PROFESSIONAL SUMMARY:

• Network Security Engineer with 7 years’ experience with expertise in managing networking protocols; deploying, administering and migrating firewalls, also troubleshooting and supporting enterprise level networks and Data Centers.
• Responsible for Palo Alto, Check Point and Cisco ASA firewall administration across global locations.
• Experience on Palo Alto NG Firewall configurations including URL filtering, Threat prevention, Data filtering and Zone Protection.
• Sound knowledge on Panorama, Wildfire and its integration with Palo Alto Firewalls.
• Expert in configuring Security policies using App ID, Security profiles and URL category.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating VIPs, Pools& health checks.
• Deployed and managed BlueCoat Proxy SG800 as forward proxy well acquainted with functioning of reverse proxy ProxySG
• Expert level knowledge of troubleshooting, implementing, optimizing and testing routing protocols such as BGP,MP - BGP EIGRP, OSPF, and their redistribution over the networks.
• In-depth knowledge and experience in LAN and WAN technologies including MPLS, SD-WAN, DIA, Point to Point (Dark Fiber).
• Expertise in Configuration, optimization and troubleshooting of Content Delivery Network (CDN) for web caching and SSL services.
• Expertise in Redistribution, Route Filtering, Summarization, Supernetting without overlaps, PBR.
• Working experience in managing and troubleshooting the core, distribution and access switches. Also part of migrations from Cisco Catalyst to Nexus switches at access layer in complex data center environments.
• Substantial working experience on Virtual Port Channels (vPC), bonding server NICs and Virtual Device Contexts (VDC) in Nexus 7000 series switches.
• Experienced with Aruba Wireless platform (Aruba ClearPass and Aruba AirWave), Aruba Mobility controllers providing centralized internet management and also intra network access .
• Expertise knowledge on SIEM tools like Splunk, QRadar to get real-time analysis of security alerts generated by network hardware and applications. Well Acquainted with Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as IBM QRadar (SIEM), McAfee , Internet content filtering/reporting, malware code prevention HPE Fortify, Firewalls, IDS& IPS, Web Security, Anti-spam and FireEye.
• Experienced in configuring and deploying RADIUS, TACACS+ as part of AAA Architecture under multiple scenarios.
• Hands on experience in deploying IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
• Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
• Extensive knowledge on vulnerability management tools like Tenable-nessus.
• Expert level troubleshooting methodologies to isolate and identify configuration, design, and software anomalies.
• Good knowledge on WPA/WPA2 - Enterprise and its RADIUS server, along with other 802.1x protocols for authentication.
• Knowledge on different kinds of encryption and its terminology- RSA,DES and AES.
• Expert knowledge in ensuring high availability (HA) of servers using Load balancers like BIG-IP, Cisco CSS
• Experienced working in Data Centers along with different teams that deal with Storage and LAN.
• Expert level knowledge of operations like installation, maintenance of racks, stacks, and cables in Data Centers.
• Experience in SolarWinds Network Performance Monitor, Network Configuration Manager, Network Traffic Analyzer (Netflow) and IP Address Manager.
• Expertise in managing network using SNMP and other tools such as Wireshark, Tcpdump and Service Now .
• Documentation and Project Management along with drawing network diagrams using MSVISIO.

TECHNICAL SKILLS:

Firewalls: Palo Alto Networks, Cisco ASA 55XX series firewalls, Checkpoint R76, R77, Panorama M- 100.

Load Balancers: F5 Networks (Big-IP), Cisco ACE.

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 6500, 4500, 3850,3560, 3750, 2960.

Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN.

Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing.

Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging.

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W.

Wireless Technologies: Airwatch & WLC’s (8510, 5508, 5706), Cisco AironetAP’s (2600, 3600, 3700), Aruba 225, Aruba 3000 controller & Airwave.

Network Management and Packet Analyzers: SolarWinds, Wireshark, SNMP, Scapy and Tcpdump.

Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS and Linux.

Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), VMware, and Illustrator.

PROFESSIONAL RESPONSIBILITIES:

Confidential, Plano, Texas

Information Security Engineer

Responsibilities:

• Managing IT Security & Disaster recovery Management Deployment of Palo Alto Firewall into the network. Configured and wrote Access-list policies on protocol based services.
• Experience working with Palo Alto's Panorama appliance managing multiple firewalls simultaneously.
• Experience with Virtualization using Multi-VSYS on Palo Alto, Multiple Context on ASA and configured static routes on virtual routers.
• Migrating Cisco ASA 5500 firewalls to Palo Alto 5060 firewalls using PAN migration tool and expedition
• Replacing Palo Alto 5060 firewalls with 5250 firewalls on the production environment.
• Creating Application specific rules set for the traffic by customizing objects, security profiles(antimalware), service groups, dynamic block lists.
• Create new zones for segmenting the DMZ from internal network and enforcing stringent security profiles to reduce the threat landscape.
• Configure APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility and control over traffic and create custom URL-filtering profiles and use them in writing Security policy rules that allow web access to users.
• Expertise in configuring User ID both Agent based and Agentless for multiple users by using LDAP servers for authentication.
• Create Portal, configure Gateways and install the Global Protect Agent on client devices and configure two-factor authentication on those to provide VPN connections for Global Protect.
• Configured High Availability links (Active/Passive) between Firewalls to prevent a single point of failure on the network.
• Configure Log Forwarding to forward logs from the firewall to Panorama M-500 and then configured Panorama to send logs to the servers.
• Integrating the Palo Alto firewalls with Wildfire cloud inspection engine to protect against zero-day, APT and Malware threats.
• Managing location specific Cisco ASA Firewalls and also data center internet gateway firewalls.
• Performed Network address translation on Cisco ASA 8.2, 8.3 and 9.1 versions.
• Firewall policy administration and support on PIX Firewalls as well as Cisco ASA Firewalls.
• Handling new application load balancing requirements through F5 LTM devices.
• Involved in configuring and implementing of composite Network models consists of Cisco ASR 1K, 7600, 7200, 3800 series routers and Cisco 2950, 3500, 5000, 6500 Series switches.
• Designing and implementing LAN/WAN solutions across locations.
• Configured OSPF redistribution and authentication with type 3 LSA filtering to prevent LSA flooding.
• Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
• Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
• Configured NAT and SNAT in F5 12.0 LTM. Managed virtual servers in F5 12.0 LTM.
• Upgrading and deployment of Nexus 7k, 5k and 2k
• Configured VPC, FEX and VDC’s on Nexus 5K, 7K.
• Created ACI EPGs (End Point Groups) contract policies, VRFs and bridge domains for tenants
• Experience with Cisco ASR’s, Catalyst 6500 series switches, 2800 series, and 3800 series. 2900 series and 3900 series routers.
• Coordinating with service providers like AT&T, Verizon etc. for all network outages /restoration/new implementations.
• Integrating new locations with existing MPLS Network and enabling standard corporate application access.
• Implementation of Site to Site VPN s with direct vendors and customers.
• Built site-to-site IPSec VPNs over Frame-relay & MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures.
• Deployed a Cisco Identity Services Engine (ISE) solution (wired, wireless, and VPN users) for a commercial client with converged access switches and Cisco ASA firewalls.
• Responsible for Cisco ASA firewall administration across our global networks.
• Performed Network address translation on Cisco ASA 8.2,8.3 and 9.1 versions.
• Worked on Windows layered products including MS Exchange, DNS and Active Directory.
• Used Infoblox for documentation and tools updates.
• Configuration and maintain Active Directory, DNS, DHCP and Domain Controllers.
• Attending weekly CAB meetings and ensuring all changes were going through the change process.
• Capacity planning and providing recommendations for infra upgrades
• Infrastructure upgrades and new Infra deployments.
• Responsible for all aspects of TCP/IP functionality across multiple Enterprise environments.
• Performed OSPF, BGP, DHCP profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
• Configure and deployed BIG-IP LTM 6900 for providing application redundancy and load balancing.
• Used DHCP to automatically assign reusable IP addresses to DHCP clients.

Confidential, San Francisco, CA

Network Security Engineer

Responsibilities:

• Performed migrations from Check Point firewalls to Palo Alto using the PAN Migration Tool .
• Integrated wildfire to identify zero-day exploits.
• Migrated PA-4020 Firewalls to PA-5250 Firewalls.
• Enforced policy checks on north-south and east-west data center traffic.
• Assisted in VPN configuration, NAT policies, failovers, maintaining and analysis of firewall logs.
• Implemented Global-Protect VPN for mobile workforce replacing traditional Remote access VPNs.
• Configured and replaced legacy IPSec VPN for Site-To-Site network connectivity.
• Worked on DNS Sinkhole in Anti-Spyware profile of Palo Alto Firewall to identify infected hosts on network.
• Configured Panorama to send logs received from the firewalls to log servers.
• Configured SSL-Forward Proxy and SSL-Inbound inspection on Palo Alto Firewalls
• Performed firewall policy optimization using third party tools like Tufin to ensure policy auditing across our environment.
• Configured HA in Active-Passive and Active-Active mode on Palo Alto Network Firewall.
• Configured Panorama to send logs received from the firewalls to log servers.
• Installed, configured and maintained Splunk universal forwarders and indexers on various platforms.
• Deployed IBM QRadar as logging tool for an enterprise to manage its network and analyzing,collecting the events. Used QFlow processors for performing deep packet inspection of Layer 7 application traffic .
• Implemented and managed SIEM - IBM Qradar suite of products, QRadar SIEM, Qradar Vulnerability Manager (QVM), Qradar Risk Manager (QRM), Qradar Incident Forensic (QIF) , Splunk.
• Expertise in design / architecture of QRadar suite of products which includes SIEM, QRadar Vulnerabilities Manager (QVM), QRadar Risk Manager (QRM).
• Integrated other security products to QRadar SIEM through various communication protocols, event correlation for vulnerability detection and flow (JFlow, Netflow) analysis.
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as IBM QRadar (SIEM), McAfee, Internet content filtering/reporting, malware code prevention HPE Fortify, Firewalls, IDS& IPS, Web Security, Anti-spam and FireEye .
• Configured Universal forwarders from CLI and configuration files like inputs.conf, outputs.conf, server.conf, deploymentclient.conf.
• Created Reports, Pivots, alerts, advance Splunk search and Visualization in Splunk enterprise.
• Experienced in configuring and managing F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
• Dealt with WAN based support technologies like MPLS Circuits, BGP , OSPF and DMVPN
• Responsible for resolving support tickets, configuring network equipment and efficiency of the network.
• Mitigating STP attacks by enabling Root Guards , BPDU Guard, PortFast and BPDU filters as required.
• Worked with multi-vendor managed and un-managed switches.
• Involved in troubleshooting of HSRP , VRRP configuration and Virtual Port channel management in Nexus switches.
• Had experience in optimizing firewall rules using Tufin, firewall audit reports.
• Created network diagrams and documentation for design using MS VISIO.
• Troubleshooted CDN servers network performance related issues using different tools such as web analyzer, TCP dump, cache headers.
• Maintained CDN architecture and provided cloud-based security from DDos attacks to it.

Confidential

Network Engineer

Responsibilities:

• Established, managed, and optimized network uptime and provided end-user support for users.
• Worked closely with the security team on the deployment and troubleshooting of Cisco ASA firewall to apply policies.
• Establishing VPN Tunnels using IPsec encryption standards and configuring site-to-site VPN, Remote VPN.
• Administration and configuration of Cisco Firewalls as well as NAT’s.
• Troubleshooting connectivity, routing and configuration issues with routers, switches, Cisco firewalls and complex network issues.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA Firewalls.
• Involved in Installing and Configuring a Cisco secure ACS server for AAA authentication.
• Provide Tier III Level Load Balancer expertise on F5 Big IP Local Traffic Managers (LTM).
• Conducted security audits of perimeter routers to identify missing ACL’s.
• Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, route maps and prefix-lists.
• Configured whole routing access to the local network infrastructure by implementing OSPF as the major routing protocol.
• Configured VLAN trunking 802.1q and VLAN routing on Cisco 5500 catalyst switches.
• Worked with Link aggregation protocols (LACP/PAGP).
• Established, managed, and optimized network uptime and supplied end-user assistance for users.
• Used MD5 authentication for VTP, disabling all unused ports, keeping them in unused VLAN and ensuring DHCP attack prevention wherever required.
• Establishing VPN Tunnels using IPsec encryption standards and configuring site-to-site VPN, Remote VPN.
• Worked on service request tickets such as troubleshooting, maintenance upgrades, patches and solutions with all round technical support.
• Involved in the installation and administration of IP telephony and VoIP communications using Cisco's CUCM and Unity platform.

Confidential

Jr. Network Engineer

Responsibilities:

• Configured Routing Protocols like EIGRP, and OSPF.
• Implemented the concept of Route Redistribution between different routing protocols.
• Responsible for day-to-day management of Cisco Devices, Traffic management and monitoring.
• Set up and troubleshoot secured wireless access points for broadband Internet.
• Configured & maintained LAN, WAN, VPN, and WLAN on Cisco Routers.
• Configured network access servers and routers for AAA Security (TACACS+).
• Managing and configuring of Wide Area Networking Protocols like HDLC, PPP.
• Configuring Routing Protocols like EIGRP, BGP, and OSPF
• Dealt with NAT configuration and its troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.
• Performed troubleshooting in TCP/IP related problems and connectivity issues.
• Configured STP for loop prevention.
• Worked on optimization of the network performance by troubleshooting network issues and outages by participating with the network architects.
• Used Wireshark to analyze and Nmap to monitor and troubleshoot networks.
• Involved in configuration and management of different Layer 2 switching tasks, which includes address learning, efficient switching etc.