SUMMARY:

Network and Security Engineer with 9 years of strong hands - on experience in planning, designing, implementing, troubleshooting of network devices - Cisco ASA, Cisco FTD, NGIPS, AMP, ACI Fabrics, Palo alto PA-7k, PA-5k, PA-3k, Panorama M-500/600 appliances and Checkpoint Gaia: Provider-1/VSX, Fortinet and Juniper SSG/NSM firewalls, Pulse Secure and Bluecoat Web Proxy. Demonstrated expertise in Enterprise Network & Security Design, implementation, testing in all stages of system development efforts, support of various Network and Security Product Infra and Data: Enterprise Network hardware appliances, great exposure to SDN and network virtualization, Micro Segmentation technologies using Cisco ACI Fabric’s with ESX/NSX-T, Perimeter Security, Web Gateway, Content Filtering, Vulnerability and threat protection, IDS/IPS, DLP, Compliance based Security Solutions, Configure and Troubleshooting IPSEC, GETVPN, DMVPN and SSL VPN’s, Cisco ISE administration. Thorough understanding of OSI layers L1-L7.

AREAS OF EXPERTISE:

• Network and Security hardware upgrades and Maintenance
• Design / Implementation / Managing / Troubleshooting
• Data Integrity / Disaster Recovery
• Data Center Deployment
• Research and Development
• Security Strategy and Standardization methods
• Network Micro Segmentation
• Contingency Planning
• Technical Specifications Development
• Team and Project Leadership

TECHNICAL SKILLS:

Operating Systems: Windows, Linux/Unix, Ubuntu.

Security Technologies: Cisco NGFW Appliances (FTD), Cisco ASA, Cisco Identity Services Engine (ISE),Cisco Web Security Appliance (WSA),Cisco Network Advanced Malware Protection (AMP for Networks),Cisco Endpoint AMP,Cisco Software Defined Access (SDA),Cisco Sandboxing using Threat Grid,VPN Technologies Such as IPSEC, SSL, DMVPN, GETVPN,Cisco ACI Fabric s, Azure Cloud, Amazon VPC, Pulse Secure (Remote Access), Anti-Spoofing, Anti-Malware,TACACS+, RADIUS.

Tools: Log analysis tools Tufin/Splunk, Vision Studio - Python script, Microsoft Visio, PaloAlto Expedition - Migration Tool, Cisco Firepower Migration Tool (FMT) Wireshark, Putty, Secure CRT.

Routing Protocols: RIP v1/v2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization and Static Routing, HSRP, VRRP, GLBP, VLAN, VXLAN, Trunk, Access Ports 801.x, etc.

PROFESSIONAL EXPERIENCE:

Confidential, NY, NY

Sr Network Security Engineer

Responsibilities:

• Gathering the Customer requirement - A workshop is conducted to understand the Customer requirement. A Customer requirement Document is forwarded to the Customer for verification.
• Proposing the design - Based on the requirement, HLD is prepared and given to the Customer for further inputs.
• Getting approval for the design - Once the HLD is approved, LLD is prepared which gives details of the design
• Proof of Concept - Proof of concept is done for the customer.
• Implementing the design - Based on Customer requirement and LLD, the design is implemented at Customer end.
• Supporting the network of Customer - The network support is provided to the Customer along with a Network Ready for Use document as a reference document.
• Act as trusted advisor capable of building solid, long-term relationships with Cisco customers.
• Act as a technical expert with other team members, as well as with other Cisco worldwide teams
• Daily activity involves update/resolution of tickets generated by Change management ticketing system and respond to inbound phone, creating, working on change requests to troubleshoot the connectivity issues.
• Responsible for day-to-day policy changes, which includes creating/modifying/deleting Security Policies to allow/deny the intended traffic.
• Firewalls troubleshooting for L2/3 incidents with significant impact on the operation of the environment.
• Understanding the network infrastructure Risk factors, Security Concerns and plan, document Firewall cleanup process in a best and safest approach without disturbing existing connectivity.
• Designing, documenting, implementing the cleanup project as per the Client-KKR Standards and best practice assessment provided by Paloalto Networks.
• Optimizing and enhancing the usage of Security Policies with Next-Gen Firewall features like App ID, User ID, Content ID, URL Category based rules.
• Maintaining and implementing security strategy and standardization methods for the Cleanup process.
• Coordinating and integrating Paloalto Next-Gen/Cisco FTD Firewalls with Infrastructure Monitoring tools for Real-time managed networks with a comprehensive set of features.
• Analyzing all records and recommend solutions for clients-based networking security measures incudes monitoring the health like CPU, Memory, Capacity Management, Sessions etc.
• Integrating AWS with Panaroma plugin for VM Monitoring enhancements, support for Amazon Elastic Kubernetes Services which includes general configuration, changes, and fixes.
• Synchronously update Security Policies on Firewalls to ensure the deployed EC2 instances in Virtual machines in the AWS Cloud.

Confidential, Fort Worth, TX

Network Security Engineer

Responsibilities:

• Azure Cloud Deployment: Working on building/configuring the new VM Panorama and migrated all Cloud App based VM-PA firewalls to Azure Cloud.
• Worked on Azure Identity and Access Management (IAM) and Role Based Access Control (RBAC)
• Designing, documenting, performed migrations and deployments from Legacy environment to Cisco ACI and Next Gen platforms NSX VMware.
• Migrated end of life OGDC DMZ’s, Core Network Checkpoint R 75.40 firewalls to Next Generation Multi VSYS appliances PaloAlto-7080’s firewalls using Palo Alto migration tool (Expedition tool).
• Migrated Cisco ASA firewalls to Palo alto 5k (Active/Active, Active/Passive mode) firewalls for branches in AMER.
• Performed Checkpoint R77.40, R80., Palo alto troubleshooting and hardware upgrades from 3k, 5k to 7k (DMZ’s and Core Networks), multi-VSYS and Panorama upgrades.
• Performed Code upgrades on Checkpoint and PA firewall periodically from 7.0.9 to 8.1.9 with enabling security features and fixing the software bugs with TAC.
• Maintaining/troubleshooting policies on Pulse Secure Client/Pulse Secure 802.1X for Remote desktop access and mobile access control, Performed code upgrades periodically.
• Implemented Global Protect Client SSL VPN access to the internal corporate network for over 2000 users and configured Two-Factor Authentication on Firewall.
• Configuring, implementing, and maintaining/troubleshooting all security platforms and their associated software, such as IDS/IPS, Anti-virus, Anti-Malware, URL Filtering, Anti-SPAM, Anti-spoofing, Sinkholes, Vulnerability Protection for APAC, AMER, and EMEA location firewalls.
• Configured, operated at Layer-7 of the OSI Models for Web Application Protection, Vulnerability Protection, Data Blocking on Firewall and McAfee-Symantec endpoint protection appliance.
• Monitoring/Reporting log analysis for our managed services offerings, to ensure customer policy and security requirements met using APP ID, User ID and Content ID features.
• Successfully Configured/build over 12 IPSEC VPN tunnels between Confidential and Business on Cisco ASR routers and Azure Cloud, parallel to the High-Risk Projects.
• Worked on Cisco ACS, advanced ASR IPSEC Site-to-Site VPN troubleshooting between Client and Business/Vendor.
• Handled Check Point/PA Firewalls, Cisco Switches, routers, IPSEC VPN troubleshooting for L3/4 incidents with significant impact on the operations of the environment.
• Integrating Cisco ISE with FirePower and managed administration and monitoring both for troubleshooting.

Confidential, Las Vegas, NV

Network Security Operations

Responsibilities:

• Day-to-day activities includes managing Firewall and Bluecoat Policy lifecycle-process from creating, modifying, reviewing, implementing, verifying and maintaining.
• Involved in migrating multiple property Firewalls Juniper SSG/NSM to Checkpoint R77.30/R80.
• Worked on Palo Alto Next-Generation, Fortinet, Checkpoint, Cisco, Juniper NSM Firewalls, F5 Load balancer, Bluecoat web proxy, Splunk Enterprise, Wireshark,and various logs tracking tools.
• Implementing and Managing VPN Networks of the Customer through Checkpoint, Juniper and Palo Alto firewalls.
• Maintaining, troubleshooting Bluecoat proxy, performed code upgrades.
• Adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications and Wireshark.
• Handled third party hardware migrations at Data Center.
• Managed logs using GAIA Multi SmartDomain Manager, Juniper with Network Security Manager.
• Security monitoring process with the help of Log management tools (i.e., Splunk) and Security Information Event Management (SIEM) tools.
• Reviewing and analysing security threats using Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Malware/Antivirus, Radware, and other Security Threat Data Sources.
• Modifying rule-based policies in the Firewalls to the change management processes, using ServiceNow Ticketing tool.
• Configured, implemented, deployed and troubleshooting Hardware/Software security Products, including- SIEM, DLP, Web content filter, email gateway, Web proxy, Firewall, Patch management, and endpoint security solutions.
• Involved in configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site-to-Site VPN tunnels, Flex VPN, GETVPN, DMVPN Phase1/2/3,MPLS/VPN, SSL/VPN.
• Managing Pulse Client Endpoint Security over 3900 users for multiple branches in United States.
• Implementing and Managing VPN Networks of the Customer through Checkpoint R75 firewalls.
• Managed Checkpoint Firewalls using Multi SmartDomain Manager, Juniper with Network Security Manager.
• Analyse and review security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Radware, and other Security Threat Data sources.

Confidential, Winston-Salem, NC

Firewall Engineer

Responsibilities:

• Migration from Checkpoint IPSO to Checkpoint R77.
• Configuration and deployment of Juniper firewalls.
• Configure, administer, and document firewall infrastructure, working with Checkpoint.
• Implementation of firewall rules on R76, R77 GAIA on daily basis using Smart Console, Smart Domain Manager.
• Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new platforms.
• Ensure that notification has sent to all Stakeholders for required changes/upgrades.
• Represent the changes at the weekly change review meetings and update network diagrams and all other applicable documents.
• Managed Smart Center Checkpoint management server (SmartView Tracker).
• Managed Checkpoint Firewalls from the command line (cpconfig and Sysconfig).
• Represent the changes at the weekly change review meetings.

Confidential

Network Engineer

Responsibilities:

• Provided troubleshooting and maintenance services for a LAN/MAN/WAN network infrastructure.
• Monitored, troubleshoot, configured, and deployed LAN/WAN solution.
• PC/LAN support in an Ethernet based TCP/IP (DCHP & STATIC IP allocation).
• Responsible for monitoring & operations of all data network related products and services.
• Firewall Policy Implementation on Checkpoint R62 and R65 using Provider 1.
• Migrated Nokia IP 300 to Checkpoint NGX R65 SPLAT
• Site to site VPN implementation on Checkpoint Firewall R62.
• Configured IPsec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800 Router/ Microsoft VPN Server in order to access certain limited network resources from customer locations.
• Extensive experience in Active Directory, Domain Controllers, DNS, DHCP, WINS, TCP/IP, IPSec, DFS, FRS, VPN, NetBIOS, RIS, Storage Area Networks, Network Attached Storage, RAS and RRAS, and other networking protocols/services and FTP Servers.
• Involved in designing and implementing local area and wide area networks including network servers, workstations, hubs, routers, firewalls, VPN concentrators and other peripheral devices.
• Setup TFTP server to backup, restored configurations and IOS image files for the PIX firewalls, Cisco routers, Catalyst switches.

Confidential

Network Engineer (Internship)

Responsibilities:

• Designed and implemented local area and wide area networks including network servers, workstations, hubs, routers, firewalls, VPN concentrators and other peripheral devices.
• Installed and configured network servers for network monitoring and management, Designed and constructed 32 remote data centers, at plant facility locations.
• Provides troubleshooting and maintenance services for a LAN/WAN network infrastructure.
• Provides high-level design services for inter-network architecture, which could include LANs, routed and switched WANs, and remote access networks.
• Troubleshoot routing protocols EIGRP, OSPF, BGP, VLAN, Trunk, STP, HSRP and GLBP
• Set up TFTP server to backup, and restored configuration and IOS image files for the PIX firewalls, Cisco routers, Catalyst switches.
• Responsible for monitoring & operations of all data network related products and services.
• Extensive experience in Active Directory, Domain Controllers, DNS, DHCP, WINS, TCP/IP, IPSec, DFS, FRS, VPN, NetBIOS, RIS, Storage Area Networks, Citrix, Network Attached Storage, RAS and RRAS, and other networking protocols/services and FTP Servers.
• VMware Administrator in Data Center Environment using ESX server 3.5, 4.0, 4.1 ESXi 4.1, 5.0, 5.1 and VSphere VCenter Server 2.0, 2.5, 4.0, 4.1, 5.0, 5.1 running other VMware Products like VCenter Update Manager 4.0, 4.1, 5.0 VCenter Lab manager 4.0, PlateSpin Migrate, Double-take, VMware View 4.5 and 4.0 and Site Recovery Manager 4.1 4.0.
• Experienced in configuring DNS, DHCP, WINS and Active Directory Services in Windows based server environments.
• Experience working on IBM P/E series, IBM XSeries 346, 3650, 3650m2/m3, HP and Dell Power Edge hardware.