| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateDedicated Network Security Engineer with over 15 years of experience in designing, implementing, and managing secure network infrastructures. Skilled in threat detection, incident response, and vulnerability assessment, with a proven track record of reducing security risks and ensuring compliance with industry standards. Adept at using advanced security tools and methodologies to safeguard organizational assets.WORK EXPERIENCEJune 2022-CurrentSenior Network Security EngineerCandidate's Name
Jersey City, New Jersey, United StatesArchitect and manage network security solutions to protect corporate infrastructure and sensitive data.* Monitor network traffic using SIEM tools, analyzing and responding to security incidents in real-time.* Conduct regular vulnerability assessments and penetration testing to identify and mitigate security risks.* Configure and manage firewalls, IDS/IPS, VPNs, and other security appliances to ensure robust network defense.* Develop and enforce security policies, procedures, and best practices across the organization.* Collaborate with cross-functional teams to integrate security measures into network designs and projects.* Provide training and support on security protocols and tools to staff and stakeholders.* Automated configuration management and application deployment using Ansible, ensuring consistency across environments.* Created and maintained Ansible playbooks and roles to streamline provisioning and configuration.* Implemented Ansible Tower/AWX to provide a centralized platform for job scheduling and inventory management.* Utilized Python to create custom automation solutions for system monitoring and alerting.* Designed Python-based automation tools for configuration management and application deployment.* Leveraged Python to automate network configuration and management tasks, optimizing network performance and security.* Managed and maintained Illumio Adaptive Security Platform, ensuring optimal performance and security.* Troubleshot and resolved issues related to Illumio deployment, configuration, and operation.* Panorama Management: Adept at using Panorama for centralized management and policy administration across multiple Palo Alto Networks devices, streamlining security operations.* Security Policies and Rule Optimization (Palo Alto): Strong background in designing and optimizing security policies and firewall rules to enhance traffic flow efficiency while maintaining a robust security posture.* App-ID and Content-ID Expertise: Proficient in using Palo Alto's App-ID and Content-ID technologies for application-based traffic identification and content inspection to prevent leakage and detect threats.* Collaborated with cross-functional teams to integrate Illumio with existing security infrastructure.* Fortinet Firewall Management: Configured, managed, and optimized Fortinet firewalls (FortiGate) for enhanced perimeter security and intrusion prevention.* Policy Configuration: Implemented granular security policies, VPN configurations, and NAT rules on FortiGate devices to ensure secure data flow across internal and external networks.* FortiAnalyzer and FortiManager: Utilized FortiAnalyzer for advanced threat analysis and FortiManager for centralized network management and automation to streamline security operations.* Deployed and managed CrowdStrike Falcon to protect organizational endpoints, achieving a significant reduction in security incidents.* Implemented and managed security measures on Google Cloud Platform (GCP) and AWS, ensuring data protection, identity management, and compliance with industry regulations.* Conducted regular security assessments and implemented cloud-native security services like AWS Guard Duty, Iam policies, and* Designed and implemented scalable Kibana infrastructure integrated with Elasticsearch for real-time data visualization and high- performance search.* Deployed Kibana in a high-availability setup with load balancers and clustered Elasticsearch nodes, ensuring fault tolerance and minimizing downtime.* Integrated Logstash and Beats to streamline data ingestion into Kibana and Elasticsearch, enabling seamless analytics from multiple data sources.* Configured RBAC and secure authentication in Kibana and Elasticsearch using X-Pack, protecting sensitive data and managing user permissions effectively.* Developed interactive Kibana dashboards to visualize complex datasets, enabling real-time insights and data-driven decision- making for stakeholders.* Customized Kibana dashboards to meet specific business needs, creating tailored visualizations for monitoring key performance indicators (KPIs) and metrics.* Developed and implemented SOAR playbooks to automate threat detection, incident response, and remediation processes, reducing response times and increasing efficiency in handling security events.* Implemented and managed OPmanager for comprehensive network monitoring and management, enhancing visibility into network performance and device health.* Configured proactive alerts and automation workflows to quickly identify and resolve network issues, reducing downtime and improving service reliability.* Optimized network performance through detailed analysis and reporting using OPmanager's advanced analytics and dashboards* Integrated OPmanager with IT service management tools, streamlining incident response and ensuring faster resolution of network-related issues.* Configured OPmanager to monitor Windows servers using WMI, providing real-time insights into system performance, resource utilization, and health status.* Automated alerting for critical server metrics through WMI-based monitoring in OPmanager, ensuring prompt detection and resolution of issues Key Achievements:* Reduced security incidents by 20 % through enhanced monitoring and proactive threat management through Vectra AI.* Ownership of Illumio existing and deployed new plant for 9000 VDI.* Achieved ISO 27001 lead auditor and implementor, ensuring adherence to industry standards. Environment: Vectra AI, Illumio Micro segmentation, Tuffin, WAF Kona-AVI-F5), Cisco ISR 4431, Cisco Nexus 9000, Stack C-9300-48 SW, Cisco ISE, Checkpoint 6900-6400-5900-4600 and 4000, FortiGate, F5 Big IP 3600-4000, Bluecoat S200, Vcenter-VMware hosts, Splunk, VNX, Wireless access point, SolarWinds NPM. VNX, Symantec end manager DLP. Splunk. Syslog NG. Manage Engine. Cisco ISE. V-Center. Unity, Cyber recovery. GDPR, FedRAMP, FISMA, ISO27001, NIST SP800-53. March 2020-June 2022Senior Network Engineer/System Admin/Firewall Admin Office of the Secretary of the CommonwealthBoston, Massachusetts, United StatesMember of control center (SOC-NOC-Infra-SDLC-DEVOPs) and internal security audit team.*Member Purple-White-Red and blue team.*Administer and operation, Imperva web application firewall (WAF). DUO- 2 factor Authentication.*Administer end user security- CrowdStrike, Symantec and Ensilo protection.*Administer and operation, Cisco Identity Services Engine (ISE) for 391 no's of switches of city & town.*Implementation and operation DMARC, SPF, DKIM, and Profpoint-mail authentication system.*Administer and operate Data storage infrastructure: Unity 500/400/300/VNX.*Tiers 1-2 & 3 support for Network operation center's Router ISR 4431, Nexus 9k, and Stack C-9300-48 SW.*Administer and operation, Checkpoint PHONE NUMBER AVAILABLE- 4600-4000 firewalls and VPN boxes.*Tiers 1-2 & 3 support for Network operation center's F5 Big IP 3600-4000, Bluecoat -S200 proxies.*Administer-Build-operation and maintenance of Cisco Identity Services Engine (ISE) 3655 Appliances.*Designed and implemented robust security architectures on AWS and GCP, ensuring protection of cloud-based infrastructure and applications.*Managed security monitoring, incident response, and compliance for cloud environments using native and third-party security tools, ensuring adherence to best practices and regulatory requirement*Tiers 2 & 3 support 370 of individual city and town's Router ISR 443 and Stack C-9300-48 SW.*Tiers 2 & 3 support 370 of individual city and town's VMware host and VMs.*Manage Tier 4 (External vendors) for all city and town office and network operation center.*Manage MPLS connectivity for all city and town offices and network operation center.*Build-operation and maintenance- SolarWinds Orion monitoring platform for NOC - DR and all city - town.*Build-operation and maintenance -Manage Engine Enterprise with 8 probes for NOC - DR city - town. *Build-operation and maintenance REDHAT Linux based Syslog-NG for Splunk infrastructure.*Administer EMC VNX, Unity (300-400-500) storage array for both NOC and DR.*Perform change control management and management meetings.*Manage Tier 1-2 & 3 support tickets.*Administer and operation-motion, V-center, V-spear client, iDrac, ILO. SRM.*Administer, SCCM, Lan-sweeper, Bomgar, Ensile-Symantec.*Administer, Dell Cyber recovery vault. AVAMAR.*Power user for, IDPA 4400, 6900*Administer, Cherwell, Service desk, Jira. Mange Engine OP manger Enterprise. Key Achievements:* Improved incident response times by 30% through automation and streamlined processes.* Played a key role in securing network infrastructure during a significant company expansion. Environment: Imperva-WAF, Cisco ISR 4431, Cisco Nexus 9000, Stack C-9300-48 SW, Cisco ISE, Checkpoint 6900-64005900-4600 and 4000, FortiGate, F5 BigIP 3600-4000, Bluecoat -S200, Vcenter-VMware hosts, Splunk, VNX, Wireless access point, SolarWinds NPM. VNX, Symantec end manager. Splunk. Syslog NG. Manage Engine. Cisco-ISE. SRM. VCenter. Unity, Cyber recovery, IDPAs. . GDPR, FedRAMP, FISMA, ISO27001.November 2018-March 2020Network Security Eng Server AdministratorIHSMarkitNorth Andover, Massachusetts, United StatesWorked with COLO service provider Toward Ex-Boston and Zayo-Ocland at DR locations for bandwidth, data and hosting related services.*Procured, install, configured, backup and restore (ASDM) of Cisco ASA firewall 5520(with active failover), 5508, 5515x, 5545, FPR2110 (Next Gen) and Palo alto 2030.*Configured IPS/IDS, Create and maintain access and NAT rules, allow/deny port services and IPs monitor SYN and DDOS attack and vulnerability scan, maintain site to site VPN.*Responsible of maintaining Cisco Switches 6881(2),3850(10), Catalyst 4948 (2), S0220(5) using cisco network assistant.*Execute and report weekly vulnerability scan through CLI scripting by Microsoft baseline security 2.3.*Worked with external and internal security audit teams, Pen-testing team to ensure network data security.*Responsible for SolarWinds syslog server. Maintain report for firewall and windows log.*Solely, responsible of procuring, install, deploy import/export and update for SSL certificates from GoDaddy. Configure IIS crypto for www servers.*Configured maintain SFTP server (Bit vise), Users, folders. Whitelist Ips. Public key/private key through PGP Tool encryption software.*Configure, install, upgrade, maintain VMware ESXI 6.5 bare metal host, VM machines (APP, WWW, DB, Admin) servers.*Administer, over 300 (Three Hundred) VM and VDI (virtual desktop) servers including Domain controllers, SMTP, WWW, Db, App and printer servers.*Performed, VM backup restore, Quick Migration btw servers/host, Troubleshooting of services with VEEAM 8.0 and Acronis 12.1 Server software.*Administer, Wireshark 2.6.3, Oracle Dyn, DNS filter, Symantec Endpoint server (2), Key pass,Microsoft phone factor, Centrix single sign on, VPN (SunGard), Cisco any connect, Skype for business, Microsoft team, Lync, Team viewer.*Install and configure, upgrade environment for new boarding's. Configure, Office 365, SharePoint, VDI, Time slips.*Manage level 1-2-3 trouble tickets.Environment: ASA 5508, 5515x, 5545, FPR2110 (Next Gen) and Palo alto 2030, Windows server 2016,2012, 2003.Veeam, VMware ESXI6.0. Whatsup Gold, Bit vise SFTP server.September 2013-October 2018Network security EngineerRahima GroupUnited StatesIn the process of Data center fabric migration, performed migration from legacy Catalyst 6513 Switches to Nexus 7010 switches adhering to ITIL change Management Procedure.*Configured and maintained VPCs with Nexus 3K and 5K in the network. Also configured and maintained VDCs in 7010 switches, maintained VRFs in those separate VDCs.*Configured and Maintained Cisco UCS 5000 series blade server and Monitored resources on UCS manager.*Worked with Sup 2E for 7010 switch, F cards for L2 switching and few M cards for L3 proxy routing purposes for F cards. *Used Fabric Extenders like 2248TP GE series for the top of the rack solution and used 5548P for the end of the row solution.*Scheduled maintenance of Nexus (5548, and 7010) switches so that there are no Orphan ports in the network, and all Users to be dual homed, so that they have sufficient redundancy.*Worked on OTV to extend L2 VLANs between data centers over IP on Nexus 7010 switches.*Worked on 3600, 7200, 7600 series Cisco routers.*Configured and maintained EIGRP, OSPF and BGP on Cisco Routers.*Maintained TACACS+ and RADIUS servers for AAA authentication and user authentication.*Used DHCP to automatically assign reusable IP addresses to DHCP clients.*Used Cisco ASA 5520 firewall for Enterprise security, configured ACLs for Internet requests to Server Farm in LAN and DMZ.*Configured, Avaya IP telephony system.*Provided VPN services to site-to-site and, Remote access VPNs using IPsec and GRE tunneling mechanisms. Performed network administration tasks such as creation and management of VLANS, Port security, Trunking, RPVST+, Inter-VLAN routing, and LAN security.*Configured policy statements, and routing instances.*Performed Network Security Assessment and implemented security features such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.*Maintained F5 for providing application redundancy, load balancing and policies.*Used internal network monitoring tools to ensure network connectivity and Protocol analysis tools to assess the network issues causing service disruption.Key Achievements:*Streamlined network operations, leading to a 30 % increase in overall efficiency.*Played a pivotal role in a major network upgrade project, enhancing system performance and reliability. Environment: Microsoft SharePoint Server 2010, Microsoft FAST Search Server 2010 for SharePoint, SQL Server 2008 R2, Team Foundation server 2010, C#.Net, VMware Workstation, PowerShell 2.0, Windows Server 2012 r2 and 2008 R2, Active Directory, O365, ASP.NET and HTML. Nexus 7k. Catalyst 3750X. ASR 1000 series routers, 7200 series and ISR routers 2800.F5 LTM, BluecoatNovember 2007-July 2013Network security EngineerLink3 TechnologiesDhaka, BangladeshDocumented the company's design, implementation and troubleshooting procedures.*Performed routine network maintenance checks as well as configuring and managing printers, copiers, and other miscellaneous network equipment.*Experienced on long haul single mode fiber cable laying (2000 km) Experienced on FTTx technology with splitter and dome, Certified Exfo and Fujikura fiber tools.*Experienced multimode fiber termination for BTs switches.*Got Hands-on experience in maintaining and troubleshooting RIP, OSPF and EIGRP routing protocols. *Configured RIP and EIGRP on 2600, 2900 and 3600 series Cisco routers.*Implemented VTP and Trunking protocols (802.1q and ISL) on 2900 and 2940series Cisco Catalyst switches.*Performed IOS upgrades on 2900 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP.*Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, Frame relay, NAT, DHCP, TCP/IP). *Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different applications and blocking others.*Worked on Airtel (GSM) telco BTS's to build and commission soft switches and telco devices.*Configured STP for loop prevention and VTP for Inter-VLAN Routing.*Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.*Performed scheduled Virus checks and updates on all servers and desktops.*Worked on network-based IT systems such as Racking, Stacking and Cabling. Environment: Windows 2003/2008 Server, MOSS 2007, Microsoft SharePoint 2010, IIS, DNS, AD, Microsoft SharePoint designer, Microsoft Visual Studio 2003, 2007, Windows XP/2003/Vista. Cisco 7200 series and 12000. EDUCATION-CurrentMSGeorgia Institute of TechnologyAtlanta, Georgia, United StatesMS Cybersecurity, Georgia Institute of Technology. Atlanta GA. (On going). Cybersecurity-CurrentBachelor of ScienceStrayer UniversityAtlanta, Georgia, United StatesBachelor of Science Cyber Security Technology. Strayer University. Atlanta GA. Cyber Security Technology-CurrentBachelor of Science in Computer ScienceWorld University of Dhaka BangladeshUnited StatesBachelor of Science in Computer Science. World University of Dhaka Bangladesh. Computer Science-CurrentAssociate degreeWestwood CollegeAtlanta, Georgia, United StatesAssociate degree- Cyber security. Westwood College. Atlanta GA. Cyber securitySKILLSNetwork Security Cisco Network Systems Protective Services VMWare VPN (Virtual Private Network) Symantec Product Family Automation Amazon Web Services (AWS) F5 BIG-IP Cisco Nexus Switches FISMA - Federal Information Security Management Act ISO (International Organization for Standardization) Splunk VMWare vCenter Wireless Communications Intrusion Detection Systems Artificial Intelligence (AI) Ansible Auditing Configuration Management Information/Data Security (InfoSec) GCP (Good Clinical Practices) Cloud Computing Identity Data Management Inventory Management Network Configuration Management Network Performance/Analysis U.S. National Institute of Standards and Technology (NIST) Penetration Testing Python Programming/Scripting Language Security Infrastructure Security Protocols Security Information and Event Management (SIEM) Computer Security Security Auditing Authentication Change Control Data Storage DevOps Firewalls Incident Response Atlassian JIRA MPLS (Multi- Protocol Label Switching) Network Architecture/Engineering Network Administration/Management Red Hat Linux Operating System Regulatory Requirements Network Routers System Center Configuration Manager (SCCM) Software Development Lifecycle (SDLC) Customer Support/Service Internet Application DNS (Domain Name System) Microsoft IIS Web Server (Internet Information Services) Identify Issues Cisco ASA (Adaptive Security Appliance) Microsoft SharePoint Data Recovery Cisco Switches Cryptography Denial of Service (DoS) Import/Export Oracle Printers Systems Administration/Management Secure/SSH File Transfer Protocol (SFTP) Single Sign-On (SSO) Skype SMTP (Simple Mail Transfer Protocol) Digital Certificates Desktop Virtualization VMWare ESX/ESXi Vulnerability Scanners Microsoft Windows Server Wireshark (Ethereal) Cisco Routers DHCP (Dynamic Host Configuration Protocol) EIGRP (Enhanced IGRP) Open Shortest Path First Protocol (OSPF) VLAN (Virtual Local Area Network) Microsoft .NET Microsoft Active Directory Microsoft ASP.NET (Active Server Page) Avaya Software BGP Blade Servers Microsoft C# (C Sharp) Change Management Cisco Unified Computing System (UCS) Network Operations Center Enterprise Protection HSRP (Hot Standby Router Protocol) HTML (HyperText Markup Language) IP (Internet Protocol) Internet/IP Telephony IPsec (IP Security) ITIL (IT Infrastructure Library) Local Area Network (LAN) Load Balancing Network Connectivity Network Monitoring Windows PowerShell Protocol Analysis Remote Access Security Analysis SNMP (Simple Network Management Protocol) Microsoft SQL Server SSH (Secure Shell) TACACS+ (Terminal Access Controller Access Control System Plus) Team Foundation Server (TFS) Computer Workstations Copying Machines Ethernet Frame Relay GSM (Global System for Mobile Communications) iOS ISDN (Integrated Services Digital Network) Microsoft Visual Studio SharePoint Server 2007 Network System Hardware Routing Protocols TCP/IP (Transmission Control Protocol/Internet Protocol) TFTP (Trivial File Transfer Protocol) VLAN Trunking Protocol (VTP) Microsoft Windows 2003 Microsoft Windows XP Microsoft Windows Azure Bash Scripting Cable CCNA - Cisco Certified Network Associate CCNP - Cisco Certified Network Professional CEH - Certified Ethical Hacker CompTIA A+ CompTIA - Computing Technology Industry Association CompTIA Security+ Computer Science Internet Security Gigabit Ethernet Internal Audit ISO 9001 JNCIA - Juniper Networks Certified Internet Associate Juniper Networks Product Family Linux Operating System MCSA - Microsoft Certified Systems Administrator MCSE - Microsoft Certified Systems Engineer Metasploit MRTG (MultiRouter Traffic Grapher) Nessus Network Protocols NMap Operating Systems Publications Risk Analysis Risk Management Scripting (Scripting Languages) Snort SSL-TLS (Secure Socket Layer - Transport Layer Security) TCP (Transmission Control Protocol) Test Tools Threat Modeling Unix Operating Systems VMWare vSphere Wide Area Network (WAN) Microsoft Windows 7 Problem Solving Skills Testing Cross-Functional Training/Teaching Intrusion Prevention Systems Security Monitoring Best Practices Computer Network Defense (CND) Regulatory Compliance Performance Tuning/Optimization Firewall Administration Network Security Design Industry Standards Maintain Compliance F5 Network Software Cisco Unity Systems Engineering Security Architecture Dell Computers VMS Operating System Supplier Relationship Management (SRM) Virtual Machine (VM) Network Support Symantec Endpoint Security Software Administration Data Administration Process Development NAT (Network Address Translation) Trouble Tickets Failover Microsoft Windows Phone Microsoft Product Family External Audit PGP Encryption Software Database Administration Purchasing/Procurement Common Language Infrastructure (CLI) DMZ Microsoft FAST MD5 (Message Digest Algorithm 5) GRE (Generic Routing Encapsulation) RADIUS (Remote Authentication Dial-In User Service) Microsoft C# .NET (C Sharp .NET) Data Processing Cisco Catalyst Switches Data Migration Systems Reliability Network Routing Documentation RIP (Routing Information Protocol) Procedure Implementation 802.1 Windows Vista Viruses Desktop PC Information Technology & Information Systems Windows Server 2008 R2 Network Switching MCSE+I - Microsoft Certified Systems Engineer Checkpoint Firewall Spanning Tree Protocols Rapid Spanning Tree Protocol (RSTP) VLAN (Virtual Local Area Network) Protocols Security Compliance UDP (User Datagram Protocol)CERTIFICATIONSCisco Certified Network Professional (CCNP) Routing and switching Cisco Certified Network ProfessionalCisco Certified Network Associate (CCNA) Routing and switching Cisco Certified Network AssociateCertified Information Systems Security Officer (CISSO) Certified Information Systems Security OfficerCisco Certified Network Associate (CCNA) SecurityCisco Certified Network AssociateCNSS 4011(Information Systems Security (INFOSEC)CNSS 4011(Information Systems SecurityCisco Certified Network Associate (CCNA) VoiceCisco Certified Network AssociateISO 27001 lead auditor and implementorMicrosoft MCSA, MCSE+ Internet, MCBDAD-Link Cable & Switching associateCertified Network ProfessionalCertified Ethical Hacker (CEH)Certified Ethical HackerISO 9001-2008 internal auditCompTIA A+, CompTIA NetworkCertified Network AssociateJuniper network (JNCIA)Juniper networkCisco Certified Network CompTIASecurity+ Cisco CertifiedSecurity+JNCIA MCSEMCSACCNPCCNAACLsHONORS & AWARDSMember of Honor SocietyLANGUAGESEnglish - AdvancedWORK AUTHORIZATIONI am authorized to work in the following countries: United States |
