PROFESSIONAL SUMMARY:

• Experienced Firewall Engineer for 6+ years with a demonstrated history of working in the information technology and services industry. Strong information technology professional skilled in Cisco IOS, Technical Support, Secure Sockets Layer (SSL), SSL Certificates, CheckPoint Firewalls, Cisco ASA Firewalls, PaloAlto Firewalls.
• Proficient with Checkpoint Firewall policies provisioning. Provided technical support on network firewall and security related issues.
• Got introduced to Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Checkpoint, PaloAlto and Cisco ASA during my experience as Network Engineer.
• Knowledge and experience of TCP/IP architecture, TCP/IP protocol suites and dynamic routing protocols including RIP, IGRP/EIGRP, OSPF, and BGP (eBGP / iBGP)
• Experience converting PaloAlto VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience
• Configured IDS/IPS on Cisco, Checkpoint and Fortinet Firewalls and responsible for vendor management for MPLS, VPN circuits
• Strong experience in creating firewall policies, Application and URL filtering, IPSec site - to-site VPNs, SSL VPNs in cisco ASA 5500-X series next-generation firewalls, PaloAlto (PA-5020/PA-3020), Checkpoint (R77 Gaia)
• Thorough knowledge of Windows Vista, XP, Windows Server 2003; 2008; Windows NT; TCP/IP.
• Capabilities include an extremely broad knowledge base and familiarity with the latest cutting-edge technologies, including firewalls, VPN, IDS, and IPS.
• In-depth knowledge of TCP/IP, high availability, load balancing, and remote management complements outstanding relationship management, analysis, and problem resolution skills as well as outstanding organizational, multitasking, and team building skills at all levels.
• Experience with Checkpoint firewall deployment and operations.
• Good understanding of information security practices. Adding and removing checkpoint firewall policies based on the requirements.
• Working knowledge on routing and switching protocols and having basic knowledge about Nexus switches.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Experience with Checkpoint VSX, including virtual systems, routers and switches.
• Having strong interpersonal skills with the proficiency in adapting to new technologies like: Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of CheckPoint R65, R70 & R77, PaloAlto and Cisco ASA.
• Hands-on experience with Ether Channel, Spanning Tree, Trunking, ACLs, Syslog.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Responsible for optimizing firewall configuration. Security Policy and NAT implementation on firewalls. Providing technical supports on 24x7 environments.
• Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity. Managed Cisco ASA 5500s, Cisco ACS, Cisco Prime Infrastructure.
• Configured Cisco Switches 2900 and firewall (checkpoint) Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Advanced knowledge, design, installation, configuration, maintenance and administration of PaloAlto Firewalls PAN OS 4.0 to 7.0, Checkpoint Firewall R55 up to R77 version and Cisco ASA.
• Network Security & Firewall: Cisco ASA, ACL, IPSEC-VPN, Checkpoint (R60, R65, R70, R75, R77), WAF, Cisco Pix, Cisco ASA, PaloAlto PA200, 2000, 3000.
• Advanced knowledge in Design, Installation & configuration of PaloAlto & Checkpoint Provider Environment.
• Responsible for Checkpoint and Cisco ASA firewall administration across global networks. Familiar with Cisco firewalls PIX 515, ASA 5500 series and Checkpoint Firewalls.
• Migration from Cisco to PaloAlto firewall & Cisco to Checkpoint firewall.
• Advanced knowledge in Cisco ASA 5000 series installation, configuration and maintenance.
• Advanced knowledge in configuration and installation of IOS security features and IPS.
• Advanced Knowledge in IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Collaborates with Cyber Security to improve prevention, detection, and response capabilities.
• Extensive Knowledge and understanding of global security policies. Demonstrate deep expertise in technical and security process design.
• Extensive experience in Configuration and deployment of network security devices, including firewalls, Intrusion, Detection Systems, VPN, Identity Gateways.
• Managing the monitoring of daily intelligence operation feeds, analyses and development of baselines for all related risks from Security Analytics and/or other log management tools.

TECHNICAL SKILLS

Operating System: Linux/Unix, MacOS and Windows 7/8/10.

Protocols: ARP, ICMP, CIDR, Telnet, Frame Relay, Ethernet, TCP, UDP, RIP, OSPF, EIGRP, BGP, DHCP, STP, IPSec, HSRP, SNMP, DNS.

Security / Firewalls: NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, IDS/IPS, URL Filtering, SSL, IPSEC, IKE, Static, Dynamic, Reflexive ACL, and authentication AAA(TACACS+ & RADIUS), Cisco ASAFirewalls 20, IPSEC & SSL VPNs, IPS/IDS, Firepower, ISO 27001, SANS-20, PCI-DSS, SOX, CIS, Palo Alto PA-3050, PA-5050Firewalls: - Checkpoint, Palo Alto, Cisco Firewall Service Module, Cisco ASA

Software: Microsoft Office, MacAfee Drive Encryption.

Virtualization: Microsoft Virtual Server 2008 R2, VMware.

Intermediate skills: Bash scripting, Git, Dockers, Jenkins, Nexus switches.

Hardware: CISCO Switches, CISCO Routers, CISCO ASA Firewall, Checkpoint Firewall, Palo Alto, Access Points, VoIP Telephones, CISCO Firepower, Nexus 9000 Edge switches

PROFESSIONAL EXPERIENCE:

Confidential, Weehawken, NJ

Network Engineer

Responsibilities:

• Used Cisco Security Management tool for Configuring and deploying firewall policies based on requirements of various project on ASA firewalls.
• Working with the service now ticketing tool, to solve the problem within a specified time.
• Administering the Cisco ASA firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewall using CSM Dashboard.
• Designed and Implemented policies and zones on PaloAlto 7050,5050 and 5020 Internet firewalls for incoming and outgoing traffic
• Identify unused rules and scheduled change to mark it for permanent deletion at point of time.
• Cisco ASA Firewall Log review and analysis and troubleshoot connectivity issues. Upgraded the code of Cisco ASA firewall to 9.6(2).
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, PaloAlto IDS/IPS modules, Data Center Migration, Foundry/F5 Load Balancers and Bluecoat URL filtering & Packet Shaper systems.
• Configured Client-to-Site VPN using Client on Cisco ASA 5520 ver8.2, ASA 5510
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.
• Configure and maintain firewall policies on Cisco ASA and Checkpoint firewalls which are internet facing.
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Cisco ASA, Firewalls, VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall. Successfully installed PaloAlto Next-Generation PA 3060, PA 5060 firewalls to protect Data Center with the use of IPS feature.
• Implementing, troubleshooting and Managing Zscaler- a Cloud based solution for Web content filtering.
• Added and removed PAC files to allow the traffic through Zscaler.
• Configured rules and policies according to the security policy and needs of the users in Zscaler.
• Configured Zscaler proxy on different locations with the help of Network team.
• Troubleshoot authentication issues on Zscaler as well as on AD.
• Configured IPsec tunnels with PaloAlto to enable secure transport and cloud based/site-site VPN to both Azure and AWS.
• Migration from Cisco firewalls to PaloAlto firewalls platforms PA 4000 and PA 500 and PA- 200 firewall.
• Experience with Cisco ASR’s, Catalyst 6500 series switches, 2800 series, and 3800 series. 2900 series and 3900 series routers. Creating the signatures and prevent the security attacks on PaloAlto devices. Also worked on Security Device - PaloAlto/Juniper Firewalls, Cisco Source fire IPS.
• Dealing with monitoring tools like network packet capture tools like Wireshark, etc.
• Configuring rules and Maintaining PaloAlto Firewalls & Analysis of firewall logs.
• Providing daily PaloAlto firewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone-based integration, and analyzing syslog's, and utilizing wild fire feature in Panorama.
• Upgrading PAN OS code for all the PaloAlto Firewalls
• Configured Cisco ASA 5555-X in HA Pair, migrated all the site to site VPN’s from cisco routers, PaloAlto firewalls and netscreen firewalls to Cisco ASA
• Configured and deployed various PaloAlto PA-200. PA-500. PA 3060, PA-5060 series to protect Data Center and provided L3 support for routers/switches/firewalls.
• Performed real-time analysis of security alerts generated by network hardware and applications using SIEM.
• Intermediate System to Intermediate System (ISIS) routing protocol designed to move information efficiently within a computer network, a group of physically connected computers or similar devices.
• Creation of firewall rules on Checkpoint Smart Dashboard and install policies.

Confidential, Bohemia, NJ

Network Engineer

Responsibilities:

• Troubleshooting Palo alto and Checkpoint issues and VPN related issues and performed upgrades for all IP series firewalls from previous versions (R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77) to R77.10
• Worked with NOC team in multi-vendor environment.
• Worked Cisco Nexus series equipment.
• All Juniper firewalls are managed through NSM. Site to site VPN for all b2b and vendor tunnels with Checkpoint and Cisco VPN’s. MacAfee was the anti-virus used at the desktop and server levels within Mass Mutual.
• Migration with both Checkpoint and Cisco ASA VPN (Checkpoint R75.30 to Gaia R77.30 GA version
• Upgrade of Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20
• Configuration and Maintenance of Checkpoint R65, R75.40 Gaia Firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided L3 support for routers/switches/firewalls
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Worked on IPSO and secure platform. Nokia hardware platforms like IP360 & IP560.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Worked Cisco Nexus series equipment.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing/PATing with the firewalls as per the design.
• Used monitoring tools Solar winds and Zenoss Core
• IPSO Versions and Checkpoint SW are currently being remediated to current target version of IPSO 6.1 Build 38 running Checkpoint R65 Build 63, currently remediating Running in Active/Active Cluster mode into VRRP High Availability setups.
• Implement changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineer’s instructions and troubleshooting any related issues.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Extensive troubleshooting experience.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a Perform troubleshooting through command line interface and provided support for IP routing protocols including OSPF, EIGRP, and BGP and Bluecoat proxy servers.
• Utilizing Splunk for monitoring, correlating, analyzing security events from devices including: Bluecoat Proxy, Fire Eye, SoureFire, Symantec, Juniper SRX, Fortigate, and others.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
• Configuration and maintenance of Juniper Net Screen SSG -550.
• Performed “Fresh Installation” of R77.10 on Smart Event 150 appliance through the Console to establish the connection between the Checkpoint Management server to receive the logs
• A few UTM boxes in remotes sites and client locations were replaced with SG models and upgraded into latest software version (R77.10 of firewalls to avoid high CPU utilizations to get the policy pushed.
• Cleaned up of Domain controllers for AAA server groups (LDAPSSL LEVI and LDAPSSL LSAPPS).
• Configuration of SSL VPN through access blade and up-gradation of Firewall.
• Experience through Hand-on Experience with configuring T1.5, Gigabit Ethernet, Channelized T3 and full T3, OCX, ATM, Frame-Relay and VOIP (Voice-Over Internet Protocol) and Configuring VLAN’s, Trunking and routing

Confidential

Network Security Engineer

Responsibilities:

• Innovated with support of PaloAlto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing
• Responsible for Analyzing, migrating and validation of PaloAlto firewall configuration.
• Support and troubleshooting during cutover while implementing Cisco firewall configuration from other vendor firewall (like Checkpoint, Juniper, MacAfee sidewinder)
• Adding and removing firewall policies on Checkpoint based on various change requirements.
• Responsible for failover of the firewalls, router, switches and links.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Responsible for traffic shifting between routers and switches whenever faces the slowness or link down issues on ISP links and at the time of scheduled failover activity.
• Audit and evaluate configuration of security appliances in order to protect business critical asset.
• Responsible for examining and managing the Logs of traffic, threat, Data and URL filtering in PaloAlto firewalls.
• Configured, installed and maintained Checkpoint endpoint security E80.40/E80.50 management and policy servers.
• Worked with a team in firewall policy management and support on Cisco ASA 5585X, 5540, PIX and Checkpoint Firewalls 12K, 13K.
• Experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters.
• Configured Cisco ASA 5515 and Cisco router 2901 dual ISP failover site-to- site VPN.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Proficient in configuration of routing protocols like IGRP, EIGRP, OSPF multiple areas and BGP.
• Hands on experience in Installation, Configuration and Administration of HTTP, FTP, DNS, NTP, DHCP servers under various LAN and WAN environments.
• Deploying, installing and troubleshooting PaloAlto firewall and Panorama with integration of Cisco routers, switches, WLAN components.
• Migrations of client firewalls into PaloAlto and post migration support.
• Deployment of Firewall in TAP Mode, finding customer sizing generating SLR and custom Reports.
• Configure the profiles as per the client Requirement on the basis of User-ID, APP-ID and Content-ID.
• Implementing, Managing and Troubleshooting Network Protocols and Services.
• Configure the Decryption policy for Encrypted traffic which is passing through the Firewall to protect client network from malicious attack.
• Performing Client or Clientless AD integration with PaloAlto Firewall for User and Group mapping.
• Configure Captive Portal Profile for Non-Domain Users in the client Network to get access of Internet.
• Coordinating with PaloAlto TAC for escalated issue and performing troubleshooting with TAC Engineers.
• Integration of Panorama with PaloAlto firewall for Centralize management.
• Configure Global Protect VPN, IPsec VPN and Clientless VPN.

Confidential

Network Security Engineer

Responsibilities:

• Create and test Cisco router and switching operations using OSPF routing protocol, ASA 5500 Firewalls, and MPLS switching for stable VPNs.
• Technical Knowledge on Cisco PIX/ASA series, Juniper Net screen/SRX firewall gateways.
• Implemented site to site VPN in Juniper SRX as per customer.
• Configuring and troubleshooting perimeter security devices such as Checkpoint NGX R77 Gaia, Provider-1/MDM, Secure Platform, PaloAlto and ASA Firewalls.
• Configured and maintained the Interfaces, Zones, Virtual routers and IPsec tunnels on PaloAlto Firewalls.
• Installation of PaloAlto (Application and URL filtering, Threat Prevention, Data Filtering)
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
• Load Balancing with F5 GTM and LTM across multiple data centers. Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers (LTM, ASM, APM and GTM)
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Successfully installed PaloAlto PA 3060 firewalls to protects Data Center and provided L3 support for routers/ switches/firewalls
• Responsible for Check Point and Juniper SRX firewall administration across our global networks.
• Implemented site to site VPN with IPSEC via. GRE ISKAMP.
• Implemented Cisco site to site VPN for partnering with different partners around the world.
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
• Troubleshoot and Worked with Security issues related to Cisco ASA, and IDS/IPS firewalls. Large scale Deployment and installation of Juniper SSG5, Cisco ASA, and Fortinet firewalls.
• Configuring and maintaining the Interfaces, Zones, Virtual routers and IPsec tunnels on PaloAlto Firewalls.
• Firewall technologies including general configurations, risk analysis, rules creation and modification.
• Creating and modifying Security and NAT policies.
• Experience with convert PaloAlto VPN rules over to the Cisco ASA solution. Migration with both PaloAlto and Cisco ASA VPN experience and Checkpoint VPN rules over to the Cisco ASA.
• Configuration of ACLs in Cisco 5580 series ASA firewall for Internet Access requests for servers in LAN and DMZ and for special user requests as authorized by management.
• Monitored firewall logs in Checkpoint smart view tracker and captured packets in command line during troubleshooting.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco'’s ASA 5500/PIX SSL Security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Worked on the project of F5 LTM, ASM, APM and GTM code upgrade.
• Cisco Unified Communications Manager Version 10.1 of UC500 series
• Troubleshoot basic BGP routing issues on Cisco 12xxx and Cisco CRS series.
• Design and implement DHCP relay services for large Cisco fabric switch with pervasive gateway: design innovative packet relaying mechanism for pervasive gateway DHCP relay.
• Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K).
• Configured Site-to- Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Provided support for 2Tier and 3Tier firewall architecture, which includes various Checkpoint and Cisco ASA firewalls.
• Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access, Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Configuration, Troubleshooting and Maintenance of PaloAlto Firewalls PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.