Responsibilities and Achievements
• I'm Senior Network Security Engineer having responsibilities on Checkpoint firewall, Macafee IPS, F5 WAF, Cisco VPN gateway, Palo Alto Firewalls besides Cisco switch operations such as commissioning, updating, troubleshooting.
• I do customer's demands in virtually shared firewall and design IPS, antivirus or malware profiles if purchased, also provide SSL VPN credential and role to reach their system. If liked, I assign user that they can manage only own virtual system in firewall. Also depending on customer's profile, I can present only firewall service or only threat prevention service or together using advantage of flexible topologies we designed.
• I implement content, spam and malware filter policies in mail security gateways. Besides continuous monitoring, reporting mail security statistics, deciding which action must be applied to a certain mail traffic, I solve nearly 20 events per a month.
• To minimize service interruptions and downtimes, interfering quickly during failure, doing deep investigations and analyzing on root causes to prevent same matters in future. Our team succeeds to keep SLA metrics higher than 99%. In root cause examination I use packet capturing from interfaces to reach further details analyzing TCP/IP if necessary.
• Mitigating cyber attacks with layered security structure. Thanks to customizing reports in firewalls, monitoring malware activities on email gateways, getting feedbacks from endpoints, I can take actions in a short time against even zero- day attacks using cloud sandboxing. Checking signature updates on security devices and reporting attack types with statistics inform about security posture monthly. I can observe and determine an malware contained by email traffic in many security points presented by layered security including firewalls, IPS and mail gateways.
• Actions of firewall's rule set in 8 different topologies, solving by myself averaged 50 tickets per a month in internal change management system and customer's task system
• In principle, all connections into datacenter must be terminated on security devices, then I can decide which type of connection must be used depending on security level of data included. I've done many MPLS circuit terminations and nearly a hundred site-to-site tunneling connections belonging to same group companies, other ISP's, partner and support firms and all banks in country. I design IPSec connections forcing peer side into our procedures, deciding encryption and hashing algorithms with other parameters. Thus, I provide connections in secure as much as possible, besides protecting resources and managability.
• I participate event analysis incooperation of other departments in datacenter discussing on hardening services or devices. I can make idea execution or evaluate any action offered by other sides analyzing effects on security approximations and procedures.
• Apart from operations as routine, I organize conversion of old security device configurations to new next generation firewalls having more sophisticated traffic controls. Analyzing routing and access lists, I converted Cisco ASA configurations to take behind Palo Alto firewalls also adding new security engines such as intrusion protection and application identification.
• I maintain case managements, patch/update jobs, remote sessions with vendor sites. Thus, we achieved decreasing amount of bugs, getting new features to help mitigations against attacks.
• I am responseibles of certification authority of Yapi Kredi Bank and also having management SSL certficates.
• I am the one of the Key Custodian of YKB.
• Responsible of HSM devices.
• I am responsible of visa regulations. Previous Employer/period: ISBAK Inc. / 1,5 years
- Senior Network Security Engineer at IT Department
- Business Developing Engineer at R&D Deparment
5 years, 4 months at this Job
- Master Degree - Management for Business Administrotion
- Bachelor's Degree - Electronics Engineering
• As a Network Security Engineer, Monitoring the health and welfare of security devices Monitoring security logs. Responding to device alarms logging tickets Fielding calls from customers for live troubleshooting on technologies like ASA, ISE, Firepower, VPN Working on NGFW, Cisco Identity Service Engine (ISE), Splunk, EM7, Secure Ops (ICS Ranger, ICS Archer, Remote Access). Implementing and Troubleshooting NGFW for customers, Logging into the customers devices remotely and find the device issue and troubleshoot accordingly.
• Designing and deploying multi-vendor firewall infrastructure such as ASA, Palo Alto.
• Working with security technologies such as Firewalls, ISE, VPN, IPS, ACL.
• Enable Packet Capture on the Firewall to verify the traffic flow between Source and Destination.
• Upgrading and patching network equipment's to latest and stable versions to mitigate venerability's and bugs.
• Involved in new installations and guiding field engineer through the physical setup.
• Designing and deploying ISE infrastructure at customer datacenters and making necessary changes as per the customer requirement.
• Staying up-to-date with bleeding-edge products, technologies
• Deploy Cisco ISE technology in infrastructure to establish secure and authenticated network users, and Supporting customers on distributed deployments for ISE Personas failure and integrating AD server and troubleshooting 802.1x authentication failures.
• Experience managing site-to-site VPNs in a production environment from client network to customers network, like checking tunnels connectivity.
• Configuring security features on routers, firewalls and switches such as AAA, ACLs, port security, DHCP snooping, SNMP, Logging, SSH and other access policies.
• Managing Cisco NGF such as Sourcefire and firepower devices and making necessary configurations via FMC.
• Worked on Cisco 4100 and 9000 firepower FXOS based chassis and configured virtual firewalls and FTDs.
• Managing customer IPS devices and making necessary signature tuning as per the requirement.
• Managing VPN infrastructure and configuring VPNs to newly acquired customer locations.
• Configured IKEv2 for enhanced security and features.
• Monitoring and investigating security events to identify malicious traffic and intrusions
• Monitoring the health and welfare of security devices, responding to device alarms logging tickets and detailing customer issues, fielding initial calls from customers
• Additional duties may involve analyzing security risks and developing response procedures.
• Perform network troubleshooting to isolate and diagnose common network Problems.
- Network Security Engineer at Cisco System
- Network Security Engineer at Benton, Dickinson and company
- Network Engineer at Crisp Systems
1 year, 8 months at this Job
- Masters in Computer - Computer science
- Bachelors in Information Technology - Information Technology
Rosslyn, VA Designated Approving Authority Rep. C&A / Network Security Engineer * Managed and approved accreditation packages. * Responsible for the accreditation of 13 classified and 12 unclassified network systems. * Reviewed authorization and assurance documents to confirm the level of risk were within acceptable limits for each software application, system and network. * Received an ATO for the Unclassified CAP and an IATO for the Classified CAP (individual project). * Participated in the 2005 DISA inspection of the US Pentagon. * Assisted with information and updates on all assigned network systems and projects. * Participated in EMSEC and TMAP inspections * Familiar with the guidelines and regulations of DITSCAP, ITA and DISA.
- Network Security Engineer at General Dynamics
- Department of State's Secretariat Executive Section - IRM at Mantech Strategic Associated, Ltd
- Uniform Protection Officer/ Security Control Center Operator at Department of State
11 months at this Job
- B.S. - Computer Information Systems
Engineer scalable and robust network services in compliance with industry best practices.
● Troubleshoot and coordinate with other stakeholders on any and all network security related problems.
● Design wireless networks for high capacity and full reliability with failover and mesh considerations.
● Audit existing wireless designs and configurations for RF environment flaws and defects.
● Network Security compliance auditing and remediation.
- Network Security Engineer at Cerdant
- Senior Consultant at GroupEleven Consulting
- Network Engineer, Abercrombie & Fitch at Abercrombie & Fitch
10 months at this Job
- Bachelor's Degree - Multidisciplinary Studies / Minors
- Associate's Degree - Liberal Arts and Sciences
Navigator Networks Present
• Researching & creating custom managed alerts in SolarWinds, Created UnDP (Universal Device Pollar) using specific OIDs
• CDP subnet discovery, Configured Network Discoveries for Subnets/VLANs for all sites in NPM, set devices to monitor based on device type Network Security Engineer Pleasanton, CA Navigator Networks/Kovarus, Inc. @ Simpson Strong Tie 1/19-2/19
• Connected Cisco Switches & Routers to a new SolarWinds Orion Server (NPM & NTA) for 50+ sites, each site had 1 to 3 devices, Aggregate/Core/MPLS,
• Removed NetFlow v5/v9 or Flexible NetFlow connected to old SW server, Installed Flexible NetFlow matching across all devices when supported, Set flow to monitor tunnel, internet, MPLS, internal network,
• Reconfigured Syslog setting for informational (level 6) logging to new Orion server to match on all devices,
• Reconfigured SNMP setting to new Orion server to match on all devices,
• Configured Network Discoveries for VLANs for all sites in NPM, set devices to monitor based on device type.
- Network Security Engineer at Navigator Networks
- Network/System Engineer at N/A
- Network Engineer at ENT Networks, Inc
- Technical Support Engineer II at Qualys, Inc
1 month at this Job
• Lead Migration Engineer responsible for migrating policy from various DoD Agency legacy firewalls, VPNs, WebProxys into JRSS.
• Responsible for providing training for all new Transport Security Engineers on the Joint Regional Security Stacks (JRSS), the Joint Management Network (JMN), and customer base migrations.
• Assisted in writing two winning contract proposals.
• Documented JRSS transport security systems and procedures through System Design Plans (SDP's), Engineering Design Plans (EDP's), and Tactics, Techniques, and Procedures (TTP's); contributing to a system baseline, providing for engineering continuity and familiarization for operations personnel.
• Performed initial lockdown of the Joint Management Network (JMN) to secure the Out-Of-Band (OOB) network and staged traffic profiling policies in order to create more granular security policies while not impacting management operations.
• Developed process' that will facilitate the AF migrating their current enterprise policy into the JRSS environment at the Agency NGFW level while minimizing the amount of time that maintaining multiple security policies will need to be maintained.
• Developed, validated, and documented several potential Web Content Filter (WCF) solutions for the JRSS environment; working with operations personnel to ensure that their requirements were met by the solution.
• Led troubleshooting and coordination efforts with DISA regarding the identification and installation of missing cables required for failover capability of the Client VPN ASA's at each JRSS Stack.
• Became the JRSS Remote Access VPN SME and have spearheaded related projects such as IOS and AnyConnect Client upgrades, writing the SDP and EDP, as well as leading the engineering effort for incorporating fly-away-kits and non-standard design efforts into the JRSS architecture. Also, responsible for the engineering and implementation of a multi-context RAVPN solution within the JRSS.
• Developed and provided training to Air Force (AF) Service Migration Team (SMT) to facilitate their entry into the JRSS environment and to help ensure a smooth transition.
- Senior Network Security Engineer at SMS Data Products Group, Inc
- Senior Network Security Engineer at The Centech Group
- Network Engineer III at The Centech Group
- Network Engineer at General Dynamics IT
4 years, 4 months at this Job
- Master of Science - Information Technology
- Bachelor of Science - Information Technology
Part of implementation and operational support team responsible for managing Checkpoint Security Gateways, Cisco ASA and Palo Alto at clients Data Center environment including DMZ and other remote office locations. ✓ Install, Configure and Upgrade Checkpoint, Cisco, Palo Alto appliances in the network and build high availability using ClusterXL on checkpoint, Active/Standby on Cisco ASA. ✓ Perform Firewall Policy provisioning on Checkpoint using Smart Center, PAN devices using PANAROMA Management Platform and CSM for Cisco ASA's. ✓ Firewall policy optimization and rule base clean up using both manual and automated tools. ✓ Perform Risk Analysis and design proper remediation steps to resolve critical and high risks following best practices and mitigating the risks by coordinating the changes with the users. ✓ Working on Firewall and Network changes using Serena ticketing system to track/address incidents, problem and changes. ✓ Perform Zero downtime firewall upgrades on various vendors like Cisco ASA, Checkpoint, Palo Alto PAN OS and migrations from one platform to another including planning, scheduling, testing, and coordination with the customer. ✓ Work on Advanced features like SecureXL and CoreXL for multi core based hardware/software acceleration, Threat Prevention, URL Filtering, App-ID, User-ID, Wild Fire. ✓ Configuring static NAT, dynamic NAT, Overlapping Address Translation on Cisco ASA Firewalls, Source/Destination based NAT on PAN devices. ✓ Build site to Site / B2B and remote access IPSEC VPN tunnels using communities on Checkpoint and troubleshoot ISAKMP and IPSEC configurations. ✓ Troubleshooting using Smart view tracker, Command line utilities like fwmonitor, TCPDUMP, Packet Injector. ✓ Vulnerability management we are having Rapid 7 scanner to scan of any vulnerability and follow up with server owner to fix and provide solution. ✓ Ensuring compliance of IT security policies and procedures, ensuring the devices are compliant to approved Security standards. ✓ Responding to outages and working closely with other teams and providers to debug and diagnose network and other related problems. ✓ Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework. Maintain Configuration, Documentation (VISIO's) and Records Management. ✓ Working with Client to comply with PCI compliance, SOC2 Auditing and remediation as required.
- Network Security Engineer at Checkpoint Security Gateways
- NetworkSecurityEngineer at Multiple Data centers
- Security Engineer at
- Network Engineer at IOS Security Configurations
1 year, 8 months at this Job
• Configure and manage Symantec DLP solution
• Assist Helpdesk staff install agents on all laptops, PCs, and Macs
• Review all incidents and take appropriate action (dismissing false positives and escalating others for further investigation)
• Modify built-in policies and whitelist certain websites to help tune out "noise"
• Create new scanning targets to discover where files are being copied/stored
• Update firewall rules to allow agents from various locations to talk to the central DLP server
• Manage devices and IP ranges in SolarWinds
• Add SNMPv3 configuration to Cisco ASA firewalls and Cisco WLC
• Maintain IP ranges in IPAM module
• Use CenturyLink logging/SIEM tool to troubleshoot security and network issues
• Maintain hosts in Masergy vulnerability management scanning tool
• Remove decommissioned hosts so they are not scanned
• Add new hosts
• Ensure DNS names are correctly listed
• Point of contact for troubleshooting network and phone issues when network engineer is unavailable
• Create / update network diagrams in preparation for PCI audit
• Update Cisco ASA firewalls with new permits/denies and remove unused rules
• Administer Qualys Vulnerability Management scanning tool
• Set up routine scan schedules and run ad-hoc scans to verify vulnerabilities are fixed
• Audit assets monthly to ensure old hosts are removed and new ones added
• Review all VM reports each month and cut tickets for any servers that need remediation
• Notify Unix and Windows admins of expired or soon-to-expire certificates
• Work closely with Risk team to provide information about where fraudulent activities are originating
• Find out what IPs the fraudulent sources are coming from and block in filtering tools
• Research IP blocks from known fraudulent companies and add them to filtering tools
• Run SQL queries and maintain table of known IPs to assist investigating fraudulent activity
• Work with external security companies to permanently block any malicious IPs on the Cisco firewalls
• Maintain Cyber Security training solution
• Manage users in training website
• Configure tool to send automatic reminder emails
- Network Security Engineer at Purchasing Power
- Caregiver at
- Senior Network Engineer / Analyst at CSE Consulting at Tribune Media
- Network Security Engineer at AOL
1 year, 2 months at this Job
- - Unix
- - Business Management
- - Business Administration
- - Forestry and Wildlife Science
- High School Diploma
• Technical lead, responsible for engineering, testing, and deploying firm-wide network compartmentalization (micro-segmentation) technologies to mitigate lateral movement vulnerabilities, for which evidence needs to be reported to the federal government
• Responsible for third party, vendor management for network appliances
• Create firm-wide security standards, controls, and policies to ensure a secure environment and regulatory compliance
• Engineer solutions to gain visibility into network traffic. Experience with technologies such as Illumio, Tanium, Netflow
• Experience using Splunk as a SIEM to capture large amounts of data using specified queries
• Data analysis and manipulation of global technology inventory management systems (>250,000 assets)
• Experience with threat modeling, and using the NIST and MITRE Att&ck frameworks as foundations for standards and controls
• Routinely work with SOC teams (Attack Analysis, Threat Intelligence, Red Team, Pentest Team) to perform various activities that aim to increase security posture
• Responsible for decommissioning end of life technologies with known security vulnerabilities
• Experience with NAC
• Experience securing endpoints using technologies that whitelist/blacklist network communications
- Network Security Engineer at J.P. Morgan Chase & Co., Cyber Security
- Network Engineer at J.P. Morgan Chase & Co., Global Network Services
- Sound & Lighting Technician at Breezy Point Cooperative, Colony Theater
- Engineer at NAS
1 year, 5 months at this Job
- Bachelor of Science in Computer Engineering - Computer Engineering
- NYS Fire Fighter 1 - Fire Prevention & Control - Fire Science
• Worked as a Security Engineer in Firewall Migrations to help create a migration path from one vendor specific firewall to the other.
• Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks.
• Designed and implemented a Highly Availablity WAN for Low Latency Real-Time Data, Voice, and Video Conferencing.
• Configured Palo Alto Firewall Clusters in Active/Passive mode for High-Availability. Thorough knowledge on the Active/Active HA mode for complex infrastructure.
• Migrated multiple Cisco ASA 5580/5520 firewalls to Palo Alto 5060/500 firewalls.
• Configuration of Cisco Identify Services engine (ISE) and 802.1X to enable the creation and enforcement of security and access policy (ACL) of End users to company network.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting. Perform advanced troubleshooting using Packet tracer and TCPdump on firewalls.
• Managed VPN, IPsec, Endpoint security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Palo Alto.
• Helped secure the Network from the "WannaCrypt" and "WannaCry" ransomware attacks by enforcing and deploying IPS signatures (688-2964) and anti-malware signatures for the SMB vulnerability exploit.
• Install, configure, and maintain network equipment and servers including Cisco Catalyst and Nexus series switches, Cisco Meraki switching and wireless, Cisco Firepower, Cisco UCS, and VMware ESXi.
• Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
• Performing Vulnerability scans across the Assets, Web Application Scanning for PCI compliance, running Reports and sharing with Compliance team for remediation of Vulnerabilities and performing firewall policy Audits.
• Configured and maintained Secure Shell (SSH) on routers using RSA.
• Captured packets by configuring span port and analyzed using WIRESHARK and TCPDUMP.
• Worked on Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA 5500 (5510/5540) Series.
• Planning, Designing & Implementing VPN connections using Checkpoint, ASA, Cisco PIX, and Cisco Routers using site-to-site VPN's.
• Processing application load balancer requests using F5 LTM, GTM and NetScaler load balancers.
• Provided administration and support on Bluecoat Proxy for content filtering.
• Editing and Changing Palo Alto Polices and Monitoring threats on firewalls according to the latest versions.
• Addressing Vulnerability exceptions and false positives reported by Audits and fix the audits to stop reporting false values. Environment: Cisco ISE, TCPdump, Wireshark, Palo Alto Firewalls, Checkpoint, Cisco ASA, F5 LTM and GTM, NetScaler, Bluecoat Proxy, IPS signatures, Cisco PIX (506E/515E/525), ASA 5500 (5510/5540), RSA, SSH, VPN, HA, Data Loss prevention, RAPID 7, Migration tool V3.3
- Network Security Engineer at Transamerica
- Network Security Engineer at Barclays
- Jr. Network Engineer at Thomson Reuters
2 years, 2 months at this Job