SUMMARY:

• Over 6 years of professional experience in Deploying and Troubleshooting Enterprise level Network and Network Security Infrastructure. Provide Tier 1, 2 & 3 Data Centre support.
• Strong hands - on experience in deploying and configuring firewalls like Palo Alto, Checkpoint, and Cisco ASA.
• Experience on Palo Alto NXG Firewall configurations including URL filtering, Threat prevention, Data filtering, Ipsec Tunnels, SSL-VPN and Zone Protection.
• Hands on experience in Integrating Vmware NSX Palo Alto Firewalls.
• Expert in configuring Security policies using App ID, Services, Security profiles and URL category.
• Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
• Hands on experience in configuring Pre-rules, Post-rules, object groups and templates in Panorama.
• Working experience in creating custom URL filtering profiles and attached them to Security policy rules that allow web access.
• Knowledge on mitigating various attacks like DOS, DDOS, KILLCHAIN, and ZERO DAY ATTACKS.
• Profound knowledge in Cisco ASA 5000 series installation, configuration and maintenance.
• Configured Firewall-security context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on CISCO firewalls.
• Working experience in deploying Cisco appliance as a firewall, VPN, troubleshooting skills and policy change requests, enabling granular traffic inspection through network segmentation.
• Responsible for configuring and maintaining Check Point firewalls, Cisco firewalls, and F5 Load Balancers.
• Experience in configuring and managing Cisco and F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
• Assisted in setting up new 510 and 810 Blue Coat Proxy SG units, performed one to many proxy migrations.
• Monitored firewall traffic through the Checkpoint firewall smart dashboard and smart view tracker and implemented dedicated SMART EVENT server and generated traffic log reports by checkpoint SMART EVENT.
• Configured High Availability links between Checkpoint firewalls (Active/Passive) to prevent a single point of failure on the network.
• Configured Client VPN Technologies such as Cisco’s VPN Client via IPSEC and Globalprotect from Palo Alto Networks
• Working experience in managing and troubleshooting the core, distribution and access switches.
• Substantial working experience on Cisco Nexus switches (2000, 3000, 5000, and 7000 series) and ASR & ISR Routers.
• Configured and managed Cisco routers and Switches using Cisco Security Device Manager (SDM).
• Profound knowledge of layer 2 protocols such as VTP, STP, RSTP, MST and layer 3 routing protocols like BGP, EIGRP, and OSPF.
• Working experience on network topologies and configurations.
• Hands-on experience with ACLs, Syslog.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC.
• Depth knowledge in HSRP and VRRP for Redundancy over layer 2, 3 switches.
• Knowledge of TCP/IP suite to solve complex networking issues including IP routing protocols, ACLs, VLANs, and VPNs.
• Working experience on packet analyzer tools like Tcpdump and Wireshark.
• Monitored and Troubleshoot physical and virtual network infrastructure using SIEM tools like Splunk, Qradar.
• Troubleshoot connectivity issues on Cisco ACE, GSS, CSM balancers.
• Configured role-based access to allow the authorized users to access the servers and network infrastructure.
• Deployed Cisco and Aruba wireless 802.1X infrastructure across the enterprise network.
• Installed and maintained Aruba switches, Aruba Wireless AP’s and Aruba Virtual Controllers.
• Technical proficiency with Cisco wireless (AP’s, Controllers, ISE, Prime).

TECHNICAL SKILLS:

Firewalls: Palo Alto Networks, Cisco ASA firewalls, Checkpoint, Panorama Palo Alto Networks firewall management.

Load Balancers: F5 Networks (Big-IP), Cisco ACE & Brocade Load Balancers.

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 6500, 4500, 3850,3560, 3750, 2960.

Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN.

Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing.

Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging.

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, Cisco Prime.

Wireless Technologies: Airwatch & WLC s (8510, 5508, 5706), Cisco AironetAP s (2600, 3600, 3700), Aruba 225, Aruba 3000 controller & Airwave.

Network Security: Cisco ASA 5540, ACL, IPSEC, F5 Load Balancer, ISE, SSL, IPSec VPN, GRE VPN.

Network Management and Packet Analyzers: SolarWinds, Wireshark, SNMP, and Tcpdump.

Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS and Linux.

Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), VMware, Adobe Photoshop, and Illustrator.

PROFESSIONAL EXPERIENCE:

Confidential - boston, MA

Network Security Engineer

• Configuring, Administering and troubleshooting the Palo Alto, ASA firewall.
• Investigate security incidents, troubleshoot, resolve and recommend actions needed to resolve vulnerability issues.
• Managing Cisco ASA 5585, 5555, 5545 series, upgrade and maintain security policies.
• Worked with PA-500, PA-3020, PA-5020, PA-5050 and PA-5060 and PA-7050 to perform the day to day operations.
• Deployed Palo Alto firewalls using VMware NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV.
• Responsible for installation, configuration of Palo Alto using Panorama.
• Performing migration from old network to a new network of millions of users.
• Provide on call support with network operations teams resolving incidents.
• Deployed Paloalto-7000 series device to the production environment, managed them via Panorama.
• Worked on the migration of ASA firewalls to Palo Alto firewalls, in cloud environments.
• Performed code upgrades on the ASA 5585, 5555 series.
• Worked on Splunk to gather generated logs for the firewalls, to maintain application flow on firewalls.
• Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
• Creating NATs as per user's requirement to getting access for different servers like internal firewalls, DMZ firewalls and Internet firewalls and worked on Splunk for troubleshooting.
• Migrate management, host and transit interfaces of the firewalls to new IP, without affecting data traffic.
• Migrating NAT rules with counter NATs as per the new IP request
• Participated daily scrum meetings, maintain project flow to meet deadlines.
• Setup Global Protect VPN in the production environment, test and maintain VPN firewalls.
• Created and implemented firewall policy to allow/block services on specific TCP/UDP ports in production firewall.
• Created and run the automation script to push configuration into the firewalls.
• Maintain definitions in bluecoat proxies, with Splunk integration.
• Performed Cisco ASA and Palo - Alto Firewall Code upgrades.
• Creating Perform and fulfill service now request for Port service, create policies and migrate rules to new subnet.
• Troubleshooting and escalation of P1 & P2 incidents includes in day to day responsibilities.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Worked with applications transport protocols SSL, IPSEC, DNS, NTP, SSH, LDAP, RADUS, TACACS+ and AAA on ASA Firewalls.
• Worked with Panorama 8.1.3 to configure the perimeter Palo alto firewalls.

Confidential - Ashburn, va

Network Security Engineer

• Excellent Troubleshooting Skills and Customer Centric approach.
• Expertise in Configuring, Monitoring and Troubleshooting Palo Alto (5040, 3020), Checkpoint firewalls.
• Responsible for writing firewall rules based on applications, users and content.
• Implementing USER-ID on Palo Alto firewall, which identifies supported IP-to-USER mapping strategies.
• Configured and installed the Firewall pair in High Availability mode as Active/standby and managed through the management port.
• Migrated Checkpoint Firewalls to Palo Alto Firewalls using migration tool.
• Monitored network logs and security events generated by the security appliances and determined the correct action or escalation path.
• Worked Extensively on Checkpoint firewalls.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Palo Alto Firewalls.
• Experienced in configuring and managing F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
• Involved in Installing and Configuring a Cisco secure ACS server for AAA authentication.
• Implemented process to eliminate inconsistencies between network documentation and the actual network configuration.
• Installed and maintained Aruba switches, Aruba Wireless AP’s and Aruba Virtual Controllers.
• Configured role-based, device-based access and self-service capabilities using Clear Pass access management system.
• Configured 802.1X port-based authentication on Cisco switch-to-TACACS+ server communication.
• Configured and troubleshoot Cisco 4k, 5k and 6k Nexus Switches in the data center.
• Managed and troubleshooting the Core, Distribution, and Edge Routers.
• Worked on implementation strategies for the expansion of the MPLS VPN networks.
• Experience with manipulating various BGP attributes such as Local Preference, MED, and Extended Communities.
• Provided BGP routing protocols for implementing multi-homing connection and carried out Route-redistribution between different routing protocols like OSPF, BGP, and EIGRP for increased efficiency.
• Configured redundancy protocols like HSRP, VRRP and GLBP.
• Switching tasks include VTP , ISL/ 802.1q , VLANs, Ether Channel, Port security , STP and RSTP .
• Analyzed packets using Tcpdump and WIRE SHARK.
• Worked on Linux and Windows Platforms and involved in planning of Network Maintenance.
• Implemented and configured SNMP, Syslog and traps on Cisco routes to allow for network management.
• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.

Confidential

Network Engineer

• Involved in administrating and maintaining corporate infrastructure including Network Connectivity and Internet access.
• Hands on experience with WAN (ATM/Frame Relay), routers, switches, and TCP/IP addressing.
• Installed and configured Cisco switches and routers series.
• Responsible for managing and monitoring network devices.
• Maintenance of STP, HSRP, VTP, and VLANs.
• OSPF protocol administration.
• Designed and implemented VLANs, Trunking, VTP and Ethernet channels.
• Configuration experience of EIGRP protocols on CISCO routers.
• Performed DNS and DHCP troubleshooting.
• Provided support for installation and troubleshooting of configuration issues.
• Implemented & Integrated Cisco switches, routers, and security devices.
• Involved in L2/L3 Switching Technology troubleshooting.
• Creating and managing VLANs, Port security, Trunking, STP, INTER-VLAN routing, LAN security.
• Analysed log messages by Syslog server, issues related to high CPU utilization and parameters which degrades the performance of the network.
• Support Network Technicians in training and resolution including performing diagnostics & configuring network devices.

Confidential

JR. Network Engineer

• Basic knowledge of wireless networking and web browsing content filtering.
• Necessary connection management of network equipment in the organization.
• Worked with facilities management to relocate the network equipment.
• Diagnosing and resolving the hardware, software and networking issues.
• Provided First level technical support to users.
• Created and maintained documentation for Network diagrams and Network configuration.
• Experience in LAN/WAN cabling and racking.
• Basic knowledge of routing protocols like OSPF, BGP, EIGRP.
• Knowledge of IPv4 subnetting and IP management.
• Backing up the Network devices configurations and testing the network conditions to ensure that the network infrastructure is good to meet the company requirements.