- CCNA, CCNP certified Dynamic and versatile Network Security Administrator/ Engineer with 8+ years of outstanding knowledge, skills and expertise, dedicated and committed to providing excellent interconnectivity and networking services, network security and solving networking problems.
- In - depth knowledge of network security architecture and protocols, security vulnerabilities, network security, and application security .
- Experience in routing, switching, firewall technologies, system design, implementation, troubleshooting of complex network systems, enterprise network security, wireless design, data network design, capacity management and network growth.
- Experience on Cisco 7200, 3800, 3600, 2900, 2800, 2600, 1800 series Router and Cisco 2900, 3500, 4500, 5500, 6500 series switch.
- Experienced network security engineer with proficiency in installing, upgrading, troubleshooting, configuring, and supporting variety of Network & Security Devices.
- Experienced firewall engineer with advanced knowledge of Checkpoint, Fortinet, Cisco ASA 5500 series, JUNOS and Palo Alto PA-200.
- In-depth knowledge and experience in LAN/WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS and Frame Relay.
- Experience with CISCO NEXUS data center infrastructure with 9k, 7k, 5k,2k and IK series switches including CISCO NEXUS Fabric Extender.
- Experience of routing protocols like EIGRP, OSPF, RIP, BGP and MPLS.
- Sound knowledge of virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.
- Expertise on Cisco IOS, Cisco ISO-XR Cisco NX-OS, JUNOS.
- Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 9K, 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches.
- Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
- Experience with Bluecoat Proxy servers, LAN & WAN management.
- Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
- Knowledge of implementing and troubleshooting complex L2/L3 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP, MPLS and MST.
- Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Palo Alto and Checkpoint.
- Experience in designing and deploying enterprise network security and high availability on Palo Alto NGFW's and Cisco ASA.
- Proficiency with Cisco Security SDM, NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cryptography, VPN, IPsec.
- Experience with f5 load balancers - LTM, GTM series like 6400, 6800.Worked with load balancers to manage corporate applications and their availability.
- Hands-On experience working with firewall models such as Palo Alto's PA-3K and the PA-5K Series Firewalls.
- Experiences also includes working with Checkpoint R77 Series, Cisco ASA 55XX and the Fortinet's 51B, 300C Firewall Series.
- Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k, PA-6k) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
- Experienced in the evaluation, testing, configuration and implementation of Palo Alto firewall security solutions across enterprise networks .
- Experience with Juniper MX480, MX240, MX80 series routers.
- Well experienced in configuring protocols like HSRP, GLBP, VRRP, ICMP, IGMP and SNMP.
- Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
- Good knowledge in Network function virtualization.
- Experience to install & migrate the infrastructure on Amazon Cloud Service - AWS.
- Experience with the Infoblox IP Address Management tool.
- Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks .
- Experience on Virtual Private Network (VPN) for operating Network and Data Center
- Installation, Configuration and Administration of VMware, VSphere4, ESX 3.5 and ESXi Server, VMware View.
- Excellent troubleshooting skills; tenaciously committed to the thorough resolution of technical issues.
- Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
- In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, VLSM, TCP/IP, NAT, DHCP, DNS, FT1/T1/FT3/T3 SONET POS OCX / GigE circuits.
- Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
- Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers, SharePoint, File and Print and FTP/SFTP servers.
- Great team player and able to work under pressure 24x7 duty rotation.
Cisco &other vendor Equipment: Nexus 9K, 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4500, 4900, 3750, 3500, 4500, 2900 series). PIX Firewall (506/515/525/535 ), ASA (5505/5510/5580 ), Cisco ICE, Cisco VoIP, Cisco ACE Load Balancers and Checkpoint (IP Series/NGX R65/IPSO)
RIP, IGRP, EIGRP, OSPF, IS: IS, BGP, HSRP, VRRP & GLBP
Firewalls: Cisco ASA Firewall, Firepower, Fortinet, Palo Alto, Juniper SRX, Checkpoint
Network Tools: Solar Winds, SNMP, Cisco Works, SIEM, Wireshark
Load Balancers: Cisco CSM, F5 Networks (Big-IP), A10
Network Management: Solar Winds, SNMP, Cisco Works, Wireshark
Infrastructure services: DHCP, DNS, SMTP, FTP, and TFTP
LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q Frame Relay, ISDN, ATM, MPLS, SD WAN, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET
Network Security: NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Dynamic, Palo Alto firewalls, Aruba Clearpass, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)
Cisco IOSXR, PAN: OS, Cisco Cat OS, NX-OS, AWS, Cisco IOS (11.x, 12.x) PIX IOS (6.7.x), CAT-OS UNIX, LINUX, Windows XP, NT, 2000, 2003
Documentation: MS Office, MS Visio and Excel
Network Security: NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Dynamic, Palo Alto firewalls, Aruba Clear pass, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)
Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, Unix
Confidential, Austin, TX
Sr. Network Security Engineer
- Implementation, Configuration and Support of Checkpoint (NGX R65, R70 and R71), Juniper Firewalls (SRX5400, SRX5600, and SRX5800), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks Firewall models (PA-2k, PA-3k, and PA-5 k).
- Using Smart Update, User Management and Authentication in Checkpoint Firewall.
- Maintained Bluecoat proxy manager.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
- Implemented application based policy and URL filtering, Threat prevention, Data filtering policies (Palo Alto, Juniper) with Multiple gateways in cluster for granting access to the business vendors. Good knowledge in SDN (Software defined networking)
- Conducted Network security monitoring analysis (SCM) by using the software's.Using Smart Update, User Management and Authentication in Checkpoint Firewall.
- Checkpoint Firewalls, Firemon, VPN, Datacenter, Cisco, Nexus, ACS, WAN Optimization, Riverbed Cascade, Riverbed Profiler, Net flow, Planning, Budgeting, Supervising, Setting Standards, Documenting MOP.
- Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
- Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
- Administration, Engineering, and Support for various technologies including proficiency in LAN/WAN, routing, switching, security, application load balancing and wireless.
- Responsible for Checkpoint and Cisco firewall administration across global networks .
- Worked on Cisco Catalyst Switches 6500/4500/3500 series.
- Policy development and planning / programming on IT Security, Network Support and Administration.
- Creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 in LTM module.
- Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager.
- Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic basis.
- Researched, designed, and replaced Checkpoint firewall architecture with Palo Alto's NGFW Next-Generation Firewalls.
- Implemented Site-To-Site VPN on Palo alto, Checkpoint, Cisco ASA firewalls.
- Worked on Cisco 7200, 3800, 3600 series Router and Cisco 4500, 5500, 6500 series Switch.
- Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
- Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800) Cisco Router and Switches, Juniper Routers.
- Configured RIP, PPP, BGP and OSPF routing, and Involving in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4. Configured IP access filter policies and Creating and provisioning Juniper SRX firewall policies.
- Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
- Perform root cause analysis on the problems coming across Project execution.
- Maintained a BGP/MPLS infrastructure.
- Identify, design and implement flexible, responsive, and secure technology services.
- Implemented Positive Enforcement Model with the help of Palo Alto Networks .
- Responsible for maintenance of F5 LTM and GTM load balancers including upgrades, patches and creation of complex VIP and WIP configurations.
- Security policy review and configuration in Palo Alto and Juniper SRX Firewall in US offices and Datacenter.
- Worked on F5 BIG-IP Load balancer LTM/GTM for application redundancy and high availability.
- Responsible for Checkpoint and Cisco ASA firewall administration across global networks .
- Provided proactive threat defense with ASA that stops attacks before they spread through the network .
- Checkpoint R 77.10/.20 Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network .
Environment: F5 Load Balancer, Cisco ASR 1001/ISR 7206/3845/3945/2951 routers, AWS VPC, NEXUS 7010, 5020 00 / 50 / 3850 switches, TACACS, BGP, SD-WAN, OSPF, Mobile Iron, Palo Alto, Cisco ASA 5580/5505/5520 , Cisco ACE.
Confidential, Austin, TX
Sr. Network Security Engineer
- Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).
- Involved in Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter VLAN routing, LAN security etc.
- Implemented with Cisco Layer 3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, HSRP, ISL trunk, ether channel.
- Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, EtherChannel implementation on ASR 9K redundant pair.
- Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment.
- Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series, Access control lists, ISDN, ATM, load balancing switches and configured IPX/SPX, HDLC, BGP, EIGRP, OSPF and VRRP on various sites.
- Setup simplified and traditional VPN communities, and Cisco Any connect.
- Responsible for the secure development lifecycle environment form NX-OS to Application Centric Infrastructure (ACI) in Data center, implemented in the lab environment.
- Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
- Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
- Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto.
- Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
- Configured systems log on the Palo Alto firewall and moved the logs to Splunk.
- Worked with Palo Alto firewalls PA 5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
- Worked extensively in Configuring, Monitoring and Troubleshooting Palo Alto with ACL, NAT, Object Groups, Failover and Multi-Contexts.
- Configured, troubleshoot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, hardware or software problems.
- Implementing and troubleshooting (on-call) IPSec VPNs for various business lines and making sure everything is in place. Implementing IPSec and GRE tunnels in VPN technology. Designed, configured, implemented site-site VPN on Cisco ASA 5500 firewall.
- Worked with Data Center Network Manager offers intuitive, multi-fabric topology which supports VXLAN, Layer 2, Virtual Port Channel, Virtual Device Context, Virtual SAN.
- Configured Trunk ports and implements granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network.
- Installing and configuring new Cisco equipment including Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per the requirement of the Organization.
- Worked as a part of data center deployment where we converted from Cisco 6500 to Nexus.
- Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
- Monitored and managed networks using Cisco Works tools and Wireshark.
- Utilize network monitor tools such as Solar Winds to track network problems and outages.
- Support customer with the configuration and maintenance of ASA firewall systems. Troubleshooting of protocol-based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow.
- Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.
- Managing and providing support to various project teams with regards to the addition of new equipment such as routers switches and firewalls to the DMZs.
Environment: Cisco Switches 3750, 4500, 6500 series, Cisco catalyst switches series 6500, 3750, 3550, Access control lists ISDN, Cisco 7206/3845/3945/2951 routers, NEXUS 7010,5672UP, 2248/6500/4500/3750/3850 switches, AWS (Amazon Web Server), SD-WAN, TACACS, IPX/SPX, HDLC, BGP, EIGRP, OSPF and VRRP and Vulnerability Assessment tools like Nessus, VPN’s, and SSL.
Confidential, Dell City, OK
- Assisted in troubleshooting LAN connectivity and hardware issues in the network of 500 hosts.
- Performed client requirements to provide solutions for network design, configuration, administration, and security .
- Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
- Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
- Created a backup and recovery policy for software application and verified peripherals are working properly.
- Monitor performance of network and servers to identify potential problems and bottleneck.
- Performed RIP & OSPF routing protocol administration. Support services to reduce the downtime on leased lines.
- Troubleshoot problems day to day basis & provide solutions that would fix the problems within their Network .
- Maintenance and Troubleshooting of connectivity problems using Ping, Traceroute.
- Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issue Other responsibilities included documentation and support other teams.
- Designed and Implemented plan for migration from existing Catalyst switches to Nexus and configured NX-OS Virtual Port Channels, Nexus port profiles, Nexus VPC peer links on Nexus 5k and 7k.
- Acquitted with Cisco Meraki for Cisco Wireless Devices Monitoring, managing and troubleshooting Cisco Wireless devices using Cisco Meraki.
- Cisco ASA/Checkpoint, Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network .
- Supported and executed migration to F5 BIG-IP LTM/GTM ADC Appliances from Citrix NetScaler
- Maintained BIG IP F5 APM VPN and provided solutions for intricate issues.
- Participated in the installation, configuration, and post-installation routine operational tasks and configuration of the Cisco Nexus Switches.
- Worked with Host Master for shared web hosting and managed Web Application Firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark
- Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH)
- Provided full visibility and notification of authorized and unauthorized network access with the integration of Cisco ASA and NAC solutions. Performed Load balancing using F5 BIG-IP LTM ADC 6400, Cisco ACE 4710.
- Provided redundancy in a multi-homed Border Gateway Protocol (BGP) network by tunings AS-path
- Designed and implemented VLAN using Cisco switch catalyst 1900, 2900, 5000 & 6000 series.
- Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
- Responsible for Checkpoint, ASA, Palo Alto Firewall management and operations across global networks .
- Analyzed customer application and bandwidth requirements, ordered hardware and circuits and built cost-effective network solutions to accommodate customer requirements and project scope.
- Configured routers and coordinated with LD Carriers and LECs to turn-up new WAN circuits. Configuring,
- Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and troubleshooting. Responsible for implementing QoS parameter on switching configuration.
- Involved in Design and Implementation of complex networks related to extranet clients.
- Troubleshooting the N/W Routing protocols (BGP, EIGRP, and OSPF) in Migrations and new client connections.
- Manage operational monitoring of equipment capacity/utilization and evaluate the need for upgrades; develop methods for gathering data needed to monitor hardware, software, and communications network performance.
- Worked towards the key areas of the project to meet SLA's and to ensure business continuity. Involved in meetings with engineering teams to prepare the configurations according to the requirement.
- Creating change tickets according to the scheduled network changes and implementing the changes.
- Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
Environment: LAN/WAN, Cisco 2600, 2800, 3600 routers with HSRP, IOS TFTP, OSPF, NEXUS VPC, Nexus 5k,7k, Cisco ASA, Checkpoint, Palo alto, IP, F5 BIG-Ip LTM/GTM, ADC, VLN, DNS, DHCP, SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH, F5 BIG-IP LTM ADC 6400, Cisco ACE 4710, VLAN using Cisco switch catalyst 1900, 2900, 5000 & 6000 series, RIP, EIGRP, OSPF, BGP routing protocols, F5 Load balancing, IDS/IPS, Bluecoat proxy servers.