Senior network security engineer
Download as DOC, PDF1 like428 views
Dwaraganath VJ is a senior network security engineer with over 14 years of experience in network and security. He has extensive experience implementing and managing network infrastructure including routing, switching, firewalls, wireless, and security devices. He is proficient in technologies from Cisco, Palo Alto, F5, Check Point and has various IT certifications.
Senior network security engineer
- 1. Dwaraganath VJ Senior Network Security Engineer Phone: +1 224 303 5491 Email ID: [email protected] Professional Summary Having around 14+ years of experience in Network & Security. Worked extensively in infrastructure management services in production environment and data center engineering and operations. Hands on network security implantation for data centres. IT Certifications Cisco Certified Network Associate (CCNA) Cisco Certified Network Professional (CCNP Routing & Switching) Information Technology Infrastructure Library(ITIL) Splunk Training Certification Core Networking Skills • Routing Protocols: EIGRP, OSPF, BGP,MPLS • Firewall : Cisco ASA, Cisco Pix , Paloalto, Check point • Switches: Cat 6500,3600,& Nexus models like 7K, 5K ,9k and 2K series. • Routers: ASR1000 series and ISR Routers • Tools : Splunk, Source fire,Nexpose,Websense,STIG, Service Now, Solar winds, Netscout, Cisco Prime, Tufin secure track & change, Cisco ACS, Cisco ISE • Load Balancers : F5 , CSS, Kemp • Voip : QOS, Voice vlan • Knowledge in DMVPN • Wireless: 5000 series controller and 3500 series access point • Knowledge in DHCP, DNS, Multicast • Good knowledge of PXE for remote boot and ILO configuration and management • Capable of handling Switching Configuration like Vlan, Trunking, VTP, STP, RSTP, Port- Security, HSRP, VRRP, GLBP • Involved in configuring Cisco Access Points and WLAN controllers. • Maintained configuration backups for all network and security devices in periodic intervals. • Involved in various features & services HSRP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management. • Experience in Visio diagrams Education • Completed Bachelors of Engineering (B.E)* in Electronics and Communication. Professional Experience AIMCO, DENVER, CO, USA Jan 2017 – till date Senior Network Security and Data center Engineer Responsibilities: • Providing level-3 network administration including Installation, configuration and troubleshooting of network devices (Routers, Switches, and Firewalls). • Configuration of VPC, VDC on Nexus 2k/3k/5k/7k/9k • VRF Implementation and configuration. Page 1 of 8
- 2. • Replacing the existing Cisco 6500 switches with Cisco Nexus 5K in the data center environment. • Participating in Cisco ASA to Palo Alto firewall migration. • Maintenance and management of Nexus 7010 core switches and installation of new Nexus 5548UP and 2248 as Fabric extender for server access. • Configured 7010's with multiple VDC's running EIGRP for route propagation between them. Installed dual router/dual MPLS. • Maintenance and upgrades on Cisco 6500, 4500 and 3700 series switches to provide redundant network. • Installation and upgrading of network infrastructure that reached End of Life • Site to Site VPN, DMVPN configurations in coordination with ISP AT&T and Verizon • Implementation of IOS & Bandwidth upgrades. • QOS configured for VOIP phones and critical application. • Designing and implementing new server silos in DMZ for Web servers, Mail servers & FTP Servers and configuration of security policies using Cisco ASA 5500 Firewalls. • Migration of sites from frame relay to EIGRP routing. • Implementing F5 load balancer for critical applications. • Implementation of F5 includes configuration/creation of Network Element, Pool, pool members and virtual server. • Implementation of OSPF with BGP during migrations and new connectivity. • CSU/DSU loop testing in examining WAN link issues by implementing hardware and software loops. • Performing Incident Management responsibilities which includes troubleshooting and restoration of services by joining in SRT and working with vendors and documenting troubleshoot steps and RFO. • Opening trouble tickets (TAC) and Smartnet with Cisco for new product orders, device diagnostics and hardware/insurance. • Network security involves web filtering on internet sites (User's restriction) using Palo Alto and checkpoint Firewalls. • Configuring and implementing F5 BIG-IP GTM and LTM load balancers to balance global and local traffic balance. • Implementing routing, ACL's with ISP using OSPF and BGP. • Performing migrations and implemented many projects which gave Best Technical expert certificate. • Documenting F5 logs and sending to weekly report to management. • Configuration of CISCO routers and switches shipping them to respective locations. • Configuration of MAC address, VLAN's on switches and registers as per client's request. • Configuring Cisco WLC for the sake of customer mobility. • Checking the WAN performance and utilization in SOLAR WINDS and also packet path using wire shark. • Participating in network migrations with change management teams. • Advising clients to improve their network performance. • Designing and maintenance of client's network architecture using VISIO and in asset center data management. • F5 LTM for local traffic load balancing, and GTM for balancing Global DNS traffic. • Documentation of all the work done in MS Excel and word. • Train new joiners and to attend training's as per company and client's requirements. Wisconsin Department Of Justice. Madison, WI, USA January 2016 – Jan 2017 Senior Network Security Analyst Responsibilities:
- 3. Dwaraganath VJ Senior Network Security Engineer Phone: +1 224 303 5491 Email ID: [email protected] • Responsible for Crossroads roll out of LAN/WAN, DMVPN problem determination and diagnosis, provide project leadership • Implementing, configuring, and troubleshooting various routing protocols like EIGRP, OSPF, and BGP, MPLS • Responsible for maintaining and ensuring the proper functioning of all network devices (Routers/switches, Cisco Routers/Switches, Cisco ASA firewalls, and load balancers (LTM)). • Troubleshooting, problem determination, diagnosis of performance issues, bandwidth issues, throughput traffic prioritization to improve overall application response time cross WAN with local IT personnel on t. • Participating in the design and planning aspects of the network infrastructure that installed in the new building. • Configuration and installation of LAN switches and wireless network infrastructure equipment and cabling all uplink and user network connections. • Participating in testing of the internal network infrastructure in the new building, and troubleshooting any issues. • Deployed QOS for VOIP phones • Deployed Cisco Catalyst 6500, 4500, 4000, 3750, 3850, 3560 switches • Installed and monitored extreme networks 7100 stackable switches. • Indepth knowledge in analyzing splunk logs • Deployed and configured Cisco ASR 1000, 7000, 9000 series routers • Also worked with Extreme networks wireless devices like Access points AP3705, AP3610. • Configured session persistence and web services. • Installed Cisco 2500 and 5800 Series Wireless Controllers and Access Points • Design and configuring of OSPF, BGP on ASR Routers • Design and configured of OTV using ASR routers • Security policy review and configuration in Palo Alto and Cisco ASA Firewall in US offices and Datacenter. • Configured Multiprotocol Label Switching (MPLS) VPN with Routing Information Protocol (RIP) on the customer's stage. • Worked and performed troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP ability to interpret and resolve complex route table problems. • Experience with Security- Firewalls, NAT / PAT, IPSEC, S2S. • Experience with STP , RTSP and FTP, DNS, HTTP, DHCP • Experience in DMVPN deployments for branch network • Worked with ITIL (Information and technology information library ) for managing our services. • Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server. • Configured and perform trouble shooting on Dell Power Connect Switch 5548 used to connect VM Servers and Flex Systems. • In-depth expertise in the implementation, optimization, troubleshooting and documentation of LAN/WAN networking systems. • Worked on a broad range of topics such as proactive monitoring and maintenance, disaster recovery exercises, and core network repairs • Worked independently, meted deadlines provided detailed written status reports, documentation, work on multiple simultaneous projects and track status and progress on each. Client: W.W. Grainger – IL, USA July 2013 – Jan 2016 Senior Network Security Engineer Responsibilities: Page 3 of 8
- 4. • Implementing, configuring, and troubleshooting various routing protocols like EIGRP, OSPF, and BGP, MPLS • Managed the Internet and intranet firewalls (Cisco ASA 5520 and 5550), F5, ASM. • Transitioning the new changes in connectivity of the project to validate under NOC support Model. • Coordinated with centralized helpdesk for any issues reported and working towards resolution for the incidents. • Under Infrastructure resiliency flavor in the team, involved in bridging configuration gaps as per the Grainger Standards, so that Hardware Level Resiliency has been achieved. • Transitioning the new changes in connectivity of the project to validate under NOC support Model. • Involved in Capatity Management to check Bandwidth availability and coordinating with teams to upgrade circuits when required. • Involved in Problem Management to provide RCA analysis on Priority 1 calls. • Involved in Incident Management, as entire support is based on ticketing system by Grainger • Involved in design and implementing of new facilities and new projects. • Configured switch-ports security, VLANs on Cisco Catalyst 6509 and 3750 switches • Managed Cisco PIX firewall for ACL and VPN. • Created and maintained topological changes for Test Labs, Data Center and Switch port assignment in Visio. • Backup, restoring and upgrading the Router and switch IOS. • Document all changes, upgrades, maintenance, procedures. • Facilitate the end-to-end connectivity implementation. Target Corporation – MN, USA May 2012 – July 2013 Senior Network Security Engineer Responsibilities: • Monitoring and troubleshooting network infrastructure in NOC • Cisco Nexus 7k,5k,2K Datacenter switches Implementation and configuration. • Implementing, configuring, and troubleshooting various routing protocols like EIGRP, OSPF, and BGP, MPLS • Configured various Routing protocols such as OSPF, EIGRP, static routing. • Provided configuration of STP and Port Security on Catalyst 6500 switches. • Configured QOS parameters in Nexus 9k (9500) Switches. • Performed redistribution with OSPF, EIGRP to enable communication with backbone. • Managed the Cisco network infrastructure using Cisco Prime. • Implementing and troubleshooting WEP WPA2 wireless security protocols • Worked with Ixia XR 2000 Devices for in-band and out-band management. • Worked extensively on Cisco ASA 5500 (5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution. • Troubleshooting BGP complex routing issues in a large scale ISP network. • Responsible for implementation of MPLS based VPNs for various enterprise Customers. • Configured, installed and deployed Nexus 7K switches at the core and distribution levels. • Implemented routing protocols such as OSPF for the new network. Involved in L2/L3 Switching Technology administration including creating and managing VLANs, VTP, Dot1Q, Port security, Trunking, Etherchannel, STP, SVI, LAN security. • Created ACLS based on certain requirements at the client side to access the internal network and the internet. • Configuration Implementation & Troubleshooting of Checkpoint Firewall ( R77). • Configuration of Static NAT and Hide NAT in Checkpoint Firewall. • Configuring and Management IPsec VPN in Checkpoint Firewall. • Monitoring and Troubleshoot IPS/IDS and common network traffic.
- 5. Dwaraganath VJ Senior Network Security Engineer Phone: +1 224 303 5491 Email ID: [email protected] • Create Firewall Policy rule base in smart dashboard and assign permission. • URL and Application Filtering configuration in Checkpoint. • Anti-spoofing configuration in Checkpoint. • Having Knowledge of Cluster, High Availability, Active - Active, Active - Stand by on checkpoint. • Backup & Restore of configuration of Checkpoint. • Basic Configuration of CISCO ASA Firewall, Interface Configurations and ACL. • Configure site to site IPsec & Remote access VPN (Client mode & Hardware mode) SSL VPN (Client less & any connect) on Cisco ASA Firewalls. • Having knowledge of Static NAT, Dynamic NAT and Dynamic PAT in CISCO ASA Firewall. • Creating and Implementing ACL in Cisco Router. • Working on the regular ticket, Incidents. • Responsible for securing the organization network security. • Sound Knowledge of LAN/WAN Technologies: STP, RSTP, VLAN, Inter VLAN, VTP, Ether channel/port channel. • Configuration of Aruba WIFI access points (IAP). • •Configuring UTM- Site to site VPN, Web Filtering, Content filtering, application Filtering, Policies, Antivirus General Motors – Michigan,USA Senior Network Security Engineer April2012 – May 2012 (Onsite- Warren, Michigan) April 2011 to April 2012 (Offshore- Chennai, India) Responsibilities: • Responsible for implementing, supporting, and maintaining 24x7 network services. • Coordinated efforts with Engineer's to ensure all network devices conformed to defined network standards. • Designing and Configuration of Corporate network which include configuration network Equipment such as Cisco ASA Firewall, network Switches and Router. • Designed, configured and implemented HSRP, BGP, EIGRP, OSPF, and MPLS WAN in multi- protocol network environment. • Built LAN/ WAN TCP/IP network comprised of Cisco Switches (6500, 7000, 3750, 3500, and 2900) • Developed an optimum IP Addressing schemes, VLAN tables, and network documentation and diagrams (Visio) • Hands on experience on subnetting and VLSM, STP, VTP, VLAN trunking. • Troubleshooting on all Cisco IOS and Catalyst switches on the network which included but was not limited to; 3700, 7200 and 7500 series routers and catalyst 6513 and 6509 switches. • Monitored network traffic via network monitoring tools and sniffers in an attempt to troubleshoot network outages and intrusions by tracing their origin and destination. • Installation, configuration and maintenance of Palo Alto, Cisco ASA 5500, Juniper SRX and ISG Firewalls • Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology. • Implemented, configured redundancy protocols HSRP, VRRP, GLBP for Default Gateway Redundancy. • Performing network monitoring, providing analysis using various tools like Wireshark, Solar winds, Cisco Prime within environment. • Responsible for Cisco ASA Firewall administration, rule analysis & modification • Configured and Implemented Site-to-Site VPNs at branch sites. • Configured and implemented Remote Access VPN using Cisco's VPN client via IPSEC. • Worked on F5 and CSM load balancers deploying many load balancing techniques with multiple components for efficient performance. • Installation, configuration and maintenance of Cisco Routers like 3600, 7200 and juniper mx series. Page 5 of 8
- 6. • Had hands on VoIP systems employ session control and signaling protocols to control the signaling, set-up, and tear-down of calls • Working on Active Directory to add users to new groups and change user's policies • Working on IPS and IDS (source fire) • Preparing document manuals for the new work procedure, keeping records of work done and updating work logs and trackers. Electro-Motive Diesels Inc., March 2009 – March 2011 (Offshore India) Senior Network Security Engineer • Hands on experience in configuring site-to-site VPN with IPSEC • Experienced in installing and troubleshooting data circuit problems (MPLS, T1). • Implementing VoIP solutions using SIP & H.323, also knowledge of Avaya VoIP product. • Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks. • Configured RIP, EIGRP, OSPF, BGP routing and IP access filter policies. • Worked on the upgrades on Cisco Routers during production maintenance windows. • Configured and managed OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding and configured OSPF over frame relay networks. • Maintained TACACS+ and RADIUS servers for AAA and user authentication. • Configured PVSTP+ for loop prevention and VTP for Inter-VLAN Routing. • Worked on Extensively on Cisco Firewalls ASA 5500(5510) Series. TCS – Internal project Network support February ‘2007– March ‘2009 (Offshore India) Senior Network Engineer Responsibilities: • Implemented and delivered services to our customers and partners on a variety of platforms and vendors, including Cisco and F5 • Configured and optimization settings of Riverbed. • Troubleshooting of Cisco 2900, 3900, 6500, 7500, 7200, ASR 1000 Series routers. • Configured static NAT, dynamic NAT, dynamic NAT overloading. • Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server. • Responsible for implementing, supporting, and maintaining 24x7 network services. • Coordinated efforts with Engineer's to ensure all network devices conformed to defined network standards. • Monitoring and troubleshooting network infrastructure in NOC • Configured various Routing protocols such as OSPF, EIGRP, static routing. • Provided configuration of STP and Port Security on Catalyst 6500 switches. • Deploying and upgrading of 802.11B/G/NAC Wi-Fi in both the 2.4 and 5 GHz frequencies • Knowledgeable in application transport and network infrastructure protocols (SSL, DNS, DHCP, WINS, NTP, FTP, HTTP, SMTP,LDAP) • Troubleshooting of Cisco 2800, 2900, 3900, 7200, 7600, ASR 1000 Series routers. Satyam Computer Service October 2004 - February 2007 Network Engineer
- 7. Dwaraganath VJ Senior Network Security Engineer Phone: +1 224 303 5491 Email ID: [email protected] Responsibilities: • Designed, Implemented and configured HSRP on different location of office on the switched Network and Managed the Entire multi layer switched network. • Experience with Checkpoint Firewall policy provisioning. • Configured and Maintained the Local Network using 2900, 6500 series Switches and 2800 series Routers. • Configured and installed the 3600 series Router. • Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewall 5505. • Configured Protocol Handling, Object Grouping and NAT on ASA Firewalls (5505). • Configured Firewall logging, DMZs and related security policies and monitoring. Financial Software and Systems(FSS) July 2004 - September 2004 Network Administrator Responsibilities: • Involved in Installing and Configuring a Cisco/Microsoft secure ACS server for AAA authentication (RADIUS/TACACS+). • Troubleshoot latency and throughput issues on MPLS and Dedicated Internet Access circuits. • Provide high level technical support, including identifying and resolving problems on Cisco supported products for e-Commerce infrastructure. This included external routing and internal/intranet routing for DMZ servers. • Implemented cable multi-service operator (MSO) to capture traditional Telco subscribers with IP telephony and provide relevant QOS. • Configured EIGRP, BGP, and MPLS. • Configured Firewall, QOS by SDM and provide security by Prefix list, Access- List and by Distribution List. • Moved Core switches and several non-Cisco devices under strict deadlines to maintain network functionality • Implemented new ultra-secure networks in multiple data centers that included Cisco, Juniper security devices. • Designed VLAN's and set up both L2 and L3 logical to have it communicate to the Enterprise network. Wipro Authorized Franchisee October 2003 - July 2004(Offshore India) Network Administrator Responsibilities: • Configured EIGRP, BGP, and MPLS. • Configured Firewall, QOS by SDM and provide security by Prefix list, Access- List and by Distribution List. • Moved Core switches and several non-Cisco devices under strict deadlines to maintain network functionality • Implemented new ultra-secure networks in multiple data centers that included Cisco, Juniper security devices. • Designed VLAN's and set up both L2 and L3 logical to have it communicate to the Enterprise network. Page 7 of 8
- 8. DNC communication May 2000 – October 2003 Project Manager Responsibilities: • Responsible for implementing, supporting, and maintaining 24x7 ING VYSYA BANK network services. • Coordinated efforts with Engineer's to ensure all network devices conformed to defined network standards. • Designing and Configuration of Corporate network which include configuration network Equipment such as Cisco Switches and Router. • Designed, configured and implemented HSRP, BGP, EIGRP, OSPF, and MPLS WAN in multi- protocol network environment. • Built LAN/ WAN TCP/IP network comprised of Cisco Switches (6500, 7000, 3750, 3500, and 2900) • Developed an optimum IP Addressing schemes, VLAN tables, and network documentation and diagrams (Visio) • Hands on experience on subnetting and VLSM, STP, VTP, VLAN trunking. • Troubleshooting on all Cisco IOS and Catalyst switches on the network which included but was not limited to; 3700, 7200 and 7500 series routers and catalyst 6513 and 6509 switches. • Monitored network traffic via network monitoring tools and sniffers in an attempt to troubleshoot network outages and intrusions by tracing their origin and destination.