SUMMARY:

• Network Engineer with around 6 years of experience in the industry, which includes expertise in the areas of Security, Routing & Switching
• Expert level knowledge in Palo Alto Network Security Device Configuration of Security Rules, QoS Rules, User ID agents, Packet Capturing and analyzing logs using various tools like NMAP, Solar Winds, Wireshark, Qradar and Splunk.
• Expert Level Knowledge about TCP/IP and OSI models.
• Configuring and troubleshooting Cisco 1800, 1900, 2600, 2800, 2900, 3800, 3900,4000 and ASR 1001,800 series routers; Cisco 2960, 3750,3850, 6500 series catalyst switches and Nexus 2000, 5000, 7000,9000 series switches, Checkpoint NG R55, NGX R60. R71, R75, R75.40, R7 .30, R80.10.
• Experience in configuring and troubleshooting F5 and Cisco load balancers
• Expert level knowledge of Datacenter routing and switching
• Implementation traffic filters on Cisco routes using Standard, extended Access list.
• In - depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
• Monitored and enforced email traffic including HIPAA compliance on Cisco IronPort, as well as responsible for Sourcefire IPS.
• Working knowledge of security products such as Cisco ISE.
• Hands on experience in configuring QoS on Cisco Routers/Switches.
• Hands on experience configuring Cisco ASA and checkpoint firewalls
• Hands on experience in configuring Checkpoint R7 .30, R80.10, Cisco Firewalls.
• Palo alto installation, configuration, administration, monitoring and implementing the policies on 3060,5220 and 5060.
• Experience in working with video from end-point in the network to the backend.
• 3 years of experience in working with operating systems like Linux, Unix and Ubuntu
• Ability to write detailed technical documentation Perform queue management for alarms, tasks, and incidents and participate in ongoing deployment projects

TECHNICAL SKILLS:

Routers: Cisco 17XX, 18XX, 26XX, 28XX, 37XX, 38XX, 39XX, 4000, 72XX,76XX ASR 1001,9k 800 series. Juniper MX 480,960 routers

Switches: Cisco 3550, 3750, 3850, 45XX, 65XX, 6880, Nexus 7K, 5K, 2K, 9K series switches.

Load Balancer: Cisco CSS, Cisco ACE, F5 LTM (2000s, 5250v, 10250v) and GTM (4200v), Citrix NetScaler

WAN Optimization: Cisco WAAS, Riverbed

Network Security: SSH, ACL's, IDS/IPS, IPSec, VPN, Port Security, AAA (RADIUS TACACS+), Bluecoat Proxy SG.

Firewall: Cisco 5505, 5515, 5520,5585, Check point, Palo Alto, Cisco ASA

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST, RSTP, MST, Inter VLAN routing & Multi-Layer Switching, Multicast Operations, Layer 3 Switches, Ether channels, Transparent Bridging, PVLAN, DTP, vPC, VDC

LAN: Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring

Fiber Channel, Fiber Channel over Ethernet, iSCSI, DHCPWAN: Leased lines 64k - 155Mb (PPP / HDLC), Channelized links (E1/T1/E3/T3), Fiber Optic Circuits, Frame Relay, ISDN, MPLS, V-SAT

Web filtering:: Cisco Ironport and Websense

Features & Services: IOS and Features, HSRP, GLBP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, NFS

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Monitoring & Network tools:: Wireshark, HP Open View, HP - Intelligent management center, SolarwindsAccelOps, Infoblox, Netscott, Cisco Prime

Programming languages: C, python, XML, Java

General Tools:: Visio, Word, Excel PowerPoint, MS project

PROFESSIONAL EXPERIENCE:

Confidential, Foster City, CA

Network Security Engineer

Responsibilities:

• Evaluating, designing and implementing complex network and security solutions based on customer requests and needs.
• Implementation of new firewalls in the network as well as in place upgrades and migrations.
• Primarily support Palo Alto firewalls in the network.
• Firewall Policy Provisioning and troubleshooting connectivity issues through security gateways.
• Convert user requests into firewall policy changes and schedule them using ticketing system
• Firewall Rule base clean up and Performance Tuning using Tufin Secure Track.
• Navigated through Algosec and Palo Alto, Checkpoint to find risky ports and unused firewall rules to help with firewall audit.
• Utilized the Blue Coat Proxy Web Security, SIEM, SOC, Malware Tracking, Rapid7-NeXpose, and Tuffin, IPS/IDS, Nessus Tenable, Retina, Solaris OS for addressing the PCI DSS and Compliance and Cryptographic Services.
• Work with users to troubleshoot any connectivity issues between application, database and web tier for access list, NAT and routing issues.
• Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH).
• Manage the Cisco Identity Services Engine ( ISE) for access to network devices, manage authentication for users and endpoints.
• Used Cisco ISE to grant authenticated users with access to specific segments of the network, or specific applications and services, or both, based on authentication results.
• Migrating Palo Alto 5220 & 5060 firewalls and configuring IPS/IDS and content Filtering
• Implemented Antivirus, Web filters, IPS/IDS email and DLP filter and DDOS policy on the Fortinet.
• In-depth knowledge and hands-on experience in ISP Routing Policies, Network Architecture, IP Sub netting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls. Hands on experience with HP Tipping Point IPS.
• Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• Deployed Active Directory with the IronPort appliance to achieve user/machine-based authentication.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Configuring Palo Alto Firewalls with multiple zones based on traffic segregation requirements including DMZ and perimeter.
• Manage Network with Gigamon Monitoring and management HC2 Optimization Palo Alto: Analyze logs and events from the solution and provide threat analysis reports.
• Work with different types of NAT on PAN devices. Source/Destination based NAT for custom NAT.
• Work with App-ID for application visibility and URL Filtering on PAN devices
• Experience configuring and troubleshooting active/passive HA on Palo Alto Devices.
• Managing and administering Cisco ASA Firewalls Policy using Cisco CSM Cisco Security Manager
• Tweaking Application inspection on ASA Firewall for any conflict of ports with default app ports
• Configure Stateful Failover of firewalls (Active/Active & Active/Standby) for high availability.
• Troubleshooting of traffic using Packet Capture and analyse using Wire shark
• Create and maintain comprehensive documentation for all implemented networks (Using Visio Software to update client network diagrams).
• Perform hardware and software upgrades to network devices, including Cisco Nexus Switches as well as Catalyst 6500, 3750, and 3560 switches, as well as Cisco 7200, 3800, and 2800 series routers.
• Fulfilling service requests for infrastructure services
• Setting up multiple Site to Site VPNs to maintain high availability for customers.
• Taking initiative on special projects to improve the overall operation and move the group forward on new technologies, areas of expertise and overall business growth.

Confidential, Detroit, MI

Network Security Engineer

Responsibilities:

• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering)
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Center
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Palo Alto installation, configuration, administration, monitoring and implementing the policies in Palo Alto 3020 and 5250.
• Installs and configures software and hardware where applicable for administering Windows, Linux and Solaris servers for storage and Symantec NetBackup administrative purposes. Allocates storage and configures storage on Windows and Solaris servers. Uses server utilities to resolve, configure and troubleshoot connectivity and performance issues.
• Extensively worked in network performance testing, administration, installation, maintenance, troubleshoot of Advanced TCP/IP management, IP Addressing & subnetting VLSM, CIDR, LAN/WAN.
• Extensively worked on TCP/IP networks, Win NT (WINS/DNS/DHCP) UNIX (NIS, NFS, SSH & Samba), LAN/WAN Technology, messaging services and Internet Services (DNS, SMTP, POP3/IMAP4, Send mail, Web, Proxy, Radius).
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Deployed Palo Alto for web filtering and application control.
• Configured and troubleshooting BGP, EIGRP, ACI Fabric (Layer 2 and Layer 3), VoIP, MPLS WAN, IPsec VPN, IPv4, IPv6, SNMPv2 and SNMPv3, IDS/IPS, STP, vPC, Port channel, VLAN, QoS and Route Maps.
• Manage Palo Alto Firewalls using Panorama configuring Device Groups and Templates.
• Configured and monitored Firewall logging, DMZ's and related security policies.
• Active participation in the migration of cisco ASA 5040 to Palo alto.
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R75 firewalls.
• Using AlgoSec Fire Flow and Analyzer for implementing the simple changes.
• Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management, and reporting tools Orion and AlgoSec.
• Monitoring network access rules usage on Tufin Secure Track.
• Configuring Tufin on network devices for monitoring network rules.
• Wireless -WAN Optimization, Web Cache, Explicit Proxy, and WCCP, DWDM, SONET
• Gigamon Monitoring and management Virtual Visibility, TA, G, H TAPS series
• Worked on IronPort WSA and Cisco CDA (Context Directory Agent) to provide different networking solutions.
• Managing Cisco IronPort (Web Security Appliance, WSA), AnyOS upgrade, installing new appliances, configuring access policies, decryption policies, creating custom URL filtering etc.
• Experience in Network Management Tools and sniffers like HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
• Experience in configuring, deploying and deployment of Cisco Security Manager (CSM) for management of ASA Firewall series
• Implemented the policy rules and DMZ for multiple clients of the state on the Checkpoint firewall.
• Experience in analyzing security logs generated by IDS/IPS, firewalls, network flow system, anti-virus and other security log sources.
• Planning and designing to in corporate McAfee's IDS/IPS devices into Lowes network at optimized network locations.
• Syn Mitigation, DDoS attacks prevention, Adaptive system testing, ACL's, floods and layer 7 refection attacks
• Excellently used Qradar to research and monitor incident management and incident resolution issues.
• Established the monitor routes on Checkpoint Firewall that allows the F5 LTM to monitor the backend nodes or server.
• Bluecoat WAN Optimization and acceleration implementation.
• Configured Reverse Proxy, URL filtering and content filtering using Bluecoat proxy SG devices.
• Implemented URL filtering requests in Bluecoat Proxy SG for website block list and whitelist Purpose.
• Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
• Configuring VLANs/routing/NATing with the firewalls as per the network design.
• DesigningF5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Used solarwinds for monitoring and troubleshooting network devices in different time zones
• Switching tasks include VTP, ISL/ 802.1q, IPSec and GRE Tunneling, Ether Channel, Trunking, Port Security, STP and RSTP.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed.
• Worked on remedy ticketing tool for handling different priority level tickets.

Confidential

Systems Engineer

Responsibilities:

• Provided Tier 3 support & problem resolution for technology products and/or application.
• Worked with customer and 3rd party service provider NOC for Critical and above Network events.
• Helped with Pre-Implementation Lab Testing
• Troubleshooting Cisco Routers and Switches (4500, 6509, 4900, 2951. 2800, 7609, 3900 series)
• Basic Cisco Routing Configurations
• Created event analysis report (root cause, ICA)
• Wrote scripts and tools to automate deployments and improve network monitoring.
• Created MOP Documentations
• IP Routing (EIRGP, BGP, TCP/IP), Mail servers, network Connectivity and other LAN related issues.
• Cisco Call Manager and VOIP Maintenance and setup
• Maintenance and oversight of Servers and Switch of client
• Provided technical training and mentoring to customers after network deployments.
• Helped with Vendor Management, provided Vendor Reliability report (Scorecards, HW, SW Reliability)