| Network security Engineer profile for consideration at Remote, Remote, USA |
| Email: [email protected] |
| Candidate Name : Ashraf Hussain Job Title : Network security Engineer Primary Skills : Network security, cloud security, application security testing, and firewall management Total Years of Experience : 9+ Years Work Authorization Status : GC Located at : Albany, NewYork Open to Relocate : Yes Here s the resume sample for your review. If you re interested in a copy or have any questions, please feel free to get in touch! Objective Proactive and detail-oriented Security Engineer with a strong foundation of hands-on expertise in managing and optimizing complex LAN/WAN networks, implementing advanced routing and switching protocols (BGP, OSPF), and deploying high-performance Meraki WiFi and F5 Load Balancer solutions. Proven track record in enhancing network reliability, ensuring high availability, and optimizing traffic distribution for improved network performance. Experience in troubleshooting, implementing, optimizing, and maintaining security infrastructure, and enterprise data network and service provider systems with Symantec tools. Conducted a comprehensive penetration test for a large-scale web application, identifying vulnerabilities such as XSS, SQL injection, and insecure authentication mechanisms. Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM. Experience with Symantec DLP web security gateway to provide security for outbound web content. Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support. Developed an automated security testing framework for RESTful APIs, integrating SAST and DAST tools to continuously identify and report vulnerabilities. Increased the overall security coverage of APIs by X%, reducing the number of high-severity security issues in production. Cloud Security Posture Management Designed and implemented a cloud security monitoring system for an AWS environment using security tools like AWS Inspector, Guard Duty, and CloudTrail to detect and remediate potential vulnerabilities. Reduced the attack surface by automating security group audits and enforcing least-privilege IAM policies. Hands on experience on Firewalls, Nessus Vulnerability scanning tool, Host and Network Forensics, VPN, Troubleshooting Skills, Log Analysis and Review, Compliance Audit. Security Operations Engineer with hands-on experience in network and Security working on Firewalls, intrusion prevention systems, routers, and switches. Planning, Design, Implementation, and Troubleshooting of Checkpoint, Fortinet, and Palo Alto Firewalls in the network. Firewall Product line such as Fortinet / FortiGate, Check Point, and Palo Alto Firewalls. Experience with FortiGate Platforms 3000D, 1000D, 1200D, 3600C, 300E, 2000E, 1500D series Checkpoint Gaia OS R80.10,20,30, and R77.30. Experience in designing Firewall architecture including Zoning and implementing in a distributed environment. EDUCATION: Bachelor of Computer Science from University of JNTU-Hyderabad India 2013 Master s in information security and system From University of the Cumberland s Kentucky 2017 Technical Skills: Application Security Fundamentals: Strong grasp of secure coding practices, secure development lifecycles (SDLC), and best practices for application vulnerability management (OWASP Top 10, NIST). Web Application Security Testing: Proficient in manual and automated security testing of APIs, web services, and cloud environments using tools like Burp Suite, OWASP ZAP, and Postman. Routing and Switching: Cisco Nexus, BGP, OSPF, VLANs, Spanning Tree, HSRP Network Optimization: LAN/WAN management, high availability, network performance tuning Wireless Networks: Meraki WiFi design, deployment, and support Load Balancing: F5 LTM, GTM, traffic optimization, application delivery controllers Network Security: VPN, SSL, firewall security, Cisco ISE Monitoring & Troubleshooting: SolarWinds, Wireshark, SNMP, NetFlow Networking Hardware: Cisco Nexus, Meraki, F5 LTM/GTM, Palo Alto Firewalls Protocols: BGP, OSPF, RIP, EIGRP, MPLS, TCP/IP, DNS, DHCP Tools: SolarWinds, Wireshark, NetFlow, SNMP, Ansible Security: VPN, SSL, Cisco ISE, RADIUS, Zscaler SAST/DAST Technologies: Extensive experience with tools such as SonarQube, Veracode, Checkmarx, and other static and dynamic code analysis tools. Vulnerability Management: Expertise in end-to-end vulnerability lifecycle management, from discovery to remediation tracking and post-patch validation. Application Development: Development experience in Python, JavaScript, and other languages, with a focus on building secure applications. Cloud Security: Hands-on experience with securing cloud services (AWS, Azure) and identifying cloud-specific security issues. Customer Service & Collaboration: Skilled in working with security teams, development teams, and stakeholders to ensure security measures are implemented effectively. Incident Response & Threat Modeling: Experience in incident detection, response, and remediation, as well as conducting threat modeling and risk assessments. Documentation & Communication: Excellent verbal and written communication skills, with a focus on technical security documentation and presenting findings to both technical and non-technical stakeholders. PROFESSIONAL EXPERIENCE: Project: Best Buy Jan 22 - Present Title: Security Specialist Maintaining and executing Security-related projects according to the given timeline. Conducted web application security testing, identifying vulnerabilities in APIs, endpoints, and services using automated tools such as Burp Suite, OWASP ZAP, and custom scripts. Led the secure source code review process across multiple languages (e.g., Python, JavaScript, Java), uncovering security flaws like SQL Injection, XSS, and authentication issues, and recommending appropriate fixes to developers. Partnered with cross-functional security and development teams to resolve identified vulnerabilities, significantly reducing risk exposure by X% and improving overall security posture. Utilized SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) technologies, including SonarQube and Veracode, to assess code and running endpoints for security vulnerabilities. Configured and maintained Nexus switches, managing BGP and OSPF routing protocols to ensure optimal traffic flow across the enterprise network. LAN/WAN Optimization: Managed and optimized multi-site LAN/WAN networks, implementing high availability solutions that improved network uptime by 20%. Created a separate VLAN to isolate production and high-risk resources from internal and external threats. Meraki WiFi Solutions: Deployed and supported Meraki WiFi networks across multiple locations, ensuring seamless, secure wireless connectivity and reducing downtime by 15%. F5 Load Balancing: Implemented and maintained F5 LTM for traffic distribution, optimizing load balancing across servers, resulting in a 25% increase in application performance. Monitored network performance and security using various tools (SolarWinds, Wireshark), identifying and resolving issues before impacting operations. Managed DHCP, DNS and IP address thru Infoblox, and Admin for Internet sites access through Zscaler. Project: Experian Health Remote Apr 20 -Dec 21 Title: Application Delivery Controller Engineer Working on Ansible to automate the configuration of firewalls, including creating and managing firewall rules, defining access control lists, and configuring network security policies. Created and modified firewall rules using Ansible modules, manage firewall zones and interfaces using Ansible tasks. Provided Tier-2 and Tier-3 support for LAN/WAN issues across a global enterprise network, ensuring high availability and minimal downtime. Configured and troubleshooted Cisco routers and switches, implementing advanced routing and switching solutions (BGP, OSPF) for over 100+ clients. Assisted in the deployment and support of F5 LTM load balancers, optimizing server traffic to improve application performance and reliability. Worked closely with security teams to ensure proper firewall configuration and secure remote access solutions for enterprise clients. Support the Security Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. Performed hands-on troubleshooting of security-related issues in production environments, coordinating with operations teams to ensure timely resolution. Regularly documented security findings and presented them to stakeholders, improving overall visibility and actionability of security vulnerabilities. Worked closely with developers and network engineers to ensure secure deployment and maintenance of web applications, ensuring adherence to security guidelines. Project: Deutche Bank, Wilmington, DE Jan 18 Mar 20 Title: Network Engineer Configure / Troubleshoot CISCO 4300, 4500, 3800 series routers and 4500, 3800, 6500 series switches for LAN/WAN connectivity. Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks. Utilized Fore scout to ensure comprehensive visibility into connected devices within OT networks, enabling accurate asset inventory and monitoring. Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 Catalyst switches to Juniper Layer 3 EX4200 & EX3200 switches. Actively involved in Switching Technology Administration including creating and managing VLANS, Port security- 802.1x, Trucking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009. Implemented access controls and authentication mechanisms within NSO, enhancing the overall security posture of network services. Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP, MPLS Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 Catalyst switches to Juniper Layer 3 EX4200 & EX3200 switches. Responsible for managing Cisco routers, switches, HP switches, F5 load-balancers using SNMP MIBs for fault detection and for fault isolation. Design, implement and administer IPv4 enterprise network infrastructure utilizing Juniper routers like Juniper MX80, MX 480 and MX960. Administer Riverbed WAN Optimization appliances. Responsible for improved application response and effective utilization of network resources using Riverbed Appliances on classified networks. Design and implement Catalyst/ASA Firewall Service Module for various LAN s. Troubleshooting Cisco routers, APs, Switches, Fortinet Devices and Meraki appliances. Configured Remotely Cisco routers, switches, and ARUBA access points. Managed Aruba wireless access controllers and troubleshooting Aruba Access points. Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity. Integrate Microsoft active directory (LDAP) into checkpoint for identity awareness and user authentication. Configure and manage LDAP User management with Checkpoint Smart Directory. Implemented the policy rules and DMZ for multiple clients of the state on the Checkpoint firewall. Worked with several network engineers for the understanding of Juniper SRX firewalls along with the changeover to Palo Alto. Palo Alto Firewall Management-Panorama. Accomplished Network Engineer with extensive expertise in Palo Alto Networks solutions, serving as the designated Subject Matter Expert. Experience working with ASR 9000 series switches with IOS-XR. Involved in configuring Juniper SSG-140 and Check point firewall. Designed and implemented Zscaler Cloud Browser Isolation (CBI) policies to isolate and protect against web-based threats, such as malware, ransomware, and phishing attacks. Project: UBS BANK, Watsonville, CA Jan 15 Dec 17 Title: Network Engineer Assisted in troubleshooting LAN connectivity and hardware issues in the network of more than 1000 hosts. Studied and analyzed client requirements to provide solutions for network design, configuration, administration, and security. Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP. Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP. Monitor performance of network and servers to identify potential problems and bottleneck. Performed RIP & OSPF routing protocol administration. Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issue other responsibilities included documentation and support other teams Configured OSPF over frame relay networks for NBMA and point to multipoint strategies. Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF). Troubleshooting of Cisco 2800,2900, 3900, 7200, 7600, ASR9k, CRS, GSR 12k Series routers Implementing the necessary changes such as adding, moving, and changing as per the requirements of business lines in a data center environment. Configure BGP features such as as-override, Local pre, EBGP load sharing on client connections. Configured and resolved various OSPF issues in an OSPF multi area environment between multiple branch routers. Working with Fortinet Firewall to create policy, HA and monitor malicious traffic. Providing daily network support for national wide area network consisting of MPLS, VPN and point-to-point site. Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops. Configuring GLBP, VLAN Trucking 802.1Q, STP, Port security on Catalyst 6500 switches. Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path. Hand on experience the configuration and implementation of various Cisco Routers and L2 Switches. Designed and implemented VLAN using Cisco switch catalyst 1900, 2900, 5000 & 6000 series. Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms. Built site-to-site IPSec VPNs over Frame-relay & MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures. Thanks &Regards Mohd Shaibaz Bench Sales Recruiter [email protected] | +1 870-210-2088 Linkedin: linkedin.com/in/mohd-shaibaz-690a71299 This email is generated using CONREP software. A69789 Keywords: ffive hewlett packard green card California Delaware Network security Engineer profile for consideration [email protected] hotlist |
| [email protected] View all |
| Mon Oct 28 23:10:00 UTC 2024 |