SUMMARY

• 7+ years of experience in Networking and Security, including hands - on experience in providing network support, installation and analysis for a broad range of LAN / WAN communication systems.
• In-depth knowledge and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls.
• Experience Network Security, SSL VPN, Checkpoint, RSA, Cisco Nexus, Cisco ACE, Cisco Wireless
• Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R70 version, Secure Platform Installation, VPN.
• Experienced with Cisco routers and switches, and a good understanding of IP sub netting and routing such OSPF and BGP.
• Proficiency in managing Palo Alto Next Generation Firewalls and Panorama Management Appliances.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Knowledge of Server Maintenance, including establishing Security Protocols, Configuring Network, and Troubleshooting Problems.
• Experience in migration from Cisco ASA firewalls to Palo Alto.
• Experienced in DHCP DNS, AD, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, and LAN, WAN, LDAP, HP RDP, security management and system troubleshooting skills.
• Experienced in Deploying Wireless Network Infrastructure and Wireless Survey Best Practices.
• Worked on implementation strategies for the expansion of the MPLS VPN networks.
• Strong hands on experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
• In-depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP.
• Experience in risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, and R70.30 & R75.40.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Build IT security infrastructure including Checkpoint, ASA and Palo Alto firewalls.
• Experience in managing and migration of large scale enterprise networks, extensive knowledge in developing test plans, procedures and testing various LAN/WAN products and protocols.
• Good working experience on Cisco Nexus 3000/5000 devices and Riverbed Steelhead (WAN Optimization) devices.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40 Smart Domain Manager command line & GUI.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Real-time experience in designing and assisting in deploying enterprise wide Network SSL Security and High Availability Solutions for ASA.

TECHNICAL SKILLS

Operating System: Windows XP, 2000, NT, 98, 95, Win7, Win8, Visio.

Connectivity & Hardware: Cisco Routers 2900, Cisco Switches SRW 300, 1900, 2900, 3700, 4500, Cisco ASA 5500, Cisco WLC 2500, Cyberoam UTM Devices, SonicWALL UTM Devices, HP Procurve Switches, 3COM Switches, HP MSM720.

Routing Protocols: RIP, RIPv2, OSPF, EIGRP, BGP, Static Routing.

Switching Technologies: VLAN, VTP, HSRP, VRRP, GLBP, Stacking, STP, Port - fast

Network Technologies: CDP, Access Control List (ACL), Network Address Translation (NAT), and Port Address Translation (PAT).

Security Technologies: IPS/IDS, Firewall, VPN, Tunneling, ASA, IPSEC, DMZ.

Wireless Technologies: 802.11 a/b/g/n, WLAN, WAP, AP, SSID.

Monitoring Tools: Wireshark, SolarWinds, Nagios, OpManager Wireless LAN SonicWALL Firewall, Checkpoint Firewall Link Aggregation Groups (LAG).

Applications: MS SQL Server 2005, MS ISA Server 2006, MS Office XP/ 2003/2007/2010 , Citrix MPS, CounterPoint, MicroBiz, ManageEngine ServiceDesk Plus, Communigate Pro Mail Server, Microsoft Exchange, NetMail, Solarwinds NPM.

PROFESSIONAL EXPERIENCE

Confidential, Lake Zurich, Chicago

CHECKPOINT SECURITY ENGINEER

Responsibilities:

• Troubleshooting Palo alto and Checkpoint issues and VPN related issues and performed upgrades for all IP series firewalls from previous versions (R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77) to R77.10
• All Juniper firewalls are managed through NSM. Site to site VPN for all b2b and vendor tunnels with Checkpoint and Cisco VPN’s. Confidential was the anti-virus used at the desktop and server levels within Mass Mutual.
• Migration with both Checkpoint and Cisco ASA VPN (Checkpoint R75.30 to Gaia R77.30 GA version
• Upgrade of Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20
• Configuration and Maintenance of Checkpoint R65, R75.40 Gaia Firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided L3 support for routers/switches/firewalls
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Primarily worked on Checkpoint Security Gateways running R77, R76, and R75 Gaia and Fortinet Firewalls running Forti OS 5.2.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Worked on IPSO and secure platform. Nokia hardware platforms like IP360 & IP560.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• IPSO Versions and Checkpoint SW are currently being remediated to current target version of IPSO 6.1 Build 38 running Checkpoint R65 Build 63, currently remediating Running in Active/Active Cluster mode into VRRP High Availability setups.
• Implement changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineer’s instructions and troubleshooting any related issues.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a Perform troubleshooting through command line interface and provided support for IP routing protocols including OSPF, EIGRP, and BGP and Bluecoat proxy servers.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
• Configuration and maintenance of Juniper Net Screen SSG -550.
• Performed “Fresh Installation” of R77.10 on Smart Event 150 appliance through the Console to establish the connection between the Checkpoint Management server to receive the logs
• A few UTM boxes in remotes sites and client locations were replaced with SG models and upgraded into latest software version (R77.10 of firewalls to avoid high CPU utilizations to get the policy pushed.
• Cleaned up of Domain controllers for AAA server groups (LDAPSSL LEVI and LDAPSSL LSAPPS).
• Configuration of SSL VPN through access blade and up-gradation of Firewall.
• Experience through Hand-on Experience with configuring T1.5, Gigabit Ethernet, Channelized T3 and full T3, OCX, ATM, Frame-Relay and VOIP (Voice-Over Internet Protocol) and Configuring VLAN’s, Trunking and routing.

Confidential, SanJose, CA

Network Security Administrator

Responsibilities:

• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40 Smart Domain Manager (SDM) command line & GUI.
• Supports the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
• Experience with working on wireless site survey using Air-Magnet.
• Upgrading checkpoint Web application firewall and fixing hot fixes and patches.
• Installation of checkpoint Next-Generation firewall GAIA R76/77.30 in Open Server, UTM.
• Configuration of checkpoint firewall mainly IPS (Intrusion Prevention System) module according to client topology and checkpoint MDS.
• Experience on Endpoint security SME with McAfee Endpoint.
• Worked on Imperva Secure Sphere Web application firewall.
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance.
• Experience with working on Imperva web application firewall for granular correlation policies reduce false positives and Dynamic application profiling.
• Working on implementation and configurations of wireless points and wireless process.
• Cisco routing and switching technologies and devices LAN / WAN, VPN, Routing protocols, VLANs, Trunking, Cabling, Cisco IOS administration.
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Worked on RSA authentication manager and Cisco NSA (Network Admission control) to authenticate users and devices to the network
• Advance Knowledge on Lancope Stealth watch system for monitoring, analyzing and responding In-depth network activities.
• Worked on Windows Management Interface (WMI)
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
• Configuration and troubleshooting of Next-Generation Firewalls ASA 5520, ASA 5510, Nokia Check Point VPN­1 NGX R55/R65/R70
• Advance knowledge on design, implementation and maintenance of QoS for LAN and WAN networks
• Performed upgradation from old platforms to new platforms R65 to R77.30
• Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Checkpoint firewall MDS.
• Worked on Migrating from ASA 5540 to ASA 5585.
• Experience with Using GTM, APM & LTM F5 component to provide 24“7 access to applications.

Confidential, Farmington Hills, MI

Network Engineer

• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
• Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
• Configured and installed new Branch network systems. Resolved network issues, ran test scripts and prepared network documentation.
• Configuring Firewalls such as Cisco ASA and Checkpoint Firewall.
• Configured policies on checkpoint Firewall and involved in resolving production issues.
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall.
• Configured, upgraded, and troubleshoot Cisco, Sourcefire, and Checkpoint firewalls and IPS sensors for various customers and oversaw configuration backups and signature pack deployment.
• Worked with softwares such as Solarwinds and Infoblox to manage DNS servers, assigning IP Address and implementing DHCP for security purpose of the networks.
• Planning and implementation of IP addressing scheme using Subnetting and VLSM.
• Contributed in Configuring VLANs on multiple catalyst switches performed troubleshooting on TCP/IP network problems, Administered Frame-Relay and networks and also assisted in configuring ACL & NAT through CLI.
• Used Solarwinds network monitoring tool to ensure network connectivity and Protocol analysis tools to assess the network issues causing service disruption.
• Analyzing traffic behaviors using Wireshark and Solarwinds.
• Modified OSPF costs of the links to divert traffic to reduce the delay and bandwidth consumption across the links.
• Performed migration from Cisco catalyst switches to Nexus switches.
• Configuring access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Responsibilities also include technical documentation of all upgrades done
• Attending meetings and technical discussions related to current project.

Confidential

Network Support executive

Responsibilities:

• WAN Infrastructure running OSPF as core routing protocol.
• Work on different connection medium like Fiber and Copper Connectivity.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
• Assist the certification team and perform configuration of LAN/WAN technologies such as Ethernet, Fast Ethernet, and Gigabit Ethernet.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Supported nationwide LAN infrastructure consisting of Cisco 4510 and catalyst 6513.
• Configured port-fast, uplink fast and other spanning tree features.
• Created Lab demonstrations for new technology deployments with loaner equipment from various vendors and presented the findings to upper management.