VINOJ__Security_admin

advertisement
VINOJ
Sr. Network Security Engineer
Summary:
 Over 7+ years of Experience in planning, designing and implementing in the field of Data
Communications and Networking.
 Experience in installing, configuring and troubleshooting of Checkpoint Firewall.
 Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and
Smart View Tracker applications.
 Experience in Implementing Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75,
R77.
 Worked on Juniper Net screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and
Cisco PIX 535, 520, 515, ASA -5500 and 5505.
 Experience in Configuring Checkpoint Clusters with Nokia IPSO and GAIA OS.
 Check Point Enterprise Firewall and End-Point Infrastructure Design and Deployment in large and
branch office networks.
 Global Provider-1 Deployment and Smart Centre consolidation.
 Hands-on configuration and operational experience working on Juniper (SSG&ISG), SRX, Checkpoint
Firewalls( Nat policies, VPN Configurations, policies) in both standalone and HA mode.
 Security experience in deploying VPN Solutions like IPSec (site-site and client-site) & SSL VPN
implemented across multiple vendors.
 Experience in authentication protocols PAP, CHAP, 802.1x and Port Security and Configuring Security
policies including NAT, PAT, VPN, Route-maps, prefix lists and Access Control Lists.
 Managed and deployed Cisco PIX and ASA firewalls. Designed and implemented various project with
Cisco PIX firewall. Extensively worked on Cisco PIX 506/515E and 525.
 Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP,
IGRP, EIGRP BGP etc.

Experience in Deployed Check Point Provider-1 NGX and configured CMAs
 Experience in Configuring Client-to-Site VPN using SSL Client on Cisco ASA 5520.
 Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls.
 Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500 ,3700 series, 6500
series)
 Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800,
1700, 800)
 Knowledge on Nexus 7000, Nexus 5000 and Nexus 2000 switches.
 Expertise in maintaining stable STP topology using protocols such as Port fast, BPDU guard, root guard
and UDLD.
 Good knowledge about spoofing attacks and mitigating them using DHCP snooping, IP source guard.
 Experience in implementing and troubleshooting layer 2 technologies such as VLAN Trunks, VTP, and
Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway
Redundancy.
 Experience in testing checkpoint and other FWM in laboratory and deploy them on site production.
 Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating, authentication
controls (Radius, TACAACS+)
 Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG
IP LTM & GTM
 Experience in implementing F5 LTM and A10 acos load-balancers,virtual server configuration, irules,
managing ssl certificates(SHA1 and SHA2), client based authentication using ssl certificates
 Experience in Deploying and configuring F5 LTM, GTM, 6440, 8990, 9000 using TMSH V10.X-11.5.X
and Bigpipe CLI.
 Experience working on network monitoring tools like, SOLAR WINDS, CISCO works, Wireshark and
splunk.
 Excellent in documentation and updating client’s network documentation using VISIO.
 Highly motivated with the ability to work independently or as an integral part of a team and Committed
to highest levels of professional.
Technical Skills:
Protocols
LAN Technologies
WAN Technologies
Network Products
Security & VPN
Monitoring Tools
Operating Systems
Scripting Language
Firewalls
RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP,
DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WLAN, 802.11/802.11e.
HSRP, VLAN, STP, VTP, Ether Channel, Trunks.
Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, Metro Ethernet.
CISCO Routers 1700, 1800, 2500, 2600, 2800. CISCO High End Router 3600,
3800, 7200, 12010. CISCO Switches 1900, 2950, 2960. CISCO Campus Switches
3550XL, 4984 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507.
PIX 500 Firewall, ASA 5505 Firewall, FWSM,, CISCO CSM, ACL- Access Control
List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, RSA SecureID, SRX,SSG
series firewalls.
Wireshark, Nmap, Nessus, OpManager, PRTG Packet Sniffer
Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 server, Windows
XP/7, LINUX, Solaris, Red Hat, Active Directory, UNIX,junos.
C, Perl, HTML
Check Point Nokia Firewalls IP350,IP550 & IP750, Juniper Netscreen, Firewalls ISG
1000/2000, Cisco PIX 505/515E/525 & ASA 5500 Series
Professional Certifications:
 Cisco Certified Network Associate (CCNA)
 Cisco Certified Network Professional (CCNP)
Professional Experience:
Cummins, Indianapolis, IN
Sr. Network Security Engineer
(April 2014 – Present)
 Analyzing firewall change requests and integrating changes into existing firewall policies while
maintaining security standards.
 Production support for major firewall platforms to include Cisco ASA and Check Point NGX implemented
on Secure Platform (SPLAT) and expert-level network.
 Successfully completed various projects in upgrading Checkpoint firewalls from R65 to 75.40, R75.47,
R77 and implemented IPS policies.
 Responsible for Cisco ASA firewall administration across our global networks.
 Responsible for configuration and upgrading of Checkpoint, Juniper firewalls ac on regular basis.
Assisting in configuration of Multi-Domain Security P-1 server and consolidation of CMA's
 Establishing VPN tunnels using IPSec encryption standards and also configured and implemented siteto-site VPN, Remote VPN
 Troubleshoot network access problems, Strong TCP/IP understanding, Debugging Check Point Firewall
and Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route
Maps.
 Implementation and configuration of ASA 5520 in failover along with the CSC module as per the
customer requirement
 Worked on AIP-SSM and CSC-SSM modules on ASA.
 Worked on ASA-botnet filter.
 Configured Cisco Nexus switches 7000, 5000, 2000 series.
 Worked with ongoing management and supported network infrastructure in a large environment.
 Configured and set up of Juniper SRX firewalls for policy mgmt. and Juniper SSL VPN's
 Responsible for configuration and upgrading of Checkpoint, Juniper firewalls across the enterprise.
Assisting in configuration of Multi-Domain Security P-1 server and consolidation of CMA's
 Configured Checkpoint Firewall as Standard and Distribution deployment to have the network secure
and also maintaining Site to Site VPN Connection through the Firewalls. Handling 8 to 10 gateways
using a Smart Center Server as a management Station
 Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management, and reporting
tools Orion and Algosec
 Worked on LTM Inbound SNAT configurations and outbound NAT server to IP mapping.
 Created VDC’s and vPC’s and ensure that those vPC’s are formed between VDC’s.
 Created vPC’s between downstream devices between core and Aggregation Switches and between
Aggregation and Fabric Interconnect.
 Analyzing situations assess risk and determine appropriate actions necessary to complete requests or
support the infrastructure.
 Performed PCI/SOX audits on firewall rule bases with compliance team.
 Worked on Upgrading F5 LTM TMOS v11.3 -11.5.1 HF8.



Worked on configuring /modifying load balancing options & features to include One Connect,
Persistence, SSL offload functions, HTTP profiles, etc. Virtual servers, POOLs, TCP profiles, updating
and renewing SSL certificates with SAN certs as required and applying standard iRules as needed.
Experienced with open source network attack tools, network probe and mapping tools, network
protocols, automated vulnerability scanners, and network traffic routing.
Provide 24/7 support and documenting network Security designs and Microsoft Visio diagrams.
Ascena Retail, Columbus, OH
Sr. Network Security Engineer
(August 2013 – March 2014)
 To ensure that the day-to-day Security Operations runs smooth. Change management and 3rd level
Incident management being the primary responsibility, participate directly as well as take escalations
from the team members as and when required.
 Change Management: Need to make sure that all the change designs and implementations are
completed and tested as per the schedule required by the customers.
 Migrated to R70.1 in various Checkpoint IP series appliances from R65, and building the new Smart
Center server.
 Rule base verification and migration
 Configuring the gateways in a HA cluster and clusterXL using a single virtual IP address
 Monitoring the HA state constantly using the smart dashboard and cphaprob state command.
 Worked on checkpoint UTM1, VPN1 and activating blade licenses to be used as Intrusion prevention
and antivirus appliance.
 Implementation and configuration of ASA 5520 in failover with site site-to-site VPN and RA VPN
 Implemented clientless ssl vpn on ASA 5500-x platforms
 Worked on ASA and ASDM configuring the ACL’s and monitoring.
 Worked on ASA routed mode and transparent mode
 Worked on ASA 5500-x platform configuring the web, ssl, anyconnect VPN’s.
 Configured and troubleshoot Cisco PIX, ASA, FWSM, ACE, Nexus 1000v, and Juniper platforms in a
multi-tenant infrastructure.
 Deployed BIG IP 8900 provisioning with LTM and GTM Modules.
 Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 8900 series
 Configuring & managing around 500+ Network & Security Devices that includes Juniper (Net Screen)
Firewalls, F5 BigIP Load balancers and 3DNS, Blue Coat Proxies and Plug Proxies.
 Handling SSL offloading issues, HTTP monitors, and DNS allocation for the newly built applications.
 Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP
header modification.
 Creating Wide IPs with various load balancing methods like, Global Availability, Topology and Round
Robin.
 Deployed LTMs and GTMs in DMZ environments with FIPS solutions.
 Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign certificates. Also,
renewing certificates to ensure the security of websites.
 Created HSRP between Switches with various priorities.
 Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and
Juniper Netscreen firewalls.
 Involved in Configuring and implementing of Composite Network models consists of Cisco
7600,2600,3800 series routers and Cisco 2950, 3500,5000, 6500 Series switches.
 Create vPC domain, design double-sided vPC, design vPC peer-keepalive, vPC peer- link, and vPC
member port, and configure single and dual home fex.
 Clean up all legacy devices and insure all systems in the environment have been cleaned up.
 Measure the application performances across the MPLS cloud through various routing and switching
methods.
 Implementation of HSRP, DHCP, DNS, FTP, TFTP, MRTG
 Designed, developed, maintained and supported wired and wireless networks.
 Configured L3 protocols (IP, BGP, OSPF, EIGRP, IGRP, RIP, ISIS), redistribution, summarization,
Filtration (using distribute list, route map, prefix list, access list).
Morrisons Management, Atlanta, GA
Network operations engineer
(May 2012 – July 2013)

Maintaining mission-critical networks and ensuring the IT operations of the customers to be
uninterrupted.


























Responsible for day to day Operation management of Cisco Devices, Traffic management and
monitoring.
Helpdesk Management with the help of call management system, to ensure the support being provided
by the support engineers meets the end-user needs.
Interaction with vendors and service providers ensuring that hardware or software problems were deal
with efficiently and effectively, with a minimal downtime.
Monitoring, testing and verifying for any backdoors or loopholes in the running mission.
Migrated Firewall infrastructure from Check Point R65 to Netscreen ISG2000.
Implement the firewall rules using Netscreen manager (NSM).
Manage the Netscreen SSG550 and ISG1000 and 2000 firewalls with the NSM.
Design the firewalls changes using various NAT types in Netscreen firewalls like, MIP, VIP etc.
Setup the IPSec VPNs with the third party clients to allow the access to data feeds in the Corporate
network
MPLS Circuits implementation between the different sites.
Implemented VLAN’s with Spanning tree and HSRP for redundant paths.
Installed and configured Cisco ASA firewalls.
Planned and implemented various security projects including (Intrusion Detection Systems
deployment, network monitoring, and network architecture).
Implement Cisco Secure Access Control Server (ACS) for TACACS+.
Implementation of F5 Load balancers.
Configured IPsec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800
Router/ Microsoft VPN Server in order to access certain limited network resources from customer
locations.
Deploying VPNs (hands-on) to provide remote users with network access connect geographically
separated branches into a unified network & enable the remote use of applications that rely on internal
servers.
Worked on Checkpoint Firewall policy provisioning
Involved in Firewall Administration, Rule Analysis, and Rule Modification.
Troubleshoot traffic passing managed firewalls via logs and packet captures.
Configured and resolved various OSPF issues in an OSPF multi area environment.
Layer 2 switching technology architecture, implementation and operations including L2 and L3 switching
and related functionality. This includes the use of VLANS, STP, VTP and their functions as they relate
to networking infrastructure requirements including internal and external treatment, configuration and
security.
Worked with Checkpoint FW1 NG, PIX, and Netscreen firewalls.
Reproduced customer problems in the lab, “Root Cause” analysis of problems & verification of the
solutions in that lab Performed packet level analysis tools to quickly solve and correct network problems.
Monitoring Network infrastructure using SNMP tools like HP Openview.
Network Packet Analyzer tools using Ethereal Airmagnet for wireless network.
Genzyme Corporation, Framingham, MA
Network Engineer
(January 2011 – May 2012)
 Configuration and Administration of Cisco and Juniper Routers and Switches.
 Configuring RIP, OSPF, EIGRP BGP, MPLS, QOS, ATM and Frame Relay.
 Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN
and associates network protocols and services.
 Configuring VLANs and implementing inter VLAN routing.
 Upgrading and troubleshooting Cisco IOS to the Cisco Switches and routers.
 Configure and troubleshoot Juniper EX series switches and routers.
 Configuring Site to Site to VPN connectivity.
 Configuring and troubleshooting Dell, HP, servers in Data Center.
 Implementation of HSRP, IPSec, Static Route, IPSEC over GRE, Dynamic routing,
DHCP,DNS,FTP.TFTP,RAS
 Involved in configuring Cisco Net flow for network performance and monitoring.
 Involved in configuration of Cisco 6500 switches
 Configuring IPSLA monitor to track the different IP route when disaster occurs.
 Involved in Implementing, planning and preparing disaster recovery.
 Involved in configuring Juniper SSG-140.
 Involved in configuring Cisco pix firewall.
 Involved in configuring checkpoint firewall.














Involved smart view tracker to check the firewall traffic Troubleshooting hardware and network related
problems.
Configuration and Installation of Cisco firewalls Pix and ASA (PIX 510, 515E, 525 and ASA 5520, 5540).
Configuration and Installation of Firewall Service Module in 6500 switches.
Implement firewall policy changes after the appropriate review and approval process has been
completed.
Create end-user VPN account with appropriate access after appropriate approval has been issued.
Monitor traffic and access logs in order to troubleshoot network access issues;
Upgrade firewalls in accordance with change management procedures.
Gather information for specific technologies as to function and deployment configurations.
Write technical documents describing implemented technologies and architecture.
Create suggested solutions for technical problems or Make all changes in accordance with change
management procedures.
Experience with Solsoft Policy Server for shared services.
Customer call log update through Remedy Software.
VPN Configuration between Site-to-Site and Site-to-Remote.
Experience with BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system
(IDS).
IWS, Hyderabad, India
Network security
(October 2009 – December 2010)
 Checkpoint Firewall configuration and Maintenance Support of state network firewalls and end-user
Virtual Private Network (VPN).
 Evaluate Agency requests for changes to firewall policy to determine technical feasibility and to
determine where to deploy the policies in the state's firewall infrastructure.
 Configuration and Installation of Cisco firewalls PIX 501 and ASA 5520.
 Configuration and Installation of Cisco Routers 3845.
 Configuration and Installation of Cisco Switches 3560G and 2960G.
 VLANS, STP configuration in Cisco 2960G
 HSRP Configuration implemented in Cisco 3560G.
 MPLS configuration in Cisco 3845 for L3 Circuits.
 Create end-user VPN account with appropriate access after appropriate approval has been issued.
 Monitor traffic and access logs in order to troubleshoot network access issues.
 Cisco IOS Architecture for Cisco 3845 router, Cisco 3560 and ASA 5520.
 Gather information for specific technologies as to function and deployment configurations.
 Write technical documents describing implemented technologies and architecture.
 Provides consultation to business area management and staff at the highest technical level for all
aspects of LAN/WAN design and configuration in multi-server environment.
 VPN Configuration between Site-to-Site and Site-to-Remote.
 Implemented firewall policy changes after the appropriate review and approval process has been
completed.
 Monitoring Network infrastructure using Cisco Network Assistant.
Axis Bank, Hyderabad, India
Network Technician
(February 2008 – September 2009)
 Maintenance responsibilities included software & hardware installation & configuration
 Maintaining and creating login credentials, privacy settings and user privileges for the employees in the
company.
 Replacement of the older routes and switches with new routers and switches with the configuration set
up.
 Assigned a task to set up their LAN. Worked on the entire project from cabling to IP addressing
assignment.
 Configured 2600 series routers with OSPF protocol.
 Configured and maintained Cisco 2500, 4000, 7000 and 7500 Series Routers as well as Catalyst 5000
and 5500 Series switches
 VLAN Configuration to different applications with RSTP, STP, VTP.
 Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet
channel between switches.








Performed troubleshooting tasks on Routing and switching and isolated the problem and finding the
cause.
LAN/WAN hardware including, Ethernet Hubs, Cisco Switches, switch panel’s installation, configuration
and troubleshooting, Frame-Relay configured support.
Routing related tasks included providing cisco router configuration and change management, providing
technical support for Cisco Router configurations and installation for Customer. Configuring IP RIP,
EIGRP, OSPF and BGP.
Redistributing from OSPF to RIP and vice versa by implementing hub and spoke topology with a Frame
Relay Switch in between
Troubleshoot TCP/IP problems; troubleshoot connectivity issues in multi protocol Ethernet,
Environment.
Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution,
Overlapping Address Translation.
Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
Education:
 Bachelors of Engineering in Electronics and Communication Engineering from Anna University, India.
Download