PROFESSIONAL SUMMARY:

• Over all 8 years of experience in providing solutions, implementation, configuration and troubleshooting of Cisco Routers and switches, fine tuning of firewalls, VPN configuration, troubleshooting network related problems in Enterprise Network.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Palo Alto and Checkpoint.
• Working knowledge of F5 load balancer LTM.
• Experience in adding Policies in Palo Alto firewall PA - 500, PA-3020 using GUI 6.1.
• Exhibit strong communication, critical thinking, multitasking, and customer service skills
• In-depth knowledge and hands-on experience in IP Subletting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 /FT3 / T3, Firewalls.
• Worked on layer 2 security like port security, Port Fast, DTP, DHCP Snooping, Dynamic ARP Inspection.
• Working knowledge of solar wind Orion traffic monitoring tool and Splunk.
• Involved in the redistribution into OSPF on the core Palo alto firewall.
• Well experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
• Experience in designing and deploying enterprise network security and high availability on Palo Alto NGFW's and Cisco ASA.
• Proficiency with Cisco Security SDM, NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cryptography, VPN, IPsec.
• Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP that required to be altered during various planned network changes on the network.
• Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection
• Knowledge and experience on Protocols such as TCP/IP, SNMP, ICMP, NAT, PAT.
• Extensive experience in WAN Technologies, Switching Technologies along with Failover Mechanisms and Inter V lan Routing types.
• Management of each firewall is done remotely and onsite Confidential client sites.
• Excellent knowledge and experience on different platforms like Cisco, Checkpoint, F5 Big-ip LTM load balancers, Bluecoat, Riverbed, Citrix, and VMware.
• Extensive experience in handling network failure issues.
• Experience with products such as Cisco ISE, Cisco ASA 5500 series firewalls and Cisco ACE 4710 Load balancers.
• Hands on Experience configuring and testing F5 I Rules using Browser (IE), HTTP watch.
• Knowledge of implementing and troubleshooting complex L2/L3 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP, MPLS and MST.
• Experience with Palo Alto Networks Next Gen firewalls.
• Creating Virtual Servers, Nodes, Pools and I Rules on BIG-IP F5 in LTM module.

TECHNICAL SKILLS:

Protocols & Standards: TCP/IP Protocol Suite, OSI Model, Ethernet, Token Ring, FDDI, OSPF, EIGRP, RIP, BGP, HSRP, L2/L3/L4/L7 Switching, VLAN's, VMPS, VTP, IPv4, IPv6, ATM, VoIP, LAN, SSL, SNMP V1, V2. T1, DS3.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 2900, 3500, 3700,6500, 4500, 3850,3560, 3750, 2960

Switching: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600,1800,1700

Routing: OSPF, EIGRP, BGP, RIP v1/v2, PBR, Route Filtering, Redistribution, Summarization, and Static Routing

WAN: Metro Ethernet, MPLS/VPN, Frame Relay, ADSL, TDM (T1/T3), and OTV configuration.

LAN: Trunking Protocols, Link Aggregation, vPC/vPC+, VTP/STP, FCoE, Gigabit Ethernet.

Firewall Platforms: Checkpoint (NGX R65, 3100, 5100, 5900), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks (PA series 2K, 3K and 5K) with panorama 8.0, WAF

Network Monitoring Tools: CSMA/CA, Wire shark, Nmap, Nessus, HP OpenView, OpManager, PRTG Packet Sniffer Servers, Cramer Network inventory and Activation Engine.

Security: Anomaly Detection in attack prevention system, IPS/IDS, Penetration Testing and Web application testing, Buffer Overflows, Cross Site Scripting, Session Management, Cisco PIX, and Security attacks like DoS, DDoS, Spoofing, Nessus & Cisco IOS, Cisco Works

PROFESSIONAL EXPERIENCE:

Confidential, Plano, TX

Network Security Engineer

Responsibilities:

• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/Switches/firewalls.
• Worked on converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLan under server mode and rest falling under client modes.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Worked on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Provide support and for 2Tier and 3Tier firewall architecture, which includes various Checkpoint, Cisco ASA firewalls and Palo-Alto firewalls.
• Ensured all team members understand and are onboard with the SOC mission statement and goals.
• Ensured the team has quarterly/annual objectives and goals.
• Ensured the team performs quality analysis of security events via routine audits/coaching.
• Ensured all work within team is being recorded in a work order, copiously notated, and ensuring the requests are addressed in timely fashion.
• Ensured SOP processes and procedures are accurate, efficient, update-to-date, and scalable.
• Deployed a Syslog server to allow proactive network monitoring.
• Ensured the team provides customers accurate and insightful analysis of security events in a timely manner.
• Configuration of Checkpoint R77.30 series firewalls and implementation for outbound traffic via blue coat proxy server.
• Worked on technical performance of advanced services (telephony, high speed data, and the hybrid-fiber coaxial plant). F5 LTM: Configuration, Solution Designing and Managing F5 BIG IP LTM Load Balancer
• Worked on level-2 team on migration project of CMA's from one Provider-1 to other Provider-1.
• Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.
• Used McAfee ePolicy Orchestrator to monitor and identify potential intrusions and attacks for the Cyber Security Operations Center (CSOC).
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Daily analysis off network traffic for trends and or malicious activities, created vulnerability report with action plans.
• Evaluated the capabilities of McAfee Network Access Control by constructing checks and benchmarks for McAfee products, WSUS servers, Internet Explorer proxies, and encryption status alerts.
• Deployed VMs in Windows Azure for testing in SIT & QA environments.
• Created VMs with SQL Server 2012 in Windows Azure for QA test requirement. Utilized the existing Ms VHDs for build VM for Dev Apps in Windows Azure.
• Used AD Domains and Virtual Networks in Windows Azure test environment.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Plans, coordinates, implements and supports the LAN / WAN hardware, software and Internet /Intranet integration network connectivity, diagnose network failures and resolve any problems.
• Adding and removing checkpoint firewall policies based on the requirements of various project requirements.
• Primary responsibility for the Core Security of the Network. Managing the entire Network Security Products deployed in the network such as Checkpoint (GAIA R 75.40/77.20 ).
• Configuring VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches.
• Ensured all team members providing top notch customer service via routine audits/coaching.

Environment: VSTP, VRRP, SNMP, VLAN, WAP, UNIX, Linux, F5 Load Balancer, FTP, BPDU Guard, Wi-Fi, CSOC, WSUS, ASR9000 Devices, Check Point Firewall (GAIA R 75.40/77.20 ), VPN, Palo Alto Firewalls, Juniper Firewalls, NATing

Confidential, Middletown, NJ

Network Security Engineer

Responsibilities:

• Experience with MPLS connectivity using VRF's and have broad knowledge on multi-protocol label switching for MPLS-VPN and traffic engineering MPLS-TE.
• Responsible for Configuration of Palo Alto 5050 devices with layer 7 filtering of traffic traversing the internet.
• Experience on engineering and implementation of Nexus 7K/5K/2K top of rack architecture for a Scalable Production Multi-Tenant environment using VPC, VDC & VRF in a DC Core/Aggregation layer in a production and DR Data center.
• Implemented site to site VPN in Juniper SRX as per customer requirements.
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment
• Worked on Cisco ASA 5580, Juniper NS5400, and Juniper SRX550. Implemented cluster and configuration of SRX-100 Juniper firewall
• Experience with setting up MPLS Layer 3 VPN cloud in data center and also working with BGP WAN towards customer
• Designed and implemented new MCN -III MPLS Cloud network Confidential select Data-centers using latest Cisco ASRs and Nexus 9K switches and Optimizing BGP routing with select Wide-Area carriers Confidential & Confidential, XO and Verizon.
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
• Implemented various EX, SRX & MX series Juniper devices.
• Experienced in configuring Cisco ASAs in various contexts and modes to have the network secure. Maintained IPSEC and SSL VPN tunnels through the Firewalls
• Troubleshooting of Cisco ASR 1K, 7200, 3925E and 2951E Routers and Cisco 6500, 4510, 4500-X, 4948, 3560X, 3750X and 2960S Switches for deployment on production network.
• Worked as a part of data center deployment where we converted from Cisco 6500 to Nexus 7010.
• Deploying and managing SD-WAN solutions (Viptela, Nokia) for large-scale enterprises
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Expert knowledge of Cisco ACI, NxOS and IOS, other SDN products, QoS, data center network design, cloud infrastructure design and management, OSPF, BGP routing.
• Expertise in installing, configuring and troubleshooting Juniper EX Switches EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series.
• Worked on design and deployment of MPLS QOS, MPLS Multicasting per company standards
• Building the VPN tunnel and VPN encryption.
• Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series
• Experience in configuring VPC (Virtual Port Channel), VDC(Virtual Device Context) in Nexus 7010/7018
• Apply Cisco ISE configuration to switches
• Configured Easy VPN server and SSL VPN to facilitate various employees' access internal servers and resources with access restrictions
• Configured EBGP load balancing and Ensured stability of BGP peering interfaces
• Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Working on Solar wind and Wire shark in the Network Management, Monitoring and Support.
• Worked on F5 BIG IP LTM 3600 load balancers to configure Nodes, Pools and VIP's on a need basis.
• Migrated, created, and managed pools and clusters in F5 Bigwig GTM 3DNS load balancers across multiple Datacenters.
• Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) and Switches to perform functions Confidential the Access, Distribution, and Core layers.
• Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices

Confidential

Network Engineer

Responsibilities:

• Experience in working with Cisco Nexus 5000 series switches for data center.
• Configured OSPF on CISCO devices with multiple routing processes and redistributed them. Tested and hands on experience in multi area OSPF topologies.
• Assisted in network engineering efforts consistent with the infrastructure of an Internet Service Provider and support of such network services. Helped in designing and implementation of VLAN for the new users.
• Installation and Configuration of various types of Personal Computers and Printers. Installation of different operating systems on Intel based PC's.
• Installed Hard disks, Floppy drives, CD Drives, Sound Blaster cards, CPU, Memory, Power supply unit, Network card, Video graphics card, Hard disk controller card on PC systems.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Monitor, troubleshoot, test and resolve Frame Relay, ATM, MLPPP, PPP, and Dial-up.
• Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /MAN, router/firewalls.
• Wrote IOS and CAT OS upgrade procedures and Pre/Post checks for customer production upgrades.
• Excellent Troubleshooting Skills and Customer Centric approach.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches Confidential access level to 2950, 3550.
• Configuring Vlan’s, VTP’s, enabling trunks between switches.
• Provided estimated bandwidth requirements for data replication, to best determine adequate timing for migration service levels
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst
• Switches Replace branch hardware with new 2851 routers and 2960 switches.
• Implemented Cisco Wireless Access Points and WLC’s Confidential various corporate sites fort 11n Infrastructure and its legacy technologies.
• Troubleshooting of personal computers. On line Support to customers concerning their computer problems.
• Configuring, managing and troubleshooting networks using routing protocols like RIP, EIGRP and OSPF (Single Area and Multi Area).
• Assisted with troubleshooting all network issues with routers and switches when necessary and consulted with on call tech as needed for client.

Environment: Cisco 2950 switches and Cisco 3825 Routers, EIGRP, BGP, MPLS, VLAN, QOS

Confidential

Network Engineer

Responsibilities:

• Responsible for implementing Qos prioritizing voice traffic over a data.
• Implemented SNMP on Cisco routes to allow for network management. Completed the installation and configuration of T1, T3 & OC3 circuits.
• Troubleshoot TCP/IP problems, troubleshoot connectivity issues.
• Configured the Cisco router as IP Firewall and for NATting.
• Worked with the Help Desk for circuit troubleshooting to give Support to the Tech persons Confidential the site.
• Configuring routers and sending it to Technical Consultants for new site activations and giving online support Confidential the time of activation.
• Supporting Development team for the access to corporate network and outside world. Providing access to specific IP, Port filter and port access.
• Experience in Cisco 7200, 7600 routers, Cisco series switches: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
• Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Installed and configured PIX 520, 525, 535 series firewalls, configured standard and extended access-lists and policy- based filters.
• Configured ASA 5510 appliance and VPN.

Environment: TCP/IP networks, Cisco Works 2000, VLAN, VTP, STP, Trunks H/W, network drives, DSL, T1 Lines LAN, WAN, VLANs, IP Access List, Cisco 2620, 3750, 2950 and Link sys.