SUMMARY

• Around 9 years of experience in Networking and Security, including hands - on experience in providing network support, installation and analysis for a broad range of LAN / WAN/MAN communication systems.
• Experience with Checkpoint Firewalls NGX R65, R70, R75, R77 Gaia, R80, VSX, Cluster XL and Provider-1.
• Experience with GAIA, Checkpoint VPN-1/Firewall-1, Standalone & Distributed setup, Security management, Log server, Secure platform (SPLAT), Provider-1, and VSX gateway with clusters and Virtual firewall models like smart-1, power-1.
• Worked on different firewall and security appliance such as: Palo Alto 200,500, 3020, 3060, 5020, 5060 and 7050
• Designed and configured Palo Alto Central Management Platform with Panorama and Wildfire Deployment.
• Designed Installed and Troubleshoot Palo alto firewalls with the cluster using Panorama.
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP, BGP v4, MPLS.
• Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Load Balancers & Cisco Firewalls
• Hands on experience in configuring and supporting site-to-site and remote access Cisco, IPSec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
• Extensively worked on Cisco ASA 5540 while designing and implementing various projects with Cisco ASA 5540 firewall and migrated and implemented new solutions with Cisco ASA Firewall series 5540, 5580 with firepower.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy
• Responsible for Check Point and Cisco ASA firewall administration across global networks.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experience working with Nexus 7K, 5K, 2K devices.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Designed/deployed/maintain Cisco SourceFire Next Generation Firewall and Intrusion Prevention System (IPS) with Firepower sensors and Fire Sight Management Console.
• Knowledge in preparing Technical Documentation and presentations using Microsoft VISIO/Office.
• Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Experiences dealing with OS upgrading/Patching for various vendors like F5 (TMOS), CISCO (IOS, NX-OS), PANOS, Screen OS, JUNOS, Web sense, Bluecoat SG proxy.
• Worked on Source Fire, Tipping Point IPS/IDS Systems, vulnerability assessment tools like Nessus, Qualys, and SIEM tools like Arcsight, Rapid7, NetQos, Splunk and packet capture tools like WireShark, tcpdump.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migrating both Checkpoint and Cisco ASA firewalls to Palo Alto firewalls using conversion tool.

PROFESSIONAL EXPERIENCE

Confidential, Farmington,CT

Sr. Network Security Engineer

Responsibilities:

• Configured, implemented and troubleshooting issues on Checkpoint R80.10, R77.30 Gaia, Paloalto firewalls for the client environment.
• Configured and managed policies in Checkpoint R80.10 in Provider-1 environment.
• Worked on enterprise level models, PAN 7080, 7050, 5000, 5200; Checkpoint 12600, ASA 80.
• Maintained and troubleshoot complex issues on Palo Alto, Checkpoint and ASA Firewalls.
• Configured new Palo Alto for migrating ASA to Palo Alto using Panorama expedition tool. Added it to Panorama and configured URL filtering, rules, High-Availability NATs, routing, wildfire updates, etc.
• Identify client based applications and create custom based APP-ID for optimal traffic flow.
• Experience in creating multiple policies and pushing them into Checkpoint Firewall (Gateways) and hands-on experience in managing the Checkpoint Management Server and Gaia operating system.
• Centrally managed all Palo Alto firewall using Palo Alto Panorama M-100 management server.
• Researched, designed, and replaced aging with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Experience in configuring F5 BIG IP i7600 modules from scratch including deploying vCMP guests, setting up networking, upgrading firmware versions, enabling modules and features, importing UCS files to restore previous configurations and configuring Configsync, Network failover and device groups.
• Configured F5 BIG IP APM, ASM, LTM and GTM modules in the new DMZ build project.
• Configured new F5 APM policies to integrate Azure AD B2C and B2B authentication using oAuth client and resource server configurations and policy builds for fine grain authentication
• Configured custom irules based on the application requirements like triggering logout requests for both azure and F5 session, custom logging for troubleshooting, routing to specific pools based on URI resources accessed, port 80 to 443 redirects, modifying requests using string operations in TCL scripts.
• Configured new zones using zone runner in F5 GTMs and updated resource records, built out new Wide-ips for applications requiring global traffic management, worked on resolving trust issues between F5 boxes using iquery features.
• Worked on creating ADFS proxy web gateway instance on F5 Load balancers using configuration guide features and iApp templates.
• Worked on day-to-day operations such as building new load balanced instances, troubleshooting issues with F5 VIPs, customizing the applications based on client requirements and updates.

Confidential, Germantown, MD

Sr. Network Security Engineer

Responsibilities:

• Implementing and troubleshooting firewall rules in Checkpoint R77.30 Gaia, Cisco ASA 5540, 5580 implementing and troubleshooting firewall rules.
• Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
• Coordination with Cisco TAC, Palo Alto consultant for the critical cases and projects.
• Configured ACLs in Cisco 5540 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT
• Upgrade of Checkpoint firewalls and management servers from Splat R77.20 to Gaia R77.30
• Services expert responsible for effectively communicating, educating, and positioning Infoblox service programs within the partner community and customer base.
• Installation and maintenance of Cisco Layer 3 switches 3750, 4500X, 6500 and Cisco 3550/4500/6500 switches in multi VLAN environment.
• Expertise in the administration, support and operation of the Orion SolarWinds platform including Network Performance Monitoring (NPM), Network Configuration Manager, Server Application Monitor (SAM), NetFlow, Traffic analyzer and IP address Manager.
• Responsible for Check Point, Cisco ASA and Palo-Alto firewalls configuration and administration across global networks for providing IPS/IDS.
• Deployed Cisco ASA 5545 firewalls and installed Firepower module.
• Implemented site-to-site tunnels for AWS migration using cisco ASA 5545 firewalls.
• Worked on Cisco Wireless 2504, 5520 Controllers and 2600 Access points.
• Experience in working with Cisco Nexus 5000 series switches for data center.
• Experience in configuring F5 BIG IP i7600 modules from scratch including deploying vCMP guests, setting up networking, upgrading firmware versions, enabling modules and features, importing UCS files to restore previous configurations and configuring Configsync, Network failover and device groups.
• Configured F5 BIG IP APM, ASM, LTM and GTM modules in the new DMZ build project.
• Configured new zones using zone runner in F5 GTMs and updated resource records, built out new Wide-ips for applications requiring global traffic management, worked on resolving trust issues between F5 boxes using iquery features.
• Worked on day-to-day operations such as building new load balanced instances, troubleshooting issues with F5 VIPs, customizing the applications based on client requirements and updates.
• Configured OSPF on CISCO devices with multiple routing processes and redistributed them. Tested and hands on experience in multi area OSPF topologies.
• Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /MAN, router/firewalls.

Confidential, Hopkins, MN

Sr. Network Engineer

Responsibilities:

• Managed the security infrastructure of the service provider which includes Cisco ASA 5585, 5540.
• Configuration and upgrading the IOS in the ASA and Juniper Mag Devices.
• Troubleshooting the Juniper Mag devices. Implementing SSL VPN on the mag devices.
• Implemented Static NAT and PAT for internet users.
• Configured & maintained IPSEC Site-to-Site VPN using Cisco ASA.
• Created dynamic access policies on the ASA's for the offshore vendors to be able to VPN in and access the resources they needed for their testing purposes.
• Configuration of Access List ACL to allow users all over the company to access different applications and blocking others
• Configuration, Troubleshooting and Maintenance of Palo Alto PA-3000 series and managing them via Panorama.
• Implemented firewall rules in Palo Alto firewalls using Panorama for one of the environments.
• Monitoring and troubleshooting traffic on Palo Alto 3k firewall.
• Creating and managing admin users and troubleshooting the issues by using juniper SRX.
• Firewall filtering and NAT, Adding and modifying the policies in juniper SRX.
• Maintained and supported SolarWinds Orion Network Performance Monitor.
• Designing, configuring and troubleshooting ASA failover for the customer network.
• Provided support for troubleshooting and resolving Customer and user reported issues.

Confidential

Network Engineer

Responsibilities:

• Configured Routing protocols such asOSPF, BGP, static routing and policy based routing.
• Team member of Configuration of Cisco 7206 router with VPN and Configuration of Catalyst switches.
• Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN.
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Configuration and troubleshooting link state protocols like OSPF in single area and multiple areas.
• Redesign of Internet connectivity infrastructure for meeting bandwidth requirements.
• Configured HSRP and VLAN trunking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
• Worked on F5 LTM 8950, 6900, VIPRION 2400 models and MD5.
• Access/distribution and core layer switching architecture.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Continually monitor, assess and improve network security, test and implement new security technologies.
• Hands on experience on dataloss prevention, inspection, content caching and bandwidth management using bluecoat proxy.
• Adept in handling user authentication, web filtering, visibility of SSL encrypted traffic using bluecoat proxy SG.
• Provided VPN services to site-to-site and, Remote access VPNs using IPSec tunneling along with ensuring of high availability.