SUMMARY:

• 8+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Implementation, Configuration and Support of Checkpoint (NGX R65, R70, R71, R75 and R77), Juniper Firewalls (SRX5400, SRX5600and SRX5800), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo Alto Networks Firewall models (PA-2k, PA-3kand PA-5 k).
• Good knowledge on Endpoint incorporates a rules-based firewall, as well as an anti-malware technique also worked on F5 LTM/GTM, BIG-IP, load balancing, I Rules and WAN acceleration.
• Managed all network and devices to include Cisco routers, switches, VPNs, SSL, Check Point, Cisco PIX, Cisco ASA, Cisco FWSM as well as content delivery networks (CSS, Citrix NetScaler and F5 Big IP LTM and GTM 1600 and 3400 load balancers) enterprise environment.
• McAfee ePO 5.1.1 administration (VSE, SAE, DLP), PM on OpenDNS deployment, incident management of threat alert concerning, McAfee products, Fire Eye, Sourcefire, establishing best policy and procedure for incident management.
• Provides technical support, development and implementation expertise and leadership in Antivirus and Malware prevention services (presently McAfee ePO 5.3 endpoint securities (ENS) suite).
• Knowledge of web application firewalls and data loss prevention technologies.
• Configuration and troubleshooting of CISCO & ARUBA wireless devices
• Aruba Airwave Manager, ClearPass Policy Manager Server

TECHNICAL SKILLS:

OSI, TCP/IP, Cisco IOS, IOS: XR, LAN/WAN interconnection, Frame-Relay, ISDN, RIP, OSPF, EIGRP, IS-IS, BGP, Air Magnet, JNCIA, RMA, MPLS, STP, SDN, RSTP, MST, VTP, CAN, NAT, ACLs, VPN, IP-Sec

Network Monitor Tool: Wire Shark

LAN and WAN protocols: Ethernet, TCP/IP, CDP, STP, RSTP, VTP, Fast Ethernet, Frame Relay, PPP, HDLC.

Hardware Routers: Cisco (1800/2600/3600/3800/7200/7600 series), CISCO ISR and CISCO ASR.

Routing Protocols: OSPF, EIGRP, BGP, RIP

Switches: Cisco (2900/3500/3700/5500/6500 Series, Nexus 2k,5k,7k,9k)

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning

Tree Protocols: PVST+, RSTP+ and Multi-Layer Switching.

Load Balancer: Citrix, F5 Load Balancer.

Security/Firewalls: Cisco ASA (5510,5540), Checkpoint R65, R70, R75, R77 Gaia, Juniper SSG, SRX, VPN, Palo Alto.

Redundancy Protocols: HSRP, GLBP, VRRP.

Tunneling Protocols: L2TP, IPSec, PPP, MPLS, IEEE 802.1Q

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Other Tools: Tufin Secure Track, Forescout CounterACT, F5 Big IP (LTM/GTM/ASM), DNS, Bluecoat Proxy, Solar Wind, Wireshark, BMC Remedy, Citrix NetScaler, Cisco Prime, VM Ware

PROFESSIONAL EXPERIENCE:

Confidential, NJ

Network Engineer

Responsibilities:

• Configuring and troubleshooting of routing protocols such as OSPF and EIGRP for effective communication on Cisco 3900, 3800 series routers.
• Worked on configuration, deployment and administration of Checkpoint firewalls versions R77.0, R75.46.
• Configured Juniper SRX series firewalls for policy management, and Juniper SSL VPNs.
• Extensively managed Network ACL's, EC2 and Security Groups in migrating traditional on-premises infrastructure to AWS cloud services which now hosts 20+ AWS services.
• Created monitors, alarms and notifications for EC2 hosts using Cloud Watch.
• Provisioned the highly available EC2 Instances using Terraform and cloud formation and wrote new plugins to support new functionality in Terraform.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Utilized Cloud Watch service to monitor the QA/on demand instances, S3 metrics, configuring alarms for performance environments during load testing.
• Configuration of VLANs on cisco switches 3850, 3650 and troubleshooting IP addressing issues, updating IOS images and other hardware installations.
• Implemented traffic filters using Standard and Extended Access-lists, Distribute-Lists, and Route-Maps.
• Installing and configuring VPNs for the clients (site to site) and Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
• Gained strong experience and knowledge in investigating incidents related to firewall and VPN.
• Manage installations, configuration and administration of Cisco equipment in IT architecture of organization.
• Gained advanced knowledge on multiple security technologies Anti-virus, malware, Firewalls, VPN, proxies, vulnerability, DLP.
• Review and analysis of emerging threats and vulnerabilities, risks and business requirements for detection and remediation measures.
• Strong experience and knowledge in investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams.
• Working with Juniper JUNOS operating system and working on M and MX series routers.
• Working knowledge with white listing webpages and blocking webpages with Blue coat Proxy SG and Blue coat reporter.
• Establishing and maintaining of setup to Build and deploy the application to the Cloud AWS.
• Circuit upgrades for T1's and Ethernet circuits. Scheduled maintenance notification. Cradle point, Broadband.
• Worked on Monitoring and analysis of ProxySG performance.
• Administration knowledge on Symantec Bright mail Gateway, Symantec Endpoint protection (12.1.6) and Symantec PGP.
• On daily basis worked with Juniper SRX 650 and Palo Alto 5050 Firewalls.
• Planning a strategy for Moving from vShield to NSX - including introducing NSX into a VDI designed around vSphere 6.5 and Citrix.
• Strong understanding of Network Virtualization and experience implementing NSX Security.
• Design the layout for cable installations.
• Worked with up gradation of Firewalls (Juniper SRX, Palo Alto and FortiGate Devices).
• Participate in day to day DLP maintenance activities and analyse DLP incident and report on findings.
• Experience on Data Loss Prevention (DLP) and information security.
• Worked on manual Penetration testing of client systems, web sites and discovered network vulnerabilities.
• Built Cisco Device Profiles using CUCM. This includes being part of the team whom rolled out Cisco VOIP phones when transitioning over from Avaya. We deployed 1500+ phones throughout the campus.
• Implemented 8x8 VOIP solutions on site and run network diagnostics test and network assessment test.
• Configured network services equipment Riverbed accelerators in compliance with security policy.
• Worked on security policies of juniper SRX and Palo Alto and policy clean-up of firewalls.
• Comprehensive working knowledge of switches, switching technology, LAN/WAN security, LAN/WAN design, capacity planning, server technology, LAN/WAN troubleshooting, Voice over IP (including T1, DS3, OC-3, routing protocols, TACACS, RADIUS).
• Worked with Bluecoat and Infoblox.
• Provide support for security solutions related to Bluecoat Proxy, configuring solutions in the development, test and production environment.
• Gained good knowledge and hands on experience with routing and switching protocols such as OSPF, CIDRIP, BGP and STP.
• Worked on MPLS between Data center and offices.
• Strong hands on experience with f5 BIG-IP GTM and LTM and Worked on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Involved in F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers. Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.
• Worked to implement new data center as well as migrated old Switches Nexus 5000 to new Switch Nexus 7000.
• Worked on Blue Coat's proxy architecture for the elevated level of web security.
• Worked on Cisco ASA 5500 series firewalls, Nexus 7000, 5000 series switches
• Experience in troubleshooting Nexus switches
• Administer and support Juniper Firewalls Using NSM (Net Screen and ISG firewalls).
• Dealt with NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network
• Troubleshooting VLAN, Spanning Tree Protocol, Switch trunks and IP conflict issues
• Coordinated with senior engineers in BGP, CIDR routing policies and designs
• Monitoring Network infrastructure using SNMP tools
• Gained good knowledge on integration of logs into Splunk.
• Gained experience with using NSM, SEP, IPS and IDS.
• Worked with Juniper M320 multiple edge router.

Environment: F5 Local Traffic Managers (LTM) 5000, 7000 series, GTM load balancers, Spanning tree protocol, VLANs, STP, DNS/DHCP issues, Palo Alto firewalls, Cradle Point, CIDR, BGP, AWS, MPLS, VoIP, ETHER channels, checkpoint, Bluecoat, Nexus, JUNOS, Juniper.

Confidential, IA

Sr. Network Engineer

Responsibilities:

• Worked with client engineering groups to create, document, implement, validate and manage policies, procedures and standards that ensure confidentiality, availability, integrity and privacy of information.
• Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations. Configurations, implementation and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540, 5000 series firewalls for the client environment.
• Reviewed logs and reports of all security tools including Firewall, Routers, Switches, SIEM, ePO Servers, NAC, IPS .Upgraded existing switching and IPS systems to Cisco ASA and HP ProCurve switches.
• Worked closely with developers to find defect causes and verify defect fixes to ensure product reliability and quality. Performed customer scenario tests, measured CPU and memory usage by DDos feature enabled, reported results and analysis for development team.
• Provide Level 3 Support for converged infrastructure (Vblock 740s/540s - VMWARE vSphere 5.5, Cisco UCS , Nexus 5Ks, Cisco MDS, EMC XtremIO/VMAX3s) and non-vBlock Storage - VNX2, ECS (cloud), Isilon (FILE), Pure Storage, HP3Par.
• Provided design and Contrail SDN/NFV networking support using Cisco ACI, Cisco wireless controllers, Open-Stack, Juniper Contrail and Big Switch Networks LABs using Apple Configurator. Provided (ODL) Open daylight, Docker Swarm container support using LINUX and Heat Orchestration and controlling network flows for Automation update using Docker, Ansible Playbooks Yang model and NETCONF devOps tools.
• Extensive working knowledge of routing protocols including MPLS , BGP , QOS and Cisco ASA/VPN Tunnel as backup connectivity solution between remote locations. Repaired broken workstations, notebooks & servers. Handled warranty issues & RMA requests.
• Configured routers and switches including but not limited to IP Subnetting, VTP, VLAN, DHCP, DNS, NAT, BGP , EIGRP , OSPF , static routing, QoS, ACL, VPN, IPSec Tunneling, STP and VRRP to support UcaaS services provided by the company.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls. Deploying of Cisco ISE on Nexus 5000/7000 routers, Cisco switches, and Cisco ASA and Firepower firewalls.
• Worked in virtualizing four of the Mercer call centers utilizing Cisco UCCE VoIP for contact solution thereby creating a failover protocol within four call centers for overflow and disaster situations.
• Installing new equipment to RADIUS and worked with MPLS-VPN with configurations. Analyzed and resolved issues relating to MPLS networks.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto, Cisco ASA Firewalls. Also responsible for administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
• Configured IPSec VPN (Site-Site to Remote Access) on Cisco ASA (5200) series firewalls. Working with the rule base and its configuration in Cisco ASA, Palo Alto, Juniper (RMA) and Checkpoint firewalls.
• Worked on Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600,2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
• Managing Firewall products - Checkpoint Appliance 2200 Gateways, Provider-1 and VSX environment. (R77.10 and 77.20) and ASA environments. Responsible for Check Point and Cisco ASA and Cisco UCCE firewall administration across global networks.
• Designed and implemented a POC of Cisco ISE vs Aruba ClearPass NAC solution for the corporate network wired.
• Responsible for configuring, supporting, and troubleshooting L2 / L3 ( EIGRP, OSPF, BGP ) adjacency and reachability issues by capturing, and analyzing of frames, packets using Wireshark, nmap, and Cisco's built in debugging utilities.
• Completed configuration, implementation and turn up of Cisco ASR 5000, Nexus 7010, Cisco 7609, Cisco 3945 terminal servers, DS3 OAM port. Deployed 4G/LTE Spirent iTest execution utilizing TightVNC application server connection for automation and development test. Completed intrusive and non-intrusive test cases of ASR, DNS, IPS, MSP/VOLTE , and SDG/VOLTE and analyzed/validated test results.
• Rule consolidation and rule lockdown process in the ASA firewalls. Deployment of Cisco ASA firewalls and migration of end of life ASA firewalls to New ASA firewalls.
• Design and Install UCP Select for VMWare vSphere with Cisco UCS and Cisco Unified Fabric Switching. Experience in creating multiple policies and pushing them into Checkpoint Firewall (Gateways) and hands-on experience in managing the Checkpoint Management Server and Gaia operating system.
• Defining, tracking and maintaining the standard baselines and configuration sets of security devices and implementing industry best practices with regards to Firewall, IDS/IPS, IPsec VPN, SSL VPN.
• Support Citrix NetScaler F5 platform, configuring, implementing, & troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway. Configuration of F5 GTM solutions, which includes Wide IP, Pool Load Balancing Methods, probers and monitors.
• Distributed applications that run across datacenters usually replicate data for the purpose of synchronization, fault resiliency, load balancing and getting data closer to users (which reduces latency to users and increases their perceived throughput) via SDN .
• Working knowledge and experience in CUCM , Unity connection, Prime Collaboration Provisioning (PCP) and Prime Collaboration assurance (PCA).
• Physically deployed new Cisco Nexus devices, Catalyst and Nexus replacement blades, FWSMs, Cisco ASAs, Citrix NetScaler MPX and SDX chassis. Verify Firewall status with Checkpoint Monitor. Creation and implementation of Application delivery architectures which includes load balancing on F5 BIG IP modules.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
• Involved in F5 LTM GTM and ASM planning, designing and implementation. Development of network design standards for conversion of a Cisco Metro E platform to Ciena Z series SDN network to achieve OpEx cost reductions and network standardization.
• Applying downloadable ACLs through Cisco ISE and Configuring Standard and Extended ACLs locally and on the upstream switches for Cisco ACS.

Environment: Cisco ASA 5580/5540/5520, Aruba Wireless, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA-5000/3000, Juniper SSG, SRX, RMA, CAN, SD-WAN, Big IP F5 LTM/GTM, SPE, Python, JNCIA, Nexus switches, Routers, TCP/IP, VPN, Bluecoat Proxy servers, IDS/IPS. SIEM and monitoring, Netscalar,BMC Remedy, Cisco Prime, CUCM VOIP, Forescout CounterACT, Tufin.

Confidential, CA

Network Engineer

Responsibilities:

• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Implementing Security Solutions in Juniper SRX and Net Screen SSG firewalls by using NSM.
• Juniper Firewall Policy Management using NSM and Screen OS CLI.
• Provide VOD Method of Procedures documentation to customer for software upgrade downgrade release.
• Maintained the following Cisco platforms 7600, 7500, 7200, 7000, 3560, 2900, 2801, 2000, ASA5500, Catalyst 6500, 4500, 3560 and 2900.
• Experience as a Sales QA Representative in Production Environment for Network Based Firewall Based Wireline Applications and interact with Net bond team who establishes a firewall connection on a VPN to the Cloud Portal.
• Participate in the installation and configuration of new VOD equipment.
• Configured and utilized many different protocols such as OSPF, ISIS, BGP/MP-BGP, OER, MPLS, LDP, Multicast, IPv4/IPv6 protocols.
• Utilized knowledge of Spanning Tree Protocol, BGP, MPLS, OSI model layers 1-2 to create network layouts.
• Acts as local liaison to identify, correlate, communicate and verify customer impact for nationally managed care team events impacting Video, VOD, network transport, or related IP services.
• Daily technical hands-on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Creating and ProvisioningJuniper SRX firewall policies.
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
• Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Experience on ASA firewall upgrades to 9.x.
• Configured Panorama web-based management for multiple firewalls.
• Worked on configuration, maintenance and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network.
• Configuring rules and maintaining Palo Alto Firewalls& Analysis of firewall logs using various tools.
• Network hands-on installation experience of (Cisco routers, switches, ASA 5505 firewall, VPN)
• Understand the flow of traffic through the Check Point Security Gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Use Tools such as SKYBOX for Firewall Policy optimization and rule base Clean up.
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Support Blue Coat Proxy in explicit mode for users trying to access the Internet from Corp Network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Involved in Upgrading Bluecoat proxy servers from SG s to SG B.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• FWSM configurations in single/multiple contexts with routed and transparent modes.
• Support Data Center Migration Project involving physical re-locations.

Environment: Juniper (SRX, JUNOS, ScreenOS, Net Screen SSG), Cisco (CheckPoint, ASA Firewalls), Palo Alto Firewalls, Big IP F5 LTM/GTM, TCP/IP, FortiGate, Service Now.