SUMMARY:

• Security Consultant with around 9 years of IT experience with a focus on designing and developing security solutions.
• Strong knowledge based in the planning, design, and implementation of Information Systems and Network Technologies.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN - 1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40 Smart Domain Manager command line & GUI.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experienced in design, installation, configuration, administration and troubleshooting of network security infrastructure.
• Configuring user and network device access on Cisco ISE as per TACACS/Radius authentication.
• Knowledge of Intrusion Detection, DMZ, encryption, Bluecoat, proxy services and Splunk.
• Knowledge in preparing Technical Documentation and presentations using Microsoft VISIO/ Office.
• Strong written and verbal communication skills, self-motivated, self-managed, result oriented, practical, always looking to learn and contribute.

PROFESSIONAL EXPERIENCE:

Confidential, Stamford, CT

Senior Network Security Consultant

• Implementing security policies as per the requirements on Checkpoint provider 1, Cisco ASA 5505/5510/5520 , Checkpoint crossbeams, Palo Alto and Fortigate firewalls.
• Working with Cisco TAC on escalated issues. Conducting root cause analysis on major network security incidents.
• Hands-on with Cisco Security Manager and Cisco Event viewer for troubleshooting.
• Configured, troubleshoot, and upgraded Checkpoint Firewalls, which included network and/or resource access, software, or hardware problems.
• Worked on deploying/securing web server on Azure using Checkpoint CloudGuard.
• Opened, resolved, or updated Tier II Support tickets for various firewalls and provide regular status reports of tickets.
• Responsible for configuring and troubleshooting website/URL restrictions in the firewall.
• Designed & implemented Overlay Network Management Network to manage all our production devices with TACACS+ and Solar winds NPM.
• Palo Alto installation, rule changes PA-4000/PA-5000, templates, object creation, planning, configuration changes, OS upgrades.
• Setup monitoring ports and conducted packet capture with Wireshark for troubleshooting.
• Implementing, Troubleshooting CheckPoint GAIA R75.40, R77.20, R77.30 managing CheckPoint Firewalls using CheckPoint Management Server.
• Configuring CheckPoint Firewalls Management Servers in High Availability/Cluster.
• Managed Checkpoint Firewalls from command line cpconfig and sysconfig.
• Implemented and migrated policies from checkpoint to Palo Alto using Palo Alto migration tool.
• Configured Palo Alto firewalls in Active/Active and Active/Passive modes.
• Designing and Implementation experience in building DMZ, and integration of firewalls with Gateway Anti-Virus and web Filtering applications from TrendMicro and Websense.
• FortiGate firewall administration, upgrades, backups, configuration, and diagnostics.
• FortiManager administration, operation and integration.
• Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Netscreen firewalls.
• Juniper NSM and Juniper CLI for SSG and SRX, Juniper SSL-VPN, OS upgrades, CLI changes, scripting, troubleshooting, configurations, rule re-ordering and optimizations.
• Responsible for integrating all network and security devices with Algosec for cleanup and optimize firewall policy.
• Adhere to the change and release management process through Service Next tool.
• Established the "Trust Working Group" which included negotiating and leading the adoption of a 13-point common security criteria for configuring network perimeters.
• Aided in troubleshooting potential network issues in rolling out ISE.
• Deploy ISE technology in infrastructure to establish secure and authenticated network with profiling and certificate-based authentication.
• Adding/removing endpoints, GWLAN WLC, guest accounts, MAC whitelisting in ISE.
• Adding/removing devices from ISE in TACACS and creating authorization policy in ISE.
• Integrating active directory with Cisco ISE and certificate addition for guest services.
• Upgrading ISE nodes to latest version and clearing cache buildup using Cisco TAC support.
• Troubleshooting and resolving issues through splunk - log monitoring, search poling.
• Level 3 firewall Break-fix support - received and acted pages from Level 2 and corrected faults.

Confidential, Atlanta, GA

Network Security Engineer

• Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.
• Primary responsibility for the Core Security of the Network. Managing the entire Network Security Products deployed in the network such as Checkpoint (GAIA R 75.40/77.20 ).
• Checkpoint R65, R71 and R75 Provider-1 on Multiple CMAs updates, configurations, OS upgrades and CLI troubleshooting, rule re-ordering and optimizations.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Worked on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Palo Alto design and installation (Application & URL filtering, Threat Prevention, Data Filtering).
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided L3 support.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Adding and removing checkpoint firewall policies based on the requirements of various project requirements.
• Experience with converting Checkpoint rules over to the Palo Alto solution. Migration with both Checkpoint and Palo Alto experience.
• Executed SOA Testing and IPS/IDS for Checkpoint & Palo Alto Firewall.
• Bluecoat Proxy single managed deployments hand writing various change scripts and verifying peer scripts.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Implementing Troubleshooting Cisco ASA 5500 security appliance and Managing Security devices using Cisco ASDM.
• Bluecoat Administration - Blocking/Unblocking URL's.
• Maintained 99.999% standard for service level agreements during upgrades of firewalls within Delta.
• Firewall administration and integration using Tufin security suite.
• Design and installation of Radware Web application firewall cluster.

Confidential, Jersey City, NJ

Firewall Administrator,

• Configure, document and administer firewall infrastructure.
• Firewall deployment, rule migrations and firewall administration.
• Worked on configuring, managing and supporting Checkpoint Gateways.
• Develop best practices, operational procedures and design documentation for business continuity.
• Monitor and optimize network performance and assure network security in a high availability environment.
• Create redundant, reliable, scalable network with fault tolerance, performance tuning, real-time monitoring, data collection, and disaster recovery.

Confidential, Rochester, NY

Network Engineer

• Developed test cases for networks and applications for complex network topologies.
• Implemented test cases on networks and identified root cause.
• Monitored network and implemented automated tests with help of scripting languages.
• Summarized and presented the test results to project management team every week.
• Maintained bug status reports and drove to resolution including verification of fixes.
• Supported the configuration of Checkpoint Firewall R65 up to R75 version, installation of Secure Platform, Checkpoint Provider Environment.
• Developed and maintained automated test scripts using HP QTP/UFT.
• Diagnosed and resolved all network related issues.
• Created and made changes to end user accounts.

Confidential, Rochester, NY

Network Admin

• Presides over analysis and needs planning for IT and other business units.
• Conducts regular audits to ensure all frameworks and processes that have been integrated into the system are working properly, efficiently and in accordance with the goals, objectives and standards of Confidential .
• Updates and monitors security systems of network infrastructure.
• Designs and implements data integrity measures as well as daily system backups.
• Collaborates with software application developers and liaisons with software vendors on matters related to product development, program updates and migration of changes from testing to the implementation stage.
• Maintains data security and ensures integrity, protection of all client information.
• Orients business units and other application users on changes in network configurations.

Confidential

System Admin

• Help negotiate hardware, software, and circuit contracts for customers.
• Configure and implement Remote Access Solution: VPN, ISDN dial up.
• Implement Cisco IOS Firewall IDS using 2600 series router.
• Network Assessment and Documentation (including technical, operational, and economic assessment).
• Configure Cisco VPN 3000 Concentrator to allow VPN clients.
• Redistribution of routing protocols and Frame-Relay configuration.
• Build and maintain Visio documentations for Clients.
• Troubleshoot Windows 2000 Servers and streamlining the user policy.
• Managing User accounts using Active Directory.
• Implementation of TCP/IP & related Services-DHCP/DNS/WINS.
• Maintained Local Area Network connectivity including switches, routers, wiring closets, and drops to the desktops.
• Provided hardware and software support to corporate users and IT staff.
• Provided technical support on hardware and software to remote production sites.
• Managing Layer 2 switches of Cisco, VLAN configuration and assigning ports to specific VLAN as per requirement.
• Configured standard and extended access-lists on network.