PROFESSIONAL SUMMARY:

• Over 10+ year's successful experience in Management, Architecture, Security, and Engineering of Convergence Technologies (Voice, Video and Data). (Including: information systems management, system design and analysis, and writing application software.)
• Result - Oriented Network Architect, having experience of financials, large enterprises and service providers.
• Hands on Experience with Installing, designing and implementing Palo Alto Networks Confidential management platform to enable ease of administration / auditing for multiple firewalls.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70 & R77, Palo Alto, Juniper and Cisco ASA.
• Expertise in Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system to manage large scale Firewall deployments.
• Hands on experience on all software blades of Check Point Firewall.
• Experienced with Cisco routers and switches, and a good understanding of IP subnetting and routing such OSPF and BGP.
• Hands on experience in CISCO source fire and its products.
• A growing track record of success in a broad range of technologies & expertise, ranging from high level technical support to network design & architect.
• In-depth understanding of networking systems, network infrastructure security appliances and TCP/IP.
• Managed operational security for HP's public cloud, including incident response, service hardening, Active Directory, VPN/2FA, PKI, firewall rules, and compliance.
• Intense knowledge of IPV-6 servers.
• Experience with demonstrated success in network administration, data communication, wireless communication installations, design, maintain and troubleshooting Cisco routers and switches, Juniper Routers and Checkpoint.
• Experienced in the installation of ImpervaSecureSphere appliance and virtual.
• Hands on experience using diagnosis tools like TCP DUMP, Wireshark for analyzing the real time statistics during the packet flow.
• Experience on PCI and ISO compliant security implementations on the firewalls and perimeter devices.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Expertise in implementation and troubleshooting of protocols such HSRP, VRRP, GLBP, ACL.
• Experience with Aruba RF, F5 Big IP, Juniper firewalls design and analysis support.
• Experience with security devices; firewalls, IDS/IPS, proxy, Incident Managers and Microsoft TMG.
• Experience with converting Check Point VPN rules over to the Cisco ASA solution. Migration experience with Cisco ASA VPN.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Experience in Implementing & managing Symantec Data Loss Prevention.
• Experience on F5 s, its methods, implementation and troubleshooting on LTMs and GTMs.
• Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series).
• Experienced with ImpervaSecureSphere DAM 10.5 and 11.5.
• Experienced in Configuring and managed DNS and Active Directory.
• Experience with Putty, Exceed, Secure CRT, GNS 3 and Cisco Packet Tracer.
• Experience on Palo Alto firewalls and F5 Load balancer device.
• Well experienced in handling Cisco ACS and EMC RSA for remote access and authentication.
• Development and Configuration of Security Information Event Management (SIEM) systems.
• Experience in configuration and deployment of network security devices, including Firewalls, Intrusion, Detection Systems, VPN, and Identity Gateways.
• Excellent troubleshooting skills; tenaciously committed to the thorough resolution of technical issues.
• Exceptional ability to grasp and master new technologies quickly and easily.

TECHNICAL SKILLS:

Operating System: Windows XP, 2000, NT, 98, 95, Win7, Win8, Visio.

Connectivity & Hardware: Cisco Routers 2900, Cisco Switches SRW 300, 1900, 2900, 3700, 4500, Cisco ASA 5500, Cisco WLC 2500, Cyberoam UTM Devices, SonicWALL UTM Devices, HP Procurve Switches, 3COM Switches, HP MSM720.

Routing Protocols: RIP, RIPv2, OSPF, EIGRP, BGP, Static Routing.

Switching Technologies: VLAN, VTP, HSRP, VRRP, GLBP, Stacking, STP, Port-fast

Network Technologies: CDP, Access Control List (ACL), Network Address Translation (NAT), Port Address Translation (PAT).

Security Technologies: IPS/IDS, Firewall, VPN, TMG,Tunneling, ASA, IPSEC, DMZ.

Wireless Technologies: 802.11 a/b/g/n, WLAN, WAP, AP, SSID.

WAN: DSx, ISDN, Frame Relay, ATM, SONET, MPLS, IPT/VoIP, Video, Security/ACL Design, metro-Ethernet

LAN: TCP/IP, VLANs, LANE, Wireless (Wi-Fi)

Monitoring Tools: Wireshark, SolarWinds, Nagios, OpManager

Firewalls: Wireless LAN SonicWALL Firewall, Juniper SRX 220, SRX 240, SRX 550 and SSG Series, Juniper NetScreen NSM, Checkpoint, Palo Alto, McAfee, Imperva, Fortinet

Applications: MS SQL Server 2005, MS ISA Server 2006, MS Office XP/ 2003/2007/2010

PROFESSIONAL EXPERIENCE:

Confidential, TX

Network Security Architect

Responsibilities:

• Worked as a Network Architect in different projects of credit unions, state departments and many enterprises. Leading Professional Services from day one. My roles and duties were working as a lead of advanced services, design and Implementation to perform the following:
• Successfully installed Palo Alto PA-3060 Firewalls to protect Data Center.
• Provided technical engineering and design work in the areas of LAN/WAN/Call Center, Carrier, Video, Wireless and IPT(VoIP-Avaya and CUCM), including QoS/CoS, MPLS/VPN design.
• Installation of Palo Alto (Application and URL filtering,Forefront Threat Management Gateway, Threat Prevention, Data Filtering).
• Worked on a team responsible for redesigning and deploying a new network infrastructure DoS wide to include routing, switching, layer 2 & 3 encryption as well as WAN acceleration utilizing Riverbed WAN accelerators.
• Implement Tipping Point filtering of filters for viruses, malware, and all attack vectors.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
• Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
• Use of Blue Coat Secure Web Gateway, Source Fire IDS/IPS.
• SEP (Symantec Endpoint Protection) Create Firewall Rules based on SEP client logs and Create file and folder exceptions.
• Researched, designed and replaced aging Checkpoint Firewall architecture with new next generation Palo Alto appliances serving as Firewalls and URL and application inspection.
• Work with infrastructure provisioning tools such as Chef, Vagrant, Kitchen, and Fog.
• Monitored firewall logs, reviewed and analyzed secure/non-secure networks via source fire and snort tool implementation.
• Architecture & Design & Implementation Infrastructure Security Solutions (SEIM, HIPS, IDS, FW, DLP).
• Implemented and maintained infrastructure set up for Microsoft Forefront Threat Management Gateway as a proxy server, web content filter and firewall.
• Tipping Point IDS remediation for critical events individually.
• Design, Installation, troubleshooting and implemented integrated network architectures to support ongoing operations using Juniper routers, Imperva, F5 Load balancers, and Splunk.
• Worked on Safenet for securing keys, Vormetric for file level encryption and Symantec PGP for full disk encryption.
• Used McAfee softwaresfor protecting data, database security, emails and web security, End Point protection, network security, and also security management and event management(SIEM).
• Configured and maintained IPsec and SSL VPN's on Palo Alto Firewalls.
• Used the ImpervaSecureSphere tool extensively to comply to SOX and HIPAA audits.
• Coordinated with Forensic Investigations Team in managing Bluecoat Proxy appliance configuration and NPC's proxy appliance administration.
• DLP subject matter expertise and provide single point of contact and hands-on escalation and remediation for critical issues.
• Implementation configuration and troubleshooting of Check Point Firewall R77.
• Configuring VPN, clustering and ISP redundancy in Check Point Firewall.
• Updated Barracuda firewall firmware and white-listed email addresses or domains globally when needed.
• Assisted the lead technician of the Citrix upgrade project. Specifically, supported the lead on installing software on the servers supporting the environment.
• Installing and performing NIST temp sensor calibrations as well as network troubleshooting during the final RTLS testing phase.
• Created a virtual infrastructure/lab to test policies utilizing Symantec Endpoint Protection (SEP), Symantec Messaging Gateway (SMG), Splunk, Microsoft Exchange 2013, and Windows and Mac endpoint agents.
• Maintaining complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPsec and SSL encryption
• Assisted contractors planning and removing the Cisco Catalyst switches and deploying Cisco Nexus solutions, creating VDC and VPC's across the network with near to no downtime.
• Maintain, upgrade and deployed rulesets on the Checkpoint infrastructure.
• Design and implement QoS for their VOIP traffic for intra-country traffic, international VOIP traffic was routed differently through Cisco Call Manager.
• Responsible for all Juniper equipment, supporting 3,000+ users.
• Checkpoint Firewall and Tipping Point Intrusion Prevention System IPS.
• Designed/deployed/maintain Cisco/Source Fire Next Generation Firewall and Intrusion Prevention System (IPS) with 10 Firepower sensors and Fire Sight Management Console.
• Deployed the Riverbed Cascade solution for the network triggering critical devices on the network to send Netflow for a better analysis if any event occurred.
• Implemented Forescout network access control solution for multiple locations and integrated 3rd party actionable data from Palo Alto Wildfire.
• Configuration scenarios include routing (RIP, EIGRP, OSPF, BGP), bridging (STP, VLAN, HSRP), MPLS VPN, Network Security (VPN, Firewall, IDS), IP telephony (call manager, CME, voice Gateways).
• Performs network and log analysis for potential on-going attacks against the network.
• Admin Riverbed Cascade and Riverbed Steelheads - WAN Optimization
• Deployed Appnetas across the globe to test weekly the MPLS QOS on all aspects.
• Installation and application support experience with all Microsoft 2003 Products, Windows 2000, Exchange Server 2000 and 2003, VERITAS, TrendMicro, Symantec Antivirus,Symantec GHOST.
• Maintaining and creating security policies.
• Responsible for installation, troubleshooting of Check Point Firewall and LAN/WAN protocols.
• Responsible for managing Network & Security Engineering implementation.
• Firewall Policy administration and work with user requests submitted by users.
• Ensured 24x7 uptime of encryption services.

Confidential, San Francisco, CA

IT Infrastructure Architect

Responsibilities:

• Configuring, administering and troubleshooting the Check Point, Palo Alto, Cisco ASA and juniper Firewall.
• Daily responsibilities included design, implementation, support and administration of multiple security products, running Check Point Provider-1, Palo Alto and Cisco ASA.
• Regularly performed Firewall audits around Check Point Firewall-1 solutions.
• Replaced Microsoft Forefront TMG with Barracuda Web Filters.
• Designed and configured testing changes/additions to the encryption infrastructure.
• Provided tier 3 support for Check Point Firewall-1 software to support customers.
• Configuration of multiple point to point VPN connections to multiple vendors.
• Created Operational manual, for Imperva containing responses/actions to alerts.
• Configured Palo Alto firewalls in HA (High Availability) in active/passive and active/active modes.
• Setup multiple Palo Alto firewalls within Confidential .
• Cable management of server farms, NAS/SANs, and network closets.
• Configuration and administration of cisco and juniper routers and switches.
• Forwarded findings to Cyber Forensic Investigations or Security Incident Response team(s) to further investigate (Encase 6 and Encase 7 forensic tool were utilized).
• Designed and deployed Data Center network infrastructure.
• Teamed with executive management to develop infrastructure and architecture roadmaps.
• Configuring and monitoring Tipping Point Intrusion Prevention and detection devices.
• Provide Tuning for Symantec (DCSS) Data Center Security Server for Whitelisting using Solve.
• Engineer and implement our enterprise wide migration from Cisco ASAs to Palo Alto Application.
• Analysed data loss threats throughthreat Management Gateway and Symantec DLP solutions.
• Provided project planning, guidance and technical expertise in program, policy, process, and planning; risk management, auditing, and assessments; A&A; and quality planning and control.
• Participated in discussions with the System Analyst to identify technical requirements.
• Responsible for network design and implementation of secure Big Data project using Hadoop ecosystem.
• Performed advanced testing of F5 load balancers, Websense V10K & Blue Coat Proxies using virtual machines, security tools, and URL generator.
• Assist customer in development and completion of security documentation as specified by DIAPCAP and NIST.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms
• Using Smart Update, user management and authentication in Check Point Firewall.
• Migrations included and not limited to Cisco to Juniper and Cisco to Checkpoint and Checkpoint to Palo Alto.
• Authentication of users and machines i.e. verifying the identity using PKI.
• Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management, and reporting tools Orion and Algosec.
• Symantec Endpoint Protection deployment, management server administration, reporting, and upgrades.
• Ensuring the privacy of data using a secure communication by using Encryption Algorithms in PKI
• Implementation configuration and troubleshooting of Check Point Firewall R71.
• Installed Palo Alto Firewalls in Enterprise level data centers.
• Implement Cisco Network Advance Malware Protection (AMP)
• Designed/deployed Cisco Advance Malware Protection (AMP) for workstations, servers, and mobile devices.
• Managing the configuration of checkpoint firewall through smart dashboard R77 Gaia.
• Configure Palo Alto Firewall models as well as a CMS ( Confidential ) to manage large scale firewall deployments.
• Performed analysis of alerts and reports generated by the DAM toolset.
• Developed network security and compliance policies and processes.
• Troubleshoot incompatibilities w/3rd party software vendors and Mcafee DLP
• Oversee and advise on maintenance schedule for DLP server (ePO) and DB server.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Configured and maintained URL filtering on Palo Alto Firewalls.
• Write reference architectures and strategic roadmaps for network, voice, wireless, and network security technologies for various infrastructure initiatives.
• L3 Support engineer for Checkpoint firewalls based environment.
• Worked on Cisco ASDM for configuring VPN on Cisco ASA Firewall.
• Configuring rules and maintaining Palo Alto Firewalls & analysis of Firewall logs using various tools.
• Adding security rules and pushing the security policy on Check Point.
• Perform Check Point and PIX Firewall/IDS design, integration and implementation for Cyber Trap client networks.
• Designing and Implementation of policies i.e Address Translation and Security policies
• Worked on Bluecoat proxy to analyze and scan malwares to protect the infrastructure.
• Perform Tier-3 level technical support activities for NOC/SOC engineers with 24x7 on-call support.
• Collapsing the existing Firewall rules and fine-tuning the Firewall policies for better performance.
• Working with different teams to gather information for new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and SmartView Tracker.

Confidential, Houston, TX

Senior Network Security Consultant

Responsibilities:

• Performing Vulnerability Analysis test for Firewalls and other network devices and providing the closures for vulnerabilities.
• Managed Checkpoint, Fortinet, Palo Alto firewalls and reviewed information security requirements, assessed security risks, and defined security requirements.
• Backup and restore of Juniper, Check Point and Cisco ASA Firewall policies.
• Analyzed and resolved incident response alerts for various B2B customers and provided customer support via PCAP analysis of TCP/IP traffic.
• Manage our F5 (GTM, LTM), routing, switching and firewall infrastructures from architecture to implementation.
• Update of McAfee environment: This included building/deploying a new server, installing SQL, McAfee ePO, and migrating 3000 machines from McAfee ePO 4.5 to 5.0.
• Migration of Checkpoint, Cisco and Juniper firewalls to Palo Alto Network firewalls with Palo Alto migration tools.
• McAfee Encryption Rollout: Deployed McAfee encryption to 2200 laptops.
• Evaluated a variety of endpoint defense vendors, and working with the infrastructure team, selected Intel Security/McAfee as an initial solution to replace Microsoft System Center Endpoint Protection (SCEP).
• Patch and upgrade McAfee ePO and related products to mitigate risk.
• Engineering for Symantec Vontu Servers for DLP inspection with FireEye for Malware.
• Write technical documents for McAfee related issues to be used by help desk and field technicians.
• Developed custom scripts to repair McAfee products and services.
• Ensure network solutions adhere to government security policies (NISPOM, NIST, etc.)
• Managing servers dedicated to Medstar’s Symantec Endpoint Protection (SEP) application.
• Handling updating, maintenance and optimization of various switches, routers, firewalls, WAN circuits, Point to Point.
• Working closely with technical management to architect networks that effectively reflect business needs, service-level and availability requirements, and other technology parameters.
• Designed and evaluated a migration plan for merging three different disparate virtual private network solutions into a single Palo Alto Networks Global Protect VPN solution.
• Assisted other senior level engineers in designing and/or deploying network technologies such as Multicast, QOS, VOIP, etc.
• Worked on SIEM tools like solar winds, Symantec end to end point security for malware detection and threat analysisTMG.
• Improve the operation and design of their IPS system (Tipping Point). circuits, Secured WIFI access points, and MPLS throughout our infrastructure.
• Leveraging SonicWALL GMS to control and deploy over 500 TZ and NSA Firewalls across domain as well as an additional 60 SRA units
• Successfully migrated GMS 6.0 standalone servers to GMS 7.0 running on clustered UMA EM5000 devices.
• Worked as a systems engineer to implement vendor projects using multiple firewalls like checkpoint security firewall, Juniper and PaloAlto.
• Troubleshooting the projects by providing support.
• Attending remote support to client testing of projects, upgrading firewalls.
• Installing new policies of the firewall, configuring it and protecting it.
• Finding the vulnerabilities in the network and strategically providing CISCO NIDS security to the Data Centers.
• Creating security policies in CISCO NIDS to avoid and detect network intrusions.
• Configured VPNs like SSL, IPSec, Site to Site VPNs, VPN configuration in AAA and routing in ASA.
• Worked on various network monitoring tools like Wireshark and logging monitoring
• Traffic to monitor the ongoing data packets.
• Also implemented the L3 and L2 security.
• Manage Juniper, Cisco ASA & Checkpoint Firewalls as per users change management forms.
• Migrated off of UM EM5000 onto a 2 Windows Server 2008 GMS 7.3 environment
• Currently overseeing multiple projects including WAN Circuit Upgrade project of over 75 per year, TZ Firewall.
• Performed packet analysis and analyze network traffic for security events and network sniffing using WireShark.
• Monitoring Traffic and Connections in Juniper, Check Point and ASA Firewall.
• Manage project task to migrate from Cisco ASA Firewalls to Check Point Firewalls.
• Worked extensively in configuring, monitoring and troubleshooting Cisco's ASA 5500/PIX security appliance, failover DMZ zoning & configuring VLANs/routing/NATing with the Firewalls as per the design.
• Responsible for implementing and troubleshooting various Networking Devices such as Routers, Cisco Switch, Cisco Firewall.
• Responsible to provide network connectivity as and when new location comes in to the network.

Confidential, NYC, NY

IT Security Engineer

Responsibilities:

• Planning, Design and Implementation of IP Network using different Subnetting techniques and VLSM techniques for conserving the IP address for small to medium branch office network.
• Configured Cisco switches 2900, 3700, Routers 2600, 3600 including different technologies for VLAN, Inter VLAN routing, VLAN Access control list, STP, PVST+, VLAN Trunking protocols, Ether channel configuration port aggregation and link aggregation using PAGP and LACP protocols.
• Implemented different routing protocols OSPF, BGP, EIGRP and redistribution of different routing protocols into different areas of networks.
• Designed, implemented, and managed network security countermeasures including firewalls and intrusion detection/prevention systems such as: Juniper, Palo Alto, and Cisco's SourceFire.
• Cisco Routers/Switches, Extreme Switches, LAN/WAN/MAN Technologies, ATM, Ethernet, OSPF, BGP, RIP,
• EIGRP, HSRP, VLAN, Trunking, Spanning Tree, Wireless 802.11, Frame-relay, ISDN
• Configuration and deployment of LAN/WAN internetworking systems consisting of routers, switches, hubs.
• Design and engineer site-to-site VPN, Remote Access, and IPSec VPN on Firewall.
• Maintained patches, updates, upgrades for Firewalls, switches IOS and on Servers.
• Configure, maintain, and monitor Juniper, Cisco ASA 5510 Firewalls at different site’s network
• Responsible for day-to-day network connectivity issues and Security issues.
• Provided a network infrastructure to support design, documentation, testing, installation, and implementation of telephony networks.
• Troubleshoot SSL AnyConnect VPN and monitor session on the Firewall.
• Firewall policy configuration on Checkpoint Firewalls.
• Symantec Mail Security for MS Exchange, Symantec Backup Exec System Recovery Manager, Symantec Endpoint Protection
• Site to site VPN configuration checkpoint firewall.
• Remote access VPN configuration and administration on Cisco ASA 5540 firewalls.
• Successfully migrated L2tp over IPsec VPN to ANYConnect VPN.
• Firewall policy configuration on Cisco ASA firewalls.
• NAT configuration on both Checkpoint and ASA firewalls.
• Maintain and support SCCM 2012 Server for imaging and software central management.
• Maintain, configure, and manage VoIP phone system including conference lines.
• Maintain, support, manage, and configure File Servers including FTP and SAN servers.
• Manage users and resources mailboxes in MS Exchange Server 2010.
• Build and configure security solutions and lead migration efforts to ensure smooth operation.
• Discovering, diagnosing and correcting network performance problems and failures.
• Configure Cisco VPN 3000 Concentrator to allow VPN clients
• Installation and maintenance of Computer Hardware such as Network Cables, NIC cards etc.
• Windows server 2003 management, user management, permission assigning, sharing.
• Installation of OS and software on various platforms and ensuring data back-up.
• Computer hardware installation and maintenance.
• Part of Cyber Network Operation (CNO) group to perform PenTest/Vulnerability assessments (BurpSuite, Nessus, Canvas)
• Created, changed and deleted user accounts per request.
• New website hosting in IIS, FTP website setup, website editing and maintenance.
• Actively participated in code review sessions, ensuring data back-up and hardware check.
• Provided training, technical support and assistance to faculty.

Confidential, Union, NJ

Network Engineer

Responsibilities:

• Responsible for Check Point and Cisco PIX 525 Firewall administration across global networks.
• Provided desktop support including creating images specific to client requirements and dealing with issues pertaining to hardware and application.
• Provided technical support on hardware and software related issues to remote production sites.
• Participate in on-call responsibilities in support of a seamless production environment.
• Responsibilities included configuration and installation of software and hardware.
• Performed routine network maintenance checks as well as responsible for gathering and compiling data for special projects as well as preparing weekly status reports.
• Involved in effective communication with vendors, peers and clients in resolution of problems and equipments.
• Configuring and administering ACL's, route-maps, route-policies, prefix-list on Firewall.
• Configuring and administering routing protocols like OSPF and BGP.
• Firewall configuration and administration.
• Ensure proper security, monitoring, alerting, and reporting for enterprise infrastructure
• Install, configure, and maintain networking equipment and services to support the enterprise WAN, LAN, and WLAN environments.
• IDS/IPS configuration and administration.
• MPLS configuration and administration with the help of Client.
• Performed the installation, configuration and testing of LAN/WAN devices.
• Manage printers, copiers, and other miscellaneous network equipment.
• Handled the tasks of documenting network problems and resolutions for future reference.
• Performed the tasks of developing and maintaining procedures for backup and recovery, virus scanning and access control.