PROFESSIONAL SUMMARY:

• Experience in Network security, including hands - on experience in security network design providing network support, installation and analysis.
• Network Security Professional with 19 Plus years of experience in Designing and troubleshooting LAN, WAN, in Branch, Campus and Data Center environments.
• Expert level knowledge of troubleshooting, implementing, optimizing and testing of Checkpoint, Juniper SRX and Cisco ASA’s; ability to interpret and resolve complex problems.
• Extensively worked on Juniper models EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240 SRX3600.
• Experience in troubleshoot network issues including boundary protection devices, Cisco Nortel/Avaya and Bluecoat Proxy Servers
• Strong knowledge base in the design and deployment of Blue Coat Proxy SG, Cisco Ironport, Poofpoint, Juniper SRX and Checkpoint firewalls
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Cisco PIX, NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN and Foundry / F5 Load Balancers
• Working knowledge of IPsec VPN's, OSPF, BGP and EIGRP routing protocols, NAT, sub-netting, also including DNS, WINS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.
• Working knowledge of Akamai Prolexic and Amazon AWS cloud infrastructure and security
• Good knowledge and experience in Configuration and Administration of Splunk, ArcSight and McAfee SIEM tools
• Good knowledge and experience in Installation, Configuration and Administration of Windows Servers 2000/2003, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under various WAN environments

TECHNICAL SKILLS:

Routers: 1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200), ASR 1K and 9K.

Cisco Switches: 2900, 3500, 4000, 4500, 5000, 5800, 6500, and 7600 Nexus 2k, 3k, 5k and 7k

Juniper: E series, J series and M series. Juniper SRX & Netscreen, T -Series, MX-Series Routers.

Routing Protocol: BGP, OSPF, EIGRP, IGRP, LDAP, IGMP, RIP), Routed Protocol TCP/IP, SIP, Multicasting (PIM), 802.1Q.

LAN Protocol: VLAN, PVLAN, dot1q, STP, IS-IS, RSTP, MSTP, IPVST, LACP, HSRP, GLBP, VPC, VDC, Ethernet, Port security.

WAN Technology: Frame Relay, ISDN, ATM, WAAS, PPP, ICMP, L2VPN, L3VPN, E1/T1/DS1/DS3

Network Management: SNMP v2, v3, Syslog, HP Open View NNM, Net flow Analyzer, Sniffer, Wireshark, Cisco Works, 3Com Network Analyzer, Solar Winds, Orion.

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Operating systems: Linux, UNIX, DOS, Windows XP/2007/2008, Windows 2003 server and Windows 2008 server

Network Security: NAT/PAT, Ingress &Egress Firewall Design, VPN Configuration Internet Content Filtering, Knowledge of Firewall, ASA, Cisco PIX/ASDM, Cisco NAC, IPSEC, Nokia Checkpoint NG, SPLAT, IPS/IDS (Snort), IPS 4260.

Application Protocols: DHCP, DNS, FTP, HTTP, SMTP, TFTP.

IPS/IDS: Snort, Fortinet IPS, ASA IPS, Sourcefire, Checkpoint IPS, Juniper IPS, Symantec HIDS

Documentation: Microsoft Office, Visio

PROFESSIONAL EXPERIENCE:

Confidential, Framingham, MA

Security Engineer

Responsibilities:

• Installation and administration of 1000+ Checkpoint R77.30 Firewalls and Fortigate firewalls.
• RMA and replace Checkpoint & Fortigate soho devices in stores.
• Monitor tickets and push changes for new devices and projects.
• Cloud infrastructure security, policy and spec for Microsoft Azure.

Confidential, Woonsocket, RI

Security Engineer

Responsibilities:

• I was brought on to configure cisco ASA firewalls with new firewall polices
• Diagnose and resolve issues with cisco ASA firewalls
• Attend project meeting and implement new project rules.

Confidential, Mason, OH

Squid Caching Architect

Responsibilities:

• I was brought on to configure, test, and handoff four new squid proxy servers
• Diagnose and resolve issues in the old infrastructure to bring stability the retail stores
• Optimize performance of traffic flows through the squid proxies old and new
• Provide design and support for HTTPS traffic for a new eLearning module
• Troubleshooting of NetScaler and F5 Big-IP load balancers

Confidential, Boston, MA

Sr. Network Engineer

Responsibilities:

• I lead a team of 8 with configuration and maintenance of, 85 Checkpoint Power1 devices and virtual SPLAT instances
• Optimized performance of the security infrastructure (Checkpoint,) with Core xl process and interface distribution
• Migrated datacenter Checkpoint UTM devices to SPLAT VM instances
• Configuration and troubleshooting of F5 Big-IP LTM-6400 load balancers
• Installation and administration of Checkpoint R75.40, R77 Firewalls
• Implemented firewall policy change on the Checkpoint clusters.
• Verified and Validated the Firewall policy on Checkpoint R75, R77 clusters for unused rule and helped consolidating rule
• Provided support for troubleshooting and resolving Customer and user reported issues
• Clous Infrastructure, system design and security Amazon AWS
• Upgrades, installs, configuration and administration security and monitoring tools on Linux
• Designed and implemented DMZ for Web servers, Mail servers (Proofpoint) & FTP Servers using Cisco ASA5500 Firewalls
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems
• Performing network monitoring, providing analysis using various tools like Wireshark, Solarwinds etc.
• Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network
• Responsible for Cisco ASA 5500 firewall administration, Rule Analysis, Rule Modification

Confidential, Lynn, MA

Security Engineer

Responsibilities:

• Troubleshooting issues related to Layer 1/2/3 skills like switching / routing, WAN /Hardware and critical network links by coordinating with the vendor
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation
• Worked extensively in Configuring, Monitoring and Troubleshooting Twenty-three Checkpoint Power1 clusters and four management servers
• Handling enterprise outages effectively and driving towards the resolution. Coordination of fault escalations in conjunction with the 1st high-level technical management of high priority or technically complex calls.
• Configuring IPSEC VPN on Checkpoint firewalls
• Other responsibilities included documentation and supporting other teams
• Experience in Checkpoint desktop suite for encryption, VPN and Anti-Virus
• Implemented Indeni monitoring for all Checkpoint devices to create a more proactive environment.
• Worked with McAfee SIEM for log aggregation and forensic analysis of events
• Cloud Security Infrastructure Configuration, Prolexic Akami

Confidential, Portsmouth, NH

Security Engineer

Responsibilities:

• Troubleshooting issues related to Layer 1/2/3 skills like switching / routing, WAN /Hardware and critical network links by coordinating with the vendor.
• Troubleshooting and maintaining twenty Juniper SRX 5600’s across the globe
• Implemented restructure of all Ironport ESA and WSA polices
• Troubleshooting and configuring Juniper SSL VPN devices and polices
• Troubleshooting the Juniper SRX100 and 110 series, Juniper Net screen routers with Site-Site VPN, and firewalls
• Strong hands on experience on ASA (5505/5510) Firewalls. Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
• Experience in adding firewall rules, Network address Translation and also in creating multiple security contexts (virtual firewalls).
• Involved in setting up IP sec VPN between ASA and Checkpoint firewalls.
• Upgraded IOS on the ASA 5520 firewalls
• Configuring RIP, OSPF, EIGRP and BGP
• Involved in design and implementation of Data Center Migration, worked on implementation
• Working Knowledge of Cisco IOS, Cisco IOS-XR, Cisco Cat OS, Cisco NX-OS, JUNOS
• Experience with configuring BGP in the data center and also using BGP as a WAN protocol and manipulating BGP attributes
• Implemented various SRX Juniper devices
• Worked with ArcSight SIEM for log aggregation and forensic analysis of events

Confidential, Boston, MA

Field Engineer

Responsibilities:

• Involved in Configuring and implementing of Composite Network models which consists of a proprietary LAND device
• Basic and advance Linux administration and configuration
• Built site-to-site IPsec VPNs to facilitate adding new business partners to new and existing infrastructures.
• Creating and maintaining PKI certs for encrypted communication

Confidential, Braintree, MA

Security Engineer

Responsibilities:

• Support 24x7 operations and answer calls from the customers on network emergencies and resolve issues
• Configured and troubleshoot Checkpoint Nokia ip, SPLAT and Power1 firewalls
• Configured and troubleshoot Juniper ISG and SRX firewalls
• Configured and troubleshoot Juniper SSL VPN
• Configured and troubleshoot Barracuda Load Balancer and next gen firewalls
• Configured and troubleshoot OSPF and EIGRP.
• Configured and troubleshoot aruba wireless controllers and AP’s
• Responsible for Configuring SITE TO SITE VPN on VPN Concentrators series between Head office and Branch office
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall
• Configured Firewall logging, DMZs & related security policies& monitoring
• Worked on Cisco Layer 2 switches (spanning tree, VLAN).
• Hands on experience working with security issue like applying ACL's, configuring NAT and VPN
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for security
• Involved in Network Migrations
• Configuring Cisco and Juniper devices (Router & Switches)
• NAT and IPsec configuration on Cisco Routers.
• Configured VLANs, Private VLANs, VTP and Trunking on switches.
• Hands on Experience in Inter-vlan routing, redistribution, access-lists and dynamic Natting
• Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management and operations support as required
• Conduct through analysis, problem solving, and infrastructure planning
• Troubleshoot and fix any backup and monitoring systems related issues in conjunction with Systems team and external vendors.

Confidential, Framingham, MA

Security Engineer

Responsibilities:

• Support 24x7 operations and answer calls from the customers on network emergencies and resolve issues
• Configured and troubleshoot IBM ISS intrusion prevention systems
• Configured and troubleshoot SourceFire intrusion prevention systems
• Designed IPS network to protect PKI and PII information
• Responsible for Configuring ASA 5520 polices WAN/LAN

Confidential, Canton, MA

Security Engineer

Responsibilities:

• Support 24x7 operations and answer calls from the customers on network emergencies and resolve issues
• Configured and troubleshoot Checkpoint Nokia ip and SPLAT firewalls
• Configured and troubleshoot Juniper ISG and Netscreen firewalls, Juniper SSL VPN, Barracuda Load Balancers
• Configured Firewall logging, DMZs & related security policies& monitoring
• Hands on experience working with security issue like applying ACL's, configuring NAT and VPN
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for security
• Involved in Network Migrations
• Troubleshooting network problems.

Confidential, Dorchester, MA

Security Engineer

Responsibilities:

• Support 24x7 operations and answer calls from the customers on network emergencies and resolve issues
• Upgrade firewall infrastructure from a Nokia IP440 to four clustered pairs of SPLAT devices
• Worked extensively in Configuring, Monitoring and Troubleshooting Nortel Connectivity VPN
• Migrated Nortel Connectivity to an ASA 5520 high availability pair
• Involved in Network Migrations
• Involved in Network design and restructure from a flat network to sonnet ring
• Involved in creating a secondary WAN link
• Configured cold standby backup infrastructure
• Worked extensively in Configuring, Monitoring and Troubleshooting spam relay’s (Postfix/ SpamAssassin)
• Worked extensively in Configuring, Monitoring and Troubleshooting squid proxies with auto proxy PAC files
• Architected Tandberg A/V conferencing infrastructure