SUMMARY:

• Principal Security Engineer with over 8 years of experience, specializing in managing and designing Firewall Deployments, Troubleshooting, Rule Implementation, Policy and Rules review, Policy Pushes, Performance Testing, Problem Mitigation, Network Security Implementation.
• Conducts Cyber Security Assessments to determine vulnerability levels and advise on preventative mitigation measures.
• Experience specializing in network monitoring, for security software installation, and the prevention of cyber security threats/attacks.
• Partners with IT Executive Leadership on identifying strategic security policies, initiatives for the development of multiple programs including information security, compliance, incident response, risk management, and awareness.

EXPERIENCE:

Confidential

Principal Security Engineer

Responsibilities:

• Manages Firewall Deployments, Rule and Policy Implementation
• Checkpoint Configurations including R80.10, VSX, R77 and previous version of checkpoint firewall OS
• Lead firewall upgrade project of Gaia R77 to R80
• Lead firewall migration of Checkpoint devices to Cisco (FMC and FTD)
• Responsible for rule usage reporting and rule analysis pertaining to least access
• Migrated all Checkpoint Gaia embedded devices to full Checkpoint Gaia
• Identifying, Collecting and Analyzing security relevant logs for reporting and compliance purposes
• Develop, implement and updating security policies and rules, supporting customer migrations, configurations and implementations
• Review firewall configurations and other infrastructure - related processes and implementations
• Monitoring Checkpoint management server in HA for network management reliability
• Implemented and deployed network security management tools such as Darktrace and ExtraHop
• Contribute to formulation of policies and best practices for network security management
• Managing Checkpoint Firewall Deployments, Upgrades, Backups, Troubleshooting, Rule Implementation and Monitoring
• Monitors Firewall traffic using tcpdump/fw monitor for packet capture and packet analysis
• Direct Firewall software/hardware refresh and migration, Cluster Implementation and resolving software end user issues
• Troubleshooting routing issues and configuring ISP redundancy
• Managing network intrusion detection/intrusion prevention systems
• Adept at preparing detailed Risk and Vulnerability Reports to Executive Leadership and external vendors by using security devices dashboard such as ExtraHop and Darktrace
• Experience managing VSX Configuration and Installation

Confidential

Senior Network Security Engineer

Responsibilities:

• Managed Firewall Deployments, Rule and Policy Implementation
• Managed Checkpoint Gaia R80 SMS and gateways
• Migrated R77 to R80 Gaia
• Reviewed and Managed firewall policy
• Involved in putting together Security architecture/design
• Configured and administered security rules and policies to permit and/or deny user traffics based on company security policy
• Lead Security Engineering team during the upgrade process
• Worked with other vendors/contractors to analyze Firewall rules and policy as part of pre-upgrade project
• Lead Security Engineering team to gather and analyze PCI data to create rules in the firewall
• Supported company's global network and voice environments (including firewalls, VPN devices, switches, routers and WAN optimization appliances) from layer 1 through 7, using ticketing systems to track progress
• Planning, testing, and implemented new Checkpoint firewall installations, IPSO upgrades and evaluates hotfixes and patches installations
• Provided after hours, on-call and escalation support on 24x7 for network and voice environment, including system outages and incident response

Confidential, Dearborn, MI

Senior Network Security Engineer

Responsibilities:

• Designed and implemented network infrastructures to best fit organization’s security requirements, budget and timeline
• Planned, implemented and documented change of services including hardware replacement and enhancements
• Lead checkpoint firewall upgrades from Gaia R77 to R80, and assisted with migration from Fortigate Firewalls to Checkpoint
• Configured Checkpoint VPN to tunnel encrypted data over the public network
• Responsible for rule usage reporting and rule analysis pertaining to least access
• Lead Engineer managing firewall deployments in various call centers and all Confidential branches in Southern Region
• Planned, tested, and implemented new firewall installations, IPSO upgrades, Checkpoint upgrades, and evaluates hotfixes and patches installations
• Built new VSX Checkpoint devices from initial configuration and completed installation and deployment
• Lead Engineer during new VSX box deployment to replace Gateway physical devices
• Lead Manager in deploying new technologies to data center and branch offices including firewall, wireless and switching technologies
• Worked with network engineering group to address system and network issues
• Reviewed and recommended secure system configurations for workstation laptops, and provided security recommendations
• Using firewall logs to troubleshoot packet drop and tcpdump to track firewall real-time data
• Configure Intrusion Prevention profile (IPS) in the Security Management Server to prevent traffic coming in from an unauthorized region and investigated network anomalies
• Resolved critical system and network issues on a 24/7 basis including complete network outages affecting call centers and regional branches
• Monitor system and network activity for attack and intrusion

Confidential, Chattanooga, TN

Network Security Engineer

Responsibilities:

• Managed Checkpoint GaiaR80.10, R77.3 Firewalls, and encryption technologies, including VPN, TLS, and SSH/TLS
• Used routing table and firewall logs to troubleshoot, tcpdump to track firewall real-time data.
• Created and implemented migration plans for Checkpoint Firewalls R71.20 and R7 .20 and R77.30 running Gaia
• Assisted Executive Management in identifying gaps between policies and process, while developing recommendations to remediate control weaknesses and managing IT control metrics
• Performed Level 3-4 security implementations, vulnerability assessments and intrusion detection
• Configured and administered security rules and policies to permit and/or deny user traffics based on company security policy
• Implemented network security for remote access, configuring site to site and clients to site VPN tunnels
• Monitored Checkpoint VPN tunnel activities with Smart View Monitor and troubleshoot VPN issues with CLI
• Configured URL filtering to enable and/or disable user traffic access to unauthorized web sites
• Troubleshot and monitoredCheckpoint Firewall traffic issues using SmartView Tracker, SmartLog and SmartView Monitor as well as CLI commands
• Created and maintained Antivirus and Firewall policies to meet special needs for field laptops, standard desktops, laptops and server
• Conducted security policy/rule review to identify and remove rules that are not necessary to reduce checkpoint firewall policy lookup
• Managedsecurity update manuals and addressedorganizational concerns
• Updated security software on a regular basis to prevent security threat
• Analyzed logs and make necessary network reports using Smart Reporter console application
• Analyzed captured traffics using Wireshark during troubleshooting
• Maintained clear communication with external vendors and service providers to ensure security was maintained and integrated into all network connectivity activities efficiently and effectively, with minimal downtime

Confidential, Colombia, SC

Network Security Analyst

Responsibilities:

• I ns tal led, c onfigur ed a nd mai ntained Checkpoint and Palo Alto firewalls
• ImplementedSecurity Rules and Zone Based Firewalling on Palo Alto Firewall Appliance
• I dentifieda nd removed Sec ur ity polic ie sthat a re not ne ede d to r educ e Palo Alto and che ck poin t f irewa ll polic y
• Configured routing in che ck point G a ia and Palo Alto firewalls
• Implemented IPS, DLP and UTM features on the firewall for added security purposes
• Maintained the security standards across all security devices as per agency security policies
• Configured, troubleshoot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, software, or hardware problems
• Configured Virtual router, zones, Static routing, OSPF in Palo Alto firewall
• Configured of SSL Decryption, Global protection on Palo Alto firewall
• Configured rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools
• Maintained all networking devices and infrastructure across the enterprise including switches, routers and firewalls
• Created detailed upgrade plan and step by step implementation documentation in conjunction with a comprehensive test plan
• Analyzed firewall rules to identify rules that can be removed and work with the appropriate teams to get those rules removed
• Created network vulnerability assessment report of about twenty 20 systems and applications to identify all vulnerability severity that pose threats to the system/applicationCompiled results and presented to Executive management in demonstration of high level pictorial and statistical view of system issues
• Responded to security request tickets, including software vulnerability evaluation, website blockage, and firewall rule set inquiries
• Ensured that users complied with usage standards and act as a first point of contact for HIPAA compliance/requirements issue to prevent non-compliance of the regulation

Confidential, Northbrook, Illinois

Information Security Analyst

Responsibilities:

• Configure IP-SEC VPN for user traffics that needs to be encrypted using Fortigate and Checkpoint firewalls
• Work with Fortigate NGFW appliances 1500D and 1200D
• Configured Checkpoint and Fortigate VPN to tunnel encrypted data over the public network
• Designed and implemented network infrastructures to best fit customer security requirements, budget and timeline
• Maintained, upgrade, and supported existing systems and infrastructure to ensured operational stability while acted as a vendor liaison, owned resourcing, issue management, and documentation
• Provided network and firewall support to various internal groups for upgrades, migrations and installations of various applications
• Reviewed and modified access control lists (ACLs) on network switching and routing equipment as needed to maintain security standards
• Primary administrator for firewalls, DNS, Email gateway, FTP, VPN, and other internet services
• Scanned network, server, web application for vulnerabilities with Tenable Nessus tools
• Monitored system and network activity for attack and intrusion
• Resolved critical system and network issues on a 24/7 basis including complete network outages effecting all Organization network system
• Deployed, managed and maintained all security systems including antivirus software, security event monitoring, and intrusion prevention