SUMMARY

• 5+ years of experience in Networking and Security, including hands - on experience in providing network support, installation and analysis for a broad range of LAN / WAN communication systems.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Palo Alto PA-500, PA-2k, PA-3k, PA-5k & PA-7050, Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30, R75.40 &R77.30 Smart Domain Manager command line & GUI, Cisco Pix and IOS Firewall, Cisco ACL & Cisco ASA.
• Knowledge of DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN
• Proficient in implementing and support of Network product lines like Cisco, F5 for various functionality within the architected framework.
• Experience in Configuration and Support of LAN protocols on Cisco Switches such as Layer2, Layer3 and Multi Layer.
• Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Design & implementation of Network, VLAN creation/management, IOS upgrades, ACL management, DMZ design/management, PAT/NAT configuration, anti-virus management, and security strategy.
• Responsible for design & management of Juniper Netscreen and ISG Firewall configuration and support through NSM 2010(Network Security Manager), Juniper Switches, Cisco Switches.
• Technical Knowledge on Cisco PIX/ASA series, Juniper Net screen/SRX firewall gateways.
• VPN Technologies including both Site to Site and Remote Access including SSL VPN Technologies such as ANYCONNECT, Access Blade, up-gradation of firewall .
• Configuring firewall filters, routing instances, policy options.
• Proficient in setting up IT infrastructure including wide area networks (WAN) / local area networks (LAN), security management systems & networking devices administration.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
• Proficient with Cisco routing and switching products, UNIX, Linux, shell scripting and routing protocols. Experience in tools like SNMP, AAA, RADIUS and designed VPN with IPSEC security layer.
• Understanding of IPSEC & GRE tunnels in VPN implementation using Cisco IOS and checkpoint firewall /VPN.
• Hands on experience with the usage of diagnosis tools like Skybox, Qkview, TCPDUMP for analyzing the real time statistics during the packet flow.
• Experience with Checkpoint SPLAT and GAIA, FWSM, Cisco ASA Juniper firewalls.

TECHNICAL SKILLS

Operating Systems: include R77.30,R77.10,R76,R75.47,R75.40,R75 and R71,R6 and IPSO 4.x,6.x Cisco IOS 7.x,8.x,9.x for Firewalls, Cisco IPS OS 5.X,6.X, 7.X Cisco Catalyst OS and IOS 12.x, FWSM 3.X Cisco CSM 4.X.

PROFESSIONAL EXPERIENCE

Confidential, Chase, Ohio

Network Security consultant /Firewall Engineer

Responsibilities:

• Responsible for placing risk assessment and auditing rules (high med low) based on object names, access and comments (i.e. application awareness) to determine potential impact of deletion.
• Responsible for rule usage reporting and rule analysis pertaining to least access.
• Responsible for Firewall rule remediation including Checkpoint and Juniper rules .
• Responsible for rule usage reporting, rule analysis pertaining to least access, Red Risk and "Comments" section baseline documentation.
• Identify unused rules and submitted to line of business (LoB) for approval to keep or disable .
• Experience with checkpoint smart domain manager .Work on checkpoint with multiple CMA's and policy provisioning
• Experience with Skybox rule analysis and reporting tools.
• Identify rules that allow traffic over unsecure ports, as well as rules that allow traffic to or from non-existent IPAdresses; recommend those rules for remediation.
• Technically worked on checkpoint firewalls (GAIA, R 77.30)
• Creating new rule set for overly premissive rules .
• Export Firewall reports and data from skybox and remediate rules
• Create object, groups on checkpoint firewalls .
• Troubleshoot issues with users, Application owners .
• Change management tool based on ITVL3 standards .
• Ability to investigate and analyze information and to draw conclusions
• My daily activites include implementation of rules and remediation of firewall policies .
• Opened, resolved or updated Tier-2 support tickets for manage Firewall clients.
• Assisted in IT security audits for clients/customers .
• Provided Manage Firewall Clients with regular status reports of their trouble tickets .
• Write, update and maintain system documentation .
• Use SharePoint to manage and share documentation.
• Duties include running Firewall reports and queries in Skybox, Check Point and Application Inventory Tool.
• Collaborate and coordinate with technology and business leads on the investigation and resolution of rules and policies out of scope.
• Responsible for submitting (problem tickets) to delete/modify rules, change control requirements, reporting status and escalating to firewall governance.
• Provide descriptive design details to the third party vendors to make rule changes to firewalls.
• RFC creation through Skybox and process involvement in CAB and Tollgate meetings.

Confidential, Atlanta

Firewall Engineer

Responsibilities:

• Consulted with network deployment team to resolve tickets and troubleshoot L3/L2 problems.
• Technically worked on Checkpoint Firewalls (GAIA, R75, R77.20).
• Work on checkpoint with multiple CMA's and policy provisioning .Configuration,managing and supporting checkpoint gateways.
• Installation, Configuration and Troubleshooting of Checkpoint Firewalls in the network.
• Administer Checkpoint firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Center based Smart Dashboard.
• Allowing connectivity to user though LDAP group by creating access roles on the dashboard as a source host .
• Adding new network passing through firewall by creating VLAN's / Sub -interface .
• Monitor the health and CPU utilization using smart monitor on the Checkpoint firewall.
• Troubleshoot user issues with the help of Smart view tracker to check logs as well as Command Line of Security Gateway.
• Use TCPDUMP and FW Monitor on Checkpoint firewalls for advanced Troubleshooting if required.
• Creating object, groups on Check Point and juniper Firewall, apply static, hide NAT.
• On boarding new clients on extranet firewall allowing them to access core network by adding new static routes, NAT, Policy's .
• Adding rules on multiple firewalls by creating double-NAT .
• Change Management procedure based on ITILV3 standards.
• Install policies on checkpoint using Smart Dashboard and work with users to verify connectivity and troubleshoot Firewall related issues using smart view tracker as well as CLI command line.
• Identify unused rules and schedule change to mark it for permanent deletion at later point of time.
• Updated s on the firewall clusters .
• My daily activities include implementation of firewall policies (both Juniper, Checkpoint)
• Working closely with architecture team to create network design .
• Juniper NetScreen Firewall configuration through NSM 2010 (Network Security Manager).
• Configure Syslog server in the network for capturing the log from firewalls.

Confidential, South Carolina

Sr.Network Engineer

Responsibilities:

• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Work on Checkpoint Provider-1 with multiple CMA's for Policy Provisioning including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Used as the DHCP and DNS server for centralized management.
• DNS administration like adding/modifying/deleting IP and DNS assignments using InfoBlox.
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Managed DNS servers, providing growth management, zonefile error-checking and distribution, new DNS server installation tools, failover planning, monitoring, and new domain acquisition & configuration.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Troubleshoot and maintain wireless backhaul network with protocols such as LDP, RSVP-TE, OSPF, BGP, Pseudo wire ckts, Layer 2 ckts and bridging instances.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configured and Support of high availability protocols including HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches and VRRP on checkpoint .
• Reported directly to the Senior Vice President of Data Center Operations daily.
• Responsible for Cisco ASA firewall administration across our global networks .
• Provided Level-3 Network support for Cisco Switches and Cisco ASA 5500 Series Security Appliances through CLI and CSM.
• Responsible for nightly maintenance including Big F5, ACS, all Cisco ASAs, Citrix Netscalars.
• Configured CISCO content switch for load balancing and Netscalar load balancing.
• Integrating with checkpoint security gateway with Anti-Bot Software blade, for providing security solution to protect virtual environments.
• Supported on Cisco Nexus 5000 and Nexus 7000 Series Switch fabric links.
• Cisco Nexus 7K, 5K, 2K and UCS Deployment in multi-tenant design w/Cisco ASA 5585-X's
• Configured route redistribution between OSPF and EIGRP in a multi-area OSPF network.
• Daily responsibilities included design, implementation, support and administration of multiple security products running CheckPoint Provider-1 and VSX, SourceFire, and ISS Realsecure.
• Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to Get VPN.
• Regularly performed firewall audits around CheckPoint Firewall-1 and compliance metrics
• Change Management procedure based on ITIL standards.
• Assist network operations and level two network engineers in the diagnosis of difficult or complex network related problems.
• Firewall Policy Optimization and access list management using Firemon, Tufin and syslog using Log Logic tool.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Expertise in implementing L2 technologies including VLAN's, VTP, STP, RSTP and Trunking.
• Configuring and Troubleshooting Route Redistribution between static, RIP, EIGRP OSPF & BGP protocols.
• Configured Security policies including NAT, PAT, VPN's and Access Control Lists.
• Configuring IPSec VPN on Cisco Firewall.
• Technically worked on Checkpoint Firewalls (GAIA, R65, R71, R75, R77).
• Managed network IP access via Dynamic Host Configuration Protocol (DHCP).
• Managed network security processes using ASA firewalls.
• Redistribution of routing protocols and Frame-Relay configuration.
• Researched and implemented upgrade process to support Cisco VPN solution.
• Researched, designed, tested and implemented Cisco's VPN solution for remote clients.
• Responsible for designing and implementation for customer network infrastructure.
• Upgrade Cisco Routers and Switches IOS using TFTP.
• Customer facing role with participation in design and deployment of ongoing improvements.
• Tuned BGP internal and external peers with manipulation of attributes such as weight, local p.
• Daily monitoring of network traffic using sniffers (Wireshark) and access logs to troubleshoot and identify network issues.
• Configured and installed 5 new Cisco Catalyst 6509 switches to increase network capacity in a fast-growing data center environment.
• Monitoring of LAN/WAN networks worldwide including Data Center networks
• Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series routers and Cisco 2950, 3500, 5000, 6500 & Nexus 1K, 5K, & 7K Series switches, Juniper routers and firewalls.
• Upgrade of Legacy network from 6500 series to Nexus 5596UP and fabric extenders 2248 for
• Data center servers, Installation UCS 5100 series server install.
• Worked with vendors and Engineering team to test new hardware and procedures.
• Monitored LAN/WAN network activity utilizing CA/Spectrum monitoring tools.
• Network security monitoring: analysis & identification of incident activities & system log files.
• Review Firewall release for any possible non-compliance or vulnerability.
• Assist with development of security policies, standards and procedures.
• Configuration and maintenance of Checkpoint NGX R65.
• Configuration and maintenance of Juniper Net Screen SSG -550.
• Managed and Suggested capacity planning techniques for optimal performance of Juniper network services. Implementing and Troubleshooting of VLAN.
• Provided support for Application Layer: DNS, email (MS-Exchange & sendmail, gmail (secondary MX, alternate location).
• Experience working on F5 Load Balancers-Global Traffic Manager (GTM), Local Traffic Manager (LTM).
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000.
• Substantial lab testing & validation prior to implementation of Nexus 7K, 5K & 2K connecting to blade servers.
• Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4.
• Troubleshoot traffic passing managed firewalls via logs and packet captures
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls. created multiple policies and pushed them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system.
• Managed network capacity in cooperation with the Network Operations Center (NOC).

Confidential

Network Administrator

Responsibilities:

• Configured the Cisco router as IP Firewall and for NATting.
• Maintenance of ERP and troubleshooting of ERP.
• Managed and installed Firewall (Sonic wall).
• Installed & configured PIX 520, 525, 535 series firewalls, configured standard & extended access-lists & policy- based filters.
• Configured ASA 5510 appliance and VPN.
• Managed as a technical liaison between customer engineers, Juniper sales team, and customer executive leadership.
• Responsible for hardware vendor utilized Juniper Networks (M, T, MX, EX, SRX, QFX, Q-Fabric.
• Responsible for implementing Qos prioritizing voice traffic over a data.
• Managed and maintained Antivirus Server (MacAfee, Quick heal, scan).
• Installed and configured network printer installation (HP) 3500 series.
• Configuring, supporting, and maintaining routers, switches, network appliances, firewalls, concentrators, and other communication devices.
• Providing support for advanced level and on-call support for large variety of networks, systems, and infrastructures.
• Experience in working with Cisco Nexus 5000 series switches for data center.
• Troubleshooting network systems and performance, and remediating issues professionally and concisely.
• Evaluating project fit and design, utilizing best practices and vendor comparison techniques to provide customer with best business solution.

Confidential

Jr Network Engineer

Responsibilities:

• Practical experience in Active directory, OU, DNS, DHCP, Group policy, Replication, Active directory domain trust relationship.
• VPN (virtual private network) configured from one office to another office
• Experience with application protocols.
• Consulted with engineering team to resolve tickets and troubleshoot L3/L2 problems.
• Monitored LAN/WAN network activity utilizing CA/Spectrum monitoring tools.
• Network migration from OSPF to EIGRP.
• Managed large-scale area of the network with hundreds of Cisco, Juniper, Logical Solutions, Redback, 3Com devices.
• Prepared Check Point firewall configurations for conversion to Cisco ASA 5585-series firewalls.
• Researched and implemented upgrade process to support Cisco VPN solution.
• Configured extra security on port by enabling port security such as shutdown violation, maximum MAC address allowed per port, BPDU Guard with Portfast .
• Enabled extra features such as IP Source Guard, ARP Inspection and DHCP Snooping to prevent man in the middle attack.
• Implemented Cisco 2921, 2960S, 3560, 3750E Nexus 5010, Routers and Switches with Palo Alto Firewalls.
• Hands on experience and good working knowledge with Checkpoint Firewall policy provisioning.
• Setting up Windows server 2000/2003 as domain controller & adding client machines to domain.
• Managing Agilent software and configuring it on LAN.
• Managing remote Location user PCs at grid stations and troubleshooting the same either remotely or visiting the clients as and when required.