SUMMARY:

• Network Security Engineer with Over 7+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Implementation, Configuration and Support of Checkpoint (NGX R65, R70 and R71), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo Alto Networks Firewalls models (PA-2k, PA-3k, and PA-5 k)
• Experience in Proliferating the query performance with modification in T-SQL queries, removing unnecessary columns, eliminating redundant and inconsistent data, normalizing database, establishing necessary joins, creating useful clustered index and non-clustered indexes.
• Responsible for Checkpoint and Cisco Firewall administration across global networks worked on Cisco Catalyst Switches 6500/4500/3500 series.
• Policy development and planning / programming on IT Security, Network Support and Administration.
• Worked on cisco Nexus 5000 series switches for data center.
• Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN.
• Hands on in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
• Using Smart Update, user management and authentication in Check Point Firewall.
• Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices.
• Designed and implemented redundant Internet circuits with automatic BGP-failover of public subnets (class C addresses) between the two primary U.S. locations (disaster recovery).
• Designed and implemented disaster recovery configuration for the Globalscape Enterprise File Transfer system (Secure FTP with PGP encryption).
• Assisted with the installation and configuration of the new Sioux Falls Nexus switches - 7000, 5000, 2000, and 9000 series (ver 7.0.2). Configured the FEX connections, VDCs (virtual device contexts), VPC (virtual private circuits), etc.

TECHNICAL SKILLS:

LAN Technologies: VLAN, VTP, Inter-Vlan routing, STP, RSTP, PVST, 802.1x

WAN Technologies: Frame Relay, ISDN, PPP, ATM, MPLS, Leased lines

Network Security: NAT/PAT, VPN, Filtering, IDS/IPS, IPSec, ACL

Routing Protocols: RIP, IGRP, EIGRP, OSPF, BGP, IS-IS, HSRP

Routed Protocols: TCP/IP, IPX/SPX

Infrastructure Services: DHCP, DNS, SMTP, MIBs, Syslog, POP3, FTP, TFTP

Network Management: SNMP, SSH, Telnet, ICMP

IP Telephony: VOIP,FXO/FXS/E&M/T1/ISDN/PRI, Call manager Express

Operating Systems: Windows Vista/XP/NT/2003, MS DOS, UNIX, Linux

Comm. Protocols: Wi-Fi, WiMax, CDMA, 3G

Protocol Analyzers: OPNET, Wireshark.

Languages/ Tools: Python, Linux Red Hat

PROFESSIONAL EXPERIENCE:

NETWORK SECURITY ENGINEER

Confidential - Chicago, IL

Responsibilities:

• Expertise in configuring and troubleshooting of Palo Alto, NetScreen & SRX Firewalls and their implementation.
• Experience working on Palo Alto firewalls such as PA-3000, PA-5000 and PA-7000 series.
• Actively participated in a Data Center migration where I involved in migrating all the security appliances.
• Experience on working with external business partners for site-to-site VPN migration.
• Hands on experience on building VPN tunnels between Palo Alto and Fortigate, PfSense, Azure Virtual Gateway, Checkpoint.
• Worked on VPN migration from a router to Palo Alto PA-5260 firewall.
• Design and Implementation of VPN site-to-site tunnels on Palo Alto firewalls.
• Migrated firewall security policies from PA-3000 series to PA-5000 series using PAN Migration tool 3.0
• Wifi testing for the purpose of verifying security levels
• Worked on enabling zone protection on all interfaces on Internet gateway firewalls.
• Worked on configuring SSL decryption for outbound traffic flow and troubleshooting connectivity issues by validating the signed certificates.
• Worked on port forwarding NAT rules and security policies. Worked on APP-ID, Content ID, PBF (Policy Based Forwarding).
• Entered Wifi testing results and network information while maintaining data integrity.
• Configured User based policies to allow USER-ID authentication using LDAP servers.
• Managed ADOMs by using Forti Manager to manage multiple Fortigate firewalls.
• Configured destination and source NAT on Fortigate firewalls by creating virtual and Pool IPs. Worked on DHCP relay implementation with IP-helper address.
• Migrated security policies from a PA firewall to Fortigate firewall using FortiConverter and worked on enabling the interfaces in production.
• Configured high availability on Palo alto and Fortigate firewalls.
• Hands on experience working on Blue Coat Proxy devices to enable web-filtering for external business partners using Virtual policy manager.
• Monitor, analyze, troubleshoot Aruba APs, wireless controllers and s3500 switches using the Airwave management systems
• Experience with Security- Firewalls, NAT / PAT, IPSEC, S2S.
• Troubleshoot and customize office 365 applications including Word, Excel, One Note, Skype.
• Installed and monitored extreme networks S-series, 7100 stackable switches and E4G-400, 1800 router to support VMware machines in NCFAST.
• Involved setting up the TFTP server for backing up the IOS images and configuration files of Cisco Routers and Switches and troubleshooting the file servers.
• Upgrades, installs, configuration and administration security and monitoring tools on Linux.
• Experience with Security- Firewalls, NAT / PAT, IPSEC, S2S.
• Experience with ALG (RTP, RTSP and FTP, DNS, HTTP), DHCP.
• Responsible for network evaluations, troubleshooting a variety of network problems, and implementing various software and hardware upgrades efficient performance.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.

FIREWALL ENGINEER

Confidential - Texas

Responsibilities:

• Installation, configuration and troubleshooting of Checkpoint (5000, 4400, 1400 series with GAIA OS) and ASA Firewalls.
• Hands-on experience Installing & configuring firewalls - Checkpoint NG & NGX, Cisco ASA (5500), Cisco Pix, ISA, and IP tables.
• Responsible for maintaining multi-vendor network environment including Cisco ASA, Juniper JUNOS, Fortinet firewalls, Palo Alto PA-200 and configuring different policies to provide connectivity.
• Experience working on F5 Load Balancing devices, specifically LTMs and GTM's. Experience in conducting upgrades, fail over, configuring pools and virtual servers and also managing certificates on the F5 devices.
• Migrated and implemented new solutions with Cisco ASA Firewall (5500) series.
• Provide technical expertise and support of network devices and security peripherals including Cisco routers and switches.
• Experience with Bluecoat Proxy servers, LAN & WAN management.
• Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
• Extensively worked on Data Center switching technology including Nexus 7K, 9K and 5K and Catalyst switches.
• Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
• Experience in configuring site-to-site VPN tunnels and MPLS between various site offices.
• Worked with the architects and application teams across the globe to ensure that the requirements are met according to the network architecture for the successful migration of the applications.
• Created and implemented firewall policy to allow/block services on specific TCP/UDP ports in production firewall.
• Majorly involved in Office Move, Network Upgradation, Network Standardization projects.
• Provided best solution to user's ServiceNow incidents by maintaining the security standards of the organization
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include Configured Firewall logging, DMZs & related security policies & monitoring Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
• Other responsibilities included documentation and change control
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall
• Used various scanning and sniffing tools like Wire-shark
• Documenting and Log analyzing the Cisco PIX series firewall
• Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues
• Performing maintenance activities in Cisco switches, routers and checkpoint firewall.
• Using TCP Dumps and Wireshark captures for determining the flow of traffic across the Intranet to Internet and vice versa.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• DNS administration like adding/modifying/deleting IP and DNS assignments using log messages on Infoblox.
• Worked on PCI compliance, Smart Optimize and removed all the unwanted rules and unused objects.
• Experience with ALG (RTP, RTSP and FTP, DNS, HTTP), DHCP Worked with ITIL (Information and technology information library) for managing our services.
• Working with ITS networking teams to install an Avaya VoIP phone system and test phone system connectivity and functionality.
• Knowledge of with API's for troubleshooting Network issues using Wireshark and NTOP.
• Configured static NAT, dynamic NAT, dynamic NAT overloading.
• Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server.
• Configured and perform trouble shooting on Dell Power Connect Switch 5548 used to connect VM Servers and Flex Systems.
• CSU/DSU loop testing in examining WAN link issues by implementing hardware and software loops.
• Extensive Packet level debugging and troubleshooting on Palo Alto Firewalls to resolve numerous network issues.
• Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
• Configure and maintain security policies on Fortinet firewall and managing Fortinet Analyzer.
• Hands-on experience in configuration of firewalls - Palo Alto, Cisco, Fortinet, and Firefly.
• Expertise in configuring and troubleshooting of Palo Alto, Fortinet, SRX Firewalls and their implementation.

NETWORK ENGINEER

Confidential

Responsibilities:

• Designed MPLS VPN and QoS for the architecture using Cisco multi-layer switches
• Implemented and configured Cisco IOS, IOS-XR, CAT-OS and Nexus hardware and software: 1000v to 7000 series.
• Configure, IPS and QOS by SDM and provide security by Prefix list, Access- List and By Distribution List.
• Designed and configured the commands for QoS and Access Lists for Nexus 7K, 2K and 5K.
• Figure and manage printers, copiers, and another miscellaneous network equipment.
• Handled the tasks of documenting network problems and resolutions for future reference.
• Utilized VMware ESX configured and installed it properly to implement Cisco, Microsoft Server 2008, Linux, MySQL builds, designs, throughout the entire Network Infrastructure.
• Managing enterprise BGP setup by configuring and troubleshooting BGP related issues. My responsibility was also to add new BGP peers for remote branch offices and business partners.
• Create and troubleshoot VDC, allocate resources, interfaces, NTP
• Maintenance and Troubleshooting of LAN connectivity problems using Ping, Trace route.
• Experience on a mesh 6500 and 5500 series switches to support the core trading system.
• Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
• Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
• Vulnerability Management using Security Information & Event Management
• Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
• Monitoring network platforms include IBM Tivoli Netcool management systems, Siebel CRM, WebTop, utilizing HP Service Manager 9 logging tools.
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Network design and administration experience.
• Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access
• Responsibilities included configuration and installation of software and hardware.
• Performed routine network maintenance checks as well as Responsible for gathering and compiling data for special projects as well as prepare weekly status reports.
• Figure and manage printers, copiers, and another miscellaneous network equipment.