SUMMARY:

• Around 10 years of professional experience in Network Planning, Implementing, Configuring, Troubleshooting and testing of networking system on both Cisco and Juniper Networks.
• Experience with the escalation problems for Routing, Switching and WAN connectivity issues using ticketing system remedy.
• Experience of routing protocols like EIGRP, OSPF, RIP, and BGP. Worked on Cisco 7200, 3800, 3600, 2800, 2600, 1800 series Routers and Cisco 2900, 3500, 3550, pix, 4500, 5500 series switches.
• Extensive hands - on experience with complex routed LAN and WAN networks, routers and switches.
• Hands-on experience and configuration in setting up Cisco routers to perform functions at the Access, Distribution, and Core layers.
• Experience with BIG-IP F5 load balancers, version 9.x, 10.x, 11.x, Citrix NetScaler and Web Accelerators. Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
• Worked on Load Balancer F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Experience working on Palo Alto Firewalls.
• Extensive work on Fortinet Firewalls.
• Extensively worked using AWS services along with wide and in depth understanding of each one of them.
• Highly skilled in deployment, data security and troubleshooting of the applications using AWS services.
• Experienced in creating multiple VPC’s and public, private subnets as per requirement and distributed them as groups into various availability zones of the VPC.
• Experience with cloud infrastructure (AWS preferred - EC2, ELB, Route53, VPC, etc.)
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Good working knowledge of Security Products like FireEye, Splunk, Zscaler (Application security).
• Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, IPSEC, SSL, VPN, IPS/IDS. Network monitoring and debugging tools: SevOne, NetScout, and Wireshark.
• Good understanding of NAT & Firewall on Aruba Controllers. Worked on various network projects involving Cisco Routers- ASR 1000/9000, Switches-Nexus 7K/5K/2K.
• Enhanced level of experience with OSPF, BGP and TCP/IP. Hands-on experience in using network monitoring tool SolarWinds Orion. Build UCS manager policy-based provisioning, automation and management to high density, high performance computing.
• Worked extensively on Juniper MX Series Routers and EX series Switches. Strong knowledge in HSRP, VRRP redundancy Protocols. Strong experience on Juniper SSG series Firewalls and Checkpoint R75, R76 Firewalls.
• Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center. Access control server configuration for RADIUS & TACAS+.
• Knowledge of Experience with 802.11x wireless technology and Juniper SRX 240 Firewalls. Ability to Install, Manage & Troubleshoot Large Networks & Systems Administration on Windows & Linux platforms in Development, Lab & Production Environments.
• Hands-on Experience with CISCO Nexus 9000, Nexus 7000, Nexus 5000, and Nexus 2000 platforms. Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card (module) for the Nexus 5000.

PROFESSIONAL EXPERIENCE:

Confidential, NC

Sr. Network Security Engineer

Responsibilities:

• Troubleshooting connectivity issues on the firewall. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Creating object, groups, updating access-lists on Palo Alto, apply static, hide NAT using smart dashboard.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Remain proactive in identifying, analyzing, and resolving technical issues involving Palo Alto Next-Generation firewalls.
• Automated network configuration using Python and Ansible, reducing the time to deploy a new data center from 3 months to 1 day.
• Worked on configuration of access policies in zpa for various applications.
• Implemented zscaler firewall for all remote sites in Asia and Europe.
• Designing, deploying and supporting Zscaler Cloud based Infrastructure across various Data Centers and Disaster Recovery environments.
• Exposed to Bluecoat Proxy devices located in various locations companywide, with problem tickets, requests and projects requesting proxy application troubleshooting with customers.

Confidential, GA

Sr. Network Security Engineer

Responsibilities:

• Working on zscaler policies, cloud app control policies, advanced threat, malware, sand box based polcies.
• Working on Azure AD SAML authentication for zscaler authentication and AD group based policies.
• Worked on SCIM provisioning from Azure AD to zscaler ZIA for users and groups sync. Worked on ZPA for replacing traditional ssl vpn.
• Replacing Checkpoint VPN and Bluecoat proxy with Zscaler and worked on implementing Zscaler in Production.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configuration of Palo Alto firewalls, access policies, Application & URL filtering, Security Profiles, Global Protect VPN, Data filtering and file blocking.
• Provides updates and upgrades to the Palo Alto Firewall and Panorama devices. Involved in upgrade of Panorama to version 8.1.10.
• Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
• Install and upgrade Bluecoat proxy SG (900, 810 and SG9000 series) and Proxy AV (510,810 and 1400series) Performing firewall optimization using Tufin by removing unused rule, duplicate objects, fully shadowed rules, and disabled rules.
• Migrating the access policies from Cisco ASA to PaloAlto firewalls using Palo Alto Expedition tool.
• Configuration and Administration of Palo Alto Networks Fire wall to manage large scale Firewall deployments.
• Involved in Checkpoint design and installation which includes Application and URL filtering Threat and Data Filtering.
• Daily administration of Checkpoint firewalls policies with rules, IPS and Threat Prevention.
• Performed Fortinet Firewall OS upgrades via Fortinet Manager.
• Maintaining boundary Juniper and Fortinet firewalls, and IDS/IPS/IDPS appliances in effort.
• Configuring/Managing Intrusion Prevention System (IPS): Cisco lPS/Fortinet & Checkpoint UTM.
• Currently work with network engineering to design, build, and support SD- WAN site implementations. implementation and administration of Next - Generation FIREWALLS of Palo Alto (PAN-OS/Panorama 7.11 & 8), Check Point (SPLAT & GAIA R8.10), Fortinet (FortiGate FortiOS), Cisco (Firepower) and Juniper (SRX).
• Configure and maintain security policies on Fortinet firewall and managing Fortinet Analyzer.
• Configuring the HA for Checkpoint, Fortinet, Juniper SRX and firewalls.
• Worked on Multiple Fortinet Firewalls by using FORTI-MANAGER and created ADOM's and multiple VDOM's.

Confidential, Charlotte, NC

Sr. Network Security Engineer

Responsibilities:

• Perform configuration changes on Checkpoint R77.30 Gaia and Palo Alto on a large-scale environment.
• Proficient in researching traffic patterns to identify false-positives and/or malicious traffic within IDS, IPS, proxy (Bluecoat) and firewalls (CheckPoint, ASA, and Paloalto).
• Converted Checkpoint VPN rules over to the Cisco ASA VPN solution.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Install and maintain Palo Alto firewall configuration to protect secure data as part of PCI and SOX compliance.
• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint NGX, VSX, Provider-1/MDM/MDS, Cisco ASA other security products.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Performed Maintenance and backup, system upgrades and restore of Fortinet, Checkpoint, and Juniper Firewall appliances, emergency patch application.
• Extensively worked using AWS services along with wide and in depth understanding of each one of them.
• Highly skilled in deployment, data security and troubleshooting of the applications using AWSservices.
• Experienced in creating multiple VPC’s and public, private subnets as per requirement and distributed them as groups into various availability zones of the VPC.
• Experience with cloud infrastructure (AWS preferred - EC2, ELB, Route53, VPC, etc.)
• Policy Reviewing, Audit and cleanup of the un-used rule on the Firewall using Tufin and Splunk. Rule and URL filtering remediation for Palo Alto devices. Maintain and manage Splunk related issues.
• Mutual redistribution of OSPF and BGP routes using route maps. Configured rules and Maintaining Palo Alto & Analysis of firewall logs using various tools.
• Management and maintenance of Fortinet firewalls through IPv4 policies, traffic shaping, Intrusion Prevention System (IPS), Intrusion Detection System (IDS), web filtering, interfaces and routing.
• Worked on Multiple Fortinet Firewalls by using FORTI-MANAGER and created ADOM's and multiple VDOM's.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall and Executed changes on various Firewalls proxies and scripts over entire network infrastructure using Service Now ticketing tool.
• Administration of ASA firewalls in the DMZ and in the Server Farm to provide security and controlled/restricted access. Involved in the redistribution into OSPF on the core ASA firewall.

Confidential, Morrisville, NC

Sr. Network Security Engineer

Responsibilities:

• Responsible for the Installation and configuration on Checkpoint, Troubleshooting User connectivity issues on Checkpoint using CLI utilities and performing regular audits.
• Responsible for verifying the Cluster by checking the cluster status and pnotes (Problem Notification).
• Troubleshooting the checkpoint Firewall VPN connections on SmartView Monitor and checking the tunnels on the gateway.
• Worked extensively on deploying Juniper SRX and NetScreen Firewalls and on operational like adding, modifying policies and NAT.
• Configuration and troubleshooting of NAT issues and using the tcpdump, fw monitor and zdebug for checking the dropped packets and reasons.
• Supports cisco Firepower services, helping customers with needs as well as implementing and tuning IPS signatures.
• Deployed Firepower Management Center (FMC) 4500 in HA pair mode for managing and configuring the new generation FTD Firewalls devices and policies for security of network.
• Maintain and update Cisco Firepower Management Center and supported Firepower modules (SFR sensors).
• Creating Packet captures for the Checkpoint using Checkpoint CLI with the tool TCPDUMP Analyzing the flow of the Network in Wireshark.
• Implementing and removing the Firewall (R77 and R80) policies according to the various project requirements and Monitoring the traffic through Smart Dashboard and SmartView Tracker.
• Managing Network Infrastructure of Juniper by using JUNOS SPACE Network Management Platform.
• Working on Juniper SRX 5800 firewalls and creating policies using J-Web User Interface.
• Migrated legacy Cisco ASA firewalls to Fortinet firewalls using FortiConvertor migration tool in the enterprise environment.
• Performed Maintenance and backup, system upgrades and restore of Fortinet, Checkpoint, and Juniper Firewall appliances, emergency patch application.
• Fortinet Firewall administration, configuration of FortiGate 3000, 3815 series as per network diagram.
• Creating the policies according to the customer need and the policies includes NAT POLICIES, IPS POLICIES, and UTM POLICIES.
• Responsible for the connectivity issues and troubleshooting the JUNIPER SRX Firewall in CLI.
• Working on Implementing the extended ACL's on Juniper SRX to allow communication between the required networks, and to restrict other communications.
• Performing various Remedy ticket tasks for Bank of America (BAC) Enterprise Perimeter Security (EPS).
• Working on the IDS/IPS solution in TrendMicro Tipping Point providing highly adaptive security system with an intuitive Management and initializing the set up by using the Command Line Interface.
• Using Splunk Platform for Searching, Analyzing and visualizing the data from the devices to troubleshoot a failure condition and to monitor the business metrics.

Confidential

Sr. Network Engineer

Responsibilities:

• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls. Worked on Juniper SRX Versions 300, 3400, 3600, 220 implementing new and additional rules on the existing firewalls for a server refresh project.
• Troubleshooting the Juniper SRX100 and 110 series, Juniper Network routers with Site-Site VPN, and firewalls.
• Configuring & managing around 500+ Network &Security Devices that includes Juniper SRX Firewalls, F5 BigIP Load balancers and Nexus device.
• Provide customer support on Cisco security tools, Stealth Watch, ISE, FirePower and various firewalls.
• Designed & Integrated cloud networks using VMware NSX, VMware distributed firewall, HPC7000 chassis, Cisco Nexus 9Ks, and Brocade VDX platforms.
• Installed and configured the VMware NSX Appliance for setup including VMware vSphere.
• Migrated SAP based applications from old Cisco ACE load balancers to new VMware NSX edges
• Integrated Panaroma with Palo Alto firewalls, for managing multiple Palo Alto firewalls with single tool.
• Troubleshooting the VPN tunnels by analyzing the debug logs and packet captures.
• Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls. Reviewing & creating the FW rules and monitoring the logs as per the security standards in Palo Alto Firewalls.
• Firewall Policy Provisioning and troubleshooting firewall connectivity related issues using Fortinet Forti Manager.
• Reviewed and optimized firewall rules using Tufin firewall monitoring tool by creating customized firewall audit reports.
• Deploy Cisco ISE on Nexus 5000/7000 routers, Cisco switches, and Cisco ASA and Firepower firewalls.
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE.
• Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN. Exposure to wild fire advance malware detection using IPS feature of Palo Alto.
• Worked with Palo Alto Firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the Firewall.
• Setup and configure EC2 instances, VPC, public and private subnets, route tables, NAT gateways and IGW for secure access, security groups to protect AWS resources, Barracuda firewall.
• Creating Gateways for Virtual Network to Virtual Network and Site to Site specific VPN connectivity on Azure environments.
• Deployment and Management of Bluecoat proxies in the forward proxy scenario as well as for security in reverse proxy scenario.
• Extensive use of NSM (Network and Security Manager) and CSM (Cisco Security Manager) for adding or modifying firewall policies for the firewalls in use.

Confidential

Sr. Network Engineer

Responsibilities:

• Handled deployment and management Checkpoint GAIA, R75, R71, R65 and Upgraded Checkpoint version R77.10 to version R77.30.VSX.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls(40+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series, PA5000. Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices. Experience with configuring Nexus2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus5000.
• Submit tickets to Security and Network teams for remediation through ServiceNow. Search for hit counts for the rule using Splunk with source, destination and Rule UID’s. Firewalls include Palo Alto, Checkpoint, ASA and Juniper.
• Integrating Panorama with Palo Alto Firewalls, managing multiple Palo Alto Firewall using Panorama.
• Configuring F5 LTM VIPs, pools, monitors and assign the SSL cert using Venafi application. Configure and Manage site-to-site IPSEC VPN with different partners. Configured IPsec tunnels with Palo Alto to enable secure transport and cloud based/site-site VPN to AWS.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500. Implemented and troubleshooting the Virtual firewalls solutions in ASA.
• Designing, Installation and configuration on Checkpoint, Troubleshooting User connectivity issues on Checkpoint using CLI utilities.
• Created and resolved Palo Alto and Checkpoint FirewallRules, Routing, Pushed Policy. Identified opportunities for implementation of network best practices, particularly F5load balancer implementations.
• Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MST related issues coming innetwork environment. Expert in troubleshooting F5 software modules, including BIG-IP LTM, ASM, APM and iRules.
• Managed F5 Big IP LTM appliances to load balance server traffic in critical serval access silos. Planning/Implementation of the Cisco VPN clients to CiscoAnyConnect.
• Installed high availability Big IP F5LTM and GTM load balancers to provide uninterrupted service to customers.
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls. Configuration and extension of VLAN from one network segment to their segment between different vendor switches (Cisco, Juniper). Substantial lab testing & validation prior to implementation of Nexus 9K, 7K, 5K& 2K connecting to blade servers.
• Assisted clients with Creating NetScaler Policies as per client requirement. (Rewrite, Content Switching, Responder)
• Involved in the redistribution intoOSPFon the coreASAfirewall. Served as single point of contact for vendors, employees and clients to answer questions about PCI Compliance and internal security policies.

Confidential

Network Engineer

Responsibilities:

• Experience working on Cisco 7600, 12K, ASR routers & Juniper MX series.
• Worked on wirelessupgrade project for Allegheny Health networkand their EPIC roll out.
• Performed wireless networkdesign, site surveys as well as Troubleshooting and repairing any issues that occurred on site.
• Configuration and troubleshooting of many link types i.e. SONET Controllers for sub E1/T1, E3/T3 and POS controllers for STM1 links.
• Worked on CheckpointPlatform including Provider Smart Domain Manager and on configuring, managing and supporting CheckpointGateways.
• Migrated Vlans from ASA (perimeter firewalls) to FWSM’s for better security management.