PROFESSIONAL SUMMARY:

• IT professional with up to 7 years of experience in Networking Security and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls
• Experience in risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN - 1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40, Cisco ASA, PALO ALTO networks
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Cisco PIX, NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto IDS, Foundry / F5 Load Balancers, and Blue Coat Packet Shaper systems.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Gaia R65, R70 & R77, R77.1, VSX R77.1Palo Alto and Cisco ASA.
• Worked on Web application firewall APPWALL (WAF) for upgrading and creating policies as well as troubleshooting.
• Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocol
• Regularly performed firewall audits around CheckPoint Firewall-1 solutions. Provided tier 3 support for CheckPoint Firewall-1 software to support customer
• Hands on experience Cisco CUCM, Telepresence, UCS, TCS, TCSM and Nexus 2K/5K/7K, HP BL servers, C7000 Enclosures, HP Service Manager, PDUs, SIM, iLO, ICE.
• Implement public cloud and deploy to AZURE, AWS, EC2: SSO, AD, ADFS, ADLDS (FDS), CA/CLM, FIM, P-Synch, Secure Email, SecurID, SSL Encryption and CSR decoder. Manager (FIM), Microsoft Desktop Optimization Pack (MDOP)
• Management Server (SMS) /System Center Configuration Manager (SCCM), Forefront Identity Manager (FIM), Point of Sale (POS), MS SQL Server, Microsoft Cluster Server, Microsoft Desktop Optimization Pack (MDOP)
• Worked on FireEye HX/NX/CM/Symantec: Intrusion Detection System
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance
• Capabilities include an extremely broad knowledge base and familiarity with the latest cutting-edge technologies including firewalls, VPN, IDS, and IPS
• In-depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP
• Experience with deploying the Layer 3 MPLS VPN in all the Branches and Campus locations.
• Work closely with other teams to identify potential McAfee HIPS and AV blocks
• Experienced in Configuration, Management, Deployment and Troubleshooting of Checkpoint VSX. Experience with CISCO IOS and NS-OS.
• Experienced in handling and installing FortiGate and Tipping Point firewall.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN
• Knowledge of DNS, Active Directory and Certificate Services (PKI). Experience in Firewall migration tool 3.0 and Qualys tool.
• Experienced in DHCP DNS, AD, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management and system troubleshooting skills
• Works with client engineering groups to create, document, implement, validate, and manage policies, procedures, and standards that ensure confidentiality, availability, integrity, and privacy of information.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating. Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM

TECHNICAL SKILLS:

Nexus: Nexus 7010 / 5548 UP / 5020 / 2232 PP / 2248 TP / 1000 V

UCS: Fabric Interconnect 6248/6120, IOM 2208/2204/2104, B200 M2, HP VC FLEX-10

Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4900 / 3750- X / 2960/3850/6880/9508

Routers: Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

ANS: F5 BIG-IP LTM 6900/6400, Array APV 5200/2600/TMX 5000, Cisco CSM, CSS

VPN: ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500

NMS: NAM, Sniffer, Solarwinds NPM, Cisco Secure ACS 5.2, CiscoWorks, Cacti, Syslog-ng

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007, MS-DOS, Linux

Firewalls: Check Point GAIA R55/R65, R71/R75/R77, Palo Alto, Cisco ASA ASA 5585/5520, Panorama, WildFire, Check Point Blades, Cisco PIX 535/525

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS ,

Hardware: Dell, HP, CISCO, IBM, SUN, Checkpoint, SonicWall, Barracuda Appliances, SOPHOS email appliances

PROFESSIONAL EXPERIENCE:

Confidential, Dallas TX

Network Security Engineer

Responsibilities:

• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering.
• Provide security consultation as needed for product development and industry marketing solution.
• Investigate security incidents and recommend actions needed to resolve situations.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Successfully installed Palo Alto PA-3060 and - PA-5020 firewalls to protects Data Center and provided L3 support for routers/switches/firewalls.
• Managed firewall policy lifecycle process from review, approval, implementation, publishing, verification and testing.
• Palo Alto user-identification implementation with KIWI servers user Palo Alto user-id agents.
• Palo Alto integration with VMware Virtual Desktop infrastructure.
• Palo Alto upgradation and degradation.
• Implementing Site to Site VPN from Palo Alto to Cisco ASA.
• F5 configuration, installation and monitoring with F5 APM.
• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE), VPN.
• Implementing checkpoint policies with multiple gateways in clusters.
• Configured VLAN Trunking with Palo Alto interface.
• Responsible for maintaining availability, reporting and communication of the Confidential between it, its event-sources and the endpoints.
• Utilized Security Information and Event Management ( Confidential ), Intrusion Detection & Prevention (IDS / IPS)
• Using Symantec End Point Protection for threat analysis.
• Creating object, groups, updating access-lists on Palo Alto, apply static, hide NAT using smart dashboard.
• Troubleshooting connectivity issues on the firewall. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Worked on Cisco ASA 5580 and 5585 VPN Firewall for site to site Vpn from Cisco Asa to Palo Alto
• Worked on implementing polices for Cisco ASA from Interface point and object group as well as NAT.
• Experience in working with designing, installing and troubleshooting of Palo Alto firewalls.
• Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote.
• Experience in working with checkpoint, Palo Alto Next-generation firewall, Cisco ASA and Panorama M-100.
• Worked on Confidential tool LogRhythm for reporting and data aggregation
• Experience on working with IPsec VPN, IDS/IPS, DLP, Application and URL filtering on checkpoint firewall module
• Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
• Worked on integration with SNMP, RADIUS and LogRhythm Confidential syslog server with Palo Alto and checkpoint firewall
• Experience in working on the Quarterly maintenance windows for failover, reboot of Checkpoint next-generation firewalls and Palo Alto firewalls, as well as other security devices
• Experience on working on Checkpoint firewall IDS/IPS module for setting up the upgradation of new signature patterns and monthly reporting for auditing purpose.
• Worked on troubleshoot and packet capture analysis on Palo alto firewall and checkpoint firewall
• Worked on Cisco ASA IPsec VPN tunnel and building security policies and packet analysis
• Worked on checkpoint firewall SMARTEvent Intro module for generating monthly IPS reports
• Experience on working with Confidential tool LogRhythm on adding the newly build windows and Linux log servers and creating policies for different alerts
• Worked on 24x7 on call shift with the proprietary STIMv2 ticketing management tool
• Deployment of Palo Alto 5000 series firewall and checkpoint 12000 series firewall
• Worked on Python scripting for generation the firewall security policy through web visualization tool in checkpoint firewall
• Perform troubleshooting by packet capture analysis using TCPDump, FW Monitor, Wireshark and analyzing the PCAP

Confidential, Chicago, IL

Sr. Network Security/ Firewall Engineer

Responsibilities:

• Working with operations as part of IT Security team
• Working on various Security and Network devices like Radware Load balancer (Alteon) and Web Application Firewall. Working on Source Fire IDS device.
• Installing the latest IOS images to the catalyst switches 3850/6880 and nexus 9k.
• Handling Site to Site VPN and Cisco Any connect VPN on ASA for implementation and troubleshooting
• Experience in tuning of custom rules, reports, alerts, and alarms for McAfee Confidential .
• Working on Confidential Qradar for log management and day to day monitoring of network activity as well as health checks.
• Expertise on PKI infrastructure and Certificate management with creation and management of new certificates.
• Working on NAM (Novell access Manager) for upgrade, disaster recovery and creating policies.
• Provide onsite Symantec DLP technical service and support to a Large Enterprise customer base.
• Experience on working with migration with both checkpoint and palo alto next generation firewall as well as virtualization of both VSX and VSYS. Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
• Configured Cisco ASA and Checkpoint firewall layers to secure the infrastructure for the Data Center.
• Drafted, installed, and provisioned ASA and Checkpoint firewall rules and policies
• Providing Technical help to customers on various issues of Symantec Endpoint Protection. Implementation of Symantec Endpoint Protection
• Installation, Configuration, upgradation, troubleshooting & maintaining Antivirus Products from Symantec
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
• Responsible for supporting customers with Symantec products including Ghost Solution Suite, Deployment Solution, and Symantec Endpoint Protection .
• Deploying Cisco WSA and Bluecoat ProxySG (Web Security Appliance) S170 for URL Filtering Policies.
• Experience working on network monitoring tools like, SOLAR WINDS, CISCO works, Wireshark and Splunk.
• Worked on Confidential , as well as solar winds, Symantec end to end point security for malware detection and threat analysis.
• Cleaned Symantec Anti-virus environment and brought previously unprotected machines into compliance with security policy
• Upgrade on web application firewall from version 5.8.10.0 to 7.3.3.1.
• Working on SSL for login purpose as well as Active directory troubleshooting.
• Working on Business Application like SVN, Team forge and Lawson.
• Worked on bluecoat proxy to provide both client and server with web service encryption and decryption and digital signature authentication.
• Day to day customer interaction client related projects on different firewalls and VPN
• Perform troubleshooting ng by packet capture analysis using TCPDump, Wireshark and analyzing the PCAP
• Experience on working with Service Now ticket management tool by providing support Service to client by implementing and working on change request, Incident request and troubleshooting.
• Install, configure and administer two-factor authentication solutions i.e. RSA SecurID, TACACS, & RADIUS.
• Worked on RSA Secur ID System and tokens and SSL/VPN in Cisco ASA.
• Experience on Check Point GAIA Firewalls R65, R70, R71, R75, R77.
• Upgrade of Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20.
• Upgrade of Checkpoint management servers from Gaia R77.20 to R77.30 GA using CPUSE via HOTFIX
• Worked on CCSME R77.1 for configuring rules and analysis of firewall using firewall migration tool 3.0 which secured polices.
• Worked on checkpoint provider R71, R75, R77.1, R77.30 GAIA and secured policies and blocked websites using URL filtering, application identification and threat prevention
• Works with client engineering groups to create, document, implement, validate, and manage policies, procedures, and standards that ensure confidentiality, availability, integrity, and privacy of information
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system.
• Worked on failover of Cisco ASA as well as Palo Alto HA from the scratch .
• Worked on Okta project and Cyber arc for More authentication and PCI environment.
• Worked on Web application firewall for setting up new dashboard and additionally resolving transaction id detected as suspected malicious activity from client side .
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring

Confidential, Orlando, FL

Network Security Engineer

Responsibilities:

• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server running on Secure Platform.
• Configuring, Administering and troubleshooting the Checkpoint and ASA firewall.
• Experienced on working with cisco switches 3850, CISCO 6880, Nexus 9k, 4500 access switches for deploying as well as configuring it, and installation of malware detection Fire Eye.
• Worked on VRF, VPRF, VRF-LITE tool and MPLS based BGP router as well as MPLS testing.
• Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management
• Experience on working with migration with both checkpoint and Palo Alto next generation firewall as well as virtualization of both VSX and VSYS. Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
• Lead initiatives and activities to install, configure, troubleshoot and monitor Platform Security controls for tools like Mcafee and Symantec end point protection.
• Coordinate requirements and activities with Platform Security vendors for Mcafee
• Liaison with shared services Platform Security projects, issues, tickets for Symantec end point protection
• Assist with conducting vulnerability assessments
• Worked on Confidential tools like solar winds, Symantec end to end point security for malware detection and threat analysis
• Maintained, configured, and installed Cisco and Juniper routers and switches: 7500/catalyst 6500/RV320/2960/catalyst 3550/3850, Nexus 7k and 5k, and ASA 5540
• Extranet changes to Cisco nexus 6513, 6509 and 7204 series devices including FWSM firewall changes, routing switching changes and Juniper NetScreen based SSL VPN and ISG.
• Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smart view monitor etc.
• Worked on security tools and software such as CISCO WSA, Qualys, Splunk, Solar winds, Source fire.
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
• Responsible for supporting customers with Symantec products including Ghost Solution Suite, Deployment Solution, and Symantec Endpoint Protection.
• Worked with Remote Assistance through Windows Remote desktop and NetMeeting Remote Assistance using Wi-Fi Security, Windows XP, MS Office 2007, Windows 2003 Active Directory, Windows SharePoint Services, Exchange 2003, Congo’s BI-8 and LAN/WAN
• Blue Coat Web Proxies - ProxySG, Proxy AV, Content Analysis System, PacketShaper, Threat Detection ProxyCAS, Director, Reporter
• Able to write Windows/UNIX/Python scripts to automate administration
• Cyber Security assessment using traffic analysis tools (i.e. WireShark, TCPDump, etc.).
• Exposure to wild fire feature of Palo Alto. Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Maintained, configured, and installed Cisco and Juniper routers and switches: 7500/catalyst 6500/RV320/2960/catalyst, 6880/9508 3550/12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540.
• Symantec DLP configuration and maintenance
• Experience in handling and installing FortiGate and Tipping Point next generation firewall
• Migration of traditional MPLS vpn to network based MPLS vpn.
• Worked on Blade server environment on Cisco UCS B200 to deploy servers in the data center and improving server policy consistency.

Confidential, MN

Network Security Engineer

Responsibilities:

• Configuring, Administering and troubleshooting the Checkpoint and ASA firewall
• Security infrastructure engineering experience as well as a Microsoft Windows, UNIX, Checkpoint Firewalls, Juniper firewalls, PIX firewalls, Bluecoat Proxies, Juniper Intrusion Prevention devices, and wireless switch Security Management.
• Configuring ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection. Configuring various VPNs like IPsec Site to Site, SSL VPN.
• Configuring, Administering and troubleshooting the Checkpoint, Palo Alto, Imperva and ASA firewall
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools
• Configuring Multiple Contexts Configuring Active/Active failover, redundant interface on ASA.
• Implement IPsec Site-to-Site VPN & SSL VPN using CISCO ASA 5500 Series
• Participated in Pfizer Legacy Data Center Network Infrastructure Transition and Disaster Recovery Center transition for various locations
• Designs, writes, and maintains common procedures, SLI's and EXEC's for installed operating systems.
• Daily responsibilities included design, implementation, support and administration of multiple security products running Checkpoint Provider-1.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Regularly performed firewall audits around Checkpoint Firewall-1 solutions. Provided tier 3 support for Checkpoint Firewall-1 software to support customers
• Experience with Juniper environment including SRX/Junos Space.
• Configuring Security Policies using Extended Access-lists, Object-Grouping for Network objects, services and configuration of Manual and Auto NAT in Cisco ASA
• Experience in Configuration, Management, Deployment, Optimization and Troubleshooting Checkpoint VSX
• Configuring VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches
• Worked on bluecoat proxy to analyze and scan malwares to protect the infrastructure.
• Implementation configuration and troubleshooting of Checkpoint Firewall R 71, R75, R77.30
• Configuring rules and Maintaining Cisco ASA & Analysis of firewall logs using various tools
• Adding security rules and pushing the security policy on Checkpoint
• Migrations included and not limited to Cisco to Cisco and Cisco to Checkpoint and Checkpoint to Checkpoint.
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system
• Managed network security processes using ASA firewalls. Maintained a BGP/MPLS infrastructure
• Install Packet Shaper as QOS system to monitor and manage network traffic
• Designed and Installed Cisco PIX Firewall and Cisco Router on a DMZ
• Administer, Maintain, and deploy Juniper IPS & VPN systems, and McAfee network based Data Loss Prevention (DLP) devices.
• Regularly performed firewall audits around Checkpoint Firewall-1 solutions. Provided tier 3 support for Checkpoint Firewall-1 software to support customers
• Experience in installing TippingPoint firewall S3010F and S3020F
• Experience with GTM F5 component to provide high availability with providing services across data centers.
• Experience with Using LTM F5 component to provide 24“7 access to applications

Confidential, DALLAS, TX

Network Security/ Firewall Engineer

Responsibilities:

• Configured Cisco ASA and Checkpoint firewall layers to secure the infrastructure for the Data Center.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Replace Campus Cisco 6509 End of Life hardware with new 4507/4510 devices.
• Experience in working with Nexus 7010, 5548, 5020, 2148, 2248 devices
• Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Involved in Data Center migrations. Handled proper management, maintenance, configuration, and altered management of firewall structure.
• Experience using Qualys Tool for networking discovery and mapping, asset prioritization, vulnerability assessment and tracking.
• Works with client engineering groups to create, document, implement, validate, and manage policies, procedures, and standards that ensure confidentiality, availability, integrity, and privacy of information
• Worked on MacAfee Data loss prevention endpoint (DLP)
• Configured and Deployed Checkpoint VSX on Smart dashboard R71, R75, R77.20, R77.30 GAIA
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design

Confidential

Network Executive

Responsibilities:

• Configuring Port Mirroring, VLAN, STP, RSTP, SNMP, and Routing Policies on switches
• Maintaining all the network devices routers, firewall, switches
• Configuring NAT and Route-map on Cisco routers
• Implemented and managed Norton’s corporate anti-virus solution.
• Implemented the company dial up networking solution utilizing a Cisco 3600 with 24 digital modems and a PRI.
• Migrated the company from bay networks 100mbit hubs to HP managed switches.
• Incorporated VLANS to segment traffic on managed switches.
• Manage Checkpoint 2000 v.4.1 firewall to include:
• Usage of firewall log for investigative and troubleshooting purposes.
• Used of TCP Dump to troubleshoot access issues.
• Upgraded IPSO on Nokia IP440 security platform.
• Installed service pack upgrades.
• Implemented SecuRemote VPN for high speed remote access.
• Configured VRRP, Static route, BGP, Routing policies, ACL
• Prepared reports of the daily activities within the datacenter
• Coordinating with Service providers & Clients on various implementations
• Managing various activities in setting up Data Centers & Disaster recovery center.
• Configured IP routing protocols BGP, OSPF, EIGRP, RIP v1/v2
• Performed IOS upgrades on catalyst switches 2900, 3500 and Cisco ISR routers3600, 4300, 4600
• Configured and resolved various OSPF issues in an OSPF multi area environment.
• Designed and configured existing WAN infrastructure for Data and VoIP with MPLS Cloud network.
• Performance management with various tools to ensure Availability, quality of service, Network stability
• Worked on configuration, fault, performance management by using network tools
• Followed escalation matrix, ticket queue and support to on call tech
• Provisioned new users, network devices and servers
• Performed health check on servers
• Assisted in design and implementation of load balancing solutions.
• Knowledge on Cisco firewalls, NAT, IP traffic call flow, sniffing, monitoring of live traffic streams using Wireshark.