SUMMARY

• 10+ years of experience in various roles Network Architect / Firewall /Security Engineer, including hands - on experience in providing network design, deployment, support, installation and analysis. Experience in providing a wide range of Network Infrastructure and Security Solutions for LAN / WAN, Enterprise and Data Center Environments.
• Strong knowledge of fundamentals such TCP/IP, Routing, Switching, Firewalls, Network Design, Deployment, Monitoring, troubleshooting and High Availability .
• Strong Experience with Automation working with Ansible Playbooks, Python Scripts, Postman scripts API to automate many tasks on of multivendor Network Devices
• Experience working with Virtual-Firewall’s on Cloud (AWS ) and on VM’s.
• Experience Working in Large Multi-Vendor Environment such as Cisco, Juniper, BIG-IP, Palo Alto Checkpoint, Fortigate, Solarwinds, Splunk etc.
• Experience Working with Network, monitoring, troubleshooting tools, orchestration suites such as Solarwinds NPM, Sevone, Wireshark, Firemon, Tufin, AlgoSec.
• Strong Background working with Security tools such as McCafee, Symantec, Nessus, Nmap, Nipper, Splunk, Qradar, Cylance, endpoint Protection suites, Bit-Locker etc.
• Experience with Cisco ISE, ACS, NAC, Radius, Tacacs for AAA, Network Access-control, Profiling, Posturing
• Experience and working knowledge on working with Switching and Routing Technologies such as Cisco Nexus, Cisco Catalyst configurations. Experience working with Cisco IOS, IOS-XR, NX-OS, JunOS for configuration & troubleshooting .
• Strong background on Layer 2, Layer 3, TCP/IP, OSI models understanding the network as a whole
• ITIL process management analyze and design service management processes, research and present best practices, and drive for continuous improvements
• Process Definition and Implementation: Lead the design and development of ITIL/ITSM best practices, processes
• Independently develop, analyze, manage and publish KPIs/Metrics to be used to measure the effectiveness and efficiency of the "in scope" ITSM processes
• Build and establish solid working relationships by providing timely, accurate and high quality information to peers, subordinates, upper management and/or customers. Builds and maintains a strong working knowledge of the business areas and builds strategic relationships
• Knowledge in preparing Technical Documentation and presentations using Microsoft VISIO/Office.
• Excellent technical and project management skills combined with strong communication skills
• Experience working with Customer Facing roles, Customer management, problem solving, debugging skills and capable of quickly learning, effectively analyzing results, implementing and delivering solutions as an individual and as part of a team.

TECHNICAL SKILLS

Firewalls: Cisco ASA, Firepower, FTD, Palo Alto, Checkpoint, Fortigate, Juniper SRX.

Layer 2 & Layer 3: Switching (VLAN, VTP, dot1q, Spanning-tree, PVST, Routing Protocols (Static, Dynamic, EIGRP, OSPF, BGP), Cisco Catalyst, Cisco Nexus, Cisco ACI, Redundancy and High Availability.

Load Balancing: F5 LTM, GTM, Cisco ACE

Access-Control: Cisco ACS, NAC, Cisco ISE

Security tools: Nessus, Splunk, Qradar, Cylance, McAfee, Symantec, Bit-Locker

Monitoring: Solarwinds NPM, Sevone, Nagios

Configuration management: Cisco Prime, FireMon, AlgoSec

Operating Systems: MS Windows, MS Server, Linux

Office Suite: Outlook, Word, Excel, Vizio

Automation & Scripting: Ansible, Python.

PROFESSIONAL EXPERIENCE

Confidential, Baltimore, MD

Network Security Architect

Responsibilities:

• Design, Engineer, Deployment and Administration of Firewalls, Network Security devices in HA for Datacenter without impacting production
• Expertise with Palo Alto Next-Generation devices
• Deployment of Palo Alto 5260’s and 7050’s in HA pair for Multiple Data-centers.
• Deployment and administration of Panorama firewall management tool to administer Palo Alto Firewalls.
• Responsible for Migration from Legacy Cisco ASA firewall (Pix, FWSM) to Palo Alto firewall. This includes objects. Object-groups, Security rules, NAT rules. Also move from Layer 4 port based rules to Layer 7 application based rules.
• Implement the Next generation firewall features such as URL-filtering, AV, AS profiles, Vulnerability Protection, Threat Prevention. Also implement SSL Decryption Policies on Palo Alto’s.
• Upgrade PAN-OS code from 6.1 to 8.1 in Palo Alto firewalls.
• Migrate form Cisco ASA/Pix to Cisco Firepower 2100/4100 with ASA logical system and FTD.
• Design, Engineer, Deploy, Remote Access VPN for 10,000+ user with redundancy at multiple sites. On Cisco Firepower 4120 and 4150 appliances.
• Deployment of Cisco Firepower 4150. Firewalls as edge Firewalls. Devices with FTD code for next generation features. Setup Cisco Firepower Management Center (Firesight) to manage Firepower Next generation Features such as IPS, Application Control, Advance malware protection (AMP)
• Deployment and administration of Fortinet Fortigate 1500D, 200D Firewalls
• Administration with Of Firewalls with tools such as Forti Analyzer, Forti Manager
• Deployment and administration Configuring Cisco ASA 55XX Firewalls
• Experience with Deployment and administration of Cisco ISE for NAC, AAA. This involves setup of Policy Elements, AV definitions, Profiling of Endpoints. End point compliance-posturing.
• Deploying Cisco ISE in wired environment to perform Dot1x port based authentication configure the Posture polices for users connecting to the corporate network
• Configuring Cisco Catalyst Switches for Dot1x support testing the IOS compatibility with Cisco ISE
• Integrating Configuring Cisco Wireless LAN Controllers WLC with Cisco ISE to perform Dot1x authentication for Wireless users.
• Integrating Configuring Cisco ASA Firewalls with Cisco ISE to the Posture policy compliance perform CoA for remote VPN IPSec, SSL AnyConnect users.
• Integrating Configuring RSA SecurID with Cisco ISE for Token based authentications using RSA Native method RSA RADIUS method for user's remote VPN users.
• Integrating ISE with external identity stores such as Windows AD, Cisco ACS LDAP.
• Strong experience with Automation. Automation of large number of tasks for Multiple Vendors for backups, blocks etc using Ansible Playbooks and Python Scripts.
• Administer and use orchestration Suite Firemon to manage configurations, Backups, check compliance on firewalls.
• Working for a Large Environment with 100+ (physical, Virtual) Firewalls spread across multiple Data Centers with Cisco, Palo Alto, Juniper, Fortinet, and Checkpoint vendors.
• Experience with Deployment of Firewalls on AWS
• Experience with AWS, VPC, NAT’s, Networking on Cloud, Troubleshoot issues leveraging VPC flow logs and researched Security incidents, alerts based on QRadar Network Flow and Log Activity.
• Worked on Standardizing nonstandard configurations and reduced hardware and software variability.
• Experience with Splunk Security Infrastructure and Event Management. (SIEM). Using Splunk for search and analysis of logs.
• Troubleshoot and researched Security incidents, alerts based on Splunk Network Traffic Flow and Log Activity.
• Dedicated security monitoring and analysis of cyber security events (Triage) of tracking phishing URLs, and emails and deep dug investigations.

Confidential, Charlotte, NC

Security Engineer

Responsibilities:

• Expertise with Design, Engineer, Deployment and administration of Firewalls, Security devices
• Deployment of Palo Alto 5060’s, 3020, and Panorama to administration
• Administration of Palo Alto Firewall and Panorama firewall management tool to administer Palo Alto 5050, & 5250 device groups.
• Deployment of Palo Alto Firewall VM’S in on Servers Deployment of Palo Alto Firewall’s on AWS cloud.
• Configure and troubleshoot IPSEC VPN form Site to Site with Cisco, Palo Alto, and Checkpoint Devices as peer. Configuring and troubleshoot Global protect SSL VPN for Work from Home Users on Palo Alto
• Configuring Security Policies, NAT polices for Access control, inter zone connectivity, External Access on Palo Alto Firewall. Experience with Palo Alto Global protect VPN and cloud service
• Deployment and administration of Fortinet Firewalls
• Administration with Of Fortigate Firewalls with tools such as Forti Analyzer, Forti Manager
• Experience with Automation. Automation of large number network appliance of tasks for Multiple Vendors using Ansible
• Experience with Deployment of Firewalls on AWS
• Experience with AWS, VPC, NAT’s, Networking on Cloud, Troubleshoot issues leveraging VPC flow logs and researched Security incidents, alerts based on QRadar Network Flow and Log Activity.
• Analyze and review data from SIEM - Qradar for suspicious activity and trigger alerts to the concerned teams and applying rules and Building Blocks to SIEM
• Dedicated security monitoring and analysis of cyber security events (Triage) of tracking phishing URLs, and emails and deep dug investigations.
• Investigating logs and payloads for server crashes/core dumps, DDoS attacks, SQL/XSS, SPAM, etc.
• Administered Cylance Antivirus and Cylance Endpoint Protection across the entire network to include removal of viruses, update of definitions, pushing upgrades, managing accounts and configuring policy settings.
• Experience with Bluecoat (Proxy/Reverse Proxy), Zscaler,
• Experience with Zscaler for Url Filtering. Connected to Hotspot with Zscalar Cloud
• Configure Zscalar Security Policies to protect user and company devices based on security Policies
• This includes developing customized signatures, enterprise content filtering, or firewall ACL change recommendations.
• Administered Malware Bytes across the entire network to include removal of viruses, update of definitions, pushing upgrades, managing accounts and configuring policy settings
• Monitor and analyze data feeds of events and logs from firewalls, routers, and other network devices or host systems for security violations and identify vulnerabilities.
• Responsible for performing periodic Vulnerability assessment (VA) as per the security policy and standards.
• Actively used NMAP for port scanning and made sure only appropriate ports are in use.
• Actively researched on any security gaps that are beyond the ability of detection by any security scanner.

Confidential, Richardson, TX

Network Security Engineer

Responsibilities:

• Deploying Cisco ISE in distributed deployment for wired environment to perform Dot1x port based authentication and configure the Posture polices
• Configuring Cisco Catalyst Switches for Dot1x support testing the IOS compatibility with ISE
• Integrating Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x authentication for Wireless users.
• Integrating Configuring Cisco ASA Firewalls with ISE to the Posture policy compliance perform CoA for remote VPN IPSec, SSL AnyConnect users.
• Integrating Configuring RSA SecurID with ISE for Token based authentications using RSA Native method RSA RADIUS method for user's remote VPN users.
• Integrating ISE with external identity stores such as Windows AD, Cisco ACS LDAP.
• Deployment and configuration of Tufin for Firewall compliance analysis and Policy management
• Experience with Tufin for Firewall administration
• Installing and configuring Qualys in premises and on cloud environment. Responsible for performing vulnerability assessment on critical systems using Qualys.
• Configured and scheduled Qualys Scanner in QRadar to perform scan on regular intervals.
• Exercise with Cisco Source Fire IPS and IDS devices with Firesight Management Center. Analyze and review data from. Maintained sensors including scripting, updating IDS/IPS vendor signatures, fine-tuning, and troubleshooting and resolving of networking incidents.
• Analysis using logs for suspicious activity and trigger alerts to the concerned teams. Analysis of multiple log sources including firewalls, routers, switches, web servers and multiple networking devices. Research online about security incidents and accurately identify vulnerabilities and threats and implement appropriate measures to remediate the same
• Experience with Bluecoat (Proxy/Reverse Proxy), Zscaler, Experience with Zscaler for Url Filtering
• Connected to Hotspot with Zscalar Cloud
• Configure Zscalar Security Policies to protect user and company devices based on security Policies
• Worked extensively in Configuring, Monitoring and Troubleshooting Checkpoint security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Administration of Service Requests, Incident Tickets, troubleshooting of CheckPoint 15000, 23000 series firewall. Implementation, configuration of Policies and troubleshooting of Checkpoint Firewall via GAIA
• Adding security rules and pushing the security policy on Checkpoint Using Smart Update, User Management and Authentication in Checkpoint Firewall.
• Software Upgrade projects across F5 Upgrade of Big-IP from 11.6 to 13.0
• Configuration and Deployment of new Big IP F5 LTM and GTM load balancers across Multiple Data Centers
• Day to Day activities Include Incident Resolution and Service Request for Creating new WIP and VIP’s on the F5 LTM/GTM. Virtual Edition and the F5 BigIP VIPRION 4800, 4480 Hardware.
• Configure Server Pool, Pool Members, and Server nodes for a VIP. Configure SNAT and NAT for accessing the content from Internet. Configure Different types of Monitors to Check the health of Servers. Configure advanced features on VIP’S such as Profile for Cookie persistence, SSL termination.
• Troubleshoot issues related to Application slowness by Analyzing nodes, Health monitors, and Server pools.
• Management of F5 LTM & GTM Load Balancers. This Includes Incident Resolution Tickets, Service Request Tickets, Certificate renewals.
• Configuration and troubleshooting of Issues related to VIP’s, Server pool’s, Redundancy, Persistence,

Confidential

Network Engineer

Responsibilities:

• Provide Subject Matter Expertise in Network Firewall, routers, switches, and security technologies.
• Experience with Design, Update, Implementation, of Data center migration. Involving in Access, Distribution and Core layers.
• Hands on Experience working on NextGen Firewalls such as Firepower 9300, Firepower 4100, Cisco Firepower Management Center.
• Experience with Cisco Identity Services Engine (ISE)
• Administration of Service Requests, Incident Tickets, troubleshooting of Checkpoint / Juniper SRX/ Cisco ASA Firewalls.
• Building, Deploying and Supporting CheckPoint firewalls including r77, r80 versions.
• Analyze Checkpoint firewall and Splunk logs to perform rule usage analysis and identify unused rules
• Support Checkpoint firewalls refresh and upgrade activities along with patch management
• Checkpoint Firewall Policy management and analysis
• Creation of implementation standards and configuration templates
• Management of Firewall policy managers
• Strong Experience in Load balancing solutions by implementing F5 LTM in Various Environments.
• Operations and Management, troubleshooting F5 LTMs & GTMs for the Web Applications/ corporate applications, their Speed & availability.
• Experience working with Cisco Nexus 7000 as Core Switches, and Nexus 5500, 2148, 2248 series at Distribution and access level.
• Performing troubleshooting on slow network connectivity issues, routing issues that involves OSPF, BGP and identifying the Root Cause Analysis of the issues.
• Worked On UNIX, Linux, and Windows Platforms and involved in capacity planning of Network Maintenance.
• Hands-on experience on VMware, VSphere, virtualization
• Strong Experience in working with F5 Load Balancers and their Implementation in various Networks.
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on Cisco Catalyst switches
• Handle Incident tickets & Service Requests related to Cisco ASA firewall, & VPN along with the connectivity issues and provide prompt support when any issue pops up.
• Mitigated and eliminated the potential risk, defects, trends and vulnerabilities from rapid scale of the environment and ensured network agility without compromising quality.

Confidential

Network Engineer

Responsibilities:

• The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
• Configured and resolved various OSPF issues in an OSPF multi area environment.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Cisco ASA 5510, 5540 Firewall Administration, Rule Analysis, Rule Modification
• Troubleshoot by Analyzing traffic passing managed firewalls via logs and packet captures.
• Analyzed customer application and bandwidth requirements, ordered hardware and circuits, and built cost effective network solutions to accommodate customer requirements and project scope
• Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc)
• AAA implementation using Cisco Secure ACS (TACACS+, RADIUS)Identify, design and implement Flexible, responsive, and secure technology services
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
• Verify network status using basic utilities (including: ping, trace route, telnet, SSH, ARP, ipconfig)
• Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
• Strong knowledge on networking concepts like TCP/IP, Routing and Switching
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.