- A dedicated Professional with almost 8 years of expertise in Designing, Implementation, Administration, Operations and Troubleshooting of enterprise data networks as a Network Engineer.
- Expert Level Cisco ASA, Palo Alto, Check Point and Juniper SRX Firewalls Administrator.
- Experience in Cisco IDS/IPS, Cisco PIX 525,535, ASA 5520, 5540, 5550, 5580 with firepower, Checkpoint NGX R65, R70,R75, R77 Gaia, R80.10, VSX, Provider - 1/MDM/MDS, SPLAT, Nokia IPSO, Juniper SSG Netscreen Firewall, Juniper SRX, Snort IDS, Syslog analysis and Windows/Linux/Unix Security configurations.
- Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k, NSX, PA-1000V etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
- Worked on MX-480, SRX-320, SRX-1500, SRX-5400, SSG-550 and EX-4300 Juniper devices.
- Hands on experience in configuring and supporting site-to-site and remote access Cisco, IPsec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
- Migration of all the PIX firewalls to ASA firewalls. Configuring, Administering and troubleshooting the Checkpoint, Palo Alto, Imperva and ASA firewall
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migrating both Checkpoint and Cisco ASA firewalls to PaloAlto firewalls using conversion tool.
- Proficient hands on experience in configuring Cisco Catalyst 2900,2960, 3560, 3750, 4500, 4900, 6500series and Nexus 1000v, 3K, 5K, 7K and 9K switches.
- Worked and deployed VPC, VDC, Fabric path On the Nexus switches and successfully implemented VSS on the Cisco catalyst switches.
- Worked on different firewall optimization tools like Tufin, Firemon and Algosec.
- Managing firewalls using different firewall management tools like Checkpoint Smart Dashboard, CSM, ASDM, NSM, JunOS Space and Panorama.
- Experiences dealing with OS upgrading/Patching for various vendors like F5 (TMOS), CISCO (IOS, NX-OS), PANOS, Screen OS, JUNOS, Web sense, Bluecoat SG proxy.
- Expertise in configuration & troubleshooting of routing protocols and deployment of OSPF, EIGRP, BGP, RIP, MPLS, IP Multicast and Policy routing over Cisco Routers.
- Experience in skillful deployment of Layer-2 technologies like VLANS, VTP, STP, RSTP, Inter-VLAN routing, VLAN Trunking, Ether Channels, VLAN access-maps and port security.
- Knowledge gained by working on Cisco firewall technologies like ASA 5520, AAA with cisco ACS.
- Experienced in configuring and implementing load balancers like F5 BIG-IP LTM 3900 and 6500.
- Worked on T1/E1/T3 technologies and different LAN & WAN technologies.
- Possess strong network troubleshooting, interpersonal and communication skills.
- Have good understanding of PCI, SOX compliance, ITIL and Agile methodologies.
PROFESSIONAL WORK EXPERIENCES:
Confidential, Lubbock, TX
Sr. Network Security Engineer
- Implement and configured firewall rules in Checkpoint Gaia R77.20, R77.30, VSX and Palo Alto Pa-5k, Pa- 3k series, panorama, APP-ID, User-ID, Wildfire and Paloalto Anti-virus.
- Managing Firewall products - Checkpoint Appliance Gateways, Provider-1, and Cluster XL and VSX environment. (R77.10 and 77.20) and ASA environments.
- Worked on latest Checkpoint R80 version in a lab environment.
- Configure and implemented firewall rules in Checkpoint, cisco ASA Firewalls and implemented site to site VPNs using cisco firewalls to third party sites.
- Used PCI auditing system to test for any exposed vulnerability and reviewed and filed exceptions for all potential vulnerabilities
- Worked on the migration of Cisco ASA firewalls to Paloalto firewalls.
- Experience on working with migration with both checkpoint and Palo Alto next generation firewall as well as virtualization of both checkpoint VSX and PaloAlto VSYS.
- Experience in implementing and troubleshooting of Palo Alto firewall PA 3060, PA 5060, and PA-7050.
- Exposure to Global Protect VPN, wild fire advance malware detection using IPS feature of Palo Alto
- Handle internetworking troubleshooting and deployment during major incidents and leaded the team towards resolution.
- Researched, designed and replaced aging Checkpoint Firewall architecture with new next generation Palo Alto appliances serving as Firewalls, URL and application inspection.
- Conducting vulnerability assessments with Nessus, IBM App Scan and IBM QRadar.
- Used Tufin firewall optimization tool, Wireshark and Splunk to analyze logs and perform root cause analysis of critical issues
- Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management.
- Work effectively in a fast-paced team environment, prioritized multiple tasks with strict adherence to timelines and worked with clients to provide solution to complex problems.
- Work on Bluecoat ProxySG to blocklist, whitelist websites, URL Filtering and content filtering as per business request.
- Work on CISCO ISE to troubleshoot issues with ISE authentication and profiling.
- Worked with Infoblox for securing and managing DNS, DHCP and IPAM.
- Configuration of Fabric path and connectivity between Nexus 5K and Nexus 7k.
- Strong Hands on experience of managing and troubleshooting Cisco ASR 9K, 7600 Routers, Cisco 4510, 4500-X, 4948, 3560 X, 3750X and 2960S Switches, Nexus 9k, 7k, 5k and 3k switches, Load Balancers and Cisco Firewalls for deployment on network.
- Configuration, Operation and Troubleshooting of BGP, OSPF, EIGRP, RIP, VPN routing protocol in Cisco Routers, L2 and L3 Switches.
- Devices worked on includes, Catalyst 3750, 4800, nexus 6001, 6004 ASR 9k, Arista 7280, Arista 7010.
- Serve as part of a team of network engineers responsible for base wide network upgrade from Cisco Layer 3 Catalyst switches, routers, load balancers and firewall.
- Configured the Cisco ASR to use the VRF routing functions to completely split the traffic through the network. Also responsible for Cisco ASA firewall administration across our global networks
Confidential, Lubbock , TX
Network Security Engineer
- Security policy review and configuration in Palo Alto and Checkpoint Firewalls in US offices and Datacenter.
- Involved in Configuration of Access Control Lists (ACL) on checkpoint firewall proper network routing for the B2B network connectivity.
- Responsible for Checkpoint firewall and Palo alto (PA-2K, PA-3K, PA-5K) management and operations across our global networks.
- Extensive background in Cisco Switches and Routers, Cisco VPN Concentrators, Cisco ASA Firewalls, Cisco ISE, Checkpoint Firewalls, Multiple firewall load balancing devices and software and IPS
- Responsible for the installation, configuration, and integration of Vblock systems.
- Configured HSRP, VPC and VLAN trunking, VLAN routing on Nexus 9k, 7k, 5k, 3k and Catalyst 6500 Switches.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as Port Security, VLAN, Trunks, VTP, Ether channel, STP, RSTP.
- • Configuring and troubleshooting perimeter security devices such as Checkpoint NGX R77 Gaia, Provider-1/MDM, Secure Platform, Paloalto and ASA Firewalls.
- Installation of Palo alto (Application and URL filtering, Threat Prevention, Data Filtering)
- Migration of existing IPSEC VPN tunnels from Pre-Shared key to Authority for purpose of scaling
- Configured static NAT, dynamic NAT, dynamic NAT overloading and experience in TACACS, XTACACS and TACACS+ servers.
- Implementing security policies using Cryptography, ACL, IPsec, VPN, and AAA Security on different series of routers.
- Involved in migration projects, which involves replacing legacy devices to new Nexus devices and introduced VPCs in the new architecture.
- Implement and Troubleshooting issues including but not limited to Series Routers, ISR and ASR routers (1Ks, 9Ks) Series Switches, Cisco Nexus 5000 and 7000 Series Switches and Nexus fabric extenders, Cisco UCS technologies, Cisco VSS/VPC, fabric path, OTV, VPLS technologies, WLAN controllers.
- Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for a datacenter access architecture
- Implementing, administrating and troubleshooting common TCP/IP based services, including NTP, DNS, SSL, SSH, services, etc.
- Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Netscreen devices for easier management and common configurations. Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher
- Load Balancing with F5 GTM and LTM across multiple data centers
- Serve as subject matter expert for assigned customer accounts and take ownership of complex customer issues.
- Provide ongoing recommendations for continual service improvement for customer Networks and Systems.
Confidential, Castle, DE
Network Security Engineer
- Supports the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
- Implementing and managing Checkpoint Provider-1 Scalable security management for multi-domain environments.
- Worked on various platforms of Checkpoint like - Nokia, Checkpoint (SPLAT).
- Continuous monitoring of CPU utilization, link utilization, connection table utilization
- Upgrading checkpoint firewall and fixing hot fixes and patches.
- Installation of checkpoint firewall R70, R71 in Open Server, UTM
- Worked with Sourcefire customers as a Services Consultant on new deployments as well as tuning/troubleshooting engagements.
- Configuration and troubleshooting of Firewalls ASA 5520, ASA 5510, Nokia Checkpoint VPN1 NGX R55/R65/R70
- Performed upgrading from old platforms to new platforms R65 to R75.45
- Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls.
- Involved in configuring Juniper SSG-140, Cisco PIX firewall, and Checkpoint firewall.
- Worked on Migrating from ASA 5540 to ASA 5585.
- Created Virtual Contexts, VLANS, and Interfaces in ASA 5585.
- LAN base as well as Cable base failover configuration on Cisco firewall.
- Configure and troubleshooting HA Cluster on Checkpoint Firewall.
- Implementing the Access list on day to day basis as per customer's change requests.
- Worked on ASA routed mode and transparent mode
- Configuring failover and working on SSL-VPN when in active/standby failover on ASA
- Negotiated VPN tunnels using IPsec encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
- Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
- Creating Wide IPs with various load balancing methods like Global Availability, Topology, and Round Robin
- Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign s. Also, renewing s to ensure the security of websites
- Engaged in various migration projects like migrating V 10.x load balancers to V 11.x
- Push the firewall rules on various versions of Nokia boxes and a cross beam from Provider -1 NGX CMAs
- Commissioning & de-commissioning with Cisco 7500, 7200, 6500 with SUP 720 module, 3550, 2950 switches for the Data Centre migration & operations
- Performed Network Security Assessment and implemented security features such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
- Maintained F5 for providing application redundancy, load balancing and policies.
- Used internal network monitoring tools to ensure network connectivity and Protocol analysis tools to assess the network issues causing service disruption.
- Installed, Configured and maintained 2921, 3600, 7613 Cisco Routers and 3750, 4500 and 6500 series Cisco Switches.
- Performed VSS on cisco catalyst 6500 series switches and also involved in the activity of migrating servers to 6500 platform without any application outage.
- Configured and managed Cisco access layer routers and switches & carried out route redistribution & manipulated route updates using distribute lists, route-maps & administrative distance, and offset-lists.
- Configured routing protocols like EIGRP, OSPF & BGP and troubleshooting layer3 issues.
- Learned and Tested various BGP attributes like local p, MED, Weight and replicated customer issues in the testing environment lab.
- Configured PVSTP+ for loop prevention and VTP for Inter-VLAN Routing.
- Implemented port aggregation & link negotiation using LACP and PAGP.
- Involved in design, implementation and configuration of HSRP for load balancing on L3 switches on different location of office on the switched network.
- Configured and deployed BIG-IP LTM for providing application redundancy and load balancing.
- Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
- Troubleshot issues and outages on Trunks and Router interfaces and firewalls extensively.
- Involved in operations and administration of WAN consisting Ethernet Handoffs, T1, DS3, and Optic Fiber Handoffs.
- Provided technical assistance for LAN/WAN management & troubleshooting and complex customer issues using Network monitoring tool’s such as Wire shark.
Junior Network Engineer
- Documented the company’s design, implementation and troubleshooting procedures.
- Performed routine network maintenance checks as well as configure and manage printers, copiers, and other miscellaneous network equipment.
- Got Hands-on experience in maintaining and troubleshooting RIP, OSPF and EIGRP routing protocols.
- Configured RIP and EIGRP on 2600, 2900 and 3600 series Cisco routers.
- Implemented VTP and Trunking protocols (802.1q and ISL) on 2900 and 2940series Cisco Catalyst switches.
- Performed IOS upgrades on 2900 series Cisco Catalyst switches and 1800, 2600, 3600 series Cisco routers using TFTP.
- Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, Frame relay, NAT, DHCP, TCP/IP).
- Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different applications and blocking others.
- Configured STP for loop prevention and VTP for Inter-VLAN Routing.
- Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
- Performed scheduled Virus checks and updates on all servers and desktops.
- Worked on network-based IT systems such as Racking, Stacking and Cabling.