SUMMARY:

• Network Engineer with Over 8+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Implementation, Configurationand Support of Checkpoint ( NGX R65, R70, R71, R75, R77 and R80 ), Juniper Firewalls (SRX5400, SRX5600and SRX5800, RMA), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo Alto Networks Firewall models (PA-2k, PA-3kand PA-5 k).
• Working experience on tools and devices like Gigamon, Sourcefire, Fireeye, Aruba, Cisco ASA, Cisco ISE.
• Defending DNS Server attacks (Feature testing) based on DNS client authentication ( both TCP/UDP ), filtering using Domain-lists, Record types, Request rate limiting, Action-lists, etc. Software Testing for Detection & Mitigation based features - Zone Protection using DDOS . multitude of technologies including Cisco P2P wireless, VSAT, and Microwave WAN technologies. BGP and EIGRP were the main routing protocols running across a Dual Hub DMVPN WAN which was dual-homed to two different ISPs.
• Practice Lead for Cisco ISE Services - Develop, build and grow ISE service delivery practice. Works on migration of checkpoint f irewall to NGN Palo Alto firewalls.
• Experience in installation, configuration and maintenance of Cisco ASR 9K, 7200, 3900, 2800, 2600, 2500 and 1800 series Router / Cisco Nexus 7010, 5548, 2148 Catalyst Cisco 6500 (sup 720), 4500 (SUP 6), 3750, 2950 series Switches.
• Expertise in design and implementation of secure Wireless and Wired network using (Enterasys/Extreme, Cisco and Juniper Routers, Switches, Firewall, IDS/IPS , Wireless APs and Controller) and policy-based networking using Enterasys and Cisco ISE .
• Used Cisco ASR 5500, Cisco ASR 5000 to analyze 4g LTE Voice and Data protocol message exchange of Packet Gateway (PGW/ePDG) related to diameter interface call setup.
• Worked on Juniper Net Screen Firewalls NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
• Policy development and planning/programming on IT Security, Network Support and Administration.
• Monitor SIEM and IDS/IPS feeds to identify possible enterprise threats. Actively investigate, respond to and remediate security incidents.
• Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager (Infoblox).
• Understanding of Layer2/3 VPN's, MPLS , Metro Ethernet and LAN switching. Environment: Cisco ASA 5580/5540/5520, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA 5000/3000, Big IP F5 LTM/GTM , Nexus switches, TCP/IP , VPN, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring.
• Worked on configuring L3VPN's in an MPLS environment. Troubleshooting complex networks layer 1, 2to layer 3 (routing with MPLS , BGP , EIGRP , OSPF protocols) technical issues.
• Upgraded wireless network to Aruba Networks . Designed, configured and implemented Aruba Wireless solution utilizing Aruba IAP-205 access points and Aruba AirWave Management platform.
• Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs and with nexus 2k,5k,7k,9k series that enable business functionality.
• Worked on F5 LTM/GTM, BIG-IP, load balancing, iRulesand it helps in nexus 2k,5k,7k,9k to get forward in WAN acceleration.
• Provided Automation and Orchestration support for Windstream NFV/ SDN team by building SDN /NFV and ONAP solutions using Ciena Blue Planet {RA) adapters connection to different NFV/SDN domain controllers using python to make calls to SDN /NFV.
• Administration, Engineering and Support for various technologies including proficiency in SDN based LAN/WAN routing, switching, security, application load balancing and wireless.
• Experience in reducing complexity and decreased cost and administrative overhead in previous environment by designing and implementing SDN infrastructure utilizing Big Switch as the overlay OS, setting up tenants, segments, routing, switching, vxlan, etc.
• Worked with Cisco Layer 3 switches 3750, 4500, 6500; Cisco Nexus 5000 and 7000 in multi VLAN environment with the use of inter-VLAN routing, 802.1Q trunk, ether channel.
• Worked on Juniper Net Screen Firewalls NS50, SSG 550M, RMA, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
• Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances
• Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANsand routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
• Designed, implemented and supported L2, L3, and security platforms using various technologies namely, STP, DMVPN, GRE, static/dynamic routing protocols (RIPv2, EIGRP , OSPF , BGP , VPN, MPLS.
• Maintained multiple ISP providing internet service across USA. Used BGP , MPLS , and HSRP protocols. Technology Virtual Port Channel, 10 Giga Bit SFT link.
• Experienced with routing protocols (RIPv1/2, IGRP, EIGRP, OSPF, BGP), switching (VLANS, VTP Domains, STP and trunking),
• IDS and IPS event management using CSM including signature updates for SSM Modules, IDSM.

TECHNICAL SKILLS:

Networking: OSI, TCP/IP, Cisco IOS, IOS-XR, LAN/WAN interconnection, Frame-Relay, ISDN, RIP, OSPF, EIGRP, IS-IS, BGP, Air Magnet, JNCIA, RMA, MPLS, STP, SDN, RSTP, MST, VTP, NAT, ACLs, VPN, IP-Sec

Network Monitor Tool: Wire Shark

LAN and WAN protocols: Ethernet, TCP/IP, CDP, STP, RSTP, VTP, Fast Ethernet, Frame Relay, PPP, HDLC.

Hardware Routers: Cisco (1800/2600/3600/3800/7200/7600 series), CISCO ISR and CISCO ASR.

Routing Protocols: OSPF, EIGRP, BGP, RIP

Switches: Cisco (2900/3500/3700/5500/6500 Series, Nexus 2k,5k,7k,9k)

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning

Tree Protocols: PVST+, RSTP+ and Multi-Layer Switching.

Load Balancer: Citrix, F5 Load Balancer.

Security/Firewalls: Cisco ASA (5510,5540), Checkpoint R65, R70, R75, R77 Gaia, Juniper SSG, SRX, VPN, Palo Alto.

Application Layer: FTP, HTTP, DNS, DHCP, SMTP, SNMP.

Application Protocols: SNMP, Telnet, SSH, DHCP, DNS, ARP, HTTP, FTP, TFTP

Redundancy Protocols: HSRP, GLBP, VRRP.

Tunneling Protocols: L2TP, IPSec, PPP, MPLS, IEEE 802.1Q

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Other Tools: Tufin Secure Track, Forescout CounterACT, F5 Big IP (LTM/GTM/ASM), DNS, Bluecoat Proxy, Solar Wind, Wireshark, BMC Remedy, Citrix NetScaler, Cisco Prime, VM Ware

Operating Systems: Cisco IOS commands, Windows (2000, XP, Vista, Windows 7, 8, 10), Linux

PROFESSIONAL EXPERIENCE:

Confidential, Portland, OR

Network Security Engineer

Responsibilities:

• Implementing Security Solutions using PaloAltoPA-5000/3000, Cisco 5580/5540/5520 , Checkpoint firewalls R70, R75, R77.20Gaia and Provider-1/MDM. Configurations and administration of firewalls, which includes Checkpoint, Juniper and Cisco ASA firewalls.
• Monitored and managed Cisco IPS for the intrusion, and configured ASA for giving network access to vendors. Configured VPN, DMVPN, ASA, and authentication.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. F5 Big-IP load balancer configuration, layer 7 load balancing using I-Rules (TCL).
• Performed Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Has experience in working on cloud AWS cloud EC2, S3, RDS, Load Balancer, Auto Scaling with AWS command line interface and AWS python SDK.
• WAN Infrastructure running OSPF & BGP as core routing protocol. Planning and configuring the routing protocols such as OSPF, BGP , and Static Routing on the routers.
• Technical responsibilities include troubleshoot Cisco endpoint VoIP IP Phones, CUCM Cisco Unified Communications Manager, Cisco WebEx Connect, Cisco AnyConnect, Cisco ARC, ISI, Meetingplace.
• The project involved the decommissioning of older Cisco equipment and replacing them with the Nexus platform. These include the Nexus 2048's, 5596 and 56128 platforms.
• Hands-on experience in implementing and troubleshooting Switch technologies such asSTP, VTP, 802.1q, VLAN and MPLS.
• Installing and configuring multiple components of computer networks mostly focusing on wireless technologies. I also assisted in installation and configuration of point to point/multipoint technologies using Air Magnet .
• Administration, Support upgrades ( Juniper SW, RMA, Palo Alto & Cisco ASA ) firewall. ASA. Implementation and manage Cisco ISE and ACS. Responsible for troubleshooting on Cisco ISE added new devices on network based on policies on ISE. Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.
• Perform troubleshooting and resolved protocol issues involving TCP/IP , PPP, OSPF , BGP , MPLS .Install WAN solutions to include ISP MPLS cloud. WAN routing includes eBGP with ASA L2L VPN tunnels to the hub.
• Configured, implemented, and troubleshot various Routing Protocols such as RIPv2, EIGRP , OSPF , and BGP across networks in multiple geographic locations on Cisco platform.
• Configuration and maintenance of Cisco ASR routers such as ASR 1013, 1009-X, 1006, 1006-X,1004, 1002-HX, 1002-X, 1001-X routers.
• Install and configure Powerpath for VMWare; also perform other tasks such as configuring and validating Cisco Nexus 5500, Cisco UCS profiles some vSphere/VMWare related tasks. Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Researched, designed and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and maintaining Palo Alto Firewalls& Analysis of firewall logs using Panorama. Installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone-Based Firewall and Security Rules on the Palo Alto Firewall. Configuration and Maintenance of Cisco ASA, ASA 5540, ASA 5520, ASA 5510 series firewalls.
• Configuring user's roles and policies for authentication using Cisco NAC and monitoring the status of logged users in network using Cisco ISE. Provided tier 3 support for Checkpoint and Cisco ASA Firewalls to support customers, Backup and restore of Checkpoint and Cisco ASA Firewall policies.
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall. Managing project task to migrate from Cisco ASA firewalls to Check Point firewalls. Configuration and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third-party connectivity.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Network with Aruba Airwave and Cisco Prime Infrastructure. - Deployed Aruba RAPIDS and WIP for rogue AP detection and mitigation. Standardized wireless site survey strategy for global office buildouts. Worked with a group of contractors to train them on generating wireless heatmaps with Aruba Visual RF.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability. Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
• F5 BigIPiRule programming and troubleshooting. Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Configure and Monitor Cisco Sourcefire IPS for alerts. Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Worked on VPN configuration, routing, NAT, access-list, security contexts and failover in ASA firewalls. Built a Netapp Flexpod lab with Cisco UCS , FI, & Nexus5K with Netapp FAS 3210a storage.
• Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel.
• Deployment of Cisco 4900, 3750, 2960 switches, along with Cisco ASR 1K, 6509s (Sup 720). Actively use SIEM technology for searching and monitoring real-time events for network security and compliance.
• Review daily log data gathered from various resources such as sensors, alert logs, firewall logs, content filtering logs.
• Monitor Intrusion Prevention System (IPS). Experience with converting Cisco 6500 IOS to Cisco Nexus NX-OS in the data center environment.

Environment: Cisco ASA 5580/5540/5520, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA-5000/3000, Big IP F5 LTM/GTM, Nexus switches, RMA, SDN, Aruba wireless, JNCIA, SPE, VPN, Bluecoat Proxy servers, NetScaler, IDS/IPS. SIEM and Monitoring, Service Now

Confidential, Phoenix, AZ

Sr. Network Security Engineer

Responsibilities:

• Works with client engineering groups to create, document, implement, validate and manage policies, procedures and standards that ensure confidentiality, availability, integrity and privacy of information.
• Performed site refreshes on Cisco switching and Aruba wireless infrastructure at several locations. Configurations, implementation and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540, 5000 series firewalls for the client environment.
• Reviewed logs and reports of all security tools including Firewall, Routers, Switches, SIEM, ePO Servers, NAC, IPS .Upgraded existing switching and IPS systems to Cisco ASA and HP ProCurve switches.
• Worked closely with developers to find defect causes and verify defect fixes to ensure product reliability and quality. Performed customer scenario tests, measured CPU and memory usage by DDos feature enabled, reported results and analysis for development team.
• Performed Wireless Network surveys using Air Magnet software and reviewed existing network infrastructure. Performed field work on project involving installing and configuring Cisco 1142, 1131, 2602 I and E Access points, Installing and modifying configurations of Cisco 3500, 3700 series PoE switches, and conducted Air Magnet surveys to validate successful placement and operation of Access Points.
• Provide Level 3 Support for converged infrastructure (Vblock 740s/540s - VMWARE vSphere 5.5, Cisco UCS , Nexus 5Ks, Cisco MDS, EMC XtremIO/VMAX3s) and non-vBlock Storage - VNX2, ECS (cloud), Isilon (FILE), Pure Storage, HP3Par.
• Provided design and Contrail SDN/NFV networking support using Cisco ACI, Cisco wireless controllers, Open-Stack, Juniper Contrail and Big Switch Networks LABs using Apple Configurator. Provided (ODL) Open daylight, Docker Swarm container support using LINUX and Heat Orchestration and controlling network flows for Automation update using Docker, Ansible Playbooks Yang model and NETCONF devOps tools.
• Extensive working knowledge of routing protocols including MPLS , BGP , QOS and Cisco ASA/VPN Tunnel as backup connectivity solution between remote locations. Repaired broken workstations, notebooks & servers. Handled warranty issues & RMA requests.
• Configured routers and switches including but not limited to IP Subnetting, VTP, VLAN, DHCP, DNS, NAT, BGP , EIGRP , OSPF , static routing, QoS, ACL, VPN, IPSec Tunneling, STP and VRRP to support UcaaS services provided by the company.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls. Deploying of Cisco ISE on Nexus 5000/7000 routers, Cisco switches, and Cisco ASA and Firepower firewalls.
• Worked in virtualizing four of the Mercer call centers utilizing Cisco UCCE VoIP for contact solution thereby creating a failover protocol within four call centers for overflow and disaster situations.
• Installing new equipment to RADIUS and worked with MPLS-VPN with configurations. Analyzed and resolved issues relating to MPLS networks.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto, Cisco ASA Firewalls. Also responsible for administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
• Configured IPSec VPN (Site-Site to Remote Access) on Cisco ASA (5200) series firewalls. Working with the rule base and its configuration in Cisco ASA, Palo Alto, Juniper (RMA) and Checkpoint firewalls.
• Worked on Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600,2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
• Managing Firewall products - Checkpoint Appliance 2200 Gateways, Provider-1 and VSX environment. (R77.10 and 77.20) and ASA environments. Responsible for Check Point and Cisco ASA and Cisco UCCE firewall administration across global networks.
• Designed and implemented a POC of Cisco ISE vs Aruba ClearPass NAC solution for the corporate network wired.
• Responsible for configuring, supporting, and troubleshooting L2 / L3 ( EIGRP, OSPF, BGP ) adjacency and reachability issues by capturing, and analyzing of frames, packets using Wireshark, nmap, and Cisco's built in debugging utilities.
• Rapid firewall security assessments through Python automation • Successful Data Center Migration Planning and Successfully developed Python automation scripts to perform Cisco firewall rule assessments.
• Completed configuration, implementation and turn up of Cisco ASR 5000, Nexus 7010, Cisco 7609, Cisco 3945 terminal servers, DS3 OAM port. Deployed 4G/LTE Spirent iTest execution utilizing TightVNC application server connection for automation and development test. Completed intrusive and non-intrusive test cases of ASR, DNS, IPS, MSP/VOLTE , and SDG/VOLTE and analyzed/validated test results.
• Rule consolidation and rule lockdown process in the ASA firewalls. Deployment of Cisco ASA firewalls and migration of end of life ASA firewalls to New ASA firewalls.
• Design and Install UCP Select for VMWare vSphere with Cisco UCS and Cisco Unified Fabric Switching. Experience in creating multiple policies and pushing them into Checkpoint Firewall (Gateways) and hands-on experience in managing the Checkpoint Management Server and Gaia operating system.
• Defining, tracking and maintaining the standard baselines and configuration sets of security devices and implementing industry best practices with regards to Firewall, IDS/IPS, IPsec VPN, SSL VPN.
• Support Citrix NetScaler F5 platform, configuring, implementing, & troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway. Configuration of F5 GTM solutions, which includes Wide IP, Pool Load Balancing Methods, probers and monitors.
• Distributed applications that run across datacenters usually replicate data for the purpose of synchronization, fault resiliency, load balancing and getting data closer to users (which reduces latency to users and increases their perceived throughput) via SDN .
• Working knowledge and experience in CUCM , Unity connection, Prime Collaboration Provisioning (PCP) and Prime Collaboration assurance (PCA).
• Physically deployed new Cisco Nexus devices, Catalyst and Nexus replacement blades, FWSMs, Cisco ASAs, Citrix NetScaler MPX and SDX chassis. Verify Firewall status with Checkpoint Monitor. Creation and implementation of Application delivery architectures which includes load balancing on F5 BIG IP modules.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
• Involved in F5 LTM GTM and ASM planning, designing and implementation. Development of network design standards for conversion of a Cisco Metro E platform to Ciena Z series SDN network to achieve OpEx cost reductions and network standardization.
• Applying downloadable ACLs through Cisco ISE and Configuring Standard and Extended ACLs locally and on the upstream switches for Cisco ACS.

Environment: Cisco ASA 5580/5540/5520, Aruba Wireless, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA-5000/3000, Juniper SSG, SRX, RMA, SD-WAN, Big IP F5 LTM/GTM, SPE, Python, JNCIA, Nexus switches, Routers, TCP/IP, VPN, Bluecoat Proxy servers, IDS/IPS. SIEM and monitoring, Netscalar,BMC Remedy, Cisco Prime, CUCM VOIP, Forescout CounterACT, Tufin.

Confidential, Houston, TX

Security Engineer

Responsibilities:

• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Managing and administeriSRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Performed Wireless RF and Network Design for a client with more than 100 locations using Aerohive Access Point and Airtight WIPS for security.
• Implementing Security Solutions in Juniper SRX and NetScreen SSG firewalls by using NSM. Juniper Firewall Policy Management using NSM and Screen OS CLI.
• Worked on many Unix based systems and am familiar with many signaling protocols SS7 HS238 BGP IPVR4 IPVR6 VLAN and OSPF .Experienced with DHCP, VTP, VLANs, Eigrp, BGP/OSPF , Trunking and STP on Cisco hardware.
• In-depth knowledge of device driver development , SDN , x86, TCP, UDP, OSPF, ARP, IP, HTTP, DHCP, DNS, TR-69, AWS, cloud computing.
• Provide VOD Method of Procedures documentation to customer for software upgrade downgrade release. Built Cisco Device Profiles using CUCM . This includes being part of the team whom rolled out Cisco VOIP phones when transitioned.
• Responsible for Checkpoint and Cisco ASA firewall administration across global networks. Installation of Nexus 7010 core switches and Nexus 5548 and 2148 server access switches. Configured 7010's with multiple distribution VDC's running EIGRP for route propagation between them.
• Worked on Cisco ISE to support authentication for the Wi-Fi users. Designing and configuration of Cisco security platforms specifically ACS, ISE and ASA . Apply Cisco ISE configuration to switches. Worked on project like deploying Cisco prime Infrastructure, and Cisco Identity Service Engine (ISE) for port security.
• Maintained up-to-date baselines and operational configurations of all security tools: Host Intrusion Prevention, Virus and Antispyware scanner, Symantec Endpoint Encryption (SEE), Cisco NAC and IPS .
• Performed advanced network maintenance mainly includes CMTS, Multicast, OSPF , IS-IS and BGP routing protocol on Cisco ASR9K, 7609, 4948E, ME3400, 3560, 2960 Series Switches and Juniper EX4200.
• Acts as local liaison to identify, correlate, communicate and verify customer impact for nationally managed care team events impacting Video, VOD, network transport, or related IP services.
• Daily technical hands-on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls. Creating and Provisioning RMA Juniper SRX firewall policies.
• Working experience on tools and devices like Source Fire, Cisco ASA, Cisco ISE . Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with FlexConnect.
• Configuration and maintenance of Cisco ASR routers such as ASR 1013, 1009-X, 1006, 1006-X,1004, 1002-HX, 1002-X, 1001-X routers.
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, CiscoCSM, ASDM for day-to-day administration. Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Experience on ASA firewall upgrades to 9.x.
• Experience using and or supporting Active Directory, CUCM , Cisco UCCE , Unity, TMS, Print Management, SCCM, Hyena, Prism, Oracle, VPN, RSA, SharePoint, Salesforce, Good for Enterprise, AirWatch, mobile device management and plan changes, Lotus Notes and Outlook.
• Configured Panorama web-based management for multiple firewalls. Worked on configuration, maintenance and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network.
• Configuring rules and maintaining Palo Alto Firewalls & Anal ysis of firewall logs using various tools. Understanding the flow of traffic through the Check Point Security Gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Support Blue Coat Proxy in explicit mode for users trying to access the Internet from Corp Network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Involved in Upgrading Bluecoat proxy servers from SG s to SG B.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• FWSM configurations in single/multiple contexts with routed and transparent modes.
• Support Data Center Migration Project involving physical re-locations.
• 24 x7 on call support.

Environment: Juniper (SRX, JUNOS, ScreenOS, NetScreen SSG), SPE, MPLS, Cisco (CheckPoint, ASA Firewalls), Palo Alto Firewalls, SDN, RMA, Aruba wireless, NetScaler IP, F5 LTM/GTM, TCP/IP, FortiGate, Service Now.

Confidential

Network Engineer

Responsibilities:

• Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• Performed penetration testing internally for our clients.
• Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE. Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.
• I worked on Check Point Security Gateways and Cisco ASA Firewall.
• Firewall Clustering and High Availability Services using Cluster XL on Check Point.
• Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
• Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
• Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
• Designed and developed SDN OpenFlow for forwarding plane based on EZchip NP4 NPU.
• Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
• Experienced on Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN and Bluecoat proxy server SG.
• Experience using Cisco ASR 1K, 9K series switches.
• Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
• Working on MPLS switches, and routing protocols like BGP , OSPS and EIGRP . Design and Implemented OSPF and BGP on various sites for routing enhancement, high availability and reducing administrative overhead.
• Experienced in troubleshooting various WAN technologies like Frame-Relay, MPLS, T1, DS3 and ISDN.SD
• Knowledge of DOS/Terminal functionality, Windows XP/7/8, iOS devices, Unix/Linux, Basic Perl/Python , Nmap, ESXI 5.1, VMware vSphere 5.0, Metasploit with Armitage, Penetration Testing, and usage of Qualys Guard Vulnerability Management/Policy Compliance/WAS/ Asset Management / PCI.
• Basic knowledge of Multi-Protocol Label Switching (MPLS ), Voice over IP (VoIP), Firewall PIX, Cisco Call Manager and routing protocol BGP .
• Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time.
• Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building FortiGate High Availability using FortiGate Clustering Protocol (FGCP).
• SDN switches can be used for RGDD via installation of rules that allow forwarding to multiple outgoing ports.
• Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and Port channels creation.
• Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
• Configuring static NAT, dynamic NAT, Inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Documentation and Project Management along with drawing network diagrams using MSVISIO.

Environment: CISCO routers and switches, Access Control Server, RIP V2, OSPF, EIGRP, VLAN, Trunk Protocols, CISCO ASA, DHCP, Perl/Python, SDN, DNS, Spanning tree, Nimsoft.