SUMMARY:

• Around 5 years of experience in the industry as a Network Security Engineer, which includes expertise in the areas of Routing, Switching and Firewalls.
• In depth understanding about TCP/IP and OSI models.
• Having hands - on experience on switches like CAT 9000, 6500, 4500 and like Cisco 3600 series and 3700 series.
• Experience with Configuration, Testing and troubleshooting of Switches with VLAN, STP, and VTP.
• Configuring and Troubleshooting Route Redistribution between RIP, EIGRP OSPF & BGP protocols.
• Worked on Migration of Juniper SRX firewalls for isolation of network segments and VPN's.
• Extensive knowledge in different networking protocols DHCP, DNS, FTP, VOIP (SIP, H.323, MGCP), Quality of Service (QOS).
• Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
• In-depth knowledge in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Hands-on deployment, tuning, and troubleshooting experience, ideally with Palo Alto Networks, Check Point, Juniper, or Cisco security product suites.
• Established redundant network for data and voice through multiple protocols and technologies to include Frame Relay, ISDN, MPLS, Wireless Broadband, QoS.
• Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration.
• Configure and implement Network Infrastructure monitoring, alerting, backups, and system management solutions built on Linux Firewall and ACL security implementations.
• Hands-on experience in Planning of Corporate Firewalls architecture and implementing in distributed environment i.e. configuring & troubleshooting - Checkpoint, Cisco ASA and Palo Alto Firewall.
• Design, configured and support for Cisco Nexus Platforms (Nexus 7000/5000/2000 )
• Hands on experience on Nexus7700&7000 series with different LAYER 2 and Layer 3 line cards namely F2, F3 and M2 & M3.
• Provided firewall policy configuration and services with Juniper SRX 240 & 650 series.
• Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 80 firewalls.
• Advanced Knowledge in site-to-site IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Responsible for configuring and implementing network, firewall and security solutions (IDS/IPS) using Palo Alto networks.
• Understanding the JUNOS platform and worked with IOS upgrade of Juniper devices
• Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark, Splunk, PRTG and Bluecoat Proxy.
• Processing application load balancer requests using F5 LTM, GTM and NetScaler load balancers.
• Knowledge in AAA related technology like Cisco Identity Services Engine (ISE), Cisco ACS
• Extensive understanding of the Application Security Module (ASM) technology.

TECHNICAL SKILLS:

Operating systems: Windows XP/7/8, LINUX, UNIX.

Routers and Switches: Cisco 2800/ 3600/ 4400/ 3700/ 3800/ 3900/ 7600 , ASR 9K, XR, Juniper M320. Cisco Catalyst 1440/ 6513/ 6509/ 4900/ 2960/ 3500/ 4500.

Firewalls and: Checkpoint, Cisco ASA, Fortigate, NAT, ACL, Cisco Sourcefire.

Networking Protocols: EIGRP, OSPF, BGP, MPLS, RIP, HSRP, GLBP, STP, RSTP, PVSTP, VTP, ARP, VLAN, DNS, SMTP, SNMP, FTP,LDP/TDP, WLAN 802.11/802.11 e, CDMA, WEP.

LAN/WAN: Ethernet, Fast Ethernet, Gigabit, STP, RSTP,PVST, Workgroup technologies Domain, HSRP, Frame Relay, ISDN, PPP, PAP, CHAP, HDLC,ATM, MPLS, Leased Lines, Cable modem.

Network Tools: Solar Winds, Lancope, Wireshark, Microsoft SSCM, Opnet, Nmap, MS office, MS Visio, Ethereal, Packet Tracer, PRTG Packet Sniffer, VirusTotal, IP void, Sucuricheck.

Wi-Fi and Wireless: DLink Wireless (Point to Point), DLink Access Point, CISCO 1532e/ 3500 /2602 / 2702/ 1200 series Access Points, Canopy Wireless Device(point to point/multi point), Linksys Wi-Fi/ Wireless Router.

Load Balancers: F5 BIG-IP LTM/GTM 1600,3900,4200,8950,6900 Series.

Additional Skills: CSU/DSU Troubleshooting, Private Line, ATM, IP addressing, IP subnetting, CCNA, PAT, SevOne, NetExpert, IPSec Based VPN, IPSec over GRE Tunnels, VoIP, DNS, ADS, McAfee Web gateway, Packet level troubleshooting using sniffer tools, Infoblox, NetQoS, Websense, Fortigate, HP OpenView.

PROFESSIONAL EXPERIENCEL:

Confidential, Cedar Rapids, IA

Network Security Engineer

Responsibilities:

• Worked as a Security Engineer in Firewall Migrations to help create a migration path from one vendor specific firewall to the other.
• Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks.
• Designed and implemented a Highly Availablity WAN for Low Latency Real-Time Data, Voice, and Video Conferencing.
• Configured Palo Alto Firewall Clusters in Active/Passive mode for High-Availability. Thorough knowledge on the Active/Active HA mode for complex infrastructure.
• Migrated multiple Cisco ASA 5580/5520 firewalls to Palo Alto 5060/500 firewalls.
• Configuration of Cisco Identify Services engine (ISE) and 802.1X to enable the creation and enforcement of security and access policy (ACL) of End users to company network.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting. Perform advanced troubleshooting using Packet tracer and TCPdump on firewalls.
• Managed VPN, IPsec, Endpoint security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Palo Alto.
• Helped secure the Network from the "WannaCrypt" and "WannaCry" ransomware attacks by enforcing and deploying IPS signatures (688-2964) and anti-malware signatures for the SMB vulnerability exploit.
• Install, configure, and maintain network equipment and servers including Cisco Catalyst and Nexus series switches, Cisco Meraki switching and wireless, Cisco Firepower, Cisco UCS, and VMware ESXi.
• Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
• Performing Vulnerability scans across the Assets, Web Application Scanning for PCI compliance, running Reports and sharing with Compliance team for remediation of Vulnerabilities and performing firewall policy Audits.
• Configured and maintained Secure Shell (SSH) on routers using RSA.
• Captured packets by configuring span port and analyzed using WIRESHARK and TCPDUMP.
• Worked on Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA 5500(5510/5540) Series.
• Planning, Designing & Implementing VPN connections using Checkpoint, ASA, Cisco PIX, and Cisco Routers using site-to-site VPN's.
• Processing application load balancer requests using F5 LTM, GTM and NetScaler load balancers.
• Provided administration and support on Bluecoat Proxy for content filtering.
• Editing and Changing Palo Alto Polices and Monitoring threats on firewalls according to the latest versions.
• Addressing Vulnerability exceptions and false positives reported by Audits and fix the audits to stop reporting false values.

Environment: Cisco ISE, TCPdump, Wireshark, Palo Alto Firewalls, Checkpoint, Cisco ASA, F5 LTM and GTM, NetScaler, Bluecoat Proxy, IPS signatures, Cisco PIX (506E/515E/525), ASA 5500(5510/5540), RSA, SSH, VPN, HA, Data Loss prevention, RAPID 7, Migration tool V3.3

Confidential, Wilmington, DE

Network Security Engineer

Responsibilities:

• Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, and MST related issues coming in network environment.
• Plan, Design and assist in deploying network devices in Enterprise wide Network.
• Worked on different networking concepts and routing protocols like BGP, EIGRP, OSPF, DNS and other LAN/WAN technologies. NAT and PAT configuration and troubleshooting.
• Performed redistribution with OSPF, EIGRP, RIP version 1 and 2 to enable communication with backbone.
• Worked on migration, deployment, and break fix activities as and when required and worked on migration of LABS and Dev rooms and VLAN migration and installing new switches. Worked on Cisco 9k (9006) routers and its prefix lists.
• Worked on adding the switch management IP and static IP's reservation in DHCP store and add a new scope on appropriate DHCP server (give the name, starting and ending ip's) and configuring for fail over and activating the scope and replicating them on to the redundant servers.
• Configuring and implementation of Juniper Firewall, SSG Series, Netscreen Series ISG 1000, SRX Series.
• Good knowledge on juniper SRX240, SRX220 and SRX550 series Firewalls.
• Worked on MPLS for QoS, and to reduce traffic latency, jitter, down time and packet loss.
• Worked on Cisco ASA writing the ACL's, Cisco IOS XS, and XR. Configuring Cisco ASA and Deploying AnyConnect VPN client
• Hands on Experience with blocking of IP's on Checkpoint that are suspicious. Responsible for Checkpoint firewall management and operations across our global networks.
• Extensive Packet level debugging and troubleshooting onCheckpoint Firewallsto resolve numerous network issues. Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of theCheckpoint Firewalls placed in the Data Center with MS Visio.
• Worked with Palo Alto Firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the Firewall.
• Managed VPN, IPSec, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Checkpoint Firewalls.
• Installed, configured and set security policies on cisco and checkpoint firewalls, VPN.
• Worked on IPsec VPN tunneling, configuring the tunnel on both the end routers, Hub routers and event routers during Hackathon Events. Worked on Infoblox to assign IP addresses to applications.
• Worked on DHCP store and DNS servers and worked on the DHCP lease times of the AP's when we were swapping/upgrading the Aruba 135 to 225 models and worked on WLANS and Aruba and cisco LAN controllers, provisioning the AP's.
• The AP's on the Wireless Controllers (WLC's), Cisco Prime. Hard resetting the AP's.
• Performing network monitoring, providing analysis using various tools like Wireshark, SolarWinds etc.
• Firepower Series using Cisco ASA for additional vulnerability scanning.
• Licensing, Provisioning and installing of F5 devices, RMA of F5 and F5 software upgrade- version 11.5.1.
• Worked on F5 devices, health monitoring of servers and load balance solutions.
• Build, set up and configure VPX NetScaler's and XenApp 7.6/7.8 Provisioned Citrix farms.
• Administered and developed Citrix XPE and 5.0, 4.5 consisting of 10 Citrix farms, 1000 servers and 600 applications. Performed general application support, scripting and standardization on server builds and applications.

Environment: Palo Alto 5020, 5060, Infoblox, Checkpoint 41K and 61 K series, Routing Protocols (EIGRP, RIP, OSPF, BGP), Cisco 6513, 6504, 6503, 6506, 6500 series switches, Switching protocols (VTP, STP, GLBP), Citix, F5.

Confidential

Jr. Network Engineer

Responsibilities:

• Administration and diagnostics of LAN/WAN with in-depth knowledge of TCP/IP, NAT, network protocols and services.
• Configured RIP and EIGRP on 2600, 2900 and 3600 series Cisco routers.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems
• Performed IOS upgrades on 2900, 3500 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP.
• Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 series Cisco Catalyst switches.
• Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 5000, 6500 Series switches.
• Working on Nexus (7k, 5k) implementation for Data centers and large remote sites globally.
• Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different applications and blocking others.
• Configured STP for loop prevention and VTP for Inter-VLAN Routing.
• Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Worked on network-based IT systems such as Racking, Stacking and Cabling.
• Other responsibilities included documentation and change control
• Performed routine network maintenance checks as well as configure and manage printers, copiers, and other miscellaneous network equipment.
• Maintenance and Troubleshooting of connectivity problems using Ping, Trace route.
• Performing Backups of Cisco router configuration files to a TFTP server.
• Troubleshoot LAN related problems, provided Desktop support for local and remote end-users.
• Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.

Environment: Cisco 2900/3560/3750 switches. TFTP, LAN/WAN, VLAN, STP, RSTP, TCP/IP,DNS, WINS/DHCP, STP, RSTP.