SUMMARY

• Experienced Firewall Engineer with a demonstrated history of working in the information technology and services industry
• Working with network and firewall infrastructure and responsible for the planning, design, implementation, migration, upgradation, and daily operations on multi - vendor platforms such as Fortinet, CheckPoint, Palo Alto and Cisco ASA Firewalls.
• Worked on Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of CheckPoint, Palo Alto and Cisco ASA during my experience as Network Engineer
• Hands-on experience on the Cisco ASA firewall series- 5520, 5540, 5580, ASDM, CLI, IPS/IDS, FortiManager (v5.2,5.4,5.6), Palo Alto firewall (PA-3k,5k series) and on CheckPoint firewalls via Smart Console (version-r77.30, r80.20).
• Knowledge and experience of TCP/IP architecture, TCP/IP protocol suites and dynamic routing protocols including RIP, IGRP/EIGRP, OSPF, and BGP (eBGP / iBGP )
• Thorough knowledge of Windows Vista, XP, Windows Server 2003; 2008; Windows NT; TCP/IP.
• Capabilities include an extremely broad knowledge base and familiarity with the latest cutting- edge technologies, including firewalls, VPN, IDS, and IPS.
• Experience in handling CheckPoint, Cisco ASA and Palo Alto Firewall post migration support & policy/rules configurations
• In-depth knowledge of TCP/IP, high availability, load balancing, and remote management complements outstanding relationship management, analysis, and problem resolution skills as well as outstanding organizational, multitasking, and team building skills at all levels
• Experience with CheckPoint firewall deployment and operations
• Working knowledge on routing and switching protocols and having basic knowledge about Nexus switches
• Exposed to working in AWS IaaS, Provisioning VM and Virtual Networks, reserved VIP and deploying Web Apps.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration
• Experience with CheckPoint VSX, including virtual systems, routers and switches
• Having strong interpersonal skills with the proficiency in adapting to new technologies
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of CheckPoint R65, R70 & R77, Palo Alto and Cisco ASA.
• Hands-on experience with Ether Channel, Spanning Tree, Trunking, ACLs, Syslog
• As part of operations team, involve in configuring virtual machines, storage accounts, resource groups
• Deploying VM's, Storage, Network and Affinity Group through Scripting
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST
• Responsible for optimizing firewall configuration. Security Policy and NAT implementation on firewalls. Providing technical supports on 24x7 environments
• Perform incident response activities using the Symantec DLP tools across network and VPN
• Experience with installation, configuration, and support of Symantec DLP products such as Symantec Enforce, DLP Prevent, DLP Monitor, DLP Discover, DLP Endpoint Protect Servers, Symantec VIP for Two-factor authentication and the Endpoint DLP agents.
• Extensive experience in Configuration and deployment of network security devices, including firewalls, Intrusion, Detection Systems, VPN, Identity Gateways
• Involved in Configuration of Access lists (ACL) on CheckPoint firewalls for the proper network routing in B2B network connectivity
• Investigate various issues, deliver troubleshooting to resolve network problems efficiently, both on-site and remotely.
• Maintain and Administer Perimeter Security Systems such as Firewalls and Intrusion Detection Systems.

TECHNICAL SKILLS

• Linux/Unix
• MacOS
• Windows 7/8/10

• ARP
• ICMP
• CIDR
• Telnet
• Frame Relay
• Ethernet
• TCP
• UDP
• RIP
• OSPF
• EIGRP
• BGP
• DHCP
• STP
• IPSec
• HSRP
• SNMP
• DNS

• CheckPoint
• Fortinet
• AWS
• Palo Alto
• Cisco ASA

PROFESSIONAL EXPERIENCE

Senior Network Security Engineer

Confidential

Responsibilities:

• Analyze and offer daily operations to the perimeter network security systems Routers, Switches, Firewalls, Proxy and F5 Load balancers enforcing the network security policy and complying with requirements of the security audits and recommendations.
• Operations include implementing polcies and troubleshooting for at least ONE of these technologies: Cisco ASAs, Juniper SRX, Netscreen Firewalls, Palo Alto, Checkpoint, IPS/IDS, Fortigate. Any other firewall vendor could be evaluated during the process
• Configured, managed, monitored and analyzed IDS/IPS Signatures Attacks, Wire Shark, Firewall logs, Systems, Applications and Security Event Incident Management Logs for comprehensive security vulnerability monitoring.
• Define the settings to create the portal and gateways in the cloud environment for configuring Prisma Access to the mobile users.
• Perform regular maintenance by running patches and scripts on the firewall firmware.
• Building the Check Point firewalls from scratch for managing clients, which included network and resource access, software, hardware problems and patching UTM.
• Configuring and administering Checkpoint firewall and UTM (Unified Threat Management) Systems
• Monitoring alerts and taking actions against security breaches
• Currently working on a firewall migration from CheckPoint to Palo Alto wherein tasks include verifying the inventory of hardware, software assets, changes, and configurations
• Analyze Checkpoint firewall and Splunk logs to perform rule usage analysis and identify unused rules
• Built firewalls (CheckPoint and Palo Alto) for initial deployment and Zone-Base stateful inspections
• Provide operational support of Check Point - 5800, 12400, 12600, 23500, Provider-1 Appliances, and Palo Alto 5280, 5260 series firewalls as needed to ensure continued streamlined operations
• Migrated from Cisco ASA to Palo Alto firewalls platforms PA5260 and PA5280 firewalls.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
• Configured and upgraded Check Point Security Gateways (5800 Series), Check Point VSX appliances (12400, 15400, 23500 series), Check Point Multi-Domain Management Servers (Smart-1 50, Smart-1 3050).
• Configured AWS VPC using services like AWS Direct Connect, AWS IAM, AWS ACLs.
• Security Control assessment for AWS migrations including evaluating the AWS services and recommending additional security controls required.
• Installed new branch network systems and resolved network issues, running test scripts and preparing network documentation.
• Setting up and Managing Virtual Machines on AWS Cloud including working on EC2 instances.
• Deployed applications and host websites on AWS cloud involving blackboard.
• Migrated Virtual Machines and applications from on premises cloud to AWS.
• Deploy and run Cisco IDS/IPS appliances & modules integrated into Cisco 65k switches, and firewall rules associated with Cisco FWSM on high volume critical production environment.
• Provide weekly reports on the threats and vulnerabilities present within the network infrastructure based on triggered IPS signatures.
• Review latest vendor-released updates like IDS/IPS/Anti-virus profiles and make recommendations whether they need to be turned on for alerting.
• Configure Palo Alto specific variables such as Tags, Zones, Vsys, Vrouters and Dynamic groups.
• Perform troubleshooting the complex multi-vendor network issues in the LAN and WAN networks and working with multiple application and system teams to identify bottlenecks and other network configuration issues.
• Monitor end point security tool sets, including NIDS, HIDS, DLP Systems, and Network behavioral analysis tools.
• Implemented and troubleshoot Zscaler cloud-based proxy solution for web-based content filtering, DLP tools.
• Added and removed PAC files to allow the traffic through Zscaler proxy.
• Dealing DHCP, DNS and IP address through Infoblox, and Admin for Internet sites access using Zscaler.
• Configured rules and policies according to the security policies and needs of the users in Zscaler proxy
• Configured Zscaler cloud proxy on different locations as per design.
• In-depth knowledge in the area of deep packet troubleshooting with Wireshark and tcp-dump
• Support the configuration and maintenance of Firewall/DMZ infrastructure including Network and Application Firewall Packet Filtering.
• Periodically interact with clients during different phases of the project’s life-cycle from planning to maintenance for gathering their requirements. Review client requirements and collaborate with peer engineers and Network Architects to devise technical solutions. Perform sanity checks on perimeter devices. Update and maintain documentation related to supported technology.
• Monitor network environment for anomalies and errors, report and escalate issues by providing extensive layer 1-7 network support. Perform complex troubleshooting issues dealing with debugging latency, authentication issues, and application functionality issues.
• Engineered BGP routing attributes to load balance between multiple links and configured routing considering different attributes like Weight, Local Preference, MED, AS-path, Community, Origin, Next-Hop.
• Working Symantec DLP policy development and troubleshooting. Providing support of DLP Network (SMTP and Web), Endpoint, and/or Discover servers.
• Maintaining a two-factor authentication (SecurID) environment using Symantec VIP.
• Do monitoring of internal security systems to ensure that security standards and confidential information access levels are maintained using Symantec endpoint.
• Perform regular audits on end-user accounts, permissions and access rights for all critical systems using Symantec DLP. Thereby, maintaining and implementing role-based administration program.
• Execute Symantec NAC implementation for the security project management and instrument Symantec access control management solutions.
• Perform Symantec Data Loss Prevention (DLP) tool configuration, and integration with other technologies including Encryption, logging and ticketing tools.
• Validate the IP address using Infoblox and APATE for authenticating Application Server information. Analyze the root cause to resolve complex network connectivity issues and troubleshoot incident management (IM) tickets by carrying out log investigation through FortiAnalyzer, SmartView Tracker and run packet captures using Wireshark and CLI platforms. If the issue needs further investigation from other teams then we provide log reports to peer teams and end users and thereby, direct the issue to the concerned department while updating clients.
• Interact with clients during all phases of the project from planning to maintenance for gathering client requirements. Review the client requirements for network security systems and collaborate with peer engineers and Network Architects to devise a technical solution to address their problems.

Senior Network Security Engineer

Confidential

Responsibilities:

• Worked extensively in Configuring, Monitoring and Implementation of CheckPoint and Cisco's ASA 5500 series firewalls for clients. Worked on Building site-to-site VPN connections for third party connectivity using ASA Firewalls.
• Troubleshot, configuration and monitoring network devices like Cisco ASA firewalls, routers and catalyst switches and VPN related issues of enterprise customers.
• Administering the Cisco ASA firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewalls
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification
• Created site to site IPSEC VPN tunnel with CheckPoint and Cisco ASA firewalls.
• Migrated various L2L customer VPNs from Cisco ASA to Check Point firewalls.
• Configuration of ACLs in Cisco 5520/5540/5585 series ASA firewall for Internet Access requests for servers in LAN and DMZ and for special user requests as authorized by management
• Worked with a team in firewall policy management and support on Cisco ASA 5585X, 5540, PIX and CheckPoint Firewalls 12K, 13K.
• Actively responsible for Cisco ASA Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configured Cisco ASA 5515 and Cisco router 2901 dual ISP failover site-to- site VPN
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of the client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA firewalls
• Cisco ASA Firewall Log review and analysis and troubleshoot connectivity issues.
• Configuring Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K).
• Responsible for Analyzing, migrating and validation of firewall configuration from Cisco ASA
• Involved in the process of Cisco ASA to CheckPoint Firewall migration
• Troubleshot User connectivity issues on CheckPoint and Cisco ASA using CLI utilities.
• Accountable for sustaining CheckPoint Provider1 security policies including NAT, VPN and Secure Remote access, Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls Implementation and troubleshooting of Cisco ASA firewall.
• Extensively worked on BGP peering, redistribution and deploying Route reflectors.
• Actively monitoring Solarwinds to actively alert on critical events - AD, IPS, Firewall logs
• Daily monitoring of Network Level IPS's and Firewalls looking for suspicious or out of the ordinary activity
• Perform network engineering, design, planning LTM load balancing implementation and scheduling infrastructure related tasks by coordinating with other teams
• Created High Availability proxy and Ngnix for load-balancing (F5) the API calls and configured SSL certificates for the Production and Application servers using AWS.
• Managing F5 LTM, GTM, APM, ASM Administration, creating virtual servers, mapping pools, iRules and Profiles. SSL traffic offloading. Configuring SNAT and virtual servers in F5LTM
• Worked with Cisco ASR’s, Catalyst 6500 series switches, 2800 series, and 3800 series. 2900 series and 3900 series routers.
• Manage Syslog Server for collecting all log events on several firewalls to a centralized device for log monitoring and reviewing purposes.

Senior Network Engineer

Confidential

Responsibilities:

• Manage and Implement Network Security measures to control data, software, and hardware such as Palo Alto, CheckPoint and Blue Coat proxies. Performing URL filtering and content filtering by adding URL's in Blue Coat Proxy SG's.
• Perform analysis of network security needs and contribute in the design, integration and installation of hardware and software in the corporate WAN, LAN and Server architecture. Negotiate with technical solution providers and vendors to provide recommendations on equipment purchases and upgrades to the existing network infrastructure.
• Support and troubleshooting during cutover while implementing Cisco firewall configuration from other vendor firewall (like CheckPoint, Juniper, MacAfee sidewinder)
• Engineered BGP routing attributes (Route map, AS-path, MED, local preference) to load balance between multiple links, for the Managed Customers.
• Extensive experience in deploying OSPF, BGP, LDP, MPLS-VPN, IPV4,
• Worked on Packet Over Sonet(POS), ATM, IP Frame Relay(FR) and Gigabit Ethernet WAN Technologies.
• Extensively worked on BGP peering,redistribution, Deploying Route reflectors in filed.
• Configured, installed and maintained CheckPoint endpoint security E80.40/E80.50 management and policy servers.
• Installation of Palo alto (Application and URL filtering, Threat Prevention, Data Filtering).
• Successfully installed Palo Alto Next-Generation PA 3060, PA 5060 firewalls to protect Data Center with the use of IPS feature.
• Implemented CheckPoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
• Advanced knowledge, design, installation, configuration, maintenance, migration and administration of the CheckPoint R55 up to R77.
• Engineered BLS CheckPoint infrastructure which consists of 500+ firewalls running different flavors of hardware and CheckPoint OS such as (R71, R75, R76 and R77).
• Adding and removing CheckPoint firewall policies based on various project requirements.
• Implementing security policies using ACLs, IPsec, SSL and VPN.
• Installation and administration of CheckPoint R 75.40 Firewall.
• Implemented new device of Cisco and Juniper MX - series as per policy reviewed by network architect.
• Implemented firewall policy change on the CheckPoint clusters.
• Verified and Validated the Firewall policy on CheckPoint R75 clusters for unused rule and helped consolidating rule.
• Installation and administration of CheckPoint R 75.40 Firewall.
• Implemented firewall policy change on the CheckPoint clusters.
• Verified and Validated the Firewall policy on CheckPoint R75 clusters for unused rule and helped consolidating rule.
• Configured BGP features like local-as replace, as-override to avoid loops when using redundant data center designs.
• Proficient in configuration of routing protocols like IGRP, EIGRP, OSPF multiple areas and BGP.
• Hands on experience in Installation, Configuration and Administration of HTTP, FTP, DNS, NTP, DHCP servers under various LAN and WAN environments.
• CheckPoint log server upgrade from R71.40 to R75.40 to take advantage of Smart logs.
• Performing Client or Clientless AD integration with Palo Alto Firewall for User and Group mapping.
• Configure Captive Portal Profile for Non-Domain Users in the client Network to get access of Internet.
• Integration of Panorama with Palo Alto firewall for Centralize management.
• Configure Global Protect VPN, IPsec VPN and Clientless VPN.
• Performing and conducting cyber threat analyses and reports and supporting various and dynamic security analysis.