SUMMARY

• Build stable, productive and profitable operations within highly technical environment.
• Experience with MPLS technology including L2/L3 VPN and traffic engineering. Deploy IP/MPLS services covering the installations, testing, cutover, migration and handover
• Well Experienced in configuring protocols like HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
• Install, maintain, support and diagnose Intrusion Detection/Protection solutions (IDS/IPS).
• Telecommunications management Avaya, Shoretel and Nortel phone system.
• Well experienced in configuring gateway redundancy protocols like HSRP, GLBP, PPP and SNMP.
• Experience in WAN technologies like T1/T3, DS3, and Gigabit circuit types.
• Worked on Load Balancer F5 LTM, GTM series like 6400, 6800, and 8800
• Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Experienced in various Juniper products: EX - 2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240
• Experienced working with Nexus 7010, 5020, 2148 and 2248 devices.
• Experienced at utilizing Network Intrusion Detection Applications, Enterprise Manager, Infoblox and NetMri.
• Experience in Information Technology includes extensive hands-on experience with Microsoft and Citrix technologies. Jim has designed, implemented and supported large distributed infrastructures utilizing Windows and Citrix NetScaler
• Engineers, configures, deploys, and maintains Web Application Firewall solutions
• Creates WAF rules/signatures to mitigate threats and implements best practices
• Designing and Architecting enterprise standard solutions with Amazon Web Services (AWS) which provides high availability, scalability and security with EC2, VPC, IAM, Route 53, Auto scaling, Cloud Watch, Cloud Trail, Cloud Formation, Security Groups
• Develop and drive incident management processes and stakeholder communication mechanisms

PROFESSIONAL EXPERIENCE

Confidential

Cyber Security Engineer

Responsibilities:

• Provide support over 170+ location including 3 datacenters.
• Responsible for deployment of Palo Alto Prisma Access Cloud (Global Protect Cloud Service) to Mobile Users (10,000) for all the Confidential ’s and Non- Confidential ’s employees.
• Enabled Multi-tenancy on Prisma access to host multiple instances on a single panorama appliance which allowed us to onboard Users separately for Confidential ’s employees and Non- Confidential ’s employees and create separate template stacks, device groups for each instance.
• Provide on call support for Prisma Access project
• Responsible for Change Management on ServiceNow (Creating Change Orders and Incidents for Firewall Projects and Issues) Evaluate, design, implement and support network infrastructure within AWS, including identifying, monitoring, and defining overall network requirements.
• Work with multiple internal teams to improve network security levels within the corporate infrastructure
• Engineers, configures, deploys, and maintains Web Application Firewall solutions
• Develops advanced alerts/reports to meet the requirements of key stakeholders
• Develops automation for security tools management and workflow integration
• Collaborates with key stakeholders within Information Security and Engineering teams to develop specific use cases to address specific business needs
• Creates WAF rules/signatures to mitigate threats and implements best practices
• Creation and implementation of custom alerting dashboards in SIEM for investigations
• Works extensively with different stakeholders for tuning WAF policies or creating custom signatures
• Responsible for staging/reviewing/pushing/implementing the desired firewall rule base on Palo Alto (Prisma Access).
• Worked on AWS Security Side in creating VPC’s, Security Groups, NACL’s etc.,
• Good Experience in architecting and configuring secure cloud VPC using private and public networks through subnets in AWS.
• Managed roles and permissions of users using AWS IAM
• Initiating alarms in CloudWatch service for monitoring the server's performance, CPU Utilization, disk usage etc. to take recommended actions for better performance.
• Configured AWS Multi Factor Authentication in IAM to implement 2 step authentication of user's access using Google Authenticator and AWS Virtual MFA .
• Created Security Groups, network ACLs, Internet Gateways, and Elastic IP's to ensure a safe area for organization in AWS public cloud.
• Designed AWS Cloud Formation templates to create custom sized VPC, subnets, NAT to ensure successful deployment of Web applications and database templates
• Maintained multi-vendor firewalls Paloalto 3k, 5k and 5k series firewalls, Checkpoint R77.30, R75, Cisco ASA 5540, 5585 firewalls with firepower.
• Implementing firewall rules using Palo Alto panorama, Checkpoint smart dashboard, Provider- 1 and Cisco CSM.
• Worked on Paloalto APP-ID, User-ID and other security profiles like Anti-virus, Threat Prevention, URL-filtering and Wildfire etc.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewalls.
• Performing backups and upgrades from time to time on different type of firewalls mostly on Palo Alto and Cisco ASA firewalls.
• Performed firewall migration from Cisco ASA platforms to Paloalto firewalls using Paloalto conversion tool
• Worked on extensively on troubleshooting multiple issues and driving Incident calls to resolution by doing packet capture techniques and performing other troubleshooting scenarios.
• Configuring and troubleshooting Access-lists, Service Policies, and NAT rules, Network Object Groups, Service Object Groups on ASA 5585 and 5505 Firewalls.
• Installing and configuring F5 LTM load balancer in Active-Standby mode and Creating Virtual Servers, VIP’s and server pools based upon application requirements.
• Worked on the Bluecoat proxies for URL and content filtering solutions.
• Used SIEM tool called Splunk SIEM tool to Analyse firewall logs and incident event analysis.
• Performing Firewall rule audit and Firewall policy optimization using Tufin analyzer tool.
• Working on trouble tickets in remedy ticketing system which comes to our queue.
• Participating in 24*7 on-call support and implementing changes in different time zones as per the client requirements.
• Gathering information and co-ordinate with business before we migrate checkpoint to Palo Alto firewalls.
• Working on Firemon for network security policy audit and PCI/DSS compliance audit.
• Experience using Nessus & Qualys Tool for networking discovery and mapping, asset prioritization, vulnerability assessment and tracking

Confidential, Plano, TX

Sr. Network Security Engineer

Responsibilities:

• Configuring and Implementing Security rules as per the business needs in Checkpoint R77 Gaia, R75.40, Provider-1/MDM/MDS, VSX, Palo Alto, Panorama, Cisco ASA and PIX firewalls.
• Work with business to find out what devices needs to be migrated and create new set of rules in appropriate environments.
• Working on firewall optimization tool called Tufin and Splunk to generate different reports for rules usage, object usage to find out what are the rules involved in the migration.
• Working on different projects (Waves) each involves moving hundreds of servers from one data center to another data center.
• Worked on the migration of Cisco ASA to Palo Alto firewalls.
• Engineers, configures, deploys, and maintains Web Application Firewall solutions
• Develops advanced alerts/reports to meet the requirements of key stakeholders
• Develops automation for security tools management and workflow integration
• Collaborates with key stakeholders within Information Security and Engineering teams to develop specific use cases to address specific business needs
• Creates WAF rules/signatures to mitigate threats and implements best practices
• Creation and implementation of custom alerting dashboards in SIEM for investigations
• Works extensively with different stakeholders for tuning WAF policies or creating custom signatures
• Responsible for staging/reviewing/pushing/implementing the desired firewall rule base on Palo Alto (Prisma Access).
• Worked on AWS Security Side in creating VPC’s, Security Groups, NACL’s etc.,
• Worked closely with Network, F5 team and DNS team to implement rules in new Datacenter.
• Co-ordinate with different application teams to figure out what firewall rules they needed in environment after the migration of their servers to new data center.
• Solving Problems on a case-by-case basis with deep understanding of networking/firewall concepts particularly in Checkpoint devices and Provider 1 management stations.
• Reviewing incoming firewall changes request and troubleshooting queues in HPSM.
• Configuring networks to ensure their smooth and reliable operation for fulfilling business objectives and processes.
• Work with different teams, plan and implement the new changes accordingly so that proposed business dead line met.
• Performing extensive research work on firewall rule base and log reports for every server which involved in migration.
• Training new team members on the guidelines and other home grown tools.
• Good understanding of ITIL, SOX and PCI processes.
• Provide support over 170+ location including 2 datacenters.
• Expertise to manage more then 5-6 project at a time and have capability to deliver on time.
• Hands on experience on Cisco ASA, Cisco ASR 1002, Cisco ASR1004, 4507, 3945, 2951, 2960, 3560, 3850, 3925, 4321, 4351 and 4331. Also, Cisco UCS and VGs.
• Experience to create GRE tunnel on border router for Zscaler cloud and allowing only limited subnet through tunnel.
• Having experience on SevOne, PathView, inflobox and service now for ticket managing.
• Hands on experience to consolidated 6 sites to 1 site and provide best solution for load balance and redundancy.
• Successfully configuring and deployed over 10 sites into production environment. Also, taking lead to give different VRF for different agency and type of end user.
• Experience on decommissioned old brocade device and replace with new cisco device.
• Create guideline for transformation, steady state project with including all paper/ documentation work.
• Switching tasks include VTP, ISL/ 802.1q, IPsec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.
• Experienced with Network Function Virtualization (NFV) and SDN technologies (SD-WAN).
• Continuous industry knowledge upgrade per the SD-WAN products, Cloud resources and firewall for enterprise and service provider to ensure SD-WAN clients/ISP expectations are met.
• Service Level Agreement (SLA) purchase request, offering state of the art encrypted virtual private network and around the clock Quality of Service (QoS) monitoring against packet loss, jitter, delay latency issues across multiple transportation mediums.
• Deploying and decommissioning the VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
• Expertise in designing secure networks utilizing Cisco Identity Services Engine (ISE) and 802.1x authentication.
• Configured SNMP with HPNA, Solarwinds on Cisco, F5, Bluecoat, Aruba.
• Designed and configured the commands for QoS and Access Lists for Nexus 7K and 5K.
• Perform network protocols (HTTP, NTP, SMTP, SNMP, FTP, SFTP, NTFS, SSL), network security (LDAP, RADIUS, PKI, SSH, IPSEC)
• Configuring Client/Server, TCP/IP, DHCP and WINS/DNS to conform to Local Area Network.

Confidential

Sr. Network Engineer

Responsibilities:

• Demonstrated expertise and depth of understanding in Cisco network technologies, Unified Communications, LAN/WAN acceleration, Cisco products, and remote office implementation and support using MPLS technologies
• Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
• Hands on experience to manage Palo Alto and check point with including set up new infrastructure, adding new route-based policy, NAT, site to site VPN, Global Protect.
• Expertise to change management IP for new subnet and make changes in Palo Alto accordingly.
• Experience on moving subnet from one data center to another data center.
• Demonstrated strong knowledge of data replication technologies and developing and implementing business continuity and disaster recover practices.
• Create architecture and implement and configure enterprise wide network systems in conformance with the Plan. Ensure that the network systems provide the user community with infrastructure that is compliant with all terms of Service Level Agreements.
• Hand's on configuration implementation and design of security protocols including: IPSEC VPN, NAT, creating firewall rules, SSL VPN, encryption protocols 3DES/AES, intrusion prevention systems, identity management systems, network access control, identity services engines, web application filtering
• Experienced to Implementation of Cisco ISE and the Migration from old ACS to Cisco ISE Environment.
• Standardize NAC deployment designs, verification, and testing. Implement HP Clearpass NAC policies and network devices per site.
• Experience working in DMZ environments with good understanding of hardware load-balancing, firewalls, multi-tiered architectures.
• Participate in the creation of the organization’s Network Infrastructure Strategic Plan, and network operating policies and procedures.
• Create standards, guidelines, and related documentation for all network and telephone environments. Prepare network and telephony configuration and operational documentation in compliance with required standards and contribute to the development of new standards and the modification of existing standards as circumstances warrant.
• Performing network monitoring, providing analysis using various tools like Wireshark, SolarWinds etc.
• Hands on experience to migrate Meraki wireless, switches from once datacenter to another data center.
• Experience for improvements should be included in the design for Cisco ISE.
• Create automated network monitoring systems to provide alerts regarding latency and service disruptions. Monitor network performance, diagnose network issues and perform emergency and scheduled maintenance. Provide support to operations regarding network problems.

Confidential, Alexandria, VA

Network Design Engineer

Responsibilities:

• Dealing with clients for resolving/troubleshooting issues on LAN Inventory management.
• Datacenter migration was involved in Access, Distribution and Core layers.
• Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
• Configured VLAN Trucking 802.1Q, STP, and Port Security on Catalyst 6500 switches. Design and create dedicated VLANs for Voice and Data with QOS for prioritizing VOICE over the DATA on Catalyst switches and basic VOIP configurations
• Actively participate in the planning, design, and implementation and troubleshooting of Unified Communication systems, infrastructure and UCCE/ICM environment
• Managed a project to decommission an outdated Cisco Unified Video Conferencing (CUVC) and replace it with Cisco TelePresence, based on Cisco Collaboration System 11 framework
• Windows 2008 Active Directory, Citrix Technologies: vSphere 5 and 4.x, CitrixXenApp 6 and 6.x, XenDesktop 5 and 5.x, EMC SAN Storage, HP EVA 6400, Brocade & McData Fiber Switches, 100+ Applications.
• Practical understanding of the UCCE Deployment models
• Hands on experience on Aruba Wireless controller (802.XX) including designing and troubleshooting.
• Deep technical troubleshooting on customer SD WAN Edge connect device, Firewall Cisco ASA, Palo Alto
• Testing Cisco ISE server is correctly installed, and licenses are applied.
• Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems and also manipulating BGP attribute
• Deployed of Cisco ISE guest Management System.
• Experience in working with cisco Nexus 5000 series switches for data center.
• Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 5000, 6500 Series switches.
• Upgrading code on Palo Alto firewalls PA5050/3020 to meet company security policy
• Configured, monitored and troubleshoot Cisco's ASA 5500/PIX 515 security appliances, failover DMZ Zoning.
• Create VM's on esxi host, apply vlans, firewall rules-ACLs, high availability, test L-2 /L-3 protocols, spinning the VM's, API testing, work with offshore team.
• Prolific in implementing and troubleshooting VLAN Trunks, STP, SNMP, Ether Channels, HSRP, and ACL's, QoS.

Confidential, Richmond, VA

Network Security Engineer

Responsibilities:

• Responsibilities include functions as site lead for migration of sites from ATM to Ethernet.
• Configure BGP, OSPF and ISIS routing protocols in Cisco routers 3950, 4800.
• Configuration and Provisioning on ALU 7750 routers. E-pipes building. Experience with SAM (Service Aware manager).
• Manage over 400 servers- Wintel servers, VMware 5.1 and 5.5 and Xenserver 5.6 and 6.5 (Citrix) and HP Proliant ML and BL servers.
• Created alarm and event systems to alert the NOC and coordinate with ISE monitoring.
• Configure VPC and ether channel- LACP and PAGP and create the Vlan interfaces with HSRP.
• Responsible for Deployment of UCCE solutions in Ford Credit to replicate the Preproduction System and handling the role of a SME and providing the required solutions on UCCE Environment.
• Develop, Implement Unified Communications collaboration platforms that enable collaborations and connectivity of associates and external business via voice, video, Instant Messaging and Cisco "cloud based "WebEx conferencing solutions
• All network equipment was refreshed with Aruba HPe equipment and 10G fiber for the backbone.
• Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
• Configuration of Palo-Alto PA 5000 series firewalls for outbound traffic via blue coat proxy server.
• Configuring Switches with Port Security, Spanning-Tree Protocol, VOIP, VLAN, Port Span, Ether channel, and Channel group. Working with ACS Radius, and Tacacs+ Server
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configuring IPSEC VPN on SRX series firewalls.
• Configuring Juniper Netscreen 5200 for security Appliance, NS-5200 for VPN/firewall.
• Worked on different firewall & security appliance such as, Checkpoint 4400, 4600, 4800, 21700, Palo-Alto 200, 500, 3020, 3060, 5020, 5060, Panorama Juniper SRX 240, 650, 1400, 3400. Junos Space, Cisco Sourcefire, FireEye, Imperva (WAF)
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Worked on Cisco 5500 wireless controller, Cisco Prime and Cisco WAPs.