2013 - present SENIOR NETWORK SECURITY ENGINEER, 2013 - present
Lead teams in design, build and support of multi-faceted network and cloud-based security solutions for 800 workstations, 500 servers and 100+ network devices. Coordinate penetration testing, intrusion detection, vulnerability management, incident response, encryption, server and remote access technologies. Orchestrate risk analysis, advocate security upgrades and implement enhancements to network.
• Pioneered use of cloud managed network hardware as access layer of network, saving over $150,000 per year in maintenance and simplifying network architecture
• Decreased Nexpose vulnerability score on 800 workstations by 85%, awarded sizable spot bonus
• Saved over $100,000 by consolidating and reusing network gear across company
• Created script to collect data via API from Palo Alto firewalls, reducing audit times from 3 days to 2 hours
• Improved cyber security, decreased local administrative groups from 35% to 5% using Carbon Black Intellectual Ventures ~~~~~~~~~~) 2008 - present
- SENIOR NETWORK SECURITY ENGINEER at Intellectual Ventures
- NETWORK ADMINISTRATOR at Intellectual Ventures
- SERVICE DESK ANALYST at Intellectual Ventures
- MANAGER, SERVICE PRODUCTION at Northwest Computer
6 years, 5 months at this Job
- Associate in Technical Arts - Computer Information Systems
As the Senior Network Security Engineer, I'm in charge of mapping out the security footprint of the network and making a smooth transition from the previous company that was managing their network.
● Implemented 45 new Fortinet Firewalls as well as a FortiAnalyzer, FortiSEIM to replace the ASA's that were in place as well as eliminating multiple single points of failure.
● Redesigned the Meraki Wireless to a centralized controller to allow better management.
● Redesigned the connections between the stores to HQ by segmenting them off into their own policies as well as locking down what they had access to.
● Implemented 2FA Token based authentication for VPN and critical file access.
● Wrote new network access policies for Corp network access.
● Documented how the network is designed and trained a L2 engineer to assist in managing the security.
- Senior Network Security Engineer at ArtVan Furniture HQ
- Windows Cloud Systems Engineer at Comerica Bank
- Security Architect/HIPAA Security Officer at BeneSys Inc
- IT Consultant at C2ITSupport
1 month at this Job
- High school or equivalent
• Designated as a 3rd level Network Security Engineer to design, implement and support State Farm's multi-vendor, multi-site network communication environment.
• Extensive hands-on network administration of Palo-Alto firewall HA pair devices to add, modify and remove connectivity for internal users and applications.
• Successfully resolved various firewall change requests on PA-500, PA-5020 and PA-2020 using the Palo-Alto Panorama 8.1, 8.0 and 7.1.
• Analyze network traffic between different zones to determine any vulnerability to maintain 99.9% availability of the network.
• Administrate policy-based automation with Tufin Secure Track for efficient logging and monitoring of production and test firewall rules.
• Operation of F5 Local Traffic manager (LTM) along with proficiency in F5 based profiles, monitors, VIP's, pools, pool members, iRules.
• Scripted several iRules using TCL (Tool command language) for HTTP redirection.
• Develop Python automation scripts to configure multiple networks using Telnet Library, Paramiko, Netmiko and NAPALM.
• Develop scripts for network configuration tasks using telnet library in python 2.x - 3.x versions.
• Configured BGP and OSPF routing policies and formulated strategies for the expansion of the MPLS VPN networks.
• Diagnosed complex network connectivity issues using tcpdump packet analyzer, Ping and Traceroute using the Super Putty, Putty configuration tool for SSH, Telnet and Rlogin Client.
• Extensive Customer and vendor facing aptitude to troubleshoot and resolve network performance issues.
• Supervised a team of 7 members to regulate firewall audit to meet compliance requirements from the Federal Reserve System to remedy internal gaps to prevent potential security breaches.
• Reviewed the firewall rules and successfully recommend changes as part of the PCI and GLBA audits performed to meet the Governance, Risk Management and Compliance requirements.
• Integrated Agile management methodology while conducting the annual firewall audit.
- Network Security Engineer at State Farm Insurance
- Network Security Engineer at HCL Global Systems Inc
- Network Engineer at MasterCard Technologies LLC
- Network Engineer Intern at TekWissen LLC
1 year, 5 months at this Job
- Master of Science - Computer Organization, Computer Networks & Internet, Computer System Architectures, Communication Systems
- Bachelor of Engineering - Telecommunications Engineering
Abbott Park IL Mar 2019 - October 2018 Network Security Engineer Network Operations in support of Abbott Laboratories Global Network Cisco router support in MPLS, BGP and OSPF network environments Support of Cisco 6500 and Nexus 9K ACI switches Support of Extreme Networks Summit and Black Diamond switches Support of Checkpoint and ASA Firewalls Management of Riverbed WAN Accelerators, F5 and Citrix Load Balancers Support of Cisco and Extreme wireless networks
- Network Security Engineer at Wipro Limited
- Network Security Engineer at Dell Secureworks
- Network Engineer at BMO-Harris Bank
- Network Administrator at Sentinel Technologies
5 months at this Job
Millennium Challenge Corporation (MCC).
• Responsible for continuous operation and maintenance of the network infrastructure to ensure that the MCC network is secure, reliable and that performance is optimized for the available bandwidth. Network infrastructure consisted of Cisco ASA NextGen 5555 and 5525, Cisco 4500 VSS capable switches, Cisco 3850 Stackable, Cisco WLC 5505 and 2504, UCS 220 running ESXi to host CUCM 11.x and UCX 11.5, Cisco Prime 3.0 and Riverbed optimization devices.
• Participated in COOP exercises where VPN and Citrix system were stress tested to infrastructure capacity users stress tested infrastructure was able to support the entire MCC staff as remote users.
• Connected other federal agencies using EBGP and internal nodes using IBGP. Configured route-aggregation and route-manipulation using route-maps, prefix lists, communities, weight, metric, etc.
• Configured IPSEC VPN tunnels on Cisco ASA Firewalls to other federal agencies and filtered and authenticated unnecessary traffic from the other end.
• Assisted with ISE 2.3 supporting Wireless, Security Posture, and VPN modules.
• Assisted in replacing existing Emergency Notification System with Informacast.
• Regularly work with other federal agencies in meeting compliance status for network requirements. Responsibilities included addressing software and hardware vulnerabilities, providing interesting traffic feeds to federal agencies per compliance requirements and setting up monitoring on critical and classified business traffic for the internal security team.
• Work in conjunction with other departments and auditors for the annual FISMA audit of MCC infrastructure.
- Network/Security Engineer at Actionet Inc. (Network/Security)
- Senior Network/Security Engineer at Camber Corporation
- Network Security Consultant (Network/Security) - Professional Services at TWM Associates (TWM), National Institute of Allergy and Diseases (NIAID)
- Network Security Architect at Unisys Corporation
1 year, 2 months at this Job
- - Computer Science
Consulted for the Following Clients:
• Rackspace Inc. (Current) ◦ Management of Data Center infrastructure * Datacenter Route / Switch * Load Balancer * Firewall / Security Operations * Private Cloud Infrastructure Design
• Silent IT ◦ Nexus / UCS / Firewall architecting and deployment
• Accenture Federal Services ◦ Nexus / Firewall / Route-Switch / F5 load balancer - infrastructure documentation, cleanup, and redesign architecting
• Sungard Availability Services ◦ Infrastructure equipment documentation and upgrade ◦ Client network redesign and improvement ◦ Managed and implemented client migration from Sprint to AT&T
- Senior Network Security Engineer at Independent Network / Systems Engineering Consulting
- Principal Network Engineer at Independent Network / Systems Engineering Consulting
- Network Systems Engineering Consultant (Contract) at TekSystems Inc
- Senior Infrastructure Architect at Cisco SDN development
2 years, 4 months at this Job
- Associate of Applied Science - Management of Information Systems
• Implementation and support of the company's operations and client's network routers, switches, wireless, VPN connections, firewalls using variety of network protocols.
• BGP peering configurations and support with upstream providers, customers, and internal routing.
• Maximizes network performance by monitoring performance; troubleshooting network problems, outages and upgrades.
• Design and implementation of data network, evaluation, diagnosis, and resolution of network problems.
• Configure various network routers and switches with security hardenings - Cisco, HP, Dell, Alcatel, Juniper e.t.c
• Paulo Auto and Fortigate Firewall configurations and supports, trust/untrust connection filtering, access block/permission.
• Monitor, administers and configure firewalls (Paulo Auto, Cisco ASA and Fortinet), generate monthly reports.
• AT&T, Comcast, Firstcom etc internet circuit WAN turn-ups for clients.
• Responding to after-hours emergencies on a rotating basis
- Network Security Engineer at onShore Security
- Network/Security Engineer (Some Acad. Projects) at IIT
- Network Engineer at Keystone Bank limited
- Networks Engineer at Bank Phb PLC
3 months at this Job
- MBA - SME
- BSc - Computer Science
• Setup , configured and implemented IAM/IDM enterprise wide security solutions
• Setup, configured , upgrade and deploy PKI/IAM servers including DNS, Active Directory, webservers(Apachi, IIS), Database servers(Oracle and SQL)
• Administered PKI/IAM application servers including 1000+ Linux/Windows servers (Redhat/Centos6,7/Ubuntu servers and Windows server 2008 & 2012)
• Monitored enterprise wide PKI/IAM network infrastructure with monitoring tools including Bigbrother and Nagios monitoring Systems
• Installed and build/rebuilt Linux/windows server hardware configuration for PKI/IAM infrastructure
• Administered Certificate Products by granting, removing, and managing access/privileges for internal users and managed services
• Maintained SSL certificates infrastructure PKI/IAM customer solution following industry standards including PCI, NIST framework, ISO 27000, Sarbanes Oxley (SOX), and FIPS 140-1 or 140-2 validation
• Used OpenSSL application to generate self signed certificates and for CA signing
• Managed and maintained Remote Operator (RO) servers for remote communication to hosted HSM appliances
• Installed , configured and troubleshoot enterprise HSMs(Luna Network, PCIe and USB) for PKI infrastructure
• Managed and maintained enterprise PKI certificates systems including nCipher SafeNet Hardware Security Modules – HSM Appliances( Luna Network, PCIe and USB)
• Tested and applied OS security patches and upgrades for PKI/IAM virtual and hardware servers
• Certificate provisioning and certificate life cycle management, from configuration to deployment , renewal to revocation based on company defined policy
• Provided technical troubleshooting, training and skills transfer to other team members
• Fully supported the deployment of RSA 7.1/8.1 Mobile One Time Password (MOTP) for commercial customers
• Fully supported the deployment Single Sign-on technology throughout the enterprise from systems design through operational turnover
• Worked alongside with the Change Management department to follow stringent Change Management processes on configuration changes, usage and deployment of IAM/PKI solutions
• Coordinated with remote engineer/users to install/configure on site equipment
• Integrate Active Directory(AD) with UNICERT(IAM/PKI managed security solution)
• Manual and bulk user identity access provisioning with various privilege levels in UNICERT IAM solutions
• Design and implement network solutions in compliance with customer requirements
• Worked with customer to configure and deploy firewall remote access and site-to-site VPN solutions for managed services
• Participated in quarterly system test for compliance with disaster recovery and contingency plans
• Provided 24x7 operational support with on-call rotations
- Network Security Engineer at Verizon
- Network Field Engineer at ICORE NETWORKS
- CCNA Instructor (volunteering) at Salvation Accademy
- Network Associate at Z and D Information and Technology Co., Ltd
6 years, 7 months at this Job
- Master's - Information Security and Assurance
- MS - Telecommunications
- Bachelor's - Electronics and Information Engineering
• In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
• Managed rules on Cisco ASA, Checkpoint and Palo Alto NGX firewall
• Involved in configuring and implementing of composite Network models consists of Cisco7600, 7200, 3800 series routers and Cisco 2950, 3500, 5000, 6500 Series switches
• Security policy review and configuration in Palo Alto, Cisco ASA firewalls in US offices and data centers.
• Joined troubleshooting call with multiple team to resolve any network security related issues.
• Experienced with Checkpoint Gaia, SecureXL, IPSO.
• Experienced with Checkpoint Cluster environment.
• Experienced with Checkpoint SmartView Monitor, SmartView Tracker, Smart Console, Smart DashBoard.
• Experienced with Checkpoint Provider 1 as well as Smart Domain Manager (SDM)
• Experienced with multiple log servers of Checkpoint.
• Experienced with both Clish and Expert mode in Checkpoint.
• Experienced with Staging rule on policy base with Tufin Secure Change.
• Working on analysis policy, compare policy with Tufin Secure Track.
• Experienced with troubleshooting any kind of Checkpoint related issue with multiple team (like server team or application team) as well as with Diamond Support Engineer of Checkpoint vendor.
• Experienced with Palo Alto specially on Panaroma, Global Protect, Template, Device Group.
• Hands on experienced on Global Protect implementation on Palo Alto, troubleshoot with user to determine the issue related with GP.
• Hands on experienced to upgrade PAN OS from 7.0 to 8.0.
• Experienced with Add rule, add network object, EDL (external dynamic list), app-id exception, scheduled rule and so on in Palo Alto.
• Hands on experienced on Monitor, Packet capture, Proxy configuration on Panaroma.
• Experienced on CLI of Palo Alto.
• Troubleshoot with multiple team any Palo Alto related issue as well as PAN support engineer after opening case with Palo Alto.
• Experience in implementing F5 BIG IP load balancers.
• OS upgrade in F5 BIG-IP from 10.4.0 to 11.5.3.
• In depth knowledge and hands on experienced in iRules and iApps, as well as SNAT, NAT, Auto map and HA (High Availability)
• Hands on experienced in TcpDupms. and analysis with WireShark 1.8.2.
• Creating persistence profile, one-connect profile in F5 BIG-IP.
• Working and implementing GA and Topology LB method in F5 GTM.
• Hands on experience in SyncGroup in F5 GTM.
• Expertise in creating custom Health monitors, VIP's, pools, nodes for F5 LTM/GTM
• Performing troubleshooting on VPN connectivity issues, slow network connectivity issues, identifying the root cause of the issues.
• Hands on experience to monitor Blue Coat proxy high bandwidth utilization, health status, Policy analysis.
• Worked with network services like DNS, DHCP, DDNS, IPv4, IPv6, IPsec, VPN etc.
• Worked with Infoblox for secure DNS, DHCP and IPAM with Infoblox.
• Configured static NAT, dynamic NAT, dynamic NAT overloading
• Configuring ACL on ISE for making policies.
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Work assigned tickets (HPSM and JIRA) to determine the point of failure and resolve problems remotely utilizing available tools and other Operation Center resources.
• Documenting network configuration for all new equipment and creating equipment configuration backups and monitoring to work with existing network systems
• Provide escalation support to L1/L2 members of network team.
• Participating in testing of the internal network infrastructure in the new building and troubleshooting and remediating any issues.
• Work & escalate problems effectively in order to meet customer SLA's (service level agreements)
• Perform problem management and root cause analysis for P1/P2/P3/P4 incident. Environment: Checkpoint R75, R77, PaloAlto, F5 LTM and GTM, Nexus 2k/5k, Cisco 6500/7500/7200 Routers, Cisco 3550/4500/6500 switches, LAN, WAN, OSPF, RIP, BGP, EIGRP, HSRP, PPP, VPN, Checkpoint, Cisco ASA, McAfee EPO, Cisco ISE, EOP, Trend Micro, Kemp.
- Sr. Network Security Engineer at Capital One
- Checkpoint Engineer at Capital One
- Network Security Engineer at T-Mobile
- Network Security Engineer at CNSI
1 year, 11 months at this Job
• Designed, configured and implemented Remote access Client VPN (Global protect) with multifactor authentication (Gemalto) for users according to the business requirements.
• Configured and implemented new Palo Alto Networks devices, integrating with the network and to Panorama Centralized Management.
• Configured a pair of firewalls in an active/passive deployment.
• Worked with IT Security and configured PAN Security Profiles - Antivirus, Anti-Spyware, Vulnerability Protection, URL filtering, Threat Prevention, Data Filtering, Wildfire Analysis to stay current with industry best practices.
• Investigate security incidents and recommend actions needed to resolve situations.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Successfully installed Palo Alto PA-7050, PA-5020, PA300 series and 800 and 200 series firewalls to protects Data Center and provided L3 support for routers/switches/firewalls.
• Managed firewall policy lifecycle process from review, approval, implementation, publishing, verification and testing.
• Palo Alto user-identification implementation with KIWI server's user Palo Alto user-id agents.
• Palo Alto integration with VMware Virtual Desktop infrastructure.
• Palo Alto upgradation and degradation.
• Implementing Site to Site VPN from Palo Alto to Cisco ASA, WatchGuard FW, Juniper, Checkpoint
• F5 configuration, installation, Managing Big IP, GTM/LTM, IAPP.
• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE), VPN.
• Configured VLAN Trucking with Palo Alto interface.
• Responsible for maintaining availability, reporting and communication of the Confidential between it, its event-sources and the endpoints.
• Utilized Security Information and Event Management, Intrusion Detection & Prevention (IDS / IPS)
• Using Symantec End Point Protection for threat analysis.
• Creating object, groups, updating access-lists on Palo Alto, apply static, hide NAT using smart dashboard.
• Troubleshooting connectivity issues on the firewall. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Worked on Cisco ASA 5580 and 5585 VPN Firewall for site to site VPN's from Cisco Asa to Palo Alto, Microsoft Azure
• Worked on implementing polices for Cisco ASA from Interface point and object group as well as NAT.
• Experience in working with designing, installing and troubleshooting of Palo Alto firewalls.
• Configuring Checkpoint, ASA, Palo Alto for NAT (Static PAT/Manual NAT) to enable remote.
• Experience in working with checkpoint, Palo Alto Next-generation firewall, Cisco ASA and Panorama M-100.
• Experience on working with IPsec VPN, IDS/IPS, DLP, Application and URL filtering on checkpoint firewall module
• Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
• Worked on integration with SNMP, RADIUS and LogRhythm Confidential syslog server with Palo Alto and checkpoint firewall
• Experience in working on the Quarterly maintenance windows for failover, reboot of Checkpoint next-generation firewalls and Palo Alto firewalls, as well as other security devices
• Worked on troubleshoot and packet capture analysis on Palo alto firewall and checkpoint firewall
• Worked on Cisco ASA IPsec VPN tunnel and building security policies and packet analysis
• Worked on checkpoint firewall SMART Event Intro module for generating monthly IPS reports
• Experience on working with Confidential tool LogRhythm on adding the newly build windows and Linux log servers and creating policies for different alerts
• Worked on 24x7 on call shift with the proprietary STIMv2 ticketing management tool
• Deployment of Palo Alto , 7000 ,5000,3000 series firewall and checkpoint 12000 series firewall
• Perform troubleshooting by packet capture analysis using TCP Dump, FW Monitor, Wireshark and analyzing the PCAP
• Worked on Aruba Clearpass AAA technologies (Radius, TACACS, 802.1X, MAC authentication, and Web authentication)
• Experience in Network access control technology and platforms for wireless environments (Aruba Clearpass, Cisco ISE, etc.)
- Sr. Network Security Engineer at Brinks Home Security
- Sr. Network Engineer at ALTICE USA
- Network Engineer at New York Life
- Network Engineer at ST Solutions
2 years, 7 months at this Job