- 8+ yrs. of experience as a Network Security Administrator specializing Network security, Firewalls.
- Experience in the areas of Technical Implementation/Support, Project Management, System Administration, Networking and end - to-end Infrastructure Management
- Experience in installing, configuring and troubleshooting of Checkpoint Firewall
- Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
- In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 Sonnet POS OCX / GigE circuits, Firewalls.
- Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.
- Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
- Expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
- Highly experienced in VPN Implementation IPsec VPN and SSL VPN Server-to-Server and Client-to-Server.
- Experienced in DHCP DNS, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management, and system troubleshooting skills.
- Configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
- Experience in Configuring Checkpoint Clusters with Nokia IPSO and GAIA OS
- Experience in tools like SNMP, AAA, RADIUS and designed VPN with IPSEC security layer.
- Expertise in IP sub netting and worked on various designing and allocation various classes of IP address to the domain.
- Involved in monitoring network traffic and its diagnosis using performance tools like Snort, Snortsnarf, ping tools, and packet player.
- Experience in authentication protocols PAP, CHAP, 802.1x and Port Security and Configuring Security policies including NAT, PAT, VPN, Route-maps, prefix lists and Access Control Lists
- Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, IGRP, BGP etc.
- Experience in Deployed Check Point Provider-1 NGX and configured CMAs
- Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls
- Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 3700 series, 6500 series)
- Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800)
- Knowledge on Nexus 7000, Nexus 5000 and Nexus 2000 switches
Routers: 1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200.
Cisco Switches: (2900, 3500, 4000, 4500, 5000, 5800, 6500, Nexus 2k, 3k, 5kand 7k), MSFC, MSFC2.
Routing Protocol: (BGP, OSPF, EIGRP, IGRP, IGMP, RIP), Routed Protocol TCP/IP, Multicasting (PIM).
Management tools: SNMP, Syslog, HP Open View NNM, Sniffer, and Wireshark
LAN Protocol: VLAN, PVLAN, VTP, Inter-vLAN routing, ISL, dot1q, STP, IS-IS, RSTP, MSTP, ISL PVST, LACP, HSRP, GLBP, VPC, VDC, Ethernet, Port security.
WAN Technology: Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3,MPLS
Network Management: SNMP v2, v3, Cisco Works, 3Com Network Analyzer, MRTG, Solarwinds, and Orion
AAA Architecture: TACACS+, RADIUS, Cisco ACS.
Operating systems: Linux, UNIX, DOS, Windows XP/2007/8, Windows 2003 server and Windows 2008 server
Firewalls: Check Point R65/R70/R75, ISA 2004/2006, Palo Alto PA-500/PA-2K/PA-3K/PA-5K, ASA 5585/5520/5510
Network Security: Knowledge of Firewall, ASA, Cisco FWSM/PIX/ASDM, Cisco ISE, Sourcefire IPS/IDS, Cisco NAC, IPsec, Nokia Checkpoint NG,IPS/IDS(Snor), VPN
Application Protocols: DHCP, DNS, FTP, HTTP, SMTP, TFTP
Documentation: Microsoft Office, Visio
Confidential, CRANSTON, RI
Network Security Architect
- Monitor security events, analyze the results and escalate, when necessary, to the appropriate group for remediation.
- Design, Installation and Troubleshooting with the PALO ALTO Firewalls with the cluster using PANORAMA
- Sandboxing Interface implementation using Palo Alto WildFire
- Firewall Policy Audit based on the script from Firemon for hardening ports and restricting policy based forwarding to the internet
- Operating F5 Big IP and VIPRION systems
- Experience with Splunk Monitoring and Reporting
- Palo Alto Central Management Platform with PANORAMA and WildFire Deployment
- Check Point Unified Threat Management System, Endpoint Protection Designing
- Check Point Firewall Deployment, Upgrade and Administration
- Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration
- Cisco ISE 2.0 Deployment and Profiling Policies
- Blue Coat Web Proxies - ProxySG, Proxy AV, Content Analysis System, PacketShaper, Threat Detection ProxyCAS, Director, Reporter
- HP Tipping Point - Intrusion Prevention Systems
- Imperva - Web Application Firewall
- Day zero APT threat prevention skills
- Designed and Implemented Nexus 7K/5K/2K and Catalyst 6500/4900/3750- X in a complex DC Core/Aggregation/Access layer on a 10G backbone in Production and DR Data Center
- Application Performance Tuning for analysis of networks and enterprise-wide application
- In depth knowledge of configuring and troubleshooting routing protocols including static, dynamic (BGP, OSPF and EIGRP) and PBR.
- Experience with WAN acceleration/optimization technologies such as Riverbed Steelheads appliances.
- Extensive experience in Layer 2 & Layer 3 technologies Install and configure network solutions using routers, switches, network devices from various vendors Cisco & Juniper.
- Experience with fiber channel networking.
- Experienced with Radware/Netronome SSL off loaders
- Experienced with tools like Metasploit/Qualys/Network forensics technologies
- Able to write Windows/UNIX/Python scripts to automate administration
- Cisco routing and switching technologies and devices LAN/ WAN, VPN, Routing protocols, VLANs, Trunking, Cabling, IOS administration
- Develop and publish scans within vulnerability scanning tool (Front Line) for remediation.
- Perform application vulnerability assessments with AppScan.
- Extensive experience on High end Switches & Routers (Juniper Platform).
- Experience of planning & designing big Data Centers and big enterprise Networks
- Mainframe, Windows, UNIX), network security (i.e. firewalls, proxies, IDS/IPS), application security assessment solutions; encryption tools; threat analytics and vulnerability management tools and processes, incident management procedures and forensics experience in operational security monitoring, metrics and reporting
- In depth knowledge of configuring and troubleshooting switching technologies like STP, VTP, Multicast and QOS.
- Knowledge of wireless technologies and terminologies
- Good understanding of Incident and Change Management procedures.
- Ability to clearly relay technical knowledge to both technical and non-technical people, written and verbally
- Experience in information gathering, planning, and execution of large and complex network security projects such as migrations and/or upgrades is an absolute requirement
- Demonstrated in-depth knowledge of LAN/WAN support and engineering design for voice, data and video networks at Access, Aggregation, and Core network locations
- Thorough understanding of modern service provider TCP/IP data networks using standards and technologies including but not limited to: MPLS, IS-IS, OSPF, BGP4, STP, RSTP, 802.1q, 802.1ah, ADSL2+
- Superior knowledge, skills and experience with Cisco routing hardware, software, protocols etc.
- Strong working knowledge of structured cabling systems, network facilities, electrical, UPS, etc.
- Ability to work alone as an individual contributor, as a technical lead and as a participant in a team environment.
- Experienced in Checkpoint Security Gateway appliances (Power-1 series)
- Managing and Troubleshooting Checkpoint Security Management appliances (Smart-1 series)
- TCP/IP networking and troubleshooting, protocol analysis
- Network security fundamentals and design
- Network management systems
- Data center network design and operations
- Working knowledge of servers, PCs, operating systems, and application software.
- Leads and/or participates in the design, development, and implementation of complex system engineering activities involving cross-functional technical support, systems programming and data center capabilities.
- Responsible for components of highly complex engineering and/or analytical tasks and activities.
- Establishes input/output processes and working parameters for hardware/software compatibility, coordination of subsystems design, and integration of total system.
- Viewed as a technology subject matter expert; able to provide and communicate complex technology solutions across differing audiences including technical, managerial, business executives, and/or vendors.
- Will have responsibility for multiple, complex projects; will direct activities of teams related to special initiatives or operations and may have direct reports.
- Leads the resolution process for complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results.
- Designed and Implemented Overlay Network Management Network to manage all our Production Devices with Syslog, Cisco Secure ACS, TACACS+ and Solarwinds NPM.
- Installed and Configured Cisco ASA G Firewall at Database & App Server Layer
- Installed and Configured Checkpoint Firewall in Internet Edge
- Configured/Troubleshoot Site to Site VPN tunnels with our clients on Cisco ASA 5500 Platform
- Design and Deploy Network Design with a detailed Implementation and Test Plan
- Performs analysis and diagnosis of highly complex networking problems in the Data Center Environment.
Lead Network and Security Engineer
- Designed, installed, configured & commissioned Palo Alto, Cisco Network
- Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, VPN
- Prepared presentations and Visio diagrams
- Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance
- Firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls
- Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
- Monitored the MPLS network and coordinated new circuit installations
- Exposed to best practice design & Implementation methodology
- Identified, isolated and resolved network security problems
- Work on different networking concepts and routing protocols like BGP, EIGRP, OSPF, VRFS, Tunnels, L2TP, and VPLS and other LAN/WAN technologies.
- Managed remote access Palo Alto, Cisco VPN, webvpn and AnyConnect
- Performed intrusion detection and intrusion prevention using Cisco Sourcefire IDS/IPS
- Experience with Problem and Change Management processes and applications
- Extranet changes to Cisco 6513, 6509 and 7204 series devices including FWSM firewall changes, routing switching changes and Juniper Netscreen based SSL VPN and ISG.
- Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
- Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smartview monitor etc.
- Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
- Actively responsible for PIX 7.x/8.x, ASA 8.x and Cisco FWSM 2.x/3.x upgrades and network refresh projects and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ/ASZ Implementation and Troubleshooting.
- Hands on Experience working with security issue like applying ACL's, configuring NAT and VPN
- Documenting and Log analyzing the Cisco PIX series firewall
- Configured BGP for CE to PE route advertisement inside the lab environment
- Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues.
Confidential, El Dorado Hills, CA
Network Security Engineer
- Configuring firewall filters, routing instances, policy options.
- Dealt with creating VIP(virtual servers), pools, nodes and applying rules for the virtual servers like cookie persistency, redirection of the URL
- Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
- Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided support
- Implemented Positive Enforcement Model with the help of Palo Alto Networks.
- Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
- Exposure to wild fire feature of Palo Alto.
- Responsible for configuring policies in Palo Alto device.
- Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
- Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
- PANDB migration and code upgrades for Palo Alto Firewall
- Configured and managed policies on Palo Alto firewalls using Panorama GUI.
- Checkpoint firewall policy administration and support between various zones.
- Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
- Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
- Built and support VRRP / Cluster based HA of Checkpoint firewalls.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
- Co-ordinate with the Data Network and Security team and come up with possible solutions.
- Configuring and install hardware and software required to conduct network penetration testing.
- Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment and Implemented standard configuration template scripts in various network devices for snmp v2, logging, and ntp.
- User admin on the firewalls, adding and deleting users as they come and go.
- Configuring VLAN’s, Trunking and routing part for Cisco Catalyst 6500, 4500, 3750, 2980 switches.
- Assist in the migration from Cisco 6500 equipment to Cisco Nexus 7000 equipment and stacked Catalyst 3850 switches.
- Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
- In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts, Planning and implementation of OSPF protocol and internet IBGP and EBGP peering relationship with other ISP
Confidential, NYC, NY
Checkpoint Security Engineer
- Planned, installed, monitored and was the single point of contact for all intrusion detection for client systems. Monitored and maintained client firewall, intrusion detection systems and VPN systems including (Checkpoint FW-1/VPN-1/Cisco PIX/SecureVPN /SecureIDS).
- Perform Checkpoint and PIX firewall/IDS design, integration and implementation for Cyber Trap client networks
- Monitor the ticket queue for incoming tickets, update tickets in accordance to Service Level Agreement (SLAs) requirements and, escalate based on severity levels using Axios Assyst.
- Perform network security, administration, analysis, and problem resolution for networks, including NT 4.0, Windows 2000, UNIX (Solaris & BSD), CISCO, TCP/IP, and Checkpoint firewalls
- Implemented and troubleshooting the Virtual firewalls (Contexts) solutions in ASA
- Responsible for installation, troubleshooting of firewalls (Cisco firewalls, Checkpoint firewalls and Juniper firewalls,) and related software, and LAN/WAN protocols.
- Troubleshooting the VPN tunnels by analyzing the debug logs and packet captures
- Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
- Planning, designing and implementing a secure ODC Network setup for upcoming projects.
- Responsible for implementing Data Center Security best practice, audit and compliance (PCI/SOX/DOD) requirements.
- Automation of security operations and optimizing the usage of infrastructure.
- Responsible for managing Network & Security Engineering implementation that architect, design, builds, manages and supports Network and Security Infrastructure and Data Centers.
- Configured redundant interfaces, DHCP server, DHCP relay, ntp settings, and sub interfaces on firewalls.
- Implemented the redundancy for ACS servers by replicating the database between primary & secondary servers.
- Maintain the periodical software update on security devices depends upon the bugs fixed with the new software releases.
- Testing the new features/Product in the lab and preparing the reports.
- Maintain the security standards across the security devices as per the security policies. IDS/IPS Signature updates and CSM Management.
Confidential, South Deerfield, MA
- Designed and Configuring the WAN infrastructure, consisting of multiple T1 and T3 lines, Cisco routers, Cisco switches, Load balancers, Dell and Sun servers.
- Redesign of Internet connectivity infrastructure for meeting bandwidth requirements. This involved negotiating with ISPs, switching from T1 to Flexible T3 lines and configuring/replacing existing Cisco 1605 series routers with Cisco 3640 routers.
- Optimized performance of the WAN network consisting of Cisco 4500/5500 switches by configuring VLANs.
- Experienced with Cisco catalyst switches 5xxx,4xxx, 29xx,19xx and RSM and Cisco Routers 7500,7200,4000,3600,2600,2500
- Implementation of Checkpoint Firewall 4.1 to protect and authenticate local-net and DMZ. Defined policies, NAT and anti-spoofing for internal, external networks as well as Internet gateways.
- Configured and worked on Inbound and outbound Load balancer using product called Link Proof, WSD by Radware Inc.
- Fully configured the Linkproof with Smart NAT* for Optimal content routing that ensures the fastest inbound and outbound content delivery
- Designed and Configured Web Server Farms, to increased performance through intelligent traffic, Bandwidth management and enhanced application security using WSD.
- Configured Web Trends for Real-time web traffic analysis and e-commerce Analysis
- Enabled remote users to access corporate LAN with VPN connectivity.
- Implemented Fiber channel disk arrays with Dell PowerVault 650F.
- Evaluating and creating a plan to deploy Windows 2000 Advanced server in a separate domain (Active Directory Services), to be integrated into existing environment once the production environment is ready to migrate to Windows 2000 ADS model. Installed and configure BackOffice 4.5 on this server.
- Monitoring and managing network resources using HP Openview by implementing policies and creating custom events.
- Worked with various ISP providers, InterNIC, providing online WAN tech support.
- Systems Management of complete MS Exchange 5.5 Infrastructure.
- Created and deployed desktop images using Symantec Ghost 5.1c.
- Documentation of all the work done using Visio, Excel and MS word.
Help Desk Representative/Support
- Configuration and maintenance of Checkpoint NGX R61.
- Firewall policy rules implementation on Cisco ASA 5510 and 5520 firewalls.
- Site to Site and Remote access VPN implementation.
- NAT and PAT configuration
- Cisco access-list (ACL) and route-map skills with a high level of understanding of IP Routing in a large global enterprise network.
- Installation and administration of IDS - SNORT
- Implementing and Troubleshooting of Cisco ACS Software with Ver 3.3,4.0,4.1
- Firewall Log reviewing using RSA Envision.
- Experience in working with routing protocols such as RIP2/OSPF.
- Troubleshooting & Recovery of IOS using TFTP for the Networking & Security device.
- Installing, Configuring and Troubleshooting Cisco Routers (1700, 1800, 2500, 2600, 3200, 3600, 3700, 3800, and 7200).
- Installed and Configured Cisco (2950, 3750, 4500, 5000, 6500 Series switches).
- Implementing and Troubleshooting of VLAN.
- Implementing & Administration of Zoning Architecture project (Imp of various zone like Server, Intra & Internet Zone).
- Performance Monitoring for Networking Devices using MRTG
- Installation of Cisco wireless access points.
- Network Establishment & IP Allocation for the Business.