| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Senior Network Security Engineer EMAIL AVAILABLE PHONE NUMBER AVAILABLECertifications: Cisco Certified Network Associate (CCNA) Cisco Certified Network Professional (CCNP)8+ experience in Networking and Security, widely in Network Security Products and Firewalls installation, Policy implementation, NAT translation and System Software Upgradation of existing Firewalls.Integrated Fortinet firewalls 2600F, 3500F, 4400F with SIEM systems and other security solutions to provide a cohesive security infrastructure and enhance threat visibility.Set up the firewalls on the Palo Alto PA-7080, PA-5220, and PA-3440 to permit access to essential business apps like salesforce while preventing non-business services as online sharing files.Implemented load balancing strategies using F5 VIPRION 4300, 2250, 2400 to distribute traffic intelligently across application servers, improving performance and reliability.Developed and implemented instructions to control networks and routers at different OSI layers for a number of Cisco router types, including the ASR 9910, 9906 series, and the 8100, 8200, and 6509E models.Worked on Python scripting for generation the firewall security policy through web visualization tool in checkpoint firewall.Troubleshoot and resolved complex network security issues involving Cisco ASA 5555, 5580, 5520 and 5515 firewalls to maintain optimal network performance.Configured TCP/IP routing protocols (OSPF, EIGRP, BGP) on routers and switches to enable dynamic and efficient path selection.ExperienceFidelity Investments Jersey City, NJ Nov 2023 PresentSr. Network Security EngineerSet up AWS Cloud Trail to collect and archive copious amounts of log entries with information about activities and support for customers.Used AWS Cloud Watch Data in real-world scenarios to analyze Cloud Trail logs and obtain a thorough grasp of security vulnerabilities and API activities.Improve the efficiency of dynamic as well as static media distribution; while building on AWS Cloud Front, certain storing information and filtration technologies were incorporated.Implemented ACI policies using Application Network Profiles (ANPs) to define application-specific network requirements and ensure consistent service delivery.Deployed and managed service graphs in Cisco ACI to automate the provisioning of network services such as load balancing, firewalls, and intrusion prevention.Worked on Cisco ACI's telemetry and analytics capabilities to monitor and troubleshoot network performance, ensuring optimal application delivery.Developed safety needs in close collaboration with administrators and designers, and implemented the necessary safety precautions on F5 Viprion.Working with the application and security development teams to create and execute specific safety protocols with F5 iRules.Installed, configured, and maintained chassis-based F5 Viprion 4800, 4100, and 4300N systems to improve network security and boost application efficiency.Using Viptela VPN links for SD-WAN to integrate company servers and distant locations, enabling safe interaction and easy utilization of integrated applications.Experienced history of using vAnalytics assessment reports to find and fix connection problems with Viptela SD-WAN systems.Implement vManage's graphics and knowledge to set up an ongoing diagnostic and treatment system by monitoring utilization trends, networking welfare, and production metrics.Developed and executed automating options, working with teams from many divisions that integrate the capabilities of Meraki MX 240, MX 480, and MX 960 routers with modern security protocols and technologies.Integrated IDs to Active Directory to facilitate utilization of resources and safe communication between different networks and enterprises.Install Cisco ISE to work well with current credentials and domains for the purpose to provide reliable support and security.Assistance with the more modern WAN routers' Infoblox installation, DNS configuration, and provisioning of SSH and admin IP links.Working knowledge using ISEC for real-time risk identification, incident management, and network-wide evaluation.Set up VPN connections across workplaces using FortiGate firewalls, allowing IPv4 and IPv6 connectivity for safe data transfer.Using FortiManager's rules-based management and updated tracking features for handling updating software and devices arrangement, which might require fewer staff members and could result in setup problems during deployment.Designed security evaluations and attack drills for the FortiGate 7121F, 4800F, and 3200F firewalls to identify vulnerabilities and address issues related to deployment and safety.Expertise with Cisco Catalyst switches, such as the 8200, 8300, 9200 series, as well as familiarity with a number of Cisco router types, such as the ASR 9904, 9906, 9910 series.Knowledge of the latest techniques for developing and enforcing network safety rules and protocols, especially with regard to Cisco Secure Firewall 3105 and 3110 deployments.Integrated anti-virus installations using Cisco Firepower SM-40, SM-48, and 4145 offered enhanced reporting and responses, real-time file and URL evaluation, and monitoring.Maintaining business standards-compliant knowledge of NextGen IDS/IPS firewall design, setup, and construction, including Palo Alto and others.Developing team ties across Palo Alto firewalls (PA-5420, PA-5220, and PA-7080 models) made it possible to transition from a Checkpoint-based network to a Palo Alto global system.Skillfully managed intricate security and safety issues using Palo Alto solutions and expertise, minimizing disruption and ensuring network integrity going forward.Installed Palo Alto Panorama's security mitigation toolssuch as weakness security, antivirus, and anti-spyware into setup and kept an eye on them to protect network resources.Development of special Python extensions that are capable of reading and assessing protected log data from numerous devices has resulted in the need for further forensic analysis and recovery attempts.Set up and run constantly: Ansible techniques enable the configuration and operation of security-related networks, such as switches, routers, and firewalls.Managing errors extra and having log-keeping tools to track and notify changes to configuration, device settings, and any difficulties, Netmiko scripts provide proactive monitoring and update verification.Monitored the patch management process for Cisco Nexus, VPC, and VDC devices; special emphasis was given to the Nexus 9800, 9500, and 9300 devices.Deployment of assets and software transfer were enhanced by the configuration and management of mixed network designs using Cisco Nexus switches.Improved and expanded privacy features for Juniper SRX 320, SRX 345, SRX 380, and SRX 1500 devices to minimize unauthorized access and fortify defenses against various cyberattacks.Discover Financial Riverwoods, IL JAN 2023 OCT 2023Sr. Network Security EngineerDesigned and implemented a disaster recovery solution leveraging F5 VIPRION's GTM capabilities, enabling seamless failover of application traffic between geographically dispersed data centers in the event of a site outage.Configured and managed F5 VIPRION Advanced Firewall Manager (AFM) for layer 4-7 protection against DDoS attacks and other security threats.Implemented load balancing strategies using F5 VIPRION to distribute traffic intelligently across application servers, improving performance and reliability.Working with across several functional sections to design and implement Viptela SD-WAN systems compliant with the organization's security and privacy policies.Applied on Viptela SD-WAN devices, upgrades were used to regulate safety, alert routing, next-generation firewall (NGFW) ability, and improved privacy and security of data.Improved efficiency and connectedness thanks to the setup and maintenance of SD-WAN systems based on the vEdge router and Viptela software.Configure EPGs and contracts in Cisco ACI to restrict usage of websites and the server side information and prevent unauthorized access to personal information.Using Cisco ACI with layer 47 services, such as transmission management and routing, resulted in increased safety and optimal distribution to programs.Added network productivity has resulted from the ability to promptly identify and fix connection problems, thanks to the ACI design.Implemented Cloud Watch, Cloud Trail, and Cloud Front applications to create a comprehensive monitoring and security approach for apps hosted on AWS.Utilized the use of AWS safety features, such as IAM rule-based monitoring limitation, encrypted data, multiple-factor authentication, and AWS management keys.Developed and enforced password policies and account lockout policies in Active Directory to enhance security and mitigate unauthorized access attempts.Maintained the creation of the Arista 5000, 7010X, 7020R Cloud Vision setup, which provides controlled and unified VXLAN management capabilities for process design and tracking.Associated with Aruba User Interface Data (UXI) devices to monitor and handle network security and effectiveness issues on a constant basis.Experienced in optimizing Arista, Cisco, Juniper, and Huawei network router manufacturer support with Netmiko to provide adaptability and uniformity in managing a range of network settings.Monitoring and assessing the DNS system using Infoblox software, we were able to identify security vulnerabilities and hazards associated with DNS disputes.Setting up and managing the Information Security Enforcement Console (ISEC), which ensures constant monitoring and network-wide execution of safety regulations.Monitor user information recognition, the Cisco ISE architecture now has extra safety safeguards in place.Configured and managed Cisco Secure Firewall 4245 and 4225 devices to protect internet connections from unauthorized use and online assaults.Implementation of FortiGate firewall rules, which limit access to vital applications to aware IPv4 and IPv6 handle zones, has enhanced safety for networks.Setting up and managing the network design and safety features of the Fortinet FortiGate 6500F, 4200F, and 3500F Firewall Series against external threats and unauthorized access.Installing up and refining the FortiGate firewall through administration, data evaluation, and client identity-based protection.Set up a variety of Cisco routers and Layer 2/Layer 3 connectivity to satisfy certain network requirements.Developed and implemented instructions to control networks and routers at different OSI layers for a number of Cisco router types, including the ASR 9910, 9906 series, and the 8100, 8200, and 8600 models.Configuring Python scripts to manage safety processes for safety network-based applications, schedule risk assessments, and evaluate logs.Developed the usage of Panorama for managing firewall policies, guaranteeing global Palo Alto Networks device conformity and uniformity.Utilizing Wildfire interactivity, configure Palo Alto Networks firewalls with customized safety records and IOC (Indicator of Compromise) settings.Install the specifications for building and maintaining the safety device to guarantee compliance with privacy policies on the PA-7050, PA-7000-100G-NPC-A, and PA-5410 Palo Alto Next-Generation Firewalls.Designed and implemented Palo Alto devices with tracking traffic, website filtering, program, and advisory functions. SSL and IPSEC VPNs were established and managed with Palo Alto Firewalls.Installing Nexus switches, you may maximize the benefits of network communication while also improving the efficiency and dependability of linked systems.Experience implementing Nexus switches from the 9300, 9400, 9500, and 9800 series to connect LAN MDF to IDF.Implemented site-to-site VPN tunnels and client VPNs using Cisco Meraki MX devices, ensuring secure communication between remote locations and headquarters.Implemented Mobile Device Management (MDM) with Cisco ISE to enforce security policies on mobile devices.Worked on Infoblox threat intelligence feeds to block access to domains associated with known malware, phishing, or command-and-control activities.Worked on deploying and managing intrusion detection and prevention systems (IDPS) to detect and block unauthorized access attempts, malware and suspicious network activities in an ISEC environment.Worked on the Cisco Nexus9000, 7000, 5000 series switches to provide comprehensive Layer 2 and Layer 3 services, including VLAN segmentation, trunking, and inter-VLAN routing, to meet diverse data center application requirements.Implemented advanced Layer 2 technologies Virtual LAN (VLAN) pruning and Spanning Tree Protocol (STP) tuning on Nexus to optimize network performance and eliminate broadcast storms.Designed ACI Spine and Leaf fabric with consideration for fault tolerance, load balancing, and non-blocking architecture to guarantee uninterrupted network operations.Enforced security policies and micro-segmentation within the ACI fabric using Contract and Filters to control traffic flows and restrict unauthorized access.Configured ACI Overlay Transport Virtualization (OTV) and Locator/ID Separation Protocol (LISP) to optimize data center interconnectivity for real-time traffic between geographically dispersed sites.Configured and optimized routing protocols, including BGP and OSPF, within the SD-WAN viptela and implemented HA solutions to ensure uninterrupted.Implemented and improved network languages for dealing with web protocol data securely and effectively for Juniper SRX 550, SRX 300, and SR 1600 routers.Fannie Mae Washington, DC JULY 2021 NOV 2022Network EngineerConfigured, Installed and upgraded Palo Alto and Checkpoint Firewalls for managed client which included network/resources access, software or hardware problems.Integrated Panorama with Palo Alto firewalls (PA-1410, PA-1420, PA-3250, PA-3260, PA-5050), for managing multiple Palo Alto firewalls with single tool.Deployed security profiles on Palo Alto and Checkpoint platforms for comprehensive security measures, encompassing URL filtering, Anti-virus, Anti-Spyware, Vulnerability Protection, Threat Prevention, and File Blocking.Worked with a successful Cisco Partner to migrate Palo Alto 5050 firewalls to CISCO FirePOWER 9300 firewalls with throughput up to 1.2TBPS crushing the current slow Palo Altos.Implementation of file transfer systems using FTP, NFS, and SSH (SCP) in Linux environment.Configuration and implementation firewalls/IPtables rules on new servers.Implemented various policies like NAT, QoS, Decryption, DoS protection in Palo Alto as per requirement.Helped the team to implement OTV on Nexus 7000 and 5000 series switches for efficient data center interconnectivity, allowing transparent extension of Layer 2 domains.Analyzed and troubleshoot on various communication TCP/IP protocols like FTP, FTPs, SFTP, HTTP and HTTPS.Build and configured Active/Standby, Active/Active for High Availability (HA) Failover on Palo Alto with stateful replication.Experienced with common encryption schemes such as symmetric/asymmetric encryption, hashing, SSL/TLS, Ipse, SSH etc. Using open SSL commands to troubleshoot issues related SSL certificates.Perform Splunk agent deployment, configuration and troubleshooting across a variety of platforms.Successfully deployed Cisco APIC 4.x controllers to centralize policy management, and automation for the cisco ACI fabric, simplifying network operations and enhancing agility.Proficient in using all amazon web services (AWS) EC2, EBS, IAM, S3, ELB, RDS, VPC, Route 53, Cloud Watch, Cloud Formation etc.Experience with Splunk technical implementation, planning, customization, integration with big data and statistical and analytical modeling.Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.Integrated F5 BIG-IP logs with Splunk for comprehensive log analysis, monitoring, and troubleshooting to detect and respond to network issues effectively.Coordinating with Security team for NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.Micromax India FEB 2016 JUNE 2021Network Support EngineerConfiguration of BPG on both Nexus and Palo Alto, moved SVI (server VLAN) interfaces from ASA core to Palo Alto.Configured 802.1q Trunk Link encapsulation and Ether channel using LACP in Corporate LAN environment.Hands-on experience on designing L2/L3 networks in Datacenter and large remote locations.Configured ACLs route filters, route re-distribution, etc on complex environments.Implemented network security for remote access by configuring site-to-site and clients-to-site VPN tunnels through multiple Cisco VPN concentrators and Checkpoint firewalls and maintained access policies for remote users.Deployed IOS upgrades on various cisco routers/switches hardware including Nexus platforms.SkillsSwitchesNexus 2k, 5k, 7k, Arista switches, Catalyst switches and Juniper switches.LANEthernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.WirelessCisco Meraki, Aruba wireless.Cloud servicesAWS Cloud (EC2, VPC, Route53) Direct connectRoutingRIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static RoutingFirewallPalo Alto, Cisco Firepower, ASA and Juniper SRX series, Fortinet (FortiGate) Firewall, Checkpoint Firewall.LANEthernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.EducationBachelors in EEE |
