SUMMARY

• 10 years of experience in administering and configuration security firewalls and F5 devices.
• Strong knowledge of working on network security Firewalls Confidential, ASA, Checkpoint.
• Strong Knowledge of BIGIP F5 LTM and ASM Load balancer configuration and troubleshooting.
• Strong Knowledge of Cisco ASA, Confidential firewalls configuration and troubleshooting.
• Strong Knowledge of Cisco Any - connect VPN setup and troubleshooting.
• Working knowledge on Cisco ISE, Cisco ACS and AAA troubleshooting. Strong working.
• Working Knowledge on Centralized Firewall Management tools of different vendor. (CSM, ASDM for ASA), (panorama for Paloalto), (SDM for Checkpoint).
• Strong Knowledge of working on BIGIQ centralized F5 management tool.
• Knowledge of working on DNS/DHCP setup using (Bluecat IPAM and Infoblox ).
• Knowledge of ticketing tool to manage the organization changes, incident and requests.
• Experience in leading team and guide them on day to day activity and helping them to complete deliverables on time.
• Knowledge of Creating Knowledge based SOP (Standard Operation procedure).
• Knowledge Creating design documents and security documentation.
• Performed Confidential, Cisco ASA and F5 BIGIP device software upgrades.

TECHNICAL SKILLS:

• Technology
• Product
• Network Firewall
• Cisco ASA 5585SSp20, ASA: 5525, ASA-5520, Cisco FWSM
• Confidential PA5060 and Panorama M: 100
• Check Point 12200, Check Point 4600 Appliance
• BIG: IP F5 products
• BIGIP VRP: B2250 Viprion, F5 LTM and ASM load balancer and security
• BIGIP: 7250 Appliance, F5 LTM and ASM load balancer and security
• CISCO Any connect VPN
• Cisco ASA with SSL any connect remote access VPN
• Centralize Management and Configuration tool and other troubleshooting tools
• BIGIQ version 5.3 and 5.4 CSM version 4.17.0Panorama 7.x an 8.xASDM, Smart domain manager, Smart View Monitor, tracker.
• Tcpdump, curl, winscp, wireshark,https watch traceroute, HttpWatchAAA ( Radius and Tacacs )
• Cisco ISE and Cisco ACS
• DNS DHCP
• Bluecat
• Infoblox

PROFESSIONAL EXPERIENCE:

Senior network security engineer

Confidential

Responsibilities:

• Worked on BIGIP appliances Model (VRP-B2250- Viprion) and (BIGIP-7250 Appliance) which supports VCMP.
• Engineering traffic load-balancing, including the design, low level engineering, and application load balancing solutions for client applications as per requirement.
• Collaborating with multiple teams Application owners, middleware, Security team Network Team, DNS Team, and Firewall Team to complete the client requirement.
• Configurations of F5 VIP and associated Pools, Nodes, monitors and TCP/UDP protocol, Http, Fast Http, and Fast L4 profiles as per the customer requirement on F5 load balancer.
• Configuration of Client & Server SSL profiles for (SSL offload) with uploading of Certificate, Key, intermediate chain and root bundle certificates and associating with each VIP.
• Configuration of Persistence profiles, Configuration of irules. Example http to https redirect, URL rewrites. Access control for client IPs.
• Configuration of SNAT, SNMP parameters,, different http profiles.
• Troubleshooting Issues related to VIP, Pool, Monitors, SSL profiles, Log verification using traffic analyzer tool wireshark, tcp-dump, Curl in build logs verifications. In critical issues directly working with F5 vendor to fix the issue.
• Performing minor Code patch upgrades to fix the bugs or vulnerabilities or maintenance release upgrades as per the F5 BIGIP recommendation.
• Strong knowledge of working on F5 LTM, ASM, HA environment and monitoring.
• Performed LTM F5 version upgrades from 11.6.4 to 12.1.2.
• Performed BIG IQ upgrades from version 5.3 to 5.4.
• Working on BIGIQ Centralize management tool used for Configuration, managing, and backups.
• Knowledge using BIGIQ tool for F5 LTMs patches and upgrades as needed.
• Configuring and discovering the new F5s to BIGIQ for centralize management
• Knowledge of working on ASM for Application layer security for F5 VIP security policies.
• Knowledge of building ASM security policy in QA setup and fine tuning and troubleshooting.
• Knowledge of building ASM Security policy Rapid and Fundamental automated template.
• Knowledge of building ASM Security to block known attacked signatures of application, as per security standards. Building Data Guards for data confidentiality, PCI compliance.
• Knowledge of verifying ASM Security rules and helping Application and Security Team.
• Knowledge of working on F5 VCMP Host and managing VCMP guests, Resource allocation and provisioning.

Network Firewall

Confidential, Cisco

Responsibilities:

• Knowledge of Working Confidential firewall PA-5060 and Panorama M-100 (management and log collector).
• Knowledge of Configuration of Confidential firewall security rules to secure external attacks.
• Knowledge of Configuration and building different security profiles in Confidential to secure the Corp edge network (URL filtering profiles, zone blocking profiles, antivirus profiles, anti spyware -wares profiles, DNS sinkhole protection, Data Filtering.
• Configuring Confidential IPS policies with predefined strict vulnerability protection policies.
• Configuration of vulnerability protection policies using Confidential antivirus, application and threat database signatures to block, Alert, reset.
• Working with principle architect and Security Team to create alerting and Security profiles using CVE database.
• Configuration of SSL decryption profiles for Decrypt and No-decrypt traffic.
• Knowledge of Working on HA firewall environment and Backups of firewall configuration.
• Performed Confidential and Panorama firewall upgrades from 8.0.12 to 8.1.10.
• Confidential patches to fix device level vulnerability based on PA reports.
• Working knowledge on Panorama Centralize management tool for managing Confidential and configuration.

Confidential

Checkpoint Firewalls

Responsibilities:

• Configuration and maintenance of Cisco ASA firewall using CSM and ASDM.
• Worked on ASA appliances Model (ASA-5585-SSp20, ASA-5525, and ASA-5520).
• Performed ASA upgrades from version 9.6.4.18 9.8.2
• Design and configuration of ASA firewall in multi context Routed and transparent mode.
• Configuration of firewall ACL rules based on customer requirement to allow and deny network traffic to secured devices/networks from internal and external attacks.
• Working experience on CSM (Cisco security manager for ASA) used for Firewalls configuration. For ACL configuration, Device configuration, taking configuration backups, upgrades.
• Knowledge of using and working on different traffic monitoring and troubleshooting tools, Panorama monitors, CSM even viewer.
• Worked on Check Point Appliance 12200, 4600, and Check point Smart domain managers, and different Checkpoint tools, smart dashboard, smart view tracker and Smart View Monitor.
• Working experience on checkpoint firewall, configuring of access rules, objects services, rules, to protect the internal and external network/system.
• Working experience on Cisco any-connect remote access VPN infrastructure on ASA. Used for company user VPN connection to access the company network from home.
• Configuration and maintaining Cisco Identity Services Engine (ISE) and Cisco ASC for AAA setup. TACAS and RADIUS setup, creating policies on ISE, Creating objects, creating devices.
• Configuration of RSA trust between RSA ISE and RSA servers, certificate management, Domain trust between ISE and AD domains.
• Configuration of Radius and tacacs tryst with AD domain and RSA servers.
• Knowledge managing DNS/DHCP infrastructure using Bluecat and infoblox setup. Configuration of internal and external host records, a record, alias, MX, SFR, Text records. Crating DHCP pools and creating Network subnets and IP blocks, DHCP lease times, Basic knowledge of troubleshooting.
• Working experience on ticketing management tools. Controlling changes using, Change orders, Requests, incidents.
• Assigning tasks to team members to perform Yearly review of firewall rules, Cleanup task for non used rules. Assigning and scheduling failover testing task of Firewalls and F5 LTM and VPN.
• Creating training and knowledge sharing session between principle architect on new design and technologies within project. Creating SOP documents using Visio.
• Arranging monthly discussion within team to talk about learning and challenges of the months.
• Guiding and helping team to perform patching/upgrading of devices during non-business hours during maintenance window.
• Working experience on checkpoint firewall, configuring of access rules, objects services, rules, to protect the internal and external network/systems. Worked 4 years back.
• Entry level knowledge of configuration router switches and Access points, WLCs, and troubleshooting, interface status, device inventory health, basic understanding of about routing and switching, Switch interface status, cdp checks, and trace route and ping).
• Guiding team to create weekly reports and documentation on design.
• Managing Client deliverables and getting work done from Team members by assigning tasks.
• Experience in leading team and guide them complete the client deliverables on time.

NOC Specialist

Confidential

Responsibilities:

• Working and troubleshooting client location Network issues and device issues (interface status, CPU, heath).
• Working and troubleshooting network devices for connectivity for example device router, Switch, AP.
• Working with Vendor and internet service provider for RMA and ETA to fix the issue.
• Daily Operational work that includes managing and working on incident and request ticket queues to respond and manage internet link network problems.
• Interacting with clients based on initial incident or requirement, troubleshooting on initial level and collect possible details.
• Document and updating details of each ticket and routing to next level engineer for further troubleshooting.
• Sending continues email notification and updates on major outage and follow-up with ISP and vendor.
• Network performance guidance by collecting, analyzing, and summarizing data and trends.
• Monitoring edge devices and engaging internet service provider, L3 and l4 teams and working on issue for resolution.
• Working on ticket tool to keep track of incident and request up-to-date.
• Working well under pressure and multi-task. Able to adjust priorities in order to respond to urgent alarm conditions and events.
• Basic Microsoft Office proficiency with Excel and Word for creating weekly reports.
• Creating SLA reports of incidents and request.
• Helping and coordinating in outage calls and engage right engineer on call.
• Continue monitoring on Major sites for main and backup internet link.

Network support Engineer

Confidential

Responsibilities:

• Providing network support on client networks issues in case of ISP network issues.
• Installing Network device on client data center or computer room for initial setup between ISP and local device.
• Monitoring continuously client router and internet link, and in case of issue working with ISP for resolution.
• Coordinating with local ISP and creating ticket to fix the issue.
• Providing and creating weekly and monthly reports for all the clients.
• Basic Network troubleshooting and device issues (interface status, CPU, heath status).
• Site visit if in case router issue or guiding local LCON first level troubleshooting.
• Performing troubleshooting using Ping, trace route.
• Maintaining client device uptime and fixing the issue within SLA time.