SUMMARY:

• Around 8 years of experience in in the field of Computer Networking, in various engineering roles including Network and Security engineering and Network Infrastructure, Routing, Switching, Firewall technologies, system design, implementation, troubleshooting of complex network systems, enterprise network security, wireless design, and data network design, capacity management and network growth.
• Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco Sourcefire IDS/IPS, Cisco Firepower and IPSEC/SSL VPN.
• Comprehensive understanding of the technologies involved with network security vendor firewall products (Cisco PIX / ASA, CheckPoint, Juniper NetScreen SSG/SRX and Palo Alto)
• Designing, Implementing and Troubleshooting Nexus models like 7K, 5K, 2K series, Cisco 3750, 3550, 3560, 2924, 4500 series, 6500 series switches.
• Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience.
• Configuring and implementing Routed and Routing protocols including: TCP/IP, RIP2, OSPF, EIGRP, BGP and MPLS.
• Network Monitoring using SNMP and other management tools such as SPLUNK, wireshark, Tufin, Algosec, Solarwinds, Remedy, Service Now, HSPM, HP NAS and Cyber Ark.
• Migrated and implemented new solutions with Cisco ASA Firewall series 5540, 5550 and 5585 with Firepower.
• Configuring Site - Site VPN on Checkpoint Firewall with R77 GAIA and Cisco ASA firewalls.
• Advanced knowledge, design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77.
• Performed firewall upgrades on different firewall vendors like Cisco, Checkpoint and Paloalto firewalls from legacy environments to latest models of the firewalls.
• Experienced in handling Panorama firewall management tool to administer Palo firewalls.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
• Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
• Extensive experience on Bluecoat ProxySG for URL and content filtering along with PAC file management.
• Experience with migrate Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA firewall experience.
• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, ISE, AAA(TACACS+ & RADIUS)
• Hands on experience with packet sniffer, TCP DUMP and Wireshark for packet monitoring.
• Troubleshooting routers and switches for network connectivity and performance issues.
• A quick and self-learner with very good communication and interpersonal skills, strong creative, analytical, and problem-solving abilities
• Excellent Team Management Skills and Customer Skills.
• Attention to Detail.

PROFESSIONAL EXPERIENCE:

Confidential, Dallas, TX

Network Security Engineer

• Perform configuration changes on Checkpoint R77 Gaia, Cisco ASA and Palo Alto on a large-scale environment.
• Experience in risk analysis, security policy, rules creation and modification of Check Point Firewall Provider-1, R75.40 SPLAT and R77 Gaia.
• Responsible for installation, configuration, maintenance and administration of Palo Alto firewalls PA-7000(7050, 7060), PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls.
• Change and Incident Management using HP Service Manager. Schedule day to day firewall related changes and seek CAB approval if required for production impacting changes.
• Responsible for installation, configuration of Checkpoint 12400, 12600, 21400 Appliances.
• Very good experience in Paloalto APP-ID, User-ID, Security profiles like Ant-virus, Anti-Spyware and Wildfire.
• Migration of firewall rules from Cisco ASA, Checkpoint to Palo Alto firewalls using PAN migration tool
• Administering and supporting Juniper SRX and SSG firewalls using cli, NSM and/or Junos Space.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall. Executed changes on various Firewalls, proxies and scripts over entire network infrastructure using Service Now ticketing tool.
• Integrating Panorama with Palo Alto Firewalls, managing multiple Palo Alto Firewall using Panorama. Provides updates and upgrades to the Palo Alto Firewall and Panorama devices.
• Involved in upgrade of Panorama to version 8.0.10.
• Supporting and troubleshooting Checkpoint (R77.10 Gaia, R77, R76, Provider-1, MDM/MDS, VSX, SPLAT and IPSO) and Cisco firewall (ASA 5550, 5540, 5520, CSM and ASDM) technologies.
• Converting Checkpoint VPN rules over to the Cisco ASA solution and migrating with both Checkpoint and Cisco ASA VPN.
• Implemented Site-to-Site VPNs between ASA Firewall and third-party vendor management devices.
• Performing packet captures using TCPDUMP, fw monitor, Snoop, wireshark and other network monitoring tools.
• Worked with Checkpoint Firewall (SPLAT/Gaia) for management (Smart Dashboard, Smart Monitor), Logging (Smart Log, Smart View Tracker)
• Implementing the Access list on day to day basis as per customer's Develop and maintain standard operating procedures, processes and guidelines for firewall operations, support and maintenance.
• Create and manage multi-national Checkpoint firewalls on a secure platform in a complex DMZ environment.
• Configure and maintain IPSEC VPN, Proxy and SSL; included advance networking and TCP/IP.
• Implement and maintain firewall rule migration, URL filtering, DLP, and rules cleanup.
• Working in Tufin secure change - firewall optimization tool to implement rules and Tufin Secure track to optimize the policies.
• Push firewall rules to live production environments during maintenance windows and open bridge conference call for testers to call in to test and troubleshoot.
• Investigate security incidents and recommend actions needed to resolve vulnerability issues.
• Perform peer review of work plans for standard changes as requested.
• Responsible for implement and configure managed Nexus switches.
• Experience of technologies including: Nexus switches (2k, 5k, 7k, 9k), and A10 load balancers.
• Perform internal / external vulnerability and Penetration tests to assess the level of exposure and risk to Tiffany. Reports are created and shared with Sr. Security Management. Utilize many open source as well a commercial tools, such as Nmap, Nessus, Qualys, Metasploit, Qradar and other tools
• Configure Bluecoat proxies using bluecoat director for content and URL filtering.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, BGP and OSPF.
• Raised RMAs (Return Merchandize Authorization) to replace the problematic Checkpoint and new items were racked and stacked in the data center

Confidential, KS

Customer Support Engineer

• Analyzed, troubleshoot, and resolved the network problems and anomalies with customer’s Cisco equipment, such as system crashes, configurations, unit installations, STP issues, network connectivity issues, topology recommendations with BGP and OSPF etc.
• Troubleshooting and diagnosis of network problems using IP tools like Ping, Trace route.
• Providing technical assistance to LAN/WAN management and complex customer issues.
• Managed the IP address space using subnets and variable length subnet masks (VLSM).
• Provide LAN connectivity for all floors of Financial Center and the Primary Data Center.