Network Security Engineering
Resume:
Roshaan Ali Naqvi
***************@*****.*** 443-***-**** GC
Professional Summary
Network engineering professional with over 8+ years of experience in network design, implementation, troubleshooting, and management of large-scale enterprise networks
Experience in working with Cisco Catalyst series 2900, 3560, 3750, 4500, 4900, 6500.
Experience of working with Cisco 2800, 3600, 3800, 3900 series Routers.
Hands-on experience configuring Cisco Nexus 2232, 2248, 5548, 6001, and 7018(Sup 2E) and working on nexus protocols VPC, VRF, VDC and FEX Links.
Strong knowledge of Amazon Cloud Services (AWS)
Knowledge of Multi - vendor platforms such as Cisco, Checkpoint, Fortinet, F5, Bluecoat (Web/Socks proxy), McAfee Web Gateway.
Implementation, Testing & Commissioning for LAN, WAN and WLAN systems based on Cisco and Fortinet.
Secured and monitored cloud infrastructure in AWS, including configuring VPC security groups, NACLs, and integrating with GuardDuty and CloudTrail for threat detection and auditing.
Implementing, maintaining, and troubleshooting switching tasks such as VLANs, VTP, VLAN Trunking using ISL and 802.1Q, STP, RSTP, PVST+, Ether Channel using LACP and PAGP, Inter - VLAN routing, CEF and DCEF.
Implemented Azure network security solutions such as NSGs, Azure Firewall, and VPN Gateway to protect cloud-hosted applications and ensure secure hybrid connectivity.
Experienced in configuring, deploying, maintaining, and troubleshooting routing protocols like RIP, OSPF, EIGRP, Policy routing, and BGP on Cisco routers.
In-depth knowledge of Route Manipulation, Filtering, and troubleshooting route re-distribution across multiple protocols.
Managed and maintained Palo Alto Next-Gen Firewalls, configuring security policies, NAT rules, URL filtering, and threat prevention profiles to protect enterprise networks.
Worked on implementing first-hop redundancy protocols like HSRP, VRRP, and GLBP.
Network security policies like NAT, PAT, VPN, DMVPN, route maps, and Access lists.
Worked on WAN technologies such as Frame-relay, PPP, HDLC, and DS3.
Deployed and administered Fortinet security appliances, ensuring optimal firewall performance, IPS, and antivirus features in accordance with organizational security policies.
Maintaining and updating inventory using Network Management Application layer software like SNMP, Wire shark, NTP, and Syslog.
Configured Cisco Wireless Networks like IEEE 802.11 a/b/g/n, LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, RF spectrum characteristics.
Configured FortiGate firewalls for site-to-site and remote access VPNs, high availability, and advanced threat protection, supporting secure and resilient network operations.
Hands-on with AWS (EC2, S3, IAM, VPC, Direct Connect, Route53).
Performed security operations on ASA firewalls.
Managed enterprise-grade server/application load balancing using F5 LTM/GTM.
Drawing Visio Diagrams using MS Visio for documentation purposes
Worked with virtual data center technologies with VMware building a complete datacenter with storage, switches, routers, fabric planes, and blade servers.
TECHNICAL SKILLS
Routers: Cisco 2600, 3600, 3800, 7200, 7600.
Cisco Catalyst Switches: 2960, 3750, 4500, and 6500 and Nexus 2232, 2248, 5548, 6001, 7018 series
LAN Technologies: Ethernet Standards, VLAN, Inter-VLAN, VTP, STP, RSTP, SMTP, Ether Channel, Port Fast, ACL, Lightweight access points
WAN Technologies: Frame relay, (E1/T1/E3/T3) lines, PPP, HDLC.
Routing Protocols: RIP V1/V2, EIGRP, OSPF, BGP, Static Routing, Summarization
Gateway Redundancy: HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP)
Network Security: Cisco ASA, IPSEC, Palo Alto, Fortinet
Network Management Tools: Wire shark, Net flow Analyzer, IBM Net cool
Applications: MS Office, MS Visio 2010
Operating Systems: Windows (98, 2000, XP, 7)
Load Balancers: Cisco CSM, F5 Networks
Virtualization: VMware ESX Cos and Visor, Cisco Nexus 1000v, Hyper-V
Professional Experience
State of Kentucky – KY July 2023- Present
Sr. Network Security Engineer
Responsibilities:
Document, maintain, and implement standards, policies, and procedures within security disciplines that may include vulnerability management, forensics, host and network-based intrusion detection, anti-virus/malware management, or data loss prevention.
Configured VMware NSX and administration. Implementing edge routers, Access policy on the distributed networks.
Conduct analysis, and correlation across a wide variety of source data to identify and prevent compromise of SiTime networks, host systems, and data.
Created Active Directory (AD) groups as part of the Federation for the Single Sign On (SSO) using SAML Authentication between the Identity provider and Service Provider (AWS).
Firewall policy provisioning on Fortinet FortiGate appliances using Forti Manager.
Worked as a Lead consultant for a Consultation project to help clean up legacy FW policies and create a migration path from current ASA and SRX FWs to next gen Palo Alto firewall.
F5 migration of applications to new BIG-IP vCMP infswitvhesrastructure.
F5 build-out of the base F5 BIG-IP infrastructure, including the BIG-IP 10200v platforms and vCMP guest instances.
Fortinet Firewall administration, configuration of FortiGate 3000, 3815 series as per network diagram.
Updated the vCMP guest and exporting the vCMP.
Design, Implement and Troubleshoot Highly Available and redundant topologies vPC, ALTRIA, SME, Palo alto, WSUS, fabric path, STP, VXLAN, OTV, EVPN, PTP, NTP, DNS, DHCP, VLAN
Advanced knowledge of L2/L3 network protocols (Fabric Path, vPC, VXLAN, Ethernet, RSTP/ MSTP, TCP/IP, IPv4/v6 routing, FHRP, EIGRP, OSPF, BGP, Multicast, MPLS, QoS)
Staged, planned and deployed Palo Alto NGF 5020s within Confidential 's Data Centers.
Analyze network traffic and host data to identify anomalous activity and potential threats to SiTime resources.
Developed Security Patterns and controls For AWS to Enforce (Automate) Security on the AWS Services that Enterprise Uses. This Security Patterns are compliance of NIST, CIS Benchmarks (Center for Internet Security) and Confidential Custom Standards and AWS Best practices.
Worked with Palo Alto/ ASA/Fortinet Firewall Administration, Rule Analysis, and Rule Modification. URL filtering, SSL decryption, SSL forward proxy, etc. on PA firewalls.
Experience in Configuring AWS Networking Infrastructure such as Route Tables, Security Groups, Internet Gateway, Virtual Gateway, Direct Connect.
Designed and deployed SD-WAN architectures to optimize branch connectivity and ensure secure, reliable access to cloud and data center applications.
Implemented application-aware routing policies in SD-WAN to prioritize business-critical traffic and reduce latency.
Engaged on designing and perform the configuration of a Cisco Identity Services Engine (ISE) Server to migrate of services from Cisco Secure Access Control System (ACS) version 4.2(used for Wireless Client Access), Cisco Secure ACS Agent, Cisco Network Admission Control (NAC) Guest server version 2.0.3 and Cisco Secure ACS version 5.5.0.46 (Used for Terminal Access Controller Access Control System (TACACS+) to Network Devices) to the new Cisco ISE server.
Performed support, configuration, testing and documentation for ISE rollout for Center Point Energy which includes making configuration changes in access and distribution layer switches, wireless controllers and ISE nodes.Managed firewall using FortiGate to allow or block IPs, created policies added different interfaces and VLANs. installations, design, and implementation of Cisco solutions, VPN, Fortinet, VOIP
Design/Configure/Monitor Alerts in Solarwinds and PRTG - Hardware and Software Nodes
Experience in Configuring AWS Networking Infrastructure such as Route Tables, Security Groups, Internet Gateway, Virtual Gateway, Direct Connect.
Manage Palo alto, Checkpoint, Cisco ASA and Forti net policy and network.
Configuring Availability Set for Azure VM’s (Fault and Update Domains)
Extensive design and deployments in Cisco SDA, Cisco Viptela SDWAN, and ACI solutions
Validate intrusion detection system (IDS) alerts against network traffic and host data sources using to root out false positives.
Fortinet Firewall administration, configuration of FortiGate 3000, 3815 series as per network diagram.
Knowledge of Azure Active Directory, Azure Managed Service Identity, Azure Security Token Service
Configure Cisco Meraki switches and help set it as core switches for new SiTime offices in Europe and Asia locations after shipping them.
Replacing Checkpoint VPN and Bluecoat proxy with Zscaler and worked on implementing Zscaler in Production
Configure Palo Alto firewalls and help set up the firewalls in new office locations of SiTime in Europe and Asia.
Configured and maintained Palo Alto firewalls, including policy creation, NAT rules, and security zones to ensure proper traffic segmentation.
Managed Palo Alto Panorama for centralized firewall administration across multiple sites and streamlined configuration deployment.
Implemented threat prevention features in Palo Alto, such as Anti-Spyware, Antivirus, URL Filtering, and WildFire for advanced threat detection.
Conducted routine audits and fine-tuning of Palo Alto firewall rules to minimize attack surface and ensure compliance with internal policies. Experience with Cisco Nexus 9K, 7K,5K, 2K(Fex), NXOS/IOS/CATOS, ASR/ISR Routers, DMVPN, VPC/Port-Channels, HA(HSRP), Spanning Tree, DHCP, DNS, Telco Circuits
Perform forensic analysis on known security vulnerabilities and recommend risk mitigation procedures.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of Firewall logs using various tools
Perform analysis and reporting on security incidents, identify technical and procedural findings, and recommend remediation strategies or technical solutions.
Implementation of Domain Controller in Azure and configuring Azure DNS for domain infrastructure)
Hands on experience and demonstrated knowledge on Software-Defined Networking (SDN). Experience with Cisco ACI on Creating VXLAN’s, VTEPS, VNID’s, EVPN, Bridge Domains, Tenants, Application profiles, Contracts etc. on ACI.
Participate in IT security audits as required.
Troubleshooting firewall rules in Cisco ASA, Checkpoint, Z scalar
Expertise in understanding threat models to better protect against attacks.
Wells Fargo, San Francisco, CA April 2021- June 2023
Network Engineer
Responsibilities:
Extensive work on BMC Remedy for creating the Change Requests CRQs, Work Orders, and Incident Management.
Strong experience with Azure Networking, Security and Storage
Configure and deployed Palo Alto firewalls on AWS Cloud Environment
Implementing, configuring, and troubleshooting various routing protocols like RIP, EIGRP, OSPF, and BGP.
Performing network monitoring, and providing analysis using various tools like Wire shark, Solar Winds, Solaris, etc.
Configured ACLs in Cisco 5540 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping, NAT/PAT, ISE, and NAC.
Fortinet Firewall administration, configuration of FortiGate 3000, 3815 series as per network diagram.
Configured ASA 5540 to ensure high-end security on the network with ACLs and Firewall.
Configured and deployed BIG-IP LTM 8900 for providing application redundancy and load balancing.
Fortinet Forti Sandbox, Fortinet Forti Mail, Dark Trace Antigena
Implemented Quality of Service QOS, Policy Maps, Class-maps, and Policy Routing in the network infrastructure throughout all the different sites.
Integrated SD-WAN solutions with existing firewall infrastructure for enhanced perimeter and edge security.
Strong hands-on experience on Palo Alto Firewalls, PIX Firewalls, ASA Firewalls and implemented Security Policies using Panorama, ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Played a responsible role in implementing, engineering, and level 2 support of existing network technologies/services integration of new network technologies/services
Worked with Cisco Layer 3 switches 3560, 3750, 4500, 6500 Cisco Nexus 5000 and 7000 in a multi-VLAN environment with the use of inter-VLAN routing, 802.1Q trunk, and ether channel.
Key contributions include troubleshooting complex LAN /WAN/WLAN infrastructure that includes routing protocols EIGRP, OSPF, BGP, and RIPv2 HSRP.
Performed route filtering and route manipulation by applying distribute-lists, and route-maps offset lists respectively.
Strong working knowledge of AWS Networking such as VPC, EC2,Transit Gateway, Security Groups, VPNs, CloudWatch
Managed firewall using FortiGate to allow or block IPs, created policies added different interfaces and VLANs. installations, design, and implementation of Cisco solutions, VPN, Fortinet, VOIP
Experience with Azure Migration using Azure Site Recovery, Azure Migrate
Deployed Palo Alto Global Protect VPN for secure remote access and integrated it with enterprise authentication systems.
Monitored traffic logs and security events in Palo Alto using the integrated logging and reporting tools to identify anomalies and mitigate threats. Tested various BGP attributes like local preference, MED, and Weight and replicated customer issues in the testing environment lab.
Maintain asset management in Solarwinds and ServiceNow(SNOW)
Involved in the design, implementation, and configuration of HSRP for load balancing on L3 switches in different locations of offices on the switched network.
Successfully installed Palo Alto PA-3060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls.
Exercised implementing Tagging resources in AWS Accounts and used these tags for auditing, cost exploration and security remediate actions.
Worked on change management documentation of Network infrastructure design using Microsoft Visio.
Convert Branch WAN links from TDM circuits to MPLS and convert encryption from IPSec/GRE to Get VPN.
Implemented and configured various Lucent dense-wave-division multiplexing products as well as high-speed Ethernet over SONET multiplexors including the Wave star 400G, 800G, 1.6T
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Troubleshoot Cisco Applications, network issues, and custom products. Network: Cisco Catalyst 6K series, MDS9000 series
Worked in data center to manage tickets and apply diagnostic methods to troubleshoot data center equipment. Pulled required inventory as defined by the inventory process. Updated inventory systems as required.
Worked on F5 LTM, GTM series like 6400, 6800, 8800, and Rad ware for corporate applications and their availability.
Completed the HSS study and draft on Performance Management PM counters and KPIs and Fault Management FM events and alarms for Synchrony financial NMTP
Administered the Linux, Windows, Open Stack, Net Scalar, and Big IP F5 devices that make up the company's multi-tiered service architecture
Carnival Cruise Line, Miami, FL Feb 2020- Mar 2021
Network Security Engineer
Responsibilities:
Daily analyzed network traffic looking for trends and or malicious activities and created vulnerability reports with action plans.
Developed knowledge on VDC, VPC, LAPC, and Peer keeps alive.
Configured HSRP, VLAN Trunking 802.1Q encapsulation, VLAN Routing on Catalyst 6500 switches.
Migrated from Cisco ASA to Palo Alto firewalls
Maintain, install, and upgrade/downgrade Cisco hardware including routers, switches, firewalls, and data center switches like Catalyst 3560/3750/6500’s, ASA 5505-5550 firewalls, and Cisco UCS 6100/B-series blade servers.
Fortinet Firewall administration, configuration of FortiGate 3000, 3815 series as per network diagram.
Configured and maintained SD-WAN overlay tunnels across multiple ISP links to ensure redundancy and failover.
Good understanding of Juniper Q-Fabric Operation & Design
Currently work with network engineering to design, build, and support SD- WAN site implementations. implementation and administration of Next - Generation FIREWALLS of Palo Alto (PAN-OS/Panorama 7.11 & 8), Check Point (SPLAT & GAIA R8.10), Fortinet (FortiGate FortiOS), Cisco (Firepower) and Juniper (SRX).
Managed the AWS security policies and network configuration, including AWS direct connect, vpn failover, Multiple VPC's, user and site access to servers and accounts.
Implemented IPsec Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with Cisco PIX and Cisco ASA Firewalls.
Integrated Palo Alto firewalls with SIEM systems for real-time security monitoring and incident response automation.
Participated in disaster recovery and high availability (HA) testing for Palo Alto devices to ensure continuous network security operations. Design, implement and manage virtual networking within Azure and connect to on-premises environments, configure Express Route, Virtual Network, VPN Gateways, DNS and Load Balancers
Deployment and administration of Cisco routers and switches, upgrade and migration routers 4200,3600, 2800 and, Catalyst Switches 3750, Cisco NEXUS 5K/2K
Configuring, upgrading, and verifying NX-OS operation system with OSPF, BGP
AWS network engineering including VPC Peering, Transit Gateways, AWS Site - to-Site VPN, Transit VPCs, Hub VPCs, Palo Alto VM-Series, HA Proxy, Aviatrix Controller & Gateway, ELBs, NAT Gateways, Internet Gateways, OpenVPN and VPC endpoints/gateways/interfaces
Migrating Cisco ASA firewall Any Connect with secured VPN Users Group, including deployment of Two-Factor Authentication (LDAP+Soft Token) for VPN Clients.
Configured Security policies including NAT, PAT, VPN, route maps, and Access Control Lists.
Used AWS Macie to Analyze PHI/PII data in S3 buckets and write custom quires to enable visibility into the resources that have access to the privileged buckets.
Configurations of Check Point, Palo Alto, Cisco, Juniper, Fortinet FortiGate and SonicWall UTMs.
Installed Fortinet appliances for security and compliance
Responsible for installation and configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configuring OSPF, EIGRP, and BGP with ACLs planned in the Network Design Document following the ITSM change process.
Performs bandwidth and device upgrades on IOS-XR, IOS-XE, NX-OS, and IOS
Managed VPN migration from Nortel i100 to Palo Alto NGFW VPN devices.
Responsible for L2 & L3 support of customer’s Network and Security Infrastructure devices.
Configured port channel connectivity between core switches and server distribution switches connecting to storage devices.
Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
Gained knowledge of VoIP and video communications, SIP Trucking, and video streaming services.
Create and manage Azure AD tenants, manage users and groups, and configure application integration with Azure AD
Deployed Aruba and Cisco Wireless controllers, loading an SSL Certificate (GUI), SSL Certificate (CLI), Configuring 802.11 Bands, 802.11n Parameters, DHCP Proxy, SNMP, Aggressive Load Balancing, Fast SSID Changing, 802.3 Bridging, Enabling Multicast mode, IP- MAC Address Binding
Implemented BGP features such as AS-override, Local preference, and eBGP multipath load balancing.
Working knowledge and hands-on experience on Cisco GSR, Catalyst 6500, 7600/7200 series enterprise routers/switches while configuring RP.
Deployed and supported the Cisco Identity Services Engine (ISE) with the Cisco ASA 5500 series for VPN connectivity to endpoints in other regions across the organization.
Replacing Checkpoint VPN and Bluecoat proxy with Z scalar and worked on implementing Z scalar in Production
Successfully migrated TACACS services from Cisco ACS to Cisco ISE.
Traffic monitoring and managing using Palo Alto Panorama.
Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience
Installed Cisco AirNet access points and added them to Cisco wireless controller (5508), managed Aruba, Cisco wireless access controllers, troubleshooting LWAPP on Aruba wireless access points.
Migrated legacy F5 LTM and GTM appliances to newer version appliances.
Configured F5 GTM solutions, which include Wide IP, Pool Load Balancing Methods, probers, and monitors.
Zony Healthcare July 2016- Dec 2019
Network Analyst
Responsibilities:
Working with Juniper, Alcatel and the Cisco routers and monitoring the circuit for the trouble if any noted
Co-ordinating with the customer and vendor to get the issue resolved and providing solutions to Level 2 issues.
Creating, troubleshooting and escalating the customer related issues.
Configuring, monitoring and troubleshooting Tagged and untagged vlans on the switches.
Solving customer related issues and referring them to the senior level technicians for better solution
Configuration of routing protocols such as OSPF, BGP.
Maintaining the Lab network including switches and routers
Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, and associates network protocols and service.
Demonstrated experience in managing enterprise network systems, DNS, DHCP, TCP/IP.
Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP.
Involved in Local Area Network (LAN) implementation, troubleshooting, and maintenance as per company’s requirements.
Design, installation and troubleshooting networks with hand-on experience with OSPF, BGP, VPLS, Multicast, VPN, MPLS.
Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, and maintenance)
Troubleshooting and configuring of Cisco Routers and Switches Cisco
Implementation of Static Route, Dynamic routing, DHCP, DNS, FTP, TFTP
Performing various layer2/3 testing on circuit down, throughput, packet loss, latency, routing intrusively using juniper, Cisco and ADTRAN platforms
Initiating internal escalations on customer’s behalf, provide follow up and able to effectively manage customer needs
Performing multiple tasks on time including ticket administration, communication and follow up with supervision
Contact this candidate