We provide IT Staff Augmentation Services!

Network Security Engineer/access Layer Engineer Resume

Maplewood, MN

TECHNICAL SKILLS:

Firewall: Palo Alto PAN OS version 5.0/6.0/7.0/9.0. Checkpoint (Both Physical and VSX) R75/R76/R77/R80. Cisco ASA Version 8/9. Fortigate 3950B, Bluecoat, Juniper SRX/NetScreen

Firewall Management Tool: Tufin, Firemon

Cloud: Azure and AWS

VPN Solution: Pulse secure VPN, Nortel Connectivity 600 & Nortel 5000 VPN Routers

Network Switches: Cisco Catalyst 3550, 3750, 45XX, 65XX, 93XX series

Load Balancer: F5 BIG - IP LTM, F5 BIG-IP GTM, A10

Routers: Cisco 26XX, 28XX, 37XX, 38XX, 39XX series

Language: TCL, PowerShell, Python.

Skills: Palo Alto - 4 Years. Checkpoint - 6 years. Cisco ASA - 3 years. F5 - 4 years. Firewall - 7 years

PROFESSIONAL EXPERIENCE:

Confidential, Maplewood, MN

Network Security Engineer/Access Layer Engineer

Responsibilities:

  • Checkpoint management (MDS) R7 .20 migration (Both VSX and Physical Server).
  • Checkpoint R80 to Palo alto PANOS 9 migration.
  • Built and deployed palo alto firewalls in AWS cloud environment.
  • Palo alto operations and every day rule implementation based on request.
  • Consolidated and upgraded 5 different R77.30 Domain management Server to single new R80.20 Multi-Domain Server.
  • Also, recently upgraded MDS from R80.20 to R80.40 along with all teh Domain Management servers.
  • Built and deployed firewall boxes (Checkpoint GAIA and GAIA Embedded) from teh scratch.
  • Built and dashboarded Check Point UTMs - Firewall, Advanced Routing (OSPF), Identity Awareness, and Application Control.
  • Resolving remedy tickets as day to day operations both on Palo Alto and Checkpoint.
  • Used Tufin SecureTrack and SecureChange to address rule modifications.
  • Setting up site to site VPN tunnels based on request.
  • Created Virtual Servers on F5 LTM.
  • Created and shutting down nodes for maintenance in F5 LTM module.
  • Configured switches with NAC VLANs and deployed cisco catalyst 4500, 3750, 3500, 2900 series switches.
  • Extensively worked on leading deployment calls for checkpoint firewall deployments and acted as a lead troubleshooting layer 3/ layer 4 issues during teh deployment.
  • Configured NAC VLAN SSIDs on teh Cisco WLCs.
  • Extensively worked on troubleshooting gateways solving issues related to ClusterXL.
  • Broad knowledge of networks by troubleshooting closely with other teams such as clear pass, DHCP, LAN and WAN.
  • Performed hotfix and gold code upgrades constantly.
  • Used TCPDUMP, Zdebug and FWMonitor tools for troubleshooting from CLI.
  • Performed monitoring by using Logs monitor.

Confidential, Johnston, IA

F5 Cloud Engineer

Responsibilities:

  • Design, configure and implement Virtual F5 Web Application Firewall (ASM), Local Traffic Manager (LTM), DNS and Access Policy Manager (APM) in teh Azure Cloud Environment.
  • Work on Visual Studio Team Services (VSTS) IDE to build, test and deploy F5 to Microsoft Azure (Infrastructure as a Code).
  • Prepare ARM template API in a JSON file for F5 deployments with windows Powershell to manage teh deployments.
  • Create ASM Security policy to identify web attacks on all critical web application and create necessary action plan.
  • Configure APM for authorization/authentication (SAML,OpenID support)
  • Create iRules for APM and ASM.
  • Configure DNS listeners. Accelerating DNS resolution with DNS Express, DNS cache, and DNS server load balancing.
  • Install teh F5 upgrades, Hot-fix installations depending on Business need.
  • Prepare all F5 devices for audit and fix any issues related to security, manageability, maintainability, Interoperability & scalability
  • Ensure highly redundant performance and availability of teh F5 systems.
  • Create standardized deployment models, components, and scripts for execution of new solutions.
  • Deploy teh security standards for all teh regions

Confidential, Maplewood, MN

Network Security Engineer/Access Layer Engineer

Responsibilities:

  • Built and deployed firewall boxes (Checkpoint GAIA and GAIA Embedded) from teh scratch.
  • Built and dashboarded Check Point UTMs - Firewall, Anti-Virus, Anti-Bot, IDS/IPS, Advanced Routing (OSPF), Identity Awareness, and Application Control.
  • Experience in layer-3 Routing and layer-2 Switching.
  • Configured switches with NAC VLANs and deployed cisco catalyst 4500, 3750, 3500, 2900 series switches.
  • Configured NAC VLAN SSIDs on teh Cisco WLCs.
  • Performed IOS upgrades on WLCs.
  • Configured Checkpoint with OSPF for Layer 3 routing.
  • Extensively worked on troubleshooting gateways solving issues related to ClusterXL.
  • Worked on MDM (Checkpoint Provider-1) Management and logging servers - 4 servers - 2 Mgmt 2 Log. 11 domains * 4 servers = 44 CMAs / Log Servers.
  • Taking support tickets / troubleshooting UTMs.
  • Worked on upgrade and patching procedures to ensure 3M up time.
  • Code Upgrades from 7 .20/77.30 and from 7 .30
  • Performed hotfix upgrades constantly.
  • Used packet capture to troubleshoot teh traffic and analyzed in wireshark.
  • Used TCPDUMP and FWMonitor for troubleshooting from CLI.
  • Performed monitoring by using Smartview Tracker and SmartLog.
  • Experienced in designing local area networks and participating in network projects and local area network design.
  • Led migrations from old equipment to new equipment and Implemented standards dat have been globally developed.

Confidential, Elmsford, NY

Palo Alto Firewall and F5 Engineer

Responsibilities:

  • Worked extensively on Data Center Palo Alto firewalls and F5 BIG-IP LTM.
  • Responsible for Check Point, Cisco ASA and Palo-Alto firewalls configuration and administration across global networks.
  • Configured Site-Site VPN on Palo Alto, Checkpoint, Cisco ASA, Juniper SRX and Fortigate.
  • Implemented many number of security policy rules and NAT policy rules on Palo Alto, created Zones, Implemented Palo Alto Firewall interface and VLAN.
  • Analyzed teh Policy rules, monitor logs and documented teh Network/Traffic flow Diagram of teh Palo Alto Firewalls placed in teh Data Center with MS Visio.
  • Extensive implementation of firewall rules on checkpoint R77 GAIA on daily basis using SmartDashboard.
  • Provided daily Palo Alto firewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone based integration, and analyzing syslog’s, and utilizing wild fire feature in Panorama 7.1.
  • Worked with Palo Alto firewalls PA 3050/5020/5050 using Panorama servers, performing changes to monitor/block/allow teh traffic on teh firewall.
  • Worked on F5 BIG-IP Local Traffic Manager (LTM) to automate, and customize applications in a reliable, secure, and optimized way.
  • Configured Global traffic services and policies.
  • Written iRules for redirecting teh traffic, configured Virtual Servers, Profiles, Policies and issued/created SSL server and client s.
  • Configured HA Active/Standby failover on F5 BIG-IP LTM and deployed teh boxes.
  • Configuration, troubleshooting Checkpoint Firewall using R77 SmartView Tracker and Monitor.
  • Worked extensively on addressing teh audit issues and mitigating teh failed controls.
  • Collapsing teh existing firewall rules and fine-tuning teh firewall policies for better performance.
  • Configured systems log on teh Palo Alto firewall and moved teh logs to Splunk.
  • Policy Reviewing, Audit and cleanup of teh un-used rule on teh firewall using Splunk.
  • Working with different teams to gather info for teh new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker in checkpoint.
  • Configuring and troubleshooting site-to-site IPSEC VPN tunnels on cisco routers for third party connectivity.
  • Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint and Palo Alto firewalls.

Confidential, Houston, TX

Network Security Engineer

Responsibilities:

  • Worked primarily as a part of teh security team and daily tasks included firewall rule analysis, rule modification and administration in Cisco ASA, Checkpoint and Palo Alto.
  • Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
  • Successfully installed Palo Alto PA-3060 firewalls to protect Data Centre and provided L3 support for routers/switches/firewalls.
  • Implemented Positive Enforcement Model with teh help of Palo Alto Networks.
  • Configured and maintained IPSEC on PA-5050 Palo Alto Firewalls.
  • Implemented Zone Based Firewalling and Security Rules on teh Palo Alto Firewall
  • Exposure to wild fire feature of Palo Alto.
  • Firewall policy clean up using Firemon.
  • Configured packet capturing and SSL decryption on Palo Alto.
  • Applied ACLs for Internet access to teh servers using Cisco 5550 ASA firewall and performed NAT.
  • Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
  • Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
  • Checkpoint Firewall Log review and analysis and troubleshoot connectivity issues.
  • Configuring HA on Checkpoint security gateways using cluster XL and VRRP.
  • Created multiple policies and pushed them in to Checkpoint Firewall (Gateways) and configured Threat Prevention software blades from teh scratch (Antivirus, Identity awareness, Anti-Bot, URL filtering).
  • Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Checkpoint firewalls.
  • Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
  • Involved in teh configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP IPv4/IPv6 and configured IP access filter policies.
  • Troubleshooting teh TCP/IP networks for connectivity, outages and slow network issues and recommended appropriate and cost-effective solutions for teh congestion.
  • Scripting done through PowerShell.
  • Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.

Confidential

Network Support Engineer

Responsibilities:

  • Initially did onsite analysis, diagnosis and resolution of desktop problems for end users.
  • Installed and managed Cisco Catalyst 3500XL, & 2960 series Switches and Cisco 1800, 3900 series routers
  • Routing Protocols (RIP, RIP V2, IGRP, EIGRP, OSPF), Virtual LANs, LAN, WAN and Ethernet.
  • Coordinated with senior engineers with BGP/OSPF routing policies and designs, worked on implementation strategies for teh expansion of teh MPLS VPN networks
  • Frame Relay, ISDN, PPP, HDLC, Network Troubleshooting using CLI Show commands, PING, Trace route, telnet.
  • Switching tasks include VTP, ISL/802.1q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP
  • Analyzing teh IPS logs and adjusting teh protect mode
  • New firewall design, installation, routing configuration & implementation. Manage and support Remote Access VPN setup for users and field locations with Nortel VPN Captivity Switch, RSA Secure IDS two-factor authentication and Juniper SSL VPN
  • Configuring, supporting, and maintaining routers, switches, network appliances, firewalls, concentrators, and other communication devices
  • Involved in teh maintenance and monitoring of our LANs/WANs using Cisco, Enterasys and Extreme networks equipment, Riverbed WAN accelerators.
  • Providing VPN and SSH access as per role and considering security breaches. Performing Firewall rule analysis and make decisions on risk to customer network.
  • Solarwinds Administrator: Reported teh daily utilization of critical sites to managers, and analyses teh network issues from teh netflow.
  • Experience with designing, deploying and troubleshooting LAN, WAN, Frame-Relay, and Ether-channel.
  • Experience in Configuring and implementing VLAN, VTP, LAN switching, STP and 802.x authentication in access layer switches

Hire Now