- 5+ years of professional experience in Deploying, Configuring, maintaining and Troubleshooting Enterprise level Network and Network Security Infrastructure. Provide Tier 1, 2 & 3 Data Centre support.
- Strong Hands on experience on deployment, configuring and troubleshooting of Cisco ASA 5020, 5460 firewalls and Palo Alto 3060,4000,5060, 7020, 7260 Firewalls, Juniper SRX 5600 and Checkpoint R77 and R76 firewalls.
- Experience in migrating Cisco ASA 55XX to Palo Alto firewall using pan OS Migration tool 3.3.
- Expertise on centralized management system (Panorama M - 500) to manage large scale firewall deployments.
- Experience on Palo Alto NG Firewall features like URL filtering, Threat prevention, Data filtering and Zone Protection.
- Expert in configuring Security policies using App ID, User ID, Services, Security profiles and URL category.
- Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on various firewalls as per the design requirements.
- Implementation of Site to site VPN and SSL VPN on Palo Alto (Global Protect) and Cisco ASA (Any Connect) firewalls.
- Configured IPS Features, Anti-Virus scanning, Anti-Spyware, Malware detection, File & Data blocking Mechanisms and Wildfire on Palo Alto firewalls.
- Hands on experience in deploying GRE tunnels, encrypted tunnels like IPSEC and DMVPN.
- Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
- Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
- Worked with ITIL v3, PCI, HIPAA Industry standard deployments.
- Deployment and Management of Bluecoat proxies (SG 900, 810) in the forward proxy scenario as well as for security in reverse proxy scenario.
- Experienced in configuring and deploying RADIUS, TACACS+ as part of AAA Architecture under multiple scenarios.
- Expert level knowledge of troubleshooting, implementing, optimizing and testing routing protocols such as EIGRP, OSPF, BGP .
- Implemented VSS along with VDC and VPC on Nexus 7018/7010, 5020, 5548, 2148, 2248 switches.
- Expertise in Configuration and troubleshooting of STP, RSTP, PVST, RPVST, BPDU Guard and BPDU filtering on Switches.
- Proficient in configuring and troubleshooting DNS, DHCP issues over large-scale networks.
- Experience in configuring VLAN s, Inter-VLAN routing, Trunk ports and Port security.
- Installation and troubleshooting of Cisco 5508 and 2504 WLAN controllers and Aruba Mobility Controllers.
- Install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.
- Involved in Disaster Recovery activity, like diverting all the traffic from production data center to Disaster Recovery data center.
- Excellent Knowledge on PKI (Public and Private Key) Encryption, Decryption.
- Expert in managing and monitoring the network devices using Syslog, SNMP, and NTP.
- Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, Solar Winds and TCP dump.
- Worked on SIEM Tools such as QRadar & Splunk to manage multiple network devices.
- Excellent in documentation and updating client's network diagrams using VISIO and LucidChart
Firewalls: Palo Alto 3060, 5020, 5250, 7020, 7260 Cisco ASA 5520, Check Point R75, R76, Juniper SRX 5600, Cisco Firepower
Load Balancer: F5 Networks (Big-IP) LTM 6400, 6800, 8800 and GTM
VPN: IPSEC, DMVPN
AAA architecture: TACACS+, RADIUS
Routers: Cisco 7600,7200, 3800, 3600, 2800, 2600, 2500
Routing: OSPF V3 & V2, EIGRP, BGP, Static Routing
Switches: Cisco Catalyst 6500, 4500, 3750, 3500, 2900, Nexus 2K/5K/7K
Switching: STP, PVST+, RPVST+, VTP, Inter VLAN routing & Multi-Layer Switch, Ether channels (PAGP, LACP)
Network Protocols: TCP, UDP, DNS, DHCP, FTP, HTTPS, PPP, TFTP, ICMP
Tools: WireShark, TCPDUMP, Solar Winds, Tufin, Splunk, Qradar, Cisco SDM, LAN Controllers, VISIO
NIST 800: 53, ISO 27002, PCI, HIPAA
Confidential, Columbia, MD
Network Security Engineer
- Configure, monitor and troubleshoot Zone-Based Policies & Security Policies on Palo Alto 7260, 7020, 5020, 5250, 3060, 3020 series and manage them with Panorama M-500.
- Responsible for the PANORAMA management for logging sessions, creating reports and managing different PAN firewall devices.
- Implementing APP-ID, which defines custom applications and comprehensive set of predefined applications to be applied to firewall.
- Configuring LDAP with Palo Alto Firewall to authenticate User IDs.
- Configuring the User-ID feature on Palo Alto firewalls to facilitate username to IP address mappings.
- Establishing and maintaining IPSec tunnels on Palo Alto Firewalls for Site-To-Site connectivity.
- Expertise in integrating Palo Alto to Wildfire cloud to mitigate Zero-day attacks.
- Configure and maintain Palo Alto’s Global Protect to enable Remote Access to users accessing internal resources from external networks.
- Configure Objects and work on Custom Applications and services to manage the traffic on the firewall.
- Maintaining end point security by configuring Traps.
- Experience with Virtualization using Multi-VSYS on Palo Alto, Multiple context on ASA and configured static routes on virtual routers.
- Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
- Configuring Palo Alto Firewall Clusters in Active/Passive mode for High-Availability. Thorough knowledge on the Active/Active HA mode for complex infrastructure.
- Configuring Zones, Virtual routers and interfaces on Palo Alto Firewall.
- Implemented security policy rules and NAT policy rules on Palo Alto firewalls.
- Created enterprise multi-Zones in VMware NSX and Integrated that with Palo Alto network.
- Experience in integration of NSX manager 6.0 with Palo alto firewalls.
- Responsible for unlike-to-like Firewall migration from Cisco ASA 5500 Firewalls to Palo Alto 5280 Firewall using PAN Migration Tool V3.3.
- Configured & monitored Virtual Severs, iNodes, iRules on F5 LTM Load Balancer 3900, 6900.
- Implemented SSL/TLS profiles with F5 Big IP LTM such as SSL offload, SSL Orchestrator, Client SSL Profile and Certificates.
- Configured Static and Dynamic Load Balancing and priority-based pool-member activation to manipulate load on servers on F5 Big IP LTM Load Balancer.
- Deployed and configured Cisco Wireless Controllers 8510 and Access Points Aruba 305.
- Troubleshoot Aruba Wireless 305 AP issues like intermittent connectivity, authentication failure, low signal strength, replacing AP's and controllers.
- Administered Core, Distribution and Access layer Routing, Switching and Firewall infrastructure. Setup Out of Band for management of all this infrastructure.
- Captured packets by configuring span port and analysed using WIRESHARK and TCPDUMP.
- Analysed and visualize the machine data using SPLUNK in real-time.
- Configured Nexus 7018/7010, 5020, 5548, 2148, 2248 switches at Core, Distribution and access level for Data Center and implemented VSS along with VDC & VPC on it. Configured Fabric Path as well.
- Configured HSRP to balance Loads between Core and Distribution Switches.
- Analyse, configure and troubleshoot the LAN/WAN Networks. Monitor Network traffic and Access Logs in order to troubleshoot Network Access issues.
Confidential, Raleigh, NC
Network and Security Engineer
- Expertise in Configuring, Monitoring and Troubleshooting Palo Alto (5040, 3020) and checkpoint firewalls.
- Centrally Managed Multiple Firewalls using Panorama M-500, Constantly ensured Software Upgrades and Content Updates are up to date on those devices.
- Created Rules (Pre, Post, Default), Objects, Device Groups and Templates on Panorama M-500.
- Configured and installed the Multiple Firewall pairs in High Availability mode as Active/standby and managed through the Panorama.
- Created custom URL-filtering profiles on PAN firewalls and attached them to Security policy rules that allow web access.
- Migrated Cisco ASA firewalls to Palo-Alto using migration tool 3.0. Initially started with Like to like migration and then manually configured polices using app-id, user-id, URL filtering etc. to take complete advantages of PAN devices.
- Upgraded Cisco ASA firepower by Adaptive Security Device Manager.
- Involved in Installing and Configuring a Cisco secure ACS server for AAA authentication.
- Implemented site-to-site VPNs, remote VPNs and created VPN tunnels using IPSec encryption standards on Cisco ASA firewalls.
- Handled various trouble tickets, firewall rule changes, assisting other teams to bring the device to production, making DNS changes in InfoBlox and routing changes.
- Configured DMZs for web servers, Mail servers and FTP servers on Cisco ASA firewalls.
- Configured Active-Standby High Availability for stateful failover and Zero down time maintenance on Cisco ASA firewalls.
- Assisted in VPN configuration, NAT policies, failovers, maintaining and analysis of firewall logs.
- Worked on Bluecoat ProxySG to black list/ whitelist websites, URL Filtering and content filtering as per business request.
- Configured Access List ACL to allow users all over the company to access different applications, Internet and compliance to the security policy and standards.
- Used Tufin firewall optimization tool and Splunk to analyze logs and perform Firewall policy cleanup.
- Performed packet captures using TCPDUMP, fw monitor, Snoop, wireshark and other network monitoring tools.
- Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Configured and implemented enhanced VPC and fabric path between Nexus 5596 and 5548 series switches for reliable data center operations.
- Worked on basic firewall configurations and the maintenance of Cisco ASA firewalls.
- Troubleshooted Cisco ASA Firewall 5500 and policy change requests for new IP segments that either come on line or that may have been altered during various planned changes on the network.
- Configured and upgraded network devices including Cisco 2950, 3500, 5000 series switches and Cisco 7600, 7200, 3800, 2600, 2800 series routers.
- Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
- Involved in Firewall Policy implementation on Checkpoint NGX R77 and R76.
- Design and Implement Remote access VPN server using Checkpoint NGX R60 and NGX R55 & Cisco ASA
- Configured complete routing access to the local network infrastructure by implementing EIGRP as the primary routing protocol.
- Troubleshooted LAN/WAN infrastructure including protocols like EIGRP, OSPF, HSRP and VRRP.
- Configured and resolved complex OSPF issues in a multi area network.
- Involved in configuration and management of different Layer 2 switching tasks, which includes address learning, efficient switching etc.
- Worked with layer2 switching, VLANs, Trunking technologies, Link aggregation protocols (LACP/PAGP), VPC, STP, MSTP and PVST+.
- Configured BPDU guard, Port-fast and uplink-fast on Layer 2 and Layer 3 switches to increase the convergence speed as a part of STP enhancements.
- Designed and implemented an IP addressing scheme with subnets for different departments.
- Proficient in preparing technical documentation using MS Office suite and Visio.
- Worked actively with the networking teams to fix the application and network latency issues using Wireshark/packet analyser.
- Collaborated with the Systems team to Install, configure, & maintain Active directory on Windows Server and configured file servers.
Jr. Network Engineer
- Involved in Configuring and implementing of Composite Network models consists of Cisco 2500, 2600, 3800 routers and Cisco 2950, 3500 Series switches
- Configured IPV4 routers with Automatic Tunnelling technique to support transmission of IPV6 packets thereby reducing the cost of replacing entire IPv4 routers with IPv6 compatible ones.
- Performed sub netting TCP/IP configuration on a daily basis for end users, printers, and client servers
- Configured and installed juniper SRX 210,220,240,650 routers and EX 2200, 4200, 4500 switches.
- Experience troubleshooting, as well as implementing layer 2 technologies such as VLAN, VTP, STP, Ether channel
- Completed various tickets per day ranging from resolving host connectivity issues, access-list modifications, and cisco switch configuration and installation when tasked with modifying network infrastructure.
- Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
- Participated in router, switch, and wireless AP configuration.
- Created VLAN, Inter-VLAN routing with Multilayer switching and configuring STP
- Upgraded switch and router hardware such as Ethernet cables, SC/LC fiber ports and switch supervisors
- Served as Level 1 Support engineer to resolve network related issues reported by clients on daily basis.