OBJECTIVE:

• Over Eleven years' experience in information technology, with past Eight years "hands - on" focus on F5 (LTM), Checkpoint Firewall and Linux DNS specializing in network security design, implementation, troubleshooting, integration and monitoring LAN/WAN infrastructures.

TECHNICAL SKILLS:

Firewall & Network Products and OS Versions: * Checkpoint on SPLAT and IP Appliance with packages including R65, R70, R71,R75 and R80 * Cisco ASA, FWSM and Pix Firewalls including ASA 5500 Series Firewalls (5580, 5540, 5520) with 7.x, 8.x * Cisco Routing on 7600, 7200 as well as 3800, 3600, 2800, 2600 series etc with IOS 12.x * Cisco Switching on 6500 Series Switches with Sup 720, and modules such as NAM, IDMS, FWSM* Cisco 4948, 3560, 3550 and 2900 Series Switches. * Cisco ANY Connect and Remote Access VPN on Cisco ASA 5540 Appliances. * Juniper SA VPN (4500) and Netscreen Firewalls using NSM. Proxy Servers using Blue Coat, Cisco ACS.

Networking Technologies and Services: * OSI Layer, TCP/IP, GRE, MPLS, ATM, LAN and Frame Relay* WAN routing protocols including RIP, EIGRP, OSPF and BGP* High Availability Protocols including HSRP and VRRP* L2 Switching technologies including VLAN, VTP, STP (PVST, R - PVST, and MST), and Ether channel* Active Directory Services including DNS, DHCP, NTP etc.* Network load baLANcing including Citrix Netscaler and F5

Security implementations: * Implement secured Firewalls for IDC network with Multiple DMZ and 3rd party zones* Build IPSec based Site to Site VPN tunnels with Business Partners and 3rd parties.* Build SSL VPN based on Resource Profiles ( Role based Access )* NAT, PAT, Dynamic Nating (Policy based), Access list. Application Inspection.* IDS / IPS on Cisco AIP SSM Modules. 2 Factor Authentication

LAN: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Wireless

WAN: Frame Relay, OC3, MPLS, PPP, T1/T3

Protocols: TCP, IP, ICMP, IGMP, RIP, OSPF, EIGRP, BGP, HSRP, VRRP, SNMP, MLSP, VPN, DMVPN,RRI, CDP, SNMP, VLAN, 802.1q, 802.11x, 802.1x, NAT, PAT, Ether channe

Platforms: Cisco IOS (11.x, 12.x), ASA (8.2, 8.4), CAT - OS, LINUX OS, VMware ESX, VMware Server

Infrastructure services: DHCP, DNS, SMTP, FTP, TFTP

Network Management: HPNA, HP Openview, AlgoSec, Solarwinds, Wireshark

Desktop application Software: Microsoft Windows Server 2003/2008, Microsoft Exchange Server 2003/2007,Microsoft SharePoint, Microsoft Office Suite, Lotus web Access, Lotus Notes, Virtual Network Computing,(VNC), Teamvewier, VMware, Cisco Anyconnect, EZdraw, notepad+

PROFESSIONAL EXPERIENCE:

Senior F5 Engineer

Confidential, New York

• Managed 50 Checkpoint Firewall in North America, Chile, Mexico and Panama. Supported all internal and External facing F5 (LTM) and Linux DNS server supported all the subsidiary, third party and brunch offices.
• Closed in average 10 ticket per day including F5, Firewall, DNS
• Experienced in various F5 LTM hardware and software 10x to 13x platform
• Installed, upgraded, and troubleshoot issues on various platforms
• Created VIP, node, pool, ssl, ssl profile, persistence, custom monitoring and load balancing method (Round Robin)
• Expert in writing and troubleshooting F5 iRules
• Experienced with packet capture analysis and troubleshooting tools TCPDUMP, wireshark
• Fluency with F5 cli/tmsh, writing/reading/modifying configurations
• Created vip using iApps template
• As a senior F5 engineer I was the first contact to deal with any unexpected situation related to F5 LTM
• Implemented network hardware and software as needed including Checkpoint Firewall GAIA, F5 LTM, IPS, IDS, URL Filtering
• Created Firewall rules in the SmartDash Board and pushed those policy to the specific Gateway
• Analyzed checkpoint Firewall traffic by using SmartView Tracker to identify source, destination and services to determine traffic drop or accept and used SmartView monitor to monitor FW performance which also used to track top source ip or top destination ips or service port
• Deployed infrastructure network technologies consistent with corporate standards and in collaboration with Enterprise IT architects
• Maintained standard technical, support, operational and security documentation
• Hands on experience with network protocols ( STP, EtherChannel, Router on stick, HSRP, EIGRP, OSPF, BGP, RIP, VLAN, TCP/IP, NAT, etc)
• Designed, setting engineering standards, configured, administered, and documented firewall infrastructure
• Manage the firewall deployment, rules migrations, and firewall administration
• Converted converting existing rule base onto new platforms
• Upgraded FW Secure Platform to GAIA version from 65 to 80 both gateway and management
• Quarterly rebooted FW and applied the necessary hotfix
• Represented the changes at the weekly change review meetings and updated network diagrams and all other applicable documents
• Experienced in PaloAlto, and ASA firewall
• Monitor SmartEvent to analyze unusual activity in the Network top find out top source or destination or services
• Expert knowledge in troubleshooting tools - tcpdump, ssldump, openssl, QKview, logs, curl, Wireshark, Fiddler, Postman, etc.
• Managed Linux bind to add, remove or update the DNS record in the Forward and Reverse lookup zone
• Transfer and created DNS zone file in the internal and external DNS server
• Acted a higher level support during incident response activities
• Capable of working independently in a high paced highly dynamic environment
• Participated monthly on call rotation
• Supported multiple tier application

Network Firewall Engineer

Confidential, New York

Responsibilities:

• Offloaded ssl profile in the F5, setup custom health check monitoring Used default or custom persistence (cookie based or source based) Implementation, configuration and support of Checkpoint Firewalls for multiple clients Firewall Policy administration and work with user requests submitted by users. Build Site to Site IPSec based VPN Tunnels between various client and business partner sites
• Resolved IPSec Site to Site VPN issue in house or remote location in Phase 1 and Phase 2 using CLI Used MD5,SHA, SHA1 for Data Integrity.DES,3DES and AES for encryption and DH,Digital or Shared key for authentication Run clean or upgrade installation GAIA OS on Management Server or Gateway Troubleshooting connectivity issues with in the server zones of the Data center (between application servers,database and web servers) as well as user requests and user connectivity issues from various branch locations,office locations and third party sites to data center. Setup, configured, secure and maintained multi tier DMZ Experienced in Multi Domain Security Management Provider - 1 Actively used, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting Installed, configured and manage VSX Perform advanced troubleshooting using Packet tracer and tcpdump on Firewalls. Built and support VRRP / Cluster based HA of Checkpoint Firewalls. Install and configure Checkpoint Endpoint Solution, Mobile Access, Virus detections, IPS, DLP Blades, Identity Awareness Firewall Policy Optimization using third party tool Tufin Perform Firewall OS upgrades using CLI, Splat and Voyager
• GUI. Backup and restore of Checkpoint Firewall policies. Black listing and White listing of web URL filtering Review Firewall rule conflicts, unused rules and mis-configurations and clean up. Used Algosec Firewall security management tools to validate rule, object and appliance redundancy Checkpoint Firewall policy administration and support between various zones. Modify and implement ACL changes on Client routers and assist the user when there are any issues using Network Authentication to this is also done through TACACS. VPN User access management on check point Firewalls. Use LDAP for identifying user groups Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework. Maintain Configuration, Documentation (Visio's) and Records Management. Work on Cisco based Routing and Switching environment with MST and Rapid Spanning tree and using Routing Protocols such as EIGRP and OSPF. Configure Port-channel and build Spanning tree with proper root and backup designated ports.

Network Security Engineer

Confidential, NYC

Responsibilities:

• As part of Network Security Team at the Data Center I am responsible for managing network and security at multiple Data centers. These Data Centers host applications accessed by more than 5K users externally. Some of these applications include Oracle Applications, PeopleSoft etc.
• Day - to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
• Change and Incident Management using HP Service Manager. Schedule day to day Firewall related changes and seek CAB approval if required for production impacting changes.
• Firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
• Monitors Firewalls by using SolarWind management tool
• Extensive experienced to setup,configure and troubleshoot IPSec site to site VPN
• Extranet changes to Cisco 6513, 6509 and 7204 series devices including FWSM Firewall changes, routing switching changes and Juniper Netscreen based SSL VPN and ISG.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Troubleshooting connectivity issues on the Firewall using smart view tracker, monitor health of the appliance using smartview monitor etc.
• Support routing protocols including BGP and OSPF routing, HSRP, load baLANcing/failover configurations, Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting
• FWSM configurations in single/multiple context with routed and transparent modes.
• Implementation and configuration of Firewalls especially Checkpoint and Cisco ASA.
• Work on Policy administration of Cisco and Checkpoint Firewalls using Perigrine
• Troubleshooting end user connectivity issues through the Firewalls and network.
• Making sure the NAT is applied appropriately on the Firewall for all the third party and DMZ traffic.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• VLAN design and implementation, Spanning Tree Implementation
• IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Troubleshooting Laye 2 and Layer 3 issues.
• EIGRP and RIP version 1 & 2 Routing Protocols. Redistributing from OSPF to EIGRP and vice versa.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.

Network Engineer

Confidential, Charlotte, NC

Responsibilities:

• Responsible for Firewall rule remediation including Checkpoint and Cisco rules
• Responsible for rule usage reporting and rule analysis pertaining to least access
• Identify unused rules and submitted to line of business (LoB) for approval to keep or disable
• Experience with FireMon rule analysis and reporting tools
• Experience with Checkpoint smart domain manager
• Write, update and maintain system documentation
• Ability to investigate and analyze information and to draw conclusions
• Configured Client VPN technologies including Cisco's VPN client via IPSEC.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast - Ethernet channel
• Configuring Layer 2 configuration including switch ports, VLANs, trunk links, Rapid Spanning Tree.
• Layer 2 and Layer 3 support working on Cisco 3800/2600/2800 routers and 4500/3560/2900 Switches.
• Built IPSec based Site to Site VPN tunnels between various business partner locations.

Network Technician

Confidential, Nashville, TN

Responsibilities:

• Responsible for the company's National Account road work including voice and data networking systems and systems integration.
• Performed installation of LAN/WAN data system wiring. Installed routers, hubs, terminal servers, print servers and PC's. Responsible for moves, adds and changes and cabling for remodeling projects. Installed some desktop applications on PC's.
• Installed voice, data, fiber optic and coax cable for new construction and remodeling projects for national accounts.
• Installed system racks and ladder rack in computer rooms. Installed all hardware equipment in computer rooms such as routers, hubs, satellite hardware and TV monitor Switches. Responsible for service calls. Responsible for moves, adds and changes. Installed PC's, printers and telephones. Installed POS equipment

Desktop Support

Confidential, Philadelphia

Responsibilities:

• Image RHEL machines Back data using fsync and spideroak Administer printers thru CUPS system Resolve Macbook Pro/Air VPN issues, Wifi, printer, MS Office 2011 Re - image Macbook Troubleshoot sending and receiving Zimbra/Thunderbird mail issues Configure two token passcode, GoogleAuthenticator and OTP token Configure RedHat e-mail on android/iphone Successfully resolved polycom phone incoming/outgoing issues Successfully completed office expansion project involving racking 6500 Cisco chassis, cyclides, IP camera, configure UPS with IP address Record laptop inventory in Remedy and
• Service Now Set up Cisco Catalyst 3750 layer 3 Switch, Cisco Phones Utilized Putty program to configure switch IP addresses ports, fast Ethernet ports Patch Cisco switch with patch panel using Ethernet cables Troubleshoot internet connectivity issue using ping, tracerroute Set up 120 PCs, monitors, printer Use Microsoft Lync to remote into PCs to resolve issues Asset tagging, surplus inventory and shipments