PROFESSIONAL SUMMARY:

• Around 6 years of experience in deployment, implementation, troubleshooting and maintenance of complex Networks, Security devices and Network Security infrastructure.
• Strong experience in deploying, maintaining various network security devices like Cisco ASA, Firepower, Confidential (3020, 5060) and Check Point firewalls (R75, R76 )
• Experience working with device groups and template stacks on Panorama . Administered multiple firewalls using panorama, configured dedicated log collectors.
• Experience with Confidential firewall features like Wildfire, URL filtering, Zone creation, DNS sinkhole, Advanced Endpoint protection and SaaS Security
• Expertise in enabling and administering threat prevention (antivirus, antispyware, vulnerability protection) also configured devices with file blocking and dlp.
• Implemented Zone based Firewall and security rules on the Confidential, Juniper Firewall.
• Configured and Maintained policies on Firewalls using TUFIN Orchestration Site.
• Configuring security policies using Application ID, User ID and Data Filtering on Confidential Firewall.
• Implemented complete Global Protect infrastructure by configuring portal and gateways to manage mobile workforce by enabling secure remote access regardless of location
• Migration of the firewall rules from Cisco ASA 5540, 5550 to Confidential firewalls using PAN OS migration tool and expedition.
• Configured High Availability links (Active/Passive) between Firewalls to prevent a single point of failure on the network.
• Configured context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on Cisco Confidential 55XX firewalls
• Experience with F5 load balancer as well as emphasis on BIG - IP LTM (F5 VIPRION LTM 2150, F5 BIG-IP LTM 5050s), Big-IP DNS.
• Worked on configuration and implementation of VIP's, High availability (A/S), virtual server and irules on F5 Load balancer.
• Designed and implemented DMZ for Web Servers, Mail servers & FTP servers using Next-Gen Firewalls.
• Experience working in Enterprise scale Security implementations with hundreds of security gateways segmented through multiple DMZ, Perimeter and External zones with Heterogeneous network/security appliances.
• Controlled and monitored employee's internet traffic using Bluecoat proxy (SG 900, 810 and SG9000 series) devices located in both data centers in conjunction with BlueCoat CAS Device for antivirus protection.
• Configured and managed Cisco routers and Switches using Cisco Security Device Manager (SDM).
• Expertise in troubleshooting, implementing of static and dynamic routing protocols such as EIGRP, OSPF, iBGP, EBGP and ability to interpret and resolve complex route table problems
• Work experience in managing and troubleshooting the core, distribution and access switches.
• Substantial working experience on Cisco Nexus switches (2000, 5000 and 7000 series) and ISR Routers (2811,3640), ISR Switches (2950,3550)
• Competency in resolving issues in L2 Switching related Technologies & protocols like VLAN Trunks, VTP, VTP Pruning, Port Security, Ether Channel, RSTP, STP, PVSTP, Port Channel Protocols like LACP, PAGP.
• Configuring and maintaining Site-to-Site VPN's(IPSec), DMZ's, Remote access VPN's (SSL), ACL's, Security Zones and TLS/SSL s.
• Implemented Network Access Control (NAC) using tools like Aruba Clearpass for BYOD and IT issued devices.
• Installed Cisco Wireless Lan Controllers (WLC) with active/standby state controlling more than 100 access points.
• Expertise knowledge on SIEM tools like Splunk, QRadar to get real-time analysis of security alerts generated by network hardware and applications.
• Experienced in configuring and deploying RADIUS, TACACS+ as part of AAA Architecture under multiple scenarios.
• Experience in SolarWinds Network Performance Monitor, Network Configuration Manager, Network Traffic Analyzer (Netflow) and IP Address Manager.
• Expertise in managing network using SNMP and other tools such as Wireshark, Tcpdump, Service Now and Cyber Ark
• Knowledge of DDOS attack, Killchain process and implementing mitigation techniques to DDOS like Akamai.
• Documentation and Project Management along with drawing network diagrams using MSVISIO.

TECHNICAL SKILLS:

Firewall: Cisco Confidential 55XX series, Checkpoint R75, R76, Confidential 7000, 5000, 3000 series

Load Balancer: F5 Network (Big-IP) LTM 8900 and 6400

VPN: IP Sec, DMVPN

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Routers: Cisco ISR 1841, 2800, 3800, 2951, 3900, 4000, Juniper Routers (MX-480, MX960)

Routing: OSPFv3, OSPFv2, EIGRP, BGP, Static

Switches: Cisco Catalyst switches and 1800, 2600, 3600 series, Nexus 2k, 5k, 7k, Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200)

Switching: STP, PVST+, RPVST+, Inter-vlan Routing, Multi-Layer Switch, Ether Channels (PAGP, LACP)

Network Protocols: TCP, UDP, DNS, DHCP, FTP, TFTP, HTTPS, PPP, SNMP, ICMP

Tools: Wireshark, Tcpdump, QRadar, Splunk, TUFIN, SolarWinds

PROFESSIONAL EXPERIENCE:

Confidential, Phoenix, AZ

Network Security Engineer

Responsibilities:

• Experience working with Confidential 's Panorama appliance (device groups, template stacks) for logging sessions, creating reports and managing multiple firewalls simultaneously
• Experience with Virtualization using Multi-VSYS on Confidential, Multiple Context on Confidential and configured static routes on virtual routers.
• Segmentation of existing Data center with multiple zones for East-West Traffic visibility by deploying Confidential -5260 series firewalls.
• Migrating Cisco Confidential 5500 firewalls to Confidential 5060 firewalls using PAN migration tool and expedition
• Replacing Confidential 5060 firewalls with 5250 firewalls on the production environment
• Creating Application specific rules set for the traffic by customizing objects, security profiles(antimalware), service groups, dynamic block lists.
• Create new zones for segmenting the DMZ from internal network and enforcing stringent security profiles to reduce the threat landscape
• Configure APP-ID feature in Confidential firewalls to reduce attack surface, regain visibility and control over traffic and create custom URL-filtering profiles and use them in writing Security policy rules that allow web access to users
• Expertise in configuring User ID both Agent based and Agentless for multiple users by using LDAP servers for authentication
• Create Portal, configure Gateways and install the Global Protect Agent on client devices and configure two-factor authentication on those to provide VPN connections for Global Protect.
• Configured High Availability links (Active/Passive) between Firewalls to prevent a single point of failure on the network.
• Configure Log Forwarding to forward logs from the firewall to Panorama M-500 and then configured Panorama to send logs to the servers.
• Integrating the Confidential firewalls with Wildfire cloud inspection engine to protect against zero-day, APT and Malware threats.
• Providing constant Network & Threat activity reports for Internet Gateway Confidential firewalls.
• Configuring DNS Sinkhole on Perimeter firewalls to sink hole malicious DNS traffic
• Experience building site-to-site VPN tunnels between business partners and remote locations
• Troubleshoot security policy, HA, VPN, Global Protect issues on PAN devices such as PA 5060 and 7080 series.
• Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding
• Substantial working experience on Virtual Port Channels (VPC), bonding server NICs and Virtual Device Contexts (VDC) in Nexus 7000 series switches.
• Migration of Cisco ISR 1841, 2800, 3800 First generation to Cisco ISR 2951, 3900, 4000 second gen series for branch offices.
• Experienced in configuring the Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
• Expertise knowledge on Aruba wireless controllers and access point configurations including RF tuning to reduce interference.
• Operational support and assistance of the Cisco ASA, Cisco Firepower FTD and FMC appliance and upgraded an ASA firepower module managed by Adaptive Security Device Manager (ASDM).
• Firewall policy optimization using Tufin to ensure policy auditing across many dependent firewalls.
• Work with F5 (LTM) load balancers to improve delivery, performance, availabilty for local site traffic.
• Configured nodes, pools, virtual servers, vip and monitored health checks on F5 BIG-IP LTM by using round-robin, least connections technique to balance load.
• Configured firewall logging, DMZs and related security policies and monitoring.
• Integrated Splunk with Confidential firewalls for monitoring Firewall logs and activities.
• Perform Method of Procedures (MOP) for firewall deployment and failover tests.
• Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework.
• Maintain Configuration, Documentation (VISIO's) and Records Management.

Confidential, San Mateo, CA

Network and Security Engineer

Responsibilities:

• Deployed Inline inspection architecture using Confidential Firewall PA-7050, 5060, 3060 series to protect datacentre.
• Responsible for security profile groups, security policies implementation on Confidential VM 300 & 500 series firewalls that secure the cloud environment.
• Centralized management of all Confidential Devices and appliances using Confidential Panorama M-100 server.
• Implemented stateful inspection on network traffic by creating zone and policy-based rules to mitigate the malicious attacks and threats on network.
• Assisted in the migration of firewall rules set from Legacy Cisco Confidential to Confidential Firewalls using Confidential Migration tool.
• Configuring and maintaining Site-to-Site VPN's, DMZ's, Remote access VPN's (SSL), ACL's, Security Zones and TLS/SSL .
• Worked on Load Balancer F5 LTM, GTM series like 8800, 6800, 6400, for the corporate applications purpose using iRules.
• Expertise knowledge on SIEM tools like QRadar to get real-time analysis of security alerts generated by network hardware and applications.
• Provided threat protection with Confidential IPS solutions of Firewalls & open source tools like Snort.
• Assisted in providing security for web application using Akamai Kona Web Application Firewall.
• Creation and maintaining users in the Firewall via certified base authentication (Tacacs) for Remote users and for local users as well and auditing of Firewalls using Algosec tool.
• Implementation and operational support of routing/switching protocols in complex environments including OSPF, EIGRP, Spanning Tree, 802.1Q, etc.
• Management of Cisco catalyst 6500, 3500, Nexus 7009 switches at the Data center.
• Experience in implementation and troubleshooting of Datacenter devices like Nexus 7000, Nexus 5000 and Nexus 2000 Series devices with VDC's /VRF's configurations.
• Configuring Security policies including NAT, PAT, VPN (DMVPN, GRE), Route-maps, prefix lists and Access Control Lists.
• Provided Secure Web Gateway using Bluecoat Proxy servers for both Forward and Reverse Proxy.
• Worked on Cisco ISE, Aruba ClearPass (CPPM) for BYOD policies using ClearPass Onboard feature for endpoint protection.
• Deployed Cisco Aironet 3800e Access Points and wireless appliances for new branch office.
• Configured the Cisco 5508 wireless LAN controller and 3700 series access points to provide a reliable connection to users.
• Implemented Authentication Authorization and Accounting (AAA) protocol TACACS+.
• Providing Server and Proxy authentication using TLS s.
• Implemented L3 MPLS VPN services, Ethernet Private Line (EPL) and WAN technologies.
• Vigilance of the network using monitoring tools like Solar Winds and Extensive packet analysis using TCPDUMP and Wireshark packet tracer tools.
• Day to day monitoring/health check on Firewalls and keep an eye on any vulnerabilities/threats­­­

Confidential

Network Engineer

Responsibilities:

• Involved in configuring High Availability links between Checkpoint firewalls (Active/Passive) R76, R77 to prevent a single point of failure on the network.
• Work on Checkpoint Platform including Provider Smart Domain Manager.
• Worked on configuring, managing and supporting Checkpoint Gateways.
• Configured and maintained security infrastructure of local area network (LAN) and Wide area network (WAN).
• Configured and Troubleshooted issues with Cisco routers 2851, switches 2960, NAT, and DHCP, as well as assisting with customer LAN /WAN.
• Hands on experience in blocking unauthorized users and allowing authorized users to access specific resources by configuring Access Control Lists (ACL).
• Substantial working experience in configuring & troubleshooting routing protocols: EIGRP & OSPF.
• Created Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
• Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, route maps, prefix-lists.
• Involved in troubleshooting of DNS, DHCP, and other IP conflict problems and applied QoS for the bandwidth delay
• Enabled RPVST Enhancements to speed up the network convergence that includes Port-fast, Uplink-fast, and Backbone-fast.
• Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
• Perform IOS upgrades/Password recover on 2900, 3500 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP.
• Actively involved in Switching Technology and Administration including creating and managing VLANs, Port security- 802.1x, Trunking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches.
• Worked with the engineering team in resolving the tickets and troubleshooting layer2 and layer 3 problems.
• Monitoring Network Management and responding to events, alarms, and tickets.
• Worked with Senior Security Engineer on Firewall configurations and maintenance.

Confidential

Jr. Network Engineer

Responsibilities:

• Understand the JUNOS platform and worked with JUNOS upgrade of Juniper devices
• Expertise in installing, configuring and troubleshooting Juniper Routers (MX-480, MX960) and Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200) series.
• Configured Access List (Standard, Extended and Named) to allow users all over the company to access different applications and blocking others.
• Planning and Assisting the network operations team for new network infrastructure deployments.
• Created Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
• Enabled RPVST Enhancements to speed up the network convergence that includes Port-fast, Uplink-fast, and Backbone-fast.
• Responsible for cabling, labelling and Racking & Stacking of various network equipment and ensured there are no connectivity issues using ping and tracert.
• Troubleshooted installation issues due to hot aisle and cold aisle.
• Troubleshooted the layer 1 and layer 2 ticketing issues like damaged cabling or terminations, insufficient network bandwidth, incorrectly assigned Vlan .
• Documented and updated the network physical and logical layout using Lucidchart.
• Hands on experience with Network diagnostics, monitoring tools like solarwinds, wireshark.