SUMMARY

• Network Engineer having around 8 years of experience in Networking and Security, widely in Network Security Products and Firewalls.
• Firewall installation, Policy implementation, NAT translation and System Software Upgradation of existing Firewalls.
• Expert Level Cisco ASA, Palo Alto, Check Point and Juniper SRX Firewalls Administrator.
• Involved in Project planning, Product Migration, Project handovers, perform maintenance and backup for the security products.
• Wide knowledge on Cisco Iron port for URL filtering based on categories and for http & https traffic redirection via Cisco IronPort.
• Monitor industry warnings and messages for all system patches, virus activity, and upgrades to maintain the overall information security integrity of the enterprise.
• Inform and recommend course of action to information security management.
• Security Policy setting & configuration as per the security requirement in various segments
• Palo Alto Network Security Device Administrator: Administration of Palo Alto Network Device, Configuration of New Access Policy, Firewall Rules, QOS Rules, User ID agents, Treat Policy. Monitoring the network traffic via Wire Shark network analyser tool. Creation new Internet access policy for the global network, Trapshooting the internet filter, firewall, OOS.
• Worked extensively on firewalls and VPN gateways Checkpoint, Blue Coat Web Gateway, CISCO, Juniper, FortiGate and Shell.
• Knowledge of RIP, IGRP, EIGRP, OSPF Routing Protocols.
• Cisco switches and routers, LAN networks, VPN configuration, IPsec, PPTP VPN tunnel configuration for the client.
• Experience with Cisco ASR 9K/1K, Cisco GSR, Cisco CSR, Cisco 7200vxr, and Cisco 7600, 7200, 6500,4000,3800,3600 and 3200 routers.
• Switching / Routing Protocols, VLANs, STP, LLDP, TACACS, SNMP, IGMP, DHCP, BGP, OSPF, RIP, PIM, VRRP, IPv4 and IPv6.
• Hubs, Bridges, Routers, TCP and/or IP protocols, Addressing, Flow control
• Analysing and troubleshooting network problems and Application slowness issues.
• Configuring F5 Load balancer LTMs and GTMs to isolate traffic from the web servers.
• Providing support and troubleshooting the network Problem for the client.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Innovated with support of Palo Alto for remote and mobile users and for analysing files for malware in a separate (cloud - based) process that does not impact stream processing.
• Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP
• Assist customer team with the design and placement of Palo Alto Networks devices.
• Installation, configuration and maintenance of Palo Alto, Cisco ASA 5500, Juniper SRX Firewalls.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
• Hands on experience on Power over Ethernet (POE) and Ether Channel.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Design, implementation and support for network security technologies and products (WAF, Cisco ISE, AMP, Firepower, etc.)
• Optimizing and efficient use of policies in Palo Alto-5020 and FortiGate 311B Firewall v5.2.3.
• Experience in configuring Client-to-Site VPN using IPSEC VPN on SRX series firewalls
• Migrated Core Internal Network from Core Switch to Palo Alto Firewall and configuring Generating User Activity and Application Reports on PA5020 Firewalls.
• Managed implementation of Cisco IOS zone-based firewall to perform basic security operations on the network.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series -2k,5k,7k

Firewalls: Palo Alto PA-3050, PA-5050, CISCO ASA 5500, Checkpoint

Routing Protocols: RIP v1&v2, BGP, OSPF, EIGRP, HSRP, VRRP, GLBP, FTP, SMTP, SNMP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN.

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS.

VPN Technologies: Remote access and site-to-site IPSec VPN, IPv6 transition techniques viz. Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Packet Tracer, Wire Shark, Solar Winds, What’s Up IP, Nagios and Fluke Networks

Networking: TCP/IP, OSI Model, Socket Programming, LAN/WAN, Switches and Routers, IPV4/IPV6 Addressing & Subnetting, Ethernet, STP, VLAN, Trunking, DNS, DHCP, NAT, ACL, HTTP, ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS Web Services (REST & SOAP), Windows Servers 8 & 12

Tools: GNS3, Packet Tracer, Solar Winds, What’s Up IP, VMware Workstation, Wireshark, Nagios and Fluke Networks

Languages: C, Python

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

DOCSIS: Cisco, RCA, Com21, GI, 3Com, Samsung, and Toshiba

DLP: Websense, Symantec & McAfee

Cloud Environment: Amazon AWS

PROFESSIONAL EXPERIENCE

Confidential, Allendale, NJ

Sr. Network Security Engineer

Responsibilities:

• Configuring and troubleshooting perimeter security devices such as Checkpoint R77 Gaia, Secure Platform, Palo Alto, ASA Firewalls
• Implemented the Policy Rules, DMZ and Multiple VDOM's for Multiple clients on the Palo Alto firewall
• Worked on Palo Alto Firewalls, Panorama, APP ID, User ID, Zones, URL Filtering, SSL decryption. Migration from ASA to Palo Alto.
• Managed Palo Alto/ASA Firewall for security policies and rule base of security control points, device mapping using network address translation, objects management, other administrative tasks.
• Involved in the configuration & troubleshooting routing protocols like BGP, OSPF, EIGRP, RIP, BGP and MPLS
• Introduced F5 ASM into the company infrastructure and supported F5 ASM, DNS, LTM and Virion.
• Endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement
• Worked on Core switches.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Experience with working on juniper switches like ex2200, ex2500.
• Produced reports on the bandwidth utilization, traffic analysis, traffic types, packet analysis with Cisco Prime
• Configuring and implementing of Composite Network models consists of Cisco 7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 3550, 3750, 5000, 6500, 9300, 9500 Series switches
• Worked on Site WAN Transformation from Cisco 2821 Router to Cisco 4321, 4431, 4451 and ASR 1000 routers, including Visio Network Design, configuration changes, route redistribution
• Worked on F5 GTM, configuring Wide IPs and pools to load balance the client traffic between the two data centres
• Gained knowledge of Cisco Meraki Cloud managed Switches (MS250, MS350, MS410) and SD WAN (MX 65, MX100, MX400).
• Configuring various advanced features (Profiles, monitors, Redundancy, SSL Termination, Persistence, SNATs, HA) on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Extensively worked on TCP/IP protocols and transport protocols like TCP and UDP.
• Worked on F5 to setup and configure VLANS, Pools and Virtual Servers.
• Troubleshooting on Cisco devices, F5 Load balancer, Palo Alto Firewall.
• Worked on MS Windows 2016 to create AD or Changes.
• Worked of Active Directory, DNS, DHCP & Printing service
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k, etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience in layer - 3 routing and layer-2 switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches).
• Configuring Site to Site, and Remote access VPN with ASA 5510 firewalls
• SSL offloading on F5 LTM's, worked on both the server SSL profiles and client SSL profiles.
• Configuration of router based, and Policy based VPN, SSL VPN, NAC, IDS/IPS, IPSEC Tunnels on Palo Alto firewalls.
• Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC,
• VPC, VRF, Cisco UCS, and fabric-path technologies.
• Planning, installing, configuration and troubleshooting of networking infrastructure including routers, switches, and configuring all necessary LAN / WAN protocols in support of wireless infrastructure.
• Installed IOS in Cisco and Juniper devices through jump server.
• Managed and maintained VMware NSX hosting environment.
• Installation and configuration of Cisco switches (2950, 2960, 3550, 3750, 4500 and 6500) and Cisco routers (2500, 2600, 3000, 3800, 4331, 6500, 7200, 7500 and 7600).
• Configured Routing protocols such as RIP, OSPF, EIGRP, MPLS static Routing and policy base routing.

Confidential, Lisle, IL

Sr. Network Security Engineer

Responsibilities:

• Configuring, Administering and troubleshooting the Palo Alto, ASA and Juniper firewall.
• Investigate security incidents, troubleshoot, resolve and recommend actions needed to resolve vulnerability issues.
• Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
• Experience in working on the Quarterly maintenance windows for failover, reboot of Checkpoint next-generation firewalls and Palo Alto firewalls, as well as other security devices
• Administer policy settings and upgrades to Forcepoint Triton APX Web, DLP, and Email applications
• Experience on working on Checkpoint firewall IDS/IPS module for setting up the upgradation of new signature patterns and monthly reporting for auditing purpose.
• Responsibility is implementation and troubleshooting forCiscoFirewall, FortiGate, CiscoWLC, Routing and Switching, VPN, ISE.
• PrincipleSMEthat successfully led, developed, trained and optimized 64-person military team, as the sole civilian expert.
• Designed to be fully functional and compliant to operate as a self-contained cyber mission team
• Analyse/configure different firewall devices - Palo Alto, Cisco, Checkpoint,Imperva
• Design and implementation of Twenty F5 ASM to replaceImpervaWAF.
• Migration ofbluecoatenvironment for different departments
• Monitor performance, availability and health on Cisco,Bluecoat, Riverbed and F5
• Network AnalystSME, Mentor. Responsible for program management and analysis of petabytes sized network data sets utilized for operational and strategic decision-making
• Managing Cisco ASA 5585, 5555, 5545 series, upgrade and maintain security policies
• Responsible for installation, configuration of Palo Alto using Panorama
• Perform networking solution Confidential data center forBluecoatProxies.
• Performing migration from old network to a new network of millions of users.
• Provide on call support with network operations teams resolving incidents
• Deployed Palo Alto-7000 series device to the production environment, managed them via Panorama.
• Worked on the migration of ASA firewalls to Palo Alto firewalls, in cloud environments.
• Performed code upgrades on the ASA 5585, 5555 series
• Worked on Splunk to gather generated logs for the firewalls, to maintain application flow on firewalls
• Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
• Creating NATs as per user’s requirement to getting access for different servers like internal firewalls, DMZ firewalls.
• Monitoring and TroubleshootingISE
• Internet firewalls and also worked on Splunk for troubleshooting.
• Migrate management, host and transit interfaces of the firewalls to new IP, without affecting data traffic.
• Migrate NAT rules with counter NATs as per the new IP request
• Participate daily scrum meetings, maintain project flow to meet deadlines.
• Migrate and configure Juniper firewalls to Palo Alto using Panorama
• Setup Global Protect VPN in the production environment, test and maintain VPN firewalls
• Create and run the automation script to push configuration into the firewalls
• Maintain definitions in Bluecoat proxies, with Splunk integration.
• Creating Perform and fulfil service now request for Port service, create policies and migrate rules to new subnet
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Worked with applications transport protocols SSL, IPSEC, DNS, NTP, SSH, LDAP, RADUS, TACACS+ and AAA on ASA Firewalls.

Confidential, Mechanicsburg, PA

Network Security Engineer

Responsibilities:

• Device managing - Palo Alto firewalls (5000, 2000, 500 series) with centralized manage server panorama.
• Checkpoint (R65), ASA 5520, VPN, Bluecoat proxy, ISA server, Certificate authority, Proventil IBM IPS with Site protector, tipping point with SMS, PIX-535, MacAfee vulnerability manager.
• Involved in Migration of Check point to Palo Alto firewalls.
• Installed, operated and supported McFee Epos, CA-Entrust console, Symantec Endpoint Protection Manager Console, SOPHOS, TrendMicro.
• Antispam Bright mail, Symantec Mail Security, Cisco IronPort.
• Migrating Bluecoat proxy with Palo Alto captive portal solution.
• Design, Deploy, and ConfigureCiscoISE(Identity Services Engine) in multiple environments.
• Replaced different locations Cisco IOS hardware as well as physical firewall hardware structure with Meraki MX firewalls and MS switches solutions.
• Worked with Websense ACE to safeguard network resources, define rules for custom filters and provide real time security updates
• Responsible for installation, troubleshooting of firewalls (Cisco firewalls,ImpervaWeb app Firewalls, Checkpoint firewalls and Juniper firewalls) and related software, and LAN/WAN protocols
• Implementing and troubleshooting Blue Coat Proxy SG-x appliances.
• ManagingBluecoatproxy devices and IDS, IPS devices.
• Migration of forward proxies to the centralized Director product, configuring the reverse proxy for the content analysis system (CAS) for newer application.
• Responsible for designing, implementing, upgrading, and troubleshooting Blue Coat Proxy SG-x appliances.
• Deploy and manage Forcepoint firewalls, CISCO ASA 5500 and Palo Alto.
• Manage Forcepoint SMC (156 firewalls)
• Responsible for the implementation, documentation, and day-to-day support of theImpervaDatabase Firewall.
• Up-gradation of Proventil IBM IPS firmware and Palo Alto firewalls.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto.
• Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature.
• Hands on experience working with products like Checkpoint R77 Gaia and Palo Alto Enforcement Points and P1, TACACS+, F5 LTM and GTM, Crossbeam, SPLAT, Infoblox, SGW, ACME Packets, A10, Cacti, BluecoatProxy SG and packet sniffers.
• Experience with Websense filtering service for selectively filtering unwanted internet requests traffic
• Worked on checkpoint firewall SMART Event Intro module for generating monthly IPS reports
• Experience on working with SIEM tool LogRhythm on adding the newly build windows and Linux log servers and creating policies for different alerts
• Deployment of Palo Alto 5000 series firewall and checkpoint 12000 series firewall
• Worked on Python scripting for generation the firewall security policy through web visualization tool in checkpoint firewall.
• Conducts and assists with vulnerability scanning, penetration testing, application security testing, risk assessment and risk consultation with other teams and business units.
• Building configurations for Juniper MX 2010 and MX 2020 routers with features like port security, VLANS, VTP, PVST+.
• Upgrade theCiscoISEnodes to release versions required by the phase of the project and add nodes to theCiscoISEdeployment.
• Configuration of Juniper SRX series firewalls for outbound traffic via blue coat proxy server.
• Implemented inter-VLAN routing (on Juniper EX 3300 and EX 3400 switches) among the VLANs to allow communication on larger internetworks.
• Monitor and investigate security incidents and alerts with Arc sight, FireEye, Palo Alto,SourceFireand McAfee EPO.
• Modify and implement ACL changes on Client routers and assist the user when there are any issues using Network Authority. Authentication to this is also done through TACACS.
• Written firewall rules in support of application migration from F5 to A10 load balancer
• Implemented extended ACLs on Juniper SRX and 3750 to allow communication between the required networks, and to restrict other communications.
• Implemented various routing protocols such as RIP, EIGRP and OSPF on Juniper MX routers; also taking care of issues such as discontinuous networks.
• Analysing the vulnerability alerts triggered in Arc sight and tune the polices in IPS and firewalls.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Palo Alto design and installation for Application and URL filtering
• Configured and troubleshot Palo Alto firewall using CLI.
• Assisting end user operations staff with technical support for Fortinet products
• Cisco ASA and FWSM, Fortinet FortiGate; F5 AFM, A10 WAF, IDS/IPS systems, and general knowledge of security features and protocols
• Monitor and runCiscoISEreports/audits and work with security team to locked down or allow unknown devices that are found on the network.
• Scanning the servers and hosts using MacAfee found stone manager and analyse the vulnerabilities.
• VPN creation (Site to site, SSL, RA VPN) and troubleshooting. Managing PKI servers
• Cyber Security assessment using traffic analysis tools (i.e., Wireshark, TCP Dump, etc.)
• ISA server manages.
• Ability to configure and monitor security tools such as security information and event management (SIEM).
• Migration of PIX to ASA firewalls. Preparing monthly SLA report and availability reports.