SUMMARY

• Over 9 years of professional experience in Network and security engineering with performing Network analysis, design and Implementation with a focus on securityoptimization and support of large Networks.
• Extensive experience on PaloAlto firewalls like PA - 500, PA-3k, Pa-5k, PA-7k series firewalls and manage them via Panorama.
• Strong hands on experience in installing, configuring and troubleshooting of Cisco 7600, 7200, 3900, 3600, 2900, 2600, 2500 and 1800 series routers, Nexus 3k, 5k series, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Experience in Supporting and troubleshooting Checkpoint (R77 Gaia, R75, R70, R65, Provider-1, SPLAT, Smart Center Server, and Crossbeams) Juniper (SRX, JUNOS, ScreenOS, Netscreen SSG, NSM and Space) and Cisco firewall (ASA 5505, 5545, 5585 and ASDM) technologies.
• Configure High Availability Checkpoint Cluster XL on VSX as well as perform Upgrades.
• Having good experience on Tufin, Firemon and Algosec for firewall optimization purpose.
• Responsible for Check Point, Cisco ASA, Juniper and Palo Alto firewall administration across global networks.
• Used FireEye tool to run against application servers to generate reports about vulnerabilities.
• Worked on the migrations from Cisco PIX to Cisco ASA firewalls, Juniper SSG to Juniper SRX firewalls.
• Configure and Monitor Cisco Sourcefire IPS for alerts.
• Experience and knowledge on web application firewall (WAF) concepts and technologies.
• Comprehensive expertise in the implementation of optimization, analysis, troubleshooting and documentation of LAN/WAN networking systems.
• Project management by overseeing the network projects to comply with our network standards andthat processes are being followed.
• Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP) etc.
• Worked on different firewall and security appliances such as checkpoint, paloalto,Cisco Sourcefire and web application firewalls.
• Proficiently implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps and route manipulation using Offset-list.
• Created virtual machines on VMware ESXi to host linux servers.
• Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
• Expertise in Cisco ACS and Cisco ISE Authentication, Authorization and Accounting Protocols. Expert Hands On Experience in Cisco ACS & Cisco ISE for 802.1x, AAA Configurations.
• Knowledge of PCI, SOX and NIST standards, reviewed procedures and implemented them across the organization according to audit requirements.
• Experience with different Network Management Tools like Wireshark, SevOne, Statseeker.
• Identified the vulnerabilities and non-compliant issues in the network and applications using Nessus vulnerability scanners and IBM Qradar, Splunk SIEM tools.
• Experience working with Linux based operating systems and CLI utilities like tcpdump and creating/modifying scripts using VI editor.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.

PROFESSIONAL EXPERIENCE

Confidential, Nashville TN

Sr. Network Security Engineer

Responsibilities:

• Provide supports for day to day global operational activities including Change Implementation, Handling Work order access Request, High Priority incident handling/trouble shooting of Checkpoint, Paloalto and Cisco ASA firewalls.
• Configure and manage checkpoint power-1 5070 appliances, checkpoint 4600, 4800, 12k and 15k enterprise security appliances.
• Migration of checkpoint firewalls from SPLAT to GAIA.
• Migrated more than 40 clusters from SPLAT R75.46 and R75.47 to GAIA R77.30.
• Reviewed the applications and servers that will be impacted by firewall upgrades.
• Identify, communicate and coordinate with functional managers of impacted applications for the firewall upgrade.
• Upgraded checkpoint 5070 and 4800 appliances from GAIA R77.10 and R77.20 to GAIA R77.30 using CPUSE.
• Install, troubleshoot and manage Checkpoint GAIA, PV-1, ClusterXL, Cisco ASA firewalls, F5 load Balancers.
• Worked on all the requests for access on firewalls, new URL creations on the load balancers and changes on configurations of other devices as per customer request.
• Worked with the Vendors Cisco, Checkpoint and Paloalto to provide detailed RCA for Outages.
• Implementation of firewall polices and troubleshooting issues on the Checkpoint R77.30 GAIA, Checkpoint Provider-1, PA-5k series, Panorama, Cisco 5585 and 5545 firewalls.
• Worked on Paloalto APP-ID, User-ID and other security profiles like Anti-virus, Threat Prevention, URL-filtering and Wildfire etc.
• Configuring and Implementing Security rules as per the business needs in Checkpoint R77 GAIA, Palo Alto and Cisco ASA firewalls.
• Manage global policy, global groups and global objects in checkpoint Provider-1/ MDS.
• Manage and configure Palo Alto PA 3000 series, PA 5000 series firewalls.
• Management of more than 20 Paloalto firewall clusters using Panorama M500.
• Palo Alto design and installation of VSYS, Application and URL filtering, Threat Prevention, Data Filtering.
• Negotiate VPN tunnels using IPsec encryption standards and configure and implement site-to-site IPSEC VPN and anyconnect Remote access VPN.

Confidential, Minneapolis MN

Sr. Network Security Engineer

Responsibilities:

• Configuring networks to ensure their smooth and reliable operation for fulfilling business objectives and processes.
• Implementation of firewall polices and troubleshooting issues on the Checkpoint R77.30 Gaia, Checkpoint Provider-1, PA-5k series, Panorama, Cisco 5585 and 5545 firewalls.
• Administration of multi-vendor firewalls across the enterprise that consists of checkpoint, PaloAlto and Cisco ASA firewalls.
• Troubleshooting all the network related issues and app related issues by doing extensive research and packet capture techniques.
• Configuring, administering and troubleshooting cisco ASA 550 series firewalls that includes 5505, 5545 and 5585 firewalls.
• Configuring, administering and troubleshooting of PaloAlto PA 5000 series firewalls and panorama M100 management server.
• Implementation of user-ID on PaloAlto firewalls by integrating with Microsoft active directory.
• Have extensive experience on firewall rule remediation using Tufin Secure Track.
• Configuring and maintaining checkpoint security appliances 12k and implementation of security rules and NAT rules.
• Involved in a team responsible for implementation of firewall rules, troubleshooting connectivity issues and resolving incidents for over 200 firewalls.
• Built process to remediate legacy firewall rules to fade-out eventually.
• Worked on remediation of highly permissive and critical rules that are risky.
• Extensively worked on Tufin securetrack to add/import more than 2000 network devices for monitoring.
• Worked on automating the firewall request process using Tufin SecureChange.
• Developed Unified security policy in Tufin securetrack to evaluate risks in the network and to enforce the security policy on new firewall rules.
• Gathered requirements and worked with Tufin professional services for integration of SecureChange with ServiceNow.
• Configure workflows in SecureChange and to automate firewall request process.

Confidential, Minneapolis, MN

Sr. Network Security Engineer

Responsibilities:

• Configuring and Implementing Security rules as per the business needs in Checkpoint R77 Gaia, Paloalto and Cisco ASA firewalls.
• Having extensive experience on checkpoint firewalls in configuring rule base, managing global policy.
• Performed troubleshooting using Checkpoint SmartView Tracker, packet capture techniques like TCPDUMP, FW Monitor and Zdebug drop commands from CLI.
• Performed code upgrade on the checkpoint firewalls and worked with Checkpoint TAC team for hardware and software related issues.
• Audit the firewall rule base for shadowed, risky and permissive rules and remediate the findings.
• Install and configure Tufin orchestration suite and manage the Tufin tool.
• Deployed Tufin in a distributed architecture with central server and remote collectors.
• Working on firewall optimization tool Tufin to generate different reports for rules usage, object usage to find out what rules need to be modified.
• Work with business to get the scope and add the firewalls to SecureTrack to manage them.
• Management of PaloAlto firewalls from panorama as global administrator for devices located at various sites.
• Advanced management of firewalls from panorama using device groups and templates.
• Configuration and Administration of Palo Alto PA-5020 and PA-5050 Firewalls.
• Configured and implemented various features of PaloAlto including User Identification, Server Profiles, Security profiles, Custom URL category, custom reports.
• Worked on and upgraded PAN OS on firewalls from 6.0 to 7.0.6, 7.0.9, 7.0.12 and 7.1.10.
• Consolidated rules on Cisco ASA firewalls using securetrack APG.
• Solving Problems on a case-by-case basis with deep understanding of networking/firewall concepts particularly in Paloalto firewalls and Cisco ASA firewalls.
• Reviewing and resolving incoming firewall changes request and troubleshooting queues.
• Configuring networks to ensure their smooth and reliable operation for fulfilling business objectives and processes.
• Performing extensive research work on firewall rule base and log reports for every firewall that needs to be audited.
• Working with ticketing system ServiceNow to track and resolve problems and incidents.
• Configured and generated PCI compliance reports on Tufin and worked towards remediating the failures.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Palo Alto design and installation which includes Web Application and URL filtering and Threat Prevention.
• Worked on implementing Akamai kona DDOS defender solution.
• Managed cisco IDS and IPS modules with Firepower Management Center.
• Maintain the security standards across the security devices as per the security policies.
• Perform daily operational tasks on PaloAlto firewalls requested by other teams and business users.
• Working with the IT Service Management tool ServiceNow for change, incident and problem management.
• Providing Daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.

Confidential, Austin - TX

Network Security Engineer

Responsibilities:

• Worked with the different models Cisco ASA, checkpoint and Juniper ScreenOS and JunOS firewall devices on a daily basis.
• Configuring Juniper Net screen and SRX Firewall Policies between secure zones using command line (CLI) and NSM (Network Security Manager)
• Troubleshooting firewall issues and Performing packet captures on SRX firewalls using trace options and using Snoop in netscreen firewall
• Configure and Monitor the alerts in symantecWebapplication firewalls and inform SOC to mitigate the issues.
• Experience in configuration of Juniper security appliances SRX 220, SRX 240, SRX 550, NS 50, SSG 550M, SSG 520M.
• Worked with Cisco and Juniper TAC to troubleshoot and resolve network and equipment failures
• Configure, administer and document firewall infrastructure, working with Cisco ASA 5540, 5585, Check Point R77 Gaia, R75, VSX, Provider- 1 and SPLAT.
• Prepare, review and configure firewall rule scripts for complex firewall requests and implement them.
• Responsible for PIX 6.x/7.x/8.x, ASA 7.x/8.x Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Working knowledge of OSPF, BGP and EIGRP routing protocols, NAT’ing, NAC product sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols
• Upgraded the data center network environment with Cisco ASA 5520.
• Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment
• Performed IP address planning, designing, installation, configuration, testing, maintenance, and troubleshooting in complete LAN, WAN development.
• Deployment and MaintenanceLAN/WAN elements and monitoring performance of LAN/WAN.
• Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
• Monitoring alerts in Symantec Antivirus and work with SOC team in mitigating it.
• Configured of ACL’s in Cisco 5520 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT
• Responsible for Data Center Migrations and its operations.
• Experience working in an Agile Scrum environment and with HPSM Change Control System.

Confidential

Network Support Engineer

Responsibilities:

• Experience in Cisco 7200, 7600 routers, Cisco series switches: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
• Configured the Cisco router as IP Firewall and for NATing.
• Supporting Development team for the access to corporate network and outside world. Providing access to specific IP, Port filter and port access.
• Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Configuring routers and send it to Technical Consultants for new site activations and gives online support at the time of activation.
• Installed and configured PIX 520, 525, 535 series firewalls, configured standard and extended access-lists and policy- based filters
• Work with Help Desk for circuit troubleshooting to give Support to the Tech persons at the site.
• Responsible for implementing QoS prioritizing voice traffic over a data.
• Implemented SNMP on Cisco routes to allow for network management.
• Troubleshoot TCP/IP problems, troubleshoot connectivity issues.

Confidential

Network Engineer

Responsibilities:

• Performed IOS upgrades on Catalyst 1900, 2900, 3500 series switches and 2500, 2600, 3600 series routers.
• Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
• Implemented and configured routing protocols like EIGRP, OSPF and BGP.
• Connected switches using trunk links and Ether Channel
• Used Network Monitoring tool to manage, monitor and troubleshoot the network.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
• Implemented redundant Load balancing technique with Internet applications for switches and routers.
• Support Network Technicians as they require training & support for problem resolution including performing diagnostics, & configuring network devices