SUMMARY:

• IT professional with 7+ years of experience in Network design, Network Security, routing, switching, troubleshooting and implementation of Enterprise systems.
• Expert level knowledge in installing, configuring, and troubleshooting of Palo Alto (PA - 3060 and PA-5250), Cisco ASA (5505/ 5510) and Checkpoint (4400, 4600) Firewalls.
• Skilled in creating Security Policy, App-ID, URL filter and Threat Prevention in Palo Alto.
• Strong experience on centralized management system (Panorama) to manage large-scale firewall deployments.
• Migration of the firewall from Cisco ASA to Palo Alto firewalls using migration tool from PAN.
• Expert in installation and maintenance of VPN gateways, IDS/IPS, and proxy servers.
• Extensive knowledge of WildFire and FireEye inspection.
• Acquired manual skill in mitigation of DDoS attacks on Cisco and Palo Alto firewalls.
• Operating experience in configuring and managing Authentication servers RADIUS & TACAS+ and their integration with Firewalls.
• Hands on experience in Implementing Security Solutions in Juniper SRX and NetScreen SSG firewalls by using NSM.
• Relevant work history with different failover mechanisms on firewalls.
• Configured Standard and Extended Access Control Lists (ACLs) on Firewalls.
• Expertise configuring and monitoring Checkpoint firewalls through Smart Dashboard and Smart View Tracker Applications.
• Strong knowledge on blocking malicious sites as required by the information security system using Bluecoat Proxies.
• Record of work in implementing MPLS, IPSEC and GRE tunnel.
• Knowledge on configuring and maintaining SSL VPN's on Palo Alto and Cisco ASA Firewalls.
• Hands on experience on maintaining F5 Big-IP (LTMs and GTMs), Cisco ACE 4710 & Brocade load balancers.
• Worked on configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP and Static on Cisco (7200, 3800), Juniper (MX240, MX480) series routers.
• Skilled on Cisco catalyst switches (6500, 4500) series, Nexus (2k, 5k & 7k) series and Juniper (EX2300/ EX3400).
• Worked on configuration of VDC, vPC and Fabric Extender on Nexus Switches.
• Strong experience on configuring redundancy protocols like HSRP, VRRP & GLBP.
• Extensive knowledge on configuring STP, PVST, RSTP, MSTP, VLAN, Inter-VLAN routing, Trunking (802.1q & ISL), Port channels (LACP & PAgP).
• Experienced with working on network monitoring tools like SOLARWINDS, QRadar, Splunk and Sniffing tools like Wireshark and Tcpdump.
• Hands on experience on implementation of Cisco ISE with TrustSec for network endpoints.
• Knowledge on setup and install Tufin cluster in virtual environment.
• Strong Proficiency in SMB, POP, IGMP, SMTP and TCP/IP protocols and Implementation of name resolution using WINS & DNS in TCP/IP environment.
• Knowledge on WLAN 802.11 a/b/g/n/ac, creating SSID and WLAN Security like WEP, WPA and WPA2.
• Worked on CISCO Prime and Wireless controller to Manage all WAPs in campuses
• Working knowledge on IP addresses management tool like Infoblox IPAM and SolarWinds IPAM.
• Hands on experience in migration of Cisco ACS to Cisco ISE 2.2
• Upgrade Cisco 6500-E, 3560, and 2960 switches to IOS software that is on the ISE compatibility matrix. In-depth knowledge on IPV4 and hands-on experience on IP Addressing, Sub netting, VLSM, Summarization and ARP, reverse & proxy ARP and Ping Concepts.
• Hands on experience on vector graphics application like Microsoft Visio for documentation.
• Expert level knowledge in PAN-OS, Cisco IOS, JUN-OS platform and worked with IOS upgrade on devices.
• Responsible for implementation of LAN and WAN connectivity and services.
• Expert level knowledge on OSI and TCP/IP models.
• Knowledge in Linux OS, python and Shell scripting.

TECHNICAL SKILLS:

Firewall: Palo Alto (PA-3060/ 5250), Check Point, Cisco ASA (ASA5505/ ASA5510) and Juniper (SRX3400/ SRX5400).

VPN: IPSec, SSL, GRE and DMVPN

Load Balancers: Cisco CSM, F5 Big-IP (LTM, GTM) Routing Static, OSPF, EIGRP and BGP on Cisco series, Juniper

Switching: STP, RSTP, VLANs, VTP, Trunking (802.1q, ISL), HSRP, VRRP, and GLBP, Ether channels (PAGP & LACP), Port Security on Cisco switches (6500, 4500), Juniper (MX2300/ MX3400).

Wireless: Cisco Meraki and Aruba. Monitoring Tools Solar winds, Riverbed, Net Flow, Infoblox, Citrix.

Sniffing Tools: Wireshark, Tcpdump.

Documentation Tools: Visio, Lucid chart. Networking Protocols TCP, UDP, DNS, DHCP, NAT, ACL, SMTP, SNMP, FTP, HTTP, HTTPS, PPP, HDLC, IPV4, IPV6. Scripting Languages Python, Shell scripting.

Operating System: Cisco IOS, JUN-OS, PAN-OS, NX-OS, Windows, MAC OS X, Windows Server, Linux, UNIX.

PROFESSIONAL EXPERIENCE:

Sr. Network Security Engineer

Confidential - Palo Alto, CA

Responsibilities:

• Experienced with configuration and Maintaining of Palo Alto and Cisco ASA firewall.
• Hands on experiences with configuration and implementation of NAT, Security Polices on Palo Alto (PA-5250, PA-3060) firewalls.
• Performed installs, configuration and troubleshooting on State-full inspection firewalls and inline/passive IPS/ IDS.
• Worked on implemented Active/ Standby HA configuration on Palo Alto Firewalls.
• Strong Knowledge on implementation of security profiles such as Threat prevention and PAN-DB in security policies on Palo Alto.
• Experienced with configuration of security polices with App-ID and User-ID.
• Hands on experience with Configuring Palo Alto firewall using Wild fire feature.
• Worked on Centralized management using Panorama M-100.
• Migration of the firewall rules from Cisco ASA 5510 to Palo Alto firewalls.
• Worked on mitigation of DOS attacks on Cisco ASA and Palo Alto firewalls.
• Expert Level knowledge on implementation of NAT/PAT.
• Worked on configuration of TACACS+, RADIUS and LDAP in Cisco ASA and Palo Alto firewall.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5505 Security appliance, Failover, DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Experienced with Configuration and maintained IPSEC and SSL VPN's on Palo Alto and Cisco ASA Firewalls.
• Hands on Experience on working with load Balancers such as F5 (LTM & GTM) and Cisco (ACE).
• Worked on F5 load balancer in deploying many load balancing techniques such as Round Robin, Ratio Based, Least Connection and Persistence.
• Experienced with configuration of SSL Offload on F5 Load balancer.
• Worked on configuration and implementation of VIP's, High availability (A/S), virtual server and irules on F5.
• Worked on configuration and implemented of routing protocols like STATIC, EIGRP, OSPF and BGP on Cisco 7200, 6500 Series routers.
• Troubleshooting complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP. Mentored and guided team members and staff through the Cisco ISE implementation process using experience from a dozen previous deployments for enterprise clients.
• Hands on experience in migration of Cisco ACS to Cisco ISE 2.2
• Completed a wired ISE deployment for a medical devices company ensuring network segmentation and posture impacted the security classification of the device
• Upgrade Cisco 6500-E, 3560, and 2960 switches to IOS software that is on the ISE compatibility matrix. Experienced with configuration of Access-lists, Distribution-lists and Route Redistribution.
• Worked on configuration of MD5 authentication in routing protocols.
• Working on CISCO Prime and Wireless controller to Manage all WAPs in campuses.
• Experienced with various BGP Attributes for path selection process by using AS-path prepend, Local Preference and Weight.
• Worked on configuration of stub area for in OSPF.
• Extensive knowledge on implementing and configuration Redundancy of Gateway using HSRP and VRRP.
• Experienced with Nexus 2148 Fabric Extender, Nexus 5000 series to provide a flexible access for data center.
• Exposed to configuration of VDC, vPC and Fabric Extender on Nexus switch.
• Hands on experience in configuration, upgrading NX-OS.
• Experienced with configuration and implemented layer 2 protocols such as VLANs, STP, RSTP, MST, Port Security and Ether Channels (LACP and PAGP).
• Worked on implementation of VTP, Trunking, Inter VLAN routing on Cisco switches 4500, 3600 and Juniper EX2300 and EX 3400.
• Experience in implementing, designing and supporting Cisco wireless controllers LWAPP environment which supports both 802.11n and 802.11b/g.
• Working with large customers to help them understand Cisco Meraki and Aruba products and services Migrated wireless security encryption from WEP to WPA2.
• Worked on optimization of LAN & WAN technologies.
• Worked on network monitoring and performing analyzing tools like Solarwinds and Nagioas.
• Exposed to Splunk and QRadar to generate report and to collect traffic logs.
• Hands on knowledge on sniffing tools like Wireshark for packet capture and analysis.
• To Setup scripting of various aspects of Tufin management.
• To assist in layer 2 issues with the senior engineer as well as monitor the status of the network with Solarwinds for the LAN/WAN and Cisco Prime for the wireless APs.
• Experienced with IP Address management (IPAM), DNS, DHCP by using Infoblox.
• Provided technical support on hardware and software to remote production sites.
• Performed CISCO IOS, PAN-OS, JUN-OS upgrades on Network devices and maintained latest versions.

Network Security Engineer

Confidential - Santa Clara, CA

Responsibilities:

• Implemented Security Solutions for Checkpoint firewalls.
• Implemented Checkpoint Firewall (4400, 4600) to protect and authenticate local - net and DMZ.
• Configure high availability (active/standby) using NSRP on Juniper ISG and NS5200 firewalls.
• Created security policy according to user requirement in Cisco ASA 5580, Juniper-SRX & SSG firewall using CLI & GUI.
• Provided day to day support for firewall engineering and operations tasks and level 1 & 2 on-call technical supports for the Firewall Engineering and Operations team, including assisting peers with issues and escalation.
• Worked on Checkpoint Firewalls Clusters of both High-Availability and Load-Sharing.
• Worked on Multi-vendor platform with checkpoint and Cisco firewalls requesting net flow for security compliance, coding, and pushing firewall rules after approval and troubleshoot incidents as required.
• Implemented firewall rules on Cisco ASA, Juniper SRX 3600 and SRX 100 on a daily basis, using NSM and CLI.
• Maintained and Troubleshot IP connectivity problems using PING, and Trace route utilities and packet capture tools such as Wireshark.
• Managed global policy, global groups and global objects in checkpoint Provider-1/ Multi Domain Manager.
• Worked on F5 load balancer deploying many load balancing techniques with multiple components for efficient performance.
• Provided application level redundancy and accessibility by deploying F5 load balancers long-term memory.
• Configured VLAN's, Private VLAN's and enabling InterVLAN routing.
• Configuring routing protocols like EIGRP, OSPF & BGP and troubleshooting layer3 issues.
• Responsible for designing and implementation of customer's network and Security infrastructure.
• Hands-on WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP, OSPF, EIGRP) and IP addressing.
• Configured and resolved various OSPF issues in an OSPF multi area environment.
• Involved in the configuration & troubleshooting of routing protocols: BGP, MP-BGP, OSPF and EIGRP.
• Monitored LAN/WAN network activity utilizing CA/Spectrum monitoring tools.
• Involved in monitoring network traffic and its diagnosis using performance tools like Snort, Snortsnarf, ping tools, and packet player.
• Troubleshoot traffic passing managed firewalls via logs and packet captures.
• Worked on Cisco 3800, 3600, 2800, 2600, 1800, 1700, 800 series Routers and Cisco 6500, 3700, 3500, 2900.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R65 up to R77.
• Configured layer 2 and layer 3 Switch port, L3 router interface, VLAN interface, VRRP on Cisco and Juniper devices.
• Conducted and implement Network and software installations and upgrades.
• Blocking malicious sites as required by the information security system using Bluecoat Proxies.
• Implementation of Cisco ACS server and integration with RSA for two factor authentications.
• Worked on Disaster Recovery (DR) test plan and build an IPSEC tunnel site to site.
• Configuration of switching technologies like VLAN, STP, TRUNKING, Ether Channels (PAGP, LACP).
• Configured gateway redundancy protocols like HSRP, VRRP.
• To work on network monitoring tools like SOLARWINDS and Splunk.
• Strong knowledge on using Sniffing tools like Wireshark and Tcpdump.
• To work on WLAN 802.11 a/b/ac, creating SSID & WLAN Security like WEP, WPA & WPA2.
• Organized IP address management (IPAM), DNS and DHCP by Infoblox.
• Worked on developing network design documentation and implementing using Visio and Lucid Chart.
• Understanding the PAN-OS, Cisco IOS, JUN-OS platform and worked with IOS upgrade on devices.
• Experience on IPV4 Addressing, Sub netting, VLSM, ARP and ICMP Protocols.
• Responsible for implementation of LAN and WAN connectivity and services.
• Expert level knowledge in OSI and TCP/IP models.
• Upgrade planning of CUCM, Unity Connection and UCCX to v10.5

Sr. Network Engineer

Confidential - Fremont, CA

Responsibilities:

• Strong Knowledge on Configuration and maintaining PaloAlto, Cisco ASA and Juniper Firewall (SRX3400).
• Experienced with Configuration and implementation of NAT, Security Polices on Paloalto (5250) Firewall.
• Hands on Knowledge on implementation of Security profiles in Security Polices on PaloAlto.
• Strong Knowledge on implementation PAN - DB and WildFire.
• Worked on configuration of VPN Tunnels on PaloAlto.
• Exposed to upgrade of ASA firewall version 8.2 to 9.6.
• Detailed understanding of different layer 2 protocols like VLANs, VTP, STP, RPVST, Port Security and Ether Channels (LACP and PAGP).
• Experienced in Data-Center Nexus 5548P, 5596T, 2148T, 2224T and 6000 switches.
• Implemented VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches and implemented VSS on Cisco catalyst 6509 and 6513 switches.
• Worked on configuring the Nexus 5K Aggregation Switch and Nexus 2K Fabric Extenders.
• Designed Redundancy Gateways for Campus Network using HSRP/VRRP/GLBP.
• Design and Configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Juniper Networks specializes in routers, switches, firewalls, data center solutions, cloud services and VPN solutions.
• Deployed Juniper switches EX4500 and EX4200, routers M7i and M10i and Junos OS.
• Hands on experience in configuring and supporting site-to-site & remote access Cisco, IPSec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
• To Implement & troubleshoot complex layer 2 technologies such as VLAN Trunks, VTP, Ether Channel, STP, RSTP and MST.
• Responsible for Check Point and Cisco ASA firewall administration across global networks.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Hands around knowledge with VPC and FEX configuration on Nexus switches.
• Working experience with Wireless LAN Controller (WLC) and Light Weight Access Point (LWAP).
• Experience in configuring and troubleshooting various layer 3 routing protocols like RIP, OSPF, EIGRP and BGP.
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Expertise in creating groups and pruning traffic flow using VLAN, VTP, ISL, 802.1Q.
• Familiar with REMEDY for ticket change management process.
• Experienced in Microsoft Visio creating a detail physical and logical network diagrams.
• Supported Large Frame-Relay, MPLS, E1/T1, ISDN, Analog networks.
• Worked on Updating the design and documentation of network using Visio.

Network Engineer

Confidential

Responsibilities:

• Experience in configuring Cisco ASA Firewalls 5540/5550 using CLI, Cisco CSM, ASDM for day to day maintenance.
• Configuring and implementing Security/NAT rules on Cisco ASA 8.x firewalls.
• Configured Cisco VPN Concentrator 3060 for VPN Tunnel with Cisco VPN hardware/software client and ASA firewall.
• Problem solving support for issues affecting B2B, Internet and VPN, Routing, traffic and log analysis.
• Experience with configuration of Route - Maps for the route filtering.
• Support routing protocols including BGP and OSPF routing, Load Balancing/Failover, GRE Tunnel Configurations and support on the routers.
• Implemented RADIUS for user authentication to allow access as required.
• Configured VLAN Trunking 802.1Q, VLAN routing on Cisco Catalyst 3550/4500/6500 Switches.
• Experience in configuring and maintain HSRP on Cisco Catalyst switches.
• Experience in configuring Trunk groups, Ether-Channels, STP for creating and maintaining Access/ Distribution and Core layer switching architecture.
• Worked on Configuring Cisco 2900/3500 and Juniper EX2200/4300 switches with STP, RSTP and RPVST to avoid loops.
• Hands-on experience in configuring VPC, VDC Software upgrades on Cisco Nexus 7010.
• Configuring Static NAT, PAT overload.
• Configuration and Implementation of Access point in the site with the help of Wireless Controllers.
• Performed a global rollout of Cisco Meraki WAPs, created multiple SSID's for production and guest networks.
• Maintained Documentation (Visio's), Configurations and Records management.

Network Administrator

Confidential

Responsibilities:

• Worked on configuring, maintaining and troubleshooting of layer 3 routing and layer 2 switching.
• Experienced with configuring routing protocols such as OSPF, EIGRP, BGP as required.
• Worked on redistribution of routing protocols.
• Configured routing protocols such as OSPF and BGP.
• Maintained VLANs, Spanning-tree, HSRP and VTP of the switched multi-layer backbone with Cisco Catalyst Switches.
• Provided customer support including daily backup procedures, testing network connections equipment installation and turn-up, and remote hands assistance.
• Experienced with physical layer interfaces and cabling standards.
• Maintained detailed time-based incident logs and technical checklists.
• Troubleshooting and maintaining PC's, Cisco devices.
• Maintaining redundancy on Cisco 2600/2800/3600 routers with HSRP.
• Implementing and configuring of STP, RSTP and Creating Port channels.
• Experienced with troubleshooting VLAN, Trunking, HSRP and related issues.
• Worked on implementing switch-port security features as per the company's requirement.
• Hands on knowledge of implementing VLAN's using DOT1Q/ISL on Cisco switches.
• Updating IOS on Cisco Catalyst series switches 2900/3560/3750.
• Daily operations include configuring, monitoring and maintaining Cisco routers and switches in LAN/WAN, implementing Access lists.
• Hand-on experience on installing, maintaining and configuring HP printers, copiers, servers and other networking devices.