RADIUS).
Configured SNMP with private community strings to monitor Linux servers through the SNMP management server.
Worked with Palo Alto PA5020 firewalls using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
Implementing firewall rules and configuring Palo Alto Network Firewall.
Configured IPsec tunnels with Palo Alto to enable secure transport and site-site VPN to Juniper SRX.
Exposure to wildfire advance malware detection using IPS feature of Palo Alto.
Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls
Performance Comparison & security enhancement achieved by Extended ACL, allowing/blocking access to a particular host, network or a port.
Managed the deployment of SolarWinds Server & Application Monitor (SAM) to ensure application performance and availability within the network.
Migrated legacy F5 LTM and GTM appliance to newer version appliances.
Extensive work with IPv4 and IPv6 protocols (configuration, BGP sessions announcements, assignment to clients and more).
Strong hands-on experience on Palo Alto Firewalls, PIX Firewalls, ASA Firewalls and implemented Security Policies using Panorama, ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Experience in installing, configuring and troubleshooting of Checkpoint Firewall. NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77 UTM.
Maintain, manage, optimize and troubleshoot all routing and routing protocols (IPv4 and IPv6) along with troubleshooting of any connectivity, latency or unavailability issues using Remote Desktop, Spectrum.
Design for Guest Network and Mobile Access Network for NAC Solution, comprising of a Wireless LAN Controller solution in DMZs/Internet Gateways with ForeScout Counteract NAC Appliances for NAC.
Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of ForeScout Counteract NAC Appliances in all WAN Consolidation Points, and Data Centers.
Strong hands-on experience on Palo Alto Firewalls, PIX Firewalls, ASA Firewalls and implemented Security Policies using Panorama, ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Experience in installing, configuring and troubleshooting of Checkpoint Firewall. NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77 UTM.
Configured OSPF redistribution and authentication with type 3 LSA filtering to prevent LSA flooding.
Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
Proactively monitor, troubleshoot, diagnose, and resolve network issues utilizing SolarWinds Orion and OpenNMS.
Successfully installed Palo Alto PA-3060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
deployment of SASE solutions for multiple organizations, ensuring secure and efficient network access for remote and on-premises users.
COMCAST, Jersey City, NJ Feb 2021 – Oct 2023
Network Specialist/firewall
Responsibilities:
Migrated from Cisco ASA to Palo Alto firewalls
Designed, implemented, and managed data center network infrastructure for a leading Banking client, ensuring high availability and performance for critical financial applications.
Configured F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Worked on migrating the F5 LTM 5100 version 9.2 to 5100 LTM version 9.4 and F5 GTM configurations.
Installing & configuring standalone and HA pair Load-Balancers - BIGIP-LTM/GTM’s on 1600, 3600, 3900, 8900, 6900/6900S, 8900/8950S, 2000S, 2200S, 5200S, 7000S, Cisco CSS, Cisco ACE.
Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2900, 3500,7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800) Cisco Router and Switches.
Configured Cisco ASA and Checkpoint firewall layers to secure the infrastructure for the Data Center.
Technical support for improvement, upgradation & expansion of the network architecture.
Experienced in integrating SolarWinds with other IT management tools to enhance overall operational efficiency and incident response.
Designed and configured Azure Virtual Networks (VNets), subnets, Azure network settings, DHCP address blocks, DNS settings, security policies and routing
Deployment of SASE solutions for multiple organizations, ensuring secure and efficient network access for remote and on-premises users.
Implemented and maintained AlgoSec Firewall Management. Worked on Algosec for firewall rule analysis and firewall rules cleanup.
Experience in implementation and management of the Checkpoint next generation firewall
Deploy and manage with advanced security and network management tools like Aruba ClearPass Policy Manager, Aruba Airwave and cloud-based Aruba Central.
Integrated advanced networking capabilities with cloud security functions to provide a holistic security solution with SASE
Configured Log Forwarding to forward logs from the firewall to Panorama and then configure Panorama to send logs to the servers.
Installation and administration of Checkpoint R 75.40, R80 Firewall.
Managed and troubleshoot NET Cloud, Cradle Point and Aruba access points wireless devices on Citrix and Airwave. Aruba VPN, customer public and private wireless networks. Aruba mobility and ClearPass training.
Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations.
Strong experience with Aruba wireless design, configuration, implementation, and testing.
Design and maintain Document, configure and implement Aruba WLAN infrastructure.
Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
Managed VPN migration from Nortel i100 to Palo Alto NGFW VPN devices.
Traffic monitoring and managing using Palo Alto Panorama.
Updated Palo Alto NGFW PAN-OS, Threat databases, AV databases and filters as required.
State Street, Boston, MA May 2018 – Jan 2021
Network Engineer
Configuring and implementing of Composite Network models consists of Cisco 7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 3550, 3750, 5000, 6500, 9300, 9500 Series switches.
Experience in handling and installing Palo Alto Firewalls
Conducted assessments of existing network infrastructures to align SASE deployments with organizational needs and compliance requirements.
Configure Cisco 4500 routers, 2900 switches, Cisco 5500(WLC) & Wisms2, 3800 2900 switches, Aruba 7200 2500s (Cisco, Aruba, & Ruckus AP’s)
Deployment and configuration Cisco Wireless AP 1700, 1850 & 2800 series and Aruba 210, 220 and 300 series.
Responsible for performing predictive wireless designs/site surveys with Air Magnet Planner (Cisco 3500/3600/3700/ Aruba 105 access points) and conducting physical wireless site surveys with Air Magnet Survey.
Designed and implemented SASE architectures to replace traditional network security models, achieving significant improvements in agility and security.
Basic and advanced F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
Experience in Wireless Design, Deployment and configuration of Cisco 5500 series and Aruba 7200 series on Wireless LAN controllers.
Configure the Firepower chassis in cluster and then after HA mode to meet the clients ever changing design requirements.
Firewall policy provisioning on Fortinet FortiGate appliances using Forti Manager.
Provided support for network infrastructure using Cisco equipment including Cisco ASA firewalls and Cisco routers. Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, HIPS/HIDS, Nessus, NMAP, SIEM, Splunk, Rapid7 Nexpose and Insight, WAF, routers, switches, VMware, Endpoint Security, Cloud Security, Symantec Endpoint Protection.
Deployed, configured, managed and implemented Cisco Routers and Switches, Cisco ASA 5500 series Firewalls, Cisco VPN Concentrators LAN-LAN IPSEC VPN and Cisco IDS/IPS on high volume critical production environment.
Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations.
Strong experience with Aruba wireless design, configuration, implementation, and testing.
Thorough experience with Aruba Airwave.
UnitedHealth Group, Schaumburg, IL April 2016 – Feb 2018
Network Operational Engineer
Providing access to specific IP, Port filter and port access.
Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
Providing technical support to LAN & WAN systems.
Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
Responsible for level 2 support of existing network technologies /services& integration of new network technologies / services.
Involved in configuration of OSPF Summarization (Summarizing internal and external routes).
Scalability of OSPF by Filtering of Intra, Inter and External OSPF routes.
Used various BGsP Attributes and various Route-filters such as Access-lists, Prefix lists, Route-maps to permit or deny routes and to change various attributes.
Ensure network connectivity of all servers, workstations, telephony equipment, fax machines, and other network appliances.
Experienced in implementation and troubleshooting knowledge of protocols and technologies, especially in the following: BGP4, OSPF, IPv4, and Ethernet.
Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
Contact this candidate