- I have been working as a network security engineer for over seven - years, during these period I have had several hands-on experience on both network and security projects, some of which include;
- IPSEC-VPN configuration for data encryption
- Firewall security policy implementation and monitoring for both checkpoint and Palo Alto
- Checkpoint / Palo Alto management server HA for fail-over for network management reliability
- Checkpoint Cluster implementation & configuration including R77 ClusterXL & previous version of checkpoint firewall Operating system.
- Ability to work in a provider-1 environment, understanding MDS HA, CMA HA and MLM/CLM configuration.
- Managed Palo Alto Firewalls from the CLI
- Experienced in using Panorama to manage multiple Palo Alto firewalls
- Firewall traffic track using CLI, tcpdump and Fw monitor for packet capture and packets analysis with tools like wireshark
- Static & Dynamic IP addressing, NAT/PAT, web Application and IPS/IDS Networking/Protocol: TCP/IP Protocols
- Excellent verbal and written communication skills
Network Security Engineer
Confidential, Atlanta, Ga
- Install, configure and maintain Check Point R75 - R77 Gaia and Splat/ Palo Alto PA500, PA 3020 & PA5020
- Identify and remove security policies that are no longer needed to reduce checkpoint/ Palo Alto firewall policy lookup.
- Integrates Microsoft active directory (LDAP) into checkpoint/Palo Alto for identity awareness and user authentication.
- Configure checkpoint firewalls to authenticate users based on user identity, user group, session and client PC Auth.
- Configure and administer security rules and policies to permit and/or deny user traffics based on company security policy on both Checkpoint and Palo Alto firewalls.
- Installation of licence and SSL Certificate on Palo Alto Firewalls.
- Configuration of SSL Decryption, global protection, URL profile, vulnerability, Antivirus and spyware protection using Panorama.
- Analyse logs and make necessary network report using Panorama and smart reporter console application.
- Monitor checkpoint VPN tunnel activities with smart view monitor and troubleshoot VPN issues with CLI.
- Perform regular updates, HFAs and patches for firewall when needed for maximum performance.
- Monitor all users/Firewall traffics using smart view-tracker, Panorama and smart view-monitor smart consoles.
- Implement high-availability configuration for security management server for fail-over.
- Implement and configure clustering system for checkpoint security gateways for fail-over both in load sharing mode and fail-over.
- Troubleshoot, monitor and configure checkpoint firewall issues and other smart console applications using CLI and Palo Alto via Panorama
- Configure IP-SEC VPN, and SSL-VPN (Mobile Access) based for user traffics that needs to be encrypted using Checkpoint.
- Configure URL filtering to enable or disable user traffic access to web-sites.
- Configure IPS to prevent malicious traffics using software blades.
- Perform regular snapshot and revert/backup and restore/upgrade export/upgrade import services to backup and restore all configuration in-case of disaster recovery
- Configure NAT and PAT such as Dynamic, Static, and Manual NAT policies as required for user traffics going out to the internet.
- Regularly gather and document user traffic log information files for information purpose.
- Monitor firewall work-load using smart view-monitor to enhance checkpoint firewall performance.
- Troubleshoot firewall issues through command-line using CLI commands and GUI interface using smart console and Panorama.
- Implement identity awareness using checkpoint software blade to track user activity as company policy demands.
- Periodic policy review to ensure security polices achieves purpose.
- Remotely connect into end user computer to help troubleshoot network issues.
- Provided technical and administrative support to customers on a daily basis.
- Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
- Configured IPS on Check Point firewall to detect and prevent against network intrusions.
- Configured Web/URL filtering on Check Point Firewalls to enforce acceptable use policy
- Maintained active directory database (backup and restore)
- Installed and troubleshoot Fortinet firewalls.
- Hands on experience configuring firewall rules on Fortinet.
- Managed Fortinet Firewalls and monitored all incoming and outgoing internet traffic.
- Experienced working with Fortinet FortiGate NGFW appliances 1500D, 1200D, 1000C at the Data Center as well as Fortinet 300, 500 at the Regional office locations managed through FortiManager
- Maintained effective communication with vendors, peers and clients in resolution of trouble-tickets.
- Participated in on call support in troubleshooting the configuration and installation issues.