SUMMARY:

• 9 years of experience in designing networks for routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• Experience in configuring Site - to-site and remote access VPN solutions.
• Hands on experience on the Palo Alto firewall platforms PA-7050, PA-5050, PA-2000 series, PA-200, PA-500. In depth knowledge with installation, configuration of checkpoint firewall-1 v. 4 to NGX R65.
• Network security including NAT/PAT, ACL, PCN and ASA/PIX Firewalls.
• Good knowledge with the technologies VPN, WLAN and Multicast.
• Well Experienced in configuring protocols HSRP, GLBP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP.
• Expertise for defining, tracking and maintaining the standard baselines and configuration sets of all managed and/or monitored devices within SIEM zoning.
• Experience in installing and configuring DNS, DHCP server.
• Extensive experience in configuring and troubleshooting of routing protocols RIP v1/v2, EIGRP, OSPF and BGP.
• Worked on network topologies and configurations, TCP/IP, UDP, Frame Relay, Token ring, ATM, bridges, routers, hubs and Switches.
• Configured Security policies including NAT, PAT, VPN, Route-maps, prefix lists and Access Control Lists.
• Manage security operational monitoring of IDS/IPS.
• Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240.
• Experience working with Network management software NSM, SPACE, Security Director.
• Understanding the JUNOS platform and worked with IOS upgrade of Juniper devices.
• Experience with Change management process SNOW and Project documentation tools like Excel and VISIO.
• Experience in configuring all Palo alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Involved in design and deploying various network security & High availability products like Cisco ASA and other security products.
• A highly organized individual who adopts a systematic approach to problem solving, effectively analyzes results and implements solutions
• Highly motivated with the ability to work independently or as an integral part of a team and Committed to highest levels of professional.

TECHNICAL SKILLS:

LAN Protocols: IEEE 802.1q, VTP, STP, RSTP, HSRP, GLBP, VRRP

Troubleshooting: VPN troubleshooting, internal troubleshooting, ISO upgrades.

Networking Concepts: OSI Model, TCP/IP, Static Route, Access list, Route Map, Route Redistribution

Routing Protocols: RIP, EIGRP, OSPF, BGP, MPLS,CSS

Lab Tools & S/W: Ethereal, Microsoft Visio.

Operating System: Microsoft Windows Vista/XP/7, UNIX. Windows Server Installation

PROFESSIONAL EXPERIENCE:

Confidential, Irving, TX

Lead Cyber Security

• Remediation of all Palo alto, Cisco, Juniper firewalls
• Working on Firewall Security incidents and closing them according to SLA.
• Making Firewall changes for modification, adding or deleting, firewall upgrades, commissioning, decommissioning, VPN connections, GRE tunnels, site to site VPN.
• Participation in Troubleshooting calls, panned and unplanned maintenance windows
• Routinely training with Mobile security, Data Security, Endpoint security, System security, application security teams
• Work with CST Engineering leadership to translate stakeholder requests into product roadmaps and specific deliverables
• Advise on CST Engineering roadmap and objectives in close partnership with architecture group
• Conducting investigations of Security violations and breaches and recommending solutions; preparing reports on intrusions as necessary and providing analysis summary to management
• Partner with technical teams to scope effort, define timelines, and set up appropriate oversight routines for Engineering efforts
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring
• Clarify the impact of the transformational deliverables, communicate impact to stakeholders and align efforts and roadmaps to maximize success
• C-level Program Metrics: Definitions, coverage, effectiveness, efficiency, risk thresholds, KRI/KPI
• Deliver useful executive-level reporting on Engineering program, pipeline, and portfolio performance
• Collaborate effectively with stakeholders across GIS, to ensure delivery of joint deliverables
• Communicate effectively and broadly on Engineering efforts, to ensure transparency and accountability

Confidential, Plano, TX

Data Network Specialist

• SME for Cisco ASA Firewalls for configuring, troubleshooting and administrating 25 to 30 HA pairs using ASDM and CSM.
• Develop use cases, perform analytics and alert mechanisms based on correlation of logs captured in the SIEM system, identify potential / actual incidents, activate containment procedures to prevent further breach /damage, escalate and resolve incident.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS).
• Also managed and worked on Palo Alto, checkpoint, and Juniper SRX devices.
• Team Member for the SCADA design for the Entergy in Texas Area.
• Upgraded all cisco firewalls to the latest version, configured VPN, NAT, PAT.
• Worked on remediation for all the Cisco ASAs according to the compliance recommended by client.
• Investigating and researching logs using syslog server, ASDM log monitoring, log monitoring tool, SmartView tracker, PAN.
• Worked with Cisco ASA 5500-X with Firepower services, Firepower 4100.
• Responsible for communicating technical issues to non-technical team members and executives.
• Secure Log access in EventSentry SIEM to limit access to modify logs.
• Implemented and Configured Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Design and implement firewall rules in Palo Alto firewalls in all four technologies Cisco, checkpoint, Palo Alto, Juniper SRX, Security Director.
• Decommissioning of firewall and implementing it on another firewall vendor.
• Build Site to Site IPsec based VPN Tunnels between various client and business partner sites and Clustering.
• Firewall policy cleanup using firemon and Optimize firewall rule base and database. Reorder rules for optimal firewall performance.
• Confidential migration including Subnet migration, VPNs migration, and Network and Security device configurations.
• Network based IDS/IPS event management and Signature Updates and making sure the false positives are filtered and investigate the critical alerts based on Source, Destination and Service.
• Troubleshooting with client for P1 to P5 level incidents.
• Closing assigned tickets on timely manner by strictly following SLA requirements.
• Actively participated in CAB calls to obtain change approvals on high risk to very high risk changes.
• Supporting McAfee Vulnerability Manager Server and providing vulnerability sets.
• Working with onsite team to resolve the FW issues remotely.

Confidential, Irving, TX

Network Security Architect

• Troubleshooting issues related to Layer 1/2/3 skills like switching / routing, WAN /Hardware and critical network links by coordinating with the vendor.
• Implementing security Solutions using Palo alto PA, Check Point Firewalls Gaia and Provider-1/MDM.
• Worked extensively in Configuring, Monitoring and Troubleshooting Juniper SRX.
• Handling enterprise outages effectively and driving towards the resolution. Coordination of fault escalations in conjunction with the 1st high-level technical management of high priority or technically complex calls.
• Experience with converting Juniper to Checkpoint in the Confidential environment.
• Making KPI reports for management for updates and decision-making.
• Analyzed firewall logs for blocked traffic or non-compliant firewall rules that violated corporate security policy.
• Provide day-to-day support via ticket system involving various tasks such as network and server troubleshooting for connectivity problems, establishing VPN tunnels, configuring VIPs and port forwarding for web servers.
• Extensively worked on VPN configuration through CLI and GUIs, participated on parameter exchange calls, troubleshooting of VPN connectivity.
• Performed JUNOS upgrade for bug fixing, latest versions, FW compatibility.
• Close monitoring through OP5 monitoring to check tunnel up/down, interface up down.
• Integration of different devices/applications/databases/ operating systems with SIEM.
• Close monitoring on threats and vulnerability through IPS and IDS functionality.
• Worked with all the shifts to keep up with the Confidential need for 24/7 FW administration.
• Daily health check of the FWs, load balancers remotely and from the vault.

Confidential

Network Security Engineer

• Worked extensively on Cisco Firewalls, Cisco ASA 5500(5510/5540) Series.
• Well experienced with configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Verifying and Configuring rules in firewalls.
• Used SIEM solution effectively for Log analysis and correlation to find security incidents and root cause.
• Maintaining Corporate Firewalls & Analysis of firewall logs.
• Build IT security infrastructure including Checkpoint, Juniper and Palo Alto firewalls.
• Configure rules/NAT via smartdash.
• Assessed potential network segments and made network adjustments to accommodate for proper SourceFire IPS/NGFW operation as well as sensor visibility.
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configuring IPSEC VPN on SRX series firewalls.
• Configuring Virtual Chassis for Juniper switches EX-4200,Firewalls SRX-210.
• Installation, configuration and operation of Infoblox appliance-based DNS system, configured for HA for both internal DNS/DHCP.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, SRX, IDS/IPS, Palo Alto firewalls.
• Switching tasks include VTP, ISL/ 802.1q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.
• Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series.
• In depth understanding of IPV4 and implementation of Subnetting.
• Responsible for Cisco ASA firewall administration across our global networks.
• Establishing VPN tunnels using IPSec encryption standards and also configured and implemented site-to-site VPN, Remote VPN.

Confidential, New York, NY

Sr. Security Analyst

• Enhanced Infrastructure security by maintaining and supporting OS hardening, OS vulnerability patching.
• Worked as L1/L2 support engineer which involved daily task of workstation assembling, LAN troubleshooting, Printer configuration and server Configuration.
• Testing and monitoring applications tools.
• Working knowledge of Firewall service module FWSM UPGRADE, FWSM RULESET conversion.
• Supporting Development team for the access to corporate network and outside world. Providing access to specific IP, Port filter and port access.
• Configured and troubleshoot IPSec VPN tunneling for client machines to access organization's network.
• Coordinated and managed events and trouble tickets related to network failures and thus followed by technical support which included problem determination, customer notification and updates with regard to escalation.
• Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA Firewall 5505.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS).
• Configured Protocol Handling, Object Grouping and NAT on ASA Firewalls.