| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate
Candidate's Name
Email: EMAIL AVAILABLESUMMARY: 9+ Years of experience in networking and security engineering with strong hands - on experience on network and security appliances. Extensive knowledge in configuring and deploying Next Generation Firewalls including Palo Alto, Cisco ASA, and Checkpoint Firewalls. Strong knowledge on leveraging advanced firewalls features like APP-ID, User-ID, Global Protect, Wildfire, NAT policies and Security Profiles. Profound working knowledge of administration and management of Palo Alto firewalls using centralized Panorama M-100 and M-500 devices. Expert level knowledge on configuring and troubleshooting IPSec VPN and SSL VPN tunnels for connectivity between site-site and remote location users by using IKE and PKI. Strong knowledge on Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), DDoS attacks and Kill Chain mitigation techniques. Expert level working knowledge on Wireless Infrastructure such as Cisco Meraki, Aruba, Clear Pass Access points, WLANs, RF tuning and BYOD management. Extensive knowledge on integrating firewall policies with 802.1X wireless, proxies, NAC solutions and any other source of user identity information. Experienced in load balancing with F5 LTM and GTM products and implementation of iRules and High availability of F5. Profound experience in working with Nexus-OS, VPC, VDC, OTV, FEX in the datacenters. Strong experience in upgrading Cisco IOS to Cisco Nexus NX-OS in the data centers. In-depth knowledge of routing protocols like BGP, OSPF, EIGRP, MPLS and Static routing. Expertise in installing, configuring, and troubleshooting of Cisco routers (7600, 7200, Nexus 7000, ASR 12000, 9000) and Cisco switches (Nexus 7000, 5000, Catalyst 6500, 6800). Hands-on experience in implementing layer3 security through IPSEC tunneling, Access lists, NAT, PAT and preventing the layer2 attacks like Mac flooding, VLAN hopping and DHCP snooping. Strong working experience in layer2 technologies and protocols including VLANs, VTP, Link Aggregation (LACP/PAGP), STP, RSTP, PVST+ and MSTP. Expertise in TCP/IP, Subnetting, Network Diagrams, Documentation and troubleshooting L2, L3 connectivity issues. Strong experience in working with SIEM tools such as Splunk, QRadar and monitoring tools including Wireshark, SevOne, SolarWinds with strong troubleshooting skills. Experience in handling and resolving tickets and strong hands-on experience on ticketing tools such as BMC remedy, Service Request and Open View. Excellent client/customer management, problem solving and troubleshooting skills with good communication skills.TECHNICAL SKILLS: Firewalls: Palo Alto Networks, Cisco ASA firewalls, Checkpoint, Panorama Palo Alto Networks firewall management. Load Balancers: F5 Networks (Big-IP), Cisco ACE & Brocade Load Balancers. Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K. Switches: Nexus 2K/5K/7K, Cisco Catalyst 6500, 4500, 3850,3560, 3750, 2960. Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN. Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing. Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging. LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, Cisco Prime. Wireless Technologies: AirWatch & WLC s (8510, 5508, 5706), Cisco Aironet s (2600, 3600, 3700), Aruba 225, Aruba 3000 controller & Airwave. Network Security: Cisco ASA 5540, ACL, IPSEC, F5 Load Balancer, ISE, SSL, IPSec VPN, GRE VPN. Network Management and Packet Analyzers: SolarWinds, Wireshark, SNMP, and TCPdump. Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS, and Linux. Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), Confidential, Adobe Photoshop, and Illustrator.American Tire DistributionSr. Network/Field Support Engineer Sep 2022- PresentResponsibilities: Monitor and respond to network intrusions and vulnerability alerts raised by automated detection systems, internal and external reports, and manual investigation, using tools such as: Solar Winds Network Monitoring, Source Fire IDS, Palo Alto and Checkpoint Firewall Administration. Develop F5 load balancer configuration for internal and external connections. Configuration and troubleshooting F5 LTM and providing level 2 and level 3 support for the customers. Extensively worked on virtual F5 LTM module on VMware for application testing. Design and deployed F5 LTM and GTM load balancer infrastructure per business needs from the ground up approach. Experience in managing the load balancers in a high-availability infrastructure. Configure and troubleshoot Bluecoat as forward proxy for all Web URL Filtering. Utilized RESTful API principles to create new API-based services for network automation, ensuring seamless integration with existing systems. Flask and Django both support building RESTful APIs, enabling developers to create APIs that follow REST principles for web services. Integrated automation workflows into the CI/CD pipeline, enhancing the speed and reliability of network deployments. Administered Windows Server environments, ensuring high availability and security of critical services. Configuring and managing firewall policies to ensure network security. Implementing security rules and access control lists (ACLs) on firewalls. Monitoring and analyzing firewall logs to detect and respond to security incidents. Managed Azure cloud infrastructure, optimizing performance and cost-efficiency. Applied the PURDUE model for ICS/SCADA to secure industrial environments, improving protection for critical infrastructure. Worked with RESTful APIs to automate data retrieval and configuration changes across network infrastructure. Optimized existing automation workflows by integrating them into a continuous integration and continuous deployment (CI/CD) pipeline. Configured and maintained SonicWall firewalls, implementing advanced security policies. Deployed and managed Cisco switches, ensuring robust and efficient network connectivity. Configure Bluecoat proxies using bluecoat director for content and URL filtering. Implementation and management of BlueCoat proxy servers to replace existing ISA Proxy servers layered with Websense content filtering. Applied strong understanding of TCP/IP, VLAN, and ACL concepts to optimize network performance and security. Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the Blue coat proxies. Migration of ISA Proxy to Bluecoat ProxySG to ensure data security, integrity, and compliance. Managed and optimized Akamai CDN configurations, improving content delivery speed and reliability across global platforms. HTTP (Hypertext Transfer Protocol) is a stateless protocol used for transmitting data on the web. It operates primarily over TCP/IP and follows a client-server model. HTTP uses request methods like GET, POST, PUT, DELETE, and HEAD to perform different operations on web resources. Contributed to the development of security strategies, including the integration of ICS/SCADA systems within the network. Assisted in the deployment of Cisco Firepower and Palo Alto Firewalls, supporting security architecture and project builds. Implemented and maintained Akamai Web Application Firewall (WAF) solutions, protecting applications from web-based threats. Configured and monitored enterprise firewalls, ensuring compliance with security policies and protecting the network from unauthorized access. Analyze IDS alerts to assess, prioritize, and differentiate between potential intrusion attempts and false alarms. Administered IDS / IPS to maximize network security, pushing and updating policies, and analyzing traffic. Monitor IDS logs filtering potentially threatening activity from normal network traffic. Provide high-level reports on the overall status of the Source fire implementation and operations to client's executive and management staff during daily morning briefings. Administrating Palo Alto Network Firewalls using Panorama Centralized Management System and troubleshooting firewall rules to prevent system problems. Implemented RESTful API integrations to enable seamless communication between network devices and management systems. Contributed to the development of a CI/CD pipeline for network automation, integrating automation tools and processes to support continuous deployment. Migration and implementation of Palo Alto Next-Generation Firewall seriesPA-500, PA-3060, PA-5060, PA-7050, PA-7080. Troubleshoot traffic passing managed firewalls via logs and packet captures. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall. Managed multiple security devices to protect the Enterprise's network - Vulnerability Scanners, Malware Detection, Intrusion Detection; Host based Firewalls, SIEM, Web Application Firewall. Tripwire Enterprise Administrator, monitoring over 4000 systems daily to include servers, databases, virtual systems, and network devices. Worked on the configuration and maintenance of Palo Alto Firewalls, contributing to the security of a multi-site network environment. HTTP headers allow the client and server to send additional information with the request or response, such as content type, caching policies, and authentication tokens. HTTP can support both secure (HTTPS) and insecure (HTTP) communications, with HTTPS using TLS/SSL for encryption. Involved in the implementation of security solutions for ICS/SCADA systems, focusing on the PURDUE model. Perform vulnerability, configuration, and compliance scan with Nessus to detect deficiencies and validate compliance of information systems configuration with organization's policies and standards. Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc. Django comes with an integrated Object-Relational Mapping (ORM) system that allows developers to interact with databases using Python objects. Flask, being more lightweight, can be paired with SQL Alchemy for ORM capabilities. Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures. Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality. Flask uses a simple and flexible routing system that allows developers to map URLs to functions easily, while Django provides a more structured routing system with URL patterns Established a robust patch management process for ICS/SCADA systems, coordinating with operations to minimize downtime while ensuring vulnerabilities were promptly addressed. Developed reports and metrics for senior Compliance management and Core Compliance as required. Utilized application groups, SSL decryption, IPS, antivirus, anti-spyware, URL filtering, NAT, VPN, and the Reporting features of Palo Alto.Deloitte, Austin, TX Feb 2019 Aug 2022Network Security EngineerResponsibilities:
Installation and maintenance of network infrastructure and configure, administer, and document, infrastructure. Managed the deployment, rules migrations, and network administration and responsible for converting rule base onto new platforms. Performed Network implementation that includes configuration of routing protocols, VLANs and IOS upgrades and installations. Django s forms and DRF serializers provide built-in data validation mechanisms, ensuring data integrity before processing. Flask requires the use of libraries like WT Forms or manual validation. Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, Spanning Tree, 802.1q. Configured IP access filter policies. Expertise in working with various Cisco routers such as CISCO 6500, 7613, CISCO-GSR, CISCO-GSR-XR, CRS-16/S. Experience in SolarWinds Network Performance Monitor, Network Configuration Manager, Network Traffic Analyzer (Net flow) and IP Address Manager. Involved in the activity of DATA-Center migration of regular Cisco catalyst switches with the new Nexus 2148, 2224T, 5548. Performing regular updates and patches to firewall firmware and software. Designing and implementing network security architectures using firewalls. Conducting security assessments and vulnerability scans on firewall configurations. Django has built-in serialization through Django REST Framework (DRF), making it easy to convert complex data types like query sets to JSON, XML, or other formats. Flask requires external libraries like Marshmallow for serialization. Access Control Implementation: Applied strict access control policies and role-based access controls (RBAC) within ICS/SCADA environments, ensuring only authorized personnel could access critical control systems. Firewalls and IDS/IPS Configuration: Configured advanced firewalls and intrusion detection/prevention systems (IDS/IPS) specifically for ICS/SCADA environments, tailored to recognize and mitigate threats specific to industrial protocols and systems. Developed and maintained automation scripts in Python for managing network devices, resulting in a significant reduction in manual tasks and improved operational efficiency. Configured and managed Ansible Tower for automated deployment and configuration of network devices, streamlining network management processes. Utilized RESTful API principles to create new API-based services for network automation, ensuring seamless integration with existing systems. Integrated automation workflows into the CI/CD pipeline, enhancing the speed and reliability of network deployments. Oversaw Office 365 administration, including user management, security settings, and collaboration tools. Implemented and supported Azure solutions, enhancing cloud integration and scalability. Managed Windows Server installations and updates, ensuring compliance with industry standards. Configured and troubleshot SonicWall firewalls, maintaining network security and performance. Led the optimization of Akamai CDN settings to enhance website performance and load balancing. Deployed Akamai security solutions, including both management and DDoS protection, to safeguard digital assets. Maintained and audited firewall configurations, ensuring continuous network security and incident prevention. Responsible for Checkpoint and Cisco ASA firewall administration across global networks. Hands-on experiences in configuring Cloud platform (Virtual Networks Multi-site, Cross-site, VMs, VNETs, Azure, Load Balancers, Azure SQL, Service Bus, Azure API gateway/Management Experience on dealing with Cisco Application Centric Infrastructure (ACI) by integration hardware and software products as per network layout. Implemented and supported network security solutions across on-premises data centers and distributed client locations, focusing on Palo Alto Firewalls. Configuring and managing Aruba Instant Access Points 215, 225 and troubleshoot network connectivity issues. Worked with layer2 switching technology architecture. Implemented L2 and L3 switching functionality, which includes the use of VLANS, STP, VTP and their functions as they relate to network infrastructure requirements including internal and external treatment, configuration, and security. Install, upgrade and configure Next-Gen Palo Alto Firewall series PA-500, 3000, 5000, 7000.Installed Palo Alto PA-3060 Firewalls to protect Data Center. Contributed to the development of security strategies, including the integration of ICS/SCADA systems within the network. Experience in enterprise anti-virus/anti-spam/anti-malware Confidential, including Symantec Endpoint Protection. Configuring rules and maintaining checkpoint VSX, Palo Alto Firewalls & Analysis of firewall logs using various tools. Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall. Experience in troubleshooting SAN related issues and firmware up gradations of SANs in VMware Assisted in the deployment of Cisco Firepower and Palo Alto Firewalls, supporting security architecture and project builds. Troubleshooting and analysis of hardware and software failures for various UNIX servers.Cox CommunicationsNetwork Security Engineer Aug 2017- Jan 2019Responsibilities: Configured, Troubleshoot and Maintained Firewalls policies on Cisco NGFW 5500 series and Palo alto including Security, NAT policy definitions; application filtering; Regional based rules; URL filtering, Data filtering, file blocking, User based policies. Configured Active/Passive HA links between Cisco Firewalls. Configured Firewall-security context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on Cisco Firewalls. Migrated from Cisco ASA to Palo Alto firewalls. Designed and developed API-based services using Python, enabling seamless interaction between network devices and monitoring tools. Worked with RESTful APIs to automate data retrieval and configuration changes across network infrastructure. Optimized existing automation workflows by integrating them into a continuous integration and continuous deployment (CI/CD) pipeline. Documented automation processes and API integrations, providing clear guidelines for future development and maintenance. Enabled the User-ID feature while creating policies based on users and groups rather than individual IP addresses. Configured windows USER-ID agent to collect host information using Palo Alto Global Protect. Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility and control over traffic. Created custom URL-filtering profiles and attached them to Security policy rules that allow web access. Configured Global Protect gateway to provide VPN connections for Global Protect agents. Configured Log Forwarding to forward logs from the firewall to Panorama and then configured Panorama to send logs to the servers. Hands on experience in blocking unauthorized users and allowing authorized users to access specific resources by configuring Access Control Lists (ACL). Spearheaded CDN management, focusing on Akamai s tools to reduce latency and optimize user experience. Integrated Akamai s security features into the existing network architecture, ensuring robust defense against emerging threats. Regularly updated and maintained firewall rulesets, aligning with evolving security standards and business requirements. Administered Office 365 environments, optimizing productivity and security for enterprise users. Configured and maintained Cisco switches, ensuring reliable network performance. Managed Windows Server systems, performing regular maintenance and updates. Implemented and supported SonicWall firewalls, enhancing network protection and monitoring. Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM Deployed Web Security Appliance like Cisco WSA S170 and Bluecoat Proxy SG S200/400 for Web Filtering, data loss prevention, and inspection. Installed and maintained Aruba switches, Aruba Wireless AP s and Aruba Virtual Controllers.Devon Energy, OklahomaNetwork Engineer Feb 2016- July 2017Responsibilities: Reviewing & creating the firewall rules and monitoring the logs as per the security standards in Cisco Firewalls. Configuration and troubleshooting F5 LTM and providing level 2 and level 3 support for the customers. Collaborating with Application owners, Network Team, DNS Team, and Firewall Team, to migrate applications from Legacy NetScaler Load Balancer to New F5 BIG-IP Local Traffic Manager Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /MAN, router/firewalls. Worked extensively on Cisco ASA 10/5540) Series, experience with convert PIX rules over to the Cisco ASA solution. Implemented Websense web filtering solutions, responsible for daily maintenance, logging analysis and troubleshooting. Performed network configurations and troubleshooting of OSPF, EIGRP and BGP routing protocols. Troubleshoot and provide rapid recovery on Enterprise LAN/WAN network on platform of 1000+ Cisco router and switches. Collaborating with IT and security teams to develop and enforce security policies. Ensuring compliance with industry standards and regulatory requirements for firewall security. Configuring virtual private networks (VPNs) and secure remote access solutions on firewalls. Deployed and managed Office 365 services, improving communication and collaboration. Configured and supported Azure cloud solutions, driving digital transformation initiatives. Administered Windows Server environments, ensuring stability and security. Administered Akamai CDN services, fine-tuning configurations to meet specific content delivery needs. Collaborated with security teams to implement Akamai's WAF and other protective measures across web applications. Configured firewalls for multi-site network environments, providing secure connections and reducing the attack surface. Implemented SonicWall firewall policies, safeguarding network integrity. Design and create dedicated VLANs for voice and data with prioritizing VOICE over data on catalyst switches and basic VOIP configuration. Designed and implemented DMZ for Web servers, Mail servers &FTP Servers using Cisco ASA5500 Firewalls. Responsible for secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures. Responsible for supporting and managing various network platforms, including Cisco switches ( s) and routers, Cisco ASA and Checkpoint firewalls, F5 and Nortel load balancers, SSL accelerators and VPN devices. Participated in on call support in troubleshooting the configuration and installation issues.Qick Technology, BangladeshJunior Network Engineer April 2015- Nov 2015Responsibilities: Worked with layer2 switching, VLANs trunking technologies and spanning tree protocols. Worked on Cisco switches and routers including physical cabling, IP addressing and Wide Area Network configurations. Performed troubleshooting in TCP/IP related problems and connectivity issues. Performed troubleshooting and resolved Layer2 and Layer3 issues. HTTP can support both secure (HTTPS) and insecure (HTTP) communications, with HTTPS using TLS/SSL for encryption. Established the network specifications by conferring with users through analyzing workflow, access information, designing router administration, interface configuration and routing protocols. Created network diagrams and documentation for design using documentation tools like MS VISIO. Maintained network performance by network monitoring analysis, performance tuning and escalating support to the vendors. Implemented Office 365 solutions, streamlining enterprise communication and collaboration. Managed Azure cloud infrastructure, driving cost-effective cloud solutions. Developed Layered Security Architecture: Implemented a multi-layered security architecture in line with the PURDUE model, segmenting critical ICS/SCADA systems into distinct security zones to minimize risk and exposure. Network Segmentation: Designed and implemented network segmentation strategies to isolate ICS/SCADA environments from corporate IT networks, reducing the attack surface and ensuring secure communications between levels of the PURDUE model. enveloped custom Python scripts to support API-based integrations, improving the efficiency and reliability of network operations. Collaborated with software development teams to integrate network automation into the broader CI/CD pipeline, enhancing overall system performance. Maintained and updated network documentation, ensuring accurate records of all automation and configuration changes. Django provides built-in authentication and authorization mechanisms, including user models, login/logout views, and permission management. Flask requires additional libraries like Flask-Login and Flask-Security to implement similar features. Both Flask and Django support middleware, but Django has more robust built-in middleware features for tasks like authentication, session management, and security, while Flask relies on third-party extensions. Assisted in the deployment and optimization of Akamai CDN solutions, contributing to improved web performance. Supported the implementation of Akamai security services, including SSL/TLS offloading and application layer defenses. Monitored and managed firewall systems, responding to alerts and ensuring secure network operations. Administered Windows Server environments, ensuring system reliability and security. HTTP/2 and HTTP/3 are newer versions that improve performance by allowing multiplexing of requests and responses, reducing latency, and enhancing security. HTTP supports content negotiation, allowing clients to request specific data formats like JSON, XML, or plain text based on their needs. Collaborating with IT and security teams to develop and enforce security policies. Ensuring compliance with industry standards and regulatory requirements for firewall security. Configuring virtual private networks (VPNs) and secure remote access solutions on firewalls. Configured and supported SonicWall firewalls, maintaining robust network security. Build, rebuild, and troubleshoot IBM/Dell laptops, Compaq/Dell/IBM desktops and Servers with 2000pro, XP Pro, 2000/03 server. Applied strong understanding of TCP/IP, VLAN, and ACL concepts to optimize network performance and security. Developed and maintained Python scripts for network automation, streamlining processes and reducing the time required for routine tasks. Troubleshoot and configure connectivity issues related to VPN, DHCP, DNS, Firewall DMZ. Implemented WAN, LAN, VOIP, Security solutions in health care, retail, manufacturing, and financial services. Configuring IPsec VPNs as per customer requirements with standard encryption and encapsulation. Reviewed network device configurations and recommended fixes using industry best practices. |
