PROFESSIONAL SUMMARY:

• Over with 6+ years of professional experience in designing, implementing and troubleshooting network infrastructure and security with deep understanding of routing, switching and firewall technologies.
• In - depth knowledge in designing, implementing, configuring with best practices on NextGen IDS/IPS Firewalls such as Palo Alto, Cisco ASA, Checkpoint and Juniper (Net Screen 204).
• Hands on experience on NGFW Firewall management and UTM solutions (IPS/IDS, DLP, Gateway Antivirus, Antispam, Content Filtering, Application Control).
• Experience in migration from cisco ASA to Palo Alto.
• Experience with working on centralized management PANORAMA to maintain Palo Alto Firewalls.
• Worked on configuration of Palo Alto firewalls including Security policies , Application & URL filtering , Data filtering, Threat prevention and File blocking .
• Extensively worked on implementing User ID and Content-ID on Palo Alto firewalls.
• Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
• In depth knowledge and Hands-on experience with redirection and filtering phases of firewall and network operations including firewall rule change requests.
• Implemented Global Protect to delivers the protection of next-generation security platform to the mobile workforce to stop targeted evasive application traffic and phishing attacks.
• Experience with CISCO ASA Content Security and Control Security Services Module (CSC - SSM) and Advanced Inspection and Prevention Security Services Module ( AIP - SSM ).
• Responsible for Palo Alto, Check Point and Cisco ASA firewall administration across global locations.
• Experience on Access Control Server configuration using AD, RADIUS & TACACS+.
• Strong experience in configuring and implementation of creating Virtual Servers, nodes, pools and iRules on F5 Load Balancers (BIG-IP) in LTM module.
• Extensive experience in dealing with vendors for MPLS/DSL installations.
• Proficient understanding of cyber-attacks such as DDoS Attacks, Zero Day attacks, Intrusion Attacks, Data Leak Attack and Virus Attacks.
• Hands on experience on the security levels with KERBEROS for client authentications in various locations.
• Hands on experience with configuring Identity & Access Management ( IAM ) & Role-based access control ( RBAC) in enterprise environment.
• In depth knowledge in all BlueCoat Proxy Hardware to include building configuration, hardware migrations, operating system upgrades, and general hardware maintenance and support for Bluecoat Proxy Servers.
• Hands on experience in deploying GRE tunnels, IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
• Deep understanding of Public Key Infrastructure (PKI) encryption.
• Hands on experience with SIEM tools (QRADAR, Splunk and Solar Winds), Intrusion Detection and Prevention Systems (IDS/IPS) and log management.
• Used Tufin tool for daily operational needs such as optimizing security policies , troubleshooting connectivity, generating reports, preparing for audits and changing policies
• Expertise in customizing Splunk for Monitoring, Application Management, and Security as per customer requirements and industry best practice.
• Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
• Experience on implementing route manipulation using Offset-list, route metrics.
• Implemented redundancy protocols like HSRP, VRRP, and GLBP.
• Proficient in deploying and troubleshooting mission-critical environments using proactive suite of support services - Wireshark and SolarWinds N-able Technology & NPM.
• Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks.
• Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
• Implemented redundancy protocols like HSRP, VRRP, and GLBP.
• Implemented VSS along with VDC and VPC on Nexus 5K, 7K switches.
• Configuring and Troubleshooting DNS, DHCP issues over large-scale networks.
• Implementing Ether-channel modes dynamically with PAgP, LACP .
• Expertise in Configuration and troubleshooting of STP, RSTP, PVST, RPVST, BPDU Guard and BPDU filtering on Switches.
• Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
• Expertise in implementing IP Address management and subnetting concepts on various Network architectural designs.
• Knowledge on BOM and managed inventory for network hardware.
• Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, SolarWinds and TCP dump.
• Expert in managing and monitoring the network devices using Syslog, SNMP, and NTP.
• SME in OSI layer model/TCP/IP.
• Operating Systems: Linux, Windows Server 2008/2012, Windows 7/8, Microsoft Hyper-V.
• Design, install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.
• Hands on experience with updates and managing configuration parameters for data center and servers using Python scripting.
• Implemented Python Scripting for the automation of Network Commands.
• Configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000.
• Hands on experience in implementation of risk mitigation strategies against cyber-attacks.
• Well-organized in documenting tools like Microsoft VISIO, Microsoft Office.

TECHNICAL SKILLS:

Firewalls: Palo Alto (3060, 5060), Checkpoint (R77), Cisco ASA (5500 series), Juniper (Net Screen 204).

Network Security: ACL s, MPF, IPSEC VPN, Port Security, AAA and IDS/IPS.

OSPF, EIGRP, BGP, PBR, IS: IS, Route Filtering, Redistribution, Summarization.

Routers: Cisco 2900, 3800, 3900, 4500, 7200, 7600 series, Juniper MX104, MX240, MX480, M320, T640, SRX series

Load Balancer: Cisco ACE 4710, F5 Networks (Big-IP) & Brocade Load Balancers

Switching: VLAN, VTP, STP, PVST+, RPVST+, MSTP, ISL, 802.1q, Inter VLAN routing; Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging, VSS.

Switches: Cisco 3500, 4500, 6500 Catalyst series, Cisco 7000, 5000, 2000 Nexus series and Juniper EX2200, EX2300, EX3300, EX3400, EX4200 series.

WAN: Frame Relay, AVPN, MPLS, SSL.

LAN: Fast Ethernet, Gigabit Ethernet.

PANOS, IOS, JUNOS OS, NX: OS, HSRP, GLBP, VRRP, NAT, SNMP, SYSLOG, NTP, DHCP, VoIP, QoS, CDP and FTP.

Scripting: Perl, Python, Power shell scripting, PHP

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Tools: Wire Shark & NMAP

Reports Tool: Microsoft (Visio Pro.), Checkpoint (SmartView)

Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, Windows 7), Linux

PROFESSIONAL EXPERIENCE:

Confidential, Pittsburg, PA

Network Security Engineer

Responsibilities:

• As a part of SOC team responsible for managing, maintaining and monitoring of Checkpoint and Palo Alto Firewalls
• Creating firewall implementation plans, firewall rule, configurations, firewall code upgrades and migrations, and deployment of new firewall builds for Check Point (R65/R77.20), Palo Alto (3000/5000) and CISCO ASA (5500/X).
• Hands on Experience in configuring all Palo Alto Networks Firewall models as well as a centralized management system Panorama to manage large scale firewall deployments.
• Hands on experience with Palo Alto NGF (5060, 3060) with security and management features such as URL filtering, data filtering, Threat prevention and Log Management.
• Responsible for the GUI PANORAMA management for logging sessions, creating reports and managing different firewall devices.
• Implementing APP-ID which defines custom applications and comprehensive set of predefined applications to be applied on firewall policies.
• Worked on proactive threat analysis using AutoFocus which is built on Wildfire platform.
• Configuring Zones, Virtual routers and interfaces on Palo Alto Firewall.
• Working knowledge on proxy services, Site to Site VPN tunnels, and SSL certificates.
• Configured Palo Alto to Wildfire cloud to mitigate Zero-day attacks.
• Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
• Implemented security policies by creating groups (objects) and specific policies as per the user levels.
• Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN.
• Experience in deploying Check Point Provider-1 NGX and configured CMAs
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Implementation and maintained intrusion detection/ prevention (IDS/IPS) system to protect enterprise network and sensitive corporate data. For Fine-tuning of TCP and UDP enabled IDS/IPS signatures in Firewall.
• Used Python for capturing, decoding and analyzing network packets.
• Efficient in Implementing security authentication using AAA, TACACS+ & RADIUS.
• Configured IPSec site-to-site VPN s to ensure security between B2B partners and remote access VPN like ANYCONNECT .
• Proficient with Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Log check & Maintain Log Report by using Smart View & Smart tracker in checkpoint firewall.
• Worked with the Audit team by using AlgoSec tool to analyze firewall and automating the auditing and analysis of firewalls, routers, VPNs and other security devices.
• Work with various advanced blades on the checkpoint including IPS , ANTI-VIRUS , ANTI-BOT and Threat Emulation (Sand box environment) and tweak false positives.
• Complete renaming of all firewall objects and rules.
• Review and optimize firewall rules using Secure Track TuFin tool.
• Collected log data from network hardware devices and its behaviors in SIEM tools for having real-time analysis of security alerts.
• Recommended and configure Correlation rules and reports and dashboards i n QRadar Environment. Configure Network Hierarchy and Back up Retention configuration in QRadar SIEM.
• Used F5 Load balancers (BIG-IP) to increase capacity (concurrent users) and reliability of applications using LTM, GTM.
• Implemented WAN network technologies like MPLS and Frame Relay .
• Experience working with VMware ESX and KVM environment.
• Configure iBGP and eBGP peering between L3 routers and core routers.
• Configured EIGRP , RIP , OSPF , BGP and static routing .
• Configured OSPF redistribution and authentication with type 3 LSA filtering to prevent LSA flooding and Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
• Design and implement network services including multicast, QoS , redundancy , HSRP , VRRP , GLBP .
• Worked on LAN Technologies such as Inter-VLAN Routing , VTP , STP and RSTP and MSTP .
• Captured packets by configuring span port and analyzed using WIRESHARK and TCPDUMP.
• Preparing technical presentations, network diagrams using MS Visio.
• Developing operating policies, guidelines, and implementation of IT security tools.

Confidential, MO

Network Security Engineer

Responsibilities:

• Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
• Building, configuring, maintaining, troubleshooting the firewalls. Develop and implementing the company's security policies, and rules.
• Troubleshooting IPv4 and IPv6 dual stacking issues.
• Responsible for support of network security and network devices such as a router , and wireless access points.
• Researched, designed, and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection .
• Installing and Configuring Palo Alto Next-Generation Firewall PA-3060, PA-5060 series firewalls.
• Troubleshooted issues on Checkpoint R77.10 Gaia , R75, Cisco ASA 5540 and Palo Alto firewalls for the client environment.
• Configuration of Palo Alto Next-Generation Firewall mainly creating security profiles according to client requirements.
• Administer Palo Alto Firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Configuring rules and Maintaining Palo Alto with IPS module & Analysis of firewall logs.
• Experience on working with Palo Alto Next Generation firewall with security, networking, and management features such as Anti-virus protection, IPsec VPN, IPS, Log Management.
• Worked with SIEM tools such as IBM QRadar to get real-time analysis of security alerts generated by network hardware and applications.
• Maintain QRadar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors to Coach Environment for Log collection and monitoring.
• Tuned QRadar SIEM to present relevant information to Security Operations Center(SOC).
• Hands on experience in F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Configuring, managing and troubleshooting F5 Load Balancers (BIG-IP): Adding virtual IPs, nodes, pools, and health monitoring.
• For automating commands to multiple network devices used Python Scripting.
• Configuring, Monitoring and Troubleshooting Cisco ASA 5500 security appliance for IPSec VPN (Site-to-Site Tunnels), Failover DMZ zoning and configuring VLANs / routing / NATing with the firewalls as per the design.
• Worked on Cisco ASA 5540 Series that includes rule deployment, configuration using Network & Port objects. Deployment of DMZ and troubleshooting ASA Cluster failovers.
• Experience with migration of Cisco ASA rules over to the Palo Alto solution using migration tool from PAN.
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Experienced in working with BIG-IP Edge Portal and BIG-IP Edge Client.
• Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, SSH).
• Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs in the network.

Confidential, Cary, NC

Network and Security Engineer

Responsibilities:

• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
• Configured networks using routing protocols such as RIP , OSPF , BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
• Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding. Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
• Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
• Maintaining Core Switches, creating VLANs and configuring VTP.
• Designed IP addressing schemes, VLAN's, subnetting and Trunking to meet requirements. Preformed installation, cabling and cable testing. Gained hands on experience with VLSM , STP, VTP, VLAN Trunking
• Configuration and troubleshooting L3 switches with VLAN, STP , SPAN , ETHERCHANNEL , HSRP , VRRP and GLBP .
• Troubleshoot connectivity issues involving VLAN's, OSPF, QoS etc. Support, monitor and manage the IP network.
• Worked on Cisco IOS for configuration & troubleshooting of Exterior Gateway Routing Protocols such as BGP (IBGP and EBGP).
• Design and implement network services including multicast, QoS , redundancy , HSRP , VRRP , GLBP , and WAN optimization.
• Building network routes, establishing and assigning IP networks, configuring access control list/VLAN access control lists, configuring firewall rules, implement DNS configurations using BIND, setting up virtual servers and certificates for complete F5 Big-IP load balancer build, testing newly implemented project, and troubleshooting any issues.
• Implemented VSS along with VDC and VPC on Nexus 5K , 7K switches.
• Dealt with Static & Dynamic NAT (Network Address Translation), PAT (Port Address Translation) configurations and troubleshooting issues related to Access Control Lists and DNS/DHCP issues within the LAN network.
• Worked on the security levels with RADIUS, TACACS+.
• Configuring and adding, moving, removing of various IP phones like (7941, 7961, and 7971)
• Knowledge on VOIP protocols like H.323, RTP, SIP and good understanding about VOIP devices.
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems
• Performing network monitoring, providing analysis using various tools like Wireshark, Solar winds etc.
• Strong experience in Network security using ASA Firewall, Palo Alto, Cisco IDS/IPS and IPSEC / SSL VPN.
• Successfully installed Palo Alto PA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall.
• Palo Alto Networks PA 3060 firewalls configured in High availability mode which provided visibility on network traffic, applications, threats and vulnerabilities.
• Performing URL filtering and data filtering by adding URL's in Bluecoat ProxySG's.
• Experience with design and implementation of new Firewalls in Vendor Locations for Site-to-Site VPN Tunnels with multi-vendor products.
• Managing Cisco ASA Firewalls using Adaptive Security Device Manager (ASDM) tool to manage the Cisco ASA security appliances.
• Design, install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.

Confidential

Network Engineer

Responsibilities:

• Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) and Switches (6509E, 4507, 4500-X, 4900M, 3850, 3650, 2960) to perform functions at the Access, Distribution, and Core layers.
• Configuration of L2/L3 Switches and implementing OSPF and BGP on the routers.
• Experience with layer 3 routing and WAN related technology, including EIGRP, BGP, IWAN, PfR, VRFs, MPLS, DMVPN, WAAS, and QoS.
• Configuring and troubleshooting issues with the following types of Cisco routers (6500, 4500 and 3500 series) to include: bridging, switching, routing, Ethernet, NAT, and DNS, DHCP, as well as assisting with customer LAN /WAN, router/firewalls.
• Actively participated in upgrading fast Ethernet, Layer 3 Switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Provided configuration and management of FTP server and DHCP server.
• Perform inventory and data gathering by using SSH session to obtain the Router configuration information like interface address/subnet mask, OSPF Area, Model, Serial Number, IOS Version, Flash Memory, DRAM, Status of the interface and the next hop site of the WAN interface.
• Worked on Multi-Site Network support including MOE, WAN, LAN, Network, Cabling, Peripheral device.
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on Cisco 6500 Catalyst Switch.
• Planning and configuring the routing protocols such as Static Routing & Default Routing on the routers.
• Configuring, managing, and troubleshooting networks using routing protocols like EIGRP and OSPF (Single Area and Multi Area).
• Configured OSPF on CISCO devices with multiple routing processes and redistributed them.
• Performed redistribution with OSPF, EIGRP, RIP version 1 and 2 to enable communication with backbone.
• Configured OSPF for Stub area, Totally Stubby Area and NSSA.
• Executed BPDU Guard, port-fast, uplink fast and other spanning tree features on various layer 2 and layer 3 switches.
• Configuration and troubleshooting L3 switches with VLAN, STP, ETHERCHANNEL, HSRP, VRRP, and GLBP.
• Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists etc.
• Upgraded Cisco Routers, Switches IOS.
• Configured Access Control List (ACL), cleaned up and troubleshooted.

Confidential

Junior Network Engineer

Responsibilities:

• Involved in configuration and management of different Layer 2 switching tasks which includes address learning, efficient switching etc.
• Dealt with the escalation problems from Level1, Level 2 & Level 3 for routing, switching and WAN connectivity issues using ticketing system Remedy.
• Responsible for day to day management of Cisco Devices , Traffic management and monitoring .
• Set up and troubleshoot secured wireless access points for broadband Internet.
• Configured & maintained LAN, WAN, VPN, and WLAN on Cisco Routers.
• Configured network access servers and routers for AAA Security ( TACACS+ ).
• Managing and configuring of Wide Area Networking Protocols like HDLC, PPP .
• Configuring Routing Protocols like EIGRP, BGP, and OSPF.
• Implemented the concept of Route Redistribution between different routing protocols.
• Involved in HSRP , VRRP, GLBP configuration and troubleshooting and Port channel management of the network.