Occupation:Network Security Engineer |
Location:Fremont, CA |
Education Level:Master |
Will Relocate:YES |
Description
Experience Summary: Around 6+ years of professional experience in Monitoring, Engineering, Configuring large enterprise Networks. * Strong hands on experience on Palo Alto (3020/5020), Checkpoints (R65/R77), ASA (5500 Series), Juniper (Net Screen 204). * Implemented Policies on Palo Alto for Security, QOS, Policy Based Forwarding (PBF), Decryption, Application Override, DOS and Zone Protection. * Experienced in handling centralized management system (Panorama M-100) for managing Palo Alto firewalls across all global locations. * Hands on experience in troubleshooting traffic by analyzing logs and packet captures on Palo Alto Firewall. * Expert in Monitoring Checkpoint Firewall traffic through Smart Dashboard and smart view Tracker Applications. * Expert in Migrating Cisco firewalls (5580-40) to Palo Alto firewalls platforms PA 5050. * Configured Active/passive High Availability for Pair of Palo Alto Firewall (PA5050). * Hands on experience with SIEM tools (QRADAR, Splunk and Solar Winds), Intrusion Detection and Prevention Systems (IDS/IPS) and log management. * Exposure to Wild fire feature of Palo Alto and initiated Malware Threat Assessment project utilizing Fire eye EX and NX. * Performing security troubleshooting in terms of checking ACLs and ACEs and traffic flow analysis using packet capture features. * Managed, deployed a VMWare ESXi Server as a test bed for validating security before implementation on the network. * Implemented and maintained Security Policies on Firewall by Using Audit tool like TUFIN. * Hands on experience on TUFIN SECURE TRACK to review any changes in Firewall Polices. * Strong knowledge on TACACS+, RADIUS and their integration with firewalls. * Knowledge on various cyber-attacks like Zero Day, DOS and DDOS. * Experience in Configuring VPN Encrypted Tunnels like IPSEC tunnels, MPLSVPN, DMVPN. * Proficient Knowledge on F5 Web Accelerator Module and Application Security Module (ASM) technology. * Experience with F5 load balancers (6400, 6800, and 8800) and Cisco load balancers (CSM, ACE and GSS), also migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers. * Proficiently implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps. * Worked extensively on Blue coat Proxy SG 600, 900 appliances for content filtering. * Adding Websites to the URL filtering block list in Bluecoat Proxies and upgrading firmware on the bluecoat proxies. * Datacenter Interconnect ASA firewalls' builds, and management with Cisco Security Manager (CSM) to implement GE standard Security policies. * Worked in Data center environment with Cisco UCS 6200 interconnects Cisco UCS B-series Blades. * Expertise in configuration and troubleshooting of Routing protocols like OSPF, EIGRP, BGP and policy based Routing (PBR) in Cisco 7600, 7200, 3800, 3600, juniper M320, T640, SRX series Routers. * Monitoring of Meraki routers by checking internet traffic, connectivity, resolving MAC CLONING/MAC FILTERING, Blue Coat security issues. * Configured OSPF redistribution along with authentication for type 3 LSA filtering to prevent LSA flooding. * Implemented OSPF configuration for stub areas and various features like route-summarization and SPF throttling. * Implementing 3750 Stackable switches using Cisco Stack Wise technology. * Implementation of HSRP and VRRP for Redundancy over Network devices. * Proficiency in the Configuration of Inter VLAN routing, Multi-Layer Switches, Ether Channels and Port Channel. * Hands-on Experience with Cisco Nexus 7K, 5K platforms and implemented VSS along with VDC and VPC. * Knowledge of implementing and troubleshooting complex Layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. * Extensive knowledge on TCP/IP, IPV4, UDP, Ethernet, Voice and Data Integration techniques. * In-depth knowledge and experience in WAN technologies like MPLS. * Well Experienced in configuring protocols ICMP, IGMP, PPP, PAP, and SNMP. * Extensive Knowledge and Experience in working with Network monitoring tools like Wire Shark, Solar Winds, SNMP, NetXMS, Pandora FMS. * Experience in Active Directory, FTP, Terminal Server, NAT, and Exchange Mail Server. * Managed inventory of all network hardware and Monitoring by use of SSH, Syslog, SNMP, NTP, TFTP and FTP. * Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow. * Understanding and Working with upgrades of JUNOS and Cisco IOS platform devices * Expertise in documenting network designs using Microsoft Visio. Experienced with network monitoring tools like SOLARWINDS and Splunk. * Using advanced troubleshooting features such as TCPDUMP, Wire Shark, and Packet Capture sniffing for debugging an appliances for Network connectivity issues. * Deploying Web Security Appliance like Cisco WSA S170 and Bluecoat Proxy SG S200/400 for web Filtering Policies. * Hands on experience with Wireless Intrusion Prevention Systems and technologies (i.e. Casper/JSS, Cisco Meraki). * Worked on configuring and troubleshooting Nodes, Pools, Profiles, Virtual Servers, SSL Certificates, I Rules, and SNATs on the F5 Big IPs using GUI and CLI. * Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, BGP on Cisco 76XX, 72XX and Juniper M320 routers. * Experience with manipulating various BGP attributes such as Local Preference, MED, Communities, Route-Reflector clusters, Route-maps and route policy implementation. * Detailed knowledge of critical routing and switching features such as QOS, FTP, NAT/PAT, and NTP. * In-depth knowledge on IP Addressing, Sub netting, VLAN, STP (Spanning tree protocol), & Switch Trunk VLSM and ARP, reverse & proxy ARP, DNS & DHCP, Ping and Trace route concepts.
Accomplishments
Highlights:
Keywords
