SUMMARY:

• More than 9 years of professional experience in Network engineering with Cisco Certified Network Engineer, performing Network analysis, Implementing, capacity planning with a focus on performance tuning and support of large Networks.
• Experience with Citrix NetScaler VPX, MDX and SDX
• Tufin (Secure App, Secure Change & Secure Track) application/system administration, including system security configuration and optimization.
• Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Extensive working knowledge of Cisco ASA 5500 series firewalls, and Palo Alto Firewalls.
• Implemented and Configured Palo Alto Networks Firewall models and centralized management system to manage large scale firewall deployments.
• Implemented firewalls using Cisco ASA, Cisco PIX, CheckPoint R77 Gaia, R75, VSX, Cluster XL, Provider - 1 /MDM, NGX R65, Firewall-1/VPN-1 NGX R65 Gateways, Secure Platform, imperva web application firewall and VPN gateways.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Firewall Smart Domain Manager command line & GUI, Cisco ASA
• Knowledge of JUNOS platform and worked with code upgrade of Juniper devices.
• Working experience with ACL and NAT techniques on firewalls such as Cisco PIX, Cisco ASA Appliance.
• Managed the upgrades of Cisco WAAS, AP’s, WIPS and Switches.
• Have experience on different network tools like Tufin, Firemon, Algosec, Splunk, IBK Qradar SIEM, ASDM, CSM, Panorama, Juniper NSM, Service Now, Remedy ticketing Systems, Solarwinds and checkpoint Smartlog.
• Helped the customers resolve various issues in the Palo Alto firewalls including related to syslog servers, RADIUS, LDAP, user-IDs, High-Availability issues Dynamic Updates like Anti-virus.
• Advanced knowledge in Cisco ASA 5500 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS, Security risk analysis, attack mitigation & penetration tests based on LPT methodology.
• Working knowledge and experience supporting ITIL/ Project management.
• Implementing security policies using Cryptography, ACL, SDM, PIX Firewall, IPsec, VPN, and AAA Security on different series of routers.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Installed and configured Zscaler cloud proxy (ZIA/ZPA) and bluecoat Proxy SG in the network for web traffic management and Policy configuration.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems using Infoblox.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Experience in working with Cisco Nexus 5k, 7k series Switches and Virtual Port Channel configuration.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Worked on F5 load Balancer, configured Virtual servers, pool, pool members, worked on load balancing methods for LTM, GTM, APM and ASM.
• Experience with F5 Load Balancing.
• Extensive knowledge and experience regarding F5 BIG-IP LTM VIP configuration with health check.
• Extensive knowledge and experience with hosting SSL certificates on F5 platforms.
• Experienced working on network monitoring and analysis tools like, Ix Chariot Pro, SOLAR WINDS, CISCO works and RIVER BED and Wireshark.
• Enterprise Routing experience using protocols ISIS, RIP v1 & 2, EIGRP,OSPF and BGP
• Experience with different Network Management Tools and Sniffers like Wireshark (ethereal), HP-Open view, RSA envision, and Cisco works to support 24 x 7 Network Operation Center.
• Experience with F5 load balancers and Cisco load balancers (CSM, ACE and GSS).
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyses results and implement and delivering solutions as an individual and as part of a team.

PROFESSIONAL EXPERIENCE:

Confidential, Dallas, TX

Security Engineer

Responsibilities:

• Responsible for Check Point, Cisco ASA and Palo-Alto firewalls configuration and administration across global networks.
• Worked with Citrix NetScaler VPX, MDX and SDX.
• Responsible for deployment of Palo Alto Prisma Access Cloud (Global Protect Cloud Service) .
• Provide on call support for Prisma Access project
• Responsible for staging/reviewing/pushing/implementing the desired firewall rule base on Palo Alto (Prisma Access).
• Worked on AWS Security Side in creating VPC’s, Security Groups, NACL’s etc.,
• Supported and executed migration to F5 BIG-IP LTM/GTM ADC Appliances from Citrix NetScaler.
• Designed, Implement and troubleshooted critical NetScaler load balancing issues, Content Switching, NetScaler Gateway, Application Firewall, Rewrite, Responder, SSL Offloading, Compression, Caching.
• Worked with GSLB including static and dynamic-based proximity configurations, ADNS, DNS proxy, zone delegations.
• Providing automated migration, operation, and installation of AWS global infrastructure.
• Design & Implementation of 60+ Fortinet & Cisco ASAv firewalls in On-Perm & AWS for DMZ and Internal VPC on different account along with AWS- Transit Gateway running over IPSec VPN tunnel to On-Perm & Direct Connects.
• Implementation of Fortinet solution, Forti-Manager with 80+ FortiGate firewalls.
• Supported the backbone capacity scaling for AWS backbone network: activated large-scale dark fiber links between Transit-Supported for developing quality assurance testing device for power unit of AWS developed server system.
• Deployed new Hardware to replace End of life Checkpoint Power-1 5070 and UTM-3070 firewalls with new 5100 and 5600 series firewalls and implemented Clustering.
• Worked on Checkpoint R77.30 and R80.10 Management servers and firewalls by managing them via MDS.
• Configured, Administered and troubleshoot the Juniper SRX, Palo Alto, Imperva and ASA firewall.
• Create a new network in the Meraki Dashboard for each site and deploy the configuration template into the new Meraki switches using a Power shell script.
• Configuring new Meraki MS-250 switches and MR40 Access points from scratch.
• Analysis and implementation of firewall and proxy policy and the identification, tracking and remediation of risks related to network security infrastructure.
• Worked on Information Security and Data Loss Prevention methodologies.
• Troubleshooting of infrastructure applications analyzing network traffic behavior and flow, including full packet capture, flow data, and network statistical data
• Working on next generation cyber defense tools. Prior experience in using security analytics solutions and security log management platforms is a plus
• Implementation and manage of Tufin (SecureTrack, SecureApp and SecureChange) in the network infrastructure environment.
• Review Firewall rule conflicts and misconfigurations as well as redundant rules and shadow rules using Tufin.
• Work with Palo Alto App-ID for application visibility, User-ID and URL Filtering on PAN devices.
• Configuring and support different types of NAT on PAN devices. Source/Destination based NAT.
• Firewall Policy provisioning on PAN devices using Web UI as well as Panorama mgmt. platform.
• Configuring Content ID module for customizing threat signatures, Data Filtering, DOS protection.
• Support application migration on the firewall level to the new VMware infrastructure.
• Configure and implement security solutions for various clients as per their requirements in Checkpoint R77, R75, Provider-1, Palo Alto firewalls, Panorama, Cisco ASA firewalls, ASDM and in CSM.
• Working on tickets using Cisco Secure change to stage rules into checkpoint Firewalls.
• Responsible for installation, configuration, maintenance and administration of Palo Alto firewalls PA 50, 7060), PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) firewalls.
• F5 Big-IP load balancer Configuration, layer 7 load balancing using iRules (TCL) and worked with Citrix Netscaler.
• Engineering and configuring Virtual Server, Pools, iRules, Profiles, Persistence, and monitor on F5 LTM to match the configuration the Application had on NetScaler
• Onboarding and Certifying new F5 device to replace End of Support, End of Life legacy F5 appliances.
• F5 BigIP pools, monitors, profiles and VIP's configuration and troubleshooting. iRules scripting using TCL (Tool command language) for HTTP redirection, redirection of HTTP traffic from one data center to another data center, content based redirection.
• Live VIP's cutover from NetScaler to F5 LTM, migrating Citrix NetScaler devices to F5 LTM 8900 Series devices.
• Worked on configuration and maintenance of Webtops and Portal Access, and F5 SSL VPN and network access.
• Configured different load balancing methods on F5 LTM & GTM and worked on one-connect profiles and HTTP compression and several persistence profiles.
• Experience with Firewall Administration, Rule Analysis, Rule Modification
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Documented new VPN enrollments in a database and create standard procedures for further improvement.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering and Wildfire)
• Performed firewall migration from Cisco ASA firewalls to Palo alto firewalls using Expedition tool.
• Working with Level-2 team for code upgrades on Cisco ASA firewalls.
• Implemented Cisco ISE for delivering consistent, highly secure access control across wired and wireless multivendor networks and remote VPN connections.
• Troubleshoot traffic passing managed firewalls via logs and packet captures
• Analyzed and tested network protocols (Ethernet, TCP/IP) using Wireshark tool.
• Provided proactive threat defense with ASA that stops attacks before they spread through the network.
• Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Experience with implementing and maintaining network monitoring systems (Cisco works and HP Open view) and experience with developing complex network design documentation and presentations using VISIO
• Experience on Bluecoat proxy server in configuring URL and content filtering.

Confidential, Los Angeles, CA

Sr. Network Security Engineer - Lead

Responsibilities:

• Deploying and configuring Checkpoint R77 Gaia and Cisco 5540 firewalls in the datacenter environment.
• Configure and implemented firewall rules in Checkpoint, CISCO ASA, CISCO PIX Firewalls and implemented site to site VPNs using Checkpoint firewalls to third party sites.
• Setup a Netscaler appliance in order to load balance internal server/ Exchange and VDI Streaming Servers and/or TFTP load balancing.
• Managing large enterprise network environment containing Checkpoint Firewalls, Palo Alto firewalls, Zscaler cloud proxy, F5 LTM/GTMs/APM, Cisco routers, Switches, and Cisco ASA.
• Installing & configuring firewalls - Checkpoint NG & NGX R75, R77 Gaia, R80.10, Provider-1/MDS and VSX, F5 LTM/GTM/APM load balancers, and Zscaler cloud proxy.
• Experience in implementing AWS direct connect, Transit gateway, VPN and VPC.
• Zscaler cloud security implementation (Zscaler internet access and Zscaler private access) for zero trust security.
• Experience with policy migration from bluecoat to Zscaler cloud proxy.
• Experience on Zscaler GRE Tunnels and Zscaler App.
• Deploy and implemented the complete Zscaler Private Access (ZPA) from end to end.
• Experience on working with Zscaler PAC files.
• Collaborating with Application owners, Network Team, DNS Team, and Firewall Team, to migrate applications from Legacy NetScaler Load Balancer to New F5 BIG-IP Local Traffic Manager.
• F5 migration of applications to new BIG-IP vCMP infrastructure.
• F5 build-out of the base F5 BIG-IP infrastructure, including the BIG-IP 10200v platforms and vCMP guest instances.
• Migrating applications from cisco ACE/CSM to F5LTM, and GSS configurations to F5 GTM wide-ip's.
• Configured and troubleshooting the F5 LTM and APM and providing level 2 support for the customers.
• Configuration and troubleshooting F5 LTM and providing level 2 and level 3 support for the customers.
• Extensive hands on experience with BIG-IP 5000 and 2000 series.
• Allocation and designing appropriate virtual IP for F5 ADC through IPAM InfloBox.
• Licensing and provisioning of F5 modules such as LTM, GTM, VCMP (Virtual Cluster Multi Processing).
• Extensively worked on code upgrades from v11.5.3 to v11.5.3 and downgrades from 12.0.0 to 11.5.4.
• Extensively worked on virtual F5 LTM module on VMware for application testing.
• Experience in analyzing security breaches to understand the root cause, the extent of damage and identifying options for remediation.
• Worked with IR technologies, malware, emerging threats as well as experience in a large corporate environment.
• Implemented Cisco Firepower NGIPS, Imperva Web Application firewalls, OOB solutions, perimeter protection, DMZs.
• Worked with security products and technologies, primarily related to event and incident handling (e.g., SIEM, Security Analytics, HIDS/NIDS, AV, signature and behavioral-based systems), experience using and configuring SIEM and Security Analytics solutions will be desired.
• Implementing Security rules as per the business needs in Checkpoint R77 Gaia, R75.40, Provider-1/MDM/MDS, VSX, Palo Alto, Panorama, Cisco ASA and PIX firewalls.
• Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management
• Worked on firewall optimization tool using Tufin Secure App, Secure Change & Secure Track and monitored logs in SPLUNK
• Proficient in IKEv1 and IKEv2 IPSec site-to-site VPN tunnel creation and troubleshooting, remote-access (client-to-site) IPSec and Any Connect SSL VPNs and integration with RADIUS or LDAP servers for 2 factor authentication.
• Conducted site surveys and performed site survey documentation of AIG sites for US, EMEA and APJAC sites.
• Performing troubleshooting on VPN connectivity issues, slow network connectivity issues, identifying the root Cause of the issues.
• Worked on Cisco Firewall ASA 5500(5510/5540) Series. Performed Security operations in terms of pushing new policies and deploying new rules.
• Worked with enterprise level Wi-Fi configuration, troubleshooting, IP routing, protocols and topologies
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
• Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, routers.
• Troubleshooted daily VDI, Citrix, Netscalar issues.
• Involved with Change ticket, priority tickets and Supporting On-call for Windows, Citrix and Virtual machines.
• Working knowledge about SFP and worked with various ISP for circuit turn ups
• Experienced with strong F5, Viprion Chassis, LTM/GTM and DNS.
• Worked with different ISP globally for any WAN circuit and BGP routing issues. Opening up cases for CE Routers, Riverbed optimizer issues
• Worked on the structure fiber cabling, WAN circuits, network hardware, racks elevation, IDF/MDF layouts, power, server expansion details, Cisco access points, Motorola WIPS, conducted Ekahau wireless sites surveys and network diagrams for existing 25 plus AIG sites.
• Worked with Capacity management on network bandwidth utilization reporting of the sites WAN link and vendor co-ordination for new site turnovers / WAN links.

Confidential, Englewood, CO

Security Engineer

Responsibilities:

• Responsible for Check Point, Cisco ASA and Palo Alto firewalls configuration and administration across global networks.
• Responsible for firewall rule set migration from Cisco ASA to newly implemented Palo Alto.
• Configured and managed security policies using Checkpoint smart dashboard in Provider-1 environment.
• Successfully installed Palo Alto PA-3050, PA-5050 firewalls to secure zones of network.
• Install and maintain Palo Alto firewall configuration to protect cardholder data for payment card industry (PCI).
• Managed and configured all Palo Alto PA 3000 series, PA 5000 series, PA 7000 series firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Implementing and configuring Checkpoint VSX for security gateways.
• Configured and maintained IPSEC, SSL Decryption, high availability, port mirroring, SSL VPN's on Palo Alto Firewalls.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Centrally managed all Palo Alto firewall using Palo Alto Panorama M-100 management server.
• Researched, designed, and replaced aging with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Working on cross-platform Firewall migration: Juniper SSG to Palo Alto and Juniper SSG to Cisco ASA.
• Configure Palo Alto firewall for wild fire feature of Palo Alto.
• Actively use smart view tracker, and Checkpoint CLI for troubleshooting.
• Firewall Policy Optimization using third party tool Tufin.
• Responsible for design and administration of network switches (Cisco), routers (Cisco), and firewalls (Palo Alto and Cisco ASA).
• Worked on Nexus platform7018, 5K series (5548, 5020 and 5010) and FEX (2248, and 2232) and deployed VPC, VDC and OTV and successfully implemented VSS on the Cisco switches.
• Responsible for setup and configuration of Site to Site VPN's, and remote access VPN's using Cisco ASA solutions (ASA 5505 and 5520).
• Working experience with virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques
• VPN User access management on check point firewalls. Use LDAP for identifying user groups
• Created and configured management report and dashboards using Splunk.
• ITIL Based Service Delivery and Management
• Performed upgrade process for Cisco ISE software from version 1.0.4 to 1.1 ADE-OS, patch management and data backup management.
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
• Management of Infoblox DNS IPAM for Microsoft DNS/DHCP setup and management.
• Management of Infoblox Grid Manager to manage DNS Forward and Revers Lookup Zones.

Confidential, St. Louis, MO

Network Security Engineer

Responsibilities:

• Maintaining all the security devices of multiple clients of confidential confidemtial and maintain 99.9% uptime.
• Configure and implement security solutions for various clients as per their requirements in Checkpoint R75, R65, Provider-1, Palo Alto firewalls, Panorama, Cisco ASA 5540, ASDM, PIX 535 firewalls.
• Built Site-to-Site VPN, Remote access VPN, Any connect VPN for different clients.
• Troubleshoot firewall issues and solve them using packet capture mechanisms like TCPDUMP, FW monitor, zdebug, Wireshark, capture and smart view tracker.
• Support complete firewall lifecycle like Change management, Configure management, Incident and response management.
• Deliver complex network security solutions in support of customer billable projects on time and meet business and technical requirements.
• Used Firemon firewall optimization tool, Wireshark and Splunk to analyze logs and perform root cause analysis of critical issues.
• Strong experience in configuring Checkpoint SPLAT, IPSO, Gaia-OS Platforms.
• Worked on migration of Cisco PIX to Cisco ASA firewalls.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Configured Juniper SRX and SSG firewalls using NSM and via CLI.
• Adding zone based rules in Juniper SRX and netscreen SSG firewalls as per client requirements.
• Research attempted or successful efforts to compromise systems security and design countermeasures.
• Maintain hardware, software and network firewalls and encryption protocols.
• Manage security policies to control physical and virtual access to systems.
• Provide information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.