Senior Security Architect Resume
New Castle, DE
SUMMARY:
- Security Architect having over 11+ years of IT experience with a focus on designing and developing security solutions.
- Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
- Experienced Checkpoint, Palo Alto & Juniper with certification for “CCSA, CCSE”
- Knowledge in planning, design, implementing and troubleshooting complex networks and advanced technologies managing the firewall deployment, rules migrations, and firewall administration.
- Thoroughly familiar with Checkpoint, Palo Alto & juniper models, capabilities, and architectures.
- VPN troubleshooting, configuration, and deployment for remote access devices CISCO Adaptive Security Appliance and PSA7000.
- Certified with VMware” VCP3,4,5: and Zsclaer cloud for Internet and Private access
TECHNICAL SKILLS:
Checkpoint: 15000,13000,12600,12200,4600,5600,2200,1100 series, SMART - I 3050, 3051
Juniper Devices: SRX3600 cluster, SRX650, SRX240 series
Palo Alto: PAN 4050, PAN 5050, PAN 5060, ParonamaPA-100, PAN 7050, I WAN
Operating System: Window 2k,3k,2008,2012 Server, Linux, UNIX (Linux, Red Hat, HP-UX)
Monitoring: Smarts, HPNA, Alogsec NetScout, HPOV, SmartsIC, Solar Winds, TCPDUMP, SkyBox, Splunk, Arcsight, SourceFire, Gigamon, rapid7
Protocols: TCP/IP, L2TP, PPTP, IPSEC, SSL, SSH, UDP, DHCP, DNS
Routing: OSPF, BGP, RIP,RIP2,EIGRP,IGRP
Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging
SLL VPN: ASA5555, ASA5050, SA6500, CM6500, PSA7000 series.
F5: I series, BIGIP 2000, 4000, 5000, 2000 SERIES.
Conversant in LAN, WAN, Wi: Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS
Hardware/Cloud: Checkpoint, Juniper, Palo Alto, Dell, HP, CISCO, IBM, SUN, SonicWALL, Barracuda Appliances, SOPHOS appliances, HP, DELL, IBM, AWS, Vmwear, AWS Azure
Scripting: Python, Perl, Bash, Powershell
PROFESSIONAL EXPERIENCE:
Confidential, New Castle, DE
Senior Security Architect
- Confidential is a multinational investment banking and financial services corporation. Working for L4 Securities support team for global securities infrastructure Integration & implementation.
- Participated in Installation, configuration and troubleshooting of checkpoint, Palo alto & Juniper firewall
- Participated in developing and implementing new security policies and configuration, to maintain of existing systems.
- Increased traffic load support by building out Internet Gateway Architectures in key locations; developed complex designs to ensure high availability, load balancing, traffic sharing, dynamic routing, and fail over
- Contribute to the vision, strategy, and drive execution for integrated security controls across Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS) and for Millennium’s and Amazon Web Services (AWS) efforts.
- Participated in a team responsible for the seamless transition of operational support for security devices prior to the CLIENT/VENDOR network split.
- Implemented and configured Panorama PA-100 modules for centralize Mgmt of Palo Alto security infrastructure.
- Implemented and configured 21 Smarts domain manager, muti domain manager, with logs manager for checkpoint SMART-I 3050, 3051 modules.
- Designed and Implemented Checkpoint R75.40 Secure Platform 77.20 Gaia with total 560+firewalls, Cisco ASA 5540, 5580 and VSX, Juniper SRX 3600,650 + as per the business requirements.
- Build and configured, migrate physical checkpoint firewall to VXS cluster configuration.
- Implemented new rules, policies, policy issue and tuning on Checkpoint Gaia Versions 70.30, 77.20,R75.40, R65 on the existing firewalls for a server refresh project and decommissioning of unused rules per user needs
- Upgraded Checkpoint firewalls and management servers from Splat R75.40 to Gaia R77.20 & R70.30 with MDS, MLM and Provider 1 infrastructure globally.
- Implemented checkpoint log server module i.e Smarts log, reporter, monitor, tracker etc.
- Established IPSec VPN tunnels between external vendor firewalls and corporate perimeter firewalls using Checkpoint and Cisco ASA 5500 Platform.
- Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (110+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
- Configured Palo Alto Firewall for outbound SSL decryption with URL filtering.
- Migration of Palo Alto firewalls from Cisco ASA 5585 and Juniper SRX 3600 & NetScreen 5400. PANDB migration and code upgrades for Palo Alto Firewalls.
- Migration checkpoint firewall with Palo Alto with configuration and policy vice versa
- Integrated gigamon HC series appliance with checkpoint and Palo Alto firewall
- Migrated cross-platform firewall with policy and configuration so network expansion will be easy.
- Experience in multiple security areas such as firewall policy implementation, Data Loss Prevention (DLP),intrusion detection / prevention, threat and vulnerability assessment, event management (SIEM tools) Splunk, ArcSight, Source fire,and NetScout forensics and security incident response
- Implemented Data protections & Privacy regulations using SIEM application.
- Prior experience in monitoring security systems and reviewing logs for vulnerabilities
- Working on R80 & PAN OS 7 in UAT setup as deployment is planned for early next year.
Environment: Checkpoint provider-1 smarts-I3050,3051 & checkpoint firewall 15000,13000,12600,12200,4600,2200,1100 series, Juniper SRX3600 cluster, SRX650, SRX240 and NSM series, Palo Alto PAN 4050, PAN 5050, PAN 5060 Palo Alto PA100 paronoma Routing protocols: OSPF, BGP; Cisco ASA, Network Security: Ethernet, Fast Ethernet, Gigabit Ethernet, Fiber optic;
Confidential
Senior Security Architect
- Designed, Implemented and configured checkpoint R80.10 infrastructure with 200+ gateways and 10 Mgmt provider one “P1”server.
- Designed and Manage ASA 5555 with ASDM, and with Cisco Security Manager.
- Create/review/update security policies and standards for the public/private/hybrid cloud contexts
- Able to demonstrate clear understanding of current risks and threats to Cloud infrastructure and/or IT infrastructures at technical levels.
- Converted Cisco ASA 5555 policy and configuration and imported in checkpoint Infrastructure.
- Designed URLfiltering and SSL inspection policy and implanted across all 300+ site.
- Designed and Implemented Zsclarer cloud firewall with SSL inspection & URL filtering with access control rules.
- Implemented 20+ Zscaler cloud sites which is use for firewall policy “URL flitering, IPS,
- M ake changes to any other policy beyond Access Control
- Build Dashboard, reportig and Logs Mgmt for Zsclaer cloud sites.
- Providing expertise and strategic guidance on critical operations that span multiple systems and groups
- Monitoring, evaluating and remediating any health concerns of global firewalls
- Designed and Implemented, management rapid7 InsightVM and Nexpose suits for vulnerability management of server and desktop
- Proactively identify gaps, risks and issues and navigates organizational structure to resolve them.
Confidential
Senior Network Security Engineer
- Implemented multiple firewall solutions, network security, and information security practices.
- Integral part of planning, designing, implementing and troubleshooting complex networks and advanced technologies.
- Implemented Cisco Switches 6500, 4900, 4000, 3750, 3500, 2900 series switches and 7200, 2900 series routers
- Design Implemented and configuration of Juniper Net Screen Firewall ISG 1000/2000, SSG series and NSM Administration.
- Participated in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.
- Implemented and manage of Check Point firewalls, Cisco PIX, NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto IDS,
- Designed and Implemented Cisco Nexus Platform, Cisco UCS & HP Virtual Connect Flex10.
- Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance.
- Implemented network Intrusion detection/Intrusion Prevention System with firewall and external tools.
- Capturer live network LAN/WAN traffic using Wireshark to investigate issues.
- In-depth expertise with F5-BIGIP series installation, configuration and support for local traffic manager and DNS bigip. Application Security Manager
- Configured F5 BIGIP with VIP POOLS, IRULE, and SSL certification.
- Implemented TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
- Implemented IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
- Conduction of Security Awareness and Network training for NOC and SOC staff.
- Expert in Data Center Technologies such as vPC, VDC, VSS, STP, FCoE, OTV & FabricPath
- Experienced in Cisco Catalyst 6500 Platform and its Service Modules
- Built project plan for conducting Disaster Recovery drills and following best practices for network operations and security.
- Virtual networking knowledge with vSphere 5.x/6.x standard and distributed vSwitches and/or Cisco Nexus 1000V is required
Environment:- Cisco Routers: 7200, 2800, 2500; Cisco Catalyst switches: 3560, 3750, 4500, 6500; switches; Juniper switches: EX2200, EX2500, EX3200 and EX4200; Routing protocols: EIGRP, OSPF, BGP; Redundancy protocol: HSRP; Vlans, inter-vlan routing, STP, VTP, RSTP, PVST, NAT, PAT, ACL,IPS,IDS, Route-maps, Route redistribution, Cisco ASA, Checkpoint firewall; Load balancer: BIG-IP F5; VPN: IPSEC, SSL VPN; Tools: Cisco’s ASDM, Wireshark, MS Visio
Confidential
Global Field Services Engineer (System & Network)
- Responsible for the System and Network Management for more than 4000 local and remote system and network devices including design, implementation and 24x7 support
- Initial build for network devices such as switch and backbone configuration.
- Managing router and switch config and monitoring with local Evault application
- Worked on checkpoint R65 firewall for migration Linux and Nokia Box.
- Monitoring 28 sites and total 3080 devices with 400+ router and 300+ switch with 2000+ servers.
- Installation & Administration of Microsoft Services like DNS, DHCP, WINS, TCP/IP & IIS
- Selected from team to train on Checkpoint firewall R65 gateway.
- Involved in project to rebuild and migration on the entire checkpoint gateway
Confidential
System Administrator
- Installation, Support & Administration of Windows NT Servers Exchange 2k3 & 2k/2k3 Active Directory
- Implemented virus protection analyst using Symantec Anti-Virus 7.x to 9.x Corporate Edition for 20+ servers with 300+ clients. Install, push to NT, 2000 & XP clients, and administer Symantec System Center.
- Administration of Microsoft Windows NT/2000/2003 Server / Advance Server from scratch including un-boxing, rack mounting, loading of Operating System, deploying with MS SysPrep, patching and assuring security requirement and ongoing maintenance
- Setup the switch root with properly caballing with proper parse of wire and colure code instruction
- Involved in the implementation on setup of Domain/DSF etc.
Confidential
System Administrator
- Handling 800 HP/Compaq desktops/Laptops & 20 servers.
- 500 Users are connected to the Domain from various office locations
- Creating user Id’s in Active Directory & Creating Mail ids on Exchange server 2000
- Performing daily backup activities through VERITAS backup software Working for desktop HP Compaq, Dell
- Installing and maintaining Windows NT Workstations and Windows 2000 Professional/98/95