SUMMARY

• Over 5+ years of professional experience in Deploying and Troubleshooting Network and Security infrastructure at Enterprise level.
• Experience on configuring Palo Alto Next Generation firewall PA - 7050, 5260, 5020, 3020 Series.
• Expertise in configuring and monitoring Palo Alto, Checkpoint and Cisco ASA firewalls.
• Experience on Palo Alto Next Generation Firewall features including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL-VPN, App ID, User ID, Security Profiles and Zone Protection.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN).
• Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
• Hands on experience in Palo Alto Networks centralized management tool Panorama for managing multiple firewalls.
• Acquired skill in mitigation of DDoS attacks on Cisco and Palo Alto Firewalls.
• Expert in migrating of the firewalls from Cisco ASA to Palo Alto firewall using Expedition Tool.
• Hands on experience in deploying and managing Cisco Identity Services Engine (ISE).
• Assisted in setting up new 510 and 810 Blue Coat Proxy SG units, performed one to many proxy migrations.
• Experience in configuring and managing Cisco and F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
• Deployed Cisco and Aruba wireless 802.1X infrastructure across the enterprise network.
• Installed and maintained Aruba switches Aruba Wireless AP’s and Aruba Virtual Controllers.
• Security and patching using Nexpose, password resets, deployments to end users, help desk using troubleshooting on hardware and software.
• Managed third-party penetration testing efforts on key externally facing and mission-critical systems; worked with vendors such as Rapid7.
• Technical proficiency with Cisco wireless (APs, Controllers, ISE, Prime).
• Working experience in managing and troubleshooting the core, distribution and access switches.
• Substantial working experience on Cisco Nexus switches (7k, and 5k series).
• Profound knowledge of layer 2 protocols such as VTP, STP, RSTP, MST and layer 3 routing protocols like BGP, EIGRP, and OSPF.
• Depth knowledge in HSRP and VRRP for Redundancy over layer 2, 3 switches.
• Knowledge of TCP/IP suite to solve complex networking issues including IP routing protocols, ACLs, VLANs, and VPNs.
• Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
• Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, Solar Winds and TCP dump.
• Configured and managed Cisco routers and Switches using Cisco Security Device Manager (SDM).
• Monitored and Troubleshoot physical and virtual network infrastructure using SIEM tools like Splunk, Qradar.
• Managed security policies in firewalls and cloud platforms by TUFIN.

TECHNICAL SKILLS

Firewalls: Palo Alto Networks, Cisco ASA firewalls, Checkpoint, Panorama Palo Alto Networks firewall management.

Load Balancers: F5 Networks (Big-IP)

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 2960, 3560, 3750, 3850, 4500, 6500.

Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN.

Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing.

Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging.

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, Cisco Prime.

Wireless Technologies: Airwatch & WLC’s (8510, 5508, 5706), Cisco AironetAP’s (2600, 3600, 3700), Aruba 225, Aruba 3000 controller & Airwave.

Network Security: Cisco ASA 5540, ACL, IPSEC, F5 Load Balancer, ISE, SSL, IPSec VPN, GRE VPN.

Network Management and Packet Analyzers: SolarWinds, Wireshark, SNMP, and Tcpdump.

Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS and Linux.

Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), VMware, Adobe Photoshop, and Illustrator.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential

Responsibilities:

• Deployed and configured Palo Alto Next Generation firewalls PA-7050, 5260, 5050, 3020 Series and Panorama M-100 series.
• Performed firewall migrations from Juniper to Palo Alto Firewalls using expedition tool.
• Implemented Architectural design and guidelines for Palo Alto Firewalls in the Green Field deployments.
• Implemented the Device Group Hierarchy and Template Hierarchy on the Panorama for Standardizations.
• Implemented High Availability (HA), URL Filtering, SSL Decryption, GlobalProtect for VPN Clients, App -ID, Threat Prevention, Zone Protection.
• Expertise in configuring and deploying GlobalProtect VPN with multiple gateways and rolled out to 7k+users.
• Responsible for VPN migration from Cisco AnyConnect to Palo Alto GlobalProtect.
• Configured and monitored GlobalProtect Portals and Gateways to create IPSEC and SSL VPN Tunnels with users and customers on Palo Alto firewall.
• Expertise in conducting rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup.
• Expertise in working with Palo alto firewall's centralized management server- Panorama for management and administration of large-scale deployments.
• Performed Palo alto firewall OS upgrades at regular intervals.
• Experience in Vulnerability assessment and penetration testing using various tools like NMAP, Nessus, Rapid 7.
• Perform review and analyze security vulnerability data to identify applicability and false positives.
• Execute daily vulnerability assessments threat assessments mitigation reporting activities to safeguard information assets and ensure systems are protected.
• Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.

Sr. Network Security Engineer

Confidential

Responsibilities:

• Experience on configuring Palo Alto Next Generation firewall PA-5260 5050,5020,3020 Series.
• Well Versed on configuring and implementing Firewall migrations from Cisco ASA to Palo Alto Firewalls.
• Implemented Architectural design and guidelines for Palo Alto Firewalls in the Green Field deployments.
• Implemented the Device Group Hierarchy and Template Hierarchy on the Panorama for Standardizations.
• Configured the syslog, NTP, DNS to use the Templates in a Global Scale along with the Firewall Rules related to this traffic flow.
• Enhanced the Firewalls rules by cleaning any unused rules, zones standardization and combining the shadow rules as necessary with proper rule name terminology.
• Configured Security profiles such as URL Filtering, Threat prevention, Anti-Virus, Anti-Spyware, File Blocking to achieve better security posture.
• Enhanced the security rules by using URL Categories and URL Filtering (Allow list and block list) in Generic rules to access some specific sites.
• Created the shared address objects to reduce the amount of revisions for any IP address Changes.
• Assisted in troubleshooting issues related to PAN firewall configurations (related to USER-ID) and suggested as per the best practices.
• Expertise in utilizing the expedition tool for migration purposes and created pre-post validation runbooks.
• Experience in build and configure of Palo Alto firewalls.
• Configured the master key for Panorama and firewalls.
• Experience in configuring USER-ID for log services being used in QRadar for cyber analysis.
• Performed routine security infrastructure testing and evaluations to identify challenges within the infrastructure and develop a plan for remediation.
• Configured DNS Sinkhole in Anti-Spyware profile of Palo Alto Firewall to identify infected hosts on the protected network and forge a response for DNS query.
• Experience on Firewall Rule change review process and proper risky rule analysis using Tufin.
• Created Visio diagrams for existing state and further state of the deployments.
• Experience on JIRA, Ticketing tool for assigning the tasks and to provide an update on the tasks related to the projects.
• Splunk GUI development for creating Splunk apps, searches, Data models, Dashboards and reports using the Splunk query language.
• Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Worked on change management tool service now for creating new changes and resolving Incident tickets assigned to me.
• Customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Networks (ACN).
• Worked on Cisco switches like 6509, 3850 Stack and the HP procurve 8212, Alcatel switches like 8212, 6972.
• Managed the Core, Distribution, Access layer switches and Routers.
• Configured route redundancy over Firewalls using BGP and OSPF in lab.
• Worked on VISIO for Documentation Purposes.