SUMMARY:

• Dynamic and versatile Network Security Administrator/Engineer with outstanding knowledge, skills and expertise, dedicated and committed to providing excellent interconnectivity and networking services, network security and solving networking problems.
• Experienced network security engineer with proficiency in installing, upgrading, troubleshooting, configuring, and supporting variety of Network & Security Devices.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Palo Alto and Checkpoint.
• Configure all Palo Alto Networks Firewall models (PA - 2k, PA-3k, PA-5k, PA-6k) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• In-depth knowledge of network security architecture and protocols, security vulnerabilities, network security, and application security.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
• Hands on experience in Implementation, Troubleshooting &configuring for Checkpoint R77. 40 with GAiA and SPLAT
• Using Smart Update, User Management and Authentication in Checkpoint Firewall.
• Maintained Bluecoat proxy manager.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Implemented application based policy and URL filtering, Threat prevention, Data filtering policies (Palo Alto, Juniper) with Multiple gateways in cluster for granting access to the business vendors. Good knowledge in SDN (Software defined networking)
• Good knowledge in Network function virtualization.
• Knowledge & experience in network protocols & packet analysis.
• Developed scripts on Linux and Windows.
• Familiar with Arcsight, Splunk, Netcool, DDOS Mitigation.
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, & EIGRP, ISIS
• MPLS, IPsec VPN design connection & protocols, IPsec tunnel configuration, encryption and integrity protocols.
• Excellent troubleshooting skills; tenaciously committed to the thorough resolution of technical issues.
• Exceptional ability to grasp and master new technologies quickly and easily.

TECHNICAL SKILLS:

Firewalls: Checkpoint, Palo Alto

Network Security: ACL, IPsec, VPN, Port-security, RSA, AAA and IPS/IDS

Router Platforms: Juniper M320, T640, SRX series.

Load Balancer: BIG-IP F5, ACE 4710, Brocade.

Routing Protocols: EIGRP, OSPF, BGP, PBR, IS-IS.

ACS management: RADIUS, TACACS+, and Digital Signatures.

Network Management: Network Troubleshooting, SSH, SNMP, ICMP.

WAN: Frame Relay, ISDN, PPP, ATM, MPLS, SSL.

LAN: Faster Ethernet, Gigabit Ethernet.

Servers: FTP, DHCP, DNS, HTTP, Syslog, TFTP, NTP.

PROFESSIONAL EXPERIENCE:

Confidential, Brea, CA

Sr. Network Security Engineer

Responsibilities:

• Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.
• Design, Deploy and support Checkpoint Provider 1 and Fortinet Managers and was part of migrations during the company split into two different companies.
• Provides design, installation, configuration, maintenance and administration of CheckPoint Firewall R71 up to R77 version.
• Implementation configuration and troubleshooting of Checkpoint firewall R 77.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances, serving as firewalls and URL and application inspection.
• Configure Palo Alto Firewall models as well as a CMS (Panorama) to manage large scale firewall deployments.
• Configuration and troubleshooting of Fortinet firewall
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Review Firewall rule conflicts and misconfigurations as well as redundant rules using Firemon.
• Administer Checkpoint firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Dashboard and identify unused rules and schedule change to mark it for permanent deletion at later point of time.
• Checkpoint Firewall Log review and analysis and troubleshoot connectivity issues.
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system
• Integrates Microsoft active directory (LDAP) into checkpoint for identity awareness and user authentication
• Overlapping Subnets, Undefined Policy/ACL Reference, Route to Unknown Next Hop, Untrusted remote Login Access to Network Device, Untrusted SNMP Access, Untrusted Network Device Access, untrusted Remote Login Access, Colliding IP Addresses, Duplicate VLAN Number.
• Support the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
• Work on Cisco based Routing and Switching environment with MST and Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.

Confidential, Las Vegas, NV

Sr. Security Analyst

Responsibilities:

• Security infrastructure engineering experience as well as a Microsoft Windows, UNIX, Juniper firewalls, Palo Alto firewalls, Bluecoat Proxies, Juniper Intrusion Prevention devices, and wireless switch security management.
• Drafting and Installation of Checkpoint Firewalls rules and policies.
• Adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Administering and evaluating firewall access control requests to ensure that these requests are compliant with client's security standards and policies.
• Update & Follow Up Checkpoint IPS Signature Packages occasionally.
• Configuration and support of Juniper NetScreen firewalls and Palo Alto firewalls.
• Successfully installed Palo Alto PA-3060 firewall then configured and troubleshot using CLI and worked with Panorama management tool to manage all Palo Alto firewall and network from central location.
• Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
• Administer Palo Alto Firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
• Consultant for Security (implementation, administration) on Checkpoint Firewall, Network Management.
• Configuring rules and Maintaining Palo Alto Firewalls& Analysis of firewall logs.
• Maintaining Checkpoint security policies including NAT, VPN, and Secure Remote access, Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Configuring Juniper NetScreen Firewall Policies between secure zones using Network Security Manager (NSM). implemented an F5-ASM solution for a major online retailer who never had a web application firewall in their environment and required a Web Application Firewall to meet PCI compliance
• Configuration of Palo Alto Next-Generation Firewall mainly creating security profiles and VSYS according to client topology.
• Configuration and installation of Palo Alto Networks 5050 application firewalls (NGFW).
• Expertise in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering.
• Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms.
• Maintained and updated Active Directory for authentication purposes.
• Configuration and troubleshooting F5 LTM, GTM series like 6600, 6800 for different applications and monitoring the availability.
• Deployment of data center LAN using Nexus 7k, 5k, 2k switches.
• I was involved in migration projects, which involves replacing legacy devices to new Nexus devices and introduced VPCs in the new architecture.
• Worked on Nexus platform 7k series, 5K series (5548, 5020 and 5010), 2248 and successfully implemented VSS on the Cisco catalyst switches.
• Used FireEye to detect attacks through common attack vectors such as emails and webs.
• Gained experience on working with migration to Check Point and Palo Alto next-generation firewalls.
• Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.
• Implemented and administered Websense Web Security Gateway for web content filtering and DLP.
• Firewall deployment, rules migrations, firewall administration and converting existing rule-based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.
• Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification, and administration.

Confidential, Salem, NH

Network Engineer

Responsibilities:

• Installation and management of overall administration of LAN, WAN, systems involving design of network layouts, configuration and maintenance, Commissioning Routers & Switches, firewalls, IPS and ensuring maximum uptime during site deployment to VoIP.
• Packet capturing/ Packet sniffers, troubleshooting on network problems with Wireshark, identifying and fixing problems.
• Adding and removing checkpoint firewall policies based on the requirements of various project requirements.
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.
• Experience working with Cisco ASA 5585-X firewalls with Firewall rules, IPSEC VPN, NAT, Active-Standby Failover, OSPF and Any Connect VPN technologies.
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation
• Performing network monitoring, providing analysis using various tools like Wireshark and Solar winds.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Responsible for Cisco ASA firewall administration across our global networks.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
• Supporting EIGRP and BGP based PwC network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
• Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP.
• Hands on experience with clustering of Palo Alto Firewalls.
• Migration of ciscoo ASA Firewalls to Palo Alto Firewalls.
• Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-VLAN routing, LAN security.
• Identify, design and implement flexible, responsive, and secure technology services.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing.
• Validate existing infrastructure and recommend new network designs.
• Experienced Tech Support as it relates to LAN & WAN systems.

Confidential, Dallas, TX

Network Engineer

Responsibilities:

• Provided support to Cisco network consisting of a high speed, high availability core over five campuses with more than 2000 cisco devices by performing onsite installations, technical administration, upgrades and troubleshooting
• Provided support for complex layer 2, layer 3 issues and other services (STP, VLAN, IPsec, VPN, NAT, MPLS, BGP, EIGRP, OSPF)
• Worked with US based support team to troubleshoot and maintain servers and network OPs
• Participated in L2/L3 Switching Technology Administration, creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security and server management
• Worked on RADIUS, TACACS+ authentication serves and DNS, DHCP servers
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms
• Monitored network for optimum traffic distribution and load balancing using Solar winds
• Completed service requests on IP readdressing, bandwidth upgrades, IOS/platform upgrades
• Worked on cisco routers series 7200, 6500, 4500, 1700, 2600 and 3500 series to perform bridging, switching, routing, Ethernet, NAT, and DHCP, customer LAN /WAN support
• Experience with SQL for extracting the data from SQL database, related to network issues
• Worked extensively on Cisco ASA 5500 (5510/5540) Series
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation
• Experience working with Active Directory (as a centralized system) to automate network security management and user data.
• Worked with Aruba Access point as a Public Wi-Fi and successfully implemented Wireless Access Point (WAP).
• Experienced in working with Session Initiation Protocol (SIP) Trunking for voice over IP (VoIP) to facilitate the connection of a Private Branch Exchange (PBX) to the Internet.