Mujaheed

Senior Network Security Engineer

[email protected]
(408) 686 4113

SUMMARY:

 8+ years of experience in IT as Network Engineer with focus of design, implementation,

troubleshooting and documentation of LAN/WAN systems in global and Data Center
Environment. Experience in configuring Palo Alto Networks firewalls, including the PA-7080,
PA-5430, PA-3220 Series and VM-Series. Integrated Fortinet firewalls 4800F, 6500F and
7081Fwith FortiManager and FortiAnalyzer for centralized firewall management, Installed
jumbo hotfix take on Checkpoint provider servers to fix SNMP discovery issue using version 3
protocol. Migrated Cisco ASA firewall to FortiGate using to Forti converter. Implemented
dynamic routing protocols such as OSPF, EIGRP, and BGP on Cisco routers ASR 9922, 9912,
9910 series, and Switches like 9200, 9300, 9400 series to enable efficient packet forwarding,
route redistribution, and network convergence. Experience in configuring and optimizing Cisco
Nexus switches, including Nexus 9000, 7000, and 5000 Series, for data center networking and
virtualization environments. Experience in other security tools like pulse Secure VPN, Zscaler
Cloud based web security, Bluecoat, Cisco ISE, Fore Scout NAC, Firemon, Microsoft EOP, Proof
point Email Protection, Symantec VIP Two factor authentication and Sky-high CASB.
Experience in Configuration of Network architecture on AWS with VPC, Subnets, Internet
gateway, NAT, Route table. Implemented F5 iRules and iControl APIs to customize traffic
handling and application delivery logic on F5 VIPRION ADCs, enabling advanced traffic
manipulation and application-specific optimizations.Implemented secure connectivity over
hybrid WAN links, including MPLS, Internet, and 4G/LTE, using Viptela’ s secure overlay
tunnels (DTLS) and encryption to protect data in transit.

TECHNICAL SKILLS:

LAN Technologies: SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, WLC.
WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3,
T1 /T3 & SONET.
Load Balancers: F5 LTM, GTM and VIPRION.
Wireless: Cisco Meraki and Aruba Wireless.
Firewalls: Fortinet (FortiGate) Firewall, Palo Alto, ASA 5555, 5540 and Juniper SRX series,
Checkpoint R80, R81.
Routing series: Cisco ISR 4000, 1000, 900 and 800, Juniper MX480 and MX960 series.
Switches: Nexus 9000, 7000, 5000 switches, Arista switches, Catalyst switches and Juniper
switches.
Network Management Tools: Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime.

Professional Experience:

Amtrak, Chicago, IL Nov 2023 - Present

Sr. Network security Engineer

Responsibilities:
 Implementing standards for Palo Alto Networks PA-7080, PA-5420, PA-3430 firewall-powered
devices, users, and web pages that adhere to company standards.
 Developing creative solutions to satisfy particular business and security requirements requires
adhering to Palo Alto PA-3260, PA-1420 Network firewall regulations.
 Using Palo Alto dashboards to monitor and optimize the effectiveness of safety protocols, as well
as to establish and maintain adherence to company policies and procedures.
 Setting up User-ID through the Palo Alto web interface, particular safety protocols linked to user
identities and roles could be implemented.
 Configured and optimized Prisma Access to deliver secure, scalable remote access for distributed
teams, ensuring seamless application performance.
 Configured and maintained Ciena 6500, Waveserver, and other platforms for high-capacity optical
transport in metro and long-haul networks.
 Integrated AppDynamics with existing CI/CD pipelines to automate application performance
monitoring during development and production phases.
 Conducted end-to-end infrastructure monitoring and maintenance, ensuring uptime and reliability
across servers, storage, and networking devices.
 Design network infrastructure for IPv6 in order to support end to end IPv6 connectivity to CPE.
 Configured in FortiGate's Intrusion Prevention System (IPS) features to detect and thwart network
threats in real-time, effectively mitigating potential security breaches.
 Implemented Virtual LANs (VLANs) on FortiGate devices to segregate and secure network traffic,
thereby enhancing overall network performance and security.
 Designed and enforced Zero Trust principles using Prisma Access to secure user, application, and
data access across distributed networks.
 Integrated in troubleshooting FortiGate 3500F, 4700F firewalls to ensure continuous and reliable
network operations, specializing in addressing real-time scenarios effectively.
 Worked collaboratively with network architects and cybersecurity analysts to devise and execute
comprehensive security frameworks utilizing FortiGate firewalls such as 4400F, 4200F, and 3700F.
 Implemented custom security policies in Prisma Cloud to prevent unauthorized access to sensitive
data stored in GCP, reducing the risk of insider threats and external attacks through continuous
monitoring and real-time alerts.
 Designed custom alerts and performance baselines within AppDynamics to notify of anomalies
and prevent system downtime.
 Configured MP-BGP on Cisco router enabling the routing of both IPv4/IPv6 traffic.
 Creating and managing Azure digital estates according to Microsoft Cloud Adoption Framework for
Azure landing zones, workload migration, and identity governance, back up and high availability.
 Replacing Checkpoint VPN and BlueCoat proxy with Zscaler and worked on implementing Zscaler
in Production.
 Configured and managed VMware and Hyper-V environments to support application hosting and
business continuity requirements.
 Integrated Meraki SD-WAN into the infrastructure during the design process.
 Working with security and cloud operations teams to align Prisma policies with organizational
security strategies, ensuring seamless integration into existing workflows.
 Deployed Prisma Access to secure over 500 remote users by providing seamless Zero Trust
access to critical cloud applications, reducing security risks associated with remote work
environments.
 Configured Overlay-1 Virtual Routing and Forwarding (VRF) to efficiently segregate and segment
tenant traffic within the Cisco ACI fabric.
 Utilized Ciena Manage, Control, and Plan (MCP) software for real-time network monitoring,
provisioning, and fault management.
 Implemented Cisco ACI solutions, building a programmable and automated network infrastructure
tailored for application-centric deployments.
 Configured and enforced Taboo policies within the ACI fabric, significantly bolstering security
measures and isolating specified components.
 Created subnets to allow for both present and future network expansion and addressing for both
IPv4 and IPv6 network devices.
 Set up and protected AWS VPN links to allow protected interaction with AWS cloud servers and
on-site networks, guaranteeing safe access and transfer of data.
 Implemented and maintained Network Access Control Lists (NACLs) and AWS secure groups to
impose granular control over incoming and outgoing traffic for cloud-based assets.
 Integrated network devices providing using Terraform and AWS Cloud Formation, guaranteeing
accurate and consistent installation across AWS settings.
 Working on Cisco Secure Firewall 3105 and 3110 configurations were enhanced to include better
internet usage tracking, data security, and authorization.
 Implemented and managed IBM BigFix infrastructure for streamlined patch management and
software distribution across enterprise networks.
 Set up VXLAN on Arista switches 7800, 7500R, and 7300 to facilitate overlay networks and
enhance interaction among centrally managed demands situated on various subnets.
 Developed Python resources and specialized scripts to facilitate security-related tasks such as
threat inspection, log evaluation, and attack confirmation.
 Improved and set up Active Directory safeguards to protect login information, usage attributes,
and user categories.
 Developed and produced a ton of content about Infoblox setups, policies, and procedures to
promote consistency and data sharing among IT staff.
 Develop interaction with firewalls, Cisco ISE-protected devices, and key company executives as
part of the security procedures.
 Analyzed transaction flow maps and business journeys using AppDynamics dashboards,
improving overall application reliability by 20%.
 Set up safety features on the Cisco Firepower 1150, 1010, and SM-48 devices in accordance with
corporate rules and regulations.
 Improved dialog between ISEC and the development team, which leads to more effective security
procedures.
 Enabled seamless integration of Prisma Access with on-premises and cloud environments,
providing consistent security policies across hybrid networks.
 Developed a roadmap and migration plan for SD-WAN solution deployment globally in conjunction
with internal support teams.
 Provided Desktop Support for internal users and Handled Service-Now tickets related to Cisco ASA
& Zscaler, & VPN along with the connectivity issues and provide support when any issue is raised.
 Working on SRX 380 and SRX 2300 Juniper firewalls were equipped with Intrusion Detection and
Prevention System (IDP/IPS) policies to efficiently detect and stop malicious network activity.
 Deployed Cisco Meraki wireless MR32, MR33, and MR34 networks, which enhanced the safety and
connectivity of business environments and led to a 30% increase in client retention.
 Set up Aruba switches with Ethernet and internet connectivity to guarantee user satisfaction and
effective network administration for the whole company.
 Configured SSL offloading on F5 load balancers to reduce server load, enhancing application
performance and improving response times for end users.
 Integrated F5 load balancers with web application firewalls (WAF) to provide enhanced security
and protect applications from common vulnerabilities such as DDoS attacks and XSS.
 Implemented health monitoring and server checks within F5 to ensure traffic was directed only to
healthy and responsive servers, minimizing application downtime.
 Provisioned Ethernet over DWDM and MPLS-TP transport services on Ciena devices to deliver
scalable solutions.
 Set up Cisco routers and safety guidelines to safeguard internet activity and enhance overall
security.
 Configured BigFix deployment architecture, including relays, clients, and databases, ensuring high
availability and scalability.
 Working on Cisco routers ISR 1100, 1160, and 1131 were equipped with onboard safeguards and
malware protection features, ensuring privacy online.
 Configure the Ethernet establishes of the Nexus switches to enable internet connectivity and
administration.
 Developed and deployed custom fixlets, tasks, and baselines to address unique network and
system compliance requirements.
 Worked on issues with IPS/IDS servers, Zscaler and bluecoat proxies.
 Designed policies and procedures specifically for regular upkeep and storage of Cisco Nexus
7010, 5548, 5600, and 7018 switches.
 Setting up network hardware, such as switches, firewalls, and Ansible services, as well as other
appliances, to safeguard user documentation.

Charter Communications, Stamford, CT Mar 2022 – Sep 2023

Sr. Network security Engineer

Responsibilities:
 Developed and maintained Palo Alto firewalls and put standards into place, using a variety of
resources to examine firewall logs and find and fix security issues.
 Using Panorama systems to track and apply internet traffic manages for Palo Alto firewall
administration, involving PA-3410 and PA-5220.
 Working on Palo Alto firewalls, that include PA-7080 and PA-5420 models, can now be centrally
managed thanks to the implementation of the Palo Alto Panorama M-100 oversight server.
 Installing and setting up Palo Alto Networks 5250 Next-Generation Firewalls, which guarantee
thorough security and effective administration of the network's structure.
 Implemented FortiGate firewall logging, reporting, and alerting features to diligently monitor and
respond to security incidents.
 Integrated BigFix with security tools to automate vulnerability assessment and reporting for
enhanced network security.
 Implemented automation for application policies to dynamically adapt to changing network
conditions and business needs.
 Using FortiManager for centralized management of Fortinet devices, simplifying configuration,
monitoring, and reporting operations.
 Designed and tested IPv6 to IPv4 conversion via MPLS ISP cloud within a test lab environment
prior to implementation.
 Managed firewalls via FortiGate to regulate IP access, developed policies, configured different
interfaces and VLANs, performed installations, and executed VPN, Fortinet, and VOIP setups.
 Configuring and overseeing FortiGate firewall series, encompassing models like FortiGate 7081F,
6500F, 4800F, and other relevant variations.
 Configured Prisma’s Compliance Dashboard to track adherence to SOC 2 and GDPR requirements
across multi-cloud environments, enabling the company to pass audits with minimal effort by
automating compliance reports.
 Worked on Internet Web Security Proxies which includes Cisco Iron Ports, Bluecoat Proxies, and
Zscaler Cloud Proxies.
 Used Prisma to perform real-time threat intelligence analysis and detect misconfigurations in
cloud-native applications, preventing security breaches and data loss.
 Configured Prisma Access to deliver secure remote access for users by extending Zero Trust
security to branch offices, mobile users, and cloud applications.
 Deployed maintenance protocols within the ACI fabric to minimize downtime and maintain
operational standards effectively.
 Integrated automation tools with ACI to enhance operational efficiency by streamlining VLAN
provisioning and management processes.
 Configured and managed Prisma SD-WAN to enable intelligent application-aware routing,
ensuring optimal performance for critical applications.
 Implemented encryption policies within Cisco ACI to ensure data security during transmission and
protect against unauthorized access to sensitive information.
 Deployed AWS CloudWatch alarms and configured metrics to monitor the performance and health
status of various AWS resources effectively.
 Managed security groups to control both inbound and outbound traffic for AWS instances
operating within Virtual Private Clouds (VPCs).
 Deployed and Manage SD-WAN network (Cisco Meraki Solution) for WAN connectivity.
 Using AWS Elastic Load Balancer to evenly distribute incoming traffic across multiple instances,
thereby improving application availability and resilience to faults.
 Implemented Netmiko scripts to perform network audits and compliance checks, ensuring all
devices adhered to standardized configurations and security policies.
 Increased efficacy in identifying and fixing connectivity issues by utilizing Aruba and Airwave
developments.
 Created detailed technical documentation, including configurations, troubleshooting procedures,
and network diagrams, for Ciena-based infrastructure.
 Developed Python-based network analysis tools to minimize the likelihood of setup issues by
testing devices and policy settings online before going into manufacturing.
 Implementation of Group Policies and additional Active Directory (AD) security features to enforce
consistent security passwords, access limitations, and safety configurations.
 Deployed, and managed the F5 VIPRION 2400, 4400, and 4800 platforms, creating scalable and
high-performing application delivery systems that matched business requirements.
 Set up investigating and resolution procedures for F5 Big-IP-related problems in order to preserve
network efficiency and accessibility.
 Setting up F5 iRules to carry out content influencing, screening, and assessment for improved
security.
 Added data gathering features to Ansible Tower for proactively safety checks and routine
maintenance of internet-connected devices.
 Using Infoblox IPAM to manage and optimize IP address transport and subdivision, network
reliability rose and IP upgrades decreased by 40%.
 Develop rules, entry restrictions, and guidelines for groups and processes within Cisco ISE using
pertinent data, such as device types, users, and regulations.
 Added and implemented prevention of threats malware safety, URL screening, and Cisco
Firepower's 4145, SM-40, and SM-48.
 Working with network architects to design secure network topologies, incorporating Arista 5000,
7060X, and 7050X3 switches for critical infrastructure components.
 Configuring Juniper SRX 4300 and SRX 4700 layer structures are particularly useful for tracking
and analyzing data at the software categories level.
 Using ISEC's gathering and assessing data features to gather helpful data, proactive security
precautions and attack reduction strategies were created.
 Improved the capability to detect and respond to incidents by integrating Cisco Secure Firewall
4245, 4225, and 4215 with centrally managed monitoring and oversight.
 Managing Cisco Nexus switches 9800, 9500, and 9400 to enhance and create dependable
performance and exceptional productivity in network configurations.
 Designing and implementing Cisco Nexus structures for large computing networks, system
effectiveness and flexibility were increased by 30%.
 Using Cisco routers ASR 9904, 9906, and 9912, you can optimize network performance and
ensure consistent connectivity across multiple locations.
 Setting up and implementing site-to-site VPNs with Cisco routers, managers can reduce expenses
by 20% and allow encrypted communication between remote offices.

ADP, NYC, NY Nov 2020 – Feb 2022

Network security Engineer

Responsibilities:
 Increased current connections on Palo Alto firewalls PA-1410, PA-3250, and PA-3260 and enabled
aggressive aging on different service objects to improve connections and resolve intermittent
issues.
 Installed jumbo hotfix take on Checkpoint R21k, R13k, R12K provider servers to fix SNMP
discovery issue using version 3 protocol.
 Configured and managed Cisco ASA5585, 5555, 5545 firewalls to enforce network security
policies, control access to resources, and protect against cyber threats.
 Deployed Blue Coat Content Analysis System (CAS) for advanced malware detection and analysis,
enhancing threat protection capabilities.
 Provided technical support and troubleshooting expertise for Cisco routers 1900, 2900, 3900
series resolving network issues and ensuring uninterrupted operation of critical infrastructure.
 Designed, developed and implemented multi-tiered Splunk log collection solutions.
 Implemented SIEM tools such as Solar Winds and Symantec Endpoint Security for malware
detection and threat analysis.
 Collaborated with cross-functional teams by sharing Wireshark packet captures and analysis
results to troubleshoot and resolve complex network issues.
 Implemented NetScaler Insight Center or Citrix Application Delivery Management (ADM) for
centralized monitoring, analytics, and reporting of application traffic and performance metrics.
 Implemented Silver Peak's application visibility and control features to gain insights into
application performance, analyze traffic behaviors, and guide data-driven decisions.
 Managed variables and parameters within Terraform configurations to enable dynamic and
parameterized provisioning of resources.
 Experience in designing, implementing, and administering Cisco TrustSec solutions, ensuring
comprehensive and adaptable network access control (NAC) throughout the enterprise.
 Implemented various routing protocols such as RIP, EIGRP, and OSPF on Juniper MX routers also
taking care of issues such as discontinuous networks.
 Deployed Tetration's behavior-based application insights to gain detailed visibility into application
dependencies, traffic patterns, and communication flows.
 Worked closely with network architects and system administrators to develop and implement
efficient solutions for cable infrastructure.
 Configured Big IP F5 LTM 6400, 6800, 8800 for all Local Load balancing and use GTM for load
balancing and use GTM for load balancing across Data Centers.

Essent, India May 2016 – Sep 2020

Network Support Engineer

Responsibilities:
 Install and maintain appropriate network systems and hardware as part of ongoing
transformation/ migration project in the county.
 Implementing, configuring, and troubleshooting various routing protocols like EIGRP, OSPF, and
BGP, MPLS.
 Troubleshooting the network with the Packet capturing in Wireshark and resolving the issue using
the filtering of the packet capture using TCP/IP filtering there.
 Integrated connections from UCS domain connected to distribution Switches to new ACI network.
 Implemented all network/security standards employed by Norfolk Southern Corp., which includes
integration of documented OSPF Tier 2/3 design and engineered implementation.
 Worked with the Info security team to closely monitor threats, incident handling, working with the
network administration team to provide them with the remediation steps.

Education- Bachelor's in BCA-India.

Certifications-CCNA, CCNP