Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Deshbir Sandhu

Senior Network Security Engineer
Omaha ,NE

Summary

Accomplished networking professional with over 17 years of experience in designing and implementing robust network infrastructures. Expertise in evaluating and integrating cutting-edge network technologies, complemented by hands-on proficiency with industry-leading products from Cisco, Nortel, F5, and others. Successful in designing data centers and wireless networks, including comprehensive site surveys, installations, and post-installation support, while ensuring optimal security through advanced configurations and vulnerability assessments. Skilled in managing complex WAN infrastructures and ensuring PCI compliance, with a strong focus on operational excellence and engineering support for critical network security systems.

Overview

21
21
years of professional experience
11
11
Certifications
3
3
Languages

Work History

Network and Security Engineer

PayPal INC
07.2015 - Current
  • Managing LAN/WAN and Security networks of PayPal INC which consists of more than 350 Palo Alto firewalls scattered in more than 100 office locations throughout the globe.
  • Responsible for installing, configuring, and managing various Palo alto firewalls to implement security for Internet, extranet business partners, and vendors.
  • Designed and configured Intrusion Prevention signatures, URL filtering, and DDOS protection.
  • Transition traditional policies and signatures to next-generation application-aware policies and signatures.
  • Expert-level knowledge of configuring and troubleshooting IPsec VPN and SSL VPN tunnels for connectivity between site-site and remote location users by using IKE and PKI.
  • Experience in configuring and managing AAA architecture including RADIUS and TACACS+ servers through Active Directory.
  • Intermediate knowledge of Python.
  • Deployed UID agents and configured UID in the environment.
  • Strong knowledge of leveraging advanced firewall features like APP-ID, User-ID, Global Protect, Wildfire, NAT policies, and Security Profiles.
  • Profound working knowledge of administration and management of Palo Alto firewalls using centralized Panorama M-100 and M-500 devices.
  • Migrated service-based rules to App-id-based rules.
  • Experience in Migrating policies from Cisco ASA and Juniper firewalls to Palo Alto next GEN firewalls.
  • Maintain High Availability and Clustered Firewall environments.
  • Hands-on experience with Juniper Firewall, Cisco ASA, and Firepower.
  • Experience in creating multiple policies and pushing them on Palo Alto firewalls and hands-on experience in managing the Pre-shared, Local and Post shared policies through Panorama.
  • Configuring BGP/OSPF routing policies and designs and working on implementation strategies for the expansion of the MPLS VPN networks.
  • With the vendor technician’s assistance, advanced toward full resolution of the issues and documentation of the process.
  • Migrated on primes firewalls to Azure and AWS cloud.
  • Migrated Cisco ASA, Juniper and Checkpoint firewalls to Palo alto firewall platform.
  • Experienced in Prisma Access (SASE)and Cortex Xsoar.
  • Using “Algosec” in an organization for baseline Compliance, policy optimization, regulatory compliance, and risk assessment.
  • Job Profile:

Senior Network /Security Consultant

NyDailyNews
01.2015 - 06.2015
  • Responsible for a Migration project from Juniper Firewalls to Palo Alto Firewalls.
  • Responsible for Vulnerability analysis using the Nessus tool and coordinating with other teams for patch management.
  • Configure Steelhead 1050 for the Head office and SH 250 for various branch offices.
  • Perform network troubleshooting to isolate and diagnose common network problems.
  • Perform Installation and configuration of NEXUS 5k and 2k for IBM blade Servers.
  • Upgrade network hardware and software components as required.
  • Solve complex problems with many variables.
  • Implementing a Global project in Palo Alto for SSL VPN with the HIP profile.
  • Job Profile:

Senior Network/Security Consultant

Toys R Rus
11.2013 - 12.2014
  • Responsible for designing and implementing the customer’s network infrastructure.
  • Responsible for configuring site-to-site VPN with different vendors using ASA firewall.
  • Responsible for Vulnerability analysis using the Nessus tool and coordinating with other teams for patch management.
  • Provide pre- and post-audit support for both internal and external audits
  • Analyze business requirements to develop technical network solutions and their framework.
  • Design, test, and inspect data communications systems.
  • Perform network modeling, analysis, and planning.
  • Install hardware such as Switches, routers, and wireless adaptors.
  • Develop technology roadmaps.
  • Develop test plans, implementation plans, and project timelines for various projects.
  • Stay abreast of how technology infrastructures are currently impacting and driving competitors.
  • Determine production direction.
  • Write functional requirements/ specifications documents.
  • Assess vendor development/test strategies.
  • Perform network troubleshooting to isolate and diagnose common network problems.
  • Upgrade network hardware and software components as required.
  • Solve complex problems with many variables.
  • Job Profile:

Sr. Networks Consultant

AEGION Corporation Inc.
12.2011 - 10.2013
  • Worked as a Sr. Networks Consultant at AEGION Corporation Head Quarter and provided onsite support across the globe and participated in various projects involving the Design, Implementation, configuration, and troubleshooting of Medium to Large Scale Networks Aegion Corp.
  • Responsible for designing and implementing customer network infrastructure.
  • Done migration project. Replaced point-to-point network to MPLS using OSPF and BGP with country link carrier.
  • Implemented Wireless network across the locations using centralized solutions using WCS 5500 and 4400
  • Help negotiate hardware, software, and circuit contracts for customers.
  • Configure and implement Remote Access Solutions: VPN, MPLS, Fractional T1, and Multilink
  • Configured Solar Winds NFS for Monitoring and alert management.
  • Implement Cisco IOS-based IDS.
  • Network Assessment and Documentation (including technical, operational, and economic assessment)
  • Configure Cisco ASA 5510 for site-to-site VPN.
  • Implement Cisco Secure Access Control Server (ACS 3.0) for Tacacs+ / Radius.
  • Configure ASA to ASA, and Router to Router VPN.
  • Redistribution of routing protocols OSPF into BGP.
  • Network Migration from RIP and static to OSPF and BGP.
  • Build and maintain Visio documentation for Clients.
  • Troubleshoot Windows 2008 Servers and streamline the user policy.
  • Managing User accounts using Active Directory.
  • Provide pre-and post-audit support for both internal/external audits
  • Implementing best practices in developing and deploying security procedures to remediate virus outbreaks, and network-based attacks and fix vulnerabilities through the implementation of device-hardening techniques.
  • Worked in HCL Technologies Ltd from July 2006 to Nov 2103 as a Sr. manager and worked with the following clients on behalf of HCL.

Sr. Network Consultant

BMC RAAS (Remedy)
01.2011 - 11.2011
  • Designed and Implemented data center for BMC RAAS at SunGard Colo Location at Scottsdale Arizona from scratch. The data center consists of Nexus 5k, 2K, and 1000v series switches.
  • Supported the Network from Offshore (INDIA)
  • Implemented F5 Load balancer.

Team Leader

Readers Digest
01.2008 - 12.2010
  • Done the knowledge transfer of the Network from on-site to off-site.
  • Supported Network Stream 24x7 from Offshore with the help of 6 Engineers as Track lead.
  • Migrated Data Center from White Plains, NY to AT&T Colo location in Secaucus NJ.
  • Involved in the Commissioning of New offices around the Globe with the help of Local resources.
  • The Network Consists of High-end switches (6500 Series) and Routers using BGP and EIGRP.
  • Connectivity among the offices was provided by either MPLS or VPN.

Team Leader

Scan Disk INC
02.2007 - 12.2008
  • Done the knowledge transfer of the Network from on-site to off-site.
  • Supported Network Stream 24x7 from Offshore with the help of 8 Engineers as Track lead.
  • The network consists of High-End switches and Routers using BGP and OSPF.

Consultant Network

Teradyne, Inc
07.2006 - 01.2007
  • Fully Involved in Datacenter Migration of Teradyne from Boston to co-location at SunGard, Marlboro Visited Customer site in Boston and worked in the US for eight months with the lead role of Designing, Implementing, and co-located the entire Datacenter from Boston to SunGard Colo at Marlboro, which includes Routers, Switches, Wireless products, PIX, IDS Sensors and 600 + servers in each time frame.
  • Supported the network of 1500+ users on-site as well as off-site.

Manager, IT (Network and Security)

Bharti Airtel Ltd
04.2006 - 07.2006
  • Company Overview: Bharti Airtel Limited, a part of Bharti Enterprises, is India's leading provider of telecommunications services. The businesses at Bharti Airtel have been structured into two main strategic business groups - the Mobility Leaders business group and the Infotel Leaders business group. The Mobility business group provides GSM mobile services across India in twenty-three telecom circles, while the Infotel business group provides broadband & telephone services, long-distance services, and enterprise services. All these services are provided under the Airtel brand.

Assistant Manager (Looking after Network and Systems)

TATA SONS LTD
03.2005 - 04.2006
  • Company Overview: E2E is a 100 % inbound call center for the TATA group. The company was a customer contact center with multi-channel customer service capability.
  • My profile here is to configure, Monitor, and troubleshoot critical Call-Center Infrastructure including.
  • Gateways Routers (Cisco 3700 series), Distribution Routers (1760), Cisco Pix 525 in Failover Mode, Cisco IDS. Core switches (4707 Series) and Layer 2 switches 2850.
  • Maintaining Windows 2003 server on which critical applications run like Domain controller. Active Directory. Exchange 2003 with 400 mailboxes configured in the front end and backup end, ISA 2004 for the distribution of the Internet to local users and controlling internet access.
  • IWSS and IMSS for Filtering of internet and mail. SUS and SMS servers for distribution of Patches, updates, and inventory management.
  • Monitoring of Network using Cisco Works and VMS.
  • Making Backup Policies and monitoring the backup using VERITAS software version 10.
  • Highly responsible for designing and implementing a Network that consists of inter-Vlan routing using layer 3 switches.
  • Responsible for implementing VoIP solutions between three centers replacing TDM-based EPBX.
  • Position Holding:

Education

Bachelor of Engineering - ELECTRONICS & TELECOMMUNICATION

Bangalore University

Skills

Networking: TCP/IP, Routing Protocols (RIP, OSPF, BGP, EIGRP), PPP, PPTP, L2TP, NAT, IPsec, LAN, WAN, WLAN, VPN, Frame Relay, Ethernet, Ether Channel, RIP, EIGRP, OSPF, BGP, ACL, NAT, STP, VTP, VLAN, HSRP, GLBP, VoIP, multicast protocols, ISIS, LDP, IPSEC, L2TP, QoS, wireless LAN Network administration

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET Technologies: MPLS, VPN, NAT, Multicast, Routing, ATM, Frame relay, SNMP, Broadcast

SNMP Tools: Solar winds, HP Open View, MRTG, Logic-Monitor

Firewalls: ASA 5500, Palo Alto 5000,3000,2000, Juniper SRX 1400, SG1000 and SA-4500

Cisco Tools: Cisco works, Cisco view Cisco ADSM, Cisco Umbrella, Cisco CSM

Juniper Tools: NSM, J-web

Palo Alto tool: Panorama, Prisma access, Palo Alto migration tool, Cortex Xsoar, Cortex data l

Riverbed: SH 1050L and SH 250

Operating System: Linux / UNIX /Digital UNIX, Windows NT / 2000

Hardware: Cisco 7200, 3800,3600,2600,2800,2100 series Switches 6500, 4500,3700,3500,2900 series switch WIC cards, smart serial, ATM cards, CSU/DSU, T1, DS3 (IMA), OCA, fractional T1, ISDN, V35, Cisco Access points and bridges, Cisco Secure ACS, NEXUS 5k and 2k Cisco Wireless Controller 5500 Juniper 4400 and 4600 Series switches Aruba Central and Switches

Certification

CCNP (Cisco certified network professional)

Timeline

Network and Security Engineer

PayPal INC
07.2015 - Current

Senior Network /Security Consultant

NyDailyNews
01.2015 - 06.2015

Senior Network/Security Consultant

Toys R Rus
11.2013 - 12.2014

Sr. Networks Consultant

AEGION Corporation Inc.
12.2011 - 10.2013

Sr. Network Consultant

BMC RAAS (Remedy)
01.2011 - 11.2011

Team Leader

Readers Digest
01.2008 - 12.2010

Team Leader

Scan Disk INC
02.2007 - 12.2008

Consultant Network

Teradyne, Inc
07.2006 - 01.2007

Manager, IT (Network and Security)

Bharti Airtel Ltd
04.2006 - 07.2006

Assistant Manager (Looking after Network and Systems)

TATA SONS LTD
03.2005 - 04.2006

Bachelor of Engineering - ELECTRONICS & TELECOMMUNICATION

Bangalore University
Deshbir SandhuSenior Network Security Engineer