Home

Junaid - Network Security Engineer

[email protected]

Location: Alice, Texas, USA

Relocation: yes

Visa: GC

CERTIFICATION: Certified Network Security Engineer - Palo Alto Network Certified Cisco CCNA Certified Cisco CCNP SUMMARY Over 8 years of Experienced Telecommunications and Network Professional working on medium to large scale environments, enterprise, and Data center networks. Highly motivated with the ability to work independently or as an integral part of a team and committed to highest levels of professional, Experience in Networking and Security domain which includes designing, Deployment and providing network support, installation, and Operation for a broad range of LAN / WAN Environment. In-depth knowledge and hands-on experience with Arista CVaaS and Spine/Leaf architectures, working with Arista switch models such as 7358X4, 720XP, 7050SX3, 7280CR3, 7280SR3, and 7280SR3K. Experience and basic understanding in network Automation using python and ansible to automate network configuration using playbooks and integrate various network tools using REST API. Proficient in AWS and Azure Cloud platforms and setting up connectivity and Security in the cloud. Worked with various teams in migrating applications from on premises to Cloud. Demonstrated mastery in managing network element operating systems, including EOS, NXOS, IOS, JUNOS. Implemented redundancy and failover mechanisms to enhance backbone connection reliability and minimize downtime. Experience working in complex environments which includes Layer 2 Switching, L3 routing, Network security with perimeter and VPN firewalls, Load balancing and Access policies management in F5/NetScaler. Experience in installing, configuring, and maintaining Cisco Switches (2960, 3500, 3750, 3850, 4500, and 6500) in enterprise Environment and Nexus 2k, 3k, 5k, 7k and 9k, CISCO ACI, Arista Cloude vision in Datacenter Environment. Worked on APM module with integration with RADIUS server and RSA secure ID for applications that require 2-factor authentications. Proficient with TCP/IP and relative OSI models. Knowledge of network protocols and applications including RADIUS, SNMP, SYSLOG, TACACS, DNS, DHCP, IPSec, NAT, ACLs. Excellent hands-on experience in designing and implementing IP addressing that includes both IPV4 and IPV6 Implementation of Access lists, route maps, and distribute lists. Working Experience in VMware ESX 5.x, VMware Workstation, VMware vCenter Server, Microsoft SharePoint, System Center 2012 R2, C . Experience in Cisco Firewall Implementation and Management, Cisco Identity Services Engine (ISE) Implementation. Hands on experience on several Ticketing Tools like JIRA, Change Management, Service Catalog, ePCR, SR, Remedy, IPcenter, etc., Working Experience on web content filter and gateways like Blue Coat, Websense. Working Experience on Network Scanning, Management, Alerting Logging tools like SolarWinds, IBM Net cool, Science Logic, Log Logic, EM7, Indeni, nCircle, PRTG, Wire shark. Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE. Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800, ASR 9k). Expertise in installing, configuring and troubleshooting Juniper Routers (E, J, M, and T-series). Managed the firewalls, proxy servers, site to site and B2B VPNs, client SSL and IPsec VPN gateways for 50 networks with 9000+ users and hundreds of public web apps. Palo Alto firewall policies, panorama and Checkpoint firewalls NG, NGX. Experience with convert Checkpoint VPN rules over to the Cisco ASA. Extensive knowledge in all Wi-Fi Standards including 802.11a, b, g, n, ac. Worked on installing of Cisco and Aruba Wireless Controllers. Worked on Cisco CWAP, LAWP, Aruba 225, 325, AP groups, SSID s, Authentication rules, 802.1X for Wireless etc. Demonstrated ability to quickly learn and adapt to new and emerging technologies Proven self-starter with the ability to work independently with minimal supervision Skilled in multitasking and prioritizing tasks to meet deadlines Versatile team player with the ability to work effectively as both a team member and team leader, depending on the situation and project demands. TECHNICAL SKILLS Networking Technologies LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVSTP, MSTP Networking Hardware Cisco Switches, Cisco Routers, ASA/Pix/Palo Alto/Fortinet/Juniper firewalls. Routing Protocols OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting Security Technologies PAP, CHAP, Cisco PIX, Palo Alto, ASA, Fortinet, Checkpoint, CISCO NAC VPN technologies IPSEC, SSL, DMVPN, OPEN VPN, MPLS over VPN, Split tunnel, Tunnel all Network Monitoring SolarWinds, Wireshark, HRping, Whatsupgold, Infoblox Operating Systems Windows, Vista, LINUX, Cisco IOS, IOS XR, IOS-XE, NX-OS Routers 1800, 2611, 2800, 3600, 3845, 3900,4300, 4400, 4500, ASR 1000X, 7206VXR, Juniper M & T Series, Arista 7508 Routers Load Balancers F5 Networks (BIG-IP), NetScaler (Citrix) Proxy devices Bluecoat, Zscalar proxy Capacity & performance Cascade Riverbed (Flow Monitor), WAN Killer Switches CISCO 2960,3750,3850, CAT 9300, CAT9400, CAT 9500,4500,6500,6800 Nexus 7k,5k,2k, Arista 7150S ,7160 switches Programming Languages C, C++, Perl, Power Shell, Python, Yang, XML, Ansible Simulation Tools GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence Firewalls Juniper Net Screen (500/5200), Juniper SRX (650/3600), Pix (525/535), ASA (5520/5550/5580), McAfee Web Gateway, Checkpoint, Palo Alto firewalls. AAA Architecture TACACS+, RADIUS, Cisco ACS, Cisco ISE WORK EXPERIENCE Yamaha Motors, Kennesaw, GA Jan 2022 Till Date Role: Sr. Network Engineer Responsibilities: Designing, Installation and configuration on Checkpoint, ASA, NetScreen and Juniper Firewalls. Supported, maintained, and troubleshooted various network infrastructure devices and services in datacenters. Administered Viptela SDWAN enterprise deployments and implementations for network and devices in the SDWAN environment. Managed the successful delivery of a massive security response portfolio, including Splunk and Cisco ISE. Integrated Cisco ISE with other network devices and services for centralized authentication, authorization, and accounting (AAA). Stayed updated with the latest Cisco ISE features and enhancements to leverage new capabilities. Designed, deployed, and configured Zscaler security solutions to protect the organization's network infrastructure. Designed, implemented, and maintained AWS backend infrastructure. Automated infrastructure provisioning, configuration management, and application deployments using Ansible. Collaborated with Imperva support for troubleshooting and resolving complex issues, ensuring optimal performance of the Imperva security stack. Deployed and fine-tuned EDR solutions, enhancing the organization's ability to detect and respond to security incidents promptly. Engaged in incident response activities related to Imperva alerts, addressing potential security incidents and improving rule sets for better detection. Designed and implemented Layer 3 WAN connectivity solutions to optimize network performance for geographically dispersed locations. Ensured a secure environment by implementing access controls, monitoring security logs, and staying informed about emerging cyber threats. Implemented Juniper Mist's location-based services to enhance tracking and management of network devices, improving asset visibility and security. Participated in infrastructure planning sessions, providing IaC expertise and proposing tailored automation solutions to meet evolving IT landscape needs. Utilized FireMon to efficiently manage and optimize firewall policies, ensuring alignment with organizational security objectives and compliance standards. Implemented OS upgrades and patches, ensuring the security and efficiency of Yamaha Motors' network infrastructure. Led the integration of automated IP address assignment processes, reducing manual errors by 25% and enhancing network reliability. Conducted regular security audits using NetBrain to assess network vulnerabilities and compliance with industry standards. Implemented high availability features of IOS-XR such as NSF, SSO, and graceful restart mechanisms to ensure network reliability. Developed custom scripts to enhance network monitoring, automate configurations, and streamline troubleshooting processes. Orchestrated the setup of Azure ExpressRoute connections to establish dedicated, high-speed links between on-premises data centers and Azure, enhancing data transfer and network performance. Implemented and optimized DHCP servers, automating IP address assignments and ensuring seamless connectivity for dynamic network environments. Maintained over 200 network hardware devices, including Cisco Nexus (7K, 5K, 2K), Catalyst switches, Cisco ISR Series routers, Juniper MX, QFX routers, and Nortel switches across access, distribution, and core networks. Played a key role in the data center migration from Cisco to primary Arista with minimal downtime utilizing VxLAN. Worked with Arista 7150s, 7160 series switches, and 7508R routers. Configured IPSEC VPN (site-to-site and remote access) and maintained external client connectivity. Established and enforced DNS naming conventions to promote consistency and clarity in the organization's DNS records and configurations. Implemented real-time automation scripts using APIs to reduce manual intervention and enhance the efficiency of iXia, Gigamon, and Arista packet broker operations. Automated routine IPAM and DNS tasks, improving operational efficiency and reducing manual workload by 30%. Configured and administered large-scale firewall deployments, including Palo Alto, Cisco ASA-X Firepower, Juniper SRX, and open-source BSD firewalls. Designed and customized alerting mechanisms within SevOne to promptly detect anomalies and critical events, reducing mean time to resolution (MTTR) by 25%. Implemented role-based access controls (RBAC) within the IPAM system to ensure secure and restricted access to sensitive IP address information. Implemented IP address version control mechanisms to ensure consistency across IPv4 and IPv6 address spaces, accommodating evolving network protocols. Worked with Cisco Catalyst and Nexus network switches and routers, Cisco ASA firewalls, and wireless controllers and access points. Implemented VDC, VPC, and OTV on Nexus 5K and 7K switches. Troubleshot L2 and L3 network environments, performed installation, configuration, and deployment of WAN and LAN networking hardware, including routers, switches, and firewalls. Utilized Juniper Mist's AI-driven analytics to proactively identify and resolve network issues, improving performance and reducing downtime. Designed and deployed Google VPC networks to provide a secure and scalable foundation for GCP resources. Performed audits to identify vulnerabilities, malware, and spyware, and remediated problems to ensure compliance using automation tools like Tufin and Riverbed Net Profiler. Conducted system administration functions such as traffic monitoring, performance tuning, log management, disk space monitoring, and application troubleshooting on Linux and Windows platforms. Installed, configured, analyzed logs, and tuned DHCP, DNS, FTP, Web, and proxy servers. Provided 24x7 support management of the monitoring environment using tools such as Dynatrace and Splunk. Environment: Viptela SDWAN, Cisco ISE, Splunk, Zscaler, Ansible, Imperva, EDR solutions, Juniper Mist, FireMon, NetBrain, IOS-XR, Azure ExpressRoute, Arista, Palo Alto firewalls, Cisco ASA-X Firepower, Juniper SRX firewalls, SevOne, Cisco Catalyst, Nexus network switches, routers, Cisco ASA firewalls, Cisco wireless controllers, access points, Google VPC, Tufin, Riverbed Net Profiler, Dynatrace. VMWare, Ashburn, VA Jul 2019 Dec 2021 Role: Sr. Network Engineer Responsibilities: Configured, managed, and troubleshooted F5 BIG-IP Application Load Balancers for internal access and external Internet-facing VIPs. Created locations for each site once the GRE Tunnel is up on the respective location for traffic flow, and granularized the traffic by creating sub-locations for each site. Utilized EDR solutions to monitor and analyze endpoint behavior, identifying anomalous patterns indicative of potential malware infections or malicious activities. Leveraged NetBrain to automate network discovery, mapping, and troubleshooting. Hands-on experience in installing, configuring, and troubleshooting multiple products on Cisco and Juniper routers, switches, Arista, Aruba switches, load balancers, and network access controllers. Leveraged EDR dashboards and reports to communicate security insights and trends to stakeholders, facilitating data-driven decision-making. Engaged in the selection and implementation of EDR solutions, enhancing the organization's capabilities to detect and respond to advanced threats in real-time. Utilized advanced troubleshooting skills to support day-to-day CUCM operations, addressing issues promptly and minimizing downtime. Demonstrated expertise in troubleshooting MPLS-related issues, addressing connectivity problems, and optimizing MPLS configurations for optimal performance. Conducted regular rule cleanup initiatives in FireMon to remove redundant or obsolete rules, improving firewall performance and reducing the attack surface. Deployed Cisco Umbrella to enhance network security by leveraging cloud-delivered DNS security services, preventing malware, and securing internet access. Leveraged Linux/Unix systems and shell scripting to enhance IaC capabilities, showcasing a versatile skill set for developing automated solutions across diverse operating environments. Responded promptly to changing network conditions, dynamically adjusting configurations and settings on iXia, Gigamon, and Arista packet brokers for optimal performance. Enhanced endpoint visibility by integrating Cisco DUO with various endpoints, ensuring secure access controls and real-time monitoring of user authentication attempts. Led a successful migration project at VMware, transitioning from legacy networking infrastructure to newer Arista switch models (7358X4) to align with evolving technology standards and business needs. Administered and maintained virtualized environments using VMware vSphere, ensuring optimal performance and resource utilization. Involved in operations and administration of WAN consisting of Ethernet handoffs, T1, DS3, and optical fiber. Designed, developed, and tested scalable cloud-based solution architectures and infrastructure on AWS and Azure, such as Route 53, ELB, Security Groups, VPC, VPN, NACL, NSG, and VNET. Worked on migration from Juniper firewall to Palo Alto and Juniper to ASA firewall using virtual tools. Worked on Blue Coat Proxy migration to Zscaler. Configured and managed Zscaler cloud-based security platforms, including Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA), to ensure optimal performance and security. Installed and configured Cisco Meraki equipment and web-based monitoring platforms for MR32 wireless access points. Strong routing experience working under complex WAN and SD-WAN environments. Represented Network Operations function-related queries for all change management. Worked with infrastructure service vendors for service improvement plan initiatives. Complete understanding of cloud technology with hands-on experience working on AWS or Azure cloud. Used network management tools for performance tuning, troubleshooting, and capacity planning. Adhered to global network standards, policies, and guidelines in line with meeting regulatory requirements wherever applicable. Deployed ISE technology in infrastructure to establish a secure and authenticated network, including ISE development with profiling and certificate-based authentication. Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404, and 5508 for Wireless Network Access Control integration with Cisco ISE. Troubleshooted issues and outages on trunks, router interfaces, and firewalls extensively. Created URL categories for each service based on the requests. Created URL policies for each URL category. Created SSL inspection bypass for particular internal sites. Created firewall control policies as per organizational and requester choices. Designed, configured, and optimized wireless networks using Juniper Mist, ensuring seamless connectivity and enhanced user experiences. Environment: F5 BIG-IP Application Load Balancers, EDR solutions, NetBrain, Cisco, Juniper routers, switches, Arista, Aruba switches, load balancers, network access controllers, FireMon, Cisco Umbrella, Linux/Unix systems, shell scripting, iXia, Gigamon, Arista packet brokers, Cisco DUO, VMware vSphere, AWS, Azure, Palo Alto firewalls, Juniper firewalls, Cisco ASA firewalls, Blue Coat Proxy, Zscaler, Cisco Meraki, Cisco Wireless LAN Controllers, Cisco ISE, Juniper Mist. West Marine, Watsonville, CA Nov 2017 Jun 2019 Sr. Network Engineer Responsibilities: Created an OAM (Operations, Administration, and Maintenance) Model for the open config platform. Worked on a vendor-neutral case for the OAM model. Configured Blue Coat Proxy and SG Web Application Reverse Proxy for securing web traffic. Worked on Zscaler cloud proxies and supported migration from IronPort to Zscaler. Seamlessly integrated Control M with NOC (Network Operations Center) monitoring tools, leveraging Control M APIs and scripting to automate job executions based on specific alerts or events from the monitoring system, streamlining incident response. Integrated Control M with disaster recovery plans to automate critical server backups and job resubmissions in the event of an outage, minimizing data loss and ensuring rapid service restoration for mission-critical systems. Collaborated effectively with external vendors and partners, ensuring seamless integration of their systems into the Infrastructure as Code (IaC) framework, extending the capabilities and interoperability of automated processes. Executed seamless software upgrades on Arista infrastructure at West Marine, ensuring the incorporation of advanced features and maintaining robust security compliance with industry standards. Involved in evaluating how the OAM model aligns with Quality of Service (QoS) related work. Experience in writing JSON for various scripting languages. Experience working with GitHub. Conducted comprehensive capacity planning for IT infrastructure, anticipating growth and ensuring resources are adequately provisioned. Played a pivotal role in the evaluation and selection of cutting-edge tools and technologies related to Infrastructure as Code (IaC), ensuring the automation stack remains current and aligned with industry best practices. Implemented Layer 3 security measures, including ACLs (Access Control Lists) and firewalls, to safeguard network integrity and prevent unauthorized access. Established automated incident response workflows within Cisco Umbrella to streamline the detection and mitigation of security incidents, reducing response times. Leveraged expertise in EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) technology to bolster the organization s threat detection capabilities and streamline incident response procedures. Utilized Cisco Umbrella for comprehensive user and device visibility, enabling precise monitoring of network activities and enforcing security policies based on user identity. Implemented Azure Site-to-Site VPNs to establish secure connections between on-premises networks and Azure VNets, enabling seamless integration of hybrid environments. Implemented Google Cloud VPNs to enable encrypted communication between on-premises data centers and GCP VPCs, adhering to strict security standards. Worked on the Kona Cloud platform to inspect traffic for all applications before reaching the actual server. Managed URL categories, whitelisting, blacklisting URLs for users, ad groups, departments, and locations using IP subnets. Worked with network snipping tools like Ethereal (Wireshark) to analyze network problems. Maintained and troubleshooted network connectivity problems using PING and Trace Route. Performed scheduled virus checks and updates on all servers and desktops. Leveraged SevOne's NetFlow monitoring capabilities to analyze traffic patterns, detect network bottlenecks, and optimize network routing for improved performance. Implemented routing and switching using protocols like OSPF (Open Shortest Path First) and BGP (Border Gateway Protocol) on Juniper M series routers. Experienced in Bash and Python scripting with a focus on DevOps tools, CI/CD, and AWS Cloud Architecture and hands-on engineering. Experience in scripting languages like YANG and XML, Ansible. Dealt with composite network models consisting of Ciena 39 series and ACX platforms. Upgraded Cisco ISE appliances company-wide and recently rolled out OpenDNS, including onsite VM appliances. Worked on network configurations related to automation for various models. Developed custom Splunk apps and scripts to extend platform functionality and meet specific business needs. Experience with designing, installing, and troubleshooting networks with hands-on experience in OSPF, BGP, VPLS (Virtual Private LAN Service), Multicast, VPN, MPLS (Multiprotocol Label Switching), and traffic engineering. Extensively worked on the virtual F5 LTM (Local Traffic Manager) module on VMware for application testing. Configured and managed user groups, permissions, roles, and resource pools on VMware vCenter. Environment: Open Config Platform, Blue Coat Proxy and SG Web Application Reverse Proxy, Zscaler, Control M, Arista infrastructure, GitHub, Cisco Umbrella, EDR and XDR technology, Azure Site-to-Site VPNs, Google Cloud VPNs, Kona Cloud platform, Wireshark, SevOne, OSPF, BGP on Juniper M series routers, Bash, Python scripting, YANG, XML, Ansible, Ciena 39 series, ACX platforms, Cisco ISE, Splunk, F5 LTM, VMware vCenter. Genpact, Hyderabad, India August 2015 Oct 2017 Role: Network Engineer L2 Responsibilities: Configured Virtual Port Channel (VPC) and Virtual Device Context (VDC) on Nexus 7010/7018. Configured Fibre Channel over Ethernet (FCOE) using Cisco Nexus 5548. Created deployment documents for Nexus 7k, ASR9k, and ASR1k, enabling successful deployment of new devices on the network. Worked on Cisco Identity Services Engine (ISE) deployment, replacing ACS to provide guest wireless services for the Port Authority. Configured Cisco ISE for wireless and wired 802.1x authentication on Cisco Wireless LAN Controllers, Catalyst switches, and ASA firewalls. Provided hands-on support for MPLS networks, addressing user needs, recommending solutions, and ensuring network confidentiality, integrity, and availability. Implemented Arista CloudVision for automation at Genpact, reducing manual configuration and enhancing network agility. Configuring MPLS on Cisco ASR 9k routers, ensuring seamless communication between network segments. Utilized monitoring tools to analyze Layer 3 traffic patterns, detect bottlenecks, and optimize routing for performance improvement. Worked with Nexus 7010, 5548, 5596, 2148, and 2248 devices. Configured and troubleshooted Juniper EX series switches. Fostered continuous collaboration with Arista at Genpact, staying informed about advancements through technology forums, updates, and workshops. Implemented security measures including NAT/PAT, ACLs, and firewalls (ASA/SRX/Palo Alto/Fortinet). Knowledgeable in Site-to-Site VPN, DMVPN, SSL VPN, WLAN, and multicast technologies. Configuring HSRP, GLBP, PPP, PAP, CHAP, and SNMP. Communicated with customers and IT teams to gather project details and requirements. Installed and configured DNS and DHCP servers. Established and maintained Layer 3 security policies, including NAT/PAT, ACLs, and firewalls. Implemented Layer 2 security using dedicated VLAN IDs for trunk ports, setting user ports to non-trunking, and deploying port security. Applied strong analytical skills to troubleshoot and resolve Layer 3 issues with customers in real-time. Configured ASR 9K pairs, including HSRP, Bundle Ethernet, and assigning DHCP profiles. Environment: Cisco Nexus, Cisco Identity Services Engine (ISE), Cisco Wireless LAN Controllers, Catalyst switches, and ASA firewalls, Arista CloudVision, Cisco ASR 9k routers, Juniper EX series switches, ASA/SRX/Palo Alto/Fortinet firewalls, DMVPN, SSL VPN, WLAN, HSRP, GLBP, PPP, PAP, CHAP, SNMP, DNS, DHCP servers, NAT/PAT, ACLs, Port security. Keywords: cprogramm cplusplus continuous integration continuous deployment artificial intelligence active directory information technology ffive California Georgia Idaho South Dakota Virginia Wisconsin