SUMMARY:

• 9 years of experience in designing networks for routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• Experience in configuring Site - to-site and remote access VPN solutions.
• Hands on experience on the Palo Alto firewall platforms PA-7050, PA-5050, PA-2000 series, PA-200, PA-500. In depth knowledge with installation, configuration of checkpoint firewall-1 v. 4 to NGX R65.
• Network security including NAT/PAT, ACL, PCN and ASA/PIX Firewalls.
• Good knowledge with the technologies VPN, WLAN and Multicast.
• Well Experienced in configuring protocols HSRP, GLBP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
• Expertise for defining, tracking and maintaining the standard baselines and configuration sets of all managed and/or monitored devices within SIEM zoning.
• Experience in installing and configuring DNS, DHCP server.
• Enterprise IDS (Snort SourceFire, Cisco FirePower/FireSight/ASA/NGFW, AMP, McAfee IntruShield).
• Extensive experience in configuring and troubleshooting of routing protocols RIP v1/v2, EIGRP, OSPF and BGP.
• Worked on network topologies and configurations, TCP/IP, UDP, Frame Relay, Token ring, ATM, bridges, routers, hubs and Switches.
• Configured Security policies including NAT, PAT, VPN, Route-maps, prefix lists and Access Control Lists.
• Manage security operational monitoring of IDS/IPS.
• Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240
• Experience working with Network management software NSM, SPACE, Security Director
• Implementation and Integration of Servers (Windows, Linux and Unix), Security devices like Firewall, IPS, IDS, WAF, Nessus, BluecoatProxy, F5 IDM, Symantec Endpoint Protection.
• Understanding the JUNOS platform and worked with IOS upgrade of Juniper devices
• Experience with Change management process SNOW and Project documentation tools like Excel and VISIO
• Experience in configuring all Palo alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience working with Nexus 7010, 5020, 2148, 2248 devices.
• Experience working with MDS 9000, 9124 devices.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Involved in design and deploying various network security & High availability products like Cisco ASA and other security products.
• A highly organized individual who adopts a systematic approach to problem solving, effectively analyzes results and implements solutions
• Highly motivated with the ability to work independently or as an integral part of a team and Committed to highest levels of professional.

PROFESSIONAL EXPERIENCE:

Confidential, Irving, TX

Lead VP Cyber Security

Responsibilities:

• Work with CST Engineering leadership to translate stakeholder requests into product roadmaps and specific deliverables
• Advise on CST Engineering roadmap and objectives in close partnership with architecture group
• Take ownership and drive delivery of large cross - Engineering technology launches
• Partner with technical teams to scope effort, define timelines, and set up appropriate oversight routines for Engineering efforts
• Clarify the impact of the transformational deliverables, communicate impact to stakeholders and align efforts and roadmaps to maximize success
• C-level Program Metrics: Definitions, coverage, effectiveness, efficiency, risk thresholds, KRI/KPI
• Deliver useful executive-level reporting on Engineering program, pipeline, and portfolio performance
• Collaborate effectively with stakeholders across GIS, to ensure delivery of joint deliverables
• Communicate effectively and broadly on Engineering efforts, to ensure transparency and accountability
• Required Skills:
• Driving large-scale technology solutions from concept into production

Confidential . Plano, TX

Data Network Specialist/ Data Center

• SME for Cisco ASA Firewalls for configuring, troubleshooting and administrating 25 to 30 HA pairs using ASDM and CSM .
• Develop use cases, perform analytics and alert mechanisms based on correlation of logs captured in the SIEM system, identify potential / actual incidents, activate containment procedures to prevent further breach /damage, escalate and resolve incident.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS)
• Also managed and worked on Palo Alto, checkpoint, and Juniper SRX devices.
• Team Member for the SCADA design for the Entergy in Texas Area.
• Upgraded all cisco firewalls to the latest version, configured VPN, NAT, PAT.
• Worked on remediation for all the Cisco ASAs according to the compliance recommended by client
• Investigating and researching logs using syslog server, ASDM log monitoring, log monitoring tool, SmartView tracker, PAN,
• Worked with Cisco ASA 5500-X with Firepower services, Firepower 4100
• Having a good knowledge of installing Cisco Grid Router 2000 Series in harsh, rugged environment at Entergy.
• At Entergy we used CGR to connect directly to Remote Terminal Units (RTUs), Supervisory Control and Data Acquisition (SCADA) communications pass directly to the CGR 2010 through the serial interface and can be tunneled over an IP based network using a Bisync Serial Tunnel (BSTUN)
• Also CGR 2010 GRWICs used as a terminal server to allow for a way to perform out-of-band management for multiple devices sitting behind the router
• Along with CGR also installed Cisco 2500 Series Connected Grid Switch.
• Responsible for communicating technical issues to non-technical team members and executives
• Secure Log access in EventSentry SIEM to limit access to modify logs.
• Implemented and Configured Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Design and implement firewall rules in Palo Alto firewalls in all four technologies Cisco, checkpoint, Palo Alto, Juniper SRX, Security Director.
• Decommissioning of firewall and implementing it on another firewall vendor
• Build Site to Site IPsec based VPN Tunnels between various client and business partner sites and Clustering.
• Firewall policy cleanup using firemon and Optimize firewall rule base and database. Reorder rules for optimal firewall performance.
• Data center migration including Subnet migration, VPNs migration, and Network and Security device configurations.
• Network based IDS/IPS event management and Signature Updates and making sure the false positives are filtered and investigate the critical alerts based on Source, Destination and Service.
• Responsible for Bringing up and Building out an EDGE firewall solution using Firepower 4140 firewalls with 10G interfaces.
• Troubleshooting with client for P1 to P5 level incidents.
• Closing assigned tickets on timely manner by strictly following SLA requirements.
• Actively participated in CAB calls to obtain change approvals on high risk to very high risk changes.
• Supporting McAfee Vulnerability Manager Server and providing vulnerability sets.
• Threat hunt using Carbon Black, Splunk, and various IR tools
• Working with onsite team to resolve the FW I ssues remotely.

Confidential, Irving TX

Network security Architect

• Troubleshooting issues related to Layer 1/2/3 skills like switching / routing, WAN /Hardware and critical network links by coordinating with the vendor
• Worked on Cisco Grid Router CGR 2010 and CGS 2025
• Having Data Center Design Experience, installing and Configuring Network Devices in a Data Center including patching the cables in the Patch Panel. Design and implemented network
• Implementing security Solutions using Palo alto PA 5000, Check Point Firewalls R75, R77.20 Gaia and Provider-1/MDM.
• Worked extensively in Configuring, Monitoring and Troubleshooting Juniper SRX.
• Handling enterprise outages effectively and driving towards the resolution. Coordination of fault escalations in conjunction with the 1st high-level technical management of high priority or technically complex calls.
• Experience with converting Juniper to Checkpoint in the data center environment.
• Making KPI reports for management for updates and decision-making
• Analyzed firewall logs for blocked traffic or non-compliant firewall rules that violated corporate security policy.
• Provide day-to-day support via ticket system involving various tasks such as network and server troubleshooting for connectivity problems, establishing VPN tunnels, configuring VIPs and port forwarding for web servers.
• Extensively worked on VPN configuration through CLI and GUIs, participated on parameter exchange calls, troubleshooting of VPN connectivity.
• Performed JUNOS upgrade for bug fixing, latest versions, FW compatibility
• Close monitoring through OP5 monitoring to check tunnel up/down, interface up down.
• Integration of different devices/applications/databases/ operating systems with SIEM
• Close monitoring on threats and vulnerability through IPS and IDS functionality.
• Worked with all the shifts to keep up with the data center need for 24/7 FW administration.
• Daily health check of the FWs, load balancers remotely and from the vault

Confidential

Network security Engineer

Responsibilities:

• Worked extensively on Cisco Firewalls, Cisco ASA 5500(5510/5540) Series
• Well experienced with configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Verifying and Configuring rules in firewalls.
• Used SIEM solution effectively for Log analysis and correlation to find security incidents and root cause.
• Maintaining Corporate Firewalls & Analysis of firewall logs
• Build IT security infrastructure including Checkpoint, Juniper and Palo Alto firewalls.
• Configure rules/NAT via smartdash
• Experience configuring Virtual Device Context inNexus 7010
• Worked on commissioning and decommissioning of the MPLS circuits for various field offices.
• Assessed potential network segments and made network adjustments to accommodate for proper SourceFire IPS/NGFW operation as well as sensor visibility
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configuring IPSEC VPN on SRX series firewalls
• Configuring Virtual Chassis for Juniper switches EX-4200,Firewalls SRX-210
• Installation, configuration and operation of Infoblox appliance-based DNS system, configured for HA for both internal DNS/DHCP.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, SRX, IDS/IPS, Palo Alto firewalls.
• Design, Implement & troubleshooting of Juniper switches, routers and Firewalls
• Switching tasks include VTP, ISL/ 802.1q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.
• Good knowledge in configuration of Voice VLAN’s (VOIP), Prioritizing the voice traffic over the data traffic
• Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series.
• In depth understanding of IPV4 and implementation of Subnetting.
• Responsible for Cisco ASA firewall administration across our global networks.
• Establishing VPN tunnels using IPSec encryption standards and also configured and implemented site-to-site VPN, Remote VPN

Confidential, New York, NY

Sr. Security Analyst

Responsibilities:

• Enhanced Infrastructure security by maintaining and supporting OS hardening, OS vulnerability patching.
• Worked as L1/L2 support engineer which involved daily task of workstation assembling, LAN troubleshooting, Printer configuration and server Configuration.
• Testing and monitoring applications tools.
• Working knowledge of Firewall service module FWSM UPGRADE, FWSM RULESET conversion.
• Supporting Development team for the access to corporate network and outside world. Providing access to specific IP, Port filter and port access.
• Configured and troubleshoot IPSec VPN tunneling for client machines to access organization's network.
• Coordinated and managed events and trouble tickets related to network failures and thus followed by technical support which included problem determination, customer notification and updates with regard to escalation.
• Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewall 5505.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS)
• Configured Protocol Handling, Object Grouping and NAT on ASA Firewalls

Confidential, Washington, DC

Network Engineer

Responsibilities:

• Support customer with the configuration and maintenance of PIX and ASA firewall systems.
• Assisted with various duties that will arise including: implementation, configuration, management, rules definition, problem solving, design advice, troubleshooting, updating, maintenance, etc.
• Maintenance and Troubleshooting of LAN connectivity problems using Ping, Trace route.
• Managed the IP address space using subnets and variable length subnet masks (VLSM).
• Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
• Worked along with the team in ticketing issues.
• Assisted in troubleshooting LAN & WAN connectivity and hardware issues in the network of 10000 hosts.
• Studied and analyzed client requirements to provide solutions for network design, configuration and security.
• Troubleshooting on network problems with Wireshark, identify problem and fixPerform root cause analysis on the problems coming across Project execution
• Experience with configuring BGP, OSPF on 7609 router.
• Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP.
• Configure and manage perimeter IPS infrastructure - Cisco 4240 IPS sensors.
• Performed RIP & OSPF routing protocol administration.
• Interacted with support services to reduce the downtime on leased lines.
• Dealt with creating VIP (virtual servers), pools, nodes and applying Irules for virtual servers like cookie persistency, redirection of the URL.
• Developing detailed knowledge of IOS-XR feature areas.
• Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issues
• Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issues