SUMMARY:

• Experience as a Network Security Engineer and Administration of LAN, WAN and Firewall technologies, system design, implementation and troubleshooting of complex network systems
• Advanced knowledge in Cisco Switches and Routers Configurations.
• Palo Alto Firewall configuration, risk analysis, security policy, rules creation and modification on PA - 800, PA-2k and PA-5k and Panorama centralized management system to manage large scale firewall deployments.
• Experienced Palo Alto, Check Point Provider-1 Firewall, Security and Network Administrator
• Advanced knowledge, design, installation, configuration, maintenance and administration of CheckPoint Firewall R70 up to R77
• Troubleshoot various issues in the Palo Alto firewalls including related to syslog servers, RADIUS, LDAP, user-IDs, High-Availability issues, Dynamic Updates like Anti-virus, Application and threat Content and License.
• Migration with both Checkpoint R77 and Cisco ASA to Palo Alto 7.0 using the Palo Alto Migration tool.
• Experience securing and managing remote access using various VPN technologies like IPSec, SSL, and GRE.
• Worked on F5 LTM 6k and 8k Load Balancers for load balancing and traffic management of business application.
• Worked on Blue Coat by adding websites to blocked list on the bluecoat proxies based upon business requirements.
• Installation of Splunk Enterprise, Splunk forwarded, Splunk Indexer, Apps in multiple servers (Windows and Linux) with automation
• Experience with Microsoft TMG to set up access to the web for internal users, sites and internal networks via VPN networking.
• Manage and configure Nexpose vulnerability scanner for security patching and vulnerability scanning.
• Utilized EventSentry and Solarwinds to monitor weblogs, event logs etc.
• Worked on PCI, SOX and HIPPA security baseline support and as Information Security Professional
• Worked on integrate feeds and features like Net Flow Feeds Traffic Analyzer PRTG from NGFW (Palo Alto and Checkpoint)
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN
• Practical knowledge about TCP/IP, DHCP, DNS, SMTP, POP3, RIPV1, RIPV2, OSPF, IGRP. EIGRP, BGP Routing Protocol Static, default and dynamic.
• Real time analysis using ArcSIght SIEM with Arcsight Express, ESM, Logger, Connector and ArcMC.
• Experience configuring and deploying endpoint protection modules and products like McAfee ePO, McAfee Endpoint Encryption, McAfee DLP, Cylance Protect and Symantec Endpoint protect.

TECHNICAL SKILLS:

Operating Systems: Windows (XP- 8.1), Windows Server (2008, 2012), Linux/Unix familiarity (CLI skills)

Firewalls: Check Point NGX R65, R75.20, R75.45 (Gaia), R76, R77, Palo Alto firewall, Cisco PIX 515E, Cisco PIX 535 Firewall, Cisco ASA, Cisco FWSM, Nokia IP690, Nokia IP530, Checkpoint provider 1, Checkpoint Firewall 1, SPLAT.

Routers/Switches: Cisco 1600, 1700, 1800, 2500, 2600, 3600, 4000, 6000, 7206

Protocols: OSI, TCP/IP, DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, OSPF, BGP, SSH, TFTP, FTP, SMTP, NTP, LDAP, Active Directory, L2F, L2TP, PPP, Frame Relay, ATM, Fast/Gig Ethernet, HSRP, ISDN, AAA, DES, 3DES, AES, and MD5, VPN (IPsec and SSL),VRRP, HSRP, DNS, SNMP.

PROFESSIONAL EXPERIENCE:

Confidential, Lawrenceville, GA

Network Security Analyst

Responsibilities:

• Implement solutions as a part of the project support which include Cylance, EventSentry SIEM, Nexpose Vulnerability scanner and Palo Alto Firewall.
• Setup Cylance Protect phased rollout on Corporate Servers and Endpoints for Background Threat Detection, Watch for New Files and Memory Protection.
• Customize Device Policies by identifying false positive files and applications detected by Cylance Protect.
• Create safe/quarantine list and file/folder exclusions in Cylance Global Lists as applicable.
• Deploy EventSentry SIEM 3.3.1 from scratch for security log monitoring and alerting in production environment including switches, routers, firewalls, load balancers, VPN and expand the deployment to the corporate domain.
• Review new alerts to create a baseline, remove false positive & investigate valid issues to clean up logs.
• Secure Log access in EventSentry SIEM to limit access to modify logs.
• Integration of EventSentry SIEM with Active Directory for access management.
• Created a standard SIEM process document to be used across all Confidential .
• Design and create reports from EventSentry Web to fall under compliance with HIPAA.
• Manage and Maintain Nexpose Vulnerability scanner 6.4.45, add additional scan engine to a production environment and identify gaps in patching.
• Review new threats and help assess the risk level to Confidential servers and workstations from generated Nexpose findings.
• Configure discovery scans to utilize optimum resources for Nexpose and setup the corporate environment for Dynamic Discovery through DHCP Directory Watcher method.
• Create dynamic groups for discovered assets by asset location and operating systems to run full system audit scans.
• Create workstation and server remediation plans and reports from Nexpose by running SQL queries to list vulnerabilities and missing patches (OS & 3rd party), prioritize based on risk and provide description of high level steps to fix issues.
• Create a Live Nexpose Dashboard to track findings, trends and remediation for all assets in Confidential .
• Configure Palo Alto firewall devices to block identified applications and URLs with IDS/IPS functionality and Policy filtering.
• Reviewing Palo Alto, Cylance and EventSentry logs for violations and security issues.
• Assist in Active Directory migration and consolidation from different sites to a single site.
• Penetration test pre-production applications before deployment using OWASP Zap.
• Deployed a HoneyPot solution in corporate environment and closely monitor it for intrusion detection.
• Implement MDM using Office365 and establish basic security requirements to be enforced for smartphones and tablets.

Confidential, Woonsocket, RI

SIEM Consultant

Responsibilities:

• Configure and Install Splunk Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Manage Splunk configuration files like inputs, props, transforms, and lookups.
• Upgrading the Splunk Enterprise to 6.2.3 and security patching.
• Deploy, configure and maintain Splunk forwarder in different platforms.
• Ensuring that the application website is up and available to the users.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Implement and manage ArcSight SIEM
• Responsible for testing vulnerability updates for all releases and patches of ArcSight ESM (Enterprise Security Manager) product.
• Responsible for ArcSight ESM (Enterprise Security Manager) Data seed Upgrade testing.
• Provide technical administration services for the ArcSight ESM, Logger, and Connector software platform deployed.
• Integration of IDS/IPS to ArcSight and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Develop content for ArcSight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• On-boarded 1500+ devices (Windows, Linux, IIS, DNS, DHCP, NPS, Main frame, firewall, VPN, bluecoat proxies) to ArcSight ESM for monitoring.
• Replicate and migrate ArcSight Express from 6.1 to 6.9.
• Migrate logs on ArcSight Logger 6.3 and configure Smart Connectors for syslog and audit log forwarding.
• Configure Symantec Critical System Protection IDS to forward logs to ArcSight Express for File Integrity Monitoring. Configured remote logging to ArcSight with flexible fields.
• Responsible for testing and implementation ArcSight with setup to AD (Active Directory), and LDAP.
• Configure ArcSight connectors and loggers; add missing assets in ArcSight.
• Troubleshooting the issues which are related to ArcSight Express.

Confidential, Richmond, VA

Network Security Engineer

Responsibilities:

• Created an Active-Passive SPLUNK framework for fulfilling BCP requirements
• Set up of Splunk dashboards for continuous monitoring for production support.
• Created Saved searches to parse log files for Error monitoring.
• Created Splunk Apps using XML and Web Components. Knowledge of app creation, user and role access permissions.
• Managing Firewall products - Checkpoint Appliance 2200 Gateways, Provider-1 and VSX environment. (R77.10 and 77.20) and ASA environments.
• Successfully migrated provider-1 and R77.10 environments to R77.20.
• Working on day to day firewall management activities like looking into troubleshooting tickets and firewall rule change requests.
• Configuration and implementation of Check Point Firewalls, IDS/IPS, Bluecoat Proxy.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (60+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Review and optimize firewall rules using Secure Track Tufin tool and run firewall audit reports.
• Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• Extensive experience in Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next-Generation Firewalls R65, R70 & GAIA R77.30, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA/PIX.
• PANDB migration and code upgrades for Palo Alto Firewall.
• Configured and managed policies on Palo Alto firewalls using Panorama GUI.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Determining root causes of network problems and delivering solutions, while maintaining a high level of customer satisfaction
• Managing web usage reports using Bluecoat and TMG proxy servers.
• Create and test Cisco router and switching operations using OSPF routing protocol and MPLS switching for stable VPNs.
• Responsible for handling customer escalation issues and putting together after action reports when necessary
• Responsible for monitoring the network for multiple clients and responding to outages and working closely with other network operation centers and telecommunications providers to resolve issues on existing circuits

Confidential, Redmond, WA

Network Security Specialist

Responsibilities:

• Install, configure and maintain Check Point NGX 75.20 on SPLAT/open-server and windows system from bare metal.
• Identify and remove security policies that are not needed to reduce checkpoint firewall policy lookup.
• Back up, Restore and upgrade of Checkpoint firewall appliance
• Configure and troubleshooting HA Cluster on Checkpoint Firewall.
• Plan Design and assist in deploying enterprise wide Network SSL Security and High Availability Solutions for ASA.
• Implementation of firewall rules on Cisco ASA 5500 and 5500-X Series on a regular basis.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX SSL Security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Worked on Extensively on Firewalls, PIX (506E/515E/525/) &ASA 5500(5510/5540) Series.
• Also provide “Tier 2” support least twice weekly, and work on tickets for the Network Team, provide support with troubleshooting and resolving Networking issues with protocols static Routing and OSPF
• Assisted end users to troubleshoot problems on Microsoft Applications, and other hardware or software issues.
• Configured Cisco Router (OSPF, EIGRP) for Cisco 2500 series and 3600 series routers
• Configured VLAN and VTP on Cisco 2600 Switches to ensure all host within the LAN area can send and receive data
• Worked On UNIX, Linux, and Windows Platforms and also involved in capacity planning of Network Maintenance

Confidential

Network Operational Engineer

Responsibilities:

• Provides day to day support for firewall engineering and operations tasks and level 1 & 2 on-call technical support for the Firewall Engineering and Operations team; including assisting peers with issues and escalation.
• Conducted and implement Network and software installations and upgrades.
• Configured Remote User VPN, Site to Site VPN, and Remote Access VPN, Easy VPN, SSL VPN for Client based and Clientless applications.
• Experience in the setup of HSRP, Access-Lists, and RIP, EIGRP, and tunnel installations.
• Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
• Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks.
• Managed network connectivity and network SSL Security, between Head offices and Branch office
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for SSL Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation
• Network Assessment and Documentation (including technical, operational, and economic assessment)
• IPAM Administration NETID,Bluecoat.
• Involved in migration of Frame-relay connections to MPLS based technology with the extranet clients.
• Layer Three routing protocol configurations include, but are not limited to distance vector and link state protocols such as: Directly Connected Interfaces, Static Routing, RIP, EIGRP and other proprietary protocols used by Cisco.