SUMMARY:

• Security Architect having over 11+ years of IT experience with a focus on designing and developing security solutions.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
• Experienced Checkpoint, Palo Alto & Juniper with certification for “CCSA, CCSE”
• Knowledge in planning, design, implementing and troubleshooting complex networks and advanced technologies managing the firewall deployment, rules migrations, and firewall administration.
• Thoroughly familiar with Checkpoint, Palo Alto & juniper models, capabilities, and architectures.
• VPN troubleshooting, configuration, and deployment for remote access devices CISCO Adaptive Security Appliance and PSA7000.
• Certified with VMware” VCP3,4,5: and Zsclaer cloud for Internet and Private access

TECHNICAL SKILLS:

Checkpoint: 15000,13000,12600,12200,4600,5600,2200,1100 series, SMART - I 3050, 3051

Juniper Devices: SRX3600 cluster, SRX650, SRX240 series

Palo Alto: PAN 4050, PAN 5050, PAN 5060, ParonamaPA-100, PAN 7050, I WAN

Operating System: Window 2k,3k,2008,2012 Server, Linux, UNIX (Linux, Red Hat, HP-UX)

Monitoring: Smarts, HPNA, Alogsec NetScout, HPOV, SmartsIC, Solar Winds, TCPDUMP, SkyBox, Splunk, Arcsight, SourceFire, Gigamon, rapid7

Protocols: TCP/IP, L2TP, PPTP, IPSEC, SSL, SSH, UDP, DHCP, DNS

Routing: OSPF, BGP, RIP,RIP2,EIGRP,IGRP

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

SLL VPN: ASA5555, ASA5050, SA6500, CM6500, PSA7000 series.

F5: I series, BIGIP 2000, 4000, 5000, 2000 SERIES.

Conversant in LAN, WAN, Wi: Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS

Hardware/Cloud: Checkpoint, Juniper, Palo Alto, Dell, HP, CISCO, IBM, SUN, SonicWALL, Barracuda Appliances, SOPHOS appliances, HP, DELL, IBM, AWS, Vmwear, AWS Azure

Scripting: Python, Perl, Bash, Powershell

PROFESSIONAL EXPERIENCE:

Confidential, New Castle, DE

Senior Security Architect

• Confidential is a multinational investment banking and financial services corporation. Working for L4 Securities support team for global securities infrastructure Integration & implementation.
• Participated in Installation, configuration and troubleshooting of checkpoint, Palo alto & Juniper firewall
• Participated in developing and implementing new security policies and configuration, to maintain of existing systems.
• Increased traffic load support by building out Internet Gateway Architectures in key locations; developed complex designs to ensure high availability, load balancing, traffic sharing, dynamic routing, and fail over
• Contribute to the vision, strategy, and drive execution for integrated security controls across Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS) and for Millennium’s and Amazon Web Services (AWS) efforts.
• Participated in a team responsible for the seamless transition of operational support for security devices prior to the CLIENT/VENDOR network split.
• Implemented and configured Panorama PA-100 modules for centralize Mgmt of Palo Alto security infrastructure.
• Implemented and configured 21 Smarts domain manager, muti domain manager, with logs manager for checkpoint SMART-I 3050, 3051 modules.
• Designed and Implemented Checkpoint R75.40 Secure Platform 77.20 Gaia with total 560+firewalls, Cisco ASA 5540, 5580 and VSX, Juniper SRX 3600,650 + as per the business requirements.
• Build and configured, migrate physical checkpoint firewall to VXS cluster configuration.
• Implemented new rules, policies, policy issue and tuning on Checkpoint Gaia Versions 70.30, 77.20,R75.40, R65 on the existing firewalls for a server refresh project and decommissioning of unused rules per user needs
• Upgraded Checkpoint firewalls and management servers from Splat R75.40 to Gaia R77.20 & R70.30 with MDS, MLM and Provider 1 infrastructure globally.
• Implemented checkpoint log server module i.e Smarts log, reporter, monitor, tracker etc.
• Established IPSec VPN tunnels between external vendor firewalls and corporate perimeter firewalls using Checkpoint and Cisco ASA 5500 Platform.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (110+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Configured Palo Alto Firewall for outbound SSL decryption with URL filtering.
• Migration of Palo Alto firewalls from Cisco ASA 5585 and Juniper SRX 3600 & NetScreen 5400. PANDB migration and code upgrades for Palo Alto Firewalls.
• Migration checkpoint firewall with Palo Alto with configuration and policy vice versa
• Integrated gigamon HC series appliance with checkpoint and Palo Alto firewall
• Migrated cross-platform firewall with policy and configuration so network expansion will be easy.
• Experience in multiple security areas such as firewall policy implementation, Data Loss Prevention (DLP),intrusion detection / prevention, threat and vulnerability assessment, event management (SIEM tools) Splunk, ArcSight, Source fire,and NetScout forensics and security incident response
• Implemented Data protections & Privacy regulations using SIEM application.
• Prior experience in monitoring security systems and reviewing logs for vulnerabilities
• Working on R80 & PAN OS 7 in UAT setup as deployment is planned for early next year.

Environment: Checkpoint provider-1 smarts-I3050,3051 & checkpoint firewall 15000,13000,12600,12200,4600,2200,1100 series, Juniper SRX3600 cluster, SRX650, SRX240 and NSM series, Palo Alto PAN 4050, PAN 5050, PAN 5060 Palo Alto PA100 paronoma Routing protocols: OSPF, BGP; Cisco ASA, Network Security: Ethernet, Fast Ethernet, Gigabit Ethernet, Fiber optic;

Confidential

Senior Security Architect

• Designed, Implemented and configured checkpoint R80.10 infrastructure with 200+ gateways and 10 Mgmt provider one “P1”server.
• Designed and Manage ASA 5555 with ASDM, and with Cisco Security Manager.
• Create/review/update security policies and standards for the public/private/hybrid cloud contexts
• Able to demonstrate clear understanding of current risks and threats to Cloud infrastructure and/or IT infrastructures at technical levels.
• Converted Cisco ASA 5555 policy and configuration and imported in checkpoint Infrastructure.
• Designed URLfiltering and SSL inspection policy and implanted across all 300+ site.
• Designed and Implemented Zsclarer cloud firewall with SSL inspection & URL filtering with access control rules.
• Implemented 20+ Zscaler cloud sites which is use for firewall policy “URL flitering, IPS,
• M ake changes to any other policy beyond Access Control
• Build Dashboard, reportig and Logs Mgmt for Zsclaer cloud sites.
• Providing expertise and strategic guidance on critical operations that span multiple systems and groups
• Monitoring, evaluating and remediating any health concerns of global firewalls
• Designed and Implemented, management rapid7 InsightVM and Nexpose suits for vulnerability management of server and desktop
• Proactively identify gaps, risks and issues and navigates organizational structure to resolve them.

Confidential

Senior Network Security Engineer

• Implemented multiple firewall solutions, network security, and information security practices.
• Integral part of planning, designing, implementing and troubleshooting complex networks and advanced technologies.
• Implemented Cisco Switches 6500, 4900, 4000, 3750, 3500, 2900 series switches and 7200, 2900 series routers
• Design Implemented and configuration of Juniper Net Screen Firewall ISG 1000/2000, SSG series and NSM Administration.
• Participated in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.
• Implemented and manage of Check Point firewalls, Cisco PIX, NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto IDS,
• Designed and Implemented Cisco Nexus Platform, Cisco UCS & HP Virtual Connect Flex10.
• Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance.
• Implemented network Intrusion detection/Intrusion Prevention System with firewall and external tools.
• Capturer live network LAN/WAN traffic using Wireshark to investigate issues.
• In-depth expertise with F5-BIGIP series installation, configuration and support for local traffic manager and DNS bigip. Application Security Manager
• Configured F5 BIGIP with VIP POOLS, IRULE, and SSL certification.
• Implemented TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
• Implemented IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Conduction of Security Awareness and Network training for NOC and SOC staff.
• Expert in Data Center Technologies such as vPC, VDC, VSS, STP, FCoE, OTV & FabricPath
• Experienced in Cisco Catalyst 6500 Platform and its Service Modules
• Built project plan for conducting Disaster Recovery drills and following best practices for network operations and security.
• Virtual networking knowledge with vSphere 5.x/6.x standard and distributed vSwitches and/or Cisco Nexus 1000V is required

Environment:- Cisco Routers: 7200, 2800, 2500; Cisco Catalyst switches: 3560, 3750, 4500, 6500; switches; Juniper switches: EX2200, EX2500, EX3200 and EX4200; Routing protocols: EIGRP, OSPF, BGP; Redundancy protocol: HSRP; Vlans, inter-vlan routing, STP, VTP, RSTP, PVST, NAT, PAT, ACL,IPS,IDS, Route-maps, Route redistribution, Cisco ASA, Checkpoint firewall; Load balancer: BIG-IP F5; VPN: IPSEC, SSL VPN; Tools: Cisco’s ASDM, Wireshark, MS Visio

Confidential

Global Field Services Engineer (System & Network)

• Responsible for the System and Network Management for more than 4000 local and remote system and network devices including design, implementation and 24x7 support
• Initial build for network devices such as switch and backbone configuration.
• Managing router and switch config and monitoring with local Evault application
• Worked on checkpoint R65 firewall for migration Linux and Nokia Box.
• Monitoring 28 sites and total 3080 devices with 400+ router and 300+ switch with 2000+ servers.
• Installation & Administration of Microsoft Services like DNS, DHCP, WINS, TCP/IP & IIS
• Selected from team to train on Checkpoint firewall R65 gateway.
• Involved in project to rebuild and migration on the entire checkpoint gateway

Confidential

System Administrator

• Installation, Support & Administration of Windows NT Servers Exchange 2k3 & 2k/2k3 Active Directory
• Implemented virus protection analyst using Symantec Anti-Virus 7.x to 9.x Corporate Edition for 20+ servers with 300+ clients. Install, push to NT, 2000 & XP clients, and administer Symantec System Center.
• Administration of Microsoft Windows NT/2000/2003 Server / Advance Server from scratch including un-boxing, rack mounting, loading of Operating System, deploying with MS SysPrep, patching and assuring security requirement and ongoing maintenance
• Setup the switch root with properly caballing with proper parse of wire and colure code instruction
• Involved in the implementation on setup of Domain/DSF etc.

Confidential

System Administrator

• Handling 800 HP/Compaq desktops/Laptops & 20 servers.
• 500 Users are connected to the Domain from various office locations
• Creating user Id’s in Active Directory & Creating Mail ids on Exchange server 2000
• Performing daily backup activities through VERITAS backup software Working for desktop HP Compaq, Dell
• Installing and maintaining Windows NT Workstations and Windows 2000 Professional/98/95