ASRAR AHMED FAROOQUI

Network Security Engineer

551-254-1581
asrarfarooqui1987@gmail.com
_____________________________________________________________________________________
SUMMARY:
 Certified Network professional with 7 years of experience in network design, implementation, and support. Routing,
switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
 Performed security research, analysis and design for all client computing systems and the network infrastructure.
 Extensive experience working with Qualys Guard to conduct Network Security assessments.
 Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTMs
and GTMs.
 Worked extensively on Palo Alto, Juniper Net screen and SRX Firewalls.
 Provided services in many industries such as Consulting, Telecommunications and IT Infrastructure. Specializing in
LAN, WAN, WLAN, and Data Center networks
 Implemented Guest WLAN.
 Experience with design and deployment of MPLS Layer 3 VPN, MPLS Traffic Engineering, MPLS QOS.
 Deployed RAP controllers (Remote Access Points) in the DMZ to provide direct secure connection from remote
locations to corporate LAN.
 Worked with team to implement NAC solution on Aruba wireless and LAN.
 Excellent programming skills on Python Scripting.
 Knowledge in Windows/Linux, Unix operating system configuration, utilities and programming.
 Good knowledge on IBM Appscan to enhance the web application security.
 Performed security assessment, review, and mitigation of the Oracle database, UNIX, and Windows server operating
systems.
 Expertise in configuring and troubleshooting of Palo Alto, Juniper NetScreen & SRX Firewalls and their
implementation
 Working Knowledge of Cisco IOS, Junos & basic Nexus (7K, 5K&2K).
 Switching tasks include VTP, ISL/ 802.1q, VLAN, Ether Channel, STP and RSTP.
 Strong hands on experience on PIX (506, 515, 525, 535), ASA (5505/5510) Firewalls. Implemented security policies
using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
 Responsible for Check Point and Cisco ASA firewall administration across global networks.
 Experience in testing Cisco routers and switches in laboratory and deploy them on site production.
 Hands of experience on AWS (Amazon Web Services).
 Expertise on complex Checkpoint, Cisco ASA & Palo Alto firewalls Environment.
 Has experience in working on cloud AWS cloud EC2, S3, RDS, Load Balancer, Auto Scaling with AWS command line
interface and AWS python SDK.
 Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and
Cisco ASA VPN experience.
 Systems integration projects included Routers, Switches, Load balancers, DNS Servers, Firewalls, Virtualized servers,
Multimedia, Remote Access, Wireless, Proxy servers, File Servers, Main Frames, multicast networks and much more
 Testing the wireless coverage, Throughput, data rates, interference using predictive surveys.
 Experience in physical cabling, IP addressing and subnetting with VLSM, configuring and supporting TCP/IP, DNS,
installing and configuring proxie
 Having Good knowledge in gathering requirements from stakeholders, Constructing RFP/RFQs, devising and
planning and strong technical understanding of vulnerabilities, and how attackers can exploit vulnerabilities to
compromise systems.
EDUCATION:
Bachelors in Electronics and Instrumentation Eng
TECHNICAL SKILLS:
Cisco Routers : 3900, 3800, 3700, 7206VXR, 7500, ASR 1K & 9K
Cisco Switches : 6500, 4510, 3750X, 3550, 3650, 3750G, 2960
Routing Protocols : EIGRP, OSPF, BGP, RIPv2
Switching Concepts : VLAN, STP, RSTP, VTP, Ether Channel, Port Fast, IP access Control lists, Uplink Fast
Network Security : NAT/PAT, VPN, Filtering, Cisco ASA Firewalls, Palo Alto Networks Firewalls, Check Point
Firewalls IPSEC and SSL VPNs, IPS/IDS, DMZ Setup, Cisco NAC, ACL, IOS Setup and Security Features
Network Topologies : Frame Relay, ISDN, Gigabit Ethernet, OSI and TCP/IP layered architecture
LAN : 10/100/1000 & 10 GBPS Ethernet
WAN : MPLS, Frame Relay, Dialup, VoIP, Cisco Routers and Switches, CSU/DSU
WLAN : IEEE 802.11, PHY and MAC layer functionality, WLAN controller/Aruba/Meru
Operating Systems : Windows and Linux Operating Systems
Sniffers : Solar winds, Wire shark, Nmap
Scripting : Python and Shell scripting
Tools : Tufin, Rank, Firemon, Fluke, MS Visio, Akips, Infoblox

PROFESSIONAL EXPERIENCE:

Five Below, Philidelphia, PA

Senior Network Security Engineer
June 2019 – Till now.
Responsiblities:
 Updated Fortinet firewall configurations, programmed switch ports and cameras, and maintained asset
information.
 Worked on Multi-vendor platform with Check Point, Fortinet and Cisco firewalls requesting net flow for security
compliance, coding, and pushing firewall rules after approval and troubleshoot incidents.
 Responsible for installation, troubleshooting of Checkpoint firewall and LAN/WAN protocols Implementing firewall
rules and configuring Palo Alto, fortinet Network Firewall.
 Working on Fortinet Firewall to create policy, HA and monitor malicious traffic
 24x7 on-call step-up support as a part of the safety operations team.
 Working closely with data center management to investigate the information center sites for cabling necessities of
assorted network instrumentation.
 Provided application level redundancy and accessibility by deploying F5 load balancers long-term memory.
 Hands-on expertise within the network management of circuits and Frame Relay
 Managing and providing support to numerous project groups with regards to the addition of recent
instrumentation like routers switches and firewalls to the DMZs.
 Implementing traffic engineering on Existing Multiprotocol Label shift (MPLS) network, Frame Relay and Open
Shortest Path initial (OSPF).
 Moving vendor VPNs from Cisco ASA, PIX devices to new Checkpoint r80 device.
 Worked on latest Checkpoint R80 version in a lab environment.
 Provided support for 2Tier and 3Tier firewall architecture, which includes various Checkpoint R80 Gaia, Cisco ASA
firewalls and Palo Alto firewalls.
 Worked on data center segmentation project to create segmentation between the user and server traffic by
deploying Palo Alto firewalls (5250s) in the datacenter including cabling to the Nexus 9K, 7K VDCs and HA.
 Worked on providing management connectivity, HA configuration, setting up RSA for MFA, license and updates
management, VSYS support, L3, aggregate Ethernet and sub interfaces configuration, configuration of BGP on both
Nexus and Palo Alto, moved SVI (server VLAN) interfaces from CheckPoint core to Palo Alto.
 Upgraded the existing Panorama to V8. Integrating the new firewalls to Panorama and responsible for working on
change tickets for existing 3250 Palo Firewalls in the environment.
 Implementing and Managing VPN Networks of the Customer through Checkpoint R77 firewalls.
 Responsible for troubleshooting network, VPN and firewall problems, specifically Checkpoint GAIA and Cisco ASA.
 Upgraded Cisco ASA 5510 firewalls using 6500/7600 catalyst modules for enhanced performance, security and
reliability. Security policy review and configuration in Palo Alto and Juniper SRX Firewall in Datacenter.
  Working experience on tools and devices like Source Fire, Fire eye, Aruba, Cisco ASA, Cisco ISE.
 Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
 Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access
Control (NAC) integration with Cisco ISE.
 Involved in deployment of Cisco ISE and Firepower as well as, created/modified necessary profiles that allowed
authorized devices on the network.
 Provided redundancy in a very multi homed Border Entree Protocol (BGP) network by tunings AS-path addition,
route-maps and prefix-lists.
 Deploy Load balancer (LTM) and Link controller with High availability for server and WAN link load balance
respectively.
 Developed, implemented, and supported BIG-IP Load Balance; extensive knowledge of F5 modules including LTM,
GTM, SSL Offloading, APM, ASM.
 Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
 Worked extensively with Infoblox, QIP, Cisco Prime Infostructure, Spectrum, Cmdb, Telnet, modem access,
Putty/Super Putty.
 Worked with Configuration Management Database (CMDB) a centralized repository that stores information about
the IP address, Vlan's info of the hardware devices.
 Work on a team to maintain our core MPLS network over the Alcatel/ Nokia 7750 SR/7450 ESS platform.
 Migrated SAP based applications from old Cisco ACE load balancers to new VMware NSX edges.
 Performed automation operations using VMware NSX and Python scripting.
 Internal and External DNS locking block Virus Infected Domains on DNS server.
 Integrated Palo Alto next-gen firewalls with overlay VMware NSX SDN networks.

New Ocean Health Solutions -Conshohocken, PA Feb 2016 – May 2019

Senior Network Security Engineer

Responsibilities:
 Perform security reviews of application designs, source code and deployments as required, covering all types of
applications (web application, web services, mobile applications, SaaS)
 Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and
SIEM
 Worked on Vulnerability assessment and penetration testing by using various tools like HP Web inspect and IBM
Appscan
 Migrated network from EIGRP to OSPF.
 Demonstrated experience with IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption
and integrity protocols.
 Management of proxies, firewalls and F5 load balancers.
 Configuring rules on F5 Load balancers.
 Migrated from Cisco ASA to Palo Alto.
 Responsible to evaluate, test, configure, propose and implement network, firewall and security solutions with Palo
Alto networks.
 Vulnerability assessment using Nessus and other monitoring tools like ESM for asset management.
 Manage all repeated threats to all systems and perform vulnerability tests.
 Assisted in managing Nessus Tenable Security Center across multiple platforms SMB exploitation using NMAP and
exploit from Metasploit Framework and implementing security policies within the client's infrastructure.
 Performed network & infrastructure vulnerability assessment using automated tools such as Qualys Guard and
Nmap.
 Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25
and prioritizing them based on the criticality.
 Security assessment of online applications to identify the vulnerabilities in different categories like Input and data
Validation, Authentication, Authorization, Auditing & logging.
 Vulnerability Assessment of various web applications used in the organization using Burp Suite, and HP Web
Inspect.
  Conducts regularly review of Global Security Incidents as well as reports and update the same to the internal
teams.
 Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst
Switches, and Cisco ASA Firewalls.
 Used the data from Cisco ISE to trace out security violations in events of ransomware attacks.
 Responsible in troubleshooting on Cisco ISE added new devices on network-based policies on ISE.
 Makes recommendations on existing projects to improve network security created change Requests, Method of
Procedures (MOPS) and assisted on-call migrations and changes.
 Performed Level 3-4 troubleshooting and analysis of disaster recovery issues, security implementations, firewall
configurations, vulnerability assessments, and intrusion detection and analyze, customer consultation.
 Work on Change Management for migration from Cisco ASA to Palo Alto.
 Used KIWI monitoring tool to troubleshoot network issues.
 Monitors network performance and implements performance tuning when necessary.
 Worked with IPSEC VPN and B2B VPN design connection and protocols, IPSEC tunnel.
 Upgraded with Nexus 9k, 7k and 5k switches to deal with the vulnerability issues.
 Manage firewall/security systems by establishing and enforcing policies.
 Work closely with colleagues to meet team goals and improve processes and practices.
 Performs network and security hardware and software maintenance.
 Create and maintain detailed network documentation and procedures.
 Performs maintenance and management of assigned security technologies and functions that include firewalls,
authentication devices, encryption, event log monitoring, reporting, incident response, security analysis and/or
 Researches, evaluates, designs and implements new/improved security software and/or devices that meet risk
management objectives.
 Upgraded Panorama version 7.0 to 8.0 on Palo Alto Firewalls.
 Performs security analysis of assigned systems and functions. Reports findings and makes recommendations for
remediation to management.
 Provides third level technical expertise in the identification and resolution of security related issues/events
 Develops, documents and implements new processes and procedures which improve the department’s ability to
provide World Standard client service
 In-depth knowledge in the area of deep packet troubleshooting with Wireshark and/or Riverbed ACE Analyst and
tcp-dump.

UPS - Louisville, KY May 2014 – Jan 2016

Network Security Engineer
Responsibilities:
 Perform security reviews of application designs, source code and deployments as required, covering all types of
applications (web application, web services, mobile applications, SaaS)
 Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and
SIEM
 Responsible for designing and implementation of customers network infrastructure
 Configuring, Monitoring and Troubleshooting Cisco’s ASA 5500 security appliance, Failover DMZ zoning and
configuring VLANs/routing/NATing with the firewalls as per the design.
 Integration of VMware NSX with VMware's suite of products (i.e. vRealize Automation, vRealize Operations)
 Worked on Extensively on Cisco Firewalls, SANS SIFT, Cisco (506E/515E/525/) & ASA 5500(5510/5540) Series
 Implement Cisco IOS Firewall IDS using 2600 series router
 Adept at configuring and troubleshooting of VPC on Nexus 7Ks, 5Ks and VSS on Cat 6509, 4500-X. Expertise in
Configuration of Virtual Local Area Networks (VLANS) using Nexus 7Ks, Cisco routers and multi-layer.
 Experience with setting up IPSEC VPN on Juniper SRX 3600 Firewalls towards the multiple Customer sites as backup
path to the datacenter.
 Palo Alto/ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or
that may have been altered during various planned network changes on the network.
 Participated in planning and implementation of Cisco systems and SD- WAN solutions in direct support of targeted
objectives.
 Designation and Implementation of Aruba Wireless solution including Aruba S3500 mobility switch, Aruba 105, 175,
225 Campus AP, Aruba 7210 & 7220 AP Controller
 Worked on Vulnerability assessment and penetration testing by using various tools like HP Web inspect and IBM
Appscan
 Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative
actions, investigate and report on noted irregularities.
 Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities
and develop remediation plans and Security Procedures.

Rent A Center, Texas June 2013 – April 2014

Security Engineer

Responsibilities:
 Worked on Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800
series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
 Performance monitoring of various applications and web servers to maintain quality of service and network stability.
 Maintained core switches, creating VLAN's and configuring VTP.
 Designed IP Addressing schemes, VLAN tables and Switchport assignments, Trunking and Ether-channel
implementation.
 Gained hands on experience with VLSM, STP, VTP, VLAN Trunking.
 Installed and set up Cisco routers and switches according to deployment plans.
 Applied access lists and NAT configurations based on implementation guidelines.
 Managed and developed network projects designed to strengthen network continuity and deploy security elements
in an attempt to meet and exceed contract requirements, including system analysis and troubleshooting.
 Change management, monitoring network performance with network tools.
 IP Distribution for existing devices and new devices as they were added.
 Preformed maintenance on equipment as necessary, performing device upgrades, modification of configurations,
password changes and diagnostic testing.

IBM- Scotts Miraclegro, Ohio Jan 2012 – May 13

Security Engineer

Responsibilities:
 Extensive Interaction with Onsite Coordinator in understanding the business issues, requirements, doing exhaustive
analysis and providing end-to-end solutions.
 Conducting Web Application Vulnerability Assessment & Threat Modeling, Gap Analysis, secure code review on the
applications w.r.t guidelines provided by Cisco.
 Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different
applications and blocking others.
 Managed and developed network projects designed to strengthen network continuity and deploy security elements
in an attempt to meet and exceed contract requirements, including system analysis and troubleshooting.
 Change management, monitoring network performance with network tools.
 IP Distribution for existing devices and new devices as they were added.
 Preformed maintenance on equipment as necessary, performing device upgrades, modification of configurations,
password changes and diagnostic testing.
 Worked with vendors and Engineering team to test new hardware and procedures.
 Prepared and maintained documentation using MS Visio.
 Configured STP for loop prevention and VTP for Inter-VLAN Routing.
 Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
 Worked on network-based IT systems such as racking, stacking, and cabling.