SUMMARY

• 7+ Years of experience in Network Security Administration.
• Excellent working knowledge of TCP/IP protocol suite and OSI layers
• Experience in addressing Cisco infrastructure issues, monitoring, debugging like routing, WAN outages, Network Hardware/Software failure, configuration and performance issues.
• Configuration and administration of DNS and DHCP servers.
• Strong hands on experience in Monitoring and Troubleshooting of Cisco'sASA 5500Firewalls. Implemented Security Policies using ACL, IPSEC, VPN, TACACS+ and RADIUS.
• Configure all Palo Alto Networks Firewall models (PA - 2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall, Juniper SRX series
• Advanced proficiency in designing, deploying, and maintaining perimeter security devices such as IPS, IDS, Radware, FireAMP, Lancope etc.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Experience in working with Juniper routers such as MX-480, MX-960 and switches EX-4200, EX-4300, EX-8200 and Juniper firewalls such as Juniper SRX-610, SRX-3600
• Experience in Implementing Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77.
• Extensive knowledge in implementing and configuring F5 Big-IP LTM-3900, and 6900 Load balancers
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating, authentication controls (Radius, TACACS+)
• Experience working with OTV & FCOE on the Nexus between the Data centers.
• Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM
• Configured Client-to-Site and site to site VPN using SSL Client on Cisco ASA 5520 ver8.2.
• Strong hands on experience in layer-3 Routing and layer-2 Switching. Dealt with Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
• Worked on VOIP on Session Initiation Protocol to provide a comfortable abstraction to the VOIP application layer, so that it may focus on the application logic and communications protocols
• In-depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel.
• Expertise in configuring switching protocols such as ARP, RARP, VTP, PPP, VLAN, STP, RSTP, PVST+, HSRP, GLBP, VRRP and Routing Protocols such as RIP, OSPF, BGP, EIGRP, IS-IS, and MPLS.
• Experience in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Moderate knowledge in configuring and troubleshooting Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics,IEEE 802.11 a/b/g, RF spectrum characteristics.
• Developed internal Change Configuration Management for SIEM.
• Working knowledge and monitoring of tools like Solar Winds andnetwork packet capture tools like Wire-sharkand TCPDUMP for analyzing the real-time statistics during the packet flow
• Advanced knowledge in Linux and Unix Operating Systems, web security devices or proxy - Cisco WSA/CWS and Bluecoat, understanding of globalsecuritypolicies
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), sniffers and malware analysis tools.
• Have a good knowledge to monitor the network activities to find out the sniffers.
• Provided 24x7x365 availability and on-call support as required by the projects.

TECHNICAL SKILLS

Routers: Cisco routers 7609, 7200, 3800, 2800, 2600 series, Juniper SRX, MX Series

Switches: Cisco Catalyst switches 6500, 4900, 4500, 3750, 2900 series, Nexus 7k, 5k, 2k series.

Firewalls: Checkpoint Firewall NG, NGX, NG R55, NGX60, NGX R65, R70, R75. Cisco PIX (506/515/525/535 ) and ASA (5505/5510) Series. Palo Alto Firewalls (PA- 5000/3000), Juniper NetScreen, Check Point Nokia Firewalls IP350, IP550 and IP 750.

Routing Protocols: EIGRP, OSPF, IGRP, IS-IS, HSRP, RIP and BGP

Switching Protocols: VTP, ARP, LAN, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer switch,Ethernet channels, Transparent Bridging.

Platforms: Cisco IOS (11.x, 12.x, 15.x), Nexus-OS, Pix IOS (6.x, 7.x), UNIX, LINUX, Windows XP, Vista, Windows 7& 8.

Networking Concepts: Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi

Load-Balance: Cisco CSS, ASE Module, F5 Networks Big-IP LTM

Network Technologies: NAT/PAT, IPsec, GRE, ACL, IPv4, IPv6

Monitoring Tools: Wire shark, TCP dump, Fiddler, Microsoft Network Monitor, Solar Winds, Infoboxand Cisco Works, IT360, Splunk.

Languages: Perl, Python,C, C++, SQL, HTML/DHTML

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, Port-channel, VLANS, 802.1Q, STP, VTP, RSTP.

WAN technologies: Frame-relay, Leased lines, ISDN, ATM, MPLS, SONET, T1/T3, PPP, DS1, DS3.

PROFESSIONAL EXPERIENCE

Confidential, Boston, MA

Sr. Network Security Engineer

Responsibilities:

• Analyzing firewall change requests and integrating changes into existing firewall policies while maintaining security standards.
• Production support for major firewall platforms to include Cisco ASA and Check Point NGX implemented on Secure Platform (SPLAT) and expert-level network.
• Successfully completed various projects in upgrading Checkpoint firewalls from R65 to 75.40, R75.47, R77 and implemented IPS policies.
• Responsible for Cisco ASA firewall administration across our global networks.
• Responsible for configuration and upgrading of Checkpoint, Juniper firewalls on regular basis. Assisting in configuration of Multi-Domain Security P-1 server and consolidation of CMA's
• Establishing VPN tunnels using IPsec encryption standards and also configured and implemented site-to-site VPN, Remote VPN
• Troubleshoot network access problems, Strong TCP/IP understanding, Debugging Check Point Firewall and Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route Maps.
• Implementation and configuration of ASA 5520 in failover along with the CSC module as per the customer requirement
• Worked on AIP-SSM and CSC-SSM modules on ASA-botnet filter.
• Configured Cisco Nexus switches 7000, 5000, 2000 series.
• Worked with ongoing management and supported network infrastructure in a large environment.
• Configured and set up of Juniper SRX firewalls for policy management. and Juniper SSL VPN's
• Configured Checkpoint Firewall as Standard and Distribution deployment to have the network secure andalso maintaining Site to Site VPN Connection through the Firewalls. Handling 8 to 10 gateways using a Smart Center Server as a management Station
• Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management, and reporting tools Orion and Algosec
• Worked on LTM Inbound SNAT configurations and outbound NAT server to IP mapping.
• Created VDC’s and vPC’s and ensure that those vPC’s are formed between VDC’s.
• Created vPC’s between downstream devices between core and Aggregation Switches and between Aggregation and Fabric Interconnect.
• Analyzing situations assess risk and determine appropriate actions necessary to complete requests or support the infrastructure.
• Performed PCI/SOX audits on firewall rule bases with compliance team.
• Migration of BIG-IP F5, LTM 3600 (v 11.5.4) to LTM .1.0) devices holding Internal Applications.
• Worked on F5 load balance deploying many load balancing techniques with multiple components for efficient performance.
• Experience with F5 load balance and cisco load balance (CSM,ACEAND GSS)
• Worked on configuring /modifying load balancing options & features to include One Connect, Persistence’s, SSL offload functions, HTTP profiles, etc. Virtual servers, POOLs, TCP profiles, updating and renewing SSL certificates with SAN certs as required and applying standard iRules as needed.
• Work with RADIUS, TACACS, TACACS+ to accomplish security levels as per the requirement.
• Experienced with open source network attack tools, network probe and mapping tools, network protocols, automated vulnerability scanners, and network traffic routing.
• Provide 24/7 support and documenting network Security designs and Microsoft Visio diagrams

Confidential, Lincolnshire, IL

Network Security Engineer

Responsibilities:

• Responsible for scripting, setting up and programming Checkpoint devices
• Implemented and configured security policies in Checkpoint R75, R77
• Managed corporate Checkpoint Firewall implementing security rules and mitigating network attacks
• Checkpoint firewall deployment at multiple sites with fine tuning
• Review Firewall rule conflicts, unused rules and misconfigurations and clean up.
• Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1
• Experience in Configuration, Management, Deployment, Optimization and Troubleshooting Checkpoint VSX
• Configuring filters, routing instances, policy options in Checkpoint firewalls
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Checkpoint firewall policy administration and support between various zones.
• Experience in VSX Clusters creation, VSX routing concepts and VSX traffic flow monitoring
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Checkpoint firewall policy administration and support between various zones.
• Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting Checkpoint firewalls, and related network security measures.
• Project on the design and implementation of industry standard network protocols and used to implement the VOIP
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Checkpoint Firewalls.
• Black listing and White listing of web URL on Blue Coat Proxy servers
• Network security monitoring which involves analysis and identification of incident activities and system log files
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
• Created Dashboards, report, scheduled searches and alerts, SIEM searches and alerts Metrics
• Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures

Confidential, Sacramento, CA

Network Security Engineer

Responsibilities:

• Deployment of Palo Alto Security firewall gateways and management servers globally for customers.
• Keep traces of all process and confirm whether all the process/activities are carried out as per the norms.
• Staging complex networks for troubleshooting and debug purposes.
• Configuration, Troubleshooting and maintenance of Palo-Alto firewall PA2000, PA3000, PA4000 series.
• Successfully installed Palo-Alto PA-3060 firewalls to protect Data Center and provide L3 support for routers, switches, firewalls.
• Implemented Positive Enforcement Model with the help of Palo-Alto Networks.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Update NXOS on Nexus 700 switch.
• Configured LTM and GTM in F5 networks
• Worked with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL.
• Create load balancing implementation plans for managing the traffic and tuning the load on the network servers.
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms.
• Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
• Configuring and troubleshooting IPSEC site to site VPN issues.
• Configure all Palo Alto Networks Firewall models as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Documented network problems and resolutions for future reference
• Leading incident response and forensics analysis for security breaches and mitigation support.

Confidential, Columbus, OH

Network Security Engineer

Responsibilities:

• Provide support for all Checkpoint & Cisco environments. Provider 1 management upgrades from R65-R75.
• Performed upgrades on all Checkpoint firewalls, and support for client services.
• Firewalls are R65 and R70 clusters. Administration of Juniper firewalls at corporate and remote locations.
• Configuration of security policies in Net screen and Checkpoint.
• Reviewing & creating the FW rules and monitoring the logs as per the security standards in Checkpoint and Net Screen Firewalls.
• Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments.
• Support for all Juniper firewalls and related environments. PCI DSS and SOX requirement and mitigation support.
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers.
• Network Access Control - Implementing a secure solution to identify network devices and profiling the Network devices to allow or disallow access based on the device type
• Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices.
• Intrusion Prevention System - IDS/IPS (IBM ISS IPS) Implementation and Upgrade for Site Protector.
• Designing, Planning and Engineering support for the IPS
• Refining IPS Policy and Creating Rules according to the Security Standard.
• Contact with the various projects and team regarding the rules, monitoring the Logs and document, disable or refine the rules as per the clients’ requirement.
• Auditing the rules based on security standards and refining it.
• Conducting Training for the Team Members.
• Experience in audit for ISO27001 & BS7799 standards, Information System Audit Process, compliance assessment, Business Continuity and Disaster Recovery.
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment.
• Patch management analysis reports of Microsoft Baseline Security Analyzer for critical & missing patches. OS hardening. Incidents handling, Root Cause Analysis of security incidents.
• Coordinating all security related issues and with Internal Infrastructure Team, Validating the Expectation request and approving.
• Symantec Antivirus server console Management, Support for Symantec Enterprise product.

Confidential

Network Engineer

Responsibilities:

• Configuration and Administration of Cisco and Juniper Routers and Switches.
• Configuring RIP, OSPF, EIGRP BGP, MPLS, QOS, ATM and Frame Relay.
• Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• Configuring VLANs and implementing inter VLAN routing.
• Upgrading and troubleshooting Cisco IOS to the Cisco Switches and routers.
• Configure and troubleshoot Juniper EX series switches and routers.
• Configuring Site to Site to VPN connectivity.
• Configuring and troubleshooting Dell, HP, servers in Data Center.
• Implementation of HSRP, IPsec, Static Route, IPSEC over GRE, Dynamic routing, DHCP,DNS, FTP, TFTP
• Involved in configuring Cisco Net flow for network performance and monitoring.
• Involved in configuration of Cisco 6500 switches
• Configuring IPSLA monitor to track the different IP route when disaster occurs.
• Involved in Implementing, planning and preparing disaster recovery.
• Involved in configuring Juniper SSG-140.
• Involved in configuring Migration of Cisco pix firewall.
• Involved in configuring checkpoint firewall.
• Involved smart view tracker to check the firewall traffic Troubleshooting hardware and network related problems.
• Configuration and Installation Migration of Cisco firewalls Pix and ASA (PIX 510, 515E, 525 and ASA 5520, 5540).
• Configuration and Installation of Firewall Service Module in 6500 switches.
• Implement firewall policy changes after the appropriate review and approval process has been completed.
• Create end-user VPN account with appropriate access after appropriate approval has been issued.
• Monitor traffic and access logs in order to troubleshoot network access issues;
• Upgrade firewalls in accordance with change management procedures.
• Gather information for specific technologies as to function and deployment configurations.
• Write technical documents describing implemented technologies and architecture.
• Create suggested solutions for technical problems or Make all changes in accordance with change management procedures.
• Experience with Solsoft Policy Server for shared services.
• Customer call log update through Remedy Software.
• VPN Configuration between Site-to-Site and Site-to-Remote.

Confidential

Network Engineer

Responsibilities:

• Planning, installation, configuration and ongoing maintenance of wired networking infrastructure including routers, switches, and configuring all necessary LAN / WAN protocols in support of wireless infrastructure.
• Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology
• Configuring, managing and troubleshooting networks using routing protocols like RIP, EIGRP, OSPF, BGP with Access Control List
• Worked on Layer 2 protocols such as STP, VTP, and other VLAN troubleshooting issues and Maintained core switches
• Designed IP Addressing scheme, VLAN tables and Switch port assignments, Trunking implementation
• Trouble shooting single and multi-arm topologies, Fix routing issues and misconfigurations.
• Performed on-call rotation schedule using SNMP network monitoring tool for client support sites.
• Work with field engineers and escalation teams to patch and update networking software on client’s network gear, mostly using Cisco routers and switches.
• Controlling, monitoring and troubleshooting LAN, WAN and VoIP technologies.
• Installing, configuring Cisco Catalyst switches 6500, 3750 & 3500 series as per network design
• Configuring of IP Allocation and sub netting for all applications and servers and other needs throughout company.
• Performed maintenance on equipment as necessary, performing device upgrades, modification of configurations, password changes and diagnostic testing
• Provide recommendations on network infrastructure and reorganization with detailed network analysis using VISIO network drawings.
• VLAN design and implementation for new network requirements, including VLAN bridging and multi-port Trunks.
• Install and configure network services like DCHP, DNS, FTP and SNMP.
• Provide on call network support for various enterprise network clients.