SUMMARY:

• Around 7+ years of Extensive experience in Networking and Security, including hands - on experience in providing network support, installation and analysis for a broad range of LAN/WAN/MAN communication systems in IT, Finance and Retail domain.
• Experience with network security design implementation Assessment, evaluation, design, and implementation of solutions related to following security areas: Large corporate firewall extranets, mail, Internet, internal enclave, PCI and Industrial control systems.
• Deep understanding on Palo Alto & Cisco firewalls with administrative experience across various network security platform utilizing security tools.
• Security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Experienced Checkpoint Firewall, Security and Network Administrator routing and switching.
• Worked on in handling and installing Palo Alto Firewalls.
• Strong knowledge base in the design and deployment of Blue Coat Proxy and Checkpoint firewalls.
• Extensive understanding of the Application Security Module technology
• Experience working with multi-vendor load balancers like F5 and Citrix Netscaler.
• Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Experience in configuring, implementing and troubleshooting F5 load balancer in the enterprise network.
• Worked on F5 Local Traffic managers (LTM), Global traffic manager (GTM) of series 8900, 6400, 6800, 3400, 5100 and 3600.
• Working on configuration of F5 devices such as LTMs, GTMs, EMs, Firepass .
• Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches and Cisco 2600, 2800, 3600 series routers, Load Balancers & Cisco Firewalls.
• Working Experience with Active Directory Components (AD Users and Computers, DNS, DHCP and WINS etc.).
• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Extensive Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols on Palo Alto firewall as well as cisco ASA and checkpoint.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
• Knowledge of virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.
• Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM
• Experience with Blue Coat URL filtering with whitelisting and blacklisting URL, creating rules for content filtering.
• Worked on SIEM tools like solar winds, Symantec end to end point security for malware detection and threat analysis
• Configure and troubleshoot Remote access and site to site-in Checkpoint & Palo alto firewall
• Excellent working knowledge of TCP/IP protocol suite and OSI layers.
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM, Summarization and ARP, reverse & proxy ARP and Ping Concepts
• Proficient on IPS, IDS, Tripwire tools for solving the issues and 24x7 monitoring.
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Expertise in creating groups and pruning traffic flow using VLAN, VTP, ISL, 802.1Q.
• Good knowledge and experience in Installation, Configuration and Administration of Windows Servers, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under various LAN and WAN environments.
• Experienced in design, configuration and deployment of F5 Solutions with extensive experience working with Confidential
• Efficient at use of Microsoft VISIO/Office for technical documentation and presentation tools.
• An efficient and adoptable person who follows an organized and well planned approach for troubleshooting engineering issues.

TECHNICAL SKILLS:

Operating Systems: Windows (XP- 8.1), Windows Server (2008, 2012), Linux/Unix familiarity (CLI skills)

Firewalls: Palo Alto - 7k, 5k,3k & 2k, Check Point R65, R75.20, R75.45 (Gaia), R76, R77, Cisco PIX 515E, Cisco PIX 535 Firewall, Cisco ASA, Cisco FWSM, Cisco ASA, Juniper, Checkpoint provider 1, Checkpoint Firewall 1, SPLAT

Routers/Switches: Cisco 1600, 1700, 1800, 2500, 2600, 3600, 4000, 6000, 7206

Protocols: OSI, TCP/IP, DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, OSPF, BGP, SSH, TFTP, FTP, SMTP, NTP, LDAP, Active Directory, L2F, L2TP, PPP, Blue Coat, Frame Relay, ATM, Fast/Gig Ethernet, HSRP, ISDN, AAA, DES, 3DES, AES, and MD5, VPN (IPsec and SSL), VRRP, HSRP, DNS, SNMP

Security Tools: Wireshark, Symantec, Splunk SIEM, Palo Alto IDP, Azure Cloud security, NMAP, Wireshark, Splunk, SourceFire, Fire Eye, Cisco SourceFire Defense Center, Voyence.

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Network Security Engineer

Responsibilities:

• Palo Alto design and installation (Application and URL filtering, Threat prevention, Data Filtering).
• Policy development and planning on IT security support and administration.
• Responsible for Palo Alto and Cisco administration across global network.
• Firewall migrations from Cisco to Palo Alto and monitoring and documenting changes.
• Worked on all Confidential Firewall models (PA-2k, PA-3k, PA-5k & PA-7k series) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Manage and monitor Active Directory services and group policies.
• Complete understanding of basic and advance F5 load balancer configurations, including migrating configurations from Cisco CSS to F5 load balancer and general troubleshooting of the F5 load balancers.
• As a part of Security and network operations team I was actively involved in LAN/WAN level 3 support. Diagnosing and troubleshooting level 2 & 3 problems.
• Managing F-5 LTM, GTM, Confidential, Confidential Administration, creating virtual servers, mapping pools, iRules and Profiles. SSL traffic offloading, also managed PCI Security Audit with F5 Confidential
• Experienced working with Business partners across the globe managing and administrating firewalls with proper compliances and training to support various networks and tools.
• As a part of remediation team monitored threat and vulnerability alerts, providing remediation’s for issues and ensuring that 100 percent compliance is maintained, incident-handling and maintenance of various security products and its infrastructure.
• Worked on security levels with RADIUS and TACACS+.
• Monitored network utilizing various tools such as Splunk and Qradar for optimum traffic distribution and load balancing using F5 and Solar winds.
• Performed pre audit check for the Palo Alto firewalls with proper documentations and firewall compliances.
• Support the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
• Convert physical machines to virtual machines (P2V) and virtual machines to virtual machines (V2V) with VMware converter
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
• Provide Tier II Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Troubleshooting firewall access related issues between servers in the DMZ and behind firewall for 3rd party connectivity as well as routing and switching in the network.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Configure and troubleshoot Remote access and site to site-in Checkpoint & Palo Alto firewall.
• Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel.
• Configure IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices using IKE pre-shared keys, 3DES and MD5.
• Worked on SIEM tools like solar winds and kiwi tools for ip address update as well as creating nodes, editing and configuring the new catalyst switches.
• Experience with F5 load balancers.
• Implemented enterprise wide network infrastructure and ecommerce support solutions including, network intrusion detection, encryption and monitoring.
• Performed business migration planning including location change, platform introduction and integration.
• Manage and configure Juniper SSG, Palo Alto, and Barracuda series firewalls/Web Filter and Blue Coat Enterprise Proxy appliances.

Confidential, Chicago, IL

Network Security Engineer

Responsibilities:

• Translate User requests into firewall change requests and update firewall policy using smart dashboard and verify the connectivity with users.
• Auditing of checkpoint firewall, preparation of network diagram using Visio.
• Provide security engineering for VSX implementation in checkpoint environment
• Installation, Configuration and Troubleshooting of Checkpoint, Juniper and Cisco ASA firewalls
• Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations
• Created a matrix for each application and listed the type of environment it is with best usage of Confidential .
• Configuration and providing management support for Cisco ASA and Checkpoint Firewalls (R75, R76, R77)
• Creating and managing the users, groups, GPO in the Active Directory.
• Added servers to Active Directory and LDAP server.
• Working with Checkpoint firewalls version R76 & R77.20.
• Administration and configuration of Check Point (R75.40) firewall polices, day-to-day network security support for external clients.
• Configuring & managing Network & Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers
• Perform routine firewall rule changes on Cisco ASA and Checkpoint firewalls. Troubleshoot already closed request
• Managing F-5 LTM, GTM, Confidential, Confidential Administration, creating virtual servers, mapping pools, iRules and Profiles. SSL traffic offloading, also managed PCI Security Audit with F5 Confidential
• Updating and Upgrading the ESX and ESXi servers using VMware update manager.
• Implementing & troubleshoot Checkpoint firewalls and management console.
• Set up VPN policy and routes on Checkpoint Firewall and Cisco Firewalls. Constructed tunnel between Expedia and Orbitz network.
• Creating a priority list of what type of attacks to focus on vs. what can be accomplished and identifying timeline on how to accomplish all the functionality Confidential can provide.
• Experience with convert Cisco ASA VPN rules over to the Palo Alto solution. Migration with both Cisco ASA and Palo Alto VPN experience
• Administering multiple Firewall, in a managed distributed environment and knowledge on SIEM tools like Qradar.
• Deployed specialized multicast feeds to Confidential
• Black listing and White listing of web URL on Blue Coat Proxy server
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• VLAN and Port channel configurations on Cisco 4500 and 6500 series switches.
• Installation and administration of Cisco 2800, 3800, 7200 series Routers.
• Using advanced troubleshooting features such as TCPDUMP, FW Monitor, Packet Capture sniffing and export them using CLI and Wireshark as well as debug on the appliances for network connectivity issues.
• Coordinate with network operations center for change notifications, alerts & escalation of security incidents.
• Network documentation using Microsoft Visio 2007.

Confidential, Richmond, VA

Network Security Engineer

Responsibilities:

• Configuration and troubleshooting L3 switches with VLAN, STP, SPAN, ETHERCHANNEL, HSRP, VRRP and GLBP
• Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using WireShark protocol analyzer and recommended solution for better performance
• Upgrading checkpoint security gateways in cluster with minimal downtime.
• Working with Cisco ISE / FWSM
• Planning, design, implementing and troubleshooting on Checkpoint and Cisco ASA Firewall.
• Managing F-5 LTM, GTM, Confidential, Confidential Administration, creating virtual servers, mapping pools, iRules and Profiles. SSL traffic offloading, also managed PCI Security Audit with F5 Confidential .
• Configuring HA on checkpoint security gateways using cluster XL and VRRP.
• Worked on security tools and software such as CISCO WSA, Qualys, Splunk, Solar winds, Source fire, SIEM
• Palo Alto design and installation which includes Application and URL filtering Threat Prevention and Data Filtering.
• Blue Coat Web Proxies - ProxySG, Proxy AV, Content Analysis System, PacketShaper, Threat Detection ProxyCAS, Director, Reporter
• Worked with the customer and Confidential engineering to improve maintenance procedures and techniques in order to optimize equipment performance.
• Monitor devices in Netcool and Event Manager
• Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration.
• Adding and removing checkpoint firewall policies based on the requirements of various project requirements.
• Implemented Positive Enforcement Model with the help of Confidential .
• Administer Checkpoint firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Dashboard and identify unused rules and schedule change to mark it for permanent deletion at later point of time.
• Configuration and implementation of Check Point Firewalls, IDS/IPS, Bluecoat Proxy, CISCO ASA.
• Checkpoint Firewall Log review and analysis and troubleshoot connectivity issues.
• Working with Cisco Catalyst/Nexus/UCS/MDS, and F5’s including Confidential ’s
• Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign certificates. Also, renewing certificates to ensure the security of websites.
• Maintained high availability of resources with F5 BIG-IP load balancer based on different load balancing.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Configuration and troubleshooting of Firewalls ASA 5520, ASA 5510, Nokia Check Point VPN1 NGX R55/R65/R70.
• Managed and maintained various web content filtering solutions including Web Sense and Blue Coat.
• Provided proactive threat defense with ASA that stops attacks before they spread through the network.
• Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Migrated Cisco ASA firewall to next generation Palo Alto firewalls
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP IPv4/IPv6 and configured IP access filter policies.
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
• Troubleshoot on security related issues on Cisco ASA/PIX, Checkpoint and IDS/IPS.

Confidential, FL

Network Engineer

Responsibilities:

• Monitoring and implementing preventive user security policies using IPCOP.
• Worked with team in designing of Network architecture for B2C environment.
• Ensure the continuous availability of all data network services and uptime of e-commerce production sites.
• Day to day monitoring and configuration of Blue Coat internet caching and monitoring
• Adding security policies and security rules on checkpoint, Palo Alto and ASA firewall.
• Worked on SIEM tool for IPS/IDS and for detecting the malwares and threat analysis.
• Creating private VLANs & preventing VLAN hopping attacks and mitigating spoofing with snooping & IP source guard.
• Complex troubleshooting to include network protocol and log analysis, raw data captures, and the correlation of disparate events spanning multiple devices and platforms.
• Experience in different VPN platforms, IPSec, SSL & Web VPN. Mobile VPNs solutions from Cisco and Checkpoint.
• Converted Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Maintained, upgraded, configured, installed Cisco ASA 5510, 5520, & 5505 Firewalls from the CLI & ASDM.
• Managed network IP access via Dynamic Host Configuration Protocol (DHCP).
• Managed network security processes using ASA firewalls.
• Configured Easy VPN server and SSL VPN to facilitate various employees' access internal servers and resources with access restrictions.
• Palo Alto design and installation which includes Application and URL filtering Threat Prevention and Data Filtering.
• Upgrade Cisco Routers and Switches IOS using TFTP.
• Worked on SIEM for detecting malwares and threat analysis on web based url filtering.
• Configured and worked on VRFs on the CE to support MPLS L3 VPNs. The work also involved fixing MPLS based circuits to effectively resolve communication issues.
• Building configurations for Cisco 6500(sup 720), 4500(sup 6) & 3750 catalyst switches with features like port security, VLANS, VTP, PVST+.
• Provided technical assistance for LAN/WAN management & troubleshooting and complex customer issues.
• Worked on SIEM tools like Symantec end to end point for threat analysis and malware detection.
• Prepared technical documentation of configurations, processes, procedures, systems and locations of Network Topology Changes/Visio Drawings.

Confidential

Network Engineer

Responsibilities:

• Provided estimated bandwidth requirements for data replication, to best determine adequate timing for migration service levels.
• Configuration of various Cisco Routers & L2/L3 Switches and implementing OSPF and BGP on the routers.
• Monitored network for optimum distribution and load.
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF.
• Installed and configured protocols like TCP/IP and Internet protocols on WAN network.
• Configuring, managing and troubleshooting networks using routing protocols like RIP, EIGRP and OSPF (Single Area and Multi Area).
• Assisted with troubleshooting all network issues with routers and switches when necessary and consulted with on Call tech as needed for client.
• Analyze and interpret existing LAN/WAN infrastructures: provide information, advice or instructions and assist in problem resolution.
• Monitor Routers and Internet Connectivity.
• Implement network monitoring tool for monitoring servers, routers other network resources.
• Adding and deleting users and granting user level.
• Resolving Network Problem related to connectivity and assessing resources.
• Responsible for ensuring each reported problem is resolved in timely manner.
• Patching all Windows servers and workstations with Company standards.