- 6+ years of professional experience in Deploying, Configuring, Optimizing, and Troubleshooting of complex network infrastructure which includes expertise at enterprise wide Routing, Switching, Network Security and Wireless domains.
- Experience in Designing, configuring and troubleshooting, security policies , Modular Policy Framework, Routing instances, Zone Based firewalls and implementing different failover mechanisms on Palo Alto (PA 5020), ASA 55XX & Checkpoint R77 firewalls .
- Expertise configuring and monitoring Checkpoint firewalls through Smart Dashboard and Smart View Tracker Applications.
- Migration of the firewall rules from Cisco ASA 55XX to Palo Alto firewalls using migration tool from PAN.
- Implementing security policies using AAA, ACL’s, NAT, Policy NAT, PBF/PBR, Route - maps, Distribution lists and IPsec VPN’s on different series of routers and firewalls.
- Strong knowledge on mitigation of DDoS attack’s & SSL implementation on Cisco and Palo Alto firewalls.
- Expert level knowledge in firewall rule audit and optimization using Algosec.
- Extensive knowledge on Kill Chain management.
- Maintained and operated Bluecoat Proxy Manager and Reporter.
- Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN) .
- Extensively worked on different flow feeds like Cisco Netflow and Jflow .
- Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600 series routers and Juniper routers M320 and SRX series routers.
- Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, iBGP, EBGP and ability to interpret and resolve complex route table problems.
- Solid knowledge on Cisco ACE, Brocade and F5 Big-IP Load balancing (LTM & GTM) method implementation and troubleshooting.
- Expertise in installing, configuring and troubleshooting Cisco 6500, Nexus 7K, 5K and 2K series switches .
- Migration of Cisco 6500 to Nexus switches in complex data center environment.
- Configuring and Troubleshooting HSRP, VRRP, GLBP, HA protocols.
- Expert level knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, Port Channel, VPC, STP, RSTP and Fabric Path .
- Worked on network monitoring tools such as NMAP, Solar Winds, Wireshark (Ethereal) and Splunk.
- Experience in installing and configuring DNS, DHCP and Forward proxy servers.
- Administer and diagnose LAN and WAN with in-depth knowledge of TCP/IP protocol stack.
- Expert level knowledge in OSI model, in depth knowledge and hands on experience on IPV4 Addressing, VLSM, ARP, reverse ARP, proxy ARP and ICMP Concepts.
- Extensive knowledge in manipulating network devices using PANOS, Cisco IOS, NX-OS, HP switches.
- Proficient in wireless AP deployments Implemented & Network Access Control (NAC) using Aruba Clearpass for BYOD compliance.
Firewalls: Palo Alto Networks-2k,3k,5K series, Cisco ASA 55XX, Checkpoint R77, R76.
Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K.
Switches: Nexus 2K/5K/7K, Cisco Catalyst 6500, 4500, 3850,3560, 3750, 2960.
Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN.
Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing.
Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging.
LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP.
Network Management and Packet Analyzers: SolarWinds, Wireshark and TCPDUMP.
Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS and Linux.
Automation skills: Python, Git, Ansible
Network Security Engineer
Confidential, New York City, NY
- Responsible for segmentation of existing Data center infrastructure with multiple zones by deploying Palo Alto-5250 series firewalls.
- Assisted in creating custom application signatures for home grow application by leveraging the App-ID feature of Palo Alto Firewalls.
- Implemented Zone Based Policies and authentication profiles on the Palo Alto Network Firewalls.
- Centralized management multiple PAN firewalls using PANORAMA M-100 for log collection, report generation and management.
- Enforced User-ID feature while creating policies based on users and groups rather than individual IP addresses.
- Integrating the Palo Alto firewalls with Wildfire cloud inspection engine to protect against zero-day, APT and Malware threats.
- Worked on configuring Security profiles such as Threat prevention, Anti-Virus, Anti-Spyware File Blocking etc.
- Created Custom URL Categories and leveraged External Dynamic list (EDL) to protect end users from accessing malicious websites.
- Troubleshoot issues related to PAN firewall configurations and tune the firewall policies to prevent attacks.
- Conversation of service-based policies to application-based security policies on PAN Firewalls for better security enforcement and visibility.
- Implemented client based GlobalProtect VPN in Palo Alto Network Firewall with auto connect to location based optimized gateways.
- Worked on firewall rule optimization and unused rule cleanup.
- Performing firewall upgradation for enterprise & branch sites working with many departments in a coordinated effort.
- Configure rules, Authentication realms, URL whitelisting on the Bluecoat proxy SG .
- Performed SSL Decryption on Palo Alto Firewalls in accordance to compliance requirements.
- Performed firewall policy optimization using Algosec tool.
- Monitoring security events and real time threat analysis using SIEM tools like Splunk.
- Assisted in migration and security enforcement of services from on-premise to AWS cloud infrastructure.
- Worked on F5 VIPRION 4800 series BIG IP devices, configured VIP’s with HTTP/SSL profiles, pools for high availability and Health checks.
- Experience installing and configuring Aruba Networks access points AP224/225 (dual band 802.11n and 802.11ac), AP134/135 (dual band 2.4Ghz 802.11n and 5Ghz 802.11n).
- Worked on Aruba ClearPass (CPPM) for BYOD policies using ClearPass Onboard feature for endpoint.
- Troubleshoot, conduct scans and assess Network issues, then patch vulnerabilities and mitigate DDoS attacks and other.
- Provided redundancy configuring BGP multi-homing using dual ISP links.
- Worked on ASA 5585 firewalls configuration and Implementation for the network security.
- Providing management and support of Core, Distribution & Access layers devices.
Network Security Engineer
Confidential, New York City, New York
- Configured Firewall-security context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on CISCO firewalls.
- Implemented site-to-site VPNs on Cisco ASA firewalls.
- Migrated from Cisco ASA firewall to Palo Alto firewall using Palo Alto migration tool.
- Hands on experience in Palo Alto Firewall Configuration, logging, reporting and User-ID redistribution using Panorama.
- Managed licenses, software (PAN-OS) and content updates (Application, wildfire, and Antivirus) using Panorama M-100.
- Configured HA in Active-Passive and Active-Active mode on Palo Alto Network Firewall.
- Configured SSL-Forward Proxy and SSL-Inbound inspection on Palo Alto Firewalls.
- Configured Palo Alto to connect with the Wildfire inspection engine cloud to prevent Zero-day and Malware Attacks.
- Worked on configuring Security profiles such as Threat prevention, Anti-Virus, Anti-Spyware, File Blocking etc.
- Assisted in implementing Palo Alto Global Protect VPN replacing their legacy VPN infrastructure.
- Worked on DNS Sinkhole in Anti-Spyware profile of Palo Alto Firewall to identify infected hosts on the protected network and forge a response for DNS query.
- Configured IPSEC tunnels using Generic Routing Encapsulation between multiple branch offices.
- Migrated policies and firewall settings from Cisco ASA firewall to Palo Alto firewalls using Palo Alto Migration tool.
- Configured route-based VPN to connect Palo Alto firewalls located at two branch offices.
- Configured and implemented F5 BIG-IP LTM load balancers to maintain global and local traffic.
- Configured various advanced features like iRules, SSL Offloading, Persistence, SNATs, and Digital Certificates on F5 BIG-IP LTM.
- Created and managed pools and clusters in F5 BIG-IP GTM load balancers across multiple data centers.
- Deployed F5 gateways for SSL, remote access load balancing, and the creation of templates.
- Implemented round-robin load balancing techniques on F5 along with F5 BIG IP configurations and troubleshooting.
- Installed and maintained Aruba switches, Aruba Wireless AP’s and Aruba Virtual Controllers.
- Installed Cisco Wireless Lan Controllers (WLC) with active/standby state controlling more than 100 access points.
- Migration of Cisco ISR 1841, 2800, 3800 First generation to Cisco ISR 2951, 3900, 4000 second gen series for branch offices.
- Management of Cisco catalyst 6500, 3500, Nexus 7009, FEX 2000 series switches at the Data center.
- Profound working experience with Nexus-OS and VPC in data centers.
- Configured and implemented enhanced VPC and fabric path between Nexus 5500 series switches for reliable data center operations.
- Involved in configuration and management of different Layer 2 switching tasks, which includes address learning, efficient switching etc.
- Implemented Authentication Authorization and Accounting (AAA) protocol TACACS+.
- Working experience in analyzing risk, designing, provisioning and auditing network changes using TUFIN.
- Worked with a team of Network Engineers to manage and improve existing infrastructure to reflect constant technological changes and threats.
- Provided Level 3 support to Level 2 escalations to resolve issues.
- Worked on the migration to new Checkpoint R77 Firewalls from Juniper Firewalls .
- Creating a rule on the checkpoint firewall for a NAT (used ACLs to block unauthorized users) to the VLAN IP and allowing the IPsec traffic.
- Implement Cisco Works to manage Cisco routers, switches, firewall, Access Points and VPN concentrators.
- Configured Juniper M320 routers and T640 routers.
- Plan and implement Juniper Net screen 204 firewalls.
- Configured and maintained juniper SRX 210,220,240,650 routers.
- Installing and configuring Checkpoint NG R55 & NGX R60
- Worked with feeds and flow feeds using Jflow.
- Monitoring and maintaining LAN/WAN networks using Snort and sniffer trace.
- Design and Implement Remote access VPN server using Checkpoint NGX R55 & Cisco ASA 55xx.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- Big IP F5 Load Balance experience: setting up, monitoring and configuring F5 load balancer (using LTM & GTM).
- Configuring EIGRP, OSPF and BGP on routers.
- Time to time upgrade network connectivity between branch office and regional office with multiple link paths and routers running HSRP, EIGRP in unequal cost load balancing to build resilient network.
- Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPsec to get VPN.
- Used DHCP to automatically assign reusable IP addresses to DHCP clients.
- Implement ACLs and authenticate (EIGRP, BGP) to ensure high security on the network.
- Used Protocol analysis tools to assess and pinpoint networking issues causing service disruption
- Used Junos to configure, manipulate and monitoring all Juniper network devices.
- Used Checkpoint SmartView to monitor checkpoint firewall status and maintenance.
- Designed, configured and maintained security infrastructure of local area network (LAN) and Wide area network (WAN).
- Configured/Troubleshoot issues with Cisco routers, switches, NAT, and DHCP, as well as assisting with customer LAN /WAN.
- Deployed Cisco Nexus switches at one of the Datacenters to improve Operational efficiency and reduce risk downtime.
- Diagnosed and Monitored network using SolarWinds network monitoring tools.
- Worked with the engineering team in resolving the tickets and troubleshooting layer2 and layer 3 problems.
- Monitoring Network Management and responding to events, alarms, and tickets.
- Responsible for implementing, engineering & level 2 support of existing network technologies / services & integration of new network technologies/services.
- As Member of the Business Continuity team conducting regular Mock Disaster recovery / Business continuity plans
- Designing Network layouts, subnets and IP addressing schemes and models.
- Installed and Configured Cisco Router, Switches and Voice Gateways as per design Build
- Configuration of VLAN setup on Cisco switches 4500, Cisco routers 3900 and 3800.
- Worked on LAN technologies like Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, 802.1Q and troubleshooting Wi-Fi Networks.
- Troubleshooting critical network links by coordinating with the vendor and various LAN/WAN technologies issues for internal and external clients.
- In-depth knowledge of TCP/IP, PPP, ISDN and performing multiple debugs on the routers to analyze the problems with the VOIP configurations.
- Experience with wireless technology 802.11x and knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN’s, VTP, Ether channel, and STP .
- Configuring Static routing, Dynamic Routing, Port Trunking, Port Lagging on Cisco Routers.
- Knowledge of IPV4 subnetting and troubleshooting of DNS and DHCP IP conflict problems.
- Maintaining and updating inventory of all network hardware of devices with SNMP and expertise in L3 Routing Protocols like OSPF, EIGRP and BGP .
- Proficiently implemented filters using Standard and Extended access-lists, Distribute- Lists and route manipulation using Offset-list.
- Used SolarWinds tool for Network Management, Network Monitoring, Server Monitoring, Bandwidth Analysis.
- Worked on Cisco IOS, NXOS to configure network devices.
- Configuring rules and Maintaining Cisco ASA 55XX Firewalls & Analysis of firewall logs.