Senior Network Security Engineer
Ministry of Justice
Total des années d'expérience :20 years, 6 Mois
Design and implement nexus datacenter switching which includes Nexus 7k, 6k and 2k switches. Features like vPC, VDC and FEX were all implemented.
Managing and troubleshooting Multi-Site Cisco ISE deployment covering 4000 endpoints. Both machine authentication and user authentications were user. Posture check is perform on authenticated machines.
Implementation of Palo Alto firewall with multiple zones and virtual firewalls.
Create and maintain Site-to-Site VPNs for various other government bodies and banks.
Create and maintain Clientless SSL VPNs and Cisco Anyconnect VPNs to publish MOJ applications via internet. Two-factor authentication used to enhance security (user credential + client certificate). Smart-tunnels were used for clientless VPNs.
Manage Arbor DDos protection system. Create new protection groups and server types as per new requirements. Constantly monitor the attack pattern and take necessary action if it crosses the threshold.
Lead various implementation projects like core switches replacement with Nexus, new building network rollout, datacenter switches (Nexus) deployment etc.
Accomplished network rollout of new sites (8) and renovation of existing sites (4) which includes more than 850 switches.
Establish fiber link to the new sites which includes fiber patching at the MOC exchanges, design IP scheme, configure the core switch interface, configure OSPF and apply filter list. Also configure edge switches with our standard template and configure ISE to authenticate users and machines.
Design and maintain IP and VLAN scheme for around 40 sites.
Design and implement DMZ network for virtualized environment using PaloAlto firewall and nexus switches.
Monitor the entire network using Cisco Prime Infrastructure covering 1200 switches
Gi Network (ISP side):
- Configure, troubleshoot and maintenance of GI network which includes Cisco 6500 series switches, Cisco ASR 9010 routers and Juniper 5800 firewalls.
- Provisioning of new upstream ISP which includes co-coordinating and establishing BGP neighborship with the upstream provider, advertise the allotted prefixes to them and NAT subscribers to the new public IP pool.
- Troubleshoot and maintenance of existing upstream providers which includes troubleshooting slowness issues, prefix advertisement issues, load sharing internet traffic among active upstream providers whenever required.
- Network assessment of GI network.
- Security assessment for Juniper firewalls which includes policy review, device hardening etc.
- Configure, troubleshoot and maintenance of high end firewall Juniper SRX 5800 which includes changing NAT configuration, upgrade software whenever required, provision new links and new security zones whenever required, provide reporting on NAT pools.
- Daily health check for critical network equipment.
- Maintaining network documentation which includes network diagrams, inventory, IP scheme etc.
Enterprise Network:
- Configure, troubleshoot and maintenance of Checkpoint VSX firewall which includes creating rules on Checkpoint firewall as per user request (user request through ticketing system and approved by security team), troubleshoot connectivity issues raised by users through ticketing system, identify routing/firewall issues and provide solution.
- Configure, troubleshoot and maintenance of Cisco Identity service Engine which includes upgrades, patch installation, troubleshooting endpoint connectivity issues, renewal of digital certificates (Generating CSR) and generating debug messages and packet captures for Cisco TAC troubleshooting.
- Configure, troubleshoot and maintenance of ASA 5500 series firewalls which includes upgrade, renewal of digital certificates (Generating CSR) and troubleshoot connectivity issues. Create Anyconnect VPN groups and Site-to-Site VPN tunnels as per user request.
- Configure, troubleshoot and maintenance of IPS (HP Tipping point, Sourcefire & IBM ISS) which includes reducing false positive alarms, upgrades and optimization.
- Configure, troubleshoot and maintenance of enterprise switches which includes upgrade Cisco 6500-VSS core switches using ISSU method which gives inline service upgrade without causing traffic interruption, deploy Cisco Nexus 5k datacenter switch for services connectivity and install Cisco 2k for top of the rack connectivity using FEX technology, deploy and maintain Cisco 3750-X switches on access layer.
- Design and implement Flexlinks for access switches which provides redundant path to the core.
- Prepare detailed implementation plan for maintenance window activities which includes step-by-step procedure with commands, impact if any, rollback procedure etc.
- Perform daily health check of critical devices and perform quarterly health check of complete network which includes network availability, top cpu utilization, top memory utilization, out-dated softwares, interface utilization, syslogs etc.
Create site-to-site VPN tunnels for customers using various gateways like Cisco PIX firewall, Cisco ASA 5500, Cisco routers etc.
Configure Remote access VPN for customers and integrate with Active directory for authentication.
Design, install and configure Cisco ASA firewall for the customers. Manage the security policy of the ASA and modify the access rules as per the customer requirement.
Install Cisco secure ACS and configure to provide authentication for all network devices in the company and for EasyVPN authentication. In addition, it is configured for authorization and accounting also.
Configure Cisco IPS using AIP SSM 20 module in ASA 5520. Signatures were tuned to reduce false positives.
Add new customer to the NOC network by creating separate VRF for each customer on Cisco 7606 router and configure NAT(if required) where our customers with same IP subnets enter our network in a MPLS environment. Manage the routing table of this customer aggregation router.
Install new devices like Cisco routers, switches, firewall etc for the customers.
Do penetration testing on the customer network and prepare a Security Report.
Configure VTP and VLAN on the Local network to separate voice, data and other critical networks.
Implement Qos on the routers to prioritize the traffic.
Configure Point-to-Point Wi-Max solution to one of the customer to enable layer 2 connectivity between their old office and new office.
Provide network support both internally and for the customers.
Performed diagnosing, troubleshooting, and resolving technical issues with desktops/laptops and other computer hardware, operating systems, network and software applications for 500+ corporate users
Comfortable with “MAGIC Solution”, a web based software used by IT Helpdesk to get user
Problems and forward problem tickets to and manage workflow.
Closed over 2000 support calls in different contexts like OS, printers, network, email, software, etc
Troubleshooting of Novell related problems like Novell context, tree, Service location, Novell client update.
Used Symantec Ghost software to create library of software images and distribute images as required.
Installation and Configuration of Cisco 2500, 2600, 3600 series routers and Cisco 2900, 3500 and 4500 series switches at customer sites
Cisco IOS Upgradation
Segmentation of network using VLAN and configure Inter-VLAN routing on L3 Switches.
Configuration of VTP domain in order to ease the VLAN management
Uplink port are usually through GBIC port. Mutlimode fiber cables were used.
Configuration of HSRP on 4500 series for redundancy
Implementation of port security on switches as per client requirements
Created Site-to-Site VPN between customer main office and branch offices. The channel was secured by 3-DES encryption.
Troubleshooting of customer network problems
Secure customer networks by installing PIX Firewall 501.
Installation of NMS Tools like Ciscoworks, Solarwinds, sniffer pro etc
Co-ordinate with customers in solving their network problems
Cisco Certified Internetwork Expert Security #23878
1. Secur. 2. PIX Firewall. 3. VPN 4. IDS 5. Cisco SAFE
First Class with distinction