PROFESSIONAL SUMMARY:

• Extensive Computer Networking Knowledge with 8 years of Experience. Solid understanding of Design, Implementation, Administration, Operational and troubleshooting of enterprise data networks.
• Strong hands - on experience on PaloAlto (5060,3060), Checkpoint Firewall R77, and Cisco ASA 5520 firewalls.
• Configuring Policies and Maintaining PaloAlto Firewall & Analysis of firewall logs.
• Responsible for setting up the infrastructure environment with majority of Cisco & PaloAlto appliances apart from various other equipment.
• PaloAlto design and installation (Application and URL filtering(PAN-DB), Threat Prevention, Data Filtering).
• Implementation of IPSEC and SSL VPN's on PaloAlto Firewall.
• Implemented Positive Enforcement Model with the help of PaloAlto Networks.
• Exposure to Wildfire feature of PaloAlto.
• Implemented Zone Based Firewall and Security Policies on the PaloAlto Firewall.
• Well versed with AAA configuration using TACACS+ & RADIUS server.
• Worked with several network engineers for the understanding of cisco firewalls along with the changeover to PaloAlto (5060s) needs.
• Managed all network hardware, Management, and Monitoring by use of SSH, SYSLOG, SNMP, NTP, NAT, PAT and dealt with the DOS attacks and zone flooding attacks.
• Decent knowledge of operations within AWS (EC2, S3, IAM, VPC, Direct Connect, Route53).
• Worked on various cloud environments like AWS, OpenStack, and Rackspace.
• Worked on Cloud automation using AWS Cloud Formation templates.
• Design and Implementation of LAN, WAN, VLANs, VTP, Spanning Tree (STP), Trunking and Ether channel.
• Implementing security policies using ACL, ASA in Switches, Routers.
• Experience in implementing site-to-site and remote access VPN Technologies using GRE, IPSEC & MPLS.
• Responsible for designing and deploying various network security & high availability products like Cisco ASA.
• Strong knowledge on SIEM tools (IBM QRadar/HP Arcsight) to protect organization from threats and cybersecurity attacks. And, analyzing the enterprise logs using Security Information and Event Management technologies.
• Implemented various Switch Port Security features as per the company's policy.
• Worked on Load Balancer F5 LTM, GTM (Round Robin, Dynamic, Predictive) series like 6400, 6800, and 8800.
• Troubleshooting the issues that were raised while upgrading the F5 LTM's from 10.2.3 to 11.3.
• Strong knowledge on design and configuring multiple types of persistence (Cookie, Hash, SIP, SSL, and Universal).
• Strong knowledge on AFM (Advanced Firewall Manager), This is a licensed module for the BIGIP appliance that provides stateful firewalling along with reporting and DoS protection.
• Expert knowledge on configuring McAfee NS9100 (IPS) Intrusion Prevention system to detect advanced malware that is underlying in the information packets and entering into the environment.
• Decent knowledge with SOC (Security operation Center) operations, and NOC (Network operation Center) operations, especially resolving a ticket raised by the security personnel.
• Resolved tickets raised by the SOC teams by analyzing the traffic with the help of SIEM tools like QRADAR, SPLUNK.
• Solid knowledge on Proxy Servers (Forward Proxy, Reverse proxy) such as Bluecoat Proxy Server, IronPort Proxy.
• Decent knowledge on the upcoming concepts of IoT (Internet of Things). And usage of Infoblox to identify all the connected devices to the network.
• Expert level knowledge of Cisco network security (IDS, NIPS ASA 5500 Firewall), network redundancy (HSRP, GLBP and VRRP).
• Configured remote switches in network using SSH sessions.
• VPN implementation and troubleshooting for remote site and External clients.
• Installing, configuring, and troubleshooting DNS and DHCP servers.
• Extensive Knowledge in TCP/IP and OSI models.
• Profound knowledge of IP Addressing, Sub netting, FLSM, VLSM, CIDR, ARP.
• Experienced in Implementing and troubleshooting RIP, RIP v2, OSPF, EIGRP, BGP, EBGP routing protocols and Policy based routing.
• Strong troubleshooting skills on Cisco LAN switch environment including WAN infrastructure.
• Expertise in installing, configuring, and troubleshooting Juniper EX Switches (EX3200, EX4200, EX4500, EX8200) series. And Juniper firewall series SRX 5600,5400.
• A hands-on role, which involves management, and support of globally developed extremely complex, highly available PaloAlto and Cisco ASA firewall infrastructure.
• Configured Network Security policies to ensure that all the network is segmented in the way that no data leak happens from one zone to another.
• Experience in configuring Network Security access control on switch infrastructure and apply policies like User Authentication.
• Extensive experience in configuring Layer3 routing and layer2/3 switching of Cisco based nexus 7K,5K,2K& 800ISR series Switches & routers.

TECHNICAL SKILLS:

NETWORKING CONCEPTS: OSI, TCP/IP, UDP, IPV4, IPV6, VLSM, FLSM, CIDR.

SWITCHING PROTOCOLS: VLAN, VTP, STP, PVST, MVST, INTER VLAN, LAYER 2,3.

ROUTING PROTOCOLS: BGP (IBGP, EBGP), STATIC, DYNAMIC (RIP, EIGRP,OSPF, ISIS )

LOAD BALANCERS: F5(LTM, GTM), F5(BIG -IP)

REDUNDANCY PROTOCOLS: FHRP (HSRP, VRRP, GLBP)

WAN: MPLS, GRE, MGRE, VPN, DMVPN

FIREWALL: PALOALTO, CISCO ASA, CHECKPOINT

SECURITY: IKE, IPSEC, SHA-2, PSK, SSL-VPN

TOOLS: WIRESHARK, TCPDUMP, SIEM(QRADAR, SPLUNK, HPARCSIGHT, TESTVIEW)

LANGUAGES: IOS, PANOS, MATLAB, HTML, PYTHON

AUTHENTICATION: TACACS+, RADIUS, AAA

OPERATING SYSTEM: WINDOWS 7,8,10, LINUX. JUNOS, IOS

PROFESSIONAL EXPERIENCE:

SR. NETWORK SECURITY ENGINEER

Confidential, Houston, TX

Responsibilities:

• Configuring rules and Maintaining PaloAlto Firewalls & Analysis of firewall logs using various tools.
• Configured routes on PaloAlto firewalls 3060, 5060, 7050.
• Configuring TACACS+, LDAP, and RADIUS for Cisco ASA and PaloAlto firewalls.
• Integrating Panorama with PaloAlto firewalls, managing multiple PaloAlto firewalls using Panorama.
• PaloAlto App ID migration from the legacy based port rules for PA 5060, 7050.
• PaloAlto SSL decryption installation and configuration on PA 3060,5060, and 7050.
• Implemented Positive Enforcement Model with the help of PaloAlto Networks.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation PaloAlto appliances serving as firewalls and URL and application inspection.
• Successfully installed PaloAlto PA-3060 firewalls to protect Data Center and provided L3 support for routers/ switches/firewalls.
• Responsible for setting up the infrastructure environment with majority of Cisco & PaloAlto appliances apart from various other equipment.
• PaloAlto user-identification implementation with KIWI server user PaloAlto user-id agents.
• PaloAlto integration with VMware Virtual Desktop infrastructure.
• PaloAlto upgradation and degradation.
• Exposure to wild fire feature of PaloAlto.
• Configured VLAN trunking with PaloAlto interface.
• PaloAlto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configured and maintained IPSEC and SSL VPN's on PaloAlto Firewalls.
• Implemented Zone Based Firewalling and Security Rules on the PaloAlto Firewall.
• Configuring, Administering, and troubleshooting the Checkpoint, PaloAlto, Imperva and ASA firewall.
• Managing networks and servers in AWS. Specifically creating VPC’s, launching EC2 instances and creating private and public subnets, Auto Scaling, ELB, S3, Cloud Front, Route 53, Cloud Watch, Cloud Formation, SQS, SNS.
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Balancing traffic to tune and distribute server load on the network for scalability in Local Traffic management.
• Off-loading standard server tasks, such as HTTP data compression, SSL authentication, and SSL encryption to improve server performance. Monitoring the health and performance of servers on the network for availability in LTM. configuring the DNS server to delegate wide IP-related requests to the BIG-IP GTM for name resolution. creating A record, NS record, CNAME (canonical name) records for web application in global traffic management.
• Configured AFM (Advanced Firewall Manager) a licensed module for the BIGIP appliance that provides stateful firewalling along with reporting and DoS protection.
• Experienced working with design and deployment of MPLS Layer 3 VPN cloud, involving VRF, Route Distinguisher (RD), Route Target (RT), Label Distribution Protocol.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• F5 configuration, installation, and monitoring with F5 APM.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Responsible for company’s Cisco ASA firewall administration across our global networks.
• Provided Level-3 Network support for Cisco Switches and Cisco ASA 5500 Series Security Appliances.
• Configuring and Troubleshooting Cisco Firewall/ASA, Checkpoint FW, Bluecoat ProxySG and Cisco IronPort.
• Installed and tested Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Worked in NOC, SOC teams to solve the network issues. Resolved the issues raised by the network and security teams with the help of SIEM tools.
• Worked on SIEM tools (IBM QRadar/HP Arcsight) to protect organization from threats and cybersecurity attacks.
• Experienced on analyzing the enterprise logs with the help of security information and event management technologies.
• Configured Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210.
• Supported on Cisco Nexus 5000 and Nexus 7000 Series Switch fabric links.
• Configured Network Security policies to ensure that all the network is segmented in the way that no data leak happens from one zone to another.
• Experience in configuring Network Security access control on switch infrastructure and apply policies like User Authentication.
• Designed and implemented IT security policies and networked backup systems.
• Configured route redistribution between OSPF and EIGRP in a multi-area OSPF network.
• Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
• Maintained, configured, and installed Cisco routers and switches: 7500/catalyst 6500/RV320/2960/catalyst 3550/12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540.

Environment: Cisco routers and switches: 7500/catalyst 6500/RV320/2960/catalyst 3550/12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540. PaloAlto firewalls 3060, 5060, 7050. Cisco Nexus 5000 and Nexus 7000 Series Switch.

Sr. NETWORK & SECURITY ENGINEER

Confidential, Philadelphia, PA

Responsibilities:

• Implementing and maintenance of network design, structure, up gradation and configuration of routers and switches at the client server for 400+ users.
• PaloAlto installation, configuration, administration, monitoring and implementing the policies
• PaloAlto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing, and supporting Checkpoint Gateways.
• Maintained, configured, and installed Cisco ASA 5520 Firewall.
• PaloAlto user-identification implementation with KIWI server’s user PaloAlto user-id agents.
• PaloAlto integration with VMware Virtual Desktop infrastructure.
• PaloAlto up gradation and degradation.
• Configured VLAN trunking with PaloAlto interface.
• Configured routes on PaloAlto firewalls 3060, 5060, 7050.
• Configuring TACACS, LDAP, and RADIUS for Cisco ASA and PaloAlto firewalls.
• Integrating Panorama with PaloAlto firewalls, managing multiple PaloAlto firewalls using Panorama.
• PaloAlto App ID migration from the legacy based port rules for PA 5060, 7050.
• PaloAlto SSL decryption installation and encryption.
• Configuring rules and Maintaining PaloAlto Firewalls & Analysis of firewall logs using various tools.
• Implementing and configuring Static, RIP and OSPF protocols on Cisco Routers.
• Worked using routing protocols EIGRP and BGP based company network for resolving level 2 and 3 issues.
• Performed troubleshooting and management of OSPF and BGP protocols on routers.
• Maintaining redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Worked on IP addressing based on sub netting and Variable Length Subnet Mask.
• Supporting customers with the configuration and maintenance of PIX and ASA firewall systems.
• Monitoring the routing traffic using Cisco 2000 and Wireshark.
• Configuring Spanning tree, VSTP, VLAN, SNMP on EX series switches.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed.
• Provided Tier2 LAN and WAN operational support to network call center, supporting the remote, domestic and international offices.
• Providing technical support in LAN and WAN connectivity and hardware issues in the complex network system.
• Connecting various routing and switching devices with CAT 5/ 5E cabling.
• Hands on experience on SIEM tools (IBM QRadar/HP Arcsight) to protect organization from threats and cybersecurity attacks.
• Experienced on analyzing the enterprise logs with the help of security information and event management technologies.
• Used F-5Load balancers to increase capacity (concurrent users) and reliability of applications.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.
• Installing of NOC Network Operation Center monitoring server to establish a 99.9 uptime standard.
• Installing SOC (Security operation Center) and monitoring the traffic with SIEM tools. And resolved errors or tickets raised by the security department.

Environment: Cisco 2600, 2800 and 3600router. F-5Load balancers. PaloAlto firewalls 3060, 5060, 7050. Cisco ASA 5520 Firewall.

NETWORK AND SECURITY ENGINEER

Confidential, Boston, MA

Responsibilities:

• Hands on experience on all software blades of checkpoint firewall.
• Configuring VPN, clustering, and ISP redundancy in Checkpoint firewall.
• Configuring, maintaining, and troubleshooting IPS and IPS-1 in Checkpoint.
• Configured redundant interfaces, DHCP server, DHCP relay, ntp settings, and sub interfaces on firewalls.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Perform Checkpoint and PIX firewall/IDS, NIPS design, integration, and implementation for Cyber Trap client networks.
• Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
• Implement changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineer’s instructions and troubleshooting any related issues.
• Administration on Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Security Device - PaloAlto/ASA Firewalls, Sourcefire IPS/IDS, NIPS, VPN.
• Configuring ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection. Configuring various VPNs like IPsec Site to Site, SSL VPN.
• Extract the logs, perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
• Deploying Cisco WSA and Bluecoat ProxySG (Web Security Appliance) S170 for URL Filtering Policies.
• Configuring, Administering, and troubleshooting the Checkpoint, PaloAlto, Imperva and ASA firewall.
• Configuring rules and maintaining PaloAlto firewalls and analysis of firewall logs using various tools.
• Troubleshooting the VPN tunnels by analyzing the debug logs and packet captures.
• Automation of security operations and optimizing the usage of infrastructure.
• Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment.
• Configuration of SSL VPN through access blade and up-gradation of Firewall.
• Participated in Pfizer Legacy Data Center Network Infrastructure Transition and Disaster Recovery Center transition for various locations.
• Works closely with Customers in determining the business needs for a Project and build Detail design which includes Data Flow diagram, Logical and Physical Diagram.
• Planning, designing and implementing a secure ODC Network setup for upcoming projects.

Environment: Checkpoint firewall. Cisco WSA and Bluecoat ProxySG (Web Security Appliance) S170. F5, CSS load balancers. ASA firewall. Big IP F5 LTM. DHCP server. Packet tracer and tcpdump.

NETWORK ENGINEER

Confidential

Responsibilities:

• Deployed in building the Datacenter right from the scratch, turning up devices and getting into Production.
• Performing network deployment & troubleshooting tasks such as creation and management of VLANs, port security, trunking, STP, RPVST+, Inter-VLAN routing and LAN security.
• Working with Cisco catalysts switches that include 3750, 4500 and 6500 in multi VLAN environment for implementation of inter-VLAN routing, 802.1Q trunking and Ether channel.
• Performing OTV to extend L2 VLANs between data centers over IP on Nexus7018 switches.
• Hands-on experience with BGP multi-homing and configuration of Peer-Groups, Route maps.
• Network Design and Deployment of MPLS cloud - Designed, constructed, implemented, tested and launched various network nodes featuring BGP, OSPF, MPLS and VLANS using RSTP, gateway redundancy protocols HSRP, GLBP and VRRP.
• Configuring/troubleshooting various routing protocols like OSPF, EIGRP, BGP on Cisco router series including2900, 3600, 3900, 7200, 7600.
• Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX3200, EX4200, EX4500, EX8200) series.
• Managing and configuring of Access lists, configuring of Wide Area Networking Protocols, HDLC, PPP, Frame Relay, NAT, HSRP and VPN.
• Implementing redundancy with HSRP, Ether channel technology (LACP, PAGP) etc.
• Deploying Nexus 2248TP GE Fabric Extenders switches in Server Farm environment with VPC&VDC features.
• Performing Legacy Catalyst 6509 with SUP-720, Catalyst 4507 with SUP-6 switches migration to Nexus 7k with SUP-2E as part of the data center refresh.
• Configuring Cisco Catalyst 2900, 2960, 3560, 3750, 4500, 4900, 6500 series and Nexus 2248, 5548 and 7010 switches.
• Testing various BGP attributes like AS Path, local preference, MED, Weight and replicated customer issues in the testing environment lab.
• Overseeing the VPN configuration providing secure access to the users.
• Implementing Firewall policies on Cisco ASA5500.
• Working withF5 BIG-IP LTM 3900, configured profiles and ensured high availability.
• AAA implementation for network device management with TACACS+ and Radius server.
• Implementing on Policy Base Routing (PBR).
• Preparing engineering documents and network diagrams in Microsoft Visio.

Environment: Cisco ASA5500. Cisco Catalyst 2900, 2960, 3560, 3750, 4500, 4900, 6500 series and Nexus 2248, 5548 and 7010 switches. Cisco router series including2900, 3600, 3900, 7200, 7600. Legacy Catalyst 6509 with SUP-720, Nexus 7k with SUP-2E.

NETWORK SUPPORT ENGINEER

Confidential

Responsibilities:

• Handled Plans, coordinates, implements and supports the LAN / WAN hardware, software and Internet / Intranet integration network connectivity, diagnose network failures and resolve any problems.
• Assisted in network engineering efforts consistent with the infrastructure of an Internet Service Provider and support of such network services. Helped in designing and implementation of VLAN for the new users.
• Worked on Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /MAN.
• Configured VLAN's, VTP's, enabling trunks between switches.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Worked on Configuring, managing, and troubleshooting networks using routing protocols like RIP, EIGRP and OSPF (Single Area and Multi Area).
• Handled Troubleshoot Frame Relay; T1, T3, IP and OSPF related router and circuit issues.
• Assisted with troubleshooting all network issues with routers and switches when necessary and consulted with on call tech as needed for client.
• Tested, Monitored, troubleshoot, and resolve Frame Relay, ATM, MLPPP, PPP, and Dial-up.
• Worked on installation and configuration of various types of Personal Computers and Printers. Installation of different operating systems on Intel based PC's.
• Documented and Analyzed log of Cisco PIX series firewall.
• Excellent Troubleshooting Skills and Customer Centric approach.

Environment: Cisco 3640 to Cisco 2811 ISR routers. switches at access level to 2950, 3550. Cisco router-7200, 6500, 4500, 1700, 2600 and 3500 series.