PROFESSIONAL SUMMARY

• Dynamic and versatile Network Security Administrator/Engineer with 8+ years of outstanding knowledge, skills and expertise, dedicated and committed to providing excellent interconnectivity and networking services, network security and solving networking problems.
• Experience in routing, switching, firewall technologies, system design, implementation, troubleshooting of complex network systems, enterprise network security, wireless design, data network design, capacity management and network growth.
• Experienced network security engineer with proficiency in installing, upgrading, troubleshooting, configuring, and supporting variety of Network & Security Devices.
• Experienced firewall engineer with advanced knowledge of Checkpoint, Fortinet, Cisco ASA 5500 series, JUNOS and Palo Alto PA - 200.
• In-depth knowledge of network security architecture and protocols, security vulnerabilities, network security, and application security.
• In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS and Frame Relay.
• Experience with Firewall migrations from ASA firewall to Palo Alto and Juniper SRX firewall appliances.
• Experience with Bluecoat Proxy servers, LAN & WAN management.
• Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
• Experience in F5 Load balancers such a BIG-IP LTM Modules.
• Knowledge of implementing and troubleshooting complex L2/L3 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP, MPLS and MST.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Palo Alto and Checkpoint.
• Experience in designing and deploying enterprise network security and high availability on Palo Alto NGFW's and Cisco ASA.
• Proficiency with Cisco Security SDM, NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cryptography, VPN, IPsec.
• Experience with f5 load balancers - LTM, GTM series like 6400, 6800.Worked with load balancers to manage corporate applications and their availability.
• Hands-On experience working with firewall models such as Palo Alto's PA-3K and the PA-5K Series Firewalls.
• Experiences also includes working with Checkpoint R77 Series, Cisco ASA 55XX and the Fortinet's 51B, 300C Firewall Series.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k, PA-6k) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Experienced in the evaluation, testing, configuration and implementation of Palo Alto firewall security solutions across enterprise networks. Experience also includes working with other vendor firewalls like Cisco's ASA Firewall, Checkpoint Firewall and the Fortinet Firewall.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Experience with the Infoblox IP Address Management tool.
• Good knowledge in Network function virtualization.
• Knowledge & experience in network protocols & packet analysis.
• Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.
• Excellent troubleshooting skills; tenaciously committed to the thorough resolution of technical issues.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers, SharePoint, File and Print and FTP/SFTP servers.

TECHNICAL SKILLS

Protocols & Standards: TCP/IP Protocol Suite, OSI Model, Ethernet, Token Ring, FDDI, OSPF, EIGRP, RIP, BGP, HSRP, L2/L3/L4/L7 Switching, VLAN's, VMPS, VTP, IPv4, IPv6, ATM, VoIP, LAN, SSL, SNMP V1, V2. T1, DS3.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 2900, 3500, 3700,6500, 4500, 3850,3560, 3750, 2960

Switching: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi - Layer Switch, Ether channels, Transparent Bridging

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600,1800,1700

Routing: OSPF, EIGRP, BGP, RIP v1/v2, PBR, Route Filtering, Redistribution, Summarization, and Static Routing

WAN: Metro Ethernet, MPLS/VPN, Frame Relay, ADSL, TDM (T1/T3), and OTV configuration.

LAN: Trunking Protocols, Link Aggregation, vPC/vPC+, VTP/STP, FCoE, Gigabit Ethernet.

Firewall Platforms: Checkpoint (NGX R65, 3100, 5100, 5900), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks (PA series 2K, 3K and 5K) with panorama 8.0, WAF

Network Monitoring Tools: CSMA/CA, Wire shark, Nmap, Nessus, HP OpenView, OpManager, PRTG Packet Sniffer Servers, Cramer Network inventory and Activation Engine.

Security; Anomaly Detection in attack prevention system, IPS/IDS, Penetration Testing and Web application testing, Buffer Overflows, Cross Site Scripting, Session Management, Cisco PIX, and Security attacks like DoS, DDoS, Spoofing, Nessus & Cisco IOS, Cisco Works

PROFESSIONAL EXPERIENCE

Confidential, Charlotte, NC

Senior Network Security Engineer

Responsibilities:

• Makes recommendations on existing projects to improve network security Created Change Requests, Method of Procedures (MOPS) and assisted on-call migrations and changes.
• Performed Level 3-4 troubleshooting and analysis of disaster recovery issues, security implementations, firewall configurations, vulnerability assessments, and intrusion detection and analyze, customer consultation.
• Creating network object groups and Access Control lists and Object group services on Cisco ASA 5500 as per client needs.
• Telnet into Cisco router to configure and update interface, and subnet TCP/IPv4.
• Used Visio diagram to support the verification of switches and servers in the DMZ.
• Manage the firewall deployment, rules migrations, and firewall administration.
• Responsible for converting existing rule base onto new platforms.
• Experienced provisioning SD-WAN service as automated failover solution for MPLS VPN by Cisco Meraki MX 80 Firewall.
• Experience with Cisco ACI (Application Centric Integration) technology implementation.
• Used QRadar to check logs for troubleshooting firewall as well as network issues.
• Migrated network from EIGRP to OSPF.
• Demonstrated experience with IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Management of proxies, firewalls and F5 load balancers.
• Configuring iRules on F5 Load balancers.
• Migrated from Cisco ASA to Palo Alto.
• Configuring BGP, MPLS in Cisco IOS XR.
• Cisco Meraki Appliance MX (400, 80, 60) and Meraki wireless Access points (MR66,MR18).
• Work on Change Management for migration from Cisco ASA to Palo Alto.
• Used KIWI monitoring tool to troubleshoot network issues.
• Implemented VLAN, VTP domain, Trunking and Ether Channel on Cisco 5500 switches.
• Responsible for performing the engineering lifecycle functions of detailed design, implementation and hand-over to production for part or all of a network technical solution to the client, in accordance with an agreed technical architecture.
• Involved in Implementation and Configuration (Profiles, I Rules) of F5 Big-IP C-4400 load balancers.
• Monitors network performance and implements performance tuning when necessary.
• Worked with IPSEC VPN and B2B VPN design connection and protocols, IPSEC tunnel.
• Provides Local & Wide Area Network and Network Security Support.
• Upgraded with Nexus 9k, 7k and 5k switches to deal with the vulnerability issues.
• Manage firewall/security systems by establishing and enforcing policies.
• Work closely with colleagues to meet team goals and improve processes and practices.
• Performs network and security hardware and software maintenance.
• Worked on Great exposure to SDN and Network virtualization technologies like Cisco ACI.
• Create and maintain detailed network documentation and procedures.
• Performs maintenance and management of assigned security technologies and functions that include firewalls, authentication devices, encryption, event log monitoring, reporting, incident response, security analysis and/or
• Researches, evaluates, designs and implements new/improved security software and/or devices that meet risk management objectives.
• Upgraded Panorama version 7.0 to 8.0 on Palo Alto Firewalls.
• Performs security analysis of assigned systems and functions. Reports findings and makes recommendations for remediation to management.
• Provides third level technical expertise in the identification and resolution of security related issues/events
• Develops, documents and implements new processes and procedures which improve the department’s ability to provide World Standard client service
• Provide support for DMZ’s creating and developing DMZ designs IDS signatures to meet new and emerging technologies threats.
• Troubleshoot, diagnose and resolve complex security attacks.
• Performed DDOS mitigations and analysis.
• Troubleshooting the Network Issues onsite and remotely depending on the severity of the issues.
• Perform research and provide direction on new and emerging security technologies.
• Help to develop response processes, rules and alert notifications.
• Provide communications to management on the threat/risk profile for various networks and data.

Confidential, Austin, TX

Network Security Engineer

Responsibilities:

• Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).
• Involved in Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter VLAN routing, LAN security etc.
• Implemented with Cisco Layer 3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, HSRP, ISL trunk, ether channel.
• Has a good experience working with the Trouble Tickets on F5 Load balancers.
• Implementation and configuration of F5 Big-IP LTM-6400 load balancers.
• Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, EtherChannel implementation on ASR 9K redundant pair.
• Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment.
• Worked on design and deployment of MPLS QOS, MPLS Multicasting per company standards.
• Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series, Access control lists, ISDN, ATM, load balancing switches and configured IPX/SPX, HDLC, BGP, EIGRP, OSPF and VRRP on various sites.
• Setup simplified and traditional VPN communities, and Cisco Any connect.
• Responsible for the secure development lifecycle environment form NX-OS to Application Centric Infrastructure (ACI) in Data center, implemented in the lab environment.
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto.
• Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
• Configured systems log on the Palo Alto firewall and moved the logs to Splunk.
• Worked with Palo Alto firewalls PA5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Worked extensively in Configuring, Monitoring and Troubleshooting Palo Alto with ACL, NAT, Object Groups, Failover and Multi-Contexts.
• Configured, troubleshoot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, hardware or software problems.
• Implementing and troubleshooting (on-call) IPSec VPNs for various business lines and making sure everything is in place. Implementing IPSec and GRE tunnels in VPN technology. Designed, configured, implemented site-site VPN on Cisco ASA 5500 firewall.
• Worked with Data Center Network Manager offers intuitive, multi-fabric topology which supports VXLAN, Layer 2, Virtual Port Channel, Virtual Device Context, Virtual SAN.
• Configured Trunk ports and implements granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network.
• Installing and configuring new Cisco equipment including Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per the requirement of the Organization.
• Worked as a part of data center deployment where we converted from Cisco 6500 to Nexus.
• Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
• Monitored and managed networks using Cisco Works tools and Wireshark.
• Utilize network monitor tools such as Solar Winds to track network problems and outages
• Support customer with the configuration and maintenance of ASA firewall systems. Troubleshooting of protocol-based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow.
• Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.
• Managing and providing support to various project teams with regards to the addition of new equipment such as routers switches and firewalls to the DMZs.

Confidential, Oakland, CA

Network Engineer

Responsibilities:

• Assisted in troubleshooting LAN connectivity and hardware issues in the network of 500 hosts.
• Performed client requirements to provide solutions for network design, configuration, administration, and security.
• Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
• Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Created a backup and recovery policy for software application and verified peripherals are working properly.
• Monitor performance of network and servers to identify potential problems and bottleneck.
• Performed RIP & OSPF routing protocol administration. Support services to reduce the downtime on leased lines.
• Troubleshoot problems day to day basis & provide solutions that would fix the problems within their Network.
• Maintenance and Troubleshooting of connectivity problems using Ping, Traceroute.
• Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issue Other responsibilities included documentation and support other teams
• Designed and Implemented plan for migration from existing Catalyst switches to Nexus and configured NX-OS Virtual Port Channels, Nexus port profiles, Nexus VPC peer links on Nexus 5k and 7k
• Acquitted with Cisco Meraki for Cisco Wireless Devices Monitoring, managing and troubleshooting Cisco Wireless devices using Cisco Meraki.
• Cisco ASA/Checkpoint, Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network.
• Supported and executed migration to F5 BIG-IP LTM/GTM ADC Appliances from Citrix NetScaler
• Maintained BIG IP F5 APM VPN and provided solutions for intricate issues.
• Participated in the installation, configuration, and post-installation routine operational tasks and configuration of the Cisco Nexus Switches.
• Worked with Host Master for shared web hosting and managed Web Application Firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark
• Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH)
• Provided full visibility and notification of authorized and unauthorized network access with the integration of Cisco ASA and NAC solutions. Performed Load balancing using F5 BIG-IP LTM ADC 6400, Cisco ACE 4710.
• Provided redundancy in a multi-homed Border Gateway Protocol (BGP) network by tunings AS-path
• Designed and implemented VLAN using Cisco switch catalyst 1900, 2900, 5000 & 6000 series.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Responsible for Checkpoint, ASA, Palo Alto Firewall management and operations across global networks.
• Analyzed customer application and bandwidth requirements, ordered hardware and circuits and built cost-effective network solutions to accommodate customer requirements and project scope.
• Configured routers and coordinated with LD Carriers and LECs to turn-up new WAN circuits. Configuring, Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and troubleshooting. Responsible for implementing QoS parameter on switching configuration.
• Involved in Design and Implementation of complex networks related to extranet clients.
• Troubleshooting the N/W Routing protocols (BGP, EIGRP, and OSPF) in Migrations and new client connections.
• Manage operational monitoring of equipment capacity/utilization and evaluate the need for upgrades; develop methods for gathering data needed to monitor hardware, software, and communications network performance
• Worked towards the key areas of the project to meet SLA's and to ensure business continuity. Involved in meetings with engineering teams to prepare the configurations according to the requirement.
• Creating change tickets according to the scheduled network changes and implementing the changes.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.

Confidential

Network Engineer

Responsibilities:

• Supported Various CE Routers such as Cisco 3640, Cisco 7200VXR, Cisco 7600 series, Cisco 2600 series for various customer features such as EIBGP load balancing, ORF, EBGP peering.
• Configured and trouble shooted Route-Reflectors to support IBGP peering within the AS.
• Responsible for time to time upgrade network connectivity between branch office and regional office with multiple link paths and routers running HSRP, EIGRP in unequal cost load balancing to build resilient network.
• Managed VLAN architecture and HSRP for default gateway redundancy.
• Supported various LAN environments consisting of Cisco 6500 series switches. Configured ether channels, trunks, VLans, HSRP in a LAN environment.
• Involved in implementation and troubleshooting of protocols and technologies, especially in the following: BGP4, EIGRP, IPv4 and Ethernet.
• Worked on various BGP features such as Route-Refresh, AS-Override, EIBGP load balancing and various BGP attributes such as Local Pref, AS-Path.
• Installed Cisco IOS 12.0 to 12.4 for Routers (Cisco7600, 7200vxr) & configured Switches (3750, 3550, Cat6500).
• Configured QoS to provide proper priority and queuing based on type of the traffic.
• Implemented QoS using CBWFQ, LLQ and DSCP based policies. Configured WRED on egress policies as per Cisco QOS design.
• Participated in on call support in troubleshooting the configuration and installation issues.
• Provided Technical support in terms of upgrading, improving and expanding the network.

Confidential

Network Engineer

Responsibilities:

• Responsible for adding Policies to the SRX 3600, 240, ISG firewalls and monitoring the logs.
• Interacted with the customers and on call support to troubleshoot the issues.
• Responsible for configuring and troubleshooting Juniper Netscreen Firewalls using NSM.
• Worked on Juniper series of firewalls. These include Netscreen 5GT, 208, SSG 5, 140, 550, 550M and high end firewalls like ISG 1000, NS 5200.
• Upgraded IDP on the NSM and migrating firewalls.
• Extensively involved in administration & Maintaining of Netscreen Firewall using GUI and using NSM.
• Involved in configuring and troubleshooting Juniper Firewalls including UTM features like anti-virus, deep inspection (IDP), URL filtering and screening.
• Worked on network analyzing tools like tcpdump, WireShark, for monitoring STRM (Security threat Response Manager), NSM (Network Security Manager) for Juniper firewalls.
• Involved in Implementation, administration: Design / Configuration changes, Defining events/signatures policies and its actions, Logging and Log analysis.
• Responsible for maintaining and updating VPN Gateways for ensuring force of latest Security policy to deny all input requests from all non-compliant devices.
• IPSEC VPN (site-to-site), client to site VPN’s on Cisco 3000 Concentrators and Cisco VPN client.
• Managed Radius Server on Sun Solaris 10 (Sun-Fire-480R) for authentication.
• Handled virus protection servers (McAfee) and deployment of virus scan and desktop firewall across organization to meet 100% compliance of latest DAT files.
• Documented all communication with the clients.
• Provided remote Technical support on implementation of technology using various Juniper Network & Security products and applications and resolve product related issues through research and troubleshooting.