Network Security Engineer
Resume:
Abdul Mubeen
Senior Network Security Engineer
**************@*****.***
SUMMARY:
6+ years of IT experience in design, development, implementation and maintenance of complex Network & service devices, Network Security, Linux Kernel Programming.
Migration from Cisco firewalls to Palo Alto firewalls platforms PA-7080, PA-5430 and PA-3420 firewalls.
Configured and deployed Fortinet Security systems Firewall, Contributed to the administration of worldwide Fortinet FortiGate 1000F, 200, 60E firewall infrastructure.
Developed and maintained documentation, including network diagrams and configuration guides, for Cisco Nexus 9k, 7k, 5k security configurations and procedures.
Collaborated with network architects and engineers to design and implement secure network architectures using Cisco routers 8100, ASR 9000 series, ISR 1000 series.
Worked on python to edit the devices running configuration over Ansible tower.
Deployment and configuration of Active Directory, overseeing user role management across diverse user groups.
Integrated Cloud Front, Cloud Watch, and Cloud Trail to devise a holistic monitoring and security approach for AWS-hosted applications.
Designed, deployed, and managed F5 VIPRION 2400, 4400, and 4800 hardware to support high-performance application delivery and load balancing in intricate enterprise environments.
TECHNICAL SKILLS:
Routers & Switches
Routers (MX7200, 5840, 4330, 3921, 3800, 2800, 2100) and Switches (EX6500, 5850, 4900, 3750, 3700, 2960, 2900) and Nexus 9k, 7k, 5k and 3k data center switches & Aruba wireless (2960, IE-1000/2930F POE & Non POE and 6300F) switches
Cloud Platform
AWS, EC2, S3, RDS, Elastic Load Balancing, SWF, SQS
Firewalls
Palo Alto (PA-7080, PA-7050, PA-7000, PA-5000, PA-3000 series), Fortinet firewalls (FortiGate1000, FortiGate3000, FortiGAte3200, FortiGate7081F, FortiGAte6500F, FortiGate6300F, FortiManager, FortiAnalyzer), Cisco Firepower (4115, 4125, 4145 series), Cisco ASA 5506-X, 5508-X series, Checkpoint R77.30 and R80.0
Routing Protocols
RIP, IGRP, EIGRP, OSPF, BGP, HSRP, VRRP & GLBP, Network Management NCM, Wireshark, Load Balancers Citrix NetScaler Load balancer
LAN Technologies
Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- Channel, VLANS, VTP, STP, RSTP, 802.1Q, Network Security NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)
WAN Infrastructure
Leased Line, ISDN/Dial-Up, Frame Relay circuits, Metro Ethernet.
WAN Technologies
HDLC, PPP, ATM, SONET, MPLS, VPN, IPSec-VPN.
Wireless
& Wi-Fi
Canopy Wireless Device (point to point/point to multipoint), DLink Wireless (point to point), DLink Access Point, CISCO 1200 series Access Point, and Linksys Wireless/Wi-Fi Router. Cisco Viptela.
Operating Systems & Tools
Cisco IOS, Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 Server, Windows XP/Windows 7/8, LINUX, Solaris, Active Directory, Apache Server, MS Exchange server, VERITAS Volume Manager.
Professional Experience:
Cigna Health, CA March 2024 - Present
Sr. Network security Engineer
Responsibilities:
Increasing security strategy, organization, and monitoring for dispersed IPv4 and IPv6 connections through the use of Palo Alto Networks Panorama.
Maintain that your website and your device with Bluetooth are securely connected, then set up Palo Alto firewalls to use Global Protect VPN.
Used Prisma SD-WAN’s application –aware routing capabilities to prioritize critical applications and ensure optimal performance.
Worked on Palo Alto image versioning in Palo Alto 7000 series, and rollback capabilities to maintain system stability and quickly revert to previous configurations in case of misconfigurations or policy errors.
Conducted network assessments and performance monitoring using Prisma SD-WAN analytics and reporting tools, and identified areas of optimization.
Working on Palo Alto PA-5280, PA-5260, and PA-7050 firewalls with zone-based safeguards may assist in building a secure network design by distributing data throughout many system regions.
Involved in Palo Alto firewalls were attached to the Palo Alto Panorama M-500 platform, which had administrators applied.
Using FortiManager to deploy new firewall policies and determine if the IT system complies with business and regulatory requirements.
Set up enhanced security choices on FortiGate firewalls, deploy FortiManager to access the security data collected by FortiAnalyzer.
Configured deep packet inspection (DPI) and threat intelligence services on FortiGate 4800F, FortiGate 4400F, FortiGate 4200F, and FortiGate 3700F firewalls to detect and block malicious activities in real-time.
In addition to setup, the FortiGate firewall systems 4200F, 6500F, and 7081F are guarded against unwanted activities by integrating design and safety measures.
Designed specifications were provided for every Juniper SRX 380, SRX 4100, and SRX 2300 deployment process additions and verification were also developed.
Increased performance through the use of REST APIs, Python scripts, and Ansible playbooks to streamline network installation and maintenance activities in Cisco ACI.
Improved hybrid cloud administration and networking through the integration of Cisco ACI with VMware vSphere, the Azure cloud from Microsoft, and AWS.
Created and implemented application-centric rules using Cisco ACI to provide reliable and safe connection for vital services.
Implemented F5 VIPRION’s DDoS protection features to safeguard network resources against distributed denial-of-service attacks, ensuring uninterrupted service availability.
Integrated F5 VIPRION with third-party security and monitoring solutions, creating a comprehensive and resilient network security environment.
Configured and managed VLANs, SNATs, and NATs on F5 VIPRION to streamline network traffic and improve resource allocation.
Developed and putting into practice, and overseeing Cisco Firepower 1150, 1140, and 1120 FXOS firewall rules in learning settings.
Managed VPN services using the functionality of Cisco safe Firewall 4245 and 4215 to preserve safe websites for customers and vendors.
Skilled in network management and tracking, as well as an understanding of Arista switch models, such as the 7020R, 7130, and 7280R3.
Setting up security features on Cisco Meraki MR18, MR20, and MR26 networks with user permission in order to avoid unauthorized access and establish secure Wi-Fi connectivity.
Creating rules internally, we were able to simplify access control by swiftly adding, modifying, and reactivating applications and groups in Active Directory.
Configure AWS Direct Connect in accordance with safety guidelines, access restrictions, and safeguards to set up private information when visiting certain URLs.
Designed Ansible scripts to handle weekly modification relating to the network, guaranteeing correct data and prompt resolution in the event of problems.
Integrating a cloud-based fiber entry in the system architecture, which can improve performance and provide lag-free connectivity between VPCs and restricted design.
Using Netmiko scripts to automate repetitive tasks like sharing information and device latency can improve the effectiveness and utility of services.
Assist with centralized administration and ongoing insight into security-related events, ISEC interfaces and tracking tools were used.
In order to ensure uniformity and ease investigating, an extensive manual for Cisco ISE settings, policies, and processes was created and kept up to date.
Developed monitoring systems based on Python to continually evaluate network device safety status and guarantee adherence to safety rules and regulations.
Created safety dashboards and analyses automatically using Python, offering immediate insight into security-related indicators and patterns.
Monitoring of secured needs and standards, integrated management, and Cisco Security Manager (CSM) installation on Cisco routers are made possible.
Setting up and managing several Cisco router types, such as the 8100, 8200, and 8600 to provide a stable and efficient connection.
Implement trustworthy and secure information linkages across distant sites and configure Cisco routers for access to virtual private networks (VPNs) based on IPsec.
Designed extensive installation guides for Nexus 7000s, which are already a frequent resource used by the company's IT division.
Integrated the Nexus 9300, 9400, 9500 and 9800 switches, we were able to facilitate the creation of an effective product that increased processing power by 35%.
Configure the massive amount of data needed to adjust connectivity plans, handle with changing protocols, and maintain up with Nexus construction.
Verizon, NJ Sep 2022 – Feb 2024
Network Security Engineer
Responsibilities:
Applied to Palo Alto rules and firewalls, that are developed and kept up to date using a range of techniques and successfully detect and prevent attacks on tracks.
Used User-ID™ technology on Palo Alto PA-7000 and PA-5000 series firewalls to associate network traffic with specific users, enabling accurate user-based security policies and access controls.
Integrated Palo Alto PA-7000 and PA-5000 series firewalls with WildFire™ to automatically submit suspicious files for analysis and generate threat intelligence to enhance overall security defenses.
Spearheaded the migration of legacy firewall policies to Palo Alto Networks firewalls, ensuring seamless transition and minimal disruption to network operations.
Implemented custom security profiles and threat prevention policies on Palo Alto firewalls to mitigate emerging cyber threats, such as ransomware and zero-day exploits.
Optimized Palo Alto firewall configurations to support high availability and failover mechanisms, enhancing network resilience and uptime.
Installed the required security settings for internet connectivity on the FortiGate firewalls in the 7121F, 2600F, 1000F, and 3200F zones.
Set up the data collection and assessment functions of the FortiGate units to look into safety-related issues, offer conformity assessments, and speed up network monitoring.
Applied risk-assessing methods, FortiGate firewalls continually guarded against developing threats by utilizing the defenses that were already in place.
Worked on FortiAnalyzer and FortiManager, the FortiGate firewalls were fully leveraged to ensure secure management and evaluate their efficacy.
Using Cisco Viptela, SD-WAN solutions were created and implemented to increase network availability and effectiveness across multiple locations.
Configured and managed Cisco Viptela SD-WAN controls, edge routers, and protocols to optimize data flow and provide dependable access.
Developed and implemented complete encryption, firewall restrictions, and categorization as extra security measures for Viptela SD-WAN.
Developed multi-pod and multi-site ACI installations to bolster company resilience and rescue efforts by extending the ACI fabric across separated data centers.
In order to ensure excellent service and accessibility of the network, support resources and tracking data from Cisco ACI were used.
Worked on real-time analytics and telemetry data provided by Cisco ACI 96 architecture for proactive monitoring, troubleshooting, and capacity planning, and enhanced network performance.
Set up AWS Cloud Watch to track and collect data collected by several AWS services in order to give clients accurate knowledge about the efficiency of the system.
Utilize AWS Direct Connect to establish stable connections between organizations and AWS and ensure trustworthy, secure internet access.
Set up mechanisms for caching, wiping data with conservation, and providing critical fixes to the AWS Cloud Front regularly maintained.
Set up and maintained advanced, minimal latency network connection in business and data center settings using Arista 7000, 7800, and 7300 switches.
Using the configuration of Netmiko scripts for software upgrades and secure network assessments, users may ensure adherence to PCI DSS and CIS regulations.
Worked with businesses from a range of sectors to create and run visits utilizing Aruba Clear Pass regulation areas and actual time online permission.
Using Netmiko for assessment, it was possible to verify that company safety rules were adhered to as well as networks were fixed.
Created and configured the F5 Viprion 2000, 2400, and 2200 system, which offers a flexible and effective service delivery based on the requirements of the company.
Work experience developing F5 viprion iRules, which enhance data, testing, and oversight to strengthen global security rules.
By using Cisco router security monitoring and management software, greater visibility and faster response times are achieved.
Improved security and a concealed secured network architecture might result from using network address translation (NAT) on Cisco routers.
Skilled in setting up and maintaining a variety of Cisco router types, with a focus on reliability and network safety, including the ASR 9901, 9902, and 9903 series.
Designed and updated accurate comprehensive documentation for Cisco ACI rules, settings, and procedures to guarantee efficient and standardized administration.
Setting up the Infoblox DDI tools (DNS, DHCP, and website control) allowed for the efficient and safe use of assets.
In depth understanding of ISEC equipment setup and organizing, including the capacity to train IT personnel in this area.
Improved and complied with online tools and safety standards; deployed Cisco ISE; used Fore Scout CounterACT.
Designed Ansible instructions to manage the installation and setup so that network device monitoring can be done using Zabbix and Nagios.
Worked on Illumio’s visibility and analytics features to monitor and analyze network traffic patterns, identify anomalies, and detect potential security breaches.
Conducted regular audits and assessments of Illumio configuration to ensure compliance with security policies, industry regulations and best practices.
Created and managed resources and applications for networking safety, such as packet capture evaluation, checking of ports, and IP imaging, using Python.
Applying EIGRP to provide a stable routing link among linked devices, while developing the Nexus 9300, 9400, and 9800 switches, establish several Virtual Device Contexts (VDCs).
Added thorough network details, such as setup guidelines and layouts created exclusively for Cisco Nexus deployments.
Assisted with a minimum of interruption possible, network problems were found and fixed by using Cisco Nexus-specific tools and procedures.
Increased the effectiveness and dependability of the Cisco Firepower 1010, 1120, and 1140 connectivity through the use of service and administration guidelines.
Configuring and maintaining effective security policies using web-based Cisco Secure Firewall models 3130 and 3120 devices.
Using and maintaining specific Python scripts to expedite continuous monitoring and evaluations of security devices.
Added firewall and antivirus programs to the Juniper SRX 5800, SRX 5400, and SRX 4600 PCs to enhance their security.
Increased international safety standards by employing Ansible-driven approaches to continuously identify and reduce threats.
Computer Science Corporation, India Apr 2019 – July 2022
Network support Engineer
Responsibilities:
Utilizing Terraform, internet connection settings were set up between on-site servers and cloud-based structures to simplify cloud-based networking.
Develop the strongest relationship available and ensure that assets are used efficiently, make advantage of Silver Peak's extensive network administration solutions.
Experience in monitoring and evaluation was established in association with Solar Winds to furnish data on the overall state and operation of the business both in its past alongside the future.
Monitor and spotting irregularities in online behavior to confirm that TrustSec policies have been correctly followed.
Skilled in many internet and web-related systems, including HTTP, HTTPS, UDP, IPSEC, TCP/IP, and protocols switching.
Set up Palo Alto PA-5410, PA-3060, and PA-1410 monitor and evaluation tools often to ensure the machine can accurately detect network-related and safety issues.
In order to improve system dependability and address safety concerns, I helped by offering guidance in order to apply Check Point R77.30, R80.10, R80.30, and R77 Secure Connection modifications.
Working knowledge implementing load balancers, firewalls, and switches with Cisco Tetration to speed up the deployment of security regulated systems.
Using the Cisco ASA 5515, 5580, and 5540's risk analysis and administrative tools to their fullest potential will increase protection against external attackers.
Assisted in the design and installation of data center cabling, including high-density fiber optic cabling solutions, to support large-scale network environments.
Utilizing knowledge of connectivity requirements for broadband interactions, traffic monitoring, and Wireshark screening.
Engineered Cisco routers with dynamic routing protocols, including OSPF, EIGRP, and BGP, to ensure efficient data flow and optimal path selection.
Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with ASA and JUNIPER SRX Firewalls.
Worked on Aruba Wireless LAN Implementation for 11n Infrastructure Across the Corporate network.
Design and setup of Aruba Controllers 531, redundant 7211, 3200, 3400 and 6000 series.
Deployed and configured managed network equipment including: Cisco Meraki MX84, FortiGate 81E firewalls, Cradle point AER1600 routers, Cisco Meraki MS120-24p switches, and Cisco Meraki MR33, MR70 and Juniper Mist access points.
Developed several SolarWinds dashboards to provide key insight to chief executives
Used Cisco ACI (Application Centric Infrastructure) for fabric implementation, operations, and integration with external bridged networks and Cisco Unified Communication Systems.
Interacted with cloud team for AWS service to design and deploy an application based on given requirements.
Involved in generating property list for every application dynamically and writing automated testing scripts using Ansible.
Skilled in spotting trends, spotting security risks, and offering advice that can deter using the web usage monitor and assessment tools, Blue Coat ProxySG.
Developed and oversaw comprehensive, precise documentation for the F5 BIG-IP 4000, 4100, and 4200 series' structures, codes, and regulations.
Maintaining and adjusting Citrix NetScaler load distribution rules in concert with one another while undertaking programs.
Designing and putting into practice VPN networks and networking techniques, such EIGRP, OSPF, BGP, and MPLS, to connect servers to remote locations.
Installation, preserved, and troubleshot Radius, TCP/IP, Frame relay, NAT/PAT, and LAN/WAN ISDN.
In addition, network processing was improved and DNS was connected with DHCP 50% less frequently to try to enable variable DNS record modifications based on DHCP leases.
Involved in client meeting to analyses requires & support for the implementation of VISA connectivity for transactions visa visa VIP's across the globe.
Experience with Troubleshooting tools for example protocol analyzers, load generators & network traces.
Implemented VPN solutions with new ASR 1002-HX as VPN concentrators with IKE1 & IKE2 parameters with peering partner vendors like Checkpoint, ASA & Palo Alto.
Education:
Masters in computer and information science from University of Arkansas at little Rock, USA, 2024.
Bachelor in engineering in information technology, ISL Engineering college, India, 2021.
Contact this candidate