SUMMARY:

• Over 6+ years of professional experience years of expertise in Implementing and troubleshooting various Network Technologies.
• Experience in Checkpoint firewalls, Palo Alto Firewalls, Juniper Firewalls, Cisco WSA/CWS, Cisco ASA, SSL VPN, Cisco Nexus, Cisco ACS, Cisco ISE, IPS, and Microsoft TMG.
• System Administration and with technical expertise in specializing in Cisco Environment in Data Center, LAN / WAN Security, managing the complete system admin and technical support functions.
• Demonstrated abilities in large enterprise wide network design, implementation as well as administration support and network integration.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Palo Alto Firewalls, Checkpoint Firewall R75 up to R77 version, VPN.
• Advanced Cisco Router, Switch, Firewall, VPN Concentrator, Clean Access, Wireless AP experience.
• Advanced configuration of Cisco 2500/2600/4000/7000/12008/2900/3750/6509.
• Advanced troubleshooting of data circuits such ATM, SMDS, T1, Frame Relay, ISDN circuits.
• Checkpoint IP Appliances and SPLAT & Cisco ASA Firewalls
• Advanced knowledge, design, installation, configuration, maintenance and administration of CheckPoint Firewall R75 up to R77 version, SecurePlatform Installation including, VPN.
• Advanced knowledge in design, installation and configuration of Firewall ISG 1000/2000, SSG series and NSM Administration.
• Configure and implement Network Infrastructure monitoring, alerting, backups, and system management solutions built on Linux Firewall and ACL security implementations.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Experience in Implementing & managing Symantec Data Loss Prevention.
• Network security including NAT/PAT, ACL, VPN Concentrator, IDS/IPS, and ASA/PIX Firewalls.
• Monitor the server/network infrastructure which includes VMWare, SCOM, OpenNMS, FireEye and the Checkpoint firewall logs to provide maximum efficiency.
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Analyze, monitor, troubleshoot, and investigate security - related anomalies with various tools such as AlienVault SIEM, Imperva Securesphere Web Application Firewall, Barracuda WAF, SCCM, etc.
• Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration.
• Configuration of VTP, VLANs, UDLD, BGP, OSPF, EIGRP, IGRP, RIP, MPLS, DLSw, GRE Routing, Troubleshooting, Monitoring and Maintenance.
• Experience in managing a team and the resources during Server Infrastructure migrations and platform upgrades.

TECHNICAL SKILLS:

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS

Hardware: Dell, HP, CISCO, IBM, SUN, CheckPoint, SonicWall, Barracuda Appliances, SOPHOS email appliances

Operating Systems: Windows, NT, MS-DOS, Linux, Microsoft Windows 2008 R 2/ 2008/2003/2000 /2012 NOS family, Microsoft Active directory 2008/2003/2000, VM Ware ESX/ESXi server, Cisco ISO

Application Servers: DNS, DHCP, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange 2003/2007/2010, Microsoft SharePoint 2007/2010

Firewalls: Check Point, ISA 2004/2006/ ASA 5585/5520, FWSM, Palo Alto /Checkpoint 4200/Nokia IP-560, Cisco PIX 535/525

Routing/Routers: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing, Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Infrastructure Hardware: IBM, HP, Compaq, Dell desktops\laptops\servers, Cabling, Network printers, IP KVM Switches, Cisco Routers & Switches, 802.11x Wireless gateways, Access Points, Network UPS, Storage Area Network, NAS, iSCSI SAN

Switching: VLAN, VTP, STP, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

VPN: ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500

Security Tools: Wireshark, MBSA, MS Visio, Apache, VMWare ESXi 3.5, VMware Server, Encase

PROFESSIONAL EXPERIENCE:

Confidential, OH

Network Security Engineer

• Designed and implement security strategies with Cisco and Palo Alto firewalls.
• Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks.
• Firewall migration support for Palo Alto Networks.
• Worked as a Lead consultant for a Consultation project to help clean up legacy FW policies and create a migration path from current ASA and SRX FWs to next gen Palo Alto firewall.
• Staged, planned and deployed Palo Alto NGF 5020s within Confidential 's Data Centers.
• Networks using routing protocols such as RIP, OSPF, BGP, EIGRP and manipulated routing updates using route-map, distribute list and administrative distance.
• Configured SNMP with private community strings to monitor Linux servers through the SNMP management server.
• Worked with Palo Alto PA5020 firewalls using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Implementing firewall rules and configuring Palo Alto Network Firewall.
• Configured IPsec tunnels with Palo Alto to enable secure transport and site-site VPN to Juniper SRX.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto.
• Implement SSL VPN solutions including Palo Alto Networks Global Protect with single and multiple gateway solutions including integration of PKI certificates. Integrate multiple vendor IPSEC site to site VPNs, including Palo Alto Networks, Cisco ASA, and Juniper SRX firewalls.
• Strong hands on experience on Palo Alto Firewalls, PIX Firewalls, ASA Firewalls and implemented Security Policies using Panorama, ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall. NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77 UTM.
• Configured OSPF redistribution and authentication with type 3 LSA filtering to prevent LSA flooding.
• Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tuning AS-path.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of Firewall logs using various tools
• Hands on experience of ACL's, BGP, EIGRP Protocols. Implementing security policies using ACL, AAA (TACACS+ & RADIUS).
• Proactively monitor, troubleshoot, diagnose, and resolve network issues utilizing Solarwinds Orion and OpenNMS.
• Successfully installed Palo Alto PA-3060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to head quarter, remote site offices and VPN client users.
• Load Balancing using F5 Networks Big IP.
• Configure the Automatic policy builder using the deployment wizard tool in ASM.
• Have knowledge on Enforcement mode, Staging, Enforcement Readiness period, Trusted and Untrusted traffic, Loosening and tightening restrictions in ASM.
• Performance Comparison & security enhancement achieved by Extended ACL, allowing/blocking access to a particular host, network or a port.
• Migrated legacy F5 LTM and GTM appliance to newer version appliances.
• Extensive work with IPv4 and IPv6 protocols (configuration, BGP sessions announcements, assignment to clients and more).
• Maintain, manage, optimize and troubleshoot all routing and routing protocols (IPv4 and IPv6) along with troubleshooting of any connectivity, latency or unavailability issues using Remote Desktop, Xceedium, Spectrum.
• Design for Guest Network and Mobile Access Network for NAC Solution, comprising of a Wireless LAN Controller solution in DMZs/Internet Gateways with ForeScout CounterAct NAC Appliances for NAC.
• Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of ForeScout CounterAct NAC Appliances in all WAN Consolidation Points, and Data Centers.

Confidential, NJ

Network Security Engineer

• Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.
• Primary responsibility for the Core Security of the Network. Managing the entire Network Security Products deployed in the network such as Checkpoint (GAIA R 75.40/77.20 ).
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of Firewall logs using various tools
• Hands on experience of ACL's, BGP, EIGRP Protocols. Implementing security policies using ACL, AAA (TACACS+ & RADIUS).
• Proactively monitor, troubleshoot, diagnose, and resolve network issues utilizing Solarwinds Orion and OpenNMS.
• Successfully installed Palo Alto PA-3060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Implement Global Protect SSL/IPSec VPN certificate based solution on Palo Alto PA-5000 series firewalls.
• Working as Network engineer supporting CISCO routers, switches & Bluecoat proxy servers.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to head quarter, remote site offices and VPN client users.
• Established IPSEC-VPN tunnels with ASA 5500 series Firewall between some branch offices & headquarters.
• Load Balancing using F5 Networks Big IP.
• Configure the Automatic policy builder using the deployment wizard tool in ASM.
• Have knowledge on Enforcement mode, Staging, Enforcement Readiness period, Trusted and Untrusted traffic, Loosening and tightening restrictions in ASM.
• Performance Comparison & security enhancement achieved by Extended ACL, allowing/blocking access to a particular host, network or a port.
• Migrated legacy F5 LTM and GTM appliance to newer version appliances.
• Dealt with Datacenter migration to Amazon Web Services (AWS) infrastructure and provided support to Applications and Database teams.
• Experience in designing and configuring secure VPC through private and public networks in AWSand created various subnets for servers.
• Created complex rules utilizing TCL scripting to perform load balancing decisions.
• Configured F5 GTM solutions, which includes Wide IP, Pool Load Balancing Methods, probers and monitors.
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
• Built and support VRRP / Cluster based HA of Checkpoint Firewall.
• Extensive work with IPv4 and IPv6 protocols (configuration, BGP sessions announcements, assignment to clients and more).
• Maintain, manage, optimize and troubleshoot all routing and routing protocols (IPv4 and IPv6) along with troubleshooting of any connectivity, latency or unavailability issues using Remote Desktop, Xceedium, Spectrum.
• Assessed and researched different Cloud WAF technologies for implementation such as F5, Barracuda and CheckPoint Firewall.
• Migrated customers from various firewall solutions to FortiNet cloud and customer premises firewalls.
• Configured FortiGate, FortiManager, FortiAnalyzer, Juniper, and Cisco enterprise products.
• Configured devices including but not limited to Juniper MX320/960, FortiGate 40/60/80/100 series on premise and FortiGate 5101C cloud firewalls, FortiManager 3000/4000, and FortiAnalyzer 4000 series.
• Worked on the firewall rule optimization tool called Firemon to generate reports for usage reports.
• Hands on working knowledge of Cisco, ForeScout and Aruba Access points.
• Responsible for managing AWS EC2 Instance as well as CloudWatch using ForeScout CounterAct.
• Responsible for troubleshooting ForeScout Secure Connector issues on Windows and MAC machines using the console and Casper.

Confidential, Glenview, IL

Firewall Administrator

• Troubleshooting complex CheckPoint issues, Site-to-Site VPN related.
• Performed upgrades for all IP series firewalls from R75-R77.
• Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments.
• Support for all firewalls and related environments.
• Administered firewalls consisting of 75, 100, and 200, firewalls.
• Checkpoint firewall upgrade from R75 to R77 on Nokia 390 appliances for headquarters and remote sites.
• Risk assessments where done using Nessus, and Internet scanner, on a monthly basis to help ensure that risks to the network are mitigated in a timely manner.
• Managed Smart Center Checkpoint management server (SmartView Tracker)
• Managed Checkpoint Firewalls from the command line (cpconfig and Sysconfig).
• Performed Imperva SecureSphere DAM and WAF HealthChecks.
• Implemented addressing and naming schemes at various layers of data networks in IPv4 and IPv6environments used in secure configurations of routers and switches.
• Installing and setting up Firewall Analyzer product to facilitate consulting on an IDS deployment project, using my Cisco Nexus 5k experience to place IDS devices globally. Administration and management of all firewall environments.
• Part of migrating the entire store Cisco ACL's to Fortinet UTM devices.
• Build OpenNMS monitoring system, syslog and backup systems (TFTP) for networking systems.
• Management of each firewall is done remotely and onsite at client sites.
• Troubleshoot and configured FortiGate CPE 40/60/80/100 series firewalls, FortiGate cloud series 5101C firewalls, FortiAnalyzer series 4000 (logging and reporting server), FortiManager series 3000/4000 (centralized control), and Cisco FWSM.
• Configured FortiNet Unified Threat Management (UTM) features including antivirus, intrusion prevention system (IPS), web filtering, and application control.
• Performed multiple firewall changes on the PIX, ASA, and Palo Alto firewall based on the requirements and monitored firewall changes using firemon Tool.
• Managed PCI project around the Firemon Policy Planner tool. Reviewed all firewall rules and established a process to capture the business justification of all new\updates firewall rules that were requested.
• Configuration of Cisco Identify Services engine (ISE) and 802.1X to enable the creation and enforcement of security and access policy (ACL) of End users to company network.
• Migrated the server using the AWS services to cloud environment.
• Constructed AWS Security Groups which behaved as virtual firewalls controlling the traffic allowed to reach one or greater AWS EC2 instances.
• Utilized Amazon Route53 to manage DNS zones and also assign public DNS names to elastic load balancers IP's.
• Design and Deployment of F5 Big-IP LTM and APM for Load Balancing, Application Delivery and High Availability.
• Developing systems and process to protect, various user groups while accessing public Internet content from malicious hack attacks.

Confidential, Houston, TX

FIREWALL ADMINISTRATOR

• Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
• Firewall Policy administration and work with user requests submitted by users. Use HP Service Manager Ticketing System for change and incident management.
• Work actively on Fortinet UTM firewall administration using FortiManager
• Cisco ASA Firewall configuration and troubleshooting.
• Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Perform advanced troubleshooting using Packet tracer and TCPdump on firewalls.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Planning, designing and implementing high availability solutions with Netscreen & Juniper SRX Firewalls (500 & 650 series).
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Backup and restore of checkpoint Firewall policies.
• Design, implement and administer IPv4/IPv6 enterprise network infrastructure utilizing Juniper routers.
• Black listing and White listing of web URL on Blue Coat Proxy servers.
• Review Firewall rule conflicts, unused rules and misconfigurations and clean up.
• Checkpoint firewall policy administration and support between various zones.
• Upgraded and converted 6 HA CheckPoint SPLAT pairs to PaloAlto.
• Architected and designed were on the network to place (multiple) IDS, FireEye and DLP devices.
• Implemented the SPAN ports to facilitate the various network device traffic captures.
• VPN User access management on Check point firewalls.
• Part of migrating the entire store Cisco ACL's to Fortinet UTM devices.
• Build and support Site to Site IPsec based VPN Tunnels
• Experienced in working on Cisco UCS data-center infrastructure management software.
• Familiar with Cisco Application Centric Infrastructure (ACI) solution.
• Implemented Cisco ACI infrastructure for supporting rapid application change by reducing complexity with a common policy framework that can automate provisioning and resource management.
• Used Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater scalability and visibility in a data center environment.
• Used Cisco ACI Fabric which is based on Cisco Nexus 9000 Series Switches and the Cisco Application Virtual Switch (AVS).
• Implemented and supported 802.1x and NAC implementation using Cisco Identity Services Engine (ISE).
• Used Cisco ISE for wireless authorization, profiling, posturing, provisioning and for monitoring users’ access to network.
• Work on Cisco based Routing and Switching environment with Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.
• Configuration and maintenance experience with Fortinet FortiGate physical firewalls.
• Manage LAN & WAN and BlueCoat proxy servers.

Confidential, Albany, NY

Network Security Engineer/ System Support

• Day-to-day work involves changes on the Checkpoint Firewall, Authentication is done using an RSA SecurID.
• Firewall Policy administration and work with user requests submitted by users. Use REMEDY Service Manager Ticketing System for change and incident management.
• Administer and support Juniper Firewalls Using NSM as well as CLI.
• Schedule day to day firewall related changes and seek CAB approval if required for production impacting changes.
• Worked on configuring and troubleshooting juniper SRX firewalls.
• Firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
• Extranet changes to Cisco 6513, 6509 and 7204 series devices including FWSM firewall changes, routing switching changes and Juniper NetScreen based SSL VPN and ISG.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Installation, troubleshooting and maintenance of Cisco Unified Computing System (UCS).
• Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
• Actively responsible for ASA 8.x and Cisco FWSM 2.x/3.x upgrades and network refresh projects and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ/ASZ Implementation and Troubleshooting.
• Site to Site IPsec based VPN Tunnels for all B2B and 3rd party communications
• Support Data Center Migration Project involving physical re-locations.
• Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework. Maintain Configuration, Documentation (VISIO's) and Records Management.
• Convert/Migrate Juniper SSG to Fortigate 1500D firewalls.
• Deploy Fortigate VPN, content filter and data leak protection.
• Work on Routing and Switching on the third party segment using Cisco based Routers and switches.
• Configuring & administering Domain Naming Server (DNS), Dynamic Host Configuration Protocol (DHCP), Distributed File System (DFS), Internet and Remote Access Service (RAS)
• Configuration, operation and troubleshooting of BGP, OSPF, EIGRP, RIP,VPN routing protocol in Cisco Routers & L3 Switches
• Installation of Operating Systems Win98, Win XP, Win NT, Win 2000, Win 2003 etc
• Administer Active Directory Trust relationships between internal and client networks.
• Involved in the installation, monitoring and support of WINTEL based servers, firewalls, Cisco networks, perimeter security & Internet technologies and remote office WAN/ LAN connectivity.

Confidential

Network Engineer/ Administrator

• Responsible for managing network & security at the Data center.
• Implementation and configuration of Firewalls Especially Checkpoint and Cisco ASA.
• Work on Policy administration of Cisco and Checkpoint Firewalls
• Making sure the NAT is applied appropriately on the firewall for all the third party and DMZ traffic.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• VLAN’s design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Responsible for ASA 8.x Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• EIGRP and RIP version 1 & 2 Routing Protocols. Redistributing from OSPF to EIGRP and vice versa.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Transition. DNS, DHCP services configuration and support.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
• Configured Client VPN technologies including Cisco's VPN client via IPSEC.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Installing and configuring System Center Configuration Manager 2007.Worked on Site Recovery Manager 5.0 for Disaster recovery.

Confidential

Network Support Executive

• Systems Administrator builds and support.
• Managed network engineers for in house development and support of production IT environment.
• Provided all data and network security. Designed and built all remote office connectivity.
• Worked closely with database developers to build and assist with database servers.
• Designed and built front end solutions for most major database manufacturers
• Responsible for supporting all hardware and software engineers.
• Performing all Microsoft and Linux server builds for cooperate network and labs.
• Build and maintain all WAN connectivity for remote offices with a global Checkpoint firewall infrastructure.
• Support all sales staff worldwide for remote connectivity.
• Maintain all Cisco switches and routers for maximum uptime.