OBJECTIVE:

Seeking a position in the field of Information Security, to utilize and advance in technical knowledge, training, and work experiences that includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.

PROFESSIONAL SUMMARY:

• 10 years+ working knowledge in the information security field.
• Firewall technologies including general configuration, Creating objects, rules & policies on Checkpoint’s VPN - 1 FW-1 Confidential R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40 Confidential Domain Manager, Check Point/Nokia & GAIA Firewall VPN-1 FW-1 Confidential R77.10, R77.20 Confidential Domain Manager command line & GUI.
• Experienced with Palo Alto Networks firewalls/IDS which includes Installation/Initial Configurations.
• Experience with The Confidential DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
• Experienced with Routing, layer 2 & layer 3 Switching and Protocols.
• Understanding of IP Security, VPNs, Encryption and Authentication.
• Knowledge of firewall rule creation & pushing policy in enterprise environment, IP traffic flow, analyzing & capturing of live traffic using Tcpdump, Snoop, Wire shark & FW monitor.
• Experienced with troubleshooting access issues across multiple firewalled isolated network compartments during application migrations.
• Windows Server 2008 R2, Windows 7, 8.1 & 10. Linux Red Hat, SuSE & BSD, Oracle Solaris 10 & 11.2, MAC Book Pro OS X Yosomite, AS/400.
• Knowledge of VMWARE vSphere Client & vCenter Server v5.5 and Wintel.
• Strong knowledge of the TCP/IP protocol stack, DNS, DHCP, FTP, TFTP & SNMP
• Strong knowledge of Network Access Control Server, RSA SecurID two-factor authentication, digital certificates & logging.
• Excellent documentation, communication and interpersonal skills.
• Excellent analytical and problem solving skills.

TECHNICAL SKILLS:

Check Point/Nokia & GAIA VPN: 1 FW-1 Confidential R77.10, R77.20 Provider-1/Site Manager-1 R77.10 Confidential Domain Manager command line & GUI, Understanding F5 Big IP series load balancers, Understanding of McAfee IPS

Software: Terminal emulator application which can act as a client for the Confidential, Telnet, rlogin, and raw TCP computing protocols and as a serial console client PuTTY, SecureCRT, Packet analyzer, also known as a network analyzer, protocol analyzer, or packet sniffer Tcpdump, Sniffer, Wire shark, FW monitor (Checkpoint).

Vulnerability Assessment Tools: Nessus, ISS Internet Scanner (Application-level vulnerability assessment), ArcSight & Sourcefire AMP (Advanced Malware Protection).

Two factor Authentication: Smartcards, RSA SecurID, Safe Net 3300.

Network Performance Monitor: Solarwinds, Netcool.

AlgoSec Security Management Suite: provides IT security and operations teams with visibility and control of network environments through the intelligent automation of firewall policy management.

Checkpoint Provider1/ Confidential: 1 infrastructure for management, Palo Alto Firewall. Microsoft Visio 2010, DNA (Domain Name Automation), Virtual Change for global Change Management, Net info (Device management, Circuit Management, Component Linking, Collection Reports, Document Management & IP Allocation). VI editor, NPMS-Network Project Management System.

PROFESSIONAL EXPERIENCE:

Confidential, Irving, TX

Cyber Security Engineer

Responsibilities:

• Duties include supporting security infrastructure, which includes firewall, proxy and remote access systems. Investigation, documentation and resolution of outages to critical business systems that may be caused by firewall, proxy, or remote access systems.
• Escalation of issues to, and tracking of progress in conjunction with Clients engineering teams, vendors, or other technical resource teams.
• Worked incidents tickets of the level 2 team which include scheduling multiple changes, software upgrades and configuration activities to resolve.
• Creating, validating & Installing of Firewall policies of Checkpoint Secure Platform Pro & Gaia, Juniper SRX, Juniper Netscreen firewalls, Bluecoat Proxy, Palo Alto Networks firewalls (Panorama Central Management) & Cisco ASA with AnyConnect client.
• Performed Confidential Upgrade from version 5.0->6.0->6.1.0->6.10 following Citi standard MOP
• Performed -Initial Configuration, Web GUI Setup, HA Interface Configuration, Confidential Access to Panorama

Confidential

Nix Firewall Engineer

Responsibilities:

• Join Kaiser’s Digital Technologies and Operations (DTO) team, which is focused on standardization, automation and continuous improvement for more nimble deployments to the next generation of kp.org on heavily virtualized Linux environments.
• Duties include but not limited to increase compliance for Payment Card Industry (PCI) Data Security Standard (DSS) by segmenting the Network and enforcing IP filter host firewalls.
• Configuring & Implementing of IP filter on Host-based Firewall under Red hat Enterprise Linux & Oracle Enterprise Linux (OEL7) for another layer of security to maintain Confidential DSS. The Confidential DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data.
• Responsible for assessment of firewall configuration, designing /creating/modifying firewall rules/policies, implementing/documenting and testing.

Confidential

Firewall Engineer/Security Architect

Responsibilities:

• Joined as a Firewall Engineer/Security Architect, duties includes analyzing information security systems And applications and recommendation and developing security measures to protect information against Unauthorized modification or loss.
• Vendors Network connectivity investigation, Creating Firewall Rule Change Requests mostly in Cisco ASA and Checkpoint firewalls.
• Upgraded a few Confidential and merge into different contexts.
• Responsible for assessment of firewall current configuration files for performance/optimization/vulnerabilities.
• Responsible for Vendors Network connectivity investigation, Creating Firewall Rule Change Requests mostly in Cisco ASA and Checkpoint firewalls.
• Responsible for Designing, testing, and inspecting data communications systems.

Confidential, Dallas TX

Firewall Engineer

Responsibilities:

• Joined as a Firewall Engineer in their ENT Security Architecture Team.
• Duties include Firewall Planning, Staging & Troubleshooting.
• Vendors Network connectivity investigation, Processing Firewall Rule Change Requests.
• Used IT Service Management tool for changes & approval process.
• Followed standard Change Implementation procedures per ITSM to meet customer’s SLA
• Exposure of large complex Checkpoint, Cisco ASA & Palo Alto firewalls Environment.
• Exposure of large ESXi host using vCenter Server.
• Creating objects, rules & policies on Checkpoint R77.10 Confidential Dashboard & P1 R77.10 & Palo Alto Networks firewalls with Panorama, Central Management which allows firewall administrators to push (deploy) policies/rules, software or update packaged from a central location.
• Responsible for assessment of firewall configuration, designing /creating/modifying firewall rules/policies, implementing/documenting and testing as per vendors requirements following standard procedures.

Confidential, Plano, TX

Firewall Engineer

Responsibilities:

• Joined as a Firewall Engineer in their AMS IT Confidential Team.
• Duties include Firewall Design, Planning & Deployments.
• Vendors Network connectivity investigation, validation & Support in a Managed Service Environment.
• Exposure of large complex Checkpoint, Cisco ASA & Juniper firewalls in a Managed Service Environment.
• Creating objects, rules & policies on Checkpoint/ Confidential D1, D2, and D3 Appliances.
• Exposure of Tipping Point device for real-time network protection, visibility and centralized management and analytics.
• Responsible for assessment of current firewall configuration, designing /creating/modifying firewall rules/policies, implementing/documenting and testing as per vendors requirements following standard procedures.

Confidential, Irving, TX

Technology Consultant

Responsibilities:

• Worked closely with Global External Security Integration Team, responsible for the configuration, deployment, and integration of perimeter devices such as firewalls and remote access infrastructure into Citi globally supported platforms.
• Job requirements include competence in the supported technologies to include knowledge and experience in the OSI model, networking and TCP/IP, competence in Linux/UNIX commands and a strong background with troubleshooting utilizing the CLI across various firewall platforms i.e.
• Checkpoint, Cisco ASA Firewalls, Catalyst 6509 Switch/Routers, Palo Alto & Juniper SRXs.
• SSL VPN's using Juniper SA6500's.
• Routed/Routing Protocols: BGP, OSPF, and MPLS
• Sourcefire AMP for Endpoint (Advanced Malware Protection).
• Responsible for the configuration, deployment, and integration of perimeter devices such as firewalls and remote access infrastructure into Citi globally supported platforms.

Confidential, Plano TX

Technology Consultant

Responsibilities:

• Duties include replacement of Crossbeam C-Series Firewalls to Checkpoint/ Confidential D2 Appliance & Decommissions.
• Responsible for delivering of assigned tasks within the delivery cycle of a project. Understand a broad spectrum of Confidential technology in order to deliver part of a detailed technical design, which meets customer requirements i.e. installing new systems applications; updating applications, firmware, and drivers; creating boundaries for as well as performing configuration and testing activities; applications programming for assigned modules within a larger program; assisting in the preparation of technical presentations and demonstrations; and participating in customer meetings.

Confidential, Houston, TX

Network & Data Security Consultant

Responsibilities:

• Provided professional services on deploying Checkpoint endpoint security device UTM-1 Confidential R65 & R70 Software blade on Plant Control Network to provide user authentication, segment the admin network and various control networks.
• Duties includes Administration/maintenance/upgrades HFA’s, Configuring & troubleshooting of DMZ, Extranet & Intranet, Creating objects, rules & policies on Checkpoint’s SecurPlatform / Securplatform Pro.
• Network Performance Monitoring using Solar Winds Orion, Confidential Tipping point and Checkpoint’s UTM- R70 Software Blade for IDS/IPS and Security Management.

Confidential, Grapevine, TX

Network / Firewall Administrator

Responsibilities:

• Firewall support of VOL & VMN, troubleshooting of firewall issues related to the function of the group. Review, analyze, and implement firewall rules, policy pushes via an established MOP/Script during maintenance windows to maintain the integrity of Confidential ’s network. Perform Checkpoint firewall rule cleanup as required and participate in troubleshooting calls.
• Central Office firewall consolidation-followed MOP to perform Confidential conversion of a Netscreen 208 managed firewall in the central offices to layer II for the Confidential firewall consolidation effort which requires knowledge of the NetscreenOS command line & GUI
• Central Office to centralized firewall conversions of AI Intel platform & Motorola running on Checkpoint’s Confidential R60/NG FP3 to layer II & layer III mode following MOP which requires advanced knowledge of Checkpoint firewall NG FP3, R60, R61, R65 & R71 Provider-1/Site Manager-1 command line & GUI
• New Network Element Turn-ups, Creating central & NAT policy in Juniper ERX/E320 & Checkpoint Environment, pushing policies to the appropriate firewalls in distributed environment, Sending change notifications to appropriate groups, coordinating with Network Operation team & NNMC doing pre/post conversion connectivity test to make sure Network is live, Monitoring & Troubleshooting firewall issues if outages occurs due to the firewall conversions in layer II/layer III mode. Tracking Centralized Firewall Conversions in Excel Spread Sheet.

Confidential, Plano, TX

Technical support Analyst

Responsibilities:

• Assisted Field techs with installation of Confidential, High Speed Internet, and IPTV & VOICE over IP Phone, VRAD and Cross Box issues.
• Provided advanced technical support on operation or maintenance of personal computers and/or peripherals using documented procedures and available tools.
• Solid understanding of home networks. Order management, responsible for overseeing, tracking and monitoring customer complex order issue if needed, escalating to appropriate team.

Confidential, Dallas, TX

Network Consultant

Responsibilities:

• Setting up networking equipment, i.e. Routers, switches, firewalls (Cisco Pix Firewall Version 8.0), Configuring, Monitoring & Troubleshooting Cisco Pix Firewall using Confidential (Cisco Adaptive Security Device Manager), installing O/S, upgrading patches in TCP/IP Classful/CIDR LAN/WAN environment.
• Troubleshooting network connectivity issues & setting up client to site IPSec point to point VPN with Cisco VPN client. Setting up workstations, Network printers and IP phones. Managing Web Server & Exchange Server on Windows Server 2003 Active Directory environment.

Client: IBM GLOBAL SERVICES

Network Specialist

• Provided network services and complex troubleshooting in a large Shared Network with Checkpoint/Nokia Firewall, Cisco switches, including 29xx series, 60xx and 45xx series Cisco routers, Cisco Pix and IOS Firewall environment.
• Troubleshooting of firewall issues i.e. review, analyze, and implement firewall rules per IBM global change management process. Review and analyze firewall logs and syslogs, Cisco AAA. Services with TACACS. Used Cisco Security Manager ( Confidential ) to setup VPN, Used Cisco Firewall Service Module (FWSM), which is an integrated firewall and switching module based on the Cisco PIX to monitor and performance management.
• Cross geo tickets, implement logical changes, implement physical changes, update business as usual support documents as per change as required. 24x7 on call support.

Client: CADBURY SCHWEPPES

Network Security Analyst

• Administering Firewalls i.e. Cisco/Checkpoint, Evaluate firewall access control requests to ensure they conform to Company's security standards and policies, application security reviews using vulnerability assessment tool i.e. ISS Internet Security Systems (IBM’s) for application level vulnerability assessment & Solar Winds for performance monitoring.
• Audit firewall logs on a regular basis and investigate any suspicious activities. Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
• Used Cisco IronPort email security appliances for email encryption.
• Troubleshoot; coordinate with Application Systems and Network Operations Engineers, and Help Desk, to resolve problems. Thoroughly document all work. Maintained security awareness by preparing periodic reports Pertaining to security issues and the status of them with the Confidential DSS, a multifaceted security standard that includes requirements for security management, policies, procedures, and network architecture.
• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint’s Confidential Center Server running on SecurPlatform (Linux BSD) with NG AI R55 & Confidential R60-61 environment.
• New firewall design, installation, routing configuration & implementation. Manage and support Remote Access VPN setup for users and field locations with Nortel VPN Contivity Switch, RSA SecurID two-factor authentication and Juniper SSL VPN.