SUMMARY

• Network Security Engineer with Over 8+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Extensive work experience with Cisco Routers, Cisco Switches, F5 Load Balancers and Checkpoint, Juniper SRX, ASA & Palo Alto Firewalls.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experience in configuring, troubleshooting and maintaining Cisco routers: 2500,2600, 3600, 3700, 3800, 7200 series, Nexus 2k, 4k, 5k, 7k, 9k, ISR, ASR 1k, Catalyst Cisco Switches: 2900, 3750, 3850, 4500,6500 series and Firewall: ASA
• 5500 Series, Palo Alto 500, 2000, 5000 Series, Checkpoint R80.10, R77.30, ASA 5585, 5540, Juniper SRX 3600, Panorama, CSM, Checkpoint Smart Console, VSX, Aruba Wireless Devices.
• Experience with designing, deploying and troubleshooting LAN, WAN, Frame - Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), BGP Peering, ACL's, NAT, VLAN, STP, VTP.
• Experience in configuring and troubleshooting issues with Cisco Prime, Cisco ISE (Identity Services Engine) and SDN. (Software Defined Networking).
• Hands on experience with telnet, vlan and other configuration and deploying the same into multiple networking devices like routers, switches and firewalls.
• Configuring and troubleshooting security technologies like ACL (Standard & Extended), NAT (Static, Dynamic), and PAT, GRE Tunnels, VPN (IP-Sec, SSL, Site to Site), Network Access Control (NAC), AAA TACACS & RADIUS servers, Cisco Secure ACS, BIG-IP F5 Load Balancer LTM 6400, ASA 5500 Series, and Palo Alto Firewall.
• Migrated from all the other firewalls to the NexGen Palo Alto firewall series like 3050 and 5020 series.
• Involved in Threat Prevention, URL Filtering, Malware analysis and global protection.
• Responsible for Cisco ASA firewall administration across our global networks.
• Provided administration and support on Bluecoat and WSA Proxy for content filtering and internet access between site and VPN client users.
• Hands on experience on Up-gradation of Cisco IOS (IOS RX & NX OS) of different Cisco devices & modules.
• Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP) etc.
• Expertise in configuration of routing protocols and deployment of OSPF, EIGRP, BGP and policy routing over Cisco routers, Route-Filters, Prefix-List, Distribute-List, Route-Maps.
• Migrated from all the other firewalls to the NexGen Palo Alto firewall series like 3050 and 5020 series.
• Involved in Threat Prevention, URL Filtering, Malware analysis and global protection.
• Sound knowledge on DMVPN, MPLS technology L3 VPN, QoS Services, Bluecoat packet shaper, Cisco Secure Access Control Server (ACS), OpenDNS, IPS/IDS, Cisco Security Appliance.
• Experience in adding Rules, URL Filtering, Identity Awareness, End-Point Security, Licensing, Application Control & policy provisioning and monitoring Checkpoint Firewall (4000, 5100, and 5200) traffic through Smart Dashboard, Smart View Tracker applications.
• Provisioned Checkpoint firewalls integrated with an AWS environment.
• Implemented AWS networking services Amazon VPC for the Private/Public Cloud, EC2 instances, IAM, and S3.
• Experienced in Cisco Identity Service Engine (ISE) Devices 3350, 3300.
• Efficient designing of IP Addressing Scenario using IPAM (IP address management), VLSM and Sub netting.
• Wireless Network, 802.11 (B, G, N &A) frequencies, Radio Frequencies. Wireless Security.
• Configuring and troubleshooting with Networking tools such as Solar Winds Tool, Net Flow Analyzer, Nagios, Packet Sniffer, Wireshark, MS Visio, Outlook and Office (PowerPoint, Word, Excel), Tufin Secure Track, Tufin Secure change, Algosec, Firemon, Splunk and IBM Qradar,
• Deep understanding of server configuration, RAID configuration, Active directory, server installation, windows OS 2008, windows OS 2013, ADS, DNS, DHCP, DHCP Relay, WDS, handling authorization and permissions.

PROFESSIONAL EXPERIENCE

Confidential, Glen Burnie, MD

Network Security Engineer

Responsibilities:

• Migrated Cisco ASA and Check Point firewalls to Palo Alto Network Firewalls using the PAN Migration Tool (Expedition) and integrated wildfire to identify zero-day exploits.
• Troubleshooting problems with applications, network and security infrastructure, including routers, switches, firewalls, VPN appliances, proxy servers, DNS appliances and Wireless devices.
• Produce design documentation and MS Visio drawings.
• Created all required technical documentation in accordance with Huntington's Change Control and project management processes and procedures.
• Researching and implemented new data network technologies like Cisco NGFW/Sourcefire, Palo Alto NGFW and Proxy/Content filtering, ACI (Application Centric Infrastructure).
• Refreshed Cisco ASA Firewalls from X and Migrated Cisco ASA Firewall to Palo Alto while Data Center Migration, Refreshed VPN Test Environment for Cisco ISE Testing, Migrated Multiple Cisco Nexus 93180 NX-OS to ACI Platform.
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer.
• Expert level understanding with F5 component to provide high availability with providing services across data centers.
• Migrated Internet, VPN, Business Partner and WEB Presence DMZ Containers from Old DC to NGDC with required Network Performance Upgrade which includes Migrating Cisco 6508 to Nexus 7710 Multi VDCs, Upgrading ASA Firewalls, migrating few Palo Altos, WAS Proxy upgrade and Created Network Design MS Visio for Physical and Logical Representation of each Environments.
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention URL filtering.
• Good understanding with network based F5 Load balancers with software module & Checkpoint.
• Used the panorama interface to control the Palo Alto firewall’s centrally.
• Experience in setting up the feature of Palo Alto 5020 to enabling security measures like Site to Site VPN’s, Dynamic Access List, Fraudulence entries, Monitoring Nodes.
• Deploy and support network load balancers, such as F5 LTM/GTM and configuration (Profiles, I Rules) of F5 Big-IP LTM-6400 load balancers
• Secure authentication, redundancy and troubleshooting issues on BIG-IP LTM, ASM, APM and edit policies on F5 network access control.
• Worked extensively on Checkpoint firewalls for analyzing firewall change requests and implementing changes into existing firewall policies, maintaining security standards
• Troubleshooting complex Checkpoint issues, Site-to-Site VPN related. Performed upgrades for all IP series firewalls from R7 .10.
• Worked on cleanup of several legacy rules of ASA and created a migration path to Palo Altos, configured for Global protect VPN, User ID, Wildfire set up, SSL decryption, license and policy management on Palo Alto appliances.
• Provide after-hours on-call support on a recurring basis.
• Configured and deployed VDC and VPC between Nexus 7710 and Nexus 5548 switches along with FEX 2248. Have a good understanding of Fabric Path
• Deploying and decommissioning the VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboards.
• Responsible for Designing & Implementations of Data Center /ACI solutions/ Virtualization solutions like EAP using Cisco ACI, Nexus 9k/7k/5k/2k/1k.Design Cisco Data Center /Application Rollouts with ACE, FWSM, & ASA.
• Worked on Cisco's Application Centric Infrastructure (ACI) implementation (Nexus 9K, APIC) and Created Tenants, Bridge Domains, EPGs, Contracts, Leaf Profiles, Interface Profiles.
• Creating Network Design in MS-Visio for new servers, application to be placed into multiple Datacenter.
• Designing and Configuration of Multi-Context Transparent/Routed Clusters of ASAs (Cisco 5555x, 5585) in manufacturing and data center environment.
• Responsible for routine firewall permission rules configuration, troubleshooting using packet captures and packet tracer through CLI, ASDM and CSM.
• Firewall traffic flow Investigation and Remediation task through regular expression strings on SPLUNK.
• Built up HLD/LLD for the project and configure Cisco 5555x ASAs for Certificate-based authentication with Group Policies. Configuring Authorization Profiles, DACLs in ISE for Contractor VPN access restrictions
• Installing security firmware updates on EC2, EBS, and S3 host devices on the AWS network.
• Handling and responding to “rackdown” incident for more than 200,000 devices is an Amazon AWS clusters.

Confidential, New Castle, DE

Network Security Engineer

Responsibilities:

• Responsible for Checkpoint firewall management and operations across our global networks.
• Implementing and managing Checkpoint Provider-1/MDS Scalable security management for multi-domain environments
• Worked in installing PA 3k in a pair and connecting it with Panorama for centralized management
• Creating Network Design in MS-Visio for new servers, application to be placed into multiple Datacenter.
• Involved in the configuration & troubleshooting routing protocols like MP-BGP, OSPF, EIGRP, RIP, BGP v4, and MPLS
• Configuring DMVPN tunnels on routers 2800,4300, 4400 and ASR
• Configuring zone-based firewalls for security.
• Creating route-maps and prefix-lists to advertise the routes over the network.
• Configuring policy-map and class-map for queuing the traffic. and maintain OoS
• Working on network design for new next-generation VPN solution, migration from Checkpoint VPN to Pulse Secure VPN from network prospect.
• Experience supporting or testing LANs, VLANs, WLANs, VPNs, NAT devices, &/or DHCP servers.
• Working on Cisco 6509 and 4507 series switches for LAN requirements that include managing VLANs, Port Security and troubleshooting LAN issues.
• Implementation of various protocols like RIP, OSPF, BGP, and STP.
• Experience in troubleshooting complex data center environments. Performing analysis and diagnosis of highly complex networking problems in the Data Center environment.
• Expert in configuring Cisco Routers, Catalyst Switches, Nexus Switches.
• Worked extensively with ASR 9K( ), Nexus 7000, 5000, 2000, Cisco 6500 series multilayer switches, Cisco 2960s series switches and Cisco 3560/3750s switches.
• Implementing FW rules using Firemon- Policy Planner.
• Design and implement Wireless Intrusion Prevention Systems (WIPS) to enforce security policies
• Installing Cisco Wireless Controllers and Wireless Access Points.
• Install and upgrade Cisco Wireless LAN equipment including but not limited to 1100, 1200, 1300 and 3500 series Access Points; 4400 and 5500 series Wireless LAN controllers; 6500 & 3750 Core switch routers; 2960, 3560 & 3750 series switches.
• Working on Cisco 6509 and 4507 series switches for LAN requirements that include managing VLANs, Port Security and troubleshooting LAN issues.
• Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
• Configuration and providing management support for Palo Alto and Checkpoint Firewalls (R75, R76, and R77).
• Configure, Support, update and install Checkpoint, Firemon systems. Provide monitoring of all Checkpoint firewalls and their logs/traffic
• Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for Posture Compliance Policies and Rules for checking the devices coming onto Network, Remediation Process, Access and Controls, and Segmenting the Global Networks for NAC Solutions for both Cisco and Forescout NAC Appliances
• Expertise in networking technologies like LAN, MAN, WAN and peripheral devices.
• Develop Engineering Documentations to record F5 environment and change processes LTM/GTM/iRules.

Confidential, San Francisco, CA

Aug18 Network Engineer

Responsibilities:

• Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers and different Firewall Vendors.
• Worked with multiple clients of CenturyLink such as Telecom, Financial (Banking and Insurance), Restaurants, Retail and Manufacturing Clients to support offices, campuses, warehouses and distribution centers and building up their network from scratch, including designing, installations, configurations and troubleshooting of their network.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
• Configured Aruba access points troubleshoot connectivity issues with Aruba access points. Prepared wireless survey reports, reports documenting completed projects and AP placement maps.
• Palo Alto/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network
• Controller base Wi-Fi Networking w ith Meraki.
• Design and implement Wireless Intrusion Prevention Systems (WIPS) to enforce security policies
• Installing Cisco Wireless Controllers and Wireless Access Points.
• Install and upgrade Cisco Wireless LAN equipment including but not limited to: 1100, 1200, 1300 and 3500 series Access Points; 4400 and 5500 series Wireless LAN controllers; 6500 & 3750 Core switch routers; 2960, 3560 & 3750 series switches.
• Design Cisco, Meraki, and Aruba WLAN/WiFi infrastructures.
• Work with Relay Engineers to provide IT support, for server-based software, firewall request, Citrix access, and software configurations.
• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points and Servers.
• Hands on experience in implementation and deploying BIG-IP F5 LTM load balancers for load balancing and network traffic management for business applications.
• Installed and configured DNS, DHCP. Responsible for creating and configuring FORWARD LOOKUP ZONE AND REVERSE LOOKUP ZONE
• Experience working with Nexus 7010, 5020, 2148, 2248 devices.
• Redistributed required routes from OSPF into BGP. OSPF cloud is present in the US and is connected to all our customers over Sprint’s Frame Relay backbone
• Configured EBGP load balancing and ensured stability of BGP peering interfaces
• Implemented site to site VPN in Juniper SRX as per customer Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Managing and configuring 4 juniper & Pulse SSL VPN appliances (SA-4500 & 4000) for TSNA and ATS customers
• Deployed BIG-IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Netscreen devices for easier management and common configurations.
• Involved in the migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
• Extensive use of NSM (Network and Security Manager) and CSM (Cisco Security Manager) for adding or modifying firewall policies for the firewalls in use.
• Worked extensively on Cisco ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
• Preformed IOS upgrades on Cisco routers and switches
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
• Configured Cisco 2800, 3800 routers and 3750, 4500, 6500 switches as part of the implementation plan.