SUMMARY

• Over all 9+ years of experience in IT. Started Career as a Network Security Administrator and moved into consulting, specializing in Information and Network Security and gained expertise in security planning, implementation and management of network devices and security devices.
• Extensive hands - on experience in planning, designing and implementation of Corporate Perimeter and DMZ Firewalls architecture. Configuring and troubleshooting - Cisco PIX, ASA, FWSM, Checkpoint and WatchGuard Firewalls.
• Possess in-depth knowledge of designing, planning implementing and troubleshooting of different type of VPN solutions like IPSEC, DMVPN, GETVPN, GRE over IPSEC, EasyVPN, and SSL VPN on CISCO devices (ASA/PIX and Routers), Checkpoint (12000 and IP 690) appliances and WatchGuard UTM appliances.
• Expertise in implementing Network Intrusion Prevention System in different modes (Promiscuous, Inline Interface and Inline VLAN Pair) on CISCO NIDS devices, and Checkpoint Blades. Experience in configuring and fine tuning of signatures on NIDS/NIPS based on organization security policy.
• LAN experience includes installation, configuration, and management of Cisco catalyst switches in a multilayer switching environment on Cisco L2 and L3 Switches (3500, 3600 and 6500) series as per Cisco 3-tier Architecture (Core, Distribution and Access).
• Experience of implementing and troubleshooting complex layer 2 technologies such as VLAN, Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP as First Hop Redundancy protocol.
• Experience of management, installation and configuration of Nexus 7k, Nexus 5k and Nexus 2K in Data Center with concept of VDC, Fabric extender (FEX), VPC, HSRP and Routing Implementation (OSPF, EIGRP).
• Good Hands on experience in Cisco IOS for configuration and troubleshooting of routing protocols: RIP v2, OSPF, EIGRP and basic understanding of BGP. Experience with working in large Enterprise environment for redistribution of routing protocols.
• Excellent experience of performing Vulnerability Assessment for Network/Security Devices (Firewalls, Router, Switch) and for Server Infrastructure (Windows and UNIX) environment.
• Strong knowledge of ITIL integration and Leveraged ITIL model for Security Management Architecture development/planning.
• Designing and implementation of security solution for Cloud computing environment at perimeter level and end point security solutions. Comprehensive understanding of networking concepts pertaining to WAN, security protocols, IT communication, WAN protocols, Security Devices Administration and maintenance in multi-platform environments
• An effective communicator with exceptional relationship management skills. Known for strong Project/Release Management, team building/mentoring, architectural design and analysis, implementing projects on-time and within budget.

TECHNICAL SKILLS

Hardware Platforms: Firewalls - Cisco ASA Firewalls including ASA 5580, 5550, 5540, 5520 and PIX 535, 515E, FWSM, Checkpoint Appliances IP 690 series, 1200 Series. V-shield VMware End point Firewalls, Network Intrusion Prevention System - AIP-SSM Modules on ASA 5500 Series appliances, IDSM Modules on Cisco 6500 Switches. IDS 4200 Devices. Checkpoint NIPS Blades in UTM devices and IP 690 Appliances,Network Switch - Cisco Catalyst 6500, 3500, 3600 Series and Nexus 7k, 5K and 2k Series.,Content Filter and Proxy - McAfee Webwasher and Websense,Vulnerability Assessment - QualysGuard

Operating Systems: Firewall and NIDS - Cisco Firewall IOS 6.X, 7.X and 8.X, Cisco IPS OS 5.X, 6.X and 7.X Cisco Catalyst IOS 12.X, FWSM 3.X and 4.X, Cisco CSM 4.X. IPSO - 6.X, Checkpoint R70.XX and R75.XX, Nexus Devices 5.X and 6.X,Microsoft Desktop - Windows 95, 98, XP and 7,Microsoft Server and Active Directory - Windows 2003 and Windows 2008,Unix - Basic knowledge of RHEL and Novell SUSE

Protocols: Authentication - Radius, TACACS and LDAP,Application - POP/SMTP/IMAP/SMTPS/IMAPS, SFTP/FTP, SNMP DHCP, DNS and SMB.

PROFESSIONAL EXPERIENCE

Confidential - Warren, MI

Security and Network Administrator

Responsibilities:

• Provide operational support to the network primarily consisting of equipment Check Point Firewalls, Cisco PIX, and Cisco ASA 90+ firewall appliances by deploying firewall rules, NAT and troubleshooting L3 operational issue.
• Design and implementation of site to site VPN tunnels for third party business partners at various zones including DMZ on CISCO ASA/Router devices.
• Participated in designing and implementation of security solution (Firewalls and NIDS) for Data Centers in cloud computing environment.
• Implementation of Checkpoint SNX SSL VPN solution integrated with LDAP and Verizon public certificate for Cloud computing DC to allow agency administrators to manage their infrastructures.
• Integration of NIDS/NIPS systems of CISCO (AIP-SSM, IDSM, NIDS appliance) through CSM 5.x for centralized management.
• Participate in the deployment of new firewalls (over 30) in six new datacenters. The project included the installation and configuration of all new firewalls and the move to production of the new devices to allow applications to be migrated to the new datacenter space.
• Analyze and implement firewall rules in Cloud computing environment at perimeter level for new agencies taking space in Cloud environment.
• Part of emergency response team that provides 24x7 deep level supports for network security incident related issues.
• Management and handling operations issues of Nexus 7K and Nexus 5K devices in Data Center as L2 Engineer.
• Working with CISCO team to develop road map of IOS for 2012 and 2013 for security devices in GM by simulating production environment in CISCO labs and testing various codes for firewalls and NIDS.
• Implementation of Layer-2/Layer-3 switching solution such as VLAN creation as per new requirement in DC on both catalyst and Nexus devices as L2 Engineer. Also troubleshooting the operational issue of switching and routing at Data Center level.
• Implementation of EIGRP/OSPF routing in Data Center enhancement project within existing environment.
• Performing signature updates on all CISCO NIDS using CSM 5.x across entire geography whenever new signature released by CISCO.
• Implemented QualysGuard appliances for Vulnerability Assessment and Policy Compliance scan across the environment.
• Managing team of 6 associates who Performs Vulnerability Assessment and Policy Compliance scans for all servers, network and security devices every month using QualysGuard.

Environment: CISCO ASA 5520/5580/5540/ 5585/ FWSM, Checkpoint IP 690/12000, CISO NIDS 4240/4260/IDSM, Cisco Catalyst 3750/3550/3500/2960/6509 CISCO Nexus 7018/70105010/5548.

Confidential, WI

Security and Network Administrator

Responsibilities:

• Management of more than 120 + ASA/PIX firewalls from daily operation basis.
• Managing McAfee web-washer content filtering solution implemented in the environment.
• Designed and Implemented DMVPN VPN solutions for connecting various small offices and regional location to main KC Data Center.
• Implemented Cisco NIDS appliance in promiscuous mode across data centers for SOX related applications.
• Implemented new Cisco firewalls in context (virtualization) mode across DC for cost effective security solution.
• Assisted customers with completing security escalation forms for risk assessments of applications that need to be reviewed by information security team.
• Worked in supporting, tuning and monitoring Cisco Intrusion Prevention Systems.
• Management of the connectivity of remote offices through Easy VPN on CISCO IOS routers.
• Upgraded IOS on firewall 7.2.x to 8.1 for 120 + firewalls managed by team.
• Configured VLANs with 802.1q tagging, ether channel, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Preparation of RCA (Root Cause Analysis) report for identifying and correcting for any security incident.
• Analyzed current outbound traffic patterns/usage (Source IP, Destination IP, Port, Service etc.) at various Internet gateway device locations, by using log analysis SIEM solution RSA EnVision and optimized the rules deployed at perimeter firewalls.
• Worked with corporate security team to prepare Technical Security standard of firewall and NIDS across the organization.
• Managing campus environment on Catalyst 3500 and 3600 environment configured in stacks and by running OSPF routing algorithm.

Environment: CISCO ASA 5540/5580, CISCO PIX 535,535, CISO NIDS 4240/4260, Cisco Catalyst 3750/3550/3500/2960/6509 , CISCO Nexus 5010/5548/7018/701 , McAfee Web Washer, CISCO Routers

Confidential

Network Security Engineer

Responsibilities:

• Designed, planned and implementation of firewalls and NIDS in new Data Centers.
• Implemented 20 checkpoints/ CISCO ASA in High Availability mode.
• Configured ASA firewall in virtual context to provide cost effective solution.
• Implemented 10 CISCO NIDS appliance in inline VLAN pair mode.
• Performed fine tuning of signatures for CISCO NIDS based on security policy of organization.
• Coordinated and performed failover drill after successful implementation of DR data center.

Environment: CISCO ASA, CISCO NIDS Appliances and Checkpoint Firewalls appliances.

Confidential

Network Security Engineer

Responsibilities:

• Designed, Planned and Implementation of firewalls and NIDS in Host Standby DR data centers site.
• Implemented 4 checkpoints and 4 CISCO ASA in High Availability mode.
• Implemented 4 CISCO NIDS appliance in promiscuous mode.
• Coordinated and performed failover drill after successful implementation of DR data center.

Environment: CISCO ASA, CISCO NIDS Appliances and Checkpoint Firewalls appliances.

Confidential

Network Security Engineer

Responsibilities:

• Installation and configuration of CISCO PIX and ASA Firewalls models taking remote access of firewalls.
• Configuration of different kind of VPNs as per client’s requirements on CISCO products by taking remote access.
• Supporting Network Administrators in implementation of new CISCO ASA/PIX firewalls based on network requirements.
• Supporting CISCO user in implementation and troubleshooting of NAT, ACLs any network issue by taking remote access of firewalls.
• Simulating any issue reported by customer in lab environment and provide the solution of the problem.
• Working with administrators for integrating firewalls with centralized AAA solution.
• Working with development team for any bug reported by customer and working closely to take it till closure.
• Implementation and troubleshooting of VPN solutions like IPSEC, DMVPN and RUVPN for customers by taking remote access of the devices.
• Supporting installation and troubleshooting of NIDS related issue for all CISCO NIDS modules and appliances.
• Supporting configuration of new signatures based on customer requirement.
• Helping administrators in enabling application level inspection using modular policy framework.

Environment: CISCO ASA and NIDS (All Models of CISCO devices).

Confidential

Network Security Engineer

Responsibilities:

• Installation & Configuration of WatchGuard Firewalls through remote access.
• Configuration of different kind of VPNs (Site to Site IPSEC and Remote User IPSEC VPN) as per client’s requirements through remote access
• Monitored the Firewall’s policies and VPN configuration & analyzed the critical logs required for the troubleshooting purposes.
• Formulated executive reports indicating attacks with risk levels involved and necessary actions to avoid entering high-risk attacks.
• Watch Guard Firewall products and Cisco PIX and ASA, which includes comprehensive knowledge of integration of security solution to the existing network
• WAN Failover that enables a second Internet Connection, in the event the primary Connection fails.
• MultiWAN in round robin order that facilitates load balancing.
• WatchGuard Firewalls in "High Availability” and “FAILOVER “Mode for Business continuity.
• SPAM filtering and Gateway Antivirus Solutions management on UTM devices of WatchGuard for SMTP traffic through the WatchGuard firewall for clients through
• Controlled Access to Internet using Web Blocker/Surf Control Database through the WatchGuard Firewall.

Environment: WatchGuard Firewall III/800, 1000 Firewall X Series (All Models of WatchGuard firewalls).