Montgomery Street, San Francisco, CA94105(555) 432-1000, resumesample@example.com
Professional Summary
Network & Security Engineer with over 4 years of experience working in large Enterprise scale networks.
Involved in design of client's large Enterprise IT infrastructure by implementing Cisco ISE system, including EAP-TLS, Guest Access, BYOD and compliance, to improve corporate network visibility and security in production environments.
Implementation and Operational experience in a Large Enterprise Scale Environments with Several Hundreds of Firewalls and Security Gateways
Demonstrated abilities in enterprise wide network design, administration and network integration including working with Dynamic Routing such as BGP and OSPF
Flexible for On Call Rotation and off hour support especially upgrades & Maintenance on Weekend changes and incidents.
04/2017 to CurrentNetwork Security EngineerApex Systems | Falls Church, VA,
Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS, TACACS+, 802.1x, Posture Compliance Policies, Access and Controls, and Remediation Process.
Working as Network Access Controls (NAC) ISE Administrator in planning and designing Clients global network for Network Access Solution across Wireless, SSL-VPN, and Wired Networks.
Working on design, implementation and maintenance of Cisco Identity Service to support posture, profilings, and enforce compliance across remote VPN, wireless, and wired networks.
Managed and configured Cisco Identity Service Engine (ISE) with 802.1X for corporate users including Wireless BYOD, wired network users, IP phones and printers (requiring Mac Address Bypass (MAB).
Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, applying downloadable ACLs through Cisco ISE, and Configuring Standard and Extended ACLs locally and on upstream switch's for Cisco NAC.
Upgraded Cisco ISE consisting of 40 ISE servers North America wide from legacy version 2.1 to 2.4 without affecting business operation.
Implemented TACACS+/ RADIUS authentication/authorization on Cisco ISE for central management of all network devices across US.
Worked on Enforcement policies for auto-remediation of non-complaint devices and remediating devices that are misconfigured or are missing an 802.1x supplicant.
Configuring probes in Cisco ISE to collect device information connected on to company's switches and external Routers.
Integrating Cisco ISE with Load balancer (Citrix NetScaler and F5 LTM) to manage traffic between multiple ISE PSN nodes in order to provide AAA services.
Assist in deploying and troubleshooting PKI/Certificate based authentications.
Issued Digital certificates through PKI system to secure connect for both public web pages and private systems.
Planning, designing and Configuration of various Policy Configurations, Profile Authorizations, End device Profiling, User Identities, Cisco ISE and AD mapping with various attributes and levels of authorizations and Network Access.
Share knowledge with the team members and different TAC teams in my area of expertise including creation of guides.
Working on the design and implementation of the Guest Network environment(Visitor, Employee) and BYOD for NAC solution.
Monitoring and alert management of all components related to the ISE NAC solution and providing ongoing maintenance and support of solution components ( patching, upgrades, capacity reviews and lifecycle management).
Engaging across other GIS infrastructure domains to address ISE SUPPORT issues (PKI, server, Load Balancer, WAN, Web Acceleration, Security, AnyConnect).
Capacity planning and primary coordinator to manage and develop ISE security projects.
Gather Engineering Requirements for migrating applications, and create architectural diagrams showing the process flow.
Managed company Bring Your Own Device program, onboarding employee devices and verifying absence of inherent security threats.
08/2016 to 03/2017Network EngineerWalt Disney Co. | Schaumburg, IL,
AAA Server) management, User database management, configuring privilege level and command authorizations using TACACS+ protocol.
Monitor logs for any unauthorized login, Password management of users, ACS Backup etc.
Operated with Network Operations Wireless team to design, configure, management of enterprise wireless hardware, software and management systems using Cisco Access Points, Controllers and Catalyst switches.
My responsibility included centralizing on-site management, policies and access point deployment to improve performance and visibility by maintaining 101 Cisco Wireless Controllers for supporting 5000 access points worldwide.
Engaged in solving WLAN deploy and design problems on upcoming sites, performing WLAN site surveys using Ekahau tool.
Improved and enhanced performance of Wi-Fi coverage using heat-maps and signal strength parameters on Cisco WLC and Cisco Prime.
Use Tools such as TUFIN for Firewall Policy optimization and rule base Clean up.
POC for checkpoint firewall upgrade from R77 and R80.10 to R80.20 and R80.30.
Configuring High Availability using Cluster XL on Checkpoint and monitor the Sync status for stateful replication of traffic between active and standby member.
Firewall policy provisioning and administration including addition of object groups, policies and NAT on the firewalls.
These firewalls were mostly Cisco and Check Point.
Work with B2B IPsec VPN tunnels on checkpoint including updating the crypto ACL/ encryption domain.
Troubleshooting user connectivity issues using SmartView tracker, smart log and by executing TCPDUMP, FW Monitor on Checkpoint firewalls.
Actively work with users to convert their firewall port opening requests into firewall change requests and process them through the Service Now change management system.
Working with OSPF as internal routing protocol and BGP as exterior gateway routing.
Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
Worked with layer 2 switching technology architecture.
Implemented L2 and L3 switching functionality, which includes the use of VLANS, STP, VTP and their functions as they relate to networking infrastructure requirements including internal and external treatment, configuration and security.
Used internal network monitoring tools such as Solar Winds to ensure network connectivity and Protocol analysis tools to assess network issues causing service disruption.
Monitored network capacity and performance, as well as diagnosed and resolved complex network problems.
08/2015 to 07/2016Cisco Network EngineerAgreeya Solutions | Newark, CA,
Managing administration of Router, Switch, IPS, ASA, ISE Server, Network topologies, involving design of network layouts, configuration & maintenance of servers in the different location.
Worked as a Network Security Engineer, responsibilities were to maintain, troubleshoot and protect the client environments through firewalls, SIEM, IDS, IPS.
Manage Cisco ASA Firewalls using CLI, CSM (Cisco Security Manager).
Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
Configure and tweak inspection policies on Firewall to allow legacy application traffic.
Configuring and Troubleshooting Site-Site VPN, Remote Access VPN, NAT, Policies comprising class map and policy map, Inspection, Failover issues on the ASA.
Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
Review of Firewall rules, data flows when there is any new requirement or change in existing environment.
VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
