SUMMARY

• CCNP Certified Professional with extensive experience in network design, implementation, troubleshooting, engineering, managing & migration of large - scale enterprise Campus networks and Data Center networks
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Good knowledge ofIP Addressing, Subnetting, VLSM, ARP, OSI and TCP/IP models.
• Experience with F5 GTM/LTM 8950 and VIPRION configuration/installation/support.
• Expertise in implementing L2 technologies including VLAN’s, VTP, STP, RSTP.
• Expertise in implementing routing protocols RIP, RIP V2, EIGRP, OSPF, ISIS and BGP.
• Configuring and Troubleshooting Route Redistribution between static, RIP, EIGRP OSPF & BGP protocols.
• Experience in Configuration and Support ofLAN protocols on Cisco Switches such as (Layer2, Layer3 and Multi Layer).
• Experience working with High performance data center switch like Nexus 7010,7018, 7009, 5020, 2148, 2248 devices
• Dealt with the escalation problems for Routing, Switching and WAN connectivity issues using ticketing system like Remedy Ticketing System
• Advanced knowledge in Design, Installation and configuration of CheckPoint Provider-1 Environment.
• Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls, Checkpoint 12400, 12600, 21400 Appliances, Palo Alto 200, 500 and 2000 Series firewalls.
• Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA(TACACS+ & RADIUS)
• Working with Cisco for opening TAC Case and resolving issues to meet project deadlines.
• Planning, Designing & implementing various solutions in distributed environment using Checkpoint, Cisco PIX & ASA, and Cisco Routers.
• Working Knowledge of cisco IOS, Cisco IOS-XR, Cisco CatOS, Cisco NX-OS, JUNOS.
• Experience with designing, deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP
• Working knowledge with monitoring tools like Solar Winds & network packet capture tools like Wire-shark
• Implemented Checkpoint Clusters with GAIA OS using VRRP,CLUSTERXL
• Configured Security policies including NAT, PAT, VPN’s and Access Control Lists.
• A highly organized individual who adopts a systematic approach to problem solving, effectively analyzes results and implements solutions.
• Excellent communication skills, Enthusiastic, motivated and a team player.

TECHNICAL SKILLS

Cisco & other: vendor equipments Nexus 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series). PIX Firewall (506/515/525/535 ), ASA Firewall (5505/5510), Cisco ACE Load Balancers, Checkpoint 12400, 12600, 21400 Appliances, Palo Alto 200, 500,2000 and 5000 Series firewalls.

Routing Protocols: RIP, IGRP, EIGRP, OSPF, IS-IS, BGP, HSRP, VRRP & GLBP

Network Management: Solar Winds, SNMP, Cisco Works, Wireshark

Infrastructure services: DHCP, DNS, SMTP, FTP, and TFTP

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET

Network Security: NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS),Skybox, IPS,IDS, Proxy,Bladelogic,Arcsight

Platforms: Cisco IOS-XR, Cisco Cat OS, Cisco IOS (11.x, 12.x), PIX IOS (6.7.x), CAT-OS UNIX, LINUX, Windows XP, NT, 2000, 2003

Documentation: MS Office, MS Visio

PROFESSIONAL EXPERIENCE

Confidential, TX

Security Administrator

Responsibilities:

• Installation, Configuration & Troubleshooting of Cisco ASA firewalls 5505,5516,5585,5510,5540
• Configuration of ASA Units to be part of Cluster
• Configuration & Replacement of Failed units of Failover & Cluster Pairs.
• Experience in Migrating from Checkpoint firewalls to Palo Alto firewalls platforms
• Upgrade of software versions on different models of Palo chassis.
• Have hands on experience on Integration and Management of Palo Alto devices via Panorama
• Upgrade of Panorama from M-100 to M-500 to increase the performance.
• Installation and deployment of Cisco ASA firewalls.
• Installation and Troubleshooting of Juniper Net screen firewalls.
• Perform Monthly Firewall Rule Management & Remediation projects
• Monitoring the traffic through panorama logs and packet capture for troubleshooting the incident tickets
• Built and configured new Vsys for different models of palo chassis and implemented them
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Responsible for creating new policies, objects and pushing them on Palo alto firewalls, Checkpoint Firewalls
• Responsible for installation, configuration, maintenance and administration of Palo Alto firewalls PA-7000(7050,7060), PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls
• Involved in Configuration and troubleshooting of HA on Palo Alto Firewall
• Vetting and approvals of the new requests from the customers
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Experience in configuration of new Palo Alto firewalls for implementation
• Responsible to evaluate the need for upgrades, new installations, and license modifications using Smart Update
• Responsible for Configuring SITE TO SITE VPN on VPN Concentrators series between Head office and Branch office
• Software upgrades on Cisco ASA firewalls.
• Performed Licensing and Issuing certificates on ASA Units
• Perform all project and planning roles (Port Open Requests - PACS) activities through migration
• Implement Citizens approved HPSM tickets
• Testing/Validating the Implemented changes
• On call engineer to support any kind of Incident tickets
• Responsible for Palo Alto firewall management and operations across our global networks.

Environment: Cisco Firewalls, Paloalto Firewalls, Algosec, Qradar, Zenoss, Voyence

Confidential, Austin, TX

Security Engineer

Responsibilities:

• Involved in the Migration of checkpoint to Fortinet Firewalls.
• Responsible for replicating and optimizing the rule base for the Migration Environment.
• Responsible for troubleshooting, handling high priority Incident tickets and firewall Requests.
• Hands on experience on Firemon.
• Experience in analyzing and implementing complex firewall rules on Checkpoint firewalls and/or Fortigate security devices.
• Analyzed network traffic flows to reverse-engineer the required firewall ports and rules to allow secure access of applications.
• Depth knowledge and experience with the FortiManager/FortiAnalyzer
• Knowledge on usage of Queries in Smart View Tracker to monitor IPS and common network traffic and troubleshoot events using packet data
• Established IPsec VPN tunnels between branch offices usingCheckpoint Firewall
• Handled Incident tickets related to Firewall, VPN, Proxy issues, IPS/IDS
• Responsible to evaluate the need for upgrades, new installations, and license modifications using Smart Update
• Hands on experience on Fortimanager 4000 E and Fortimanager 3900E and Fortimanager 1000D
• Installation, Administration, configuration and troubleshooting of Fortinet Firewalls.
• Hands on Experience on Fortigate 1000C,3600C,1000D,3800D Firewalls
• Have hands on Smart Dashboard, Smart View Tracker and Smart View Monitor applications of Checkpoint firewall.

Environment: Checkpoint, Multi-domain Manager, Fortinet Firewalls, Forti analyzer, Forti Converter, Firemon

Confidential, Irving, Texas

Security Engineer

Responsibilities:

• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint, Palo Alto, Cisco ASA other security product.
• Advanced knowledge in design, installation, configuration, maintenance and administration of CheckPoint Firewall R65 up to R77.20 version, VPN.
• Responsible for Checkpoint firewall management and operations across our global networks.
• Trouble shoot security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Net screen firewalls.
• Convert Checkpoint VPN rules over to the Cisco ASA solution, Migration with both Checkpoint and Cisco ASA VPN
• Upgrade checkpoint from old platforms to new platforms R62 to R75.45
• Experience in configuration of new Palo Alto firewalls for implementation
• Migration from Cisco firewalls to Palo Alto firewalls platforms PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls
• Configured, managed, troubleshooted Palo Alto firewalls and IPSec VPN's
• Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls
• Fully versed in the syntax of security platforms, and day to day rule verification
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Monitored and analyzed Intrusion Detection Systems (IDS) & Intrusion Prevention System (IPS) to identify security issues for remediation.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
• Worked on various platforms of Checkpoint like - Nokia, Checkpoint (SPLAT)
• Worked on Migrating from ASA 5540 to ASA 5585
• Configure and troubleshooting HA Cluster on Checkpoint Firewall.
• Have hands on Smart Dashboard, Smart View Tracker and Smart View Monitor applications of Checkpoint firewall
• Have hands on experience on replicating rules between Various firewall vendor products
• Experience in Evaluating existing policies and optimizing the rules based on current corporate requirements
• Knowledge on usage of Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data
• Responsible to evaluate the need for upgrades, new installations, and license modifications using SmartUpdate
• Have good understanding on configuring NAT for Web and Gateway servers
• Handled deployment and management of Checkpoint GAIA, R75, R71, R65
• Monitor and review requests for change to assure they do not introduce any security and/or compliance risks to the enterprise and meet security requirements, guidelines and compliance requirements.
• Coordination with the Cisco TAC/Cisco AM, Checkpoint Consultant, for the critical cases/projects
• Responsible to validate compliance of firewall rules and its configurations using Skybox firewall assurance.
• Responsible in analyzing events with the help of the Security tools like Arcsight (SIEM), Imperva (Web & DB Security),BladeLogic (File Integration Monitoring).
• Creating Rules, Lists, Reports and filters in Arcsight Console based on the criticality of the events.
• Perform internal / external vulnerability and Penetration tests to assess the level of exposure and risk to . Reports are created and shared with Sr. Security Management. Utilize many open source as well a commercial tools, such as Nmap, Nesus, Qualys, Metasploit, Qradar and other tools.
• Worked on creating queries and reports in Archsight Logger
• Sound knowledge of virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.

Environment: Checkpoint firewalls 12400,12600,21400,Paloalto firewalls 200,500,2000,Cisco ASA 5540,5585,IDS,IPS,VPN,Skybox,Bladelogic,Archsight

Confidential, Denver, CO

Network Data Engineer

Responsibilities:

• Implemented Quality of Service (QOS), Policy Maps, Class-maps, Policy Routing in the network infrastructure throughout all the different sites.
• Played responsible role for implementing, engineering, & level 2 support of existing network technologies / services & integration of new network technologies / services
• Worked with Cisco Layer 3 switches 3560, 3750, 4500, 6500; Cisco Nexus 5000 and 7000 in multi VLAN environment with the use of inter-VLAN routing, 802.1Q trunk, ether channel.
• Worked with Cisco Catalyst 6500, 4500, 3750, 3560, 2960 switches and Cisco 2800, 3600, 3800, 7200, 7600 and ASR series Routers.
• Installed and configured 6509 Cisco Catalyst Switch, creating VLANs and assigning ports to the VLAN.
• Upgraded the IOS on the 6500 switch and saving the old system configuration and running-configuration.
• Experience with moving data center from one location to another location, from Cisco 6500 based data center to both Cisco 6500 & Nexus based data center
• Installing & configuring firewalls - Checkpoint NG & NGX, Cisco ASA, Netscreen, ISA, and iptables.
• Experience with implementing Cisco 6500 VSS on the User distribution switches.
• Responsible for entire LAN and WAN maintenance and troubleshooting of the company network. Involved in the Team of Data Center Operations to perform duties like administration and deployment of Cisco Routers and Switches according to the organization requirements.
• Worked on migrating to R75.20 on IP560 Nokia boxes.
• Worked on various platforms of Checkpoint - Nokia, Checkpoint (SPLAT).
• Performed network administration tasks such as creation and management of VLANS, Port security, Trunking, RPVST+, Inter-VLAN routing, and LAN security.
• Configured and involved in troubleshooting EIGRP, RIP, OSPF, BGP and static routing, MPLS WAN connectivity, Telnet and SSHv2 sessions.
• Carried out Route-redistribution between different routing protocols like OSPF, BGP, EIGRP for increased efficiency.
• Worked with Checkpoint FW1 NG, PIX, and Netscreen firewalls.
• Experience with configuring BGP in the data center and also using BGP as a WAN protocol and manipulating BGP attribute.
• Provided BGP routing protocols for implementing multi-homing connection between two ISP’s and providing traffic flow to certain areas.
• Working with MPLS Designs from the PE to CE and also configuring VRF on PE routers
• Experience with designing and deployment of MPLS Traffic Engineering
• Configured network access servers and routers for AAA Security (RADIUS/ TACACS+)
• Responsible for Configuring SITE TO SITE VPN on Cisco Routers between Head Quarters and Branch locations.
• Involved in the team for designing and Configured Nexus 7000/5000/2000 in Top of Rack & End of Row Architecture for a Scalable Production Network that supports Rack & Blade server architecture in a Multi-Tenancy environment using VPC, VDC & VRF
• Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5520/5540) Series
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools

Environment: CISCO routers and switches, STP, VLANS, VTP, Etherchannel, Portchannel, Access Points, Switch Stacking, Wire Shark, VPC, VDC,VRF,VISIO

Confidential, San Antonio, TX

Sr. Network Engineer

Responsibilities:

• Responsible for designing and implementation of customer’s network and Security infrastructure.
• Involved in complete LAN, WAN, Extranet redesign (including IP address planning, designing, installation, pre configuration of network equipment, testing, and maintenance) in both Campus and Branch networks
• Experience working with MPLS Layer 3 VPN on ASR 9006 with IOS-XR
• Experience with converting Cisco 6500 IOS to Cisco Nexus NX-OS in the data center environment.
• Experience working with Nexus 7010, 5020, 2148, 2248 devices
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000
• Experience configuring VPC, VDC and ISSU Software upgrades on Cisco Nexus 7010
• Experience in Configuring, upgrading and verifying the NX-OS operation system
• Experience with configuring OTV between the data centers as a layer 2 extension.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Experience working with BGP attributes such as Weight, Local-Preference, MED and AS-PATH to influence inbound and out bound traffic
• Involved in Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, InterVlan routing and LAN security.
• Use and maintain routing protocols EIGRP, OSPF and BGP on the Routers in the network & also worked on BGP Route Reflectors, Confederations
• Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event a core router became unreachable.
• Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches.
• Experience with convert PIX rules over to the Cisco ASA solution.
• Responsible for Cisco ASA firewall administration across our global networks
• Support customer with the configuration and maintenance of PIX and ASA firewall systems
• Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configuring IPSEC VPN on SRX series firewalls
• Ability to plan independently and execute producttestingwith quality (White box, Black boxtesting, Scalability, performance, solution and systemtesting)
• Applies test expertise and experience to craft & execute test plans, conduct negative/exception tests, verification, performance and regressiontestingof RIA, HTML, AJAX, Mobile Web client, integration services, enablers & platforms
• Configuring Virtual Chassis for Juniper switches EX-4200,Firewalls SRX-210
• Implemented HSRP on the Cisco 2948G Layer 3 switches and EIGRP, OSPF on 2 Cisco 2610 routers, the Layer 3 switch, 3 Cisco 350XL Switches, Cisco 3524XL switches for load balancing and fail over.
• Configuring ASA Firewall and accept/reject rules for network traffic.
• Extensive knowledge and troubleshooting in data communication protocols and standards including TCP/IP, UDP, IEEE 802.3, Token Ring, Cable Modem, PPPOE, ADSL, Multilayer Switching, DoD standards.
• Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
• Upgraded load balancers from Radware to F5 BigIP v9 which improved functionality and scalability in the enterprise.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.

Environment: Juniper firewalls 5GT, 208, SSG 5, 140, 550, 550M, NSM, IDS/IPS, Vulnerability Assessment tools like Nessus, Red Hat, Solaris, Juniper VPN’s, SSL

Confidential, Franklin Lakes, NJ

Network Operations Engineer

Responsibilities:

• Designed, installed, and maintained various WAN technologies and applications connecting remote sites to corporate headquarters.
• Configured, implemented, and troubleshoot routers and switches with various account settings, permissions, and parameters including security firewalls.
• Installed various network hardware including concentrators, bridges, and hubs to establish communication connections with remote locations.
• Configured multiple domain name services (DNS), email services (Exchange Server), web, and file transfer protocol services (FTP) for various platforms including line leasing through DHCP servers.
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Experience with creating VIP(virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL
• Networking protocols worked with included but not limited to TCP/IP, DNS, WINS, DHCP, VPN, Terminal Services, Routing and Remote Access, Network Design, wiring and cabling.
• Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data centre environment
• Hands on experience installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in the core network
• Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
• Experience in deploying EIGRP/BGP redistribution and the changing the metrics for the primary and backup paths for the packet prioritization and EIGRP tuning
• Experience on a mesh 6500 and 5500 series routes and switches to support the core trading system. Involved
• Experience working with Nexus 7010,7018, 5020, 2148, 2248 devices
• Experience working with High performance data center switch like nexus 7000 series
• Configuring IPSEC VPN on SRX series firewalls
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
• Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800.

Environment: Juniper firewalls 5GT, 208, SSG 5, 140, 550, 550M, NSM, IDS/IPS 6500/3750/3550/3500/2950 switches, Juniper (M320, T640), Load balancing, Cisco 7200/3845/3600/2800 routers, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, Ether Channels.

Confidential

Network security Engineer

Responsibilities:

• Investigate potential or actualsecurityviolations or incidents in an effort to identify issues and areas that require newsecuritymeasures or policy changes.
• Worked with the vendor personnel to assist in the infrastructure design
• Configuration and support Cisco based Routers and Switches.
• Basic Firewall Access list configurations and support.
• Primarily responsible for proactive, incident and problem management.
• Configuring switch ports for various Vlans in the network
• Installation Configuration and Troubleshooting of Cisco ASA and Checkpoint Firewalls in the network.
• Day to Day work involves implementation of firewalls for new clients as well as managing and administering Cisco ASA and Checkpoint Firewalls at various zones including DMZ, Extranet .
• Creating VLANs and managing Spanning tree for the network and inter VLAN routing. Use Dynamic Routing Protocols including OSPF, EIGRP and BGP.
• Using BGP in the 3rd party and Internet with various attributes with good understanding of BGP configurations on the provider edge routers
• Responsible for Configuration of router and switches..
• Helped the network team to install new switches and routers and configure the IOS according to the requirement which included VLAN, OSPF, Subnetting, EIGRP, BGP, VTP, spanning - tree, IP Subnetting.
• Assist staff with the installation, configuration, and ongoing usability of desktop computers, peripheral equipment and software within established standards and guidelines.
• Work on day to day administration tasks and resolve tickets using Remedy
• Managed the member server, a server which hosts services like DNS, and DHCP.
• Responsible for monitoring and reporting error incidents for remote location servers. Experience testing and troubleshooting layer1 circuit, layer 2 devices.